Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.69/, 3.14.46/, 3.14.47/, 4.0.7/
Date: Sun, 05 Jul 2015 16:33:35
Message-Id: 1436113999.20f00980e88516e9663fcebc708948c1824b56b2.blueness@gentoo
1 commit: 20f00980e88516e9663fcebc708948c1824b56b2
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 5 16:33:00 2015 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 5 16:33:19 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=20f00980
7
8 Grsec/PaX: 3.1-{3.2.69,3.14.47,4.0.7}-201507050833
9
10 3.14.46/1045_linux-3.14.46.patch | 829 ------------
11 {3.14.46 => 3.14.47}/0000_README | 6 +-
12 3.14.47/1046_linux-3.14.47.patch | 1395 ++++++++++++++++++++
13 .../4420_grsecurity-3.1-3.14.47-201507050832.patch | 154 ++-
14 .../4425_grsec_remove_EI_PAX.patch | 0
15 .../4427_force_XATTR_PAX_tmpfs.patch | 0
16 .../4430_grsec-remove-localversion-grsec.patch | 0
17 .../4435_grsec-mute-warnings.patch | 0
18 .../4440_grsec-remove-protected-paths.patch | 0
19 .../4450_grsec-kconfig-default-gids.patch | 0
20 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
21 .../4470_disable-compat_vdso.patch | 0
22 .../4475_emutramp_default_on.patch | 0
23 3.2.69/0000_README | 2 +-
24 ... 4420_grsecurity-3.1-3.2.69-201507050830.patch} | 37 +-
25 4.0.7/0000_README | 6 +-
26 4.0.7/1006_linux-4.0.7.patch | 707 ----------
27 ...> 4420_grsecurity-3.1-4.0.7-201507050833.patch} | 103 +-
28 18 files changed, 1630 insertions(+), 1609 deletions(-)
29
30 diff --git a/3.14.46/1045_linux-3.14.46.patch b/3.14.46/1045_linux-3.14.46.patch
31 deleted file mode 100644
32 index 12790dc..0000000
33 --- a/3.14.46/1045_linux-3.14.46.patch
34 +++ /dev/null
35 @@ -1,829 +0,0 @@
36 -diff --git a/Makefile b/Makefile
37 -index c92186c..def39fd 100644
38 ---- a/Makefile
39 -+++ b/Makefile
40 -@@ -1,6 +1,6 @@
41 - VERSION = 3
42 - PATCHLEVEL = 14
43 --SUBLEVEL = 45
44 -+SUBLEVEL = 46
45 - EXTRAVERSION =
46 - NAME = Remembering Coco
47 -
48 -diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
49 -index 09af149..530f56e 100644
50 ---- a/arch/arm/include/asm/kvm_host.h
51 -+++ b/arch/arm/include/asm/kvm_host.h
52 -@@ -42,7 +42,7 @@
53 -
54 - struct kvm_vcpu;
55 - u32 *kvm_vcpu_reg(struct kvm_vcpu *vcpu, u8 reg_num, u32 mode);
56 --int kvm_target_cpu(void);
57 -+int __attribute_const__ kvm_target_cpu(void);
58 - int kvm_reset_vcpu(struct kvm_vcpu *vcpu);
59 - void kvm_reset_coprocs(struct kvm_vcpu *vcpu);
60 -
61 -diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
62 -index 7b362bc..0cbdb8e 100644
63 ---- a/arch/arm/include/asm/kvm_mmu.h
64 -+++ b/arch/arm/include/asm/kvm_mmu.h
65 -@@ -127,6 +127,18 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
66 - (__boundary - 1 < (end) - 1)? __boundary: (end); \
67 - })
68 -
69 -+static inline bool kvm_page_empty(void *ptr)
70 -+{
71 -+ struct page *ptr_page = virt_to_page(ptr);
72 -+ return page_count(ptr_page) == 1;
73 -+}
74 -+
75 -+
76 -+#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep)
77 -+#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp)
78 -+#define kvm_pud_table_empty(pudp) (0)
79 -+
80 -+
81 - struct kvm;
82 -
83 - #define kvm_flush_dcache_to_poc(a,l) __cpuc_flush_dcache_area((a), (l))
84 -diff --git a/arch/arm/kernel/hyp-stub.S b/arch/arm/kernel/hyp-stub.S
85 -index 797b1a6..7e666cf 100644
86 ---- a/arch/arm/kernel/hyp-stub.S
87 -+++ b/arch/arm/kernel/hyp-stub.S
88 -@@ -134,9 +134,7 @@ ENTRY(__hyp_stub_install_secondary)
89 - mcr p15, 4, r7, c1, c1, 3 @ HSTR
90 -
91 - THUMB( orr r7, #(1 << 30) ) @ HSCTLR.TE
92 --#ifdef CONFIG_CPU_BIG_ENDIAN
93 -- orr r7, #(1 << 9) @ HSCTLR.EE
94 --#endif
95 -+ARM_BE8(orr r7, r7, #(1 << 25)) @ HSCTLR.EE
96 - mcr p15, 4, r7, c1, c0, 0 @ HSCTLR
97 -
98 - mrc p15, 4, r7, c1, c1, 1 @ HDCR
99 -diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
100 -index bd18bb8..df6e75e 100644
101 ---- a/arch/arm/kvm/arm.c
102 -+++ b/arch/arm/kvm/arm.c
103 -@@ -82,7 +82,7 @@ struct kvm_vcpu *kvm_arm_get_running_vcpu(void)
104 - /**
105 - * kvm_arm_get_running_vcpus - get the per-CPU array of currently running vcpus.
106 - */
107 --struct kvm_vcpu __percpu **kvm_get_running_vcpus(void)
108 -+struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void)
109 - {
110 - return &kvm_arm_running_vcpu;
111 - }
112 -@@ -155,16 +155,6 @@ int kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf)
113 - return VM_FAULT_SIGBUS;
114 - }
115 -
116 --void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
117 -- struct kvm_memory_slot *dont)
118 --{
119 --}
120 --
121 --int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot,
122 -- unsigned long npages)
123 --{
124 -- return 0;
125 --}
126 -
127 - /**
128 - * kvm_arch_destroy_vm - destroy the VM data structure
129 -@@ -224,33 +214,6 @@ long kvm_arch_dev_ioctl(struct file *filp,
130 - return -EINVAL;
131 - }
132 -
133 --void kvm_arch_memslots_updated(struct kvm *kvm)
134 --{
135 --}
136 --
137 --int kvm_arch_prepare_memory_region(struct kvm *kvm,
138 -- struct kvm_memory_slot *memslot,
139 -- struct kvm_userspace_memory_region *mem,
140 -- enum kvm_mr_change change)
141 --{
142 -- return 0;
143 --}
144 --
145 --void kvm_arch_commit_memory_region(struct kvm *kvm,
146 -- struct kvm_userspace_memory_region *mem,
147 -- const struct kvm_memory_slot *old,
148 -- enum kvm_mr_change change)
149 --{
150 --}
151 --
152 --void kvm_arch_flush_shadow_all(struct kvm *kvm)
153 --{
154 --}
155 --
156 --void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
157 -- struct kvm_memory_slot *slot)
158 --{
159 --}
160 -
161 - struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
162 - {
163 -diff --git a/arch/arm/kvm/coproc.c b/arch/arm/kvm/coproc.c
164 -index c58a351..7c73290 100644
165 ---- a/arch/arm/kvm/coproc.c
166 -+++ b/arch/arm/kvm/coproc.c
167 -@@ -742,7 +742,7 @@ static bool is_valid_cache(u32 val)
168 - u32 level, ctype;
169 -
170 - if (val >= CSSELR_MAX)
171 -- return -ENOENT;
172 -+ return false;
173 -
174 - /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */
175 - level = (val >> 1);
176 -diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
177 -index c93ef38..70ed2c1 100644
178 ---- a/arch/arm/kvm/mmu.c
179 -+++ b/arch/arm/kvm/mmu.c
180 -@@ -90,103 +90,115 @@ static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc)
181 - return p;
182 - }
183 -
184 --static bool page_empty(void *ptr)
185 -+static void clear_pgd_entry(struct kvm *kvm, pgd_t *pgd, phys_addr_t addr)
186 - {
187 -- struct page *ptr_page = virt_to_page(ptr);
188 -- return page_count(ptr_page) == 1;
189 -+ pud_t *pud_table __maybe_unused = pud_offset(pgd, 0);
190 -+ pgd_clear(pgd);
191 -+ kvm_tlb_flush_vmid_ipa(kvm, addr);
192 -+ pud_free(NULL, pud_table);
193 -+ put_page(virt_to_page(pgd));
194 - }
195 -
196 - static void clear_pud_entry(struct kvm *kvm, pud_t *pud, phys_addr_t addr)
197 - {
198 -- if (pud_huge(*pud)) {
199 -- pud_clear(pud);
200 -- kvm_tlb_flush_vmid_ipa(kvm, addr);
201 -- } else {
202 -- pmd_t *pmd_table = pmd_offset(pud, 0);
203 -- pud_clear(pud);
204 -- kvm_tlb_flush_vmid_ipa(kvm, addr);
205 -- pmd_free(NULL, pmd_table);
206 -- }
207 -+ pmd_t *pmd_table = pmd_offset(pud, 0);
208 -+ VM_BUG_ON(pud_huge(*pud));
209 -+ pud_clear(pud);
210 -+ kvm_tlb_flush_vmid_ipa(kvm, addr);
211 -+ pmd_free(NULL, pmd_table);
212 - put_page(virt_to_page(pud));
213 - }
214 -
215 - static void clear_pmd_entry(struct kvm *kvm, pmd_t *pmd, phys_addr_t addr)
216 - {
217 -- if (kvm_pmd_huge(*pmd)) {
218 -- pmd_clear(pmd);
219 -- kvm_tlb_flush_vmid_ipa(kvm, addr);
220 -- } else {
221 -- pte_t *pte_table = pte_offset_kernel(pmd, 0);
222 -- pmd_clear(pmd);
223 -- kvm_tlb_flush_vmid_ipa(kvm, addr);
224 -- pte_free_kernel(NULL, pte_table);
225 -- }
226 -+ pte_t *pte_table = pte_offset_kernel(pmd, 0);
227 -+ VM_BUG_ON(kvm_pmd_huge(*pmd));
228 -+ pmd_clear(pmd);
229 -+ kvm_tlb_flush_vmid_ipa(kvm, addr);
230 -+ pte_free_kernel(NULL, pte_table);
231 - put_page(virt_to_page(pmd));
232 - }
233 -
234 --static void clear_pte_entry(struct kvm *kvm, pte_t *pte, phys_addr_t addr)
235 -+static void unmap_ptes(struct kvm *kvm, pmd_t *pmd,
236 -+ phys_addr_t addr, phys_addr_t end)
237 - {
238 -- if (pte_present(*pte)) {
239 -- kvm_set_pte(pte, __pte(0));
240 -- put_page(virt_to_page(pte));
241 -- kvm_tlb_flush_vmid_ipa(kvm, addr);
242 -+ phys_addr_t start_addr = addr;
243 -+ pte_t *pte, *start_pte;
244 -+
245 -+ start_pte = pte = pte_offset_kernel(pmd, addr);
246 -+ do {
247 -+ if (!pte_none(*pte)) {
248 -+ kvm_set_pte(pte, __pte(0));
249 -+ put_page(virt_to_page(pte));
250 -+ kvm_tlb_flush_vmid_ipa(kvm, addr);
251 -+ }
252 -+ } while (pte++, addr += PAGE_SIZE, addr != end);
253 -+
254 -+ if (kvm_pte_table_empty(start_pte))
255 -+ clear_pmd_entry(kvm, pmd, start_addr);
256 - }
257 --}
258 -
259 --static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
260 -- unsigned long long start, u64 size)
261 -+static void unmap_pmds(struct kvm *kvm, pud_t *pud,
262 -+ phys_addr_t addr, phys_addr_t end)
263 - {
264 -- pgd_t *pgd;
265 -- pud_t *pud;
266 -- pmd_t *pmd;
267 -- pte_t *pte;
268 -- unsigned long long addr = start, end = start + size;
269 -- u64 next;
270 --
271 -- while (addr < end) {
272 -- pgd = pgdp + pgd_index(addr);
273 -- pud = pud_offset(pgd, addr);
274 -- if (pud_none(*pud)) {
275 -- addr = kvm_pud_addr_end(addr, end);
276 -- continue;
277 -- }
278 -+ phys_addr_t next, start_addr = addr;
279 -+ pmd_t *pmd, *start_pmd;
280 -
281 -- if (pud_huge(*pud)) {
282 -- /*
283 -- * If we are dealing with a huge pud, just clear it and
284 -- * move on.
285 -- */
286 -- clear_pud_entry(kvm, pud, addr);
287 -- addr = kvm_pud_addr_end(addr, end);
288 -- continue;
289 -+ start_pmd = pmd = pmd_offset(pud, addr);
290 -+ do {
291 -+ next = kvm_pmd_addr_end(addr, end);
292 -+ if (!pmd_none(*pmd)) {
293 -+ if (kvm_pmd_huge(*pmd)) {
294 -+ pmd_clear(pmd);
295 -+ kvm_tlb_flush_vmid_ipa(kvm, addr);
296 -+ put_page(virt_to_page(pmd));
297 -+ } else {
298 -+ unmap_ptes(kvm, pmd, addr, next);
299 -+ }
300 - }
301 -+ } while (pmd++, addr = next, addr != end);
302 -
303 -- pmd = pmd_offset(pud, addr);
304 -- if (pmd_none(*pmd)) {
305 -- addr = kvm_pmd_addr_end(addr, end);
306 -- continue;
307 -- }
308 -+ if (kvm_pmd_table_empty(start_pmd))
309 -+ clear_pud_entry(kvm, pud, start_addr);
310 -+}
311 -
312 -- if (!kvm_pmd_huge(*pmd)) {
313 -- pte = pte_offset_kernel(pmd, addr);
314 -- clear_pte_entry(kvm, pte, addr);
315 -- next = addr + PAGE_SIZE;
316 -- }
317 -+static void unmap_puds(struct kvm *kvm, pgd_t *pgd,
318 -+ phys_addr_t addr, phys_addr_t end)
319 -+{
320 -+ phys_addr_t next, start_addr = addr;
321 -+ pud_t *pud, *start_pud;
322 -
323 -- /*
324 -- * If the pmd entry is to be cleared, walk back up the ladder
325 -- */
326 -- if (kvm_pmd_huge(*pmd) || page_empty(pte)) {
327 -- clear_pmd_entry(kvm, pmd, addr);
328 -- next = kvm_pmd_addr_end(addr, end);
329 -- if (page_empty(pmd) && !page_empty(pud)) {
330 -- clear_pud_entry(kvm, pud, addr);
331 -- next = kvm_pud_addr_end(addr, end);
332 -+ start_pud = pud = pud_offset(pgd, addr);
333 -+ do {
334 -+ next = kvm_pud_addr_end(addr, end);
335 -+ if (!pud_none(*pud)) {
336 -+ if (pud_huge(*pud)) {
337 -+ pud_clear(pud);
338 -+ kvm_tlb_flush_vmid_ipa(kvm, addr);
339 -+ put_page(virt_to_page(pud));
340 -+ } else {
341 -+ unmap_pmds(kvm, pud, addr, next);
342 - }
343 - }
344 -+ } while (pud++, addr = next, addr != end);
345 -
346 -- addr = next;
347 -- }
348 -+ if (kvm_pud_table_empty(start_pud))
349 -+ clear_pgd_entry(kvm, pgd, start_addr);
350 -+}
351 -+
352 -+
353 -+static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
354 -+ phys_addr_t start, u64 size)
355 -+{
356 -+ pgd_t *pgd;
357 -+ phys_addr_t addr = start, end = start + size;
358 -+ phys_addr_t next;
359 -+
360 -+ pgd = pgdp + pgd_index(addr);
361 -+ do {
362 -+ next = kvm_pgd_addr_end(addr, end);
363 -+ unmap_puds(kvm, pgd, addr, next);
364 -+ } while (pgd++, addr = next, addr != end);
365 - }
366 -
367 - static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd,
368 -@@ -747,6 +759,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
369 - struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache;
370 - struct vm_area_struct *vma;
371 - pfn_t pfn;
372 -+ pgprot_t mem_type = PAGE_S2;
373 -
374 - write_fault = kvm_is_write_fault(kvm_vcpu_get_hsr(vcpu));
375 - if (fault_status == FSC_PERM && !write_fault) {
376 -@@ -797,6 +810,9 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
377 - if (is_error_pfn(pfn))
378 - return -EFAULT;
379 -
380 -+ if (kvm_is_mmio_pfn(pfn))
381 -+ mem_type = PAGE_S2_DEVICE;
382 -+
383 - spin_lock(&kvm->mmu_lock);
384 - if (mmu_notifier_retry(kvm, mmu_seq))
385 - goto out_unlock;
386 -@@ -804,7 +820,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
387 - hugetlb = transparent_hugepage_adjust(&pfn, &fault_ipa);
388 -
389 - if (hugetlb) {
390 -- pmd_t new_pmd = pfn_pmd(pfn, PAGE_S2);
391 -+ pmd_t new_pmd = pfn_pmd(pfn, mem_type);
392 - new_pmd = pmd_mkhuge(new_pmd);
393 - if (writable) {
394 - kvm_set_s2pmd_writable(&new_pmd);
395 -@@ -813,13 +829,14 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
396 - coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE);
397 - ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd);
398 - } else {
399 -- pte_t new_pte = pfn_pte(pfn, PAGE_S2);
400 -+ pte_t new_pte = pfn_pte(pfn, mem_type);
401 - if (writable) {
402 - kvm_set_s2pte_writable(&new_pte);
403 - kvm_set_pfn_dirty(pfn);
404 - }
405 - coherent_cache_guest_page(vcpu, hva, PAGE_SIZE);
406 -- ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte, false);
407 -+ ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte,
408 -+ mem_type == PAGE_S2_DEVICE);
409 - }
410 -
411 -
412 -@@ -1099,3 +1116,49 @@ out:
413 - free_hyp_pgds();
414 - return err;
415 - }
416 -+
417 -+void kvm_arch_commit_memory_region(struct kvm *kvm,
418 -+ struct kvm_userspace_memory_region *mem,
419 -+ const struct kvm_memory_slot *old,
420 -+ enum kvm_mr_change change)
421 -+{
422 -+ gpa_t gpa = old->base_gfn << PAGE_SHIFT;
423 -+ phys_addr_t size = old->npages << PAGE_SHIFT;
424 -+ if (change == KVM_MR_DELETE || change == KVM_MR_MOVE) {
425 -+ spin_lock(&kvm->mmu_lock);
426 -+ unmap_stage2_range(kvm, gpa, size);
427 -+ spin_unlock(&kvm->mmu_lock);
428 -+ }
429 -+}
430 -+
431 -+int kvm_arch_prepare_memory_region(struct kvm *kvm,
432 -+ struct kvm_memory_slot *memslot,
433 -+ struct kvm_userspace_memory_region *mem,
434 -+ enum kvm_mr_change change)
435 -+{
436 -+ return 0;
437 -+}
438 -+
439 -+void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
440 -+ struct kvm_memory_slot *dont)
441 -+{
442 -+}
443 -+
444 -+int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot,
445 -+ unsigned long npages)
446 -+{
447 -+ return 0;
448 -+}
449 -+
450 -+void kvm_arch_memslots_updated(struct kvm *kvm)
451 -+{
452 -+}
453 -+
454 -+void kvm_arch_flush_shadow_all(struct kvm *kvm)
455 -+{
456 -+}
457 -+
458 -+void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
459 -+ struct kvm_memory_slot *slot)
460 -+{
461 -+}
462 -diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
463 -index 0a1d697..3fb0946 100644
464 ---- a/arch/arm64/include/asm/kvm_host.h
465 -+++ b/arch/arm64/include/asm/kvm_host.h
466 -@@ -42,7 +42,7 @@
467 - #define KVM_VCPU_MAX_FEATURES 2
468 -
469 - struct kvm_vcpu;
470 --int kvm_target_cpu(void);
471 -+int __attribute_const__ kvm_target_cpu(void);
472 - int kvm_reset_vcpu(struct kvm_vcpu *vcpu);
473 - int kvm_arch_dev_ioctl_check_extension(long ext);
474 -
475 -@@ -177,7 +177,7 @@ static inline int kvm_test_age_hva(struct kvm *kvm, unsigned long hva)
476 - }
477 -
478 - struct kvm_vcpu *kvm_arm_get_running_vcpu(void);
479 --struct kvm_vcpu __percpu **kvm_get_running_vcpus(void);
480 -+struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void);
481 -
482 - u64 kvm_call_hyp(void *hypfn, ...);
483 -
484 -diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
485 -index 7d29847..8e138c7 100644
486 ---- a/arch/arm64/include/asm/kvm_mmu.h
487 -+++ b/arch/arm64/include/asm/kvm_mmu.h
488 -@@ -125,6 +125,21 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
489 - #define kvm_pud_addr_end(addr, end) pud_addr_end(addr, end)
490 - #define kvm_pmd_addr_end(addr, end) pmd_addr_end(addr, end)
491 -
492 -+static inline bool kvm_page_empty(void *ptr)
493 -+{
494 -+ struct page *ptr_page = virt_to_page(ptr);
495 -+ return page_count(ptr_page) == 1;
496 -+}
497 -+
498 -+#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep)
499 -+#ifndef CONFIG_ARM64_64K_PAGES
500 -+#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp)
501 -+#else
502 -+#define kvm_pmd_table_empty(pmdp) (0)
503 -+#endif
504 -+#define kvm_pud_table_empty(pudp) (0)
505 -+
506 -+
507 - struct kvm;
508 -
509 - #define kvm_flush_dcache_to_poc(a,l) __flush_dcache_area((a), (l))
510 -diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S
511 -index b0d1512..5dfc8331 100644
512 ---- a/arch/arm64/kvm/hyp.S
513 -+++ b/arch/arm64/kvm/hyp.S
514 -@@ -830,7 +830,7 @@ el1_trap:
515 - mrs x2, far_el2
516 -
517 - 2: mrs x0, tpidr_el2
518 -- str x1, [x0, #VCPU_ESR_EL2]
519 -+ str w1, [x0, #VCPU_ESR_EL2]
520 - str x2, [x0, #VCPU_FAR_EL2]
521 - str x3, [x0, #VCPU_HPFAR_EL2]
522 -
523 -diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
524 -index 0324458..7691b25 100644
525 ---- a/arch/arm64/kvm/sys_regs.c
526 -+++ b/arch/arm64/kvm/sys_regs.c
527 -@@ -836,7 +836,7 @@ static bool is_valid_cache(u32 val)
528 - u32 level, ctype;
529 -
530 - if (val >= CSSELR_MAX)
531 -- return -ENOENT;
532 -+ return false;
533 -
534 - /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */
535 - level = (val >> 1);
536 -@@ -962,7 +962,7 @@ static unsigned int num_demux_regs(void)
537 -
538 - static int write_demux_regids(u64 __user *uindices)
539 - {
540 -- u64 val = KVM_REG_ARM | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX;
541 -+ u64 val = KVM_REG_ARM64 | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX;
542 - unsigned int i;
543 -
544 - val |= KVM_REG_ARM_DEMUX_ID_CCSIDR;
545 -diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
546 -index 26b03e1..8ff2b3c 100644
547 ---- a/drivers/bluetooth/ath3k.c
548 -+++ b/drivers/bluetooth/ath3k.c
549 -@@ -79,6 +79,7 @@ static const struct usb_device_id ath3k_table[] = {
550 - { USB_DEVICE(0x0489, 0xe057) },
551 - { USB_DEVICE(0x0489, 0xe056) },
552 - { USB_DEVICE(0x0489, 0xe05f) },
553 -+ { USB_DEVICE(0x0489, 0xe076) },
554 - { USB_DEVICE(0x0489, 0xe078) },
555 - { USB_DEVICE(0x04c5, 0x1330) },
556 - { USB_DEVICE(0x04CA, 0x3004) },
557 -@@ -109,6 +110,7 @@ static const struct usb_device_id ath3k_table[] = {
558 - { USB_DEVICE(0x13d3, 0x3402) },
559 - { USB_DEVICE(0x13d3, 0x3408) },
560 - { USB_DEVICE(0x13d3, 0x3432) },
561 -+ { USB_DEVICE(0x13d3, 0x3474) },
562 -
563 - /* Atheros AR5BBU12 with sflash firmware */
564 - { USB_DEVICE(0x0489, 0xE02C) },
565 -@@ -133,6 +135,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
566 - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
567 - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
568 - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
569 -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
570 - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
571 - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
572 - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
573 -@@ -163,6 +166,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
574 - { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
575 - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
576 - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
577 -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
578 -
579 - /* Atheros AR5BBU22 with sflash firmware */
580 - { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 },
581 -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
582 -index 9eb1669..c0e7a9aa9 100644
583 ---- a/drivers/bluetooth/btusb.c
584 -+++ b/drivers/bluetooth/btusb.c
585 -@@ -157,6 +157,7 @@ static const struct usb_device_id blacklist_table[] = {
586 - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
587 - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
588 - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
589 -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
590 - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
591 - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
592 - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
593 -@@ -187,6 +188,7 @@ static const struct usb_device_id blacklist_table[] = {
594 - { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
595 - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
596 - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
597 -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
598 -
599 - /* Atheros AR5BBU12 with sflash firmware */
600 - { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
601 -diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
602 -index 28486b1..ae6dae8 100644
603 ---- a/drivers/crypto/caam/caamrng.c
604 -+++ b/drivers/crypto/caam/caamrng.c
605 -@@ -56,7 +56,7 @@
606 -
607 - /* Buffer, its dma address and lock */
608 - struct buf_data {
609 -- u8 buf[RN_BUF_SIZE];
610 -+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
611 - dma_addr_t addr;
612 - struct completion filled;
613 - u32 hw_desc[DESC_JOB_O_LEN];
614 -diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c
615 -index 9683747..f2511a0 100644
616 ---- a/drivers/gpu/drm/mgag200/mgag200_mode.c
617 -+++ b/drivers/gpu/drm/mgag200/mgag200_mode.c
618 -@@ -1529,6 +1529,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector,
619 - return MODE_BANDWIDTH;
620 - }
621 -
622 -+ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 ||
623 -+ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) {
624 -+ return MODE_H_ILLEGAL;
625 -+ }
626 -+
627 - if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 ||
628 - mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 ||
629 - mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 ||
630 -diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
631 -index 8f580fd..ce21132 100644
632 ---- a/drivers/scsi/lpfc/lpfc_sli.c
633 -+++ b/drivers/scsi/lpfc/lpfc_sli.c
634 -@@ -265,6 +265,16 @@ lpfc_sli4_eq_get(struct lpfc_queue *q)
635 - return NULL;
636 -
637 - q->hba_index = idx;
638 -+
639 -+ /*
640 -+ * insert barrier for instruction interlock : data from the hardware
641 -+ * must have the valid bit checked before it can be copied and acted
642 -+ * upon. Given what was seen in lpfc_sli4_cq_get() of speculative
643 -+ * instructions allowing action on content before valid bit checked,
644 -+ * add barrier here as well. May not be needed as "content" is a
645 -+ * single 32-bit entity here (vs multi word structure for cq's).
646 -+ */
647 -+ mb();
648 - return eqe;
649 - }
650 -
651 -@@ -370,6 +380,17 @@ lpfc_sli4_cq_get(struct lpfc_queue *q)
652 -
653 - cqe = q->qe[q->hba_index].cqe;
654 - q->hba_index = idx;
655 -+
656 -+ /*
657 -+ * insert barrier for instruction interlock : data from the hardware
658 -+ * must have the valid bit checked before it can be copied and acted
659 -+ * upon. Speculative instructions were allowing a bcopy at the start
660 -+ * of lpfc_sli4_fp_handle_wcqe(), which is called immediately
661 -+ * after our return, to copy data before the valid bit check above
662 -+ * was done. As such, some of the copied data was stale. The barrier
663 -+ * ensures the check is before any data is copied.
664 -+ */
665 -+ mb();
666 - return cqe;
667 - }
668 -
669 -diff --git a/fs/pipe.c b/fs/pipe.c
670 -index 78fd0d0..46f1ab2 100644
671 ---- a/fs/pipe.c
672 -+++ b/fs/pipe.c
673 -@@ -117,25 +117,27 @@ void pipe_wait(struct pipe_inode_info *pipe)
674 - }
675 -
676 - static int
677 --pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
678 -- int atomic)
679 -+pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov,
680 -+ size_t *remaining, int atomic)
681 - {
682 - unsigned long copy;
683 -
684 -- while (len > 0) {
685 -+ while (*remaining > 0) {
686 - while (!iov->iov_len)
687 - iov++;
688 -- copy = min_t(unsigned long, len, iov->iov_len);
689 -+ copy = min_t(unsigned long, *remaining, iov->iov_len);
690 -
691 - if (atomic) {
692 -- if (__copy_from_user_inatomic(to, iov->iov_base, copy))
693 -+ if (__copy_from_user_inatomic(addr + *offset,
694 -+ iov->iov_base, copy))
695 - return -EFAULT;
696 - } else {
697 -- if (copy_from_user(to, iov->iov_base, copy))
698 -+ if (copy_from_user(addr + *offset,
699 -+ iov->iov_base, copy))
700 - return -EFAULT;
701 - }
702 -- to += copy;
703 -- len -= copy;
704 -+ *offset += copy;
705 -+ *remaining -= copy;
706 - iov->iov_base += copy;
707 - iov->iov_len -= copy;
708 - }
709 -@@ -143,25 +145,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
710 - }
711 -
712 - static int
713 --pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len,
714 -- int atomic)
715 -+pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset,
716 -+ size_t *remaining, int atomic)
717 - {
718 - unsigned long copy;
719 -
720 -- while (len > 0) {
721 -+ while (*remaining > 0) {
722 - while (!iov->iov_len)
723 - iov++;
724 -- copy = min_t(unsigned long, len, iov->iov_len);
725 -+ copy = min_t(unsigned long, *remaining, iov->iov_len);
726 -
727 - if (atomic) {
728 -- if (__copy_to_user_inatomic(iov->iov_base, from, copy))
729 -+ if (__copy_to_user_inatomic(iov->iov_base,
730 -+ addr + *offset, copy))
731 - return -EFAULT;
732 - } else {
733 -- if (copy_to_user(iov->iov_base, from, copy))
734 -+ if (copy_to_user(iov->iov_base,
735 -+ addr + *offset, copy))
736 - return -EFAULT;
737 - }
738 -- from += copy;
739 -- len -= copy;
740 -+ *offset += copy;
741 -+ *remaining -= copy;
742 - iov->iov_base += copy;
743 - iov->iov_len -= copy;
744 - }
745 -@@ -395,7 +399,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov,
746 - struct pipe_buffer *buf = pipe->bufs + curbuf;
747 - const struct pipe_buf_operations *ops = buf->ops;
748 - void *addr;
749 -- size_t chars = buf->len;
750 -+ size_t chars = buf->len, remaining;
751 - int error, atomic;
752 -
753 - if (chars > total_len)
754 -@@ -409,9 +413,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov,
755 - }
756 -
757 - atomic = !iov_fault_in_pages_write(iov, chars);
758 -+ remaining = chars;
759 - redo:
760 - addr = ops->map(pipe, buf, atomic);
761 -- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic);
762 -+ error = pipe_iov_copy_to_user(iov, addr, &buf->offset,
763 -+ &remaining, atomic);
764 - ops->unmap(pipe, buf, addr);
765 - if (unlikely(error)) {
766 - /*
767 -@@ -426,7 +432,6 @@ redo:
768 - break;
769 - }
770 - ret += chars;
771 -- buf->offset += chars;
772 - buf->len -= chars;
773 -
774 - /* Was it a packet buffer? Clean up and exit */
775 -@@ -531,6 +536,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
776 - if (ops->can_merge && offset + chars <= PAGE_SIZE) {
777 - int error, atomic = 1;
778 - void *addr;
779 -+ size_t remaining = chars;
780 -
781 - error = ops->confirm(pipe, buf);
782 - if (error)
783 -@@ -539,8 +545,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
784 - iov_fault_in_pages_read(iov, chars);
785 - redo1:
786 - addr = ops->map(pipe, buf, atomic);
787 -- error = pipe_iov_copy_from_user(offset + addr, iov,
788 -- chars, atomic);
789 -+ error = pipe_iov_copy_from_user(addr, &offset, iov,
790 -+ &remaining, atomic);
791 - ops->unmap(pipe, buf, addr);
792 - ret = error;
793 - do_wakeup = 1;
794 -@@ -575,6 +581,8 @@ redo1:
795 - struct page *page = pipe->tmp_page;
796 - char *src;
797 - int error, atomic = 1;
798 -+ int offset = 0;
799 -+ size_t remaining;
800 -
801 - if (!page) {
802 - page = alloc_page(GFP_HIGHUSER);
803 -@@ -595,14 +603,15 @@ redo1:
804 - chars = total_len;
805 -
806 - iov_fault_in_pages_read(iov, chars);
807 -+ remaining = chars;
808 - redo2:
809 - if (atomic)
810 - src = kmap_atomic(page);
811 - else
812 - src = kmap(page);
813 -
814 -- error = pipe_iov_copy_from_user(src, iov, chars,
815 -- atomic);
816 -+ error = pipe_iov_copy_from_user(src, &offset, iov,
817 -+ &remaining, atomic);
818 - if (atomic)
819 - kunmap_atomic(src);
820 - else
821 -diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
822 -index 8a86319..cb347e8 100644
823 ---- a/kernel/trace/trace_events_filter.c
824 -+++ b/kernel/trace/trace_events_filter.c
825 -@@ -1399,19 +1399,24 @@ static int check_preds(struct filter_parse_state *ps)
826 - {
827 - int n_normal_preds = 0, n_logical_preds = 0;
828 - struct postfix_elt *elt;
829 -+ int cnt = 0;
830 -
831 - list_for_each_entry(elt, &ps->postfix, list) {
832 -- if (elt->op == OP_NONE)
833 -+ if (elt->op == OP_NONE) {
834 -+ cnt++;
835 - continue;
836 -+ }
837 -
838 -+ cnt--;
839 - if (elt->op == OP_AND || elt->op == OP_OR) {
840 - n_logical_preds++;
841 - continue;
842 - }
843 - n_normal_preds++;
844 -+ WARN_ON_ONCE(cnt < 0);
845 - }
846 -
847 -- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
848 -+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
849 - parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
850 - return -EINVAL;
851 - }
852 -diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
853 -index 4eec2d4..1316e55 100644
854 ---- a/virt/kvm/arm/vgic.c
855 -+++ b/virt/kvm/arm/vgic.c
856 -@@ -1654,7 +1654,7 @@ out:
857 - return ret;
858 - }
859 -
860 --static bool vgic_ioaddr_overlap(struct kvm *kvm)
861 -+static int vgic_ioaddr_overlap(struct kvm *kvm)
862 - {
863 - phys_addr_t dist = kvm->arch.vgic.vgic_dist_base;
864 - phys_addr_t cpu = kvm->arch.vgic.vgic_cpu_base;
865
866 diff --git a/3.14.46/0000_README b/3.14.47/0000_README
867 similarity index 93%
868 rename from 3.14.46/0000_README
869 rename to 3.14.47/0000_README
870 index de59c28..b3b9e28 100644
871 --- a/3.14.46/0000_README
872 +++ b/3.14.47/0000_README
873 @@ -2,11 +2,11 @@ README
874 -----------------------------------------------------------------------------
875 Individual Patch Descriptions:
876 -----------------------------------------------------------------------------
877 -Patch: 1045_linux-3.14.46.patch
878 +Patch: 1046_linux-3.14.47.patch
879 From: http://www.kernel.org
880 -Desc: Linux 3.14.46
881 +Desc: Linux 3.14.47
882
883 -Patch: 4420_grsecurity-3.1-3.14.46-201506300711.patch
884 +Patch: 4420_grsecurity-3.1-3.14.47-201507050832.patch
885 From: http://www.grsecurity.net
886 Desc: hardened-sources base patch from upstream grsecurity
887
888
889 diff --git a/3.14.47/1046_linux-3.14.47.patch b/3.14.47/1046_linux-3.14.47.patch
890 new file mode 100644
891 index 0000000..4dc0c5a
892 --- /dev/null
893 +++ b/3.14.47/1046_linux-3.14.47.patch
894 @@ -0,0 +1,1395 @@
895 +diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
896 +index 6cd63a9..bc6d617 100644
897 +--- a/Documentation/virtual/kvm/api.txt
898 ++++ b/Documentation/virtual/kvm/api.txt
899 +@@ -2344,7 +2344,8 @@ should be created before this ioctl is invoked.
900 +
901 + Possible features:
902 + - KVM_ARM_VCPU_POWER_OFF: Starts the CPU in a power-off state.
903 +- Depends on KVM_CAP_ARM_PSCI.
904 ++ Depends on KVM_CAP_ARM_PSCI. If not set, the CPU will be powered on
905 ++ and execute guest code when KVM_RUN is called.
906 + - KVM_ARM_VCPU_EL1_32BIT: Starts the CPU in a 32bit mode.
907 + Depends on KVM_CAP_ARM_EL1_32BIT (arm64 only).
908 +
909 +diff --git a/Makefile b/Makefile
910 +index def39fd..f9041e6 100644
911 +--- a/Makefile
912 ++++ b/Makefile
913 +@@ -1,6 +1,6 @@
914 + VERSION = 3
915 + PATCHLEVEL = 14
916 +-SUBLEVEL = 46
917 ++SUBLEVEL = 47
918 + EXTRAVERSION =
919 + NAME = Remembering Coco
920 +
921 +diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h
922 +index 0fa90c9..853e2be 100644
923 +--- a/arch/arm/include/asm/kvm_emulate.h
924 ++++ b/arch/arm/include/asm/kvm_emulate.h
925 +@@ -33,6 +33,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu);
926 + void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr);
927 + void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr);
928 +
929 ++static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
930 ++{
931 ++ vcpu->arch.hcr = HCR_GUEST_MASK;
932 ++}
933 ++
934 + static inline bool vcpu_mode_is_32bit(struct kvm_vcpu *vcpu)
935 + {
936 + return 1;
937 +diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
938 +index 0cbdb8e..9f79231 100644
939 +--- a/arch/arm/include/asm/kvm_mmu.h
940 ++++ b/arch/arm/include/asm/kvm_mmu.h
941 +@@ -47,6 +47,7 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t);
942 + void free_boot_hyp_pgd(void);
943 + void free_hyp_pgds(void);
944 +
945 ++void stage2_unmap_vm(struct kvm *kvm);
946 + int kvm_alloc_stage2_pgd(struct kvm *kvm);
947 + void kvm_free_stage2_pgd(struct kvm *kvm);
948 + int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
949 +@@ -78,17 +79,6 @@ static inline void kvm_set_pte(pte_t *pte, pte_t new_pte)
950 + flush_pmd_entry(pte);
951 + }
952 +
953 +-static inline bool kvm_is_write_fault(unsigned long hsr)
954 +-{
955 +- unsigned long hsr_ec = hsr >> HSR_EC_SHIFT;
956 +- if (hsr_ec == HSR_EC_IABT)
957 +- return false;
958 +- else if ((hsr & HSR_ISV) && !(hsr & HSR_WNR))
959 +- return false;
960 +- else
961 +- return true;
962 +-}
963 +-
964 + static inline void kvm_clean_pgd(pgd_t *pgd)
965 + {
966 + clean_dcache_area(pgd, PTRS_PER_S2_PGD * sizeof(pgd_t));
967 +diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
968 +index df6e75e..2e74a61 100644
969 +--- a/arch/arm/kvm/arm.c
970 ++++ b/arch/arm/kvm/arm.c
971 +@@ -220,6 +220,11 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
972 + int err;
973 + struct kvm_vcpu *vcpu;
974 +
975 ++ if (irqchip_in_kernel(kvm) && vgic_initialized(kvm)) {
976 ++ err = -EBUSY;
977 ++ goto out;
978 ++ }
979 ++
980 + vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL);
981 + if (!vcpu) {
982 + err = -ENOMEM;
983 +@@ -427,9 +432,9 @@ static void update_vttbr(struct kvm *kvm)
984 +
985 + /* update vttbr to be used with the new vmid */
986 + pgd_phys = virt_to_phys(kvm->arch.pgd);
987 ++ BUG_ON(pgd_phys & ~VTTBR_BADDR_MASK);
988 + vmid = ((u64)(kvm->arch.vmid) << VTTBR_VMID_SHIFT) & VTTBR_VMID_MASK;
989 +- kvm->arch.vttbr = pgd_phys & VTTBR_BADDR_MASK;
990 +- kvm->arch.vttbr |= vmid;
991 ++ kvm->arch.vttbr = pgd_phys | vmid;
992 +
993 + spin_unlock(&kvm_vmid_lock);
994 + }
995 +@@ -676,10 +681,21 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu,
996 + return ret;
997 +
998 + /*
999 ++ * Ensure a rebooted VM will fault in RAM pages and detect if the
1000 ++ * guest MMU is turned off and flush the caches as needed.
1001 ++ */
1002 ++ if (vcpu->arch.has_run_once)
1003 ++ stage2_unmap_vm(vcpu->kvm);
1004 ++
1005 ++ vcpu_reset_hcr(vcpu);
1006 ++
1007 ++ /*
1008 + * Handle the "start in power-off" case by marking the VCPU as paused.
1009 + */
1010 +- if (__test_and_clear_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features))
1011 ++ if (test_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features))
1012 + vcpu->arch.pause = true;
1013 ++ else
1014 ++ vcpu->arch.pause = false;
1015 +
1016 + return 0;
1017 + }
1018 +@@ -825,7 +841,8 @@ static int hyp_init_cpu_notify(struct notifier_block *self,
1019 + switch (action) {
1020 + case CPU_STARTING:
1021 + case CPU_STARTING_FROZEN:
1022 +- cpu_init_hyp_mode(NULL);
1023 ++ if (__hyp_get_vectors() == hyp_default_vectors)
1024 ++ cpu_init_hyp_mode(NULL);
1025 + break;
1026 + }
1027 +
1028 +diff --git a/arch/arm/kvm/guest.c b/arch/arm/kvm/guest.c
1029 +index b23a59c..2786eae 100644
1030 +--- a/arch/arm/kvm/guest.c
1031 ++++ b/arch/arm/kvm/guest.c
1032 +@@ -38,7 +38,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
1033 +
1034 + int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
1035 + {
1036 +- vcpu->arch.hcr = HCR_GUEST_MASK;
1037 + return 0;
1038 + }
1039 +
1040 +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
1041 +index 70ed2c1..524b4b5 100644
1042 +--- a/arch/arm/kvm/mmu.c
1043 ++++ b/arch/arm/kvm/mmu.c
1044 +@@ -197,7 +197,8 @@ static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
1045 + pgd = pgdp + pgd_index(addr);
1046 + do {
1047 + next = kvm_pgd_addr_end(addr, end);
1048 +- unmap_puds(kvm, pgd, addr, next);
1049 ++ if (!pgd_none(*pgd))
1050 ++ unmap_puds(kvm, pgd, addr, next);
1051 + } while (pgd++, addr = next, addr != end);
1052 + }
1053 +
1054 +@@ -555,6 +556,71 @@ static void unmap_stage2_range(struct kvm *kvm, phys_addr_t start, u64 size)
1055 + unmap_range(kvm, kvm->arch.pgd, start, size);
1056 + }
1057 +
1058 ++static void stage2_unmap_memslot(struct kvm *kvm,
1059 ++ struct kvm_memory_slot *memslot)
1060 ++{
1061 ++ hva_t hva = memslot->userspace_addr;
1062 ++ phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT;
1063 ++ phys_addr_t size = PAGE_SIZE * memslot->npages;
1064 ++ hva_t reg_end = hva + size;
1065 ++
1066 ++ /*
1067 ++ * A memory region could potentially cover multiple VMAs, and any holes
1068 ++ * between them, so iterate over all of them to find out if we should
1069 ++ * unmap any of them.
1070 ++ *
1071 ++ * +--------------------------------------------+
1072 ++ * +---------------+----------------+ +----------------+
1073 ++ * | : VMA 1 | VMA 2 | | VMA 3 : |
1074 ++ * +---------------+----------------+ +----------------+
1075 ++ * | memory region |
1076 ++ * +--------------------------------------------+
1077 ++ */
1078 ++ do {
1079 ++ struct vm_area_struct *vma = find_vma(current->mm, hva);
1080 ++ hva_t vm_start, vm_end;
1081 ++
1082 ++ if (!vma || vma->vm_start >= reg_end)
1083 ++ break;
1084 ++
1085 ++ /*
1086 ++ * Take the intersection of this VMA with the memory region
1087 ++ */
1088 ++ vm_start = max(hva, vma->vm_start);
1089 ++ vm_end = min(reg_end, vma->vm_end);
1090 ++
1091 ++ if (!(vma->vm_flags & VM_PFNMAP)) {
1092 ++ gpa_t gpa = addr + (vm_start - memslot->userspace_addr);
1093 ++ unmap_stage2_range(kvm, gpa, vm_end - vm_start);
1094 ++ }
1095 ++ hva = vm_end;
1096 ++ } while (hva < reg_end);
1097 ++}
1098 ++
1099 ++/**
1100 ++ * stage2_unmap_vm - Unmap Stage-2 RAM mappings
1101 ++ * @kvm: The struct kvm pointer
1102 ++ *
1103 ++ * Go through the memregions and unmap any reguler RAM
1104 ++ * backing memory already mapped to the VM.
1105 ++ */
1106 ++void stage2_unmap_vm(struct kvm *kvm)
1107 ++{
1108 ++ struct kvm_memslots *slots;
1109 ++ struct kvm_memory_slot *memslot;
1110 ++ int idx;
1111 ++
1112 ++ idx = srcu_read_lock(&kvm->srcu);
1113 ++ spin_lock(&kvm->mmu_lock);
1114 ++
1115 ++ slots = kvm_memslots(kvm);
1116 ++ kvm_for_each_memslot(memslot, slots)
1117 ++ stage2_unmap_memslot(kvm, memslot);
1118 ++
1119 ++ spin_unlock(&kvm->mmu_lock);
1120 ++ srcu_read_unlock(&kvm->srcu, idx);
1121 ++}
1122 ++
1123 + /**
1124 + * kvm_free_stage2_pgd - free all stage-2 tables
1125 + * @kvm: The KVM struct pointer for the VM.
1126 +@@ -746,6 +812,19 @@ static bool transparent_hugepage_adjust(pfn_t *pfnp, phys_addr_t *ipap)
1127 + return false;
1128 + }
1129 +
1130 ++static bool kvm_is_write_fault(struct kvm_vcpu *vcpu)
1131 ++{
1132 ++ if (kvm_vcpu_trap_is_iabt(vcpu))
1133 ++ return false;
1134 ++
1135 ++ return kvm_vcpu_dabt_iswrite(vcpu);
1136 ++}
1137 ++
1138 ++static bool kvm_is_device_pfn(unsigned long pfn)
1139 ++{
1140 ++ return !pfn_valid(pfn);
1141 ++}
1142 ++
1143 + static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
1144 + struct kvm_memory_slot *memslot,
1145 + unsigned long fault_status)
1146 +@@ -761,7 +840,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
1147 + pfn_t pfn;
1148 + pgprot_t mem_type = PAGE_S2;
1149 +
1150 +- write_fault = kvm_is_write_fault(kvm_vcpu_get_hsr(vcpu));
1151 ++ write_fault = kvm_is_write_fault(vcpu);
1152 + if (fault_status == FSC_PERM && !write_fault) {
1153 + kvm_err("Unexpected L2 read permission error\n");
1154 + return -EFAULT;
1155 +@@ -770,6 +849,12 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
1156 + /* Let's check if we will get back a huge page backed by hugetlbfs */
1157 + down_read(&current->mm->mmap_sem);
1158 + vma = find_vma_intersection(current->mm, hva, hva + 1);
1159 ++ if (unlikely(!vma)) {
1160 ++ kvm_err("Failed to find VMA for hva 0x%lx\n", hva);
1161 ++ up_read(&current->mm->mmap_sem);
1162 ++ return -EFAULT;
1163 ++ }
1164 ++
1165 + if (is_vm_hugetlb_page(vma)) {
1166 + hugetlb = true;
1167 + gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT;
1168 +@@ -810,7 +895,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
1169 + if (is_error_pfn(pfn))
1170 + return -EFAULT;
1171 +
1172 +- if (kvm_is_mmio_pfn(pfn))
1173 ++ if (kvm_is_device_pfn(pfn))
1174 + mem_type = PAGE_S2_DEVICE;
1175 +
1176 + spin_lock(&kvm->mmu_lock);
1177 +@@ -836,7 +921,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
1178 + }
1179 + coherent_cache_guest_page(vcpu, hva, PAGE_SIZE);
1180 + ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte,
1181 +- mem_type == PAGE_S2_DEVICE);
1182 ++ pgprot_val(mem_type) == pgprot_val(PAGE_S2_DEVICE));
1183 + }
1184 +
1185 +
1186 +@@ -912,6 +997,9 @@ int kvm_handle_guest_abort(struct kvm_vcpu *vcpu, struct kvm_run *run)
1187 +
1188 + memslot = gfn_to_memslot(vcpu->kvm, gfn);
1189 +
1190 ++ /* Userspace should not be able to register out-of-bounds IPAs */
1191 ++ VM_BUG_ON(fault_ipa >= KVM_PHYS_SIZE);
1192 ++
1193 + ret = user_mem_abort(vcpu, fault_ipa, memslot, fault_status);
1194 + if (ret == 0)
1195 + ret = 1;
1196 +@@ -1136,6 +1224,14 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
1197 + struct kvm_userspace_memory_region *mem,
1198 + enum kvm_mr_change change)
1199 + {
1200 ++ /*
1201 ++ * Prevent userspace from creating a memory region outside of the IPA
1202 ++ * space addressable by the KVM guest IPA space.
1203 ++ */
1204 ++ if (memslot->base_gfn + memslot->npages >=
1205 ++ (KVM_PHYS_SIZE >> PAGE_SHIFT))
1206 ++ return -EFAULT;
1207 ++
1208 + return 0;
1209 + }
1210 +
1211 +diff --git a/arch/arm/mach-dove/board-dt.c b/arch/arm/mach-dove/board-dt.c
1212 +index 49fa9ab..7a7a09a5 100644
1213 +--- a/arch/arm/mach-dove/board-dt.c
1214 ++++ b/arch/arm/mach-dove/board-dt.c
1215 +@@ -26,7 +26,7 @@ static void __init dove_dt_init(void)
1216 + #ifdef CONFIG_CACHE_TAUROS2
1217 + tauros2_init(0);
1218 + #endif
1219 +- BUG_ON(mvebu_mbus_dt_init());
1220 ++ BUG_ON(mvebu_mbus_dt_init(false));
1221 + of_platform_populate(NULL, of_default_bus_match_table, NULL, NULL);
1222 + }
1223 +
1224 +diff --git a/arch/arm/mach-imx/clk-imx6q.c b/arch/arm/mach-imx/clk-imx6q.c
1225 +index 01a5765..b509556 100644
1226 +--- a/arch/arm/mach-imx/clk-imx6q.c
1227 ++++ b/arch/arm/mach-imx/clk-imx6q.c
1228 +@@ -406,7 +406,7 @@ static void __init imx6q_clocks_init(struct device_node *ccm_node)
1229 + clk[gpmi_io] = imx_clk_gate2("gpmi_io", "enfc", base + 0x78, 28);
1230 + clk[gpmi_apb] = imx_clk_gate2("gpmi_apb", "usdhc3", base + 0x78, 30);
1231 + clk[rom] = imx_clk_gate2("rom", "ahb", base + 0x7c, 0);
1232 +- clk[sata] = imx_clk_gate2("sata", "ipg", base + 0x7c, 4);
1233 ++ clk[sata] = imx_clk_gate2("sata", "ahb", base + 0x7c, 4);
1234 + clk[sdma] = imx_clk_gate2("sdma", "ahb", base + 0x7c, 6);
1235 + clk[spba] = imx_clk_gate2("spba", "ipg", base + 0x7c, 12);
1236 + clk[spdif] = imx_clk_gate2("spdif", "spdif_podf", base + 0x7c, 14);
1237 +diff --git a/arch/arm/mach-kirkwood/board-dt.c b/arch/arm/mach-kirkwood/board-dt.c
1238 +index 7818815..79e629d 100644
1239 +--- a/arch/arm/mach-kirkwood/board-dt.c
1240 ++++ b/arch/arm/mach-kirkwood/board-dt.c
1241 +@@ -116,7 +116,7 @@ static void __init kirkwood_dt_init(void)
1242 + */
1243 + writel(readl(CPU_CONFIG) & ~CPU_CONFIG_ERROR_PROP, CPU_CONFIG);
1244 +
1245 +- BUG_ON(mvebu_mbus_dt_init());
1246 ++ BUG_ON(mvebu_mbus_dt_init(false));
1247 +
1248 + kirkwood_l2_init();
1249 +
1250 +diff --git a/arch/arm/mach-mvebu/armada-370-xp.c b/arch/arm/mach-mvebu/armada-370-xp.c
1251 +index f6c9d1d..79c3766a 100644
1252 +--- a/arch/arm/mach-mvebu/armada-370-xp.c
1253 ++++ b/arch/arm/mach-mvebu/armada-370-xp.c
1254 +@@ -41,7 +41,7 @@ static void __init armada_370_xp_timer_and_clk_init(void)
1255 + of_clk_init(NULL);
1256 + clocksource_of_init();
1257 + coherency_init();
1258 +- BUG_ON(mvebu_mbus_dt_init());
1259 ++ BUG_ON(mvebu_mbus_dt_init(coherency_available()));
1260 + #ifdef CONFIG_CACHE_L2X0
1261 + l2x0_of_init(0, ~0UL);
1262 + #endif
1263 +diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
1264 +index c295c10..49bad4d 100644
1265 +--- a/arch/arm/mach-mvebu/coherency.c
1266 ++++ b/arch/arm/mach-mvebu/coherency.c
1267 +@@ -121,6 +121,20 @@ static struct notifier_block mvebu_hwcc_platform_nb = {
1268 + .notifier_call = mvebu_hwcc_platform_notifier,
1269 + };
1270 +
1271 ++/*
1272 ++ * Keep track of whether we have IO hardware coherency enabled or not.
1273 ++ * On Armada 370's we will not be using it for example. We need to make
1274 ++ * that available [through coherency_available()] so the mbus controller
1275 ++ * doesn't enable the IO coherency bit in the attribute bits of the
1276 ++ * chip selects.
1277 ++ */
1278 ++static int coherency_enabled;
1279 ++
1280 ++int coherency_available(void)
1281 ++{
1282 ++ return coherency_enabled;
1283 ++}
1284 ++
1285 + int __init coherency_init(void)
1286 + {
1287 + struct device_node *np;
1288 +@@ -164,6 +178,7 @@ int __init coherency_init(void)
1289 + coherency_base = of_iomap(np, 0);
1290 + coherency_cpu_base = of_iomap(np, 1);
1291 + set_cpu_coherent(cpu_logical_map(smp_processor_id()), 0);
1292 ++ coherency_enabled = 1;
1293 + of_node_put(np);
1294 + }
1295 +
1296 +diff --git a/arch/arm/mach-mvebu/coherency.h b/arch/arm/mach-mvebu/coherency.h
1297 +index 760226c..63e18c6 100644
1298 +--- a/arch/arm/mach-mvebu/coherency.h
1299 ++++ b/arch/arm/mach-mvebu/coherency.h
1300 +@@ -17,6 +17,7 @@
1301 + extern unsigned long coherency_phys_base;
1302 +
1303 + int set_cpu_coherent(unsigned int cpu_id, int smp_group_id);
1304 ++int coherency_available(void);
1305 + int coherency_init(void);
1306 +
1307 + #endif /* __MACH_370_XP_COHERENCY_H */
1308 +diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h
1309 +index 00fbaa7..ea68925 100644
1310 +--- a/arch/arm64/include/asm/kvm_arm.h
1311 ++++ b/arch/arm64/include/asm/kvm_arm.h
1312 +@@ -18,6 +18,7 @@
1313 + #ifndef __ARM64_KVM_ARM_H__
1314 + #define __ARM64_KVM_ARM_H__
1315 +
1316 ++#include <asm/memory.h>
1317 + #include <asm/types.h>
1318 +
1319 + /* Hyp Configuration Register (HCR) bits */
1320 +@@ -122,6 +123,17 @@
1321 + #define VTCR_EL2_T0SZ_MASK 0x3f
1322 + #define VTCR_EL2_T0SZ_40B 24
1323 +
1324 ++/*
1325 ++ * We configure the Stage-2 page tables to always restrict the IPA space to be
1326 ++ * 40 bits wide (T0SZ = 24). Systems with a PARange smaller than 40 bits are
1327 ++ * not known to exist and will break with this configuration.
1328 ++ *
1329 ++ * Note that when using 4K pages, we concatenate two first level page tables
1330 ++ * together.
1331 ++ *
1332 ++ * The magic numbers used for VTTBR_X in this patch can be found in Tables
1333 ++ * D4-23 and D4-25 in ARM DDI 0487A.b.
1334 ++ */
1335 + #ifdef CONFIG_ARM64_64K_PAGES
1336 + /*
1337 + * Stage2 translation configuration:
1338 +@@ -151,9 +163,9 @@
1339 + #endif
1340 +
1341 + #define VTTBR_BADDR_SHIFT (VTTBR_X - 1)
1342 +-#define VTTBR_BADDR_MASK (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT)
1343 +-#define VTTBR_VMID_SHIFT (48LLU)
1344 +-#define VTTBR_VMID_MASK (0xffLLU << VTTBR_VMID_SHIFT)
1345 ++#define VTTBR_BADDR_MASK (((UL(1) << (PHYS_MASK_SHIFT - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT)
1346 ++#define VTTBR_VMID_SHIFT (UL(48))
1347 ++#define VTTBR_VMID_MASK (UL(0xFF) << VTTBR_VMID_SHIFT)
1348 +
1349 + /* Hyp System Trap Register */
1350 + #define HSTR_EL2_TTEE (1 << 16)
1351 +@@ -176,13 +188,13 @@
1352 +
1353 + /* Exception Syndrome Register (ESR) bits */
1354 + #define ESR_EL2_EC_SHIFT (26)
1355 +-#define ESR_EL2_EC (0x3fU << ESR_EL2_EC_SHIFT)
1356 +-#define ESR_EL2_IL (1U << 25)
1357 ++#define ESR_EL2_EC (UL(0x3f) << ESR_EL2_EC_SHIFT)
1358 ++#define ESR_EL2_IL (UL(1) << 25)
1359 + #define ESR_EL2_ISS (ESR_EL2_IL - 1)
1360 + #define ESR_EL2_ISV_SHIFT (24)
1361 +-#define ESR_EL2_ISV (1U << ESR_EL2_ISV_SHIFT)
1362 ++#define ESR_EL2_ISV (UL(1) << ESR_EL2_ISV_SHIFT)
1363 + #define ESR_EL2_SAS_SHIFT (22)
1364 +-#define ESR_EL2_SAS (3U << ESR_EL2_SAS_SHIFT)
1365 ++#define ESR_EL2_SAS (UL(3) << ESR_EL2_SAS_SHIFT)
1366 + #define ESR_EL2_SSE (1 << 21)
1367 + #define ESR_EL2_SRT_SHIFT (16)
1368 + #define ESR_EL2_SRT_MASK (0x1f << ESR_EL2_SRT_SHIFT)
1369 +@@ -196,16 +208,16 @@
1370 + #define ESR_EL2_FSC_TYPE (0x3c)
1371 +
1372 + #define ESR_EL2_CV_SHIFT (24)
1373 +-#define ESR_EL2_CV (1U << ESR_EL2_CV_SHIFT)
1374 ++#define ESR_EL2_CV (UL(1) << ESR_EL2_CV_SHIFT)
1375 + #define ESR_EL2_COND_SHIFT (20)
1376 +-#define ESR_EL2_COND (0xfU << ESR_EL2_COND_SHIFT)
1377 ++#define ESR_EL2_COND (UL(0xf) << ESR_EL2_COND_SHIFT)
1378 +
1379 +
1380 + #define FSC_FAULT (0x04)
1381 + #define FSC_PERM (0x0c)
1382 +
1383 + /* Hyp Prefetch Fault Address Register (HPFAR/HDFAR) */
1384 +-#define HPFAR_MASK (~0xFUL)
1385 ++#define HPFAR_MASK (~UL(0xf))
1386 +
1387 + #define ESR_EL2_EC_UNKNOWN (0x00)
1388 + #define ESR_EL2_EC_WFI (0x01)
1389 +diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
1390 +index dd8ecfc3..681cb90 100644
1391 +--- a/arch/arm64/include/asm/kvm_emulate.h
1392 ++++ b/arch/arm64/include/asm/kvm_emulate.h
1393 +@@ -38,6 +38,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu);
1394 + void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr);
1395 + void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr);
1396 +
1397 ++static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu)
1398 ++{
1399 ++ vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;
1400 ++}
1401 ++
1402 + static inline unsigned long *vcpu_pc(const struct kvm_vcpu *vcpu)
1403 + {
1404 + return (unsigned long *)&vcpu_gp_regs(vcpu)->regs.pc;
1405 +diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
1406 +index 8e138c7..0d51874 100644
1407 +--- a/arch/arm64/include/asm/kvm_mmu.h
1408 ++++ b/arch/arm64/include/asm/kvm_mmu.h
1409 +@@ -59,10 +59,9 @@
1410 + #define KERN_TO_HYP(kva) ((unsigned long)kva - PAGE_OFFSET + HYP_PAGE_OFFSET)
1411 +
1412 + /*
1413 +- * Align KVM with the kernel's view of physical memory. Should be
1414 +- * 40bit IPA, with PGD being 8kB aligned in the 4KB page configuration.
1415 ++ * We currently only support a 40bit IPA.
1416 + */
1417 +-#define KVM_PHYS_SHIFT PHYS_MASK_SHIFT
1418 ++#define KVM_PHYS_SHIFT (40)
1419 + #define KVM_PHYS_SIZE (1UL << KVM_PHYS_SHIFT)
1420 + #define KVM_PHYS_MASK (KVM_PHYS_SIZE - 1UL)
1421 +
1422 +@@ -75,6 +74,7 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t);
1423 + void free_boot_hyp_pgd(void);
1424 + void free_hyp_pgds(void);
1425 +
1426 ++void stage2_unmap_vm(struct kvm *kvm);
1427 + int kvm_alloc_stage2_pgd(struct kvm *kvm);
1428 + void kvm_free_stage2_pgd(struct kvm *kvm);
1429 + int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa,
1430 +@@ -93,19 +93,6 @@ void kvm_clear_hyp_idmap(void);
1431 + #define kvm_set_pte(ptep, pte) set_pte(ptep, pte)
1432 + #define kvm_set_pmd(pmdp, pmd) set_pmd(pmdp, pmd)
1433 +
1434 +-static inline bool kvm_is_write_fault(unsigned long esr)
1435 +-{
1436 +- unsigned long esr_ec = esr >> ESR_EL2_EC_SHIFT;
1437 +-
1438 +- if (esr_ec == ESR_EL2_EC_IABT)
1439 +- return false;
1440 +-
1441 +- if ((esr & ESR_EL2_ISV) && !(esr & ESR_EL2_WNR))
1442 +- return false;
1443 +-
1444 +- return true;
1445 +-}
1446 +-
1447 + static inline void kvm_clean_pgd(pgd_t *pgd) {}
1448 + static inline void kvm_clean_pmd_entry(pmd_t *pmd) {}
1449 + static inline void kvm_clean_pte(pte_t *pte) {}
1450 +diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c
1451 +index 0874557..a8d81fa 100644
1452 +--- a/arch/arm64/kvm/guest.c
1453 ++++ b/arch/arm64/kvm/guest.c
1454 +@@ -38,7 +38,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
1455 +
1456 + int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu)
1457 + {
1458 +- vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS;
1459 + return 0;
1460 + }
1461 +
1462 +diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
1463 +index 3974881..b76159a 100644
1464 +--- a/arch/arm64/mm/dma-mapping.c
1465 ++++ b/arch/arm64/mm/dma-mapping.c
1466 +@@ -54,8 +54,7 @@ static void *arm64_swiotlb_alloc_coherent(struct device *dev, size_t size,
1467 +
1468 + *dma_handle = phys_to_dma(dev, page_to_phys(page));
1469 + addr = page_address(page);
1470 +- if (flags & __GFP_ZERO)
1471 +- memset(addr, 0, size);
1472 ++ memset(addr, 0, size);
1473 + return addr;
1474 + } else {
1475 + return swiotlb_alloc_coherent(dev, size, dma_handle, flags);
1476 +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
1477 +index 2f645c9..5dab54a 100644
1478 +--- a/arch/x86/Kconfig
1479 ++++ b/arch/x86/Kconfig
1480 +@@ -160,7 +160,7 @@ config SBUS
1481 +
1482 + config NEED_DMA_MAP_STATE
1483 + def_bool y
1484 +- depends on X86_64 || INTEL_IOMMU || DMA_API_DEBUG
1485 ++ depends on X86_64 || INTEL_IOMMU || DMA_API_DEBUG || SWIOTLB
1486 +
1487 + config NEED_SG_DMA_LENGTH
1488 + def_bool y
1489 +diff --git a/arch/x86/kernel/cpu/microcode/intel_early.c b/arch/x86/kernel/cpu/microcode/intel_early.c
1490 +index 18f7391..43a07bf 100644
1491 +--- a/arch/x86/kernel/cpu/microcode/intel_early.c
1492 ++++ b/arch/x86/kernel/cpu/microcode/intel_early.c
1493 +@@ -321,7 +321,7 @@ get_matching_model_microcode(int cpu, unsigned long start,
1494 + unsigned int mc_saved_count = mc_saved_data->mc_saved_count;
1495 + int i;
1496 +
1497 +- while (leftover) {
1498 ++ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) {
1499 + mc_header = (struct microcode_header_intel *)ucode_ptr;
1500 +
1501 + mc_size = get_totalsize(mc_header);
1502 +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
1503 +index a1f5b18..490fee1 100644
1504 +--- a/arch/x86/kernel/kprobes/core.c
1505 ++++ b/arch/x86/kernel/kprobes/core.c
1506 +@@ -326,13 +326,16 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
1507 + {
1508 + struct insn insn;
1509 + kprobe_opcode_t buf[MAX_INSN_SIZE];
1510 ++ int length;
1511 +
1512 + kernel_insn_init(&insn, (void *)recover_probed_instruction(buf, (unsigned long)src));
1513 + insn_get_length(&insn);
1514 ++ length = insn.length;
1515 ++
1516 + /* Another subsystem puts a breakpoint, failed to recover */
1517 + if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
1518 + return 0;
1519 +- memcpy(dest, insn.kaddr, insn.length);
1520 ++ memcpy(dest, insn.kaddr, length);
1521 +
1522 + #ifdef CONFIG_X86_64
1523 + if (insn_rip_relative(&insn)) {
1524 +@@ -362,7 +365,7 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
1525 + *(s32 *) disp = (s32) newdisp;
1526 + }
1527 + #endif
1528 +- return insn.length;
1529 ++ return length;
1530 + }
1531 +
1532 + static int __kprobes arch_copy_kprobe(struct kprobe *p)
1533 +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
1534 +index 9643eda6..0746334 100644
1535 +--- a/arch/x86/kvm/svm.c
1536 ++++ b/arch/x86/kvm/svm.c
1537 +@@ -495,8 +495,10 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
1538 + {
1539 + struct vcpu_svm *svm = to_svm(vcpu);
1540 +
1541 +- if (svm->vmcb->control.next_rip != 0)
1542 ++ if (svm->vmcb->control.next_rip != 0) {
1543 ++ WARN_ON(!static_cpu_has(X86_FEATURE_NRIPS));
1544 + svm->next_rip = svm->vmcb->control.next_rip;
1545 ++ }
1546 +
1547 + if (!svm->next_rip) {
1548 + if (emulate_instruction(vcpu, EMULTYPE_SKIP) !=
1549 +@@ -4246,7 +4248,9 @@ static int svm_check_intercept(struct kvm_vcpu *vcpu,
1550 + break;
1551 + }
1552 +
1553 +- vmcb->control.next_rip = info->next_rip;
1554 ++ /* TODO: Advertise NRIPS to guest hypervisor unconditionally */
1555 ++ if (static_cpu_has(X86_FEATURE_NRIPS))
1556 ++ vmcb->control.next_rip = info->next_rip;
1557 + vmcb->control.exit_code = icpt_info.exit_code;
1558 + vmexit = nested_svm_exit_handled(svm);
1559 +
1560 +diff --git a/drivers/bus/mvebu-mbus.c b/drivers/bus/mvebu-mbus.c
1561 +index e990dee..1aa0130 100644
1562 +--- a/drivers/bus/mvebu-mbus.c
1563 ++++ b/drivers/bus/mvebu-mbus.c
1564 +@@ -701,7 +701,6 @@ static int __init mvebu_mbus_common_init(struct mvebu_mbus_state *mbus,
1565 + phys_addr_t sdramwins_phys_base,
1566 + size_t sdramwins_size)
1567 + {
1568 +- struct device_node *np;
1569 + int win;
1570 +
1571 + mbus->mbuswins_base = ioremap(mbuswins_phys_base, mbuswins_size);
1572 +@@ -714,12 +713,6 @@ static int __init mvebu_mbus_common_init(struct mvebu_mbus_state *mbus,
1573 + return -ENOMEM;
1574 + }
1575 +
1576 +- np = of_find_compatible_node(NULL, NULL, "marvell,coherency-fabric");
1577 +- if (np) {
1578 +- mbus->hw_io_coherency = 1;
1579 +- of_node_put(np);
1580 +- }
1581 +-
1582 + for (win = 0; win < mbus->soc->num_wins; win++)
1583 + mvebu_mbus_disable_window(mbus, win);
1584 +
1585 +@@ -889,7 +882,7 @@ static void __init mvebu_mbus_get_pcie_resources(struct device_node *np,
1586 + }
1587 + }
1588 +
1589 +-int __init mvebu_mbus_dt_init(void)
1590 ++int __init mvebu_mbus_dt_init(bool is_coherent)
1591 + {
1592 + struct resource mbuswins_res, sdramwins_res;
1593 + struct device_node *np, *controller;
1594 +@@ -928,6 +921,8 @@ int __init mvebu_mbus_dt_init(void)
1595 + return -EINVAL;
1596 + }
1597 +
1598 ++ mbus_state.hw_io_coherency = is_coherent;
1599 ++
1600 + /* Get optional pcie-{mem,io}-aperture properties */
1601 + mvebu_mbus_get_pcie_resources(np, &mbus_state.pcie_mem_aperture,
1602 + &mbus_state.pcie_io_aperture);
1603 +diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
1604 +index c611bcc..3e623ab 100644
1605 +--- a/drivers/edac/sb_edac.c
1606 ++++ b/drivers/edac/sb_edac.c
1607 +@@ -765,7 +765,7 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
1608 + u32 reg;
1609 + u64 limit, prv = 0;
1610 + u64 tmp_mb;
1611 +- u32 mb, kb;
1612 ++ u32 gb, mb;
1613 + u32 rir_way;
1614 +
1615 + /*
1616 +@@ -775,15 +775,17 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
1617 + pvt->tolm = pvt->info.get_tolm(pvt);
1618 + tmp_mb = (1 + pvt->tolm) >> 20;
1619 +
1620 +- mb = div_u64_rem(tmp_mb, 1000, &kb);
1621 +- edac_dbg(0, "TOLM: %u.%03u GB (0x%016Lx)\n", mb, kb, (u64)pvt->tolm);
1622 ++ gb = div_u64_rem(tmp_mb, 1024, &mb);
1623 ++ edac_dbg(0, "TOLM: %u.%03u GB (0x%016Lx)\n",
1624 ++ gb, (mb*1000)/1024, (u64)pvt->tolm);
1625 +
1626 + /* Address range is already 45:25 */
1627 + pvt->tohm = pvt->info.get_tohm(pvt);
1628 + tmp_mb = (1 + pvt->tohm) >> 20;
1629 +
1630 +- mb = div_u64_rem(tmp_mb, 1000, &kb);
1631 +- edac_dbg(0, "TOHM: %u.%03u GB (0x%016Lx)\n", mb, kb, (u64)pvt->tohm);
1632 ++ gb = div_u64_rem(tmp_mb, 1024, &mb);
1633 ++ edac_dbg(0, "TOHM: %u.%03u GB (0x%016Lx)\n",
1634 ++ gb, (mb*1000)/1024, (u64)pvt->tohm);
1635 +
1636 + /*
1637 + * Step 2) Get SAD range and SAD Interleave list
1638 +@@ -805,11 +807,11 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
1639 + break;
1640 +
1641 + tmp_mb = (limit + 1) >> 20;
1642 +- mb = div_u64_rem(tmp_mb, 1000, &kb);
1643 ++ gb = div_u64_rem(tmp_mb, 1024, &mb);
1644 + edac_dbg(0, "SAD#%d %s up to %u.%03u GB (0x%016Lx) Interleave: %s reg=0x%08x\n",
1645 + n_sads,
1646 + get_dram_attr(reg),
1647 +- mb, kb,
1648 ++ gb, (mb*1000)/1024,
1649 + ((u64)tmp_mb) << 20L,
1650 + INTERLEAVE_MODE(reg) ? "8:6" : "[8:6]XOR[18:16]",
1651 + reg);
1652 +@@ -840,9 +842,9 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
1653 + break;
1654 + tmp_mb = (limit + 1) >> 20;
1655 +
1656 +- mb = div_u64_rem(tmp_mb, 1000, &kb);
1657 ++ gb = div_u64_rem(tmp_mb, 1024, &mb);
1658 + edac_dbg(0, "TAD#%d: up to %u.%03u GB (0x%016Lx), socket interleave %d, memory interleave %d, TGT: %d, %d, %d, %d, reg=0x%08x\n",
1659 +- n_tads, mb, kb,
1660 ++ n_tads, gb, (mb*1000)/1024,
1661 + ((u64)tmp_mb) << 20L,
1662 + (u32)TAD_SOCK(reg),
1663 + (u32)TAD_CH(reg),
1664 +@@ -865,10 +867,10 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
1665 + tad_ch_nilv_offset[j],
1666 + &reg);
1667 + tmp_mb = TAD_OFFSET(reg) >> 20;
1668 +- mb = div_u64_rem(tmp_mb, 1000, &kb);
1669 ++ gb = div_u64_rem(tmp_mb, 1024, &mb);
1670 + edac_dbg(0, "TAD CH#%d, offset #%d: %u.%03u GB (0x%016Lx), reg=0x%08x\n",
1671 + i, j,
1672 +- mb, kb,
1673 ++ gb, (mb*1000)/1024,
1674 + ((u64)tmp_mb) << 20L,
1675 + reg);
1676 + }
1677 +@@ -890,10 +892,10 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
1678 +
1679 + tmp_mb = RIR_LIMIT(reg) >> 20;
1680 + rir_way = 1 << RIR_WAY(reg);
1681 +- mb = div_u64_rem(tmp_mb, 1000, &kb);
1682 ++ gb = div_u64_rem(tmp_mb, 1024, &mb);
1683 + edac_dbg(0, "CH#%d RIR#%d, limit: %u.%03u GB (0x%016Lx), way: %d, reg=0x%08x\n",
1684 + i, j,
1685 +- mb, kb,
1686 ++ gb, (mb*1000)/1024,
1687 + ((u64)tmp_mb) << 20L,
1688 + rir_way,
1689 + reg);
1690 +@@ -904,10 +906,10 @@ static void get_memory_layout(const struct mem_ctl_info *mci)
1691 + &reg);
1692 + tmp_mb = RIR_OFFSET(reg) << 6;
1693 +
1694 +- mb = div_u64_rem(tmp_mb, 1000, &kb);
1695 ++ gb = div_u64_rem(tmp_mb, 1024, &mb);
1696 + edac_dbg(0, "CH#%d RIR#%d INTL#%d, offset %u.%03u GB (0x%016Lx), tgt: %d, reg=0x%08x\n",
1697 + i, j, k,
1698 +- mb, kb,
1699 ++ gb, (mb*1000)/1024,
1700 + ((u64)tmp_mb) << 20L,
1701 + (u32)RIR_RNK_TGT(reg),
1702 + reg);
1703 +@@ -945,7 +947,7 @@ static int get_memory_error_data(struct mem_ctl_info *mci,
1704 + u8 ch_way, sck_way, pkg, sad_ha = 0;
1705 + u32 tad_offset;
1706 + u32 rir_way;
1707 +- u32 mb, kb;
1708 ++ u32 mb, gb;
1709 + u64 ch_addr, offset, limit = 0, prv = 0;
1710 +
1711 +
1712 +@@ -1183,10 +1185,10 @@ static int get_memory_error_data(struct mem_ctl_info *mci,
1713 + continue;
1714 +
1715 + limit = RIR_LIMIT(reg);
1716 +- mb = div_u64_rem(limit >> 20, 1000, &kb);
1717 ++ gb = div_u64_rem(limit >> 20, 1024, &mb);
1718 + edac_dbg(0, "RIR#%d, limit: %u.%03u GB (0x%016Lx), way: %d\n",
1719 + n_rir,
1720 +- mb, kb,
1721 ++ gb, (mb*1000)/1024,
1722 + limit,
1723 + 1 << RIR_WAY(reg));
1724 + if (ch_addr <= limit)
1725 +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
1726 +index 019a04a..a467261 100644
1727 +--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c
1728 ++++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c
1729 +@@ -810,8 +810,11 @@ netdev_tx_t mlx4_en_xmit(struct sk_buff *skb, struct net_device *dev)
1730 + tx_desc->ctrl.fence_size = (real_size / 16) & 0x3f;
1731 + tx_desc->ctrl.srcrb_flags = priv->ctrl_flags;
1732 + if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) {
1733 +- tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM |
1734 +- MLX4_WQE_CTRL_TCP_UDP_CSUM);
1735 ++ if (!skb->encapsulation)
1736 ++ tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM |
1737 ++ MLX4_WQE_CTRL_TCP_UDP_CSUM);
1738 ++ else
1739 ++ tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM);
1740 + ring->tx_csum++;
1741 + }
1742 +
1743 +diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
1744 +index 528bff5..85d370e 100644
1745 +--- a/drivers/scsi/hpsa.c
1746 ++++ b/drivers/scsi/hpsa.c
1747 +@@ -3984,10 +3984,6 @@ static int hpsa_kdump_hard_reset_controller(struct pci_dev *pdev)
1748 +
1749 + /* Save the PCI command register */
1750 + pci_read_config_word(pdev, 4, &command_register);
1751 +- /* Turn the board off. This is so that later pci_restore_state()
1752 +- * won't turn the board on before the rest of config space is ready.
1753 +- */
1754 +- pci_disable_device(pdev);
1755 + pci_save_state(pdev);
1756 +
1757 + /* find the first memory BAR, so we can find the cfg table */
1758 +@@ -4035,11 +4031,6 @@ static int hpsa_kdump_hard_reset_controller(struct pci_dev *pdev)
1759 + goto unmap_cfgtable;
1760 +
1761 + pci_restore_state(pdev);
1762 +- rc = pci_enable_device(pdev);
1763 +- if (rc) {
1764 +- dev_warn(&pdev->dev, "failed to enable device.\n");
1765 +- goto unmap_cfgtable;
1766 +- }
1767 + pci_write_config_word(pdev, 4, command_register);
1768 +
1769 + /* Some devices (notably the HP Smart Array 5i Controller)
1770 +@@ -4525,6 +4516,23 @@ static int hpsa_init_reset_devices(struct pci_dev *pdev)
1771 + if (!reset_devices)
1772 + return 0;
1773 +
1774 ++ /* kdump kernel is loading, we don't know in which state is
1775 ++ * the pci interface. The dev->enable_cnt is equal zero
1776 ++ * so we call enable+disable, wait a while and switch it on.
1777 ++ */
1778 ++ rc = pci_enable_device(pdev);
1779 ++ if (rc) {
1780 ++ dev_warn(&pdev->dev, "Failed to enable PCI device\n");
1781 ++ return -ENODEV;
1782 ++ }
1783 ++ pci_disable_device(pdev);
1784 ++ msleep(260); /* a randomly chosen number */
1785 ++ rc = pci_enable_device(pdev);
1786 ++ if (rc) {
1787 ++ dev_warn(&pdev->dev, "failed to enable device.\n");
1788 ++ return -ENODEV;
1789 ++ }
1790 ++ pci_set_master(pdev);
1791 + /* Reset the controller with a PCI power-cycle or via doorbell */
1792 + rc = hpsa_kdump_hard_reset_controller(pdev);
1793 +
1794 +@@ -4533,10 +4541,11 @@ static int hpsa_init_reset_devices(struct pci_dev *pdev)
1795 + * "performant mode". Or, it might be 640x, which can't reset
1796 + * due to concerns about shared bbwc between 6402/6404 pair.
1797 + */
1798 +- if (rc == -ENOTSUPP)
1799 +- return rc; /* just try to do the kdump anyhow. */
1800 +- if (rc)
1801 +- return -ENODEV;
1802 ++ if (rc) {
1803 ++ if (rc != -ENOTSUPP) /* just try to do the kdump anyhow. */
1804 ++ rc = -ENODEV;
1805 ++ goto out_disable;
1806 ++ }
1807 +
1808 + /* Now try to get the controller to respond to a no-op */
1809 + dev_warn(&pdev->dev, "Waiting for controller to respond to no-op\n");
1810 +@@ -4547,7 +4556,11 @@ static int hpsa_init_reset_devices(struct pci_dev *pdev)
1811 + dev_warn(&pdev->dev, "no-op failed%s\n",
1812 + (i < 11 ? "; re-trying" : ""));
1813 + }
1814 +- return 0;
1815 ++
1816 ++out_disable:
1817 ++
1818 ++ pci_disable_device(pdev);
1819 ++ return rc;
1820 + }
1821 +
1822 + static int hpsa_allocate_cmd_pool(struct ctlr_info *h)
1823 +@@ -4690,6 +4703,7 @@ static void hpsa_undo_allocations_after_kdump_soft_reset(struct ctlr_info *h)
1824 + iounmap(h->transtable);
1825 + if (h->cfgtable)
1826 + iounmap(h->cfgtable);
1827 ++ pci_disable_device(h->pdev);
1828 + pci_release_regions(h->pdev);
1829 + kfree(h);
1830 + }
1831 +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
1832 +index 93de3ba..f8ffee4 100644
1833 +--- a/fs/btrfs/ctree.c
1834 ++++ b/fs/btrfs/ctree.c
1835 +@@ -2963,7 +2963,7 @@ done:
1836 + */
1837 + if (!p->leave_spinning)
1838 + btrfs_set_path_blocking(p);
1839 +- if (ret < 0)
1840 ++ if (ret < 0 && !p->skip_release_on_error)
1841 + btrfs_release_path(p);
1842 + return ret;
1843 + }
1844 +diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
1845 +index d3511cc..3b39eb4 100644
1846 +--- a/fs/btrfs/ctree.h
1847 ++++ b/fs/btrfs/ctree.h
1848 +@@ -608,6 +608,7 @@ struct btrfs_path {
1849 + unsigned int skip_locking:1;
1850 + unsigned int leave_spinning:1;
1851 + unsigned int search_commit_root:1;
1852 ++ unsigned int skip_release_on_error:1;
1853 + };
1854 +
1855 + /*
1856 +@@ -3609,6 +3610,10 @@ struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans,
1857 + int verify_dir_item(struct btrfs_root *root,
1858 + struct extent_buffer *leaf,
1859 + struct btrfs_dir_item *dir_item);
1860 ++struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root,
1861 ++ struct btrfs_path *path,
1862 ++ const char *name,
1863 ++ int name_len);
1864 +
1865 + /* orphan.c */
1866 + int btrfs_insert_orphan_item(struct btrfs_trans_handle *trans,
1867 +diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c
1868 +index a0691df..9521a93 100644
1869 +--- a/fs/btrfs/dir-item.c
1870 ++++ b/fs/btrfs/dir-item.c
1871 +@@ -21,10 +21,6 @@
1872 + #include "hash.h"
1873 + #include "transaction.h"
1874 +
1875 +-static struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root,
1876 +- struct btrfs_path *path,
1877 +- const char *name, int name_len);
1878 +-
1879 + /*
1880 + * insert a name into a directory, doing overflow properly if there is a hash
1881 + * collision. data_size indicates how big the item inserted should be. On
1882 +@@ -383,9 +379,9 @@ struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans,
1883 + * this walks through all the entries in a dir item and finds one
1884 + * for a specific name.
1885 + */
1886 +-static struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root,
1887 +- struct btrfs_path *path,
1888 +- const char *name, int name_len)
1889 ++struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root,
1890 ++ struct btrfs_path *path,
1891 ++ const char *name, int name_len)
1892 + {
1893 + struct btrfs_dir_item *dir_item;
1894 + unsigned long name_ptr;
1895 +diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c
1896 +index 488e987..618e86c 100644
1897 +--- a/fs/btrfs/xattr.c
1898 ++++ b/fs/btrfs/xattr.c
1899 +@@ -29,6 +29,7 @@
1900 + #include "xattr.h"
1901 + #include "disk-io.h"
1902 + #include "props.h"
1903 ++#include "locking.h"
1904 +
1905 +
1906 + ssize_t __btrfs_getxattr(struct inode *inode, const char *name,
1907 +@@ -91,7 +92,7 @@ static int do_setxattr(struct btrfs_trans_handle *trans,
1908 + struct inode *inode, const char *name,
1909 + const void *value, size_t size, int flags)
1910 + {
1911 +- struct btrfs_dir_item *di;
1912 ++ struct btrfs_dir_item *di = NULL;
1913 + struct btrfs_root *root = BTRFS_I(inode)->root;
1914 + struct btrfs_path *path;
1915 + size_t name_len = strlen(name);
1916 +@@ -103,84 +104,119 @@ static int do_setxattr(struct btrfs_trans_handle *trans,
1917 + path = btrfs_alloc_path();
1918 + if (!path)
1919 + return -ENOMEM;
1920 ++ path->skip_release_on_error = 1;
1921 ++
1922 ++ if (!value) {
1923 ++ di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode),
1924 ++ name, name_len, -1);
1925 ++ if (!di && (flags & XATTR_REPLACE))
1926 ++ ret = -ENODATA;
1927 ++ else if (di)
1928 ++ ret = btrfs_delete_one_dir_name(trans, root, path, di);
1929 ++ goto out;
1930 ++ }
1931 +
1932 ++ /*
1933 ++ * For a replace we can't just do the insert blindly.
1934 ++ * Do a lookup first (read-only btrfs_search_slot), and return if xattr
1935 ++ * doesn't exist. If it exists, fall down below to the insert/replace
1936 ++ * path - we can't race with a concurrent xattr delete, because the VFS
1937 ++ * locks the inode's i_mutex before calling setxattr or removexattr.
1938 ++ */
1939 + if (flags & XATTR_REPLACE) {
1940 +- di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode), name,
1941 +- name_len, -1);
1942 +- if (IS_ERR(di)) {
1943 +- ret = PTR_ERR(di);
1944 +- goto out;
1945 +- } else if (!di) {
1946 ++ ASSERT(mutex_is_locked(&inode->i_mutex));
1947 ++ di = btrfs_lookup_xattr(NULL, root, path, btrfs_ino(inode),
1948 ++ name, name_len, 0);
1949 ++ if (!di) {
1950 + ret = -ENODATA;
1951 + goto out;
1952 + }
1953 +- ret = btrfs_delete_one_dir_name(trans, root, path, di);
1954 +- if (ret)
1955 +- goto out;
1956 + btrfs_release_path(path);
1957 ++ di = NULL;
1958 ++ }
1959 +
1960 ++ ret = btrfs_insert_xattr_item(trans, root, path, btrfs_ino(inode),
1961 ++ name, name_len, value, size);
1962 ++ if (ret == -EOVERFLOW) {
1963 + /*
1964 +- * remove the attribute
1965 ++ * We have an existing item in a leaf, split_leaf couldn't
1966 ++ * expand it. That item might have or not a dir_item that
1967 ++ * matches our target xattr, so lets check.
1968 + */
1969 +- if (!value)
1970 +- goto out;
1971 +- } else {
1972 +- di = btrfs_lookup_xattr(NULL, root, path, btrfs_ino(inode),
1973 +- name, name_len, 0);
1974 +- if (IS_ERR(di)) {
1975 +- ret = PTR_ERR(di);
1976 ++ ret = 0;
1977 ++ btrfs_assert_tree_locked(path->nodes[0]);
1978 ++ di = btrfs_match_dir_item_name(root, path, name, name_len);
1979 ++ if (!di && !(flags & XATTR_REPLACE)) {
1980 ++ ret = -ENOSPC;
1981 + goto out;
1982 + }
1983 +- if (!di && !value)
1984 +- goto out;
1985 +- btrfs_release_path(path);
1986 ++ } else if (ret == -EEXIST) {
1987 ++ ret = 0;
1988 ++ di = btrfs_match_dir_item_name(root, path, name, name_len);
1989 ++ ASSERT(di); /* logic error */
1990 ++ } else if (ret) {
1991 ++ goto out;
1992 + }
1993 +
1994 +-again:
1995 +- ret = btrfs_insert_xattr_item(trans, root, path, btrfs_ino(inode),
1996 +- name, name_len, value, size);
1997 +- /*
1998 +- * If we're setting an xattr to a new value but the new value is say
1999 +- * exactly BTRFS_MAX_XATTR_SIZE, we could end up with EOVERFLOW getting
2000 +- * back from split_leaf. This is because it thinks we'll be extending
2001 +- * the existing item size, but we're asking for enough space to add the
2002 +- * item itself. So if we get EOVERFLOW just set ret to EEXIST and let
2003 +- * the rest of the function figure it out.
2004 +- */
2005 +- if (ret == -EOVERFLOW)
2006 ++ if (di && (flags & XATTR_CREATE)) {
2007 + ret = -EEXIST;
2008 ++ goto out;
2009 ++ }
2010 +
2011 +- if (ret == -EEXIST) {
2012 +- if (flags & XATTR_CREATE)
2013 +- goto out;
2014 ++ if (di) {
2015 + /*
2016 +- * We can't use the path we already have since we won't have the
2017 +- * proper locking for a delete, so release the path and
2018 +- * re-lookup to delete the thing.
2019 ++ * We're doing a replace, and it must be atomic, that is, at
2020 ++ * any point in time we have either the old or the new xattr
2021 ++ * value in the tree. We don't want readers (getxattr and
2022 ++ * listxattrs) to miss a value, this is specially important
2023 ++ * for ACLs.
2024 + */
2025 +- btrfs_release_path(path);
2026 +- di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode),
2027 +- name, name_len, -1);
2028 +- if (IS_ERR(di)) {
2029 +- ret = PTR_ERR(di);
2030 +- goto out;
2031 +- } else if (!di) {
2032 +- /* Shouldn't happen but just in case... */
2033 +- btrfs_release_path(path);
2034 +- goto again;
2035 ++ const int slot = path->slots[0];
2036 ++ struct extent_buffer *leaf = path->nodes[0];
2037 ++ const u16 old_data_len = btrfs_dir_data_len(leaf, di);
2038 ++ const u32 item_size = btrfs_item_size_nr(leaf, slot);
2039 ++ const u32 data_size = sizeof(*di) + name_len + size;
2040 ++ struct btrfs_item *item;
2041 ++ unsigned long data_ptr;
2042 ++ char *ptr;
2043 ++
2044 ++ if (size > old_data_len) {
2045 ++ if (btrfs_leaf_free_space(root, leaf) <
2046 ++ (size - old_data_len)) {
2047 ++ ret = -ENOSPC;
2048 ++ goto out;
2049 ++ }
2050 + }
2051 +
2052 +- ret = btrfs_delete_one_dir_name(trans, root, path, di);
2053 +- if (ret)
2054 +- goto out;
2055 ++ if (old_data_len + name_len + sizeof(*di) == item_size) {
2056 ++ /* No other xattrs packed in the same leaf item. */
2057 ++ if (size > old_data_len)
2058 ++ btrfs_extend_item(root, path,
2059 ++ size - old_data_len);
2060 ++ else if (size < old_data_len)
2061 ++ btrfs_truncate_item(root, path, data_size, 1);
2062 ++ } else {
2063 ++ /* There are other xattrs packed in the same item. */
2064 ++ ret = btrfs_delete_one_dir_name(trans, root, path, di);
2065 ++ if (ret)
2066 ++ goto out;
2067 ++ btrfs_extend_item(root, path, data_size);
2068 ++ }
2069 +
2070 ++ item = btrfs_item_nr(slot);
2071 ++ ptr = btrfs_item_ptr(leaf, slot, char);
2072 ++ ptr += btrfs_item_size(leaf, item) - data_size;
2073 ++ di = (struct btrfs_dir_item *)ptr;
2074 ++ btrfs_set_dir_data_len(leaf, di, size);
2075 ++ data_ptr = ((unsigned long)(di + 1)) + name_len;
2076 ++ write_extent_buffer(leaf, value, data_ptr, size);
2077 ++ btrfs_mark_buffer_dirty(leaf);
2078 ++ } else {
2079 + /*
2080 +- * We have a value to set, so go back and try to insert it now.
2081 ++ * Insert, and we had space for the xattr, so path->slots[0] is
2082 ++ * where our xattr dir_item is and btrfs_insert_xattr_item()
2083 ++ * filled it.
2084 + */
2085 +- if (value) {
2086 +- btrfs_release_path(path);
2087 +- goto again;
2088 +- }
2089 + }
2090 + out:
2091 + btrfs_free_path(path);
2092 +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
2093 +index 7fe30f6..35f54bc 100644
2094 +--- a/fs/ocfs2/file.c
2095 ++++ b/fs/ocfs2/file.c
2096 +@@ -2478,9 +2478,7 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe,
2097 + struct address_space *mapping = out->f_mapping;
2098 + struct inode *inode = mapping->host;
2099 + struct splice_desc sd = {
2100 +- .total_len = len,
2101 + .flags = flags,
2102 +- .pos = *ppos,
2103 + .u.file = out,
2104 + };
2105 +
2106 +@@ -2490,6 +2488,12 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe,
2107 + out->f_path.dentry->d_name.len,
2108 + out->f_path.dentry->d_name.name, len);
2109 +
2110 ++ ret = generic_write_checks(out, ppos, &len, 0);
2111 ++ if (ret)
2112 ++ return ret;
2113 ++ sd.total_len = len;
2114 ++ sd.pos = *ppos;
2115 ++
2116 + pipe_lock(pipe);
2117 +
2118 + splice_from_pipe_begin(&sd);
2119 +diff --git a/fs/splice.c b/fs/splice.c
2120 +index 12028fa..f345d53 100644
2121 +--- a/fs/splice.c
2122 ++++ b/fs/splice.c
2123 +@@ -1012,13 +1012,17 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
2124 + struct address_space *mapping = out->f_mapping;
2125 + struct inode *inode = mapping->host;
2126 + struct splice_desc sd = {
2127 +- .total_len = len,
2128 + .flags = flags,
2129 +- .pos = *ppos,
2130 + .u.file = out,
2131 + };
2132 + ssize_t ret;
2133 +
2134 ++ ret = generic_write_checks(out, ppos, &len, S_ISBLK(inode->i_mode));
2135 ++ if (ret)
2136 ++ return ret;
2137 ++ sd.total_len = len;
2138 ++ sd.pos = *ppos;
2139 ++
2140 + pipe_lock(pipe);
2141 +
2142 + splice_from_pipe_begin(&sd);
2143 +diff --git a/include/linux/mbus.h b/include/linux/mbus.h
2144 +index 345b8c5..550c88f 100644
2145 +--- a/include/linux/mbus.h
2146 ++++ b/include/linux/mbus.h
2147 +@@ -73,6 +73,6 @@ int mvebu_mbus_del_window(phys_addr_t base, size_t size);
2148 + int mvebu_mbus_init(const char *soc, phys_addr_t mbus_phys_base,
2149 + size_t mbus_size, phys_addr_t sdram_phys_base,
2150 + size_t sdram_size);
2151 +-int mvebu_mbus_dt_init(void);
2152 ++int mvebu_mbus_dt_init(bool is_coherent);
2153 +
2154 + #endif /* __LINUX_MBUS_H */
2155 +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
2156 +index c68e5e0..99de240 100644
2157 +--- a/net/netfilter/nf_tables_api.c
2158 ++++ b/net/netfilter/nf_tables_api.c
2159 +@@ -855,7 +855,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
2160 +
2161 + if (nla[NFTA_CHAIN_POLICY]) {
2162 + if ((chain != NULL &&
2163 +- !(chain->flags & NFT_BASE_CHAIN)) ||
2164 ++ !(chain->flags & NFT_BASE_CHAIN)))
2165 ++ return -EOPNOTSUPP;
2166 ++
2167 ++ if (chain == NULL &&
2168 + nla[NFTA_CHAIN_HOOK] == NULL)
2169 + return -EOPNOTSUPP;
2170 +
2171 +diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
2172 +index 9e287cb..54330fb 100644
2173 +--- a/net/netfilter/nfnetlink_cthelper.c
2174 ++++ b/net/netfilter/nfnetlink_cthelper.c
2175 +@@ -77,6 +77,9 @@ nfnl_cthelper_parse_tuple(struct nf_conntrack_tuple *tuple,
2176 + if (!tb[NFCTH_TUPLE_L3PROTONUM] || !tb[NFCTH_TUPLE_L4PROTONUM])
2177 + return -EINVAL;
2178 +
2179 ++ /* Not all fields are initialized so first zero the tuple */
2180 ++ memset(tuple, 0, sizeof(struct nf_conntrack_tuple));
2181 ++
2182 + tuple->src.l3num = ntohs(nla_get_be16(tb[NFCTH_TUPLE_L3PROTONUM]));
2183 + tuple->dst.protonum = nla_get_u8(tb[NFCTH_TUPLE_L4PROTONUM]);
2184 +
2185 +@@ -86,7 +89,7 @@ nfnl_cthelper_parse_tuple(struct nf_conntrack_tuple *tuple,
2186 + static int
2187 + nfnl_cthelper_from_nlattr(struct nlattr *attr, struct nf_conn *ct)
2188 + {
2189 +- const struct nf_conn_help *help = nfct_help(ct);
2190 ++ struct nf_conn_help *help = nfct_help(ct);
2191 +
2192 + if (attr == NULL)
2193 + return -EINVAL;
2194 +@@ -94,7 +97,7 @@ nfnl_cthelper_from_nlattr(struct nlattr *attr, struct nf_conn *ct)
2195 + if (help->helper->data_len == 0)
2196 + return -EINVAL;
2197 +
2198 +- memcpy(&help->data, nla_data(attr), help->helper->data_len);
2199 ++ memcpy(help->data, nla_data(attr), help->helper->data_len);
2200 + return 0;
2201 + }
2202 +
2203 +diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
2204 +index 7350723..9695895 100644
2205 +--- a/net/netfilter/nft_compat.c
2206 ++++ b/net/netfilter/nft_compat.c
2207 +@@ -82,6 +82,9 @@ nft_target_set_tgchk_param(struct xt_tgchk_param *par,
2208 + entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
2209 + break;
2210 + case AF_INET6:
2211 ++ if (proto)
2212 ++ entry->e6.ipv6.flags |= IP6T_F_PROTO;
2213 ++
2214 + entry->e6.ipv6.proto = proto;
2215 + entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0;
2216 + break;
2217 +@@ -313,6 +316,9 @@ nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx,
2218 + entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
2219 + break;
2220 + case AF_INET6:
2221 ++ if (proto)
2222 ++ entry->e6.ipv6.flags |= IP6T_F_PROTO;
2223 ++
2224 + entry->e6.ipv6.proto = proto;
2225 + entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0;
2226 + break;
2227 +diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
2228 +index 1316e55..c324a52 100644
2229 +--- a/virt/kvm/arm/vgic.c
2230 ++++ b/virt/kvm/arm/vgic.c
2231 +@@ -674,7 +674,7 @@ static bool read_set_clear_sgi_pend_reg(struct kvm_vcpu *vcpu,
2232 + {
2233 + struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
2234 + int sgi;
2235 +- int min_sgi = (offset & ~0x3) * 4;
2236 ++ int min_sgi = (offset & ~0x3);
2237 + int max_sgi = min_sgi + 3;
2238 + int vcpu_id = vcpu->vcpu_id;
2239 + u32 reg = 0;
2240 +@@ -695,7 +695,7 @@ static bool write_set_clear_sgi_pend_reg(struct kvm_vcpu *vcpu,
2241 + {
2242 + struct vgic_dist *dist = &vcpu->kvm->arch.vgic;
2243 + int sgi;
2244 +- int min_sgi = (offset & ~0x3) * 4;
2245 ++ int min_sgi = (offset & ~0x3);
2246 + int max_sgi = min_sgi + 3;
2247 + int vcpu_id = vcpu->vcpu_id;
2248 + u32 reg;
2249 +@@ -1387,7 +1387,8 @@ out:
2250 + int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num,
2251 + bool level)
2252 + {
2253 +- if (vgic_update_irq_state(kvm, cpuid, irq_num, level))
2254 ++ if (likely(vgic_initialized(kvm)) &&
2255 ++ vgic_update_irq_state(kvm, cpuid, irq_num, level))
2256 + vgic_kick_vcpus(kvm);
2257 +
2258 + return 0;
2259 +@@ -1610,7 +1611,7 @@ out:
2260 +
2261 + int kvm_vgic_create(struct kvm *kvm)
2262 + {
2263 +- int i, vcpu_lock_idx = -1, ret = 0;
2264 ++ int i, vcpu_lock_idx = -1, ret;
2265 + struct kvm_vcpu *vcpu;
2266 +
2267 + mutex_lock(&kvm->lock);
2268 +@@ -1625,6 +1626,7 @@ int kvm_vgic_create(struct kvm *kvm)
2269 + * vcpu->mutex. By grabbing the vcpu->mutex of all VCPUs we ensure
2270 + * that no other VCPUs are run while we create the vgic.
2271 + */
2272 ++ ret = -EBUSY;
2273 + kvm_for_each_vcpu(i, vcpu, kvm) {
2274 + if (!mutex_trylock(&vcpu->mutex))
2275 + goto out_unlock;
2276 +@@ -1632,11 +1634,10 @@ int kvm_vgic_create(struct kvm *kvm)
2277 + }
2278 +
2279 + kvm_for_each_vcpu(i, vcpu, kvm) {
2280 +- if (vcpu->arch.has_run_once) {
2281 +- ret = -EBUSY;
2282 ++ if (vcpu->arch.has_run_once)
2283 + goto out_unlock;
2284 +- }
2285 + }
2286 ++ ret = 0;
2287 +
2288 + spin_lock_init(&kvm->arch.vgic.lock);
2289 + kvm->arch.vgic.vctrl_base = vgic_vctrl_base;
2290
2291 diff --git a/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch b/3.14.47/4420_grsecurity-3.1-3.14.47-201507050832.patch
2292 similarity index 99%
2293 rename from 3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch
2294 rename to 3.14.47/4420_grsecurity-3.1-3.14.47-201507050832.patch
2295 index 008971f..f646996 100644
2296 --- a/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch
2297 +++ b/3.14.47/4420_grsecurity-3.1-3.14.47-201507050832.patch
2298 @@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644
2299
2300 pcd. [PARIDE]
2301 diff --git a/Makefile b/Makefile
2302 -index def39fd..4636aea 100644
2303 +index f9041e6..46bcf1d 100644
2304 --- a/Makefile
2305 +++ b/Makefile
2306 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
2307 @@ -3307,7 +3307,7 @@ index 7bcee5c..e2f3249 100644
2308 __data_loc = .;
2309 #endif
2310 diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
2311 -index df6e75e..1858aa0 100644
2312 +index 2e74a61..14d0a66 100644
2313 --- a/arch/arm/kvm/arm.c
2314 +++ b/arch/arm/kvm/arm.c
2315 @@ -57,7 +57,7 @@ static unsigned long hyp_default_vectors;
2316 @@ -3319,7 +3319,7 @@ index df6e75e..1858aa0 100644
2317 static u8 kvm_next_vmid;
2318 static DEFINE_SPINLOCK(kvm_vmid_lock);
2319
2320 -@@ -371,7 +371,7 @@ void force_vm_exit(const cpumask_t *mask)
2321 +@@ -376,7 +376,7 @@ void force_vm_exit(const cpumask_t *mask)
2322 */
2323 static bool need_new_vmid_gen(struct kvm *kvm)
2324 {
2325 @@ -3328,7 +3328,7 @@ index df6e75e..1858aa0 100644
2326 }
2327
2328 /**
2329 -@@ -404,7 +404,7 @@ static void update_vttbr(struct kvm *kvm)
2330 +@@ -409,7 +409,7 @@ static void update_vttbr(struct kvm *kvm)
2331
2332 /* First user of a new VMID generation? */
2333 if (unlikely(kvm_next_vmid == 0)) {
2334 @@ -3337,7 +3337,7 @@ index df6e75e..1858aa0 100644
2335 kvm_next_vmid = 1;
2336
2337 /*
2338 -@@ -421,7 +421,7 @@ static void update_vttbr(struct kvm *kvm)
2339 +@@ -426,7 +426,7 @@ static void update_vttbr(struct kvm *kvm)
2340 kvm_call_hyp(__kvm_flush_vm_context);
2341 }
2342
2343 @@ -3346,7 +3346,7 @@ index df6e75e..1858aa0 100644
2344 kvm->arch.vmid = kvm_next_vmid;
2345 kvm_next_vmid++;
2346
2347 -@@ -996,7 +996,7 @@ static void check_kvm_target_cpu(void *ret)
2348 +@@ -1013,7 +1013,7 @@ static void check_kvm_target_cpu(void *ret)
2349 /**
2350 * Initialize Hyp-mode and memory mappings on all CPUs.
2351 */
2352 @@ -12396,7 +12396,7 @@ index ad8f795..2c7eec6 100644
2353 /*
2354 * Memory returned by kmalloc() may be used for DMA, so we must make
2355 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
2356 -index 2f645c9..7e2933c 100644
2357 +index 5dab54a..a20467d 100644
2358 --- a/arch/x86/Kconfig
2359 +++ b/arch/x86/Kconfig
2360 @@ -22,6 +22,7 @@ config X86_64
2361 @@ -21769,15 +21769,13 @@ index a276fa7..3ef18f0 100644
2362
2363 static void microcode_fini_cpu(int cpu)
2364 diff --git a/arch/x86/kernel/cpu/microcode/intel_early.c b/arch/x86/kernel/cpu/microcode/intel_early.c
2365 -index 18f7391..8c5225d 100644
2366 +index 43a07bf..8c5225d 100644
2367 --- a/arch/x86/kernel/cpu/microcode/intel_early.c
2368 +++ b/arch/x86/kernel/cpu/microcode/intel_early.c
2369 -@@ -321,7 +321,11 @@ get_matching_model_microcode(int cpu, unsigned long start,
2370 - unsigned int mc_saved_count = mc_saved_data->mc_saved_count;
2371 +@@ -322,6 +322,10 @@ get_matching_model_microcode(int cpu, unsigned long start,
2372 int i;
2373
2374 -- while (leftover) {
2375 -+ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) {
2376 + while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) {
2377 +
2378 + if (leftover < sizeof(mc_header))
2379 + break;
2380 @@ -25816,7 +25814,7 @@ index 7ec1d5f..5a7d130 100644
2381 }
2382
2383 diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
2384 -index a1f5b18..9d9e077 100644
2385 +index 490fee1..d7eb482 100644
2386 --- a/arch/x86/kernel/kprobes/core.c
2387 +++ b/arch/x86/kernel/kprobes/core.c
2388 @@ -119,9 +119,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op)
2389 @@ -25854,17 +25852,17 @@ index a1f5b18..9d9e077 100644
2390 }
2391
2392 /*
2393 -@@ -332,7 +335,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
2394 +@@ -335,7 +338,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
2395 /* Another subsystem puts a breakpoint, failed to recover */
2396 if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
2397 return 0;
2398 + pax_open_kernel();
2399 - memcpy(dest, insn.kaddr, insn.length);
2400 + memcpy(dest, insn.kaddr, length);
2401 + pax_close_kernel();
2402
2403 #ifdef CONFIG_X86_64
2404 if (insn_rip_relative(&insn)) {
2405 -@@ -359,7 +364,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
2406 +@@ -362,7 +367,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
2407 return 0;
2408 }
2409 disp = (u8 *) dest + insn_offset_displacement(&insn);
2410 @@ -25873,8 +25871,8 @@ index a1f5b18..9d9e077 100644
2411 + pax_close_kernel();
2412 }
2413 #endif
2414 - return insn.length;
2415 -@@ -498,7 +505,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
2416 + return length;
2417 +@@ -501,7 +508,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
2418 * nor set current_kprobe, because it doesn't use single
2419 * stepping.
2420 */
2421 @@ -25883,7 +25881,7 @@ index a1f5b18..9d9e077 100644
2422 preempt_enable_no_resched();
2423 return;
2424 }
2425 -@@ -515,9 +522,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
2426 +@@ -518,9 +525,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
2427 regs->flags &= ~X86_EFLAGS_IF;
2428 /* single step inline if the instruction is an int3 */
2429 if (p->opcode == BREAKPOINT_INSTRUCTION)
2430 @@ -25895,7 +25893,7 @@ index a1f5b18..9d9e077 100644
2431 }
2432
2433 /*
2434 -@@ -596,7 +603,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
2435 +@@ -599,7 +606,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
2436 setup_singlestep(p, regs, kcb, 0);
2437 return 1;
2438 }
2439 @@ -25904,7 +25902,7 @@ index a1f5b18..9d9e077 100644
2440 /*
2441 * The breakpoint instruction was removed right
2442 * after we hit it. Another cpu has removed
2443 -@@ -642,6 +649,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
2444 +@@ -645,6 +652,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
2445 " movq %rax, 152(%rsp)\n"
2446 RESTORE_REGS_STRING
2447 " popfq\n"
2448 @@ -25914,7 +25912,7 @@ index a1f5b18..9d9e077 100644
2449 #else
2450 " pushf\n"
2451 SAVE_REGS_STRING
2452 -@@ -779,7 +789,7 @@ static void __kprobes
2453 +@@ -782,7 +792,7 @@ static void __kprobes
2454 resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
2455 {
2456 unsigned long *tos = stack_addr(regs);
2457 @@ -25923,7 +25921,7 @@ index a1f5b18..9d9e077 100644
2458 unsigned long orig_ip = (unsigned long)p->addr;
2459 kprobe_opcode_t *insn = p->ainsn.insn;
2460
2461 -@@ -961,7 +971,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d
2462 +@@ -964,7 +974,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d
2463 struct die_args *args = data;
2464 int ret = NOTIFY_DONE;
2465
2466 @@ -28893,10 +28891,10 @@ index cba218a..1cc1bed 100644
2467 goto error;
2468 walker->ptep_user[walker->level - 1] = ptep_user;
2469 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
2470 -index 9643eda6..c9cb765 100644
2471 +index 0746334..f6c04e8 100644
2472 --- a/arch/x86/kvm/svm.c
2473 +++ b/arch/x86/kvm/svm.c
2474 -@@ -3508,7 +3508,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
2475 +@@ -3510,7 +3510,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
2476 int cpu = raw_smp_processor_id();
2477
2478 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
2479 @@ -28908,7 +28906,7 @@ index 9643eda6..c9cb765 100644
2480 load_TR_desc();
2481 }
2482
2483 -@@ -3911,6 +3915,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
2484 +@@ -3913,6 +3917,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
2485 #endif
2486 #endif
2487
2488 @@ -51585,7 +51583,7 @@ index f28ea07..34b16d3 100644
2489
2490 /* These three are default values which can be overridden */
2491 diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
2492 -index 528bff5..84963854 100644
2493 +index 85d370e..7374c8c 100644
2494 --- a/drivers/scsi/hpsa.c
2495 +++ b/drivers/scsi/hpsa.c
2496 @@ -571,7 +571,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
2497 @@ -51636,7 +51634,7 @@ index 528bff5..84963854 100644
2498 (h->interrupts_enabled == 0);
2499 }
2500
2501 -@@ -4442,7 +4442,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
2502 +@@ -4433,7 +4433,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
2503 if (prod_index < 0)
2504 return -ENODEV;
2505 h->product_name = products[prod_index].product_name;
2506 @@ -51645,7 +51643,7 @@ index 528bff5..84963854 100644
2507
2508 pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S |
2509 PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM);
2510 -@@ -4712,7 +4712,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
2511 +@@ -4726,7 +4726,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
2512 {
2513 unsigned long flags;
2514
2515 @@ -51654,7 +51652,7 @@ index 528bff5..84963854 100644
2516 spin_lock_irqsave(&h->lock, flags);
2517 h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
2518 spin_unlock_irqrestore(&h->lock, flags);
2519 -@@ -4843,7 +4843,7 @@ reinit_after_soft_reset:
2520 +@@ -4857,7 +4857,7 @@ reinit_after_soft_reset:
2521 }
2522
2523 /* make sure the board interrupts are off */
2524 @@ -51663,7 +51661,7 @@ index 528bff5..84963854 100644
2525
2526 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx))
2527 goto clean2;
2528 -@@ -4877,7 +4877,7 @@ reinit_after_soft_reset:
2529 +@@ -4891,7 +4891,7 @@ reinit_after_soft_reset:
2530 * fake ones to scoop up any residual completions.
2531 */
2532 spin_lock_irqsave(&h->lock, flags);
2533 @@ -51672,7 +51670,7 @@ index 528bff5..84963854 100644
2534 spin_unlock_irqrestore(&h->lock, flags);
2535 free_irqs(h);
2536 rc = hpsa_request_irq(h, hpsa_msix_discard_completions,
2537 -@@ -4896,9 +4896,9 @@ reinit_after_soft_reset:
2538 +@@ -4910,9 +4910,9 @@ reinit_after_soft_reset:
2539 dev_info(&h->pdev->dev, "Board READY.\n");
2540 dev_info(&h->pdev->dev,
2541 "Waiting for stale completions to drain.\n");
2542 @@ -51684,7 +51682,7 @@ index 528bff5..84963854 100644
2543
2544 rc = controller_reset_failed(h->cfgtable);
2545 if (rc)
2546 -@@ -4919,7 +4919,7 @@ reinit_after_soft_reset:
2547 +@@ -4933,7 +4933,7 @@ reinit_after_soft_reset:
2548 }
2549
2550 /* Turn the interrupts on so we can service requests */
2551 @@ -51693,7 +51691,7 @@ index 528bff5..84963854 100644
2552
2553 hpsa_hba_inquiry(h);
2554 hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */
2555 -@@ -4988,7 +4988,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
2556 +@@ -5002,7 +5002,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
2557 * To write all data in the battery backed cache to disks
2558 */
2559 hpsa_flush_cache(h);
2560 @@ -51702,7 +51700,7 @@ index 528bff5..84963854 100644
2561 hpsa_free_irqs_and_disable_msix(h);
2562 }
2563
2564 -@@ -5162,7 +5162,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags)
2565 +@@ -5176,7 +5176,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags)
2566 return;
2567 }
2568 /* Change the access methods to the performant access methods */
2569 @@ -55240,6 +55238,19 @@ index 8cfc319..4868255 100644
2570
2571 return 0;
2572 }
2573 +diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c
2574 +index 3740a3f..466ec15 100644
2575 +--- a/drivers/usb/gadget/configfs.c
2576 ++++ b/drivers/usb/gadget/configfs.c
2577 +@@ -560,7 +560,7 @@ static struct config_group *function_make(
2578 + if (IS_ERR(fi))
2579 + return ERR_CAST(fi);
2580 +
2581 +- ret = config_item_set_name(&fi->group.cg_item, name);
2582 ++ ret = config_item_set_name(&fi->group.cg_item, "%s", name);
2583 + if (ret) {
2584 + usb_put_function_instance(fi);
2585 + return ERR_PTR(ret);
2586 diff --git a/drivers/usb/gadget/f_uac1.c b/drivers/usb/gadget/f_uac1.c
2587 index 2b4c82d..06a8ee6 100644
2588 --- a/drivers/usb/gadget/f_uac1.c
2589 @@ -66906,7 +66917,7 @@ index 1e86823..8e34695 100644
2590 else if (whole->bd_holder != NULL)
2591 return false; /* is a partition of a held device */
2592 diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
2593 -index 93de3ba..0e1cf23 100644
2594 +index f8ffee4..b82e697 100644
2595 --- a/fs/btrfs/ctree.c
2596 +++ b/fs/btrfs/ctree.c
2597 @@ -1216,9 +1216,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
2598 @@ -67968,6 +67979,28 @@ index e081acb..911df21 100644
2599
2600 /*
2601 * We'll have a dentry and an inode for
2602 +diff --git a/fs/configfs/item.c b/fs/configfs/item.c
2603 +index 50cee7f..8238ebd 100644
2604 +--- a/fs/configfs/item.c
2605 ++++ b/fs/configfs/item.c
2606 +@@ -116,7 +116,7 @@ void config_item_init_type_name(struct config_item *item,
2607 + const char *name,
2608 + struct config_item_type *type)
2609 + {
2610 +- config_item_set_name(item, name);
2611 ++ config_item_set_name(item, "%s", name);
2612 + item->ci_type = type;
2613 + config_item_init(item);
2614 + }
2615 +@@ -125,7 +125,7 @@ EXPORT_SYMBOL(config_item_init_type_name);
2616 + void config_group_init_type_name(struct config_group *group, const char *name,
2617 + struct config_item_type *type)
2618 + {
2619 +- config_item_set_name(&group->cg_item, name);
2620 ++ config_item_set_name(&group->cg_item, "%s", name);
2621 + group->cg_item.ci_type = type;
2622 + config_group_init(group);
2623 + }
2624 diff --git a/fs/coredump.c b/fs/coredump.c
2625 index a93f7e6..d58bcbe 100644
2626 --- a/fs/coredump.c
2627 @@ -75409,7 +75442,7 @@ index 1d641bb..9ca7f61 100644
2628 {
2629 const struct seq_operations *op = ((struct seq_file *)file->private_data)->op;
2630 diff --git a/fs/splice.c b/fs/splice.c
2631 -index 12028fa..2cde9b2 100644
2632 +index f345d53..f6e7484 100644
2633 --- a/fs/splice.c
2634 +++ b/fs/splice.c
2635 @@ -196,7 +196,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
2636 @@ -75491,7 +75524,7 @@ index 12028fa..2cde9b2 100644
2637 return 0;
2638
2639 if (sd->flags & SPLICE_F_NONBLOCK)
2640 -@@ -1171,7 +1171,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2641 +@@ -1175,7 +1175,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2642 long ret, bytes;
2643 umode_t i_mode;
2644 size_t len;
2645 @@ -75500,7 +75533,7 @@ index 12028fa..2cde9b2 100644
2646
2647 /*
2648 * We require the input being a regular file, as we don't want to
2649 -@@ -1197,7 +1197,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2650 +@@ -1201,7 +1201,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2651 * out of the pipe right after the splice_to_pipe(). So set
2652 * PIPE_READERS appropriately.
2653 */
2654 @@ -75509,7 +75542,7 @@ index 12028fa..2cde9b2 100644
2655
2656 current->splice_pipe = pipe;
2657 }
2658 -@@ -1214,6 +1214,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2659 +@@ -1218,6 +1218,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2660 * Don't block on output, we have to drain the direct pipe.
2661 */
2662 sd->flags &= ~SPLICE_F_NONBLOCK;
2663 @@ -75517,7 +75550,7 @@ index 12028fa..2cde9b2 100644
2664
2665 while (len) {
2666 size_t read_len;
2667 -@@ -1227,6 +1228,15 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2668 +@@ -1231,6 +1232,15 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
2669 sd->total_len = read_len;
2670
2671 /*
2672 @@ -75533,7 +75566,7 @@ index 12028fa..2cde9b2 100644
2673 * NOTE: nonblocking mode only applies to the input. We
2674 * must not do the output in nonblocking mode as then we
2675 * could get stuck data in the internal pipe:
2676 -@@ -1493,6 +1503,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
2677 +@@ -1497,6 +1507,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
2678
2679 partial[buffers].offset = off;
2680 partial[buffers].len = plen;
2681 @@ -75541,7 +75574,7 @@ index 12028fa..2cde9b2 100644
2682
2683 off = 0;
2684 len -= plen;
2685 -@@ -1795,9 +1806,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
2686 +@@ -1799,9 +1810,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
2687 ret = -ERESTARTSYS;
2688 break;
2689 }
2690 @@ -75553,7 +75586,7 @@ index 12028fa..2cde9b2 100644
2691 if (flags & SPLICE_F_NONBLOCK) {
2692 ret = -EAGAIN;
2693 break;
2694 -@@ -1829,7 +1840,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
2695 +@@ -1833,7 +1844,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
2696 pipe_lock(pipe);
2697
2698 while (pipe->nrbufs >= pipe->buffers) {
2699 @@ -75562,7 +75595,7 @@ index 12028fa..2cde9b2 100644
2700 send_sig(SIGPIPE, current, 0);
2701 ret = -EPIPE;
2702 break;
2703 -@@ -1842,9 +1853,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
2704 +@@ -1846,9 +1857,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
2705 ret = -ERESTARTSYS;
2706 break;
2707 }
2708 @@ -75574,7 +75607,7 @@ index 12028fa..2cde9b2 100644
2709 }
2710
2711 pipe_unlock(pipe);
2712 -@@ -1880,14 +1891,14 @@ retry:
2713 +@@ -1884,14 +1895,14 @@ retry:
2714 pipe_double_lock(ipipe, opipe);
2715
2716 do {
2717 @@ -75591,7 +75624,7 @@ index 12028fa..2cde9b2 100644
2718 break;
2719
2720 /*
2721 -@@ -1984,7 +1995,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
2722 +@@ -1988,7 +1999,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
2723 pipe_double_lock(ipipe, opipe);
2724
2725 do {
2726 @@ -75600,7 +75633,7 @@ index 12028fa..2cde9b2 100644
2727 send_sig(SIGPIPE, current, 0);
2728 if (!ret)
2729 ret = -EPIPE;
2730 -@@ -2029,7 +2040,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
2731 +@@ -2033,7 +2044,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
2732 * return EAGAIN if we have the potential of some data in the
2733 * future, otherwise just return 0
2734 */
2735 @@ -81750,7 +81783,7 @@ index 0000000..4c7e00a
2736 +}
2737 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
2738 new file mode 100644
2739 -index 0000000..f056b81
2740 +index 0000000..ed6ee43
2741 --- /dev/null
2742 +++ b/grsecurity/gracl_ip.c
2743 @@ -0,0 +1,386 @@
2744 @@ -81824,7 +81857,7 @@ index 0000000..f056b81
2745 + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
2746 + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
2747 + "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
2748 -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
2749 ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf", "alg", "nfc", "vsock"
2750 + };
2751 +
2752 +const char *
2753 @@ -89322,9 +89355,18 @@ index 5d5aaae..0ea9b84 100644
2754 extern bool completion_done(struct completion *x);
2755
2756 diff --git a/include/linux/configfs.h b/include/linux/configfs.h
2757 -index 34025df..d94bbbc 100644
2758 +index 34025df..2a6ee32 100644
2759 --- a/include/linux/configfs.h
2760 +++ b/include/linux/configfs.h
2761 +@@ -64,7 +64,7 @@ struct config_item {
2762 + struct dentry *ci_dentry;
2763 + };
2764 +
2765 +-extern int config_item_set_name(struct config_item *, const char *, ...);
2766 ++extern __printf(2, 3) int config_item_set_name(struct config_item *, const char *, ...);
2767 +
2768 + static inline char *config_item_name(struct config_item * item)
2769 + {
2770 @@ -125,7 +125,7 @@ struct configfs_attribute {
2771 const char *ca_name;
2772 struct module *ca_owner;
2773 @@ -114514,7 +114556,7 @@ index f042ae5..30ea486 100644
2774 }
2775 EXPORT_SYMBOL(nf_unregister_sockopt);
2776 diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
2777 -index c68e5e0..3bed3f0 100644
2778 +index 99de240..539632e 100644
2779 --- a/net/netfilter/nf_tables_api.c
2780 +++ b/net/netfilter/nf_tables_api.c
2781 @@ -152,8 +152,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi,
2782 @@ -114576,10 +114618,10 @@ index 108120f..5b169db 100644
2783 queued = 0;
2784 err = 0;
2785 diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
2786 -index 7350723..af7fa0d 100644
2787 +index 9695895..f0a05e6 100644
2788 --- a/net/netfilter/nft_compat.c
2789 +++ b/net/netfilter/nft_compat.c
2790 -@@ -216,7 +216,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in)
2791 +@@ -219,7 +219,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in)
2792 /* We want to reuse existing compat_to_user */
2793 old_fs = get_fs();
2794 set_fs(KERNEL_DS);
2795 @@ -114588,7 +114630,7 @@ index 7350723..af7fa0d 100644
2796 set_fs(old_fs);
2797 ret = nla_put(skb, NFTA_TARGET_INFO, XT_ALIGN(t->targetsize), out);
2798 kfree(out);
2799 -@@ -283,14 +283,7 @@ static void nft_match_eval(const struct nft_expr *expr,
2800 +@@ -286,14 +286,7 @@ static void nft_match_eval(const struct nft_expr *expr,
2801 return;
2802 }
2803
2804 @@ -114604,7 +114646,7 @@ index 7350723..af7fa0d 100644
2805 }
2806
2807 static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = {
2808 -@@ -403,7 +396,7 @@ match_dump_info(struct sk_buff *skb, const struct xt_match *m, const void *in)
2809 +@@ -409,7 +402,7 @@ match_dump_info(struct sk_buff *skb, const struct xt_match *m, const void *in)
2810 /* We want to reuse existing compat_to_user */
2811 old_fs = get_fs();
2812 set_fs(KERNEL_DS);
2813
2814 diff --git a/3.14.46/4425_grsec_remove_EI_PAX.patch b/3.14.47/4425_grsec_remove_EI_PAX.patch
2815 similarity index 100%
2816 rename from 3.14.46/4425_grsec_remove_EI_PAX.patch
2817 rename to 3.14.47/4425_grsec_remove_EI_PAX.patch
2818
2819 diff --git a/3.14.46/4427_force_XATTR_PAX_tmpfs.patch b/3.14.47/4427_force_XATTR_PAX_tmpfs.patch
2820 similarity index 100%
2821 rename from 3.14.46/4427_force_XATTR_PAX_tmpfs.patch
2822 rename to 3.14.47/4427_force_XATTR_PAX_tmpfs.patch
2823
2824 diff --git a/3.14.46/4430_grsec-remove-localversion-grsec.patch b/3.14.47/4430_grsec-remove-localversion-grsec.patch
2825 similarity index 100%
2826 rename from 3.14.46/4430_grsec-remove-localversion-grsec.patch
2827 rename to 3.14.47/4430_grsec-remove-localversion-grsec.patch
2828
2829 diff --git a/3.14.46/4435_grsec-mute-warnings.patch b/3.14.47/4435_grsec-mute-warnings.patch
2830 similarity index 100%
2831 rename from 3.14.46/4435_grsec-mute-warnings.patch
2832 rename to 3.14.47/4435_grsec-mute-warnings.patch
2833
2834 diff --git a/3.14.46/4440_grsec-remove-protected-paths.patch b/3.14.47/4440_grsec-remove-protected-paths.patch
2835 similarity index 100%
2836 rename from 3.14.46/4440_grsec-remove-protected-paths.patch
2837 rename to 3.14.47/4440_grsec-remove-protected-paths.patch
2838
2839 diff --git a/3.14.46/4450_grsec-kconfig-default-gids.patch b/3.14.47/4450_grsec-kconfig-default-gids.patch
2840 similarity index 100%
2841 rename from 3.14.46/4450_grsec-kconfig-default-gids.patch
2842 rename to 3.14.47/4450_grsec-kconfig-default-gids.patch
2843
2844 diff --git a/3.14.46/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.47/4465_selinux-avc_audit-log-curr_ip.patch
2845 similarity index 100%
2846 rename from 3.14.46/4465_selinux-avc_audit-log-curr_ip.patch
2847 rename to 3.14.47/4465_selinux-avc_audit-log-curr_ip.patch
2848
2849 diff --git a/3.14.46/4470_disable-compat_vdso.patch b/3.14.47/4470_disable-compat_vdso.patch
2850 similarity index 100%
2851 rename from 3.14.46/4470_disable-compat_vdso.patch
2852 rename to 3.14.47/4470_disable-compat_vdso.patch
2853
2854 diff --git a/3.14.46/4475_emutramp_default_on.patch b/3.14.47/4475_emutramp_default_on.patch
2855 similarity index 100%
2856 rename from 3.14.46/4475_emutramp_default_on.patch
2857 rename to 3.14.47/4475_emutramp_default_on.patch
2858
2859 diff --git a/3.2.69/0000_README b/3.2.69/0000_README
2860 index d006716..6773701 100644
2861 --- a/3.2.69/0000_README
2862 +++ b/3.2.69/0000_README
2863 @@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch
2864 From: http://www.kernel.org
2865 Desc: Linux 3.2.69
2866
2867 -Patch: 4420_grsecurity-3.1-3.2.69-201506300708.patch
2868 +Patch: 4420_grsecurity-3.1-3.2.69-201507050830.patch
2869 From: http://www.grsecurity.net
2870 Desc: hardened-sources base patch from upstream grsecurity
2871
2872
2873 diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201507050830.patch
2874 similarity index 99%
2875 rename from 3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch
2876 rename to 3.2.69/4420_grsecurity-3.1-3.2.69-201507050830.patch
2877 index e8aabfa..57ddd0b 100644
2878 --- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch
2879 +++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201507050830.patch
2880 @@ -59119,6 +59119,28 @@ index 5ef72c8..0c72810 100644
2881
2882 /*
2883 * We'll have a dentry and an inode for
2884 +diff --git a/fs/configfs/item.c b/fs/configfs/item.c
2885 +index 50cee7f..8238ebd 100644
2886 +--- a/fs/configfs/item.c
2887 ++++ b/fs/configfs/item.c
2888 +@@ -116,7 +116,7 @@ void config_item_init_type_name(struct config_item *item,
2889 + const char *name,
2890 + struct config_item_type *type)
2891 + {
2892 +- config_item_set_name(item, name);
2893 ++ config_item_set_name(item, "%s", name);
2894 + item->ci_type = type;
2895 + config_item_init(item);
2896 + }
2897 +@@ -125,7 +125,7 @@ EXPORT_SYMBOL(config_item_init_type_name);
2898 + void config_group_init_type_name(struct config_group *group, const char *name,
2899 + struct config_item_type *type)
2900 + {
2901 +- config_item_set_name(&group->cg_item, name);
2902 ++ config_item_set_name(&group->cg_item, "%s", name);
2903 + group->cg_item.ci_type = type;
2904 + config_group_init(group);
2905 + }
2906 diff --git a/fs/configfs/mount.c b/fs/configfs/mount.c
2907 index 276e15c..aeac324 100644
2908 --- a/fs/configfs/mount.c
2909 @@ -73326,7 +73348,7 @@ index 0000000..b916759
2910 +}
2911 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
2912 new file mode 100644
2913 -index 0000000..35f8064
2914 +index 0000000..e0bbcf4
2915 --- /dev/null
2916 +++ b/grsecurity/gracl_ip.c
2917 @@ -0,0 +1,386 @@
2918 @@ -73400,7 +73422,7 @@ index 0000000..35f8064
2919 + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
2920 + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
2921 + "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
2922 -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
2923 ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf", "alg", "nfc"
2924 + };
2925 +
2926 +const char *
2927 @@ -81044,9 +81066,18 @@ index 51494e6..340575ab 100644
2928 extern bool completion_done(struct completion *x);
2929
2930 diff --git a/include/linux/configfs.h b/include/linux/configfs.h
2931 -index 3081c58..7714c00 100644
2932 +index 3081c58..5a0b545 100644
2933 --- a/include/linux/configfs.h
2934 +++ b/include/linux/configfs.h
2935 +@@ -64,7 +64,7 @@ struct config_item {
2936 + struct dentry *ci_dentry;
2937 + };
2938 +
2939 +-extern int config_item_set_name(struct config_item *, const char *, ...);
2940 ++extern __printf(2, 3) int config_item_set_name(struct config_item *, const char *, ...);
2941 +
2942 + static inline char *config_item_name(struct config_item * item)
2943 + {
2944 @@ -125,7 +125,7 @@ struct configfs_attribute {
2945 const char *ca_name;
2946 struct module *ca_owner;
2947
2948 diff --git a/4.0.7/0000_README b/4.0.7/0000_README
2949 index 1c85007..fc634e5 100644
2950 --- a/4.0.7/0000_README
2951 +++ b/4.0.7/0000_README
2952 @@ -2,11 +2,7 @@ README
2953 -----------------------------------------------------------------------------
2954 Individual Patch Descriptions:
2955 -----------------------------------------------------------------------------
2956 -Patch: 1006_linux-4.0.7.patch
2957 -From: http://www.kernel.org
2958 -Desc: Linux 4.0.7
2959 -
2960 -Patch: 4420_grsecurity-3.1-4.0.7-201506300712.patch
2961 +Patch: 4420_grsecurity-3.1-4.0.7-201507050833.patch
2962 From: http://www.grsecurity.net
2963 Desc: hardened-sources base patch from upstream grsecurity
2964
2965
2966 diff --git a/4.0.7/1006_linux-4.0.7.patch b/4.0.7/1006_linux-4.0.7.patch
2967 deleted file mode 100644
2968 index 0b9b646..0000000
2969 --- a/4.0.7/1006_linux-4.0.7.patch
2970 +++ /dev/null
2971 @@ -1,707 +0,0 @@
2972 -diff --git a/Makefile b/Makefile
2973 -index af6da04..bd76a8e 100644
2974 ---- a/Makefile
2975 -+++ b/Makefile
2976 -@@ -1,6 +1,6 @@
2977 - VERSION = 4
2978 - PATCHLEVEL = 0
2979 --SUBLEVEL = 6
2980 -+SUBLEVEL = 7
2981 - EXTRAVERSION =
2982 - NAME = Hurr durr I'ma sheep
2983 -
2984 -diff --git a/arch/arm/mach-exynos/common.h b/arch/arm/mach-exynos/common.h
2985 -index f70eca7..0ef8d4b 100644
2986 ---- a/arch/arm/mach-exynos/common.h
2987 -+++ b/arch/arm/mach-exynos/common.h
2988 -@@ -153,6 +153,8 @@ extern void exynos_enter_aftr(void);
2989 -
2990 - extern struct cpuidle_exynos_data cpuidle_coupled_exynos_data;
2991 -
2992 -+extern void exynos_set_delayed_reset_assertion(bool enable);
2993 -+
2994 - extern void s5p_init_cpu(void __iomem *cpuid_addr);
2995 - extern unsigned int samsung_rev(void);
2996 - extern void __iomem *cpu_boot_reg_base(void);
2997 -diff --git a/arch/arm/mach-exynos/exynos.c b/arch/arm/mach-exynos/exynos.c
2998 -index 9e9dfdf..1081ff1 100644
2999 ---- a/arch/arm/mach-exynos/exynos.c
3000 -+++ b/arch/arm/mach-exynos/exynos.c
3001 -@@ -166,6 +166,33 @@ static void __init exynos_init_io(void)
3002 - exynos_map_io();
3003 - }
3004 -
3005 -+/*
3006 -+ * Set or clear the USE_DELAYED_RESET_ASSERTION option. Used by smp code
3007 -+ * and suspend.
3008 -+ *
3009 -+ * This is necessary only on Exynos4 SoCs. When system is running
3010 -+ * USE_DELAYED_RESET_ASSERTION should be set so the ARM CLK clock down
3011 -+ * feature could properly detect global idle state when secondary CPU is
3012 -+ * powered down.
3013 -+ *
3014 -+ * However this should not be set when such system is going into suspend.
3015 -+ */
3016 -+void exynos_set_delayed_reset_assertion(bool enable)
3017 -+{
3018 -+ if (soc_is_exynos4()) {
3019 -+ unsigned int tmp, core_id;
3020 -+
3021 -+ for (core_id = 0; core_id < num_possible_cpus(); core_id++) {
3022 -+ tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id));
3023 -+ if (enable)
3024 -+ tmp |= S5P_USE_DELAYED_RESET_ASSERTION;
3025 -+ else
3026 -+ tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION);
3027 -+ pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id));
3028 -+ }
3029 -+ }
3030 -+}
3031 -+
3032 - static const struct of_device_id exynos_dt_pmu_match[] = {
3033 - { .compatible = "samsung,exynos3250-pmu" },
3034 - { .compatible = "samsung,exynos4210-pmu" },
3035 -diff --git a/arch/arm/mach-exynos/platsmp.c b/arch/arm/mach-exynos/platsmp.c
3036 -index d2e9f12..d45e8cd 100644
3037 ---- a/arch/arm/mach-exynos/platsmp.c
3038 -+++ b/arch/arm/mach-exynos/platsmp.c
3039 -@@ -34,30 +34,6 @@
3040 -
3041 - extern void exynos4_secondary_startup(void);
3042 -
3043 --/*
3044 -- * Set or clear the USE_DELAYED_RESET_ASSERTION option, set on Exynos4 SoCs
3045 -- * during hot-(un)plugging CPUx.
3046 -- *
3047 -- * The feature can be cleared safely during first boot of secondary CPU.
3048 -- *
3049 -- * Exynos4 SoCs require setting USE_DELAYED_RESET_ASSERTION during powering
3050 -- * down a CPU so the CPU idle clock down feature could properly detect global
3051 -- * idle state when CPUx is off.
3052 -- */
3053 --static void exynos_set_delayed_reset_assertion(u32 core_id, bool enable)
3054 --{
3055 -- if (soc_is_exynos4()) {
3056 -- unsigned int tmp;
3057 --
3058 -- tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id));
3059 -- if (enable)
3060 -- tmp |= S5P_USE_DELAYED_RESET_ASSERTION;
3061 -- else
3062 -- tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION);
3063 -- pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id));
3064 -- }
3065 --}
3066 --
3067 - #ifdef CONFIG_HOTPLUG_CPU
3068 - static inline void cpu_leave_lowpower(u32 core_id)
3069 - {
3070 -@@ -73,8 +49,6 @@ static inline void cpu_leave_lowpower(u32 core_id)
3071 - : "=&r" (v)
3072 - : "Ir" (CR_C), "Ir" (0x40)
3073 - : "cc");
3074 --
3075 -- exynos_set_delayed_reset_assertion(core_id, false);
3076 - }
3077 -
3078 - static inline void platform_do_lowpower(unsigned int cpu, int *spurious)
3079 -@@ -87,14 +61,6 @@ static inline void platform_do_lowpower(unsigned int cpu, int *spurious)
3080 - /* Turn the CPU off on next WFI instruction. */
3081 - exynos_cpu_power_down(core_id);
3082 -
3083 -- /*
3084 -- * Exynos4 SoCs require setting
3085 -- * USE_DELAYED_RESET_ASSERTION so the CPU idle
3086 -- * clock down feature could properly detect
3087 -- * global idle state when CPUx is off.
3088 -- */
3089 -- exynos_set_delayed_reset_assertion(core_id, true);
3090 --
3091 - wfi();
3092 -
3093 - if (pen_release == core_id) {
3094 -@@ -354,9 +320,6 @@ static int exynos_boot_secondary(unsigned int cpu, struct task_struct *idle)
3095 - udelay(10);
3096 - }
3097 -
3098 -- /* No harm if this is called during first boot of secondary CPU */
3099 -- exynos_set_delayed_reset_assertion(core_id, false);
3100 --
3101 - /*
3102 - * now the secondary core is starting up let it run its
3103 - * calibrations, then wait for it to finish
3104 -@@ -403,6 +366,8 @@ static void __init exynos_smp_prepare_cpus(unsigned int max_cpus)
3105 -
3106 - exynos_sysram_init();
3107 -
3108 -+ exynos_set_delayed_reset_assertion(true);
3109 -+
3110 - if (read_cpuid_part() == ARM_CPU_PART_CORTEX_A9)
3111 - scu_enable(scu_base_addr());
3112 -
3113 -diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
3114 -index 318d127..582ef2d 100644
3115 ---- a/arch/arm/mach-exynos/suspend.c
3116 -+++ b/arch/arm/mach-exynos/suspend.c
3117 -@@ -235,6 +235,8 @@ static void exynos_pm_enter_sleep_mode(void)
3118 -
3119 - static void exynos_pm_prepare(void)
3120 - {
3121 -+ exynos_set_delayed_reset_assertion(false);
3122 -+
3123 - /* Set wake-up mask registers */
3124 - exynos_pm_set_wakeup_mask();
3125 -
3126 -@@ -383,6 +385,7 @@ early_wakeup:
3127 -
3128 - /* Clear SLEEP mode set in INFORM1 */
3129 - pmu_raw_writel(0x0, S5P_INFORM1);
3130 -+ exynos_set_delayed_reset_assertion(true);
3131 - }
3132 -
3133 - static void exynos3250_pm_resume(void)
3134 -diff --git a/arch/powerpc/kernel/idle_power7.S b/arch/powerpc/kernel/idle_power7.S
3135 -index 05adc8b..401d8d0 100644
3136 ---- a/arch/powerpc/kernel/idle_power7.S
3137 -+++ b/arch/powerpc/kernel/idle_power7.S
3138 -@@ -500,9 +500,11 @@ BEGIN_FTR_SECTION
3139 - CHECK_HMI_INTERRUPT
3140 - END_FTR_SECTION_IFSET(CPU_FTR_HVMODE)
3141 - ld r1,PACAR1(r13)
3142 -+ ld r6,_CCR(r1)
3143 - ld r4,_MSR(r1)
3144 - ld r5,_NIP(r1)
3145 - addi r1,r1,INT_FRAME_SIZE
3146 -+ mtcr r6
3147 - mtspr SPRN_SRR1,r4
3148 - mtspr SPRN_SRR0,r5
3149 - rfid
3150 -diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
3151 -index 4e3d5a9..03189d8 100644
3152 ---- a/arch/x86/kernel/kprobes/core.c
3153 -+++ b/arch/x86/kernel/kprobes/core.c
3154 -@@ -354,6 +354,7 @@ int __copy_instruction(u8 *dest, u8 *src)
3155 - {
3156 - struct insn insn;
3157 - kprobe_opcode_t buf[MAX_INSN_SIZE];
3158 -+ int length;
3159 - unsigned long recovered_insn =
3160 - recover_probed_instruction(buf, (unsigned long)src);
3161 -
3162 -@@ -361,16 +362,18 @@ int __copy_instruction(u8 *dest, u8 *src)
3163 - return 0;
3164 - kernel_insn_init(&insn, (void *)recovered_insn, MAX_INSN_SIZE);
3165 - insn_get_length(&insn);
3166 -+ length = insn.length;
3167 -+
3168 - /* Another subsystem puts a breakpoint, failed to recover */
3169 - if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
3170 - return 0;
3171 -- memcpy(dest, insn.kaddr, insn.length);
3172 -+ memcpy(dest, insn.kaddr, length);
3173 -
3174 - #ifdef CONFIG_X86_64
3175 - if (insn_rip_relative(&insn)) {
3176 - s64 newdisp;
3177 - u8 *disp;
3178 -- kernel_insn_init(&insn, dest, insn.length);
3179 -+ kernel_insn_init(&insn, dest, length);
3180 - insn_get_displacement(&insn);
3181 - /*
3182 - * The copied instruction uses the %rip-relative addressing
3183 -@@ -394,7 +397,7 @@ int __copy_instruction(u8 *dest, u8 *src)
3184 - *(s32 *) disp = (s32) newdisp;
3185 - }
3186 - #endif
3187 -- return insn.length;
3188 -+ return length;
3189 - }
3190 -
3191 - static int arch_copy_kprobe(struct kprobe *p)
3192 -diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
3193 -index 4ee827d..3cb2b58 100644
3194 ---- a/arch/x86/kvm/lapic.c
3195 -+++ b/arch/x86/kvm/lapic.c
3196 -@@ -1064,6 +1064,17 @@ static void update_divide_count(struct kvm_lapic *apic)
3197 - apic->divide_count);
3198 - }
3199 -
3200 -+static void apic_update_lvtt(struct kvm_lapic *apic)
3201 -+{
3202 -+ u32 timer_mode = kvm_apic_get_reg(apic, APIC_LVTT) &
3203 -+ apic->lapic_timer.timer_mode_mask;
3204 -+
3205 -+ if (apic->lapic_timer.timer_mode != timer_mode) {
3206 -+ apic->lapic_timer.timer_mode = timer_mode;
3207 -+ hrtimer_cancel(&apic->lapic_timer.timer);
3208 -+ }
3209 -+}
3210 -+
3211 - static void apic_timer_expired(struct kvm_lapic *apic)
3212 - {
3213 - struct kvm_vcpu *vcpu = apic->vcpu;
3214 -@@ -1272,6 +1283,7 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
3215 - apic_set_reg(apic, APIC_LVTT + 0x10 * i,
3216 - lvt_val | APIC_LVT_MASKED);
3217 - }
3218 -+ apic_update_lvtt(apic);
3219 - atomic_set(&apic->lapic_timer.pending, 0);
3220 -
3221 - }
3222 -@@ -1304,20 +1316,13 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
3223 -
3224 - break;
3225 -
3226 -- case APIC_LVTT: {
3227 -- u32 timer_mode = val & apic->lapic_timer.timer_mode_mask;
3228 --
3229 -- if (apic->lapic_timer.timer_mode != timer_mode) {
3230 -- apic->lapic_timer.timer_mode = timer_mode;
3231 -- hrtimer_cancel(&apic->lapic_timer.timer);
3232 -- }
3233 --
3234 -+ case APIC_LVTT:
3235 - if (!kvm_apic_sw_enabled(apic))
3236 - val |= APIC_LVT_MASKED;
3237 - val &= (apic_lvt_mask[0] | apic->lapic_timer.timer_mode_mask);
3238 - apic_set_reg(apic, APIC_LVTT, val);
3239 -+ apic_update_lvtt(apic);
3240 - break;
3241 -- }
3242 -
3243 - case APIC_TMICT:
3244 - if (apic_lvtt_tscdeadline(apic))
3245 -@@ -1552,7 +1557,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
3246 -
3247 - for (i = 0; i < APIC_LVT_NUM; i++)
3248 - apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED);
3249 -- apic->lapic_timer.timer_mode = 0;
3250 -+ apic_update_lvtt(apic);
3251 - apic_set_reg(apic, APIC_LVT0,
3252 - SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT));
3253 -
3254 -@@ -1778,6 +1783,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu,
3255 -
3256 - apic_update_ppr(apic);
3257 - hrtimer_cancel(&apic->lapic_timer.timer);
3258 -+ apic_update_lvtt(apic);
3259 - update_divide_count(apic);
3260 - start_apic_timer(apic);
3261 - apic->irr_pending = true;
3262 -diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
3263 -index 288547a..f26ebc5 100644
3264 ---- a/drivers/bluetooth/ath3k.c
3265 -+++ b/drivers/bluetooth/ath3k.c
3266 -@@ -80,6 +80,7 @@ static const struct usb_device_id ath3k_table[] = {
3267 - { USB_DEVICE(0x0489, 0xe057) },
3268 - { USB_DEVICE(0x0489, 0xe056) },
3269 - { USB_DEVICE(0x0489, 0xe05f) },
3270 -+ { USB_DEVICE(0x0489, 0xe076) },
3271 - { USB_DEVICE(0x0489, 0xe078) },
3272 - { USB_DEVICE(0x04c5, 0x1330) },
3273 - { USB_DEVICE(0x04CA, 0x3004) },
3274 -@@ -111,6 +112,7 @@ static const struct usb_device_id ath3k_table[] = {
3275 - { USB_DEVICE(0x13d3, 0x3408) },
3276 - { USB_DEVICE(0x13d3, 0x3423) },
3277 - { USB_DEVICE(0x13d3, 0x3432) },
3278 -+ { USB_DEVICE(0x13d3, 0x3474) },
3279 -
3280 - /* Atheros AR5BBU12 with sflash firmware */
3281 - { USB_DEVICE(0x0489, 0xE02C) },
3282 -@@ -135,6 +137,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
3283 - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
3284 - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
3285 - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
3286 -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
3287 - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
3288 - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
3289 - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
3290 -@@ -166,6 +169,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
3291 - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
3292 - { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
3293 - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
3294 -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
3295 -
3296 - /* Atheros AR5BBU22 with sflash firmware */
3297 - { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 },
3298 -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
3299 -index 2c527da..4fc4157 100644
3300 ---- a/drivers/bluetooth/btusb.c
3301 -+++ b/drivers/bluetooth/btusb.c
3302 -@@ -174,6 +174,7 @@ static const struct usb_device_id blacklist_table[] = {
3303 - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
3304 - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
3305 - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
3306 -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
3307 - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
3308 - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
3309 - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
3310 -@@ -205,6 +206,7 @@ static const struct usb_device_id blacklist_table[] = {
3311 - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
3312 - { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
3313 - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
3314 -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
3315 -
3316 - /* Atheros AR5BBU12 with sflash firmware */
3317 - { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
3318 -diff --git a/drivers/clk/at91/clk-pll.c b/drivers/clk/at91/clk-pll.c
3319 -index 6ec79db..cbbe403 100644
3320 ---- a/drivers/clk/at91/clk-pll.c
3321 -+++ b/drivers/clk/at91/clk-pll.c
3322 -@@ -173,8 +173,7 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate,
3323 - int i = 0;
3324 -
3325 - /* Check if parent_rate is a valid input rate */
3326 -- if (parent_rate < characteristics->input.min ||
3327 -- parent_rate > characteristics->input.max)
3328 -+ if (parent_rate < characteristics->input.min)
3329 - return -ERANGE;
3330 -
3331 - /*
3332 -@@ -187,6 +186,15 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate,
3333 - if (!mindiv)
3334 - mindiv = 1;
3335 -
3336 -+ if (parent_rate > characteristics->input.max) {
3337 -+ tmpdiv = DIV_ROUND_UP(parent_rate, characteristics->input.max);
3338 -+ if (tmpdiv > PLL_DIV_MAX)
3339 -+ return -ERANGE;
3340 -+
3341 -+ if (tmpdiv > mindiv)
3342 -+ mindiv = tmpdiv;
3343 -+ }
3344 -+
3345 - /*
3346 - * Calculate the maximum divider which is limited by PLL register
3347 - * layout (limited by the MUL or DIV field size).
3348 -diff --git a/drivers/clk/at91/pmc.h b/drivers/clk/at91/pmc.h
3349 -index 69abb08..eb8e5dc 100644
3350 ---- a/drivers/clk/at91/pmc.h
3351 -+++ b/drivers/clk/at91/pmc.h
3352 -@@ -121,7 +121,7 @@ extern void __init of_at91sam9x5_clk_smd_setup(struct device_node *np,
3353 - struct at91_pmc *pmc);
3354 - #endif
3355 -
3356 --#if defined(CONFIG_HAVE_AT91_SMD)
3357 -+#if defined(CONFIG_HAVE_AT91_H32MX)
3358 - extern void __init of_sama5d4_clk_h32mx_setup(struct device_node *np,
3359 - struct at91_pmc *pmc);
3360 - #endif
3361 -diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
3362 -index f347ab7..08b0da2 100644
3363 ---- a/drivers/crypto/caam/caamhash.c
3364 -+++ b/drivers/crypto/caam/caamhash.c
3365 -@@ -1543,6 +1543,8 @@ static int ahash_init(struct ahash_request *req)
3366 -
3367 - state->current_buf = 0;
3368 - state->buf_dma = 0;
3369 -+ state->buflen_0 = 0;
3370 -+ state->buflen_1 = 0;
3371 -
3372 - return 0;
3373 - }
3374 -diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
3375 -index ae31e55..a48dc25 100644
3376 ---- a/drivers/crypto/caam/caamrng.c
3377 -+++ b/drivers/crypto/caam/caamrng.c
3378 -@@ -56,7 +56,7 @@
3379 -
3380 - /* Buffer, its dma address and lock */
3381 - struct buf_data {
3382 -- u8 buf[RN_BUF_SIZE];
3383 -+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
3384 - dma_addr_t addr;
3385 - struct completion filled;
3386 - u32 hw_desc[DESC_JOB_O_LEN];
3387 -diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
3388 -index ec4d932..169123a 100644
3389 ---- a/drivers/gpu/drm/i915/i915_drv.c
3390 -+++ b/drivers/gpu/drm/i915/i915_drv.c
3391 -@@ -693,6 +693,16 @@ static int i915_drm_resume(struct drm_device *dev)
3392 - intel_init_pch_refclk(dev);
3393 - drm_mode_config_reset(dev);
3394 -
3395 -+ /*
3396 -+ * Interrupts have to be enabled before any batches are run.
3397 -+ * If not the GPU will hang. i915_gem_init_hw() will initiate
3398 -+ * batches to update/restore the context.
3399 -+ *
3400 -+ * Modeset enabling in intel_modeset_init_hw() also needs
3401 -+ * working interrupts.
3402 -+ */
3403 -+ intel_runtime_pm_enable_interrupts(dev_priv);
3404 -+
3405 - mutex_lock(&dev->struct_mutex);
3406 - if (i915_gem_init_hw(dev)) {
3407 - DRM_ERROR("failed to re-initialize GPU, declaring wedged!\n");
3408 -@@ -700,9 +710,6 @@ static int i915_drm_resume(struct drm_device *dev)
3409 - }
3410 - mutex_unlock(&dev->struct_mutex);
3411 -
3412 -- /* We need working interrupts for modeset enabling ... */
3413 -- intel_runtime_pm_enable_interrupts(dev_priv);
3414 --
3415 - intel_modeset_init_hw(dev);
3416 -
3417 - spin_lock_irq(&dev_priv->irq_lock);
3418 -diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
3419 -index 7a628e4..9536ec3 100644
3420 ---- a/drivers/gpu/drm/i915/i915_gem.c
3421 -+++ b/drivers/gpu/drm/i915/i915_gem.c
3422 -@@ -2732,6 +2732,9 @@ void i915_gem_reset(struct drm_device *dev)
3423 - void
3424 - i915_gem_retire_requests_ring(struct intel_engine_cs *ring)
3425 - {
3426 -+ if (list_empty(&ring->request_list))
3427 -+ return;
3428 -+
3429 - WARN_ON(i915_verify_lists(ring->dev));
3430 -
3431 - /* Retire requests first as we use it above for the early return.
3432 -@@ -3088,8 +3091,8 @@ int i915_vma_unbind(struct i915_vma *vma)
3433 - } else if (vma->ggtt_view.pages) {
3434 - sg_free_table(vma->ggtt_view.pages);
3435 - kfree(vma->ggtt_view.pages);
3436 -- vma->ggtt_view.pages = NULL;
3437 - }
3438 -+ vma->ggtt_view.pages = NULL;
3439 - }
3440 -
3441 - drm_mm_remove_node(&vma->node);
3442 -diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c
3443 -index 9872ba9..2ffeda3 100644
3444 ---- a/drivers/gpu/drm/mgag200/mgag200_mode.c
3445 -+++ b/drivers/gpu/drm/mgag200/mgag200_mode.c
3446 -@@ -1526,6 +1526,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector,
3447 - return MODE_BANDWIDTH;
3448 - }
3449 -
3450 -+ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 ||
3451 -+ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) {
3452 -+ return MODE_H_ILLEGAL;
3453 -+ }
3454 -+
3455 - if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 ||
3456 - mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 ||
3457 - mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 ||
3458 -diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c
3459 -index 686411e..b82f2dd 100644
3460 ---- a/drivers/gpu/drm/radeon/radeon_kms.c
3461 -+++ b/drivers/gpu/drm/radeon/radeon_kms.c
3462 -@@ -547,6 +547,9 @@ static int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file
3463 - else
3464 - *value = 1;
3465 - break;
3466 -+ case RADEON_INFO_VA_UNMAP_WORKING:
3467 -+ *value = true;
3468 -+ break;
3469 - default:
3470 - DRM_DEBUG_KMS("Invalid request %d\n", info->request);
3471 - return -EINVAL;
3472 -diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
3473 -index 147029a..ac72ece 100644
3474 ---- a/drivers/infiniband/ulp/isert/ib_isert.c
3475 -+++ b/drivers/infiniband/ulp/isert/ib_isert.c
3476 -@@ -2316,7 +2316,6 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd,
3477 - page_off = offset % PAGE_SIZE;
3478 -
3479 - send_wr->sg_list = ib_sge;
3480 -- send_wr->num_sge = sg_nents;
3481 - send_wr->wr_id = (uintptr_t)&isert_cmd->tx_desc;
3482 - /*
3483 - * Perform mapping of TCM scatterlist memory ib_sge dma_addr.
3484 -@@ -2336,14 +2335,17 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd,
3485 - ib_sge->addr, ib_sge->length, ib_sge->lkey);
3486 - page_off = 0;
3487 - data_left -= ib_sge->length;
3488 -+ if (!data_left)
3489 -+ break;
3490 - ib_sge++;
3491 - isert_dbg("Incrementing ib_sge pointer to %p\n", ib_sge);
3492 - }
3493 -
3494 -+ send_wr->num_sge = ++i;
3495 - isert_dbg("Set outgoing sg_list: %p num_sg: %u from TCM SGLs\n",
3496 - send_wr->sg_list, send_wr->num_sge);
3497 -
3498 -- return sg_nents;
3499 -+ return send_wr->num_sge;
3500 - }
3501 -
3502 - static int
3503 -@@ -3311,6 +3313,7 @@ static void isert_free_conn(struct iscsi_conn *conn)
3504 - {
3505 - struct isert_conn *isert_conn = conn->context;
3506 -
3507 -+ isert_wait4flush(isert_conn);
3508 - isert_put_conn(isert_conn);
3509 - }
3510 -
3511 -diff --git a/drivers/md/dm.c b/drivers/md/dm.c
3512 -index 9b4e30a..beda011 100644
3513 ---- a/drivers/md/dm.c
3514 -+++ b/drivers/md/dm.c
3515 -@@ -1889,8 +1889,8 @@ static int map_request(struct dm_target *ti, struct request *rq,
3516 - dm_kill_unmapped_request(rq, r);
3517 - return r;
3518 - }
3519 -- if (IS_ERR(clone))
3520 -- return DM_MAPIO_REQUEUE;
3521 -+ if (r != DM_MAPIO_REMAPPED)
3522 -+ return r;
3523 - if (setup_clone(clone, rq, tio, GFP_KERNEL)) {
3524 - /* -ENOMEM */
3525 - ti->type->release_clone_rq(clone);
3526 -diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
3527 -index 75345c1..5c91df5 100644
3528 ---- a/drivers/net/wireless/b43/main.c
3529 -+++ b/drivers/net/wireless/b43/main.c
3530 -@@ -5365,6 +5365,10 @@ static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
3531 - *have_5ghz_phy = true;
3532 - return;
3533 - case 0x4321: /* BCM4306 */
3534 -+ /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
3535 -+ if (dev->phy.type != B43_PHYTYPE_G)
3536 -+ break;
3537 -+ /* fall through */
3538 - case 0x4313: /* BCM4311 */
3539 - case 0x431a: /* BCM4318 */
3540 - case 0x432a: /* BCM4321 */
3541 -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
3542 -index 220c0fd..50faef4 100644
3543 ---- a/drivers/usb/class/cdc-acm.c
3544 -+++ b/drivers/usb/class/cdc-acm.c
3545 -@@ -1468,6 +1468,11 @@ skip_countries:
3546 - goto alloc_fail8;
3547 - }
3548 -
3549 -+ if (quirks & CLEAR_HALT_CONDITIONS) {
3550 -+ usb_clear_halt(usb_dev, usb_rcvbulkpipe(usb_dev, epread->bEndpointAddress));
3551 -+ usb_clear_halt(usb_dev, usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress));
3552 -+ }
3553 -+
3554 - return 0;
3555 - alloc_fail8:
3556 - if (acm->country_codes) {
3557 -@@ -1747,6 +1752,10 @@ static const struct usb_device_id acm_ids[] = {
3558 - .driver_info = NO_UNION_NORMAL, /* reports zero length descriptor */
3559 - },
3560 -
3561 -+ { USB_DEVICE(0x2912, 0x0001), /* ATOL FPrint */
3562 -+ .driver_info = CLEAR_HALT_CONDITIONS,
3563 -+ },
3564 -+
3565 - /* Nokia S60 phones expose two ACM channels. The first is
3566 - * a modem and is picked up by the standard AT-command
3567 - * information below. The second is 'vendor-specific' but
3568 -diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
3569 -index ffeb3c8..b3b6c9d 100644
3570 ---- a/drivers/usb/class/cdc-acm.h
3571 -+++ b/drivers/usb/class/cdc-acm.h
3572 -@@ -133,3 +133,4 @@ struct acm {
3573 - #define NO_DATA_INTERFACE BIT(4)
3574 - #define IGNORE_DEVICE BIT(5)
3575 - #define QUIRK_CONTROL_LINE_STATE BIT(6)
3576 -+#define CLEAR_HALT_CONDITIONS BIT(7)
3577 -diff --git a/include/uapi/drm/radeon_drm.h b/include/uapi/drm/radeon_drm.h
3578 -index 50d0fb4..76d2ede 100644
3579 ---- a/include/uapi/drm/radeon_drm.h
3580 -+++ b/include/uapi/drm/radeon_drm.h
3581 -@@ -1034,6 +1034,7 @@ struct drm_radeon_cs {
3582 - #define RADEON_INFO_VRAM_USAGE 0x1e
3583 - #define RADEON_INFO_GTT_USAGE 0x1f
3584 - #define RADEON_INFO_ACTIVE_CU_COUNT 0x20
3585 -+#define RADEON_INFO_VA_UNMAP_WORKING 0x25
3586 -
3587 - struct drm_radeon_info {
3588 - uint32_t request;
3589 -diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
3590 -index ced69da..7f2e97c 100644
3591 ---- a/kernel/trace/trace_events_filter.c
3592 -+++ b/kernel/trace/trace_events_filter.c
3593 -@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps)
3594 - {
3595 - int n_normal_preds = 0, n_logical_preds = 0;
3596 - struct postfix_elt *elt;
3597 -+ int cnt = 0;
3598 -
3599 - list_for_each_entry(elt, &ps->postfix, list) {
3600 -- if (elt->op == OP_NONE)
3601 -+ if (elt->op == OP_NONE) {
3602 -+ cnt++;
3603 - continue;
3604 -+ }
3605 -
3606 - if (elt->op == OP_AND || elt->op == OP_OR) {
3607 - n_logical_preds++;
3608 -+ cnt--;
3609 - continue;
3610 - }
3611 -+ if (elt->op != OP_NOT)
3612 -+ cnt--;
3613 - n_normal_preds++;
3614 -+ WARN_ON_ONCE(cnt < 0);
3615 - }
3616 -
3617 -- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
3618 -+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
3619 - parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
3620 - return -EINVAL;
3621 - }
3622 -diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
3623 -index 87eff31..60b3100 100644
3624 ---- a/sound/pci/hda/patch_sigmatel.c
3625 -+++ b/sound/pci/hda/patch_sigmatel.c
3626 -@@ -100,6 +100,7 @@ enum {
3627 - STAC_HP_ENVY_BASS,
3628 - STAC_HP_BNB13_EQ,
3629 - STAC_HP_ENVY_TS_BASS,
3630 -+ STAC_HP_ENVY_TS_DAC_BIND,
3631 - STAC_92HD83XXX_GPIO10_EAPD,
3632 - STAC_92HD83XXX_MODELS
3633 - };
3634 -@@ -2170,6 +2171,22 @@ static void stac92hd83xxx_fixup_gpio10_eapd(struct hda_codec *codec,
3635 - spec->eapd_switch = 0;
3636 - }
3637 -
3638 -+static void hp_envy_ts_fixup_dac_bind(struct hda_codec *codec,
3639 -+ const struct hda_fixup *fix,
3640 -+ int action)
3641 -+{
3642 -+ struct sigmatel_spec *spec = codec->spec;
3643 -+ static hda_nid_t preferred_pairs[] = {
3644 -+ 0xd, 0x13,
3645 -+ 0
3646 -+ };
3647 -+
3648 -+ if (action != HDA_FIXUP_ACT_PRE_PROBE)
3649 -+ return;
3650 -+
3651 -+ spec->gen.preferred_dacs = preferred_pairs;
3652 -+}
3653 -+
3654 - static const struct hda_verb hp_bnb13_eq_verbs[] = {
3655 - /* 44.1KHz base */
3656 - { 0x22, 0x7A6, 0x3E },
3657 -@@ -2685,6 +2702,12 @@ static const struct hda_fixup stac92hd83xxx_fixups[] = {
3658 - {}
3659 - },
3660 - },
3661 -+ [STAC_HP_ENVY_TS_DAC_BIND] = {
3662 -+ .type = HDA_FIXUP_FUNC,
3663 -+ .v.func = hp_envy_ts_fixup_dac_bind,
3664 -+ .chained = true,
3665 -+ .chain_id = STAC_HP_ENVY_TS_BASS,
3666 -+ },
3667 - [STAC_92HD83XXX_GPIO10_EAPD] = {
3668 - .type = HDA_FIXUP_FUNC,
3669 - .v.func = stac92hd83xxx_fixup_gpio10_eapd,
3670 -@@ -2763,6 +2786,8 @@ static const struct snd_pci_quirk stac92hd83xxx_fixup_tbl[] = {
3671 - "HP bNB13", STAC_HP_BNB13_EQ),
3672 - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x190e,
3673 - "HP ENVY TS", STAC_HP_ENVY_TS_BASS),
3674 -+ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1967,
3675 -+ "HP ENVY TS", STAC_HP_ENVY_TS_DAC_BIND),
3676 - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1940,
3677 - "HP bNB13", STAC_HP_BNB13_EQ),
3678 - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1941,
3679
3680 diff --git a/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch b/4.0.7/4420_grsecurity-3.1-4.0.7-201507050833.patch
3681 similarity index 99%
3682 rename from 4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch
3683 rename to 4.0.7/4420_grsecurity-3.1-4.0.7-201507050833.patch
3684 index 37bee2c..c471dac 100644
3685 --- a/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch
3686 +++ b/4.0.7/4420_grsecurity-3.1-4.0.7-201507050833.patch
3687 @@ -50607,10 +50607,59 @@ index ce2e2cf..f81e500 100644
3688 __u32 protocols;
3689
3690 diff --git a/drivers/nfc/st21nfca/st21nfca.c b/drivers/nfc/st21nfca/st21nfca.c
3691 -index 24d3d24..ff70d28 100644
3692 +index 24d3d24..b662ba0 100644
3693 --- a/drivers/nfc/st21nfca/st21nfca.c
3694 +++ b/drivers/nfc/st21nfca/st21nfca.c
3695 -@@ -588,7 +588,7 @@ static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *gate,
3696 +@@ -148,14 +148,14 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
3697 + ST21NFCA_DEVICE_MGNT_GATE,
3698 + ST21NFCA_DEVICE_MGNT_PIPE);
3699 + if (r < 0)
3700 +- goto free_info;
3701 ++ return r;
3702 +
3703 + /* Get pipe list */
3704 + r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
3705 + ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list),
3706 + &skb_pipe_list);
3707 + if (r < 0)
3708 +- goto free_info;
3709 ++ return r;
3710 +
3711 + /* Complete the existing gate_pipe table */
3712 + for (i = 0; i < skb_pipe_list->len; i++) {
3713 +@@ -181,6 +181,7 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
3714 + info->src_host_id != ST21NFCA_ESE_HOST_ID) {
3715 + pr_err("Unexpected apdu_reader pipe on host %x\n",
3716 + info->src_host_id);
3717 ++ kfree_skb(skb_pipe_info);
3718 + continue;
3719 + }
3720 +
3721 +@@ -200,6 +201,7 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
3722 + hdev->pipes[st21nfca_gates[j].pipe].dest_host =
3723 + info->src_host_id;
3724 + }
3725 ++ kfree_skb(skb_pipe_info);
3726 + }
3727 +
3728 + /*
3729 +@@ -214,13 +216,12 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
3730 + st21nfca_gates[i].gate,
3731 + st21nfca_gates[i].pipe);
3732 + if (r < 0)
3733 +- goto free_info;
3734 ++ goto free_list;
3735 + }
3736 + }
3737 +
3738 + memcpy(hdev->init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
3739 +-free_info:
3740 +- kfree_skb(skb_pipe_info);
3741 ++free_list:
3742 + kfree_skb(skb_pipe_list);
3743 + return r;
3744 + }
3745 +@@ -588,7 +589,7 @@ static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *gate,
3746 goto exit;
3747 }
3748
3749 @@ -55636,6 +55685,19 @@ index 8cfc319..4868255 100644
3750
3751 return 0;
3752 }
3753 +diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c
3754 +index 0495c94..289e201 100644
3755 +--- a/drivers/usb/gadget/configfs.c
3756 ++++ b/drivers/usb/gadget/configfs.c
3757 +@@ -571,7 +571,7 @@ static struct config_group *function_make(
3758 + if (IS_ERR(fi))
3759 + return ERR_CAST(fi);
3760 +
3761 +- ret = config_item_set_name(&fi->group.cg_item, name);
3762 ++ ret = config_item_set_name(&fi->group.cg_item, "%s", name);
3763 + if (ret) {
3764 + usb_put_function_instance(fi);
3765 + return ERR_PTR(ret);
3766 diff --git a/drivers/usb/gadget/function/f_uac1.c b/drivers/usb/gadget/function/f_uac1.c
3767 index 9719abf..789d5d9 100644
3768 --- a/drivers/usb/gadget/function/f_uac1.c
3769 @@ -68286,6 +68348,28 @@ index cf0db00..c7f70e8 100644
3770
3771 /*
3772 * We'll have a dentry and an inode for
3773 +diff --git a/fs/configfs/item.c b/fs/configfs/item.c
3774 +index e65f9ff..3ed264d 100644
3775 +--- a/fs/configfs/item.c
3776 ++++ b/fs/configfs/item.c
3777 +@@ -116,7 +116,7 @@ void config_item_init_type_name(struct config_item *item,
3778 + const char *name,
3779 + struct config_item_type *type)
3780 + {
3781 +- config_item_set_name(item, name);
3782 ++ config_item_set_name(item, "%s", name);
3783 + item->ci_type = type;
3784 + config_item_init(item);
3785 + }
3786 +@@ -125,7 +125,7 @@ EXPORT_SYMBOL(config_item_init_type_name);
3787 + void config_group_init_type_name(struct config_group *group, const char *name,
3788 + struct config_item_type *type)
3789 + {
3790 +- config_item_set_name(&group->cg_item, name);
3791 ++ config_item_set_name(&group->cg_item, "%s", name);
3792 + group->cg_item.ci_type = type;
3793 + config_group_init(group);
3794 + }
3795 diff --git a/fs/coredump.c b/fs/coredump.c
3796 index bbbe139..b76fae5 100644
3797 --- a/fs/coredump.c
3798 @@ -81317,7 +81401,7 @@ index 0000000..8ee8e4f
3799 +}
3800 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
3801 new file mode 100644
3802 -index 0000000..f056b81
3803 +index 0000000..ed6ee43
3804 --- /dev/null
3805 +++ b/grsecurity/gracl_ip.c
3806 @@ -0,0 +1,386 @@
3807 @@ -81391,7 +81475,7 @@ index 0000000..f056b81
3808 + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25",
3809 + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash",
3810 + "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28",
3811 -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf"
3812 ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf", "alg", "nfc", "vsock"
3813 + };
3814 +
3815 +const char *
3816 @@ -89034,9 +89118,18 @@ index 5d5aaae..0ea9b84 100644
3817 extern bool completion_done(struct completion *x);
3818
3819 diff --git a/include/linux/configfs.h b/include/linux/configfs.h
3820 -index 34025df..d94bbbc 100644
3821 +index 34025df..2a6ee32 100644
3822 --- a/include/linux/configfs.h
3823 +++ b/include/linux/configfs.h
3824 +@@ -64,7 +64,7 @@ struct config_item {
3825 + struct dentry *ci_dentry;
3826 + };
3827 +
3828 +-extern int config_item_set_name(struct config_item *, const char *, ...);
3829 ++extern __printf(2, 3) int config_item_set_name(struct config_item *, const char *, ...);
3830 +
3831 + static inline char *config_item_name(struct config_item * item)
3832 + {
3833 @@ -125,7 +125,7 @@ struct configfs_attribute {
3834 const char *ca_name;
3835 struct module *ca_owner;
Report Message
Find on MARC Find on Google Groups