Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.53/, 3.12.2/
Date: Fri, 06 Dec 2013 22:37:28
Message-Id: 1386369490.48c70d56815977f0429afa91f6401d35c43a482e.blueness@gentoo
1 commit: 48c70d56815977f0429afa91f6401d35c43a482e
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Fri Dec 6 22:38:10 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Fri Dec 6 22:38:10 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=48c70d56
7
8 Grsec/PaX: 3.0-{3.2.53,3.12.2}-201312032145
9
10 ---
11 3.12.2/0000_README | 6 +-
12 3.12.2/1001_linux-3.12.2.patch | 3790 --------------------
13 ... 4420_grsecurity-3.0-3.12.2-201312032145.patch} | 221 +-
14 3.12.2/4450_grsec-kconfig-default-gids.patch | 12 +-
15 3.12.2/4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
16 3.12.2/4470_disable-compat_vdso.patch | 2 +-
17 3.2.53/0000_README | 2 +-
18 ... 4420_grsecurity-3.0-3.2.53-201312021727.patch} | 20 +-
19 8 files changed, 182 insertions(+), 3873 deletions(-)
20
21 diff --git a/3.12.2/0000_README b/3.12.2/0000_README
22 index 21d2546..ec3c3a9 100644
23 --- a/3.12.2/0000_README
24 +++ b/3.12.2/0000_README
25 @@ -2,11 +2,7 @@ README
26 -----------------------------------------------------------------------------
27 Individual Patch Descriptions:
28 -----------------------------------------------------------------------------
29 -Patch: 1001_linux-3.12.2.patch
30 -From: http://www.kernel.org
31 -Desc: Linux 3.12.2
32 -
33 -Patch: 4420_grsecurity-3.0-3.12.2-201312011111.patch
34 +Patch: 4420_grsecurity-3.0-3.12.2-201312032145.patch
35 From: http://www.grsecurity.net
36 Desc: hardened-sources base patch from upstream grsecurity
37
38
39 diff --git a/3.12.2/1001_linux-3.12.2.patch b/3.12.2/1001_linux-3.12.2.patch
40 deleted file mode 100644
41 index 8b40733..0000000
42 --- a/3.12.2/1001_linux-3.12.2.patch
43 +++ /dev/null
44 @@ -1,3790 +0,0 @@
45 -diff --git a/Makefile b/Makefile
46 -index eb29ec7..e6e72b6 100644
47 ---- a/Makefile
48 -+++ b/Makefile
49 -@@ -1,6 +1,6 @@
50 - VERSION = 3
51 - PATCHLEVEL = 12
52 --SUBLEVEL = 1
53 -+SUBLEVEL = 2
54 - EXTRAVERSION =
55 - NAME = One Giant Leap for Frogkind
56 -
57 -diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
58 -index b0de86b..cb79a5d 100644
59 ---- a/arch/arm/kvm/mmu.c
60 -+++ b/arch/arm/kvm/mmu.c
61 -@@ -307,6 +307,17 @@ out:
62 - return err;
63 - }
64 -
65 -+static phys_addr_t kvm_kaddr_to_phys(void *kaddr)
66 -+{
67 -+ if (!is_vmalloc_addr(kaddr)) {
68 -+ BUG_ON(!virt_addr_valid(kaddr));
69 -+ return __pa(kaddr);
70 -+ } else {
71 -+ return page_to_phys(vmalloc_to_page(kaddr)) +
72 -+ offset_in_page(kaddr);
73 -+ }
74 -+}
75 -+
76 - /**
77 - * create_hyp_mappings - duplicate a kernel virtual address range in Hyp mode
78 - * @from: The virtual kernel start address of the range
79 -@@ -318,16 +329,27 @@ out:
80 - */
81 - int create_hyp_mappings(void *from, void *to)
82 - {
83 -- unsigned long phys_addr = virt_to_phys(from);
84 -+ phys_addr_t phys_addr;
85 -+ unsigned long virt_addr;
86 - unsigned long start = KERN_TO_HYP((unsigned long)from);
87 - unsigned long end = KERN_TO_HYP((unsigned long)to);
88 -
89 -- /* Check for a valid kernel memory mapping */
90 -- if (!virt_addr_valid(from) || !virt_addr_valid(to - 1))
91 -- return -EINVAL;
92 -+ start = start & PAGE_MASK;
93 -+ end = PAGE_ALIGN(end);
94 -
95 -- return __create_hyp_mappings(hyp_pgd, start, end,
96 -- __phys_to_pfn(phys_addr), PAGE_HYP);
97 -+ for (virt_addr = start; virt_addr < end; virt_addr += PAGE_SIZE) {
98 -+ int err;
99 -+
100 -+ phys_addr = kvm_kaddr_to_phys(from + virt_addr - start);
101 -+ err = __create_hyp_mappings(hyp_pgd, virt_addr,
102 -+ virt_addr + PAGE_SIZE,
103 -+ __phys_to_pfn(phys_addr),
104 -+ PAGE_HYP);
105 -+ if (err)
106 -+ return err;
107 -+ }
108 -+
109 -+ return 0;
110 - }
111 -
112 - /**
113 -diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
114 -index d9ee0ff..3d5db8c 100644
115 ---- a/arch/arm/mach-omap2/omap_hwmod.c
116 -+++ b/arch/arm/mach-omap2/omap_hwmod.c
117 -@@ -2361,21 +2361,23 @@ static struct device_node *of_dev_hwmod_lookup(struct device_node *np,
118 - * Cache the virtual address used by the MPU to access this IP block's
119 - * registers. This address is needed early so the OCP registers that
120 - * are part of the device's address space can be ioremapped properly.
121 -- * No return value.
122 -+ *
123 -+ * Returns 0 on success, -EINVAL if an invalid hwmod is passed, and
124 -+ * -ENXIO on absent or invalid register target address space.
125 - */
126 --static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
127 -+static int __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
128 - {
129 - struct omap_hwmod_addr_space *mem;
130 - void __iomem *va_start = NULL;
131 - struct device_node *np;
132 -
133 - if (!oh)
134 -- return;
135 -+ return -EINVAL;
136 -
137 - _save_mpu_port_index(oh);
138 -
139 - if (oh->_int_flags & _HWMOD_NO_MPU_PORT)
140 -- return;
141 -+ return -ENXIO;
142 -
143 - mem = _find_mpu_rt_addr_space(oh);
144 - if (!mem) {
145 -@@ -2384,7 +2386,7 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
146 -
147 - /* Extract the IO space from device tree blob */
148 - if (!of_have_populated_dt())
149 -- return;
150 -+ return -ENXIO;
151 -
152 - np = of_dev_hwmod_lookup(of_find_node_by_name(NULL, "ocp"), oh);
153 - if (np)
154 -@@ -2395,13 +2397,14 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
155 -
156 - if (!va_start) {
157 - pr_err("omap_hwmod: %s: Could not ioremap\n", oh->name);
158 -- return;
159 -+ return -ENXIO;
160 - }
161 -
162 - pr_debug("omap_hwmod: %s: MPU register target at va %p\n",
163 - oh->name, va_start);
164 -
165 - oh->_mpu_rt_va = va_start;
166 -+ return 0;
167 - }
168 -
169 - /**
170 -@@ -2414,8 +2417,8 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
171 - * registered at this point. This is the first of two phases for
172 - * hwmod initialization. Code called here does not touch any hardware
173 - * registers, it simply prepares internal data structures. Returns 0
174 -- * upon success or if the hwmod isn't registered, or -EINVAL upon
175 -- * failure.
176 -+ * upon success or if the hwmod isn't registered or if the hwmod's
177 -+ * address space is not defined, or -EINVAL upon failure.
178 - */
179 - static int __init _init(struct omap_hwmod *oh, void *data)
180 - {
181 -@@ -2424,8 +2427,14 @@ static int __init _init(struct omap_hwmod *oh, void *data)
182 - if (oh->_state != _HWMOD_STATE_REGISTERED)
183 - return 0;
184 -
185 -- if (oh->class->sysc)
186 -- _init_mpu_rt_base(oh, NULL);
187 -+ if (oh->class->sysc) {
188 -+ r = _init_mpu_rt_base(oh, NULL);
189 -+ if (r < 0) {
190 -+ WARN(1, "omap_hwmod: %s: doesn't have mpu register target base\n",
191 -+ oh->name);
192 -+ return 0;
193 -+ }
194 -+ }
195 -
196 - r = _init_clocks(oh, NULL);
197 - if (r < 0) {
198 -diff --git a/arch/cris/include/asm/io.h b/arch/cris/include/asm/io.h
199 -index 5d3047e..4353cf2 100644
200 ---- a/arch/cris/include/asm/io.h
201 -+++ b/arch/cris/include/asm/io.h
202 -@@ -3,6 +3,7 @@
203 -
204 - #include <asm/page.h> /* for __va, __pa */
205 - #include <arch/io.h>
206 -+#include <asm-generic/iomap.h>
207 - #include <linux/kernel.h>
208 -
209 - struct cris_io_operations
210 -diff --git a/arch/ia64/include/asm/processor.h b/arch/ia64/include/asm/processor.h
211 -index e0a899a..5a84b3a 100644
212 ---- a/arch/ia64/include/asm/processor.h
213 -+++ b/arch/ia64/include/asm/processor.h
214 -@@ -319,7 +319,7 @@ struct thread_struct {
215 - regs->loadrs = 0; \
216 - regs->r8 = get_dumpable(current->mm); /* set "don't zap registers" flag */ \
217 - regs->r12 = new_sp - 16; /* allocate 16 byte scratch area */ \
218 -- if (unlikely(!get_dumpable(current->mm))) { \
219 -+ if (unlikely(get_dumpable(current->mm) != SUID_DUMP_USER)) { \
220 - /* \
221 - * Zap scratch regs to avoid leaking bits between processes with different \
222 - * uid/privileges. \
223 -diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c
224 -index 55593ee..c766cf5 100644
225 ---- a/arch/powerpc/kernel/eeh.c
226 -+++ b/arch/powerpc/kernel/eeh.c
227 -@@ -687,6 +687,15 @@ void eeh_save_bars(struct eeh_dev *edev)
228 -
229 - for (i = 0; i < 16; i++)
230 - eeh_ops->read_config(dn, i * 4, 4, &edev->config_space[i]);
231 -+
232 -+ /*
233 -+ * For PCI bridges including root port, we need enable bus
234 -+ * master explicitly. Otherwise, it can't fetch IODA table
235 -+ * entries correctly. So we cache the bit in advance so that
236 -+ * we can restore it after reset, either PHB range or PE range.
237 -+ */
238 -+ if (edev->mode & EEH_DEV_BRIDGE)
239 -+ edev->config_space[1] |= PCI_COMMAND_MASTER;
240 - }
241 -
242 - /**
243 -diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
244 -index bebdf1a..36d49e6 100644
245 ---- a/arch/powerpc/kernel/signal_32.c
246 -+++ b/arch/powerpc/kernel/signal_32.c
247 -@@ -457,7 +457,15 @@ static int save_user_regs(struct pt_regs *regs, struct mcontext __user *frame,
248 - if (copy_vsx_to_user(&frame->mc_vsregs, current))
249 - return 1;
250 - msr |= MSR_VSX;
251 -- }
252 -+ } else if (!ctx_has_vsx_region)
253 -+ /*
254 -+ * With a small context structure we can't hold the VSX
255 -+ * registers, hence clear the MSR value to indicate the state
256 -+ * was not saved.
257 -+ */
258 -+ msr &= ~MSR_VSX;
259 -+
260 -+
261 - #endif /* CONFIG_VSX */
262 - #ifdef CONFIG_SPE
263 - /* save spe registers */
264 -diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c
265 -index 192b051..b3b1441 100644
266 ---- a/arch/powerpc/kernel/time.c
267 -+++ b/arch/powerpc/kernel/time.c
268 -@@ -213,8 +213,6 @@ static u64 scan_dispatch_log(u64 stop_tb)
269 - if (i == be64_to_cpu(vpa->dtl_idx))
270 - return 0;
271 - while (i < be64_to_cpu(vpa->dtl_idx)) {
272 -- if (dtl_consumer)
273 -- dtl_consumer(dtl, i);
274 - dtb = be64_to_cpu(dtl->timebase);
275 - tb_delta = be32_to_cpu(dtl->enqueue_to_dispatch_time) +
276 - be32_to_cpu(dtl->ready_to_enqueue_time);
277 -@@ -227,6 +225,8 @@ static u64 scan_dispatch_log(u64 stop_tb)
278 - }
279 - if (dtb > stop_tb)
280 - break;
281 -+ if (dtl_consumer)
282 -+ dtl_consumer(dtl, i);
283 - stolen += tb_delta;
284 - ++i;
285 - ++dtl;
286 -diff --git a/arch/powerpc/kernel/vio.c b/arch/powerpc/kernel/vio.c
287 -index d38cc08..cb92d82 100644
288 ---- a/arch/powerpc/kernel/vio.c
289 -+++ b/arch/powerpc/kernel/vio.c
290 -@@ -1531,12 +1531,12 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr,
291 -
292 - dn = dev->of_node;
293 - if (!dn) {
294 -- strcat(buf, "\n");
295 -+ strcpy(buf, "\n");
296 - return strlen(buf);
297 - }
298 - cp = of_get_property(dn, "compatible", NULL);
299 - if (!cp) {
300 -- strcat(buf, "\n");
301 -+ strcpy(buf, "\n");
302 - return strlen(buf);
303 - }
304 -
305 -diff --git a/arch/powerpc/mm/gup.c b/arch/powerpc/mm/gup.c
306 -index 6936547..c5f734e 100644
307 ---- a/arch/powerpc/mm/gup.c
308 -+++ b/arch/powerpc/mm/gup.c
309 -@@ -123,6 +123,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
310 - struct mm_struct *mm = current->mm;
311 - unsigned long addr, len, end;
312 - unsigned long next;
313 -+ unsigned long flags;
314 - pgd_t *pgdp;
315 - int nr = 0;
316 -
317 -@@ -156,7 +157,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
318 - * So long as we atomically load page table pointers versus teardown,
319 - * we can follow the address down to the the page and take a ref on it.
320 - */
321 -- local_irq_disable();
322 -+ local_irq_save(flags);
323 -
324 - pgdp = pgd_offset(mm, addr);
325 - do {
326 -@@ -179,7 +180,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
327 - break;
328 - } while (pgdp++, addr = next, addr != end);
329 -
330 -- local_irq_enable();
331 -+ local_irq_restore(flags);
332 -
333 - return nr;
334 - }
335 -diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
336 -index 3e99c14..7ce9cf3 100644
337 ---- a/arch/powerpc/mm/slice.c
338 -+++ b/arch/powerpc/mm/slice.c
339 -@@ -258,7 +258,7 @@ static bool slice_scan_available(unsigned long addr,
340 - slice = GET_HIGH_SLICE_INDEX(addr);
341 - *boundary_addr = (slice + end) ?
342 - ((slice + end) << SLICE_HIGH_SHIFT) : SLICE_LOW_TOP;
343 -- return !!(available.high_slices & (1u << slice));
344 -+ return !!(available.high_slices & (1ul << slice));
345 - }
346 - }
347 -
348 -diff --git a/arch/powerpc/platforms/512x/mpc512x_shared.c b/arch/powerpc/platforms/512x/mpc512x_shared.c
349 -index a82a41b..1a7b1d0 100644
350 ---- a/arch/powerpc/platforms/512x/mpc512x_shared.c
351 -+++ b/arch/powerpc/platforms/512x/mpc512x_shared.c
352 -@@ -303,6 +303,9 @@ void __init mpc512x_setup_diu(void)
353 - diu_ops.release_bootmem = mpc512x_release_bootmem;
354 - }
355 -
356 -+#else
357 -+void __init mpc512x_setup_diu(void) { /* EMPTY */ }
358 -+void __init mpc512x_init_diu(void) { /* EMPTY */ }
359 - #endif
360 -
361 - void __init mpc512x_init_IRQ(void)
362 -diff --git a/arch/powerpc/platforms/52xx/Kconfig b/arch/powerpc/platforms/52xx/Kconfig
363 -index 90f4496..af54174 100644
364 ---- a/arch/powerpc/platforms/52xx/Kconfig
365 -+++ b/arch/powerpc/platforms/52xx/Kconfig
366 -@@ -57,5 +57,5 @@ config PPC_MPC5200_BUGFIX
367 -
368 - config PPC_MPC5200_LPBFIFO
369 - tristate "MPC5200 LocalPlus bus FIFO driver"
370 -- depends on PPC_MPC52xx
371 -+ depends on PPC_MPC52xx && PPC_BESTCOMM
372 - select PPC_BESTCOMM_GEN_BD
373 -diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c
374 -index 74a5a57..930e1fe 100644
375 ---- a/arch/powerpc/platforms/powernv/pci-ioda.c
376 -+++ b/arch/powerpc/platforms/powernv/pci-ioda.c
377 -@@ -153,13 +153,23 @@ static int pnv_ioda_configure_pe(struct pnv_phb *phb, struct pnv_ioda_pe *pe)
378 - rid_end = pe->rid + 1;
379 - }
380 -
381 -- /* Associate PE in PELT */
382 -+ /*
383 -+ * Associate PE in PELT. We need add the PE into the
384 -+ * corresponding PELT-V as well. Otherwise, the error
385 -+ * originated from the PE might contribute to other
386 -+ * PEs.
387 -+ */
388 - rc = opal_pci_set_pe(phb->opal_id, pe->pe_number, pe->rid,
389 - bcomp, dcomp, fcomp, OPAL_MAP_PE);
390 - if (rc) {
391 - pe_err(pe, "OPAL error %ld trying to setup PELT table\n", rc);
392 - return -ENXIO;
393 - }
394 -+
395 -+ rc = opal_pci_set_peltv(phb->opal_id, pe->pe_number,
396 -+ pe->pe_number, OPAL_ADD_PE_TO_DOMAIN);
397 -+ if (rc)
398 -+ pe_warn(pe, "OPAL error %d adding self to PELTV\n", rc);
399 - opal_pci_eeh_freeze_clear(phb->opal_id, pe->pe_number,
400 - OPAL_EEH_ACTION_CLEAR_FREEZE_ALL);
401 -
402 -diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
403 -index b4dbade..2e4b5be 100644
404 ---- a/arch/s390/crypto/aes_s390.c
405 -+++ b/arch/s390/crypto/aes_s390.c
406 -@@ -35,7 +35,6 @@ static u8 *ctrblk;
407 - static char keylen_flag;
408 -
409 - struct s390_aes_ctx {
410 -- u8 iv[AES_BLOCK_SIZE];
411 - u8 key[AES_MAX_KEY_SIZE];
412 - long enc;
413 - long dec;
414 -@@ -441,30 +440,36 @@ static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
415 - return aes_set_key(tfm, in_key, key_len);
416 - }
417 -
418 --static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param,
419 -+static int cbc_aes_crypt(struct blkcipher_desc *desc, long func,
420 - struct blkcipher_walk *walk)
421 - {
422 -+ struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);
423 - int ret = blkcipher_walk_virt(desc, walk);
424 - unsigned int nbytes = walk->nbytes;
425 -+ struct {
426 -+ u8 iv[AES_BLOCK_SIZE];
427 -+ u8 key[AES_MAX_KEY_SIZE];
428 -+ } param;
429 -
430 - if (!nbytes)
431 - goto out;
432 -
433 -- memcpy(param, walk->iv, AES_BLOCK_SIZE);
434 -+ memcpy(param.iv, walk->iv, AES_BLOCK_SIZE);
435 -+ memcpy(param.key, sctx->key, sctx->key_len);
436 - do {
437 - /* only use complete blocks */
438 - unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1);
439 - u8 *out = walk->dst.virt.addr;
440 - u8 *in = walk->src.virt.addr;
441 -
442 -- ret = crypt_s390_kmc(func, param, out, in, n);
443 -+ ret = crypt_s390_kmc(func, &param, out, in, n);
444 - if (ret < 0 || ret != n)
445 - return -EIO;
446 -
447 - nbytes &= AES_BLOCK_SIZE - 1;
448 - ret = blkcipher_walk_done(desc, walk, nbytes);
449 - } while ((nbytes = walk->nbytes));
450 -- memcpy(walk->iv, param, AES_BLOCK_SIZE);
451 -+ memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
452 -
453 - out:
454 - return ret;
455 -@@ -481,7 +486,7 @@ static int cbc_aes_encrypt(struct blkcipher_desc *desc,
456 - return fallback_blk_enc(desc, dst, src, nbytes);
457 -
458 - blkcipher_walk_init(&walk, dst, src, nbytes);
459 -- return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk);
460 -+ return cbc_aes_crypt(desc, sctx->enc, &walk);
461 - }
462 -
463 - static int cbc_aes_decrypt(struct blkcipher_desc *desc,
464 -@@ -495,7 +500,7 @@ static int cbc_aes_decrypt(struct blkcipher_desc *desc,
465 - return fallback_blk_dec(desc, dst, src, nbytes);
466 -
467 - blkcipher_walk_init(&walk, dst, src, nbytes);
468 -- return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk);
469 -+ return cbc_aes_crypt(desc, sctx->dec, &walk);
470 - }
471 -
472 - static struct crypto_alg cbc_aes_alg = {
473 -diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h
474 -index 819b94d..8beee1c 100644
475 ---- a/arch/s390/include/asm/timex.h
476 -+++ b/arch/s390/include/asm/timex.h
477 -@@ -71,9 +71,11 @@ static inline void local_tick_enable(unsigned long long comp)
478 -
479 - typedef unsigned long long cycles_t;
480 -
481 --static inline void get_tod_clock_ext(char *clk)
482 -+static inline void get_tod_clock_ext(char clk[16])
483 - {
484 -- asm volatile("stcke %0" : "=Q" (*clk) : : "cc");
485 -+ typedef struct { char _[sizeof(clk)]; } addrtype;
486 -+
487 -+ asm volatile("stcke %0" : "=Q" (*(addrtype *) clk) : : "cc");
488 - }
489 -
490 - static inline unsigned long long get_tod_clock(void)
491 -diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c
492 -index 1a4313a..93439cd 100644
493 ---- a/arch/s390/kernel/smp.c
494 -+++ b/arch/s390/kernel/smp.c
495 -@@ -929,7 +929,7 @@ static ssize_t show_idle_count(struct device *dev,
496 - idle_count = ACCESS_ONCE(idle->idle_count);
497 - if (ACCESS_ONCE(idle->clock_idle_enter))
498 - idle_count++;
499 -- } while ((sequence & 1) || (idle->sequence != sequence));
500 -+ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
501 - return sprintf(buf, "%llu\n", idle_count);
502 - }
503 - static DEVICE_ATTR(idle_count, 0444, show_idle_count, NULL);
504 -@@ -947,7 +947,7 @@ static ssize_t show_idle_time(struct device *dev,
505 - idle_time = ACCESS_ONCE(idle->idle_time);
506 - idle_enter = ACCESS_ONCE(idle->clock_idle_enter);
507 - idle_exit = ACCESS_ONCE(idle->clock_idle_exit);
508 -- } while ((sequence & 1) || (idle->sequence != sequence));
509 -+ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
510 - idle_time += idle_enter ? ((idle_exit ? : now) - idle_enter) : 0;
511 - return sprintf(buf, "%llu\n", idle_time >> 12);
512 - }
513 -diff --git a/arch/s390/kernel/vtime.c b/arch/s390/kernel/vtime.c
514 -index abcfab5..bb06a76 100644
515 ---- a/arch/s390/kernel/vtime.c
516 -+++ b/arch/s390/kernel/vtime.c
517 -@@ -191,7 +191,7 @@ cputime64_t s390_get_idle_time(int cpu)
518 - sequence = ACCESS_ONCE(idle->sequence);
519 - idle_enter = ACCESS_ONCE(idle->clock_idle_enter);
520 - idle_exit = ACCESS_ONCE(idle->clock_idle_exit);
521 -- } while ((sequence & 1) || (idle->sequence != sequence));
522 -+ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
523 - return idle_enter ? ((idle_exit ?: now) - idle_enter) : 0;
524 - }
525 -
526 -diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
527 -index e0e0841..18677a9 100644
528 ---- a/arch/x86/kernel/crash.c
529 -+++ b/arch/x86/kernel/crash.c
530 -@@ -127,12 +127,12 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
531 - cpu_emergency_vmxoff();
532 - cpu_emergency_svm_disable();
533 -
534 -- lapic_shutdown();
535 - #ifdef CONFIG_X86_IO_APIC
536 - /* Prevent crash_kexec() from deadlocking on ioapic_lock. */
537 - ioapic_zap_locks();
538 - disable_IO_APIC();
539 - #endif
540 -+ lapic_shutdown();
541 - #ifdef CONFIG_HPET_TIMER
542 - hpet_disable();
543 - #endif
544 -diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
545 -index 42a392a..d4bdd25 100644
546 ---- a/arch/x86/kernel/ftrace.c
547 -+++ b/arch/x86/kernel/ftrace.c
548 -@@ -248,6 +248,15 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
549 - return ret;
550 - }
551 -
552 -+static int is_ftrace_caller(unsigned long ip)
553 -+{
554 -+ if (ip == (unsigned long)(&ftrace_call) ||
555 -+ ip == (unsigned long)(&ftrace_regs_call))
556 -+ return 1;
557 -+
558 -+ return 0;
559 -+}
560 -+
561 - /*
562 - * A breakpoint was added to the code address we are about to
563 - * modify, and this is the handle that will just skip over it.
564 -@@ -257,10 +266,13 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
565 - */
566 - int ftrace_int3_handler(struct pt_regs *regs)
567 - {
568 -+ unsigned long ip;
569 -+
570 - if (WARN_ON_ONCE(!regs))
571 - return 0;
572 -
573 -- if (!ftrace_location(regs->ip - 1))
574 -+ ip = regs->ip - 1;
575 -+ if (!ftrace_location(ip) && !is_ftrace_caller(ip))
576 - return 0;
577 -
578 - regs->ip += MCOUNT_INSN_SIZE - 1;
579 -diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c
580 -index af99f71..c3d4cc9 100644
581 ---- a/arch/x86/kernel/microcode_amd.c
582 -+++ b/arch/x86/kernel/microcode_amd.c
583 -@@ -431,7 +431,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device,
584 - snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
585 -
586 - if (request_firmware(&fw, (const char *)fw_name, device)) {
587 -- pr_err("failed to load file %s\n", fw_name);
588 -+ pr_debug("failed to load file %s\n", fw_name);
589 - goto out;
590 - }
591 -
592 -diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
593 -index c83516b..3fb8d95 100644
594 ---- a/arch/x86/kernel/process.c
595 -+++ b/arch/x86/kernel/process.c
596 -@@ -391,9 +391,9 @@ static void amd_e400_idle(void)
597 - * The switch back from broadcast mode needs to be
598 - * called with interrupts disabled.
599 - */
600 -- local_irq_disable();
601 -- clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu);
602 -- local_irq_enable();
603 -+ local_irq_disable();
604 -+ clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu);
605 -+ local_irq_enable();
606 - } else
607 - default_idle();
608 - }
609 -diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
610 -index 7e920bf..618ce26 100644
611 ---- a/arch/x86/kernel/reboot.c
612 -+++ b/arch/x86/kernel/reboot.c
613 -@@ -550,6 +550,10 @@ static void native_machine_emergency_restart(void)
614 - void native_machine_shutdown(void)
615 - {
616 - /* Stop the cpus and apics */
617 -+#ifdef CONFIG_X86_IO_APIC
618 -+ disable_IO_APIC();
619 -+#endif
620 -+
621 - #ifdef CONFIG_SMP
622 - /*
623 - * Stop all of the others. Also disable the local irq to
624 -@@ -562,10 +566,6 @@ void native_machine_shutdown(void)
625 -
626 - lapic_shutdown();
627 -
628 --#ifdef CONFIG_X86_IO_APIC
629 -- disable_IO_APIC();
630 --#endif
631 --
632 - #ifdef CONFIG_HPET_TIMER
633 - hpet_disable();
634 - #endif
635 -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
636 -index ddc3f3d..92e6f4a 100644
637 ---- a/arch/x86/kvm/emulate.c
638 -+++ b/arch/x86/kvm/emulate.c
639 -@@ -4040,7 +4040,10 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op,
640 - case OpMem8:
641 - ctxt->memop.bytes = 1;
642 - if (ctxt->memop.type == OP_REG) {
643 -- ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, 1);
644 -+ int highbyte_regs = ctxt->rex_prefix == 0;
645 -+
646 -+ ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm,
647 -+ highbyte_regs);
648 - fetch_register_operand(&ctxt->memop);
649 - }
650 - goto mem_common;
651 -diff --git a/block/blk-core.c b/block/blk-core.c
652 -index 0a00e4e..5e00b5a 100644
653 ---- a/block/blk-core.c
654 -+++ b/block/blk-core.c
655 -@@ -2227,6 +2227,7 @@ void blk_start_request(struct request *req)
656 - if (unlikely(blk_bidi_rq(req)))
657 - req->next_rq->resid_len = blk_rq_bytes(req->next_rq);
658 -
659 -+ BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags));
660 - blk_add_timer(req);
661 - }
662 - EXPORT_SYMBOL(blk_start_request);
663 -diff --git a/block/blk-settings.c b/block/blk-settings.c
664 -index c50ecf0..5330933 100644
665 ---- a/block/blk-settings.c
666 -+++ b/block/blk-settings.c
667 -@@ -144,6 +144,7 @@ void blk_set_stacking_limits(struct queue_limits *lim)
668 - lim->discard_zeroes_data = 1;
669 - lim->max_segments = USHRT_MAX;
670 - lim->max_hw_sectors = UINT_MAX;
671 -+ lim->max_segment_size = UINT_MAX;
672 - lim->max_sectors = UINT_MAX;
673 - lim->max_write_same_sectors = UINT_MAX;
674 - }
675 -diff --git a/block/blk-timeout.c b/block/blk-timeout.c
676 -index 65f1035..655ba90 100644
677 ---- a/block/blk-timeout.c
678 -+++ b/block/blk-timeout.c
679 -@@ -91,8 +91,8 @@ static void blk_rq_timed_out(struct request *req)
680 - __blk_complete_request(req);
681 - break;
682 - case BLK_EH_RESET_TIMER:
683 -- blk_clear_rq_complete(req);
684 - blk_add_timer(req);
685 -+ blk_clear_rq_complete(req);
686 - break;
687 - case BLK_EH_NOT_HANDLED:
688 - /*
689 -@@ -174,7 +174,6 @@ void blk_add_timer(struct request *req)
690 - return;
691 -
692 - BUG_ON(!list_empty(&req->timeout_list));
693 -- BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags));
694 -
695 - /*
696 - * Some LLDs, like scsi, peek at the timeout to prevent a
697 -diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
698 -index c0bb377..666f196 100644
699 ---- a/crypto/ansi_cprng.c
700 -+++ b/crypto/ansi_cprng.c
701 -@@ -230,11 +230,11 @@ remainder:
702 - */
703 - if (byte_count < DEFAULT_BLK_SZ) {
704 - empty_rbuf:
705 -- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
706 -- ctx->rand_data_valid++) {
707 -+ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
708 - *ptr = ctx->rand_data[ctx->rand_data_valid];
709 - ptr++;
710 - byte_count--;
711 -+ ctx->rand_data_valid++;
712 - if (byte_count == 0)
713 - goto done;
714 - }
715 -diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
716 -index a06d983..15986f3 100644
717 ---- a/drivers/acpi/ec.c
718 -+++ b/drivers/acpi/ec.c
719 -@@ -175,9 +175,10 @@ static void start_transaction(struct acpi_ec *ec)
720 - static void advance_transaction(struct acpi_ec *ec, u8 status)
721 - {
722 - unsigned long flags;
723 -- struct transaction *t = ec->curr;
724 -+ struct transaction *t;
725 -
726 - spin_lock_irqsave(&ec->lock, flags);
727 -+ t = ec->curr;
728 - if (!t)
729 - goto unlock;
730 - if (t->wlen > t->wi) {
731 -diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
732 -index d3874f4..d7e53ea 100644
733 ---- a/drivers/acpi/pci_root.c
734 -+++ b/drivers/acpi/pci_root.c
735 -@@ -608,9 +608,12 @@ static void handle_root_bridge_removal(struct acpi_device *device)
736 - ej_event->device = device;
737 - ej_event->event = ACPI_NOTIFY_EJECT_REQUEST;
738 -
739 -+ get_device(&device->dev);
740 - status = acpi_os_hotplug_execute(acpi_bus_hot_remove_device, ej_event);
741 -- if (ACPI_FAILURE(status))
742 -+ if (ACPI_FAILURE(status)) {
743 -+ put_device(&device->dev);
744 - kfree(ej_event);
745 -+ }
746 - }
747 -
748 - static void _handle_hotplug_event_root(struct work_struct *work)
749 -diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
750 -index f98dd00..c7414a5 100644
751 ---- a/drivers/acpi/processor_idle.c
752 -+++ b/drivers/acpi/processor_idle.c
753 -@@ -119,17 +119,10 @@ static struct dmi_system_id processor_power_dmi_table[] = {
754 - */
755 - static void acpi_safe_halt(void)
756 - {
757 -- current_thread_info()->status &= ~TS_POLLING;
758 -- /*
759 -- * TS_POLLING-cleared state must be visible before we
760 -- * test NEED_RESCHED:
761 -- */
762 -- smp_mb();
763 -- if (!need_resched()) {
764 -+ if (!tif_need_resched()) {
765 - safe_halt();
766 - local_irq_disable();
767 - }
768 -- current_thread_info()->status |= TS_POLLING;
769 - }
770 -
771 - #ifdef ARCH_APICTIMER_STOPS_ON_C3
772 -@@ -737,6 +730,11 @@ static int acpi_idle_enter_c1(struct cpuidle_device *dev,
773 - if (unlikely(!pr))
774 - return -EINVAL;
775 -
776 -+ if (cx->entry_method == ACPI_CSTATE_FFH) {
777 -+ if (current_set_polling_and_test())
778 -+ return -EINVAL;
779 -+ }
780 -+
781 - lapic_timer_state_broadcast(pr, cx, 1);
782 - acpi_idle_do_entry(cx);
783 -
784 -@@ -790,18 +788,9 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev,
785 - if (unlikely(!pr))
786 - return -EINVAL;
787 -
788 -- if (cx->entry_method != ACPI_CSTATE_FFH) {
789 -- current_thread_info()->status &= ~TS_POLLING;
790 -- /*
791 -- * TS_POLLING-cleared state must be visible before we test
792 -- * NEED_RESCHED:
793 -- */
794 -- smp_mb();
795 --
796 -- if (unlikely(need_resched())) {
797 -- current_thread_info()->status |= TS_POLLING;
798 -+ if (cx->entry_method == ACPI_CSTATE_FFH) {
799 -+ if (current_set_polling_and_test())
800 - return -EINVAL;
801 -- }
802 - }
803 -
804 - /*
805 -@@ -819,9 +808,6 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev,
806 -
807 - sched_clock_idle_wakeup_event(0);
808 -
809 -- if (cx->entry_method != ACPI_CSTATE_FFH)
810 -- current_thread_info()->status |= TS_POLLING;
811 --
812 - lapic_timer_state_broadcast(pr, cx, 0);
813 - return index;
814 - }
815 -@@ -858,18 +844,9 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev,
816 - }
817 - }
818 -
819 -- if (cx->entry_method != ACPI_CSTATE_FFH) {
820 -- current_thread_info()->status &= ~TS_POLLING;
821 -- /*
822 -- * TS_POLLING-cleared state must be visible before we test
823 -- * NEED_RESCHED:
824 -- */
825 -- smp_mb();
826 --
827 -- if (unlikely(need_resched())) {
828 -- current_thread_info()->status |= TS_POLLING;
829 -+ if (cx->entry_method == ACPI_CSTATE_FFH) {
830 -+ if (current_set_polling_and_test())
831 - return -EINVAL;
832 -- }
833 - }
834 -
835 - acpi_unlazy_tlb(smp_processor_id());
836 -@@ -915,9 +892,6 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev,
837 -
838 - sched_clock_idle_wakeup_event(0);
839 -
840 -- if (cx->entry_method != ACPI_CSTATE_FFH)
841 -- current_thread_info()->status |= TS_POLLING;
842 --
843 - lapic_timer_state_broadcast(pr, cx, 0);
844 - return index;
845 - }
846 -diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
847 -index fee8a29..3601738 100644
848 ---- a/drivers/acpi/scan.c
849 -+++ b/drivers/acpi/scan.c
850 -@@ -331,8 +331,6 @@ static void acpi_scan_bus_device_check(acpi_handle handle, u32 ost_source)
851 - goto out;
852 - }
853 - }
854 -- acpi_evaluate_hotplug_ost(handle, ost_source,
855 -- ACPI_OST_SC_INSERT_IN_PROGRESS, NULL);
856 - error = acpi_bus_scan(handle);
857 - if (error) {
858 - acpi_handle_warn(handle, "Namespace scan failure\n");
859 -diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
860 -index aebcf63..f193285 100644
861 ---- a/drivers/acpi/video.c
862 -+++ b/drivers/acpi/video.c
863 -@@ -832,7 +832,7 @@ acpi_video_init_brightness(struct acpi_video_device *device)
864 - for (i = 2; i < br->count; i++)
865 - if (level_old == br->levels[i])
866 - break;
867 -- if (i == br->count)
868 -+ if (i == br->count || !level)
869 - level = max_level;
870 - }
871 -
872 -diff --git a/drivers/block/brd.c b/drivers/block/brd.c
873 -index 9bf4371..d91f1a5 100644
874 ---- a/drivers/block/brd.c
875 -+++ b/drivers/block/brd.c
876 -@@ -545,7 +545,7 @@ static struct kobject *brd_probe(dev_t dev, int *part, void *data)
877 -
878 - mutex_lock(&brd_devices_mutex);
879 - brd = brd_init_one(MINOR(dev) >> part_shift);
880 -- kobj = brd ? get_disk(brd->brd_disk) : ERR_PTR(-ENOMEM);
881 -+ kobj = brd ? get_disk(brd->brd_disk) : NULL;
882 - mutex_unlock(&brd_devices_mutex);
883 -
884 - *part = 0;
885 -diff --git a/drivers/block/loop.c b/drivers/block/loop.c
886 -index 40e7155..2f036ca 100644
887 ---- a/drivers/block/loop.c
888 -+++ b/drivers/block/loop.c
889 -@@ -1741,7 +1741,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data)
890 - if (err < 0)
891 - err = loop_add(&lo, MINOR(dev) >> part_shift);
892 - if (err < 0)
893 -- kobj = ERR_PTR(err);
894 -+ kobj = NULL;
895 - else
896 - kobj = get_disk(lo->lo_disk);
897 - mutex_unlock(&loop_index_mutex);
898 -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
899 -index f3dfc0a..d593c99 100644
900 ---- a/drivers/bluetooth/btusb.c
901 -+++ b/drivers/bluetooth/btusb.c
902 -@@ -1628,7 +1628,6 @@ static struct usb_driver btusb_driver = {
903 - #ifdef CONFIG_PM
904 - .suspend = btusb_suspend,
905 - .resume = btusb_resume,
906 -- .reset_resume = btusb_resume,
907 - #endif
908 - .id_table = btusb_table,
909 - .supports_autosuspend = 1,
910 -diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c
911 -index e5be3ee..71b4283 100644
912 ---- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c
913 -+++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c
914 -@@ -587,6 +587,7 @@ nvc1_grctx_init_unk58xx[] = {
915 - { 0x405870, 4, 0x04, 0x00000001 },
916 - { 0x405a00, 2, 0x04, 0x00000000 },
917 - { 0x405a18, 1, 0x04, 0x00000000 },
918 -+ {}
919 - };
920 -
921 - static struct nvc0_graph_init
922 -@@ -598,6 +599,7 @@ nvc1_grctx_init_rop[] = {
923 - { 0x408904, 1, 0x04, 0x62000001 },
924 - { 0x408908, 1, 0x04, 0x00c80929 },
925 - { 0x408980, 1, 0x04, 0x0000011d },
926 -+ {}
927 - };
928 -
929 - static struct nvc0_graph_init
930 -@@ -671,6 +673,7 @@ nvc1_grctx_init_gpc_0[] = {
931 - { 0x419000, 1, 0x04, 0x00000780 },
932 - { 0x419004, 2, 0x04, 0x00000000 },
933 - { 0x419014, 1, 0x04, 0x00000004 },
934 -+ {}
935 - };
936 -
937 - static struct nvc0_graph_init
938 -@@ -717,6 +720,7 @@ nvc1_grctx_init_tpc[] = {
939 - { 0x419e98, 1, 0x04, 0x00000000 },
940 - { 0x419ee0, 1, 0x04, 0x00011110 },
941 - { 0x419f30, 11, 0x04, 0x00000000 },
942 -+ {}
943 - };
944 -
945 - void
946 -diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c
947 -index 438e784..c4740d5 100644
948 ---- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c
949 -+++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c
950 -@@ -258,6 +258,7 @@ nvd7_grctx_init_hub[] = {
951 - nvc0_grctx_init_unk78xx,
952 - nvc0_grctx_init_unk80xx,
953 - nvd9_grctx_init_rop,
954 -+ NULL
955 - };
956 -
957 - struct nvc0_graph_init *
958 -diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c
959 -index 818a475..a1102cb 100644
960 ---- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c
961 -+++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c
962 -@@ -466,6 +466,7 @@ nvd9_grctx_init_hub[] = {
963 - nvc0_grctx_init_unk78xx,
964 - nvc0_grctx_init_unk80xx,
965 - nvd9_grctx_init_rop,
966 -+ NULL
967 - };
968 -
969 - struct nvc0_graph_init *
970 -diff --git a/drivers/gpu/drm/shmobile/Kconfig b/drivers/gpu/drm/shmobile/Kconfig
971 -index ca498d1..5240690 100644
972 ---- a/drivers/gpu/drm/shmobile/Kconfig
973 -+++ b/drivers/gpu/drm/shmobile/Kconfig
974 -@@ -1,6 +1,7 @@
975 - config DRM_SHMOBILE
976 - tristate "DRM Support for SH Mobile"
977 - depends on DRM && (ARM || SUPERH)
978 -+ select BACKLIGHT_CLASS_DEVICE
979 - select DRM_KMS_HELPER
980 - select DRM_KMS_CMA_HELPER
981 - select DRM_GEM_CMA_HELPER
982 -diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
983 -index bbff5f2..fa92046 100644
984 ---- a/drivers/hv/channel_mgmt.c
985 -+++ b/drivers/hv/channel_mgmt.c
986 -@@ -203,7 +203,8 @@ static void vmbus_process_rescind_offer(struct work_struct *work)
987 - struct vmbus_channel *primary_channel;
988 - struct vmbus_channel_relid_released msg;
989 -
990 -- vmbus_device_unregister(channel->device_obj);
991 -+ if (channel->device_obj)
992 -+ vmbus_device_unregister(channel->device_obj);
993 - memset(&msg, 0, sizeof(struct vmbus_channel_relid_released));
994 - msg.child_relid = channel->offermsg.child_relid;
995 - msg.header.msgtype = CHANNELMSG_RELID_RELEASED;
996 -@@ -216,7 +217,7 @@ static void vmbus_process_rescind_offer(struct work_struct *work)
997 - } else {
998 - primary_channel = channel->primary_channel;
999 - spin_lock_irqsave(&primary_channel->sc_lock, flags);
1000 -- list_del(&channel->listentry);
1001 -+ list_del(&channel->sc_list);
1002 - spin_unlock_irqrestore(&primary_channel->sc_lock, flags);
1003 - }
1004 - free_channel(channel);
1005 -diff --git a/drivers/hwmon/lm90.c b/drivers/hwmon/lm90.c
1006 -index cdff742..14e36c1 100644
1007 ---- a/drivers/hwmon/lm90.c
1008 -+++ b/drivers/hwmon/lm90.c
1009 -@@ -278,7 +278,7 @@ static const struct lm90_params lm90_params[] = {
1010 - [max6696] = {
1011 - .flags = LM90_HAVE_EMERGENCY
1012 - | LM90_HAVE_EMERGENCY_ALARM | LM90_HAVE_TEMP3,
1013 -- .alert_alarms = 0x187c,
1014 -+ .alert_alarms = 0x1c7c,
1015 - .max_convrate = 6,
1016 - .reg_local_ext = MAX6657_REG_R_LOCAL_TEMPL,
1017 - },
1018 -@@ -1500,19 +1500,22 @@ static void lm90_alert(struct i2c_client *client, unsigned int flag)
1019 - if ((alarms & 0x7f) == 0 && (alarms2 & 0xfe) == 0) {
1020 - dev_info(&client->dev, "Everything OK\n");
1021 - } else {
1022 -- if (alarms & 0x61)
1023 -+ if ((alarms & 0x61) || (alarms2 & 0x80))
1024 - dev_warn(&client->dev,
1025 - "temp%d out of range, please check!\n", 1);
1026 -- if (alarms & 0x1a)
1027 -+ if ((alarms & 0x1a) || (alarms2 & 0x20))
1028 - dev_warn(&client->dev,
1029 - "temp%d out of range, please check!\n", 2);
1030 - if (alarms & 0x04)
1031 - dev_warn(&client->dev,
1032 - "temp%d diode open, please check!\n", 2);
1033 -
1034 -- if (alarms2 & 0x18)
1035 -+ if (alarms2 & 0x5a)
1036 - dev_warn(&client->dev,
1037 - "temp%d out of range, please check!\n", 3);
1038 -+ if (alarms2 & 0x04)
1039 -+ dev_warn(&client->dev,
1040 -+ "temp%d diode open, please check!\n", 3);
1041 -
1042 - /*
1043 - * Disable ALERT# output, because these chips don't implement
1044 -diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
1045 -index fa6964d..f116d66 100644
1046 ---- a/drivers/idle/intel_idle.c
1047 -+++ b/drivers/idle/intel_idle.c
1048 -@@ -359,7 +359,7 @@ static int intel_idle(struct cpuidle_device *dev,
1049 - if (!(lapic_timer_reliable_states & (1 << (cstate))))
1050 - clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_ENTER, &cpu);
1051 -
1052 -- if (!need_resched()) {
1053 -+ if (!current_set_polling_and_test()) {
1054 -
1055 - __monitor((void *)&current_thread_info()->flags, 0, 0);
1056 - smp_mb();
1057 -diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c
1058 -index 08e7023..9188ef5 100644
1059 ---- a/drivers/memstick/core/ms_block.c
1060 -+++ b/drivers/memstick/core/ms_block.c
1061 -@@ -401,7 +401,7 @@ again:
1062 - sizeof(struct ms_status_register)))
1063 - return 0;
1064 -
1065 -- msb->state = MSB_RP_RECEIVE_OOB_READ;
1066 -+ msb->state = MSB_RP_RECIVE_STATUS_REG;
1067 - return 0;
1068 -
1069 - case MSB_RP_RECIVE_STATUS_REG:
1070 -diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
1071 -index 2fc0586..9cbd037 100644
1072 ---- a/drivers/misc/lkdtm.c
1073 -+++ b/drivers/misc/lkdtm.c
1074 -@@ -297,6 +297,14 @@ static void do_nothing(void)
1075 - return;
1076 - }
1077 -
1078 -+static noinline void corrupt_stack(void)
1079 -+{
1080 -+ /* Use default char array length that triggers stack protection. */
1081 -+ char data[8];
1082 -+
1083 -+ memset((void *)data, 0, 64);
1084 -+}
1085 -+
1086 - static void execute_location(void *dst)
1087 - {
1088 - void (*func)(void) = dst;
1089 -@@ -327,13 +335,9 @@ static void lkdtm_do_action(enum ctype which)
1090 - case CT_OVERFLOW:
1091 - (void) recursive_loop(0);
1092 - break;
1093 -- case CT_CORRUPT_STACK: {
1094 -- /* Make sure the compiler creates and uses an 8 char array. */
1095 -- volatile char data[8];
1096 --
1097 -- memset((void *)data, 0, 64);
1098 -+ case CT_CORRUPT_STACK:
1099 -+ corrupt_stack();
1100 - break;
1101 -- }
1102 - case CT_UNALIGNED_LOAD_STORE_WRITE: {
1103 - static u8 data[5] __attribute__((aligned(4))) = {1, 2,
1104 - 3, 4, 5};
1105 -diff --git a/drivers/misc/mei/nfc.c b/drivers/misc/mei/nfc.c
1106 -index d0c6907..994ca4a 100644
1107 ---- a/drivers/misc/mei/nfc.c
1108 -+++ b/drivers/misc/mei/nfc.c
1109 -@@ -485,8 +485,11 @@ int mei_nfc_host_init(struct mei_device *dev)
1110 - if (ndev->cl_info)
1111 - return 0;
1112 -
1113 -- cl_info = mei_cl_allocate(dev);
1114 -- cl = mei_cl_allocate(dev);
1115 -+ ndev->cl_info = mei_cl_allocate(dev);
1116 -+ ndev->cl = mei_cl_allocate(dev);
1117 -+
1118 -+ cl = ndev->cl;
1119 -+ cl_info = ndev->cl_info;
1120 -
1121 - if (!cl || !cl_info) {
1122 - ret = -ENOMEM;
1123 -@@ -527,10 +530,9 @@ int mei_nfc_host_init(struct mei_device *dev)
1124 -
1125 - cl->device_uuid = mei_nfc_guid;
1126 -
1127 -+
1128 - list_add_tail(&cl->device_link, &dev->device_list);
1129 -
1130 -- ndev->cl_info = cl_info;
1131 -- ndev->cl = cl;
1132 - ndev->req_id = 1;
1133 -
1134 - INIT_WORK(&ndev->init_work, mei_nfc_init);
1135 -diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c
1136 -index a668cd4..e3fc07c 100644
1137 ---- a/drivers/net/can/c_can/c_can.c
1138 -+++ b/drivers/net/can/c_can/c_can.c
1139 -@@ -814,9 +814,6 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota)
1140 - msg_ctrl_save = priv->read_reg(priv,
1141 - C_CAN_IFACE(MSGCTRL_REG, 0));
1142 -
1143 -- if (msg_ctrl_save & IF_MCONT_EOB)
1144 -- return num_rx_pkts;
1145 --
1146 - if (msg_ctrl_save & IF_MCONT_MSGLST) {
1147 - c_can_handle_lost_msg_obj(dev, 0, msg_obj);
1148 - num_rx_pkts++;
1149 -@@ -824,6 +821,9 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota)
1150 - continue;
1151 - }
1152 -
1153 -+ if (msg_ctrl_save & IF_MCONT_EOB)
1154 -+ return num_rx_pkts;
1155 -+
1156 - if (!(msg_ctrl_save & IF_MCONT_NEWDAT))
1157 - continue;
1158 -
1159 -diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c
1160 -index 3b95465..4b2d5ed 100644
1161 ---- a/drivers/net/can/usb/kvaser_usb.c
1162 -+++ b/drivers/net/can/usb/kvaser_usb.c
1163 -@@ -1544,9 +1544,9 @@ static int kvaser_usb_init_one(struct usb_interface *intf,
1164 - return 0;
1165 - }
1166 -
1167 --static void kvaser_usb_get_endpoints(const struct usb_interface *intf,
1168 -- struct usb_endpoint_descriptor **in,
1169 -- struct usb_endpoint_descriptor **out)
1170 -+static int kvaser_usb_get_endpoints(const struct usb_interface *intf,
1171 -+ struct usb_endpoint_descriptor **in,
1172 -+ struct usb_endpoint_descriptor **out)
1173 - {
1174 - const struct usb_host_interface *iface_desc;
1175 - struct usb_endpoint_descriptor *endpoint;
1176 -@@ -1557,12 +1557,18 @@ static void kvaser_usb_get_endpoints(const struct usb_interface *intf,
1177 - for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
1178 - endpoint = &iface_desc->endpoint[i].desc;
1179 -
1180 -- if (usb_endpoint_is_bulk_in(endpoint))
1181 -+ if (!*in && usb_endpoint_is_bulk_in(endpoint))
1182 - *in = endpoint;
1183 -
1184 -- if (usb_endpoint_is_bulk_out(endpoint))
1185 -+ if (!*out && usb_endpoint_is_bulk_out(endpoint))
1186 - *out = endpoint;
1187 -+
1188 -+ /* use first bulk endpoint for in and out */
1189 -+ if (*in && *out)
1190 -+ return 0;
1191 - }
1192 -+
1193 -+ return -ENODEV;
1194 - }
1195 -
1196 - static int kvaser_usb_probe(struct usb_interface *intf,
1197 -@@ -1576,8 +1582,8 @@ static int kvaser_usb_probe(struct usb_interface *intf,
1198 - if (!dev)
1199 - return -ENOMEM;
1200 -
1201 -- kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out);
1202 -- if (!dev->bulk_in || !dev->bulk_out) {
1203 -+ err = kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out);
1204 -+ if (err) {
1205 - dev_err(&intf->dev, "Cannot get usb endpoint(s)");
1206 - return err;
1207 - }
1208 -diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
1209 -index fc95b23..6305a5d 100644
1210 ---- a/drivers/net/ethernet/atheros/alx/main.c
1211 -+++ b/drivers/net/ethernet/atheros/alx/main.c
1212 -@@ -1389,6 +1389,9 @@ static int alx_resume(struct device *dev)
1213 - {
1214 - struct pci_dev *pdev = to_pci_dev(dev);
1215 - struct alx_priv *alx = pci_get_drvdata(pdev);
1216 -+ struct alx_hw *hw = &alx->hw;
1217 -+
1218 -+ alx_reset_phy(hw);
1219 -
1220 - if (!netif_running(alx->dev))
1221 - return 0;
1222 -diff --git a/drivers/net/wireless/libertas/debugfs.c b/drivers/net/wireless/libertas/debugfs.c
1223 -index 668dd27..cc6a0a5 100644
1224 ---- a/drivers/net/wireless/libertas/debugfs.c
1225 -+++ b/drivers/net/wireless/libertas/debugfs.c
1226 -@@ -913,7 +913,10 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf,
1227 - char *p2;
1228 - struct debug_data *d = f->private_data;
1229 -
1230 -- pdata = kmalloc(cnt, GFP_KERNEL);
1231 -+ if (cnt == 0)
1232 -+ return 0;
1233 -+
1234 -+ pdata = kmalloc(cnt + 1, GFP_KERNEL);
1235 - if (pdata == NULL)
1236 - return 0;
1237 -
1238 -@@ -922,6 +925,7 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf,
1239 - kfree(pdata);
1240 - return 0;
1241 - }
1242 -+ pdata[cnt] = '\0';
1243 -
1244 - p0 = pdata;
1245 - for (i = 0; i < num_of_items; i++) {
1246 -diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c
1247 -index 88ce656..1400787 100644
1248 ---- a/drivers/net/wireless/rt2x00/rt2800lib.c
1249 -+++ b/drivers/net/wireless/rt2x00/rt2800lib.c
1250 -@@ -4461,10 +4461,13 @@ void rt2800_link_tuner(struct rt2x00_dev *rt2x00dev, struct link_qual *qual,
1251 -
1252 - vgc = rt2800_get_default_vgc(rt2x00dev);
1253 -
1254 -- if (rt2x00_rt(rt2x00dev, RT5592) && qual->rssi > -65)
1255 -- vgc += 0x20;
1256 -- else if (qual->rssi > -80)
1257 -- vgc += 0x10;
1258 -+ if (rt2x00_rt(rt2x00dev, RT5592)) {
1259 -+ if (qual->rssi > -65)
1260 -+ vgc += 0x20;
1261 -+ } else {
1262 -+ if (qual->rssi > -80)
1263 -+ vgc += 0x10;
1264 -+ }
1265 -
1266 - rt2800_set_vgc(rt2x00dev, qual, vgc);
1267 - }
1268 -diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c
1269 -index 96961b9..4feb35a 100644
1270 ---- a/drivers/net/wireless/rt2x00/rt2800usb.c
1271 -+++ b/drivers/net/wireless/rt2x00/rt2800usb.c
1272 -@@ -148,6 +148,8 @@ static bool rt2800usb_txstatus_timeout(struct rt2x00_dev *rt2x00dev)
1273 - return false;
1274 - }
1275 -
1276 -+#define TXSTATUS_READ_INTERVAL 1000000
1277 -+
1278 - static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev,
1279 - int urb_status, u32 tx_status)
1280 - {
1281 -@@ -176,8 +178,9 @@ static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev,
1282 - queue_work(rt2x00dev->workqueue, &rt2x00dev->txdone_work);
1283 -
1284 - if (rt2800usb_txstatus_pending(rt2x00dev)) {
1285 -- /* Read register after 250 us */
1286 -- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 250000),
1287 -+ /* Read register after 1 ms */
1288 -+ hrtimer_start(&rt2x00dev->txstatus_timer,
1289 -+ ktime_set(0, TXSTATUS_READ_INTERVAL),
1290 - HRTIMER_MODE_REL);
1291 - return false;
1292 - }
1293 -@@ -202,8 +205,9 @@ static void rt2800usb_async_read_tx_status(struct rt2x00_dev *rt2x00dev)
1294 - if (test_and_set_bit(TX_STATUS_READING, &rt2x00dev->flags))
1295 - return;
1296 -
1297 -- /* Read TX_STA_FIFO register after 500 us */
1298 -- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 500000),
1299 -+ /* Read TX_STA_FIFO register after 2 ms */
1300 -+ hrtimer_start(&rt2x00dev->txstatus_timer,
1301 -+ ktime_set(0, 2*TXSTATUS_READ_INTERVAL),
1302 - HRTIMER_MODE_REL);
1303 - }
1304 -
1305 -diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c
1306 -index 712eea9..f12e909 100644
1307 ---- a/drivers/net/wireless/rt2x00/rt2x00dev.c
1308 -+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
1309 -@@ -181,6 +181,7 @@ static void rt2x00lib_autowakeup(struct work_struct *work)
1310 - static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
1311 - struct ieee80211_vif *vif)
1312 - {
1313 -+ struct ieee80211_tx_control control = {};
1314 - struct rt2x00_dev *rt2x00dev = data;
1315 - struct sk_buff *skb;
1316 -
1317 -@@ -195,7 +196,7 @@ static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
1318 - */
1319 - skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
1320 - while (skb) {
1321 -- rt2x00mac_tx(rt2x00dev->hw, NULL, skb);
1322 -+ rt2x00mac_tx(rt2x00dev->hw, &control, skb);
1323 - skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
1324 - }
1325 - }
1326 -diff --git a/drivers/net/wireless/rt2x00/rt2x00lib.h b/drivers/net/wireless/rt2x00/rt2x00lib.h
1327 -index a093598..7f40ab8 100644
1328 ---- a/drivers/net/wireless/rt2x00/rt2x00lib.h
1329 -+++ b/drivers/net/wireless/rt2x00/rt2x00lib.h
1330 -@@ -146,7 +146,7 @@ void rt2x00queue_remove_l2pad(struct sk_buff *skb, unsigned int header_length);
1331 - * @local: frame is not from mac80211
1332 - */
1333 - int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
1334 -- bool local);
1335 -+ struct ieee80211_sta *sta, bool local);
1336 -
1337 - /**
1338 - * rt2x00queue_update_beacon - Send new beacon from mac80211
1339 -diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c
1340 -index f883802..f8cff1f 100644
1341 ---- a/drivers/net/wireless/rt2x00/rt2x00mac.c
1342 -+++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
1343 -@@ -90,7 +90,7 @@ static int rt2x00mac_tx_rts_cts(struct rt2x00_dev *rt2x00dev,
1344 - frag_skb->data, data_length, tx_info,
1345 - (struct ieee80211_rts *)(skb->data));
1346 -
1347 -- retval = rt2x00queue_write_tx_frame(queue, skb, true);
1348 -+ retval = rt2x00queue_write_tx_frame(queue, skb, NULL, true);
1349 - if (retval) {
1350 - dev_kfree_skb_any(skb);
1351 - rt2x00_warn(rt2x00dev, "Failed to send RTS/CTS frame\n");
1352 -@@ -151,7 +151,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw,
1353 - goto exit_fail;
1354 - }
1355 -
1356 -- if (unlikely(rt2x00queue_write_tx_frame(queue, skb, false)))
1357 -+ if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false)))
1358 - goto exit_fail;
1359 -
1360 - /*
1361 -@@ -754,6 +754,9 @@ void rt2x00mac_flush(struct ieee80211_hw *hw, u32 queues, bool drop)
1362 - struct rt2x00_dev *rt2x00dev = hw->priv;
1363 - struct data_queue *queue;
1364 -
1365 -+ if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
1366 -+ return;
1367 -+
1368 - tx_queue_for_each(rt2x00dev, queue)
1369 - rt2x00queue_flush_queue(queue, drop);
1370 - }
1371 -diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c
1372 -index 6c8a33b..66a2db8 100644
1373 ---- a/drivers/net/wireless/rt2x00/rt2x00queue.c
1374 -+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
1375 -@@ -635,7 +635,7 @@ static void rt2x00queue_bar_check(struct queue_entry *entry)
1376 - }
1377 -
1378 - int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
1379 -- bool local)
1380 -+ struct ieee80211_sta *sta, bool local)
1381 - {
1382 - struct ieee80211_tx_info *tx_info;
1383 - struct queue_entry *entry;
1384 -@@ -649,7 +649,7 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
1385 - * after that we are free to use the skb->cb array
1386 - * for our information.
1387 - */
1388 -- rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, NULL);
1389 -+ rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, sta);
1390 -
1391 - /*
1392 - * All information is retrieved from the skb->cb array,
1393 -diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
1394 -index 03ca6c1..4e86e97 100644
1395 ---- a/drivers/platform/x86/thinkpad_acpi.c
1396 -+++ b/drivers/platform/x86/thinkpad_acpi.c
1397 -@@ -6420,7 +6420,12 @@ static struct ibm_struct brightness_driver_data = {
1398 - #define TPACPI_ALSA_SHRTNAME "ThinkPad Console Audio Control"
1399 - #define TPACPI_ALSA_MIXERNAME TPACPI_ALSA_SHRTNAME
1400 -
1401 --static int alsa_index = ~((1 << (SNDRV_CARDS - 3)) - 1); /* last three slots */
1402 -+#if SNDRV_CARDS <= 32
1403 -+#define DEFAULT_ALSA_IDX ~((1 << (SNDRV_CARDS - 3)) - 1)
1404 -+#else
1405 -+#define DEFAULT_ALSA_IDX ~((1 << (32 - 3)) - 1)
1406 -+#endif
1407 -+static int alsa_index = DEFAULT_ALSA_IDX; /* last three slots */
1408 - static char *alsa_id = "ThinkPadEC";
1409 - static bool alsa_enable = SNDRV_DEFAULT_ENABLE1;
1410 -
1411 -diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
1412 -index d85ac1a..fbcd48d 100644
1413 ---- a/drivers/scsi/aacraid/commctrl.c
1414 -+++ b/drivers/scsi/aacraid/commctrl.c
1415 -@@ -511,7 +511,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
1416 - goto cleanup;
1417 - }
1418 -
1419 -- if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) {
1420 -+ if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct user_sgentry))) ||
1421 -+ (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr)))) {
1422 - rcode = -EINVAL;
1423 - goto cleanup;
1424 - }
1425 -diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
1426 -index 8e76ddc..5a5e9c9 100644
1427 ---- a/drivers/staging/android/ashmem.c
1428 -+++ b/drivers/staging/android/ashmem.c
1429 -@@ -706,7 +706,7 @@ static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1430 - .gfp_mask = GFP_KERNEL,
1431 - .nr_to_scan = LONG_MAX,
1432 - };
1433 --
1434 -+ ret = ashmem_shrink_count(&ashmem_shrinker, &sc);
1435 - nodes_setall(sc.nodes_to_scan);
1436 - ashmem_shrink_scan(&ashmem_shrinker, &sc);
1437 - }
1438 -diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
1439 -index 1636c7c..a3af469 100644
1440 ---- a/drivers/staging/comedi/comedi_fops.c
1441 -+++ b/drivers/staging/comedi/comedi_fops.c
1442 -@@ -543,7 +543,7 @@ void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size)
1443 - {
1444 - s->private = kzalloc(size, GFP_KERNEL);
1445 - if (s->private)
1446 -- comedi_set_subdevice_runflags(s, ~0, SRF_FREE_SPRIV);
1447 -+ s->runflags |= SRF_FREE_SPRIV;
1448 - return s->private;
1449 - }
1450 - EXPORT_SYMBOL_GPL(comedi_alloc_spriv);
1451 -@@ -1485,7 +1485,8 @@ static int do_cmd_ioctl(struct comedi_device *dev,
1452 - if (async->cmd.flags & TRIG_WAKE_EOS)
1453 - async->cb_mask |= COMEDI_CB_EOS;
1454 -
1455 -- comedi_set_subdevice_runflags(s, ~0, SRF_USER | SRF_RUNNING);
1456 -+ comedi_set_subdevice_runflags(s, SRF_USER | SRF_ERROR | SRF_RUNNING,
1457 -+ SRF_USER | SRF_RUNNING);
1458 -
1459 - /* set s->busy _after_ setting SRF_RUNNING flag to avoid race with
1460 - * comedi_read() or comedi_write() */
1461 -diff --git a/drivers/staging/rtl8188eu/os_dep/os_intfs.c b/drivers/staging/rtl8188eu/os_dep/os_intfs.c
1462 -index 63bc913..8b2b4a8 100644
1463 ---- a/drivers/staging/rtl8188eu/os_dep/os_intfs.c
1464 -+++ b/drivers/staging/rtl8188eu/os_dep/os_intfs.c
1465 -@@ -707,6 +707,10 @@ int rtw_init_netdev_name(struct net_device *pnetdev, const char *ifname)
1466 - return 0;
1467 - }
1468 -
1469 -+static const struct device_type wlan_type = {
1470 -+ .name = "wlan",
1471 -+};
1472 -+
1473 - struct net_device *rtw_init_netdev(struct adapter *old_padapter)
1474 - {
1475 - struct adapter *padapter;
1476 -@@ -722,6 +726,7 @@ struct net_device *rtw_init_netdev(struct adapter *old_padapter)
1477 - if (!pnetdev)
1478 - return NULL;
1479 -
1480 -+ pnetdev->dev.type = &wlan_type;
1481 - padapter = rtw_netdev_priv(pnetdev);
1482 - padapter->pnetdev = pnetdev;
1483 - DBG_88E("register rtw_netdev_ops to netdev_ops\n");
1484 -diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
1485 -index 2c4ed52..012ba15 100644
1486 ---- a/drivers/staging/zram/zram_drv.c
1487 -+++ b/drivers/staging/zram/zram_drv.c
1488 -@@ -648,6 +648,9 @@ static ssize_t reset_store(struct device *dev,
1489 - zram = dev_to_zram(dev);
1490 - bdev = bdget_disk(zram->disk, 0);
1491 -
1492 -+ if (!bdev)
1493 -+ return -ENOMEM;
1494 -+
1495 - /* Do not reset an active device! */
1496 - if (bdev->bd_holders)
1497 - return -EBUSY;
1498 -@@ -660,8 +663,7 @@ static ssize_t reset_store(struct device *dev,
1499 - return -EINVAL;
1500 -
1501 - /* Make sure all pending I/O is finished */
1502 -- if (bdev)
1503 -- fsync_bdev(bdev);
1504 -+ fsync_bdev(bdev);
1505 -
1506 - zram_reset_device(zram, true);
1507 - return len;
1508 -diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
1509 -index f7841d4..689433c 100644
1510 ---- a/drivers/usb/core/driver.c
1511 -+++ b/drivers/usb/core/driver.c
1512 -@@ -1790,6 +1790,9 @@ int usb_set_usb2_hardware_lpm(struct usb_device *udev, int enable)
1513 - struct usb_hcd *hcd = bus_to_hcd(udev->bus);
1514 - int ret = -EPERM;
1515 -
1516 -+ if (enable && !udev->usb2_hw_lpm_allowed)
1517 -+ return 0;
1518 -+
1519 - if (hcd->driver->set_usb2_hw_lpm) {
1520 - ret = hcd->driver->set_usb2_hw_lpm(hcd, udev, enable);
1521 - if (!ret)
1522 -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
1523 -index 879651c..243c672 100644
1524 ---- a/drivers/usb/core/hub.c
1525 -+++ b/drivers/usb/core/hub.c
1526 -@@ -1135,6 +1135,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
1527 - usb_clear_port_feature(hub->hdev, port1,
1528 - USB_PORT_FEAT_C_ENABLE);
1529 - }
1530 -+ if (portchange & USB_PORT_STAT_C_RESET) {
1531 -+ need_debounce_delay = true;
1532 -+ usb_clear_port_feature(hub->hdev, port1,
1533 -+ USB_PORT_FEAT_C_RESET);
1534 -+ }
1535 - if ((portchange & USB_PORT_STAT_C_BH_RESET) &&
1536 - hub_is_superspeed(hub->hdev)) {
1537 - need_debounce_delay = true;
1538 -@@ -3954,6 +3959,32 @@ static int hub_set_address(struct usb_device *udev, int devnum)
1539 - return retval;
1540 - }
1541 -
1542 -+/*
1543 -+ * There are reports of USB 3.0 devices that say they support USB 2.0 Link PM
1544 -+ * when they're plugged into a USB 2.0 port, but they don't work when LPM is
1545 -+ * enabled.
1546 -+ *
1547 -+ * Only enable USB 2.0 Link PM if the port is internal (hardwired), or the
1548 -+ * device says it supports the new USB 2.0 Link PM errata by setting the BESL
1549 -+ * support bit in the BOS descriptor.
1550 -+ */
1551 -+static void hub_set_initial_usb2_lpm_policy(struct usb_device *udev)
1552 -+{
1553 -+ int connect_type;
1554 -+
1555 -+ if (!udev->usb2_hw_lpm_capable)
1556 -+ return;
1557 -+
1558 -+ connect_type = usb_get_hub_port_connect_type(udev->parent,
1559 -+ udev->portnum);
1560 -+
1561 -+ if ((udev->bos->ext_cap->bmAttributes & USB_BESL_SUPPORT) ||
1562 -+ connect_type == USB_PORT_CONNECT_TYPE_HARD_WIRED) {
1563 -+ udev->usb2_hw_lpm_allowed = 1;
1564 -+ usb_set_usb2_hardware_lpm(udev, 1);
1565 -+ }
1566 -+}
1567 -+
1568 - /* Reset device, (re)assign address, get device descriptor.
1569 - * Device connection must be stable, no more debouncing needed.
1570 - * Returns device in USB_STATE_ADDRESS, except on error.
1571 -@@ -4247,6 +4278,7 @@ hub_port_init (struct usb_hub *hub, struct usb_device *udev, int port1,
1572 - /* notify HCD that we have a device connected and addressed */
1573 - if (hcd->driver->update_device)
1574 - hcd->driver->update_device(hcd, udev);
1575 -+ hub_set_initial_usb2_lpm_policy(udev);
1576 - fail:
1577 - if (retval) {
1578 - hub_port_disable(hub, port1, 0);
1579 -@@ -5091,6 +5123,12 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
1580 - }
1581 - parent_hub = usb_hub_to_struct_hub(parent_hdev);
1582 -
1583 -+ /* Disable USB2 hardware LPM.
1584 -+ * It will be re-enabled by the enumeration process.
1585 -+ */
1586 -+ if (udev->usb2_hw_lpm_enabled == 1)
1587 -+ usb_set_usb2_hardware_lpm(udev, 0);
1588 -+
1589 - bos = udev->bos;
1590 - udev->bos = NULL;
1591 -
1592 -@@ -5198,6 +5236,7 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
1593 -
1594 - done:
1595 - /* Now that the alt settings are re-installed, enable LTM and LPM. */
1596 -+ usb_set_usb2_hardware_lpm(udev, 1);
1597 - usb_unlocked_enable_lpm(udev);
1598 - usb_enable_ltm(udev);
1599 - usb_release_bos_descriptor(udev);
1600 -diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
1601 -index 6d2c8ed..ca516ac 100644
1602 ---- a/drivers/usb/core/sysfs.c
1603 -+++ b/drivers/usb/core/sysfs.c
1604 -@@ -449,7 +449,7 @@ static ssize_t usb2_hardware_lpm_show(struct device *dev,
1605 - struct usb_device *udev = to_usb_device(dev);
1606 - const char *p;
1607 -
1608 -- if (udev->usb2_hw_lpm_enabled == 1)
1609 -+ if (udev->usb2_hw_lpm_allowed == 1)
1610 - p = "enabled";
1611 - else
1612 - p = "disabled";
1613 -@@ -469,8 +469,10 @@ static ssize_t usb2_hardware_lpm_store(struct device *dev,
1614 -
1615 - ret = strtobool(buf, &value);
1616 -
1617 -- if (!ret)
1618 -+ if (!ret) {
1619 -+ udev->usb2_hw_lpm_allowed = value;
1620 - ret = usb_set_usb2_hardware_lpm(udev, value);
1621 -+ }
1622 -
1623 - usb_unlock_device(udev);
1624 -
1625 -diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
1626 -index 83bcd13..49b8bd0 100644
1627 ---- a/drivers/usb/host/xhci-mem.c
1628 -+++ b/drivers/usb/host/xhci-mem.c
1629 -@@ -1693,9 +1693,7 @@ void xhci_free_command(struct xhci_hcd *xhci,
1630 - void xhci_mem_cleanup(struct xhci_hcd *xhci)
1631 - {
1632 - struct pci_dev *pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller);
1633 -- struct dev_info *dev_info, *next;
1634 - struct xhci_cd *cur_cd, *next_cd;
1635 -- unsigned long flags;
1636 - int size;
1637 - int i, j, num_ports;
1638 -
1639 -@@ -1756,13 +1754,6 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci)
1640 -
1641 - scratchpad_free(xhci);
1642 -
1643 -- spin_lock_irqsave(&xhci->lock, flags);
1644 -- list_for_each_entry_safe(dev_info, next, &xhci->lpm_failed_devs, list) {
1645 -- list_del(&dev_info->list);
1646 -- kfree(dev_info);
1647 -- }
1648 -- spin_unlock_irqrestore(&xhci->lock, flags);
1649 --
1650 - if (!xhci->rh_bw)
1651 - goto no_bw;
1652 -
1653 -@@ -2231,7 +2222,6 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags)
1654 - u32 page_size, temp;
1655 - int i;
1656 -
1657 -- INIT_LIST_HEAD(&xhci->lpm_failed_devs);
1658 - INIT_LIST_HEAD(&xhci->cancel_cmd_list);
1659 -
1660 - page_size = xhci_readl(xhci, &xhci->op_regs->page_size);
1661 -diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
1662 -index 6e0d886..ed6c186 100644
1663 ---- a/drivers/usb/host/xhci.c
1664 -+++ b/drivers/usb/host/xhci.c
1665 -@@ -4025,133 +4025,6 @@ static int xhci_calculate_usb2_hw_lpm_params(struct usb_device *udev)
1666 - return PORT_BESLD(besld) | PORT_L1_TIMEOUT(l1) | PORT_HIRDM(hirdm);
1667 - }
1668 -
1669 --static int xhci_usb2_software_lpm_test(struct usb_hcd *hcd,
1670 -- struct usb_device *udev)
1671 --{
1672 -- struct xhci_hcd *xhci = hcd_to_xhci(hcd);
1673 -- struct dev_info *dev_info;
1674 -- __le32 __iomem **port_array;
1675 -- __le32 __iomem *addr, *pm_addr;
1676 -- u32 temp, dev_id;
1677 -- unsigned int port_num;
1678 -- unsigned long flags;
1679 -- int hird;
1680 -- int ret;
1681 --
1682 -- if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support ||
1683 -- !udev->lpm_capable)
1684 -- return -EINVAL;
1685 --
1686 -- /* we only support lpm for non-hub device connected to root hub yet */
1687 -- if (!udev->parent || udev->parent->parent ||
1688 -- udev->descriptor.bDeviceClass == USB_CLASS_HUB)
1689 -- return -EINVAL;
1690 --
1691 -- spin_lock_irqsave(&xhci->lock, flags);
1692 --
1693 -- /* Look for devices in lpm_failed_devs list */
1694 -- dev_id = le16_to_cpu(udev->descriptor.idVendor) << 16 |
1695 -- le16_to_cpu(udev->descriptor.idProduct);
1696 -- list_for_each_entry(dev_info, &xhci->lpm_failed_devs, list) {
1697 -- if (dev_info->dev_id == dev_id) {
1698 -- ret = -EINVAL;
1699 -- goto finish;
1700 -- }
1701 -- }
1702 --
1703 -- port_array = xhci->usb2_ports;
1704 -- port_num = udev->portnum - 1;
1705 --
1706 -- if (port_num > HCS_MAX_PORTS(xhci->hcs_params1)) {
1707 -- xhci_dbg(xhci, "invalid port number %d\n", udev->portnum);
1708 -- ret = -EINVAL;
1709 -- goto finish;
1710 -- }
1711 --
1712 -- /*
1713 -- * Test USB 2.0 software LPM.
1714 -- * FIXME: some xHCI 1.0 hosts may implement a new register to set up
1715 -- * hardware-controlled USB 2.0 LPM. See section 5.4.11 and 4.23.5.1.1.1
1716 -- * in the June 2011 errata release.
1717 -- */
1718 -- xhci_dbg(xhci, "test port %d software LPM\n", port_num);
1719 -- /*
1720 -- * Set L1 Device Slot and HIRD/BESL.
1721 -- * Check device's USB 2.0 extension descriptor to determine whether
1722 -- * HIRD or BESL shoule be used. See USB2.0 LPM errata.
1723 -- */
1724 -- pm_addr = port_array[port_num] + PORTPMSC;
1725 -- hird = xhci_calculate_hird_besl(xhci, udev);
1726 -- temp = PORT_L1DS(udev->slot_id) | PORT_HIRD(hird);
1727 -- xhci_writel(xhci, temp, pm_addr);
1728 --
1729 -- /* Set port link state to U2(L1) */
1730 -- addr = port_array[port_num];
1731 -- xhci_set_link_state(xhci, port_array, port_num, XDEV_U2);
1732 --
1733 -- /* wait for ACK */
1734 -- spin_unlock_irqrestore(&xhci->lock, flags);
1735 -- msleep(10);
1736 -- spin_lock_irqsave(&xhci->lock, flags);
1737 --
1738 -- /* Check L1 Status */
1739 -- ret = xhci_handshake(xhci, pm_addr,
1740 -- PORT_L1S_MASK, PORT_L1S_SUCCESS, 125);
1741 -- if (ret != -ETIMEDOUT) {
1742 -- /* enter L1 successfully */
1743 -- temp = xhci_readl(xhci, addr);
1744 -- xhci_dbg(xhci, "port %d entered L1 state, port status 0x%x\n",
1745 -- port_num, temp);
1746 -- ret = 0;
1747 -- } else {
1748 -- temp = xhci_readl(xhci, pm_addr);
1749 -- xhci_dbg(xhci, "port %d software lpm failed, L1 status %d\n",
1750 -- port_num, temp & PORT_L1S_MASK);
1751 -- ret = -EINVAL;
1752 -- }
1753 --
1754 -- /* Resume the port */
1755 -- xhci_set_link_state(xhci, port_array, port_num, XDEV_U0);
1756 --
1757 -- spin_unlock_irqrestore(&xhci->lock, flags);
1758 -- msleep(10);
1759 -- spin_lock_irqsave(&xhci->lock, flags);
1760 --
1761 -- /* Clear PLC */
1762 -- xhci_test_and_clear_bit(xhci, port_array, port_num, PORT_PLC);
1763 --
1764 -- /* Check PORTSC to make sure the device is in the right state */
1765 -- if (!ret) {
1766 -- temp = xhci_readl(xhci, addr);
1767 -- xhci_dbg(xhci, "resumed port %d status 0x%x\n", port_num, temp);
1768 -- if (!(temp & PORT_CONNECT) || !(temp & PORT_PE) ||
1769 -- (temp & PORT_PLS_MASK) != XDEV_U0) {
1770 -- xhci_dbg(xhci, "port L1 resume fail\n");
1771 -- ret = -EINVAL;
1772 -- }
1773 -- }
1774 --
1775 -- if (ret) {
1776 -- /* Insert dev to lpm_failed_devs list */
1777 -- xhci_warn(xhci, "device LPM test failed, may disconnect and "
1778 -- "re-enumerate\n");
1779 -- dev_info = kzalloc(sizeof(struct dev_info), GFP_ATOMIC);
1780 -- if (!dev_info) {
1781 -- ret = -ENOMEM;
1782 -- goto finish;
1783 -- }
1784 -- dev_info->dev_id = dev_id;
1785 -- INIT_LIST_HEAD(&dev_info->list);
1786 -- list_add(&dev_info->list, &xhci->lpm_failed_devs);
1787 -- } else {
1788 -- xhci_ring_device(xhci, udev->slot_id);
1789 -- }
1790 --
1791 --finish:
1792 -- spin_unlock_irqrestore(&xhci->lock, flags);
1793 -- return ret;
1794 --}
1795 --
1796 - int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd,
1797 - struct usb_device *udev, int enable)
1798 - {
1799 -@@ -4228,7 +4101,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd,
1800 - }
1801 -
1802 - pm_val &= ~PORT_HIRD_MASK;
1803 -- pm_val |= PORT_HIRD(hird) | PORT_RWE;
1804 -+ pm_val |= PORT_HIRD(hird) | PORT_RWE | PORT_L1DS(udev->slot_id);
1805 - xhci_writel(xhci, pm_val, pm_addr);
1806 - pm_val = xhci_readl(xhci, pm_addr);
1807 - pm_val |= PORT_HLE;
1808 -@@ -4236,7 +4109,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd,
1809 - /* flush write */
1810 - xhci_readl(xhci, pm_addr);
1811 - } else {
1812 -- pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK);
1813 -+ pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK | PORT_L1DS_MASK);
1814 - xhci_writel(xhci, pm_val, pm_addr);
1815 - /* flush write */
1816 - xhci_readl(xhci, pm_addr);
1817 -@@ -4279,24 +4152,26 @@ static int xhci_check_usb2_port_capability(struct xhci_hcd *xhci, int port,
1818 - int xhci_update_device(struct usb_hcd *hcd, struct usb_device *udev)
1819 - {
1820 - struct xhci_hcd *xhci = hcd_to_xhci(hcd);
1821 -- int ret;
1822 - int portnum = udev->portnum - 1;
1823 -
1824 -- ret = xhci_usb2_software_lpm_test(hcd, udev);
1825 -- if (!ret) {
1826 -- xhci_dbg(xhci, "software LPM test succeed\n");
1827 -- if (xhci->hw_lpm_support == 1 &&
1828 -- xhci_check_usb2_port_capability(xhci, portnum, XHCI_HLC)) {
1829 -- udev->usb2_hw_lpm_capable = 1;
1830 -- udev->l1_params.timeout = XHCI_L1_TIMEOUT;
1831 -- udev->l1_params.besl = XHCI_DEFAULT_BESL;
1832 -- if (xhci_check_usb2_port_capability(xhci, portnum,
1833 -- XHCI_BLC))
1834 -- udev->usb2_hw_lpm_besl_capable = 1;
1835 -- ret = xhci_set_usb2_hardware_lpm(hcd, udev, 1);
1836 -- if (!ret)
1837 -- udev->usb2_hw_lpm_enabled = 1;
1838 -- }
1839 -+ if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support ||
1840 -+ !udev->lpm_capable)
1841 -+ return 0;
1842 -+
1843 -+ /* we only support lpm for non-hub device connected to root hub yet */
1844 -+ if (!udev->parent || udev->parent->parent ||
1845 -+ udev->descriptor.bDeviceClass == USB_CLASS_HUB)
1846 -+ return 0;
1847 -+
1848 -+ if (xhci->hw_lpm_support == 1 &&
1849 -+ xhci_check_usb2_port_capability(
1850 -+ xhci, portnum, XHCI_HLC)) {
1851 -+ udev->usb2_hw_lpm_capable = 1;
1852 -+ udev->l1_params.timeout = XHCI_L1_TIMEOUT;
1853 -+ udev->l1_params.besl = XHCI_DEFAULT_BESL;
1854 -+ if (xhci_check_usb2_port_capability(xhci, portnum,
1855 -+ XHCI_BLC))
1856 -+ udev->usb2_hw_lpm_besl_capable = 1;
1857 - }
1858 -
1859 - return 0;
1860 -diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
1861 -index 941d5f5..ed3a425 100644
1862 ---- a/drivers/usb/host/xhci.h
1863 -+++ b/drivers/usb/host/xhci.h
1864 -@@ -383,6 +383,7 @@ struct xhci_op_regs {
1865 - #define PORT_RWE (1 << 3)
1866 - #define PORT_HIRD(p) (((p) & 0xf) << 4)
1867 - #define PORT_HIRD_MASK (0xf << 4)
1868 -+#define PORT_L1DS_MASK (0xff << 8)
1869 - #define PORT_L1DS(p) (((p) & 0xff) << 8)
1870 - #define PORT_HLE (1 << 16)
1871 -
1872 -diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c
1873 -index cd70cc8..0d0d118 100644
1874 ---- a/drivers/usb/musb/musb_core.c
1875 -+++ b/drivers/usb/musb/musb_core.c
1876 -@@ -1809,6 +1809,7 @@ static void musb_free(struct musb *musb)
1877 - disable_irq_wake(musb->nIrq);
1878 - free_irq(musb->nIrq, musb);
1879 - }
1880 -+ cancel_work_sync(&musb->irq_work);
1881 - if (musb->dma_controller)
1882 - dma_controller_destroy(musb->dma_controller);
1883 -
1884 -@@ -1946,6 +1947,8 @@ musb_init_controller(struct device *dev, int nIrq, void __iomem *ctrl)
1885 - if (status < 0)
1886 - goto fail3;
1887 - status = musb_gadget_setup(musb);
1888 -+ if (status)
1889 -+ musb_host_cleanup(musb);
1890 - break;
1891 - default:
1892 - dev_err(dev, "unsupported port mode %d\n", musb->port_mode);
1893 -@@ -1972,6 +1975,7 @@ fail5:
1894 -
1895 - fail4:
1896 - musb_gadget_cleanup(musb);
1897 -+ musb_host_cleanup(musb);
1898 -
1899 - fail3:
1900 - if (musb->dma_controller)
1901 -diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
1902 -index bd4138d..1edee79 100644
1903 ---- a/drivers/usb/musb/musb_dsps.c
1904 -+++ b/drivers/usb/musb/musb_dsps.c
1905 -@@ -121,6 +121,7 @@ struct dsps_glue {
1906 - unsigned long last_timer; /* last timer data for each instance */
1907 - };
1908 -
1909 -+static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout);
1910 - /**
1911 - * dsps_musb_enable - enable interrupts
1912 - */
1913 -@@ -143,6 +144,7 @@ static void dsps_musb_enable(struct musb *musb)
1914 - /* Force the DRVVBUS IRQ so we can start polling for ID change. */
1915 - dsps_writel(reg_base, wrp->coreintr_set,
1916 - (1 << wrp->drvvbus) << wrp->usb_shift);
1917 -+ dsps_musb_try_idle(musb, 0);
1918 - }
1919 -
1920 - /**
1921 -@@ -171,6 +173,7 @@ static void otg_timer(unsigned long _musb)
1922 - const struct dsps_musb_wrapper *wrp = glue->wrp;
1923 - u8 devctl;
1924 - unsigned long flags;
1925 -+ int skip_session = 0;
1926 -
1927 - /*
1928 - * We poll because DSPS IP's won't expose several OTG-critical
1929 -@@ -183,10 +186,12 @@ static void otg_timer(unsigned long _musb)
1930 - spin_lock_irqsave(&musb->lock, flags);
1931 - switch (musb->xceiv->state) {
1932 - case OTG_STATE_A_WAIT_BCON:
1933 -- devctl &= ~MUSB_DEVCTL_SESSION;
1934 -- dsps_writeb(musb->mregs, MUSB_DEVCTL, devctl);
1935 -+ dsps_writeb(musb->mregs, MUSB_DEVCTL, 0);
1936 -+ skip_session = 1;
1937 -+ /* fall */
1938 -
1939 -- devctl = dsps_readb(musb->mregs, MUSB_DEVCTL);
1940 -+ case OTG_STATE_A_IDLE:
1941 -+ case OTG_STATE_B_IDLE:
1942 - if (devctl & MUSB_DEVCTL_BDEVICE) {
1943 - musb->xceiv->state = OTG_STATE_B_IDLE;
1944 - MUSB_DEV_MODE(musb);
1945 -@@ -194,20 +199,15 @@ static void otg_timer(unsigned long _musb)
1946 - musb->xceiv->state = OTG_STATE_A_IDLE;
1947 - MUSB_HST_MODE(musb);
1948 - }
1949 -+ if (!(devctl & MUSB_DEVCTL_SESSION) && !skip_session)
1950 -+ dsps_writeb(mregs, MUSB_DEVCTL, MUSB_DEVCTL_SESSION);
1951 -+ mod_timer(&glue->timer, jiffies + wrp->poll_seconds * HZ);
1952 - break;
1953 - case OTG_STATE_A_WAIT_VFALL:
1954 - musb->xceiv->state = OTG_STATE_A_WAIT_VRISE;
1955 - dsps_writel(musb->ctrl_base, wrp->coreintr_set,
1956 - MUSB_INTR_VBUSERROR << wrp->usb_shift);
1957 - break;
1958 -- case OTG_STATE_B_IDLE:
1959 -- devctl = dsps_readb(mregs, MUSB_DEVCTL);
1960 -- if (devctl & MUSB_DEVCTL_BDEVICE)
1961 -- mod_timer(&glue->timer,
1962 -- jiffies + wrp->poll_seconds * HZ);
1963 -- else
1964 -- musb->xceiv->state = OTG_STATE_A_IDLE;
1965 -- break;
1966 - default:
1967 - break;
1968 - }
1969 -@@ -234,6 +234,9 @@ static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout)
1970 - if (musb->port_mode == MUSB_PORT_MODE_HOST)
1971 - return;
1972 -
1973 -+ if (!musb->g.dev.driver)
1974 -+ return;
1975 -+
1976 - if (time_after(glue->last_timer, timeout) &&
1977 - timer_pending(&glue->timer)) {
1978 - dev_dbg(musb->controller,
1979 -diff --git a/drivers/usb/musb/musb_virthub.c b/drivers/usb/musb/musb_virthub.c
1980 -index d1d6b83..9af6bba 100644
1981 ---- a/drivers/usb/musb/musb_virthub.c
1982 -+++ b/drivers/usb/musb/musb_virthub.c
1983 -@@ -220,6 +220,23 @@ int musb_hub_status_data(struct usb_hcd *hcd, char *buf)
1984 - return retval;
1985 - }
1986 -
1987 -+static int musb_has_gadget(struct musb *musb)
1988 -+{
1989 -+ /*
1990 -+ * In host-only mode we start a connection right away. In OTG mode
1991 -+ * we have to wait until we loaded a gadget. We don't really need a
1992 -+ * gadget if we operate as a host but we should not start a session
1993 -+ * as a device without a gadget or else we explode.
1994 -+ */
1995 -+#ifdef CONFIG_USB_MUSB_HOST
1996 -+ return 1;
1997 -+#else
1998 -+ if (musb->port_mode == MUSB_PORT_MODE_HOST)
1999 -+ return 1;
2000 -+ return musb->g.dev.driver != NULL;
2001 -+#endif
2002 -+}
2003 -+
2004 - int musb_hub_control(
2005 - struct usb_hcd *hcd,
2006 - u16 typeReq,
2007 -@@ -362,7 +379,7 @@ int musb_hub_control(
2008 - * initialization logic, e.g. for OTG, or change any
2009 - * logic relating to VBUS power-up.
2010 - */
2011 -- if (!hcd->self.is_b_host)
2012 -+ if (!hcd->self.is_b_host && musb_has_gadget(musb))
2013 - musb_start(musb);
2014 - break;
2015 - case USB_PORT_FEAT_RESET:
2016 -diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
2017 -index fdf9535..e5bdd98 100644
2018 ---- a/drivers/usb/serial/mos7840.c
2019 -+++ b/drivers/usb/serial/mos7840.c
2020 -@@ -1532,7 +1532,11 @@ static int mos7840_tiocmget(struct tty_struct *tty)
2021 - return -ENODEV;
2022 -
2023 - status = mos7840_get_uart_reg(port, MODEM_STATUS_REGISTER, &msr);
2024 -+ if (status != 1)
2025 -+ return -EIO;
2026 - status = mos7840_get_uart_reg(port, MODEM_CONTROL_REGISTER, &mcr);
2027 -+ if (status != 1)
2028 -+ return -EIO;
2029 - result = ((mcr & MCR_DTR) ? TIOCM_DTR : 0)
2030 - | ((mcr & MCR_RTS) ? TIOCM_RTS : 0)
2031 - | ((mcr & MCR_LOOPBACK) ? TIOCM_LOOP : 0)
2032 -diff --git a/drivers/usb/wusbcore/wa-rpipe.c b/drivers/usb/wusbcore/wa-rpipe.c
2033 -index fd4f1ce..b5e4fc1 100644
2034 ---- a/drivers/usb/wusbcore/wa-rpipe.c
2035 -+++ b/drivers/usb/wusbcore/wa-rpipe.c
2036 -@@ -333,7 +333,10 @@ static int rpipe_aim(struct wa_rpipe *rpipe, struct wahc *wa,
2037 - /* FIXME: compute so seg_size > ep->maxpktsize */
2038 - rpipe->descr.wBlocks = cpu_to_le16(16); /* given */
2039 - /* ep0 maxpktsize is 0x200 (WUSB1.0[4.8.1]) */
2040 -- rpipe->descr.wMaxPacketSize = cpu_to_le16(ep->desc.wMaxPacketSize);
2041 -+ if (usb_endpoint_xfer_isoc(&ep->desc))
2042 -+ rpipe->descr.wMaxPacketSize = epcd->wOverTheAirPacketSize;
2043 -+ else
2044 -+ rpipe->descr.wMaxPacketSize = ep->desc.wMaxPacketSize;
2045 -
2046 - rpipe->descr.hwa_bMaxBurst = max(min_t(unsigned int,
2047 - epcd->bMaxBurst, 16U), 1U);
2048 -diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
2049 -index 4a35572..26450d8 100644
2050 ---- a/fs/btrfs/relocation.c
2051 -+++ b/fs/btrfs/relocation.c
2052 -@@ -4481,6 +4481,7 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len)
2053 - struct btrfs_root *root = BTRFS_I(inode)->root;
2054 - int ret;
2055 - u64 disk_bytenr;
2056 -+ u64 new_bytenr;
2057 - LIST_HEAD(list);
2058 -
2059 - ordered = btrfs_lookup_ordered_extent(inode, file_pos);
2060 -@@ -4492,13 +4493,24 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len)
2061 - if (ret)
2062 - goto out;
2063 -
2064 -- disk_bytenr = ordered->start;
2065 - while (!list_empty(&list)) {
2066 - sums = list_entry(list.next, struct btrfs_ordered_sum, list);
2067 - list_del_init(&sums->list);
2068 -
2069 -- sums->bytenr = disk_bytenr;
2070 -- disk_bytenr += sums->len;
2071 -+ /*
2072 -+ * We need to offset the new_bytenr based on where the csum is.
2073 -+ * We need to do this because we will read in entire prealloc
2074 -+ * extents but we may have written to say the middle of the
2075 -+ * prealloc extent, so we need to make sure the csum goes with
2076 -+ * the right disk offset.
2077 -+ *
2078 -+ * We can do this because the data reloc inode refers strictly
2079 -+ * to the on disk bytes, so we don't have to worry about
2080 -+ * disk_len vs real len like with real inodes since it's all
2081 -+ * disk length.
2082 -+ */
2083 -+ new_bytenr = ordered->start + (sums->bytenr - disk_bytenr);
2084 -+ sums->bytenr = new_bytenr;
2085 -
2086 - btrfs_add_ordered_sum(inode, ordered, sums);
2087 - }
2088 -diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
2089 -index 277bd1b..511d415 100644
2090 ---- a/fs/configfs/dir.c
2091 -+++ b/fs/configfs/dir.c
2092 -@@ -56,10 +56,19 @@ static void configfs_d_iput(struct dentry * dentry,
2093 - struct configfs_dirent *sd = dentry->d_fsdata;
2094 -
2095 - if (sd) {
2096 -- BUG_ON(sd->s_dentry != dentry);
2097 - /* Coordinate with configfs_readdir */
2098 - spin_lock(&configfs_dirent_lock);
2099 -- sd->s_dentry = NULL;
2100 -+ /* Coordinate with configfs_attach_attr where will increase
2101 -+ * sd->s_count and update sd->s_dentry to new allocated one.
2102 -+ * Only set sd->dentry to null when this dentry is the only
2103 -+ * sd owner.
2104 -+ * If not do so, configfs_d_iput may run just after
2105 -+ * configfs_attach_attr and set sd->s_dentry to null
2106 -+ * even it's still in use.
2107 -+ */
2108 -+ if (atomic_read(&sd->s_count) <= 2)
2109 -+ sd->s_dentry = NULL;
2110 -+
2111 - spin_unlock(&configfs_dirent_lock);
2112 - configfs_put(sd);
2113 - }
2114 -@@ -426,8 +435,11 @@ static int configfs_attach_attr(struct configfs_dirent * sd, struct dentry * den
2115 - struct configfs_attribute * attr = sd->s_element;
2116 - int error;
2117 -
2118 -+ spin_lock(&configfs_dirent_lock);
2119 - dentry->d_fsdata = configfs_get(sd);
2120 - sd->s_dentry = dentry;
2121 -+ spin_unlock(&configfs_dirent_lock);
2122 -+
2123 - error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG,
2124 - configfs_init_file);
2125 - if (error) {
2126 -diff --git a/fs/dcache.c b/fs/dcache.c
2127 -index ae6ebb8..89f9671 100644
2128 ---- a/fs/dcache.c
2129 -+++ b/fs/dcache.c
2130 -@@ -2881,9 +2881,9 @@ static int prepend_path(const struct path *path,
2131 - const struct path *root,
2132 - char **buffer, int *buflen)
2133 - {
2134 -- struct dentry *dentry = path->dentry;
2135 -- struct vfsmount *vfsmnt = path->mnt;
2136 -- struct mount *mnt = real_mount(vfsmnt);
2137 -+ struct dentry *dentry;
2138 -+ struct vfsmount *vfsmnt;
2139 -+ struct mount *mnt;
2140 - int error = 0;
2141 - unsigned seq = 0;
2142 - char *bptr;
2143 -@@ -2893,6 +2893,9 @@ static int prepend_path(const struct path *path,
2144 - restart:
2145 - bptr = *buffer;
2146 - blen = *buflen;
2147 -+ dentry = path->dentry;
2148 -+ vfsmnt = path->mnt;
2149 -+ mnt = real_mount(vfsmnt);
2150 - read_seqbegin_or_lock(&rename_lock, &seq);
2151 - while (dentry != root->dentry || vfsmnt != root->mnt) {
2152 - struct dentry * parent;
2153 -diff --git a/fs/exec.c b/fs/exec.c
2154 -index 8875dd1..bb8afc1 100644
2155 ---- a/fs/exec.c
2156 -+++ b/fs/exec.c
2157 -@@ -1668,6 +1668,12 @@ int __get_dumpable(unsigned long mm_flags)
2158 - return (ret > SUID_DUMP_USER) ? SUID_DUMP_ROOT : ret;
2159 - }
2160 -
2161 -+/*
2162 -+ * This returns the actual value of the suid_dumpable flag. For things
2163 -+ * that are using this for checking for privilege transitions, it must
2164 -+ * test against SUID_DUMP_USER rather than treating it as a boolean
2165 -+ * value.
2166 -+ */
2167 - int get_dumpable(struct mm_struct *mm)
2168 - {
2169 - return __get_dumpable(mm->flags);
2170 -diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
2171 -index ced3257..968d4c56 100644
2172 ---- a/fs/gfs2/inode.c
2173 -+++ b/fs/gfs2/inode.c
2174 -@@ -584,17 +584,17 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry,
2175 - if (!IS_ERR(inode)) {
2176 - d = d_splice_alias(inode, dentry);
2177 - error = 0;
2178 -- if (file && !IS_ERR(d)) {
2179 -- if (d == NULL)
2180 -- d = dentry;
2181 -- if (S_ISREG(inode->i_mode))
2182 -- error = finish_open(file, d, gfs2_open_common, opened);
2183 -- else
2184 -+ if (file) {
2185 -+ if (S_ISREG(inode->i_mode)) {
2186 -+ WARN_ON(d != NULL);
2187 -+ error = finish_open(file, dentry, gfs2_open_common, opened);
2188 -+ } else {
2189 - error = finish_no_open(file, d);
2190 -+ }
2191 -+ } else {
2192 -+ dput(d);
2193 - }
2194 - gfs2_glock_dq_uninit(ghs);
2195 -- if (IS_ERR(d))
2196 -- return PTR_ERR(d);
2197 - return error;
2198 - } else if (error != -ENOENT) {
2199 - goto fail_gunlock;
2200 -@@ -781,8 +781,10 @@ static struct dentry *__gfs2_lookup(struct inode *dir, struct dentry *dentry,
2201 - error = finish_open(file, dentry, gfs2_open_common, opened);
2202 -
2203 - gfs2_glock_dq_uninit(&gh);
2204 -- if (error)
2205 -+ if (error) {
2206 -+ dput(d);
2207 - return ERR_PTR(error);
2208 -+ }
2209 - return d;
2210 - }
2211 -
2212 -@@ -1163,14 +1165,16 @@ static int gfs2_atomic_open(struct inode *dir, struct dentry *dentry,
2213 - d = __gfs2_lookup(dir, dentry, file, opened);
2214 - if (IS_ERR(d))
2215 - return PTR_ERR(d);
2216 -- if (d == NULL)
2217 -- d = dentry;
2218 -- if (d->d_inode) {
2219 -+ if (d != NULL)
2220 -+ dentry = d;
2221 -+ if (dentry->d_inode) {
2222 - if (!(*opened & FILE_OPENED))
2223 -- return finish_no_open(file, d);
2224 -+ return finish_no_open(file, dentry);
2225 -+ dput(d);
2226 - return 0;
2227 - }
2228 -
2229 -+ BUG_ON(d != NULL);
2230 - if (!(flags & O_CREAT))
2231 - return -ENOENT;
2232 -
2233 -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
2234 -index d53d678..3b11565 100644
2235 ---- a/fs/nfs/nfs4proc.c
2236 -+++ b/fs/nfs/nfs4proc.c
2237 -@@ -1318,21 +1318,14 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data)
2238 - int ret;
2239 -
2240 - if (!data->rpc_done) {
2241 -- ret = data->rpc_status;
2242 -- goto err;
2243 -+ if (data->rpc_status) {
2244 -+ ret = data->rpc_status;
2245 -+ goto err;
2246 -+ }
2247 -+ /* cached opens have already been processed */
2248 -+ goto update;
2249 - }
2250 -
2251 -- ret = -ESTALE;
2252 -- if (!(data->f_attr.valid & NFS_ATTR_FATTR_TYPE) ||
2253 -- !(data->f_attr.valid & NFS_ATTR_FATTR_FILEID) ||
2254 -- !(data->f_attr.valid & NFS_ATTR_FATTR_CHANGE))
2255 -- goto err;
2256 --
2257 -- ret = -ENOMEM;
2258 -- state = nfs4_get_open_state(inode, data->owner);
2259 -- if (state == NULL)
2260 -- goto err;
2261 --
2262 - ret = nfs_refresh_inode(inode, &data->f_attr);
2263 - if (ret)
2264 - goto err;
2265 -@@ -1341,8 +1334,10 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data)
2266 -
2267 - if (data->o_res.delegation_type != 0)
2268 - nfs4_opendata_check_deleg(data, state);
2269 -+update:
2270 - update_open_stateid(state, &data->o_res.stateid, NULL,
2271 - data->o_arg.fmode);
2272 -+ atomic_inc(&state->count);
2273 -
2274 - return state;
2275 - err:
2276 -@@ -4575,7 +4570,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
2277 - struct nfs4_label label = {0, 0, buflen, buf};
2278 -
2279 - u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL };
2280 -- struct nfs4_getattr_arg args = {
2281 -+ struct nfs4_getattr_arg arg = {
2282 - .fh = NFS_FH(inode),
2283 - .bitmask = bitmask,
2284 - };
2285 -@@ -4586,14 +4581,14 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
2286 - };
2287 - struct rpc_message msg = {
2288 - .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETATTR],
2289 -- .rpc_argp = &args,
2290 -+ .rpc_argp = &arg,
2291 - .rpc_resp = &res,
2292 - };
2293 - int ret;
2294 -
2295 - nfs_fattr_init(&fattr);
2296 -
2297 -- ret = rpc_call_sync(server->client, &msg, 0);
2298 -+ ret = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 0);
2299 - if (ret)
2300 - return ret;
2301 - if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL))
2302 -@@ -4630,7 +4625,7 @@ static int _nfs4_do_set_security_label(struct inode *inode,
2303 - struct iattr sattr = {0};
2304 - struct nfs_server *server = NFS_SERVER(inode);
2305 - const u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL };
2306 -- struct nfs_setattrargs args = {
2307 -+ struct nfs_setattrargs arg = {
2308 - .fh = NFS_FH(inode),
2309 - .iap = &sattr,
2310 - .server = server,
2311 -@@ -4644,14 +4639,14 @@ static int _nfs4_do_set_security_label(struct inode *inode,
2312 - };
2313 - struct rpc_message msg = {
2314 - .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_SETATTR],
2315 -- .rpc_argp = &args,
2316 -+ .rpc_argp = &arg,
2317 - .rpc_resp = &res,
2318 - };
2319 - int status;
2320 -
2321 -- nfs4_stateid_copy(&args.stateid, &zero_stateid);
2322 -+ nfs4_stateid_copy(&arg.stateid, &zero_stateid);
2323 -
2324 -- status = rpc_call_sync(server->client, &msg, 0);
2325 -+ status = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 1);
2326 - if (status)
2327 - dprintk("%s failed: %d\n", __func__, status);
2328 -
2329 -@@ -5106,6 +5101,7 @@ static int _nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock
2330 - status = 0;
2331 - }
2332 - request->fl_ops->fl_release_private(request);
2333 -+ request->fl_ops = NULL;
2334 - out:
2335 - return status;
2336 - }
2337 -diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
2338 -index cc14cbb..ebced8d 100644
2339 ---- a/fs/nfs/nfs4state.c
2340 -+++ b/fs/nfs/nfs4state.c
2341 -@@ -1422,7 +1422,7 @@ restart:
2342 - if (status >= 0) {
2343 - status = nfs4_reclaim_locks(state, ops);
2344 - if (status >= 0) {
2345 -- if (test_bit(NFS_DELEGATED_STATE, &state->flags) != 0) {
2346 -+ if (!test_bit(NFS_DELEGATED_STATE, &state->flags)) {
2347 - spin_lock(&state->state_lock);
2348 - list_for_each_entry(lock, &state->lock_states, ls_locks) {
2349 - if (!test_bit(NFS_LOCK_INITIALIZED, &lock->ls_flags))
2350 -@@ -1881,10 +1881,15 @@ again:
2351 - nfs4_root_machine_cred(clp);
2352 - goto again;
2353 - }
2354 -- if (i > 2)
2355 -+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX)
2356 - break;
2357 - case -NFS4ERR_CLID_INUSE:
2358 - case -NFS4ERR_WRONGSEC:
2359 -+ /* No point in retrying if we already used RPC_AUTH_UNIX */
2360 -+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) {
2361 -+ status = -EPERM;
2362 -+ break;
2363 -+ }
2364 - clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX);
2365 - if (IS_ERR(clnt)) {
2366 - status = PTR_ERR(clnt);
2367 -diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
2368 -index 5f38ea3..af51cf9 100644
2369 ---- a/fs/nfsd/export.c
2370 -+++ b/fs/nfsd/export.c
2371 -@@ -536,16 +536,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
2372 - if (err)
2373 - goto out3;
2374 - exp.ex_anon_uid= make_kuid(&init_user_ns, an_int);
2375 -- if (!uid_valid(exp.ex_anon_uid))
2376 -- goto out3;
2377 -
2378 - /* anon gid */
2379 - err = get_int(&mesg, &an_int);
2380 - if (err)
2381 - goto out3;
2382 - exp.ex_anon_gid= make_kgid(&init_user_ns, an_int);
2383 -- if (!gid_valid(exp.ex_anon_gid))
2384 -- goto out3;
2385 -
2386 - /* fsid */
2387 - err = get_int(&mesg, &an_int);
2388 -@@ -583,6 +579,17 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
2389 - exp.ex_uuid);
2390 - if (err)
2391 - goto out4;
2392 -+ /*
2393 -+ * For some reason exportfs has been passing down an
2394 -+ * invalid (-1) uid & gid on the "dummy" export which it
2395 -+ * uses to test export support. To make sure exportfs
2396 -+ * sees errors from check_export we therefore need to
2397 -+ * delay these checks till after check_export:
2398 -+ */
2399 -+ if (!uid_valid(exp.ex_anon_uid))
2400 -+ goto out4;
2401 -+ if (!gid_valid(exp.ex_anon_gid))
2402 -+ goto out4;
2403 - }
2404 -
2405 - expp = svc_export_lookup(&exp);
2406 -diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
2407 -index d9454fe..ecc735e 100644
2408 ---- a/fs/nfsd/nfs4xdr.c
2409 -+++ b/fs/nfsd/nfs4xdr.c
2410 -@@ -141,8 +141,8 @@ xdr_error: \
2411 -
2412 - static void next_decode_page(struct nfsd4_compoundargs *argp)
2413 - {
2414 -- argp->pagelist++;
2415 - argp->p = page_address(argp->pagelist[0]);
2416 -+ argp->pagelist++;
2417 - if (argp->pagelen < PAGE_SIZE) {
2418 - argp->end = argp->p + (argp->pagelen>>2);
2419 - argp->pagelen = 0;
2420 -@@ -411,6 +411,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
2421 - label->data = kzalloc(dummy32 + 1, GFP_KERNEL);
2422 - if (!label->data)
2423 - return nfserr_jukebox;
2424 -+ label->len = dummy32;
2425 - defer_free(argp, kfree, label->data);
2426 - memcpy(label->data, buf, dummy32);
2427 - }
2428 -@@ -1208,6 +1209,7 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
2429 - len -= pages * PAGE_SIZE;
2430 -
2431 - argp->p = (__be32 *)page_address(argp->pagelist[0]);
2432 -+ argp->pagelist++;
2433 - argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE);
2434 - }
2435 - argp->p += XDR_QUADLEN(len);
2436 -diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
2437 -index c827acb..72cb28e 100644
2438 ---- a/fs/nfsd/vfs.c
2439 -+++ b/fs/nfsd/vfs.c
2440 -@@ -298,41 +298,12 @@ commit_metadata(struct svc_fh *fhp)
2441 - }
2442 -
2443 - /*
2444 -- * Set various file attributes.
2445 -- * N.B. After this call fhp needs an fh_put
2446 -+ * Go over the attributes and take care of the small differences between
2447 -+ * NFS semantics and what Linux expects.
2448 - */
2449 --__be32
2450 --nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
2451 -- int check_guard, time_t guardtime)
2452 -+static void
2453 -+nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap)
2454 - {
2455 -- struct dentry *dentry;
2456 -- struct inode *inode;
2457 -- int accmode = NFSD_MAY_SATTR;
2458 -- umode_t ftype = 0;
2459 -- __be32 err;
2460 -- int host_err;
2461 -- int size_change = 0;
2462 --
2463 -- if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE))
2464 -- accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
2465 -- if (iap->ia_valid & ATTR_SIZE)
2466 -- ftype = S_IFREG;
2467 --
2468 -- /* Get inode */
2469 -- err = fh_verify(rqstp, fhp, ftype, accmode);
2470 -- if (err)
2471 -- goto out;
2472 --
2473 -- dentry = fhp->fh_dentry;
2474 -- inode = dentry->d_inode;
2475 --
2476 -- /* Ignore any mode updates on symlinks */
2477 -- if (S_ISLNK(inode->i_mode))
2478 -- iap->ia_valid &= ~ATTR_MODE;
2479 --
2480 -- if (!iap->ia_valid)
2481 -- goto out;
2482 --
2483 - /*
2484 - * NFSv2 does not differentiate between "set-[ac]time-to-now"
2485 - * which only requires access, and "set-[ac]time-to-X" which
2486 -@@ -342,8 +313,7 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
2487 - * convert to "set to now" instead of "set to explicit time"
2488 - *
2489 - * We only call inode_change_ok as the last test as technically
2490 -- * it is not an interface that we should be using. It is only
2491 -- * valid if the filesystem does not define it's own i_op->setattr.
2492 -+ * it is not an interface that we should be using.
2493 - */
2494 - #define BOTH_TIME_SET (ATTR_ATIME_SET | ATTR_MTIME_SET)
2495 - #define MAX_TOUCH_TIME_ERROR (30*60)
2496 -@@ -369,30 +339,6 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
2497 - iap->ia_valid &= ~BOTH_TIME_SET;
2498 - }
2499 - }
2500 --
2501 -- /*
2502 -- * The size case is special.
2503 -- * It changes the file as well as the attributes.
2504 -- */
2505 -- if (iap->ia_valid & ATTR_SIZE) {
2506 -- if (iap->ia_size < inode->i_size) {
2507 -- err = nfsd_permission(rqstp, fhp->fh_export, dentry,
2508 -- NFSD_MAY_TRUNC|NFSD_MAY_OWNER_OVERRIDE);
2509 -- if (err)
2510 -- goto out;
2511 -- }
2512 --
2513 -- host_err = get_write_access(inode);
2514 -- if (host_err)
2515 -- goto out_nfserr;
2516 --
2517 -- size_change = 1;
2518 -- host_err = locks_verify_truncate(inode, NULL, iap->ia_size);
2519 -- if (host_err) {
2520 -- put_write_access(inode);
2521 -- goto out_nfserr;
2522 -- }
2523 -- }
2524 -
2525 - /* sanitize the mode change */
2526 - if (iap->ia_valid & ATTR_MODE) {
2527 -@@ -415,32 +361,111 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
2528 - iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID);
2529 - }
2530 - }
2531 -+}
2532 -
2533 -- /* Change the attributes. */
2534 -+static __be32
2535 -+nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp,
2536 -+ struct iattr *iap)
2537 -+{
2538 -+ struct inode *inode = fhp->fh_dentry->d_inode;
2539 -+ int host_err;
2540 -
2541 -- iap->ia_valid |= ATTR_CTIME;
2542 -+ if (iap->ia_size < inode->i_size) {
2543 -+ __be32 err;
2544 -
2545 -- err = nfserr_notsync;
2546 -- if (!check_guard || guardtime == inode->i_ctime.tv_sec) {
2547 -- host_err = nfsd_break_lease(inode);
2548 -- if (host_err)
2549 -- goto out_nfserr;
2550 -- fh_lock(fhp);
2551 -+ err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
2552 -+ NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE);
2553 -+ if (err)
2554 -+ return err;
2555 -+ }
2556 -
2557 -- host_err = notify_change(dentry, iap);
2558 -- err = nfserrno(host_err);
2559 -- fh_unlock(fhp);
2560 -+ host_err = get_write_access(inode);
2561 -+ if (host_err)
2562 -+ goto out_nfserrno;
2563 -+
2564 -+ host_err = locks_verify_truncate(inode, NULL, iap->ia_size);
2565 -+ if (host_err)
2566 -+ goto out_put_write_access;
2567 -+ return 0;
2568 -+
2569 -+out_put_write_access:
2570 -+ put_write_access(inode);
2571 -+out_nfserrno:
2572 -+ return nfserrno(host_err);
2573 -+}
2574 -+
2575 -+/*
2576 -+ * Set various file attributes. After this call fhp needs an fh_put.
2577 -+ */
2578 -+__be32
2579 -+nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
2580 -+ int check_guard, time_t guardtime)
2581 -+{
2582 -+ struct dentry *dentry;
2583 -+ struct inode *inode;
2584 -+ int accmode = NFSD_MAY_SATTR;
2585 -+ umode_t ftype = 0;
2586 -+ __be32 err;
2587 -+ int host_err;
2588 -+ int size_change = 0;
2589 -+
2590 -+ if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE))
2591 -+ accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
2592 -+ if (iap->ia_valid & ATTR_SIZE)
2593 -+ ftype = S_IFREG;
2594 -+
2595 -+ /* Get inode */
2596 -+ err = fh_verify(rqstp, fhp, ftype, accmode);
2597 -+ if (err)
2598 -+ goto out;
2599 -+
2600 -+ dentry = fhp->fh_dentry;
2601 -+ inode = dentry->d_inode;
2602 -+
2603 -+ /* Ignore any mode updates on symlinks */
2604 -+ if (S_ISLNK(inode->i_mode))
2605 -+ iap->ia_valid &= ~ATTR_MODE;
2606 -+
2607 -+ if (!iap->ia_valid)
2608 -+ goto out;
2609 -+
2610 -+ nfsd_sanitize_attrs(inode, iap);
2611 -+
2612 -+ /*
2613 -+ * The size case is special, it changes the file in addition to the
2614 -+ * attributes.
2615 -+ */
2616 -+ if (iap->ia_valid & ATTR_SIZE) {
2617 -+ err = nfsd_get_write_access(rqstp, fhp, iap);
2618 -+ if (err)
2619 -+ goto out;
2620 -+ size_change = 1;
2621 - }
2622 -+
2623 -+ iap->ia_valid |= ATTR_CTIME;
2624 -+
2625 -+ if (check_guard && guardtime != inode->i_ctime.tv_sec) {
2626 -+ err = nfserr_notsync;
2627 -+ goto out_put_write_access;
2628 -+ }
2629 -+
2630 -+ host_err = nfsd_break_lease(inode);
2631 -+ if (host_err)
2632 -+ goto out_put_write_access_nfserror;
2633 -+
2634 -+ fh_lock(fhp);
2635 -+ host_err = notify_change(dentry, iap);
2636 -+ fh_unlock(fhp);
2637 -+
2638 -+out_put_write_access_nfserror:
2639 -+ err = nfserrno(host_err);
2640 -+out_put_write_access:
2641 - if (size_change)
2642 - put_write_access(inode);
2643 - if (!err)
2644 - commit_metadata(fhp);
2645 - out:
2646 - return err;
2647 --
2648 --out_nfserr:
2649 -- err = nfserrno(host_err);
2650 -- goto out;
2651 - }
2652 -
2653 - #if defined(CONFIG_NFSD_V2_ACL) || \
2654 -diff --git a/fs/xfs/xfs_sb.c b/fs/xfs/xfs_sb.c
2655 -index a5b59d9..0397081 100644
2656 ---- a/fs/xfs/xfs_sb.c
2657 -+++ b/fs/xfs/xfs_sb.c
2658 -@@ -596,6 +596,11 @@ xfs_sb_verify(
2659 - * single bit error could clear the feature bit and unused parts of the
2660 - * superblock are supposed to be zero. Hence a non-null crc field indicates that
2661 - * we've potentially lost a feature bit and we should check it anyway.
2662 -+ *
2663 -+ * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the
2664 -+ * last field in V4 secondary superblocks. So for secondary superblocks,
2665 -+ * we are more forgiving, and ignore CRC failures if the primary doesn't
2666 -+ * indicate that the fs version is V5.
2667 - */
2668 - static void
2669 - xfs_sb_read_verify(
2670 -@@ -616,8 +621,12 @@ xfs_sb_read_verify(
2671 -
2672 - if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize),
2673 - offsetof(struct xfs_sb, sb_crc))) {
2674 -- error = EFSCORRUPTED;
2675 -- goto out_error;
2676 -+ /* Only fail bad secondaries on a known V5 filesystem */
2677 -+ if (bp->b_bn != XFS_SB_DADDR &&
2678 -+ xfs_sb_version_hascrc(&mp->m_sb)) {
2679 -+ error = EFSCORRUPTED;
2680 -+ goto out_error;
2681 -+ }
2682 - }
2683 - }
2684 - error = xfs_sb_verify(bp, true);
2685 -diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
2686 -index e8112ae..7554fd4 100644
2687 ---- a/include/linux/binfmts.h
2688 -+++ b/include/linux/binfmts.h
2689 -@@ -99,9 +99,6 @@ extern void setup_new_exec(struct linux_binprm * bprm);
2690 - extern void would_dump(struct linux_binprm *, struct file *);
2691 -
2692 - extern int suid_dumpable;
2693 --#define SUID_DUMP_DISABLE 0 /* No setuid dumping */
2694 --#define SUID_DUMP_USER 1 /* Dump as user of process */
2695 --#define SUID_DUMP_ROOT 2 /* Dump as root */
2696 -
2697 - /* Stack area protections */
2698 - #define EXSTACK_DEFAULT 0 /* Whatever the arch defaults to */
2699 -diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h
2700 -index e36dee5..3859ddb 100644
2701 ---- a/include/linux/nfs4.h
2702 -+++ b/include/linux/nfs4.h
2703 -@@ -395,7 +395,7 @@ enum lock_type4 {
2704 - #define FATTR4_WORD1_FS_LAYOUT_TYPES (1UL << 30)
2705 - #define FATTR4_WORD2_LAYOUT_BLKSIZE (1UL << 1)
2706 - #define FATTR4_WORD2_MDSTHRESHOLD (1UL << 4)
2707 --#define FATTR4_WORD2_SECURITY_LABEL (1UL << 17)
2708 -+#define FATTR4_WORD2_SECURITY_LABEL (1UL << 16)
2709 -
2710 - /* MDS threshold bitmap bits */
2711 - #define THRESHOLD_RD (1UL << 0)
2712 -diff --git a/include/linux/sched.h b/include/linux/sched.h
2713 -index e27baee..b1e963e 100644
2714 ---- a/include/linux/sched.h
2715 -+++ b/include/linux/sched.h
2716 -@@ -322,6 +322,10 @@ static inline void arch_pick_mmap_layout(struct mm_struct *mm) {}
2717 - extern void set_dumpable(struct mm_struct *mm, int value);
2718 - extern int get_dumpable(struct mm_struct *mm);
2719 -
2720 -+#define SUID_DUMP_DISABLE 0 /* No setuid dumping */
2721 -+#define SUID_DUMP_USER 1 /* Dump as user of process */
2722 -+#define SUID_DUMP_ROOT 2 /* Dump as root */
2723 -+
2724 - /* mm flags */
2725 - /* dumpable bits */
2726 - #define MMF_DUMPABLE 0 /* core dump is permitted */
2727 -@@ -2474,34 +2478,98 @@ static inline int tsk_is_polling(struct task_struct *p)
2728 - {
2729 - return task_thread_info(p)->status & TS_POLLING;
2730 - }
2731 --static inline void current_set_polling(void)
2732 -+static inline void __current_set_polling(void)
2733 - {
2734 - current_thread_info()->status |= TS_POLLING;
2735 - }
2736 -
2737 --static inline void current_clr_polling(void)
2738 -+static inline bool __must_check current_set_polling_and_test(void)
2739 -+{
2740 -+ __current_set_polling();
2741 -+
2742 -+ /*
2743 -+ * Polling state must be visible before we test NEED_RESCHED,
2744 -+ * paired by resched_task()
2745 -+ */
2746 -+ smp_mb();
2747 -+
2748 -+ return unlikely(tif_need_resched());
2749 -+}
2750 -+
2751 -+static inline void __current_clr_polling(void)
2752 - {
2753 - current_thread_info()->status &= ~TS_POLLING;
2754 -- smp_mb__after_clear_bit();
2755 -+}
2756 -+
2757 -+static inline bool __must_check current_clr_polling_and_test(void)
2758 -+{
2759 -+ __current_clr_polling();
2760 -+
2761 -+ /*
2762 -+ * Polling state must be visible before we test NEED_RESCHED,
2763 -+ * paired by resched_task()
2764 -+ */
2765 -+ smp_mb();
2766 -+
2767 -+ return unlikely(tif_need_resched());
2768 - }
2769 - #elif defined(TIF_POLLING_NRFLAG)
2770 - static inline int tsk_is_polling(struct task_struct *p)
2771 - {
2772 - return test_tsk_thread_flag(p, TIF_POLLING_NRFLAG);
2773 - }
2774 --static inline void current_set_polling(void)
2775 -+
2776 -+static inline void __current_set_polling(void)
2777 - {
2778 - set_thread_flag(TIF_POLLING_NRFLAG);
2779 - }
2780 -
2781 --static inline void current_clr_polling(void)
2782 -+static inline bool __must_check current_set_polling_and_test(void)
2783 -+{
2784 -+ __current_set_polling();
2785 -+
2786 -+ /*
2787 -+ * Polling state must be visible before we test NEED_RESCHED,
2788 -+ * paired by resched_task()
2789 -+ *
2790 -+ * XXX: assumes set/clear bit are identical barrier wise.
2791 -+ */
2792 -+ smp_mb__after_clear_bit();
2793 -+
2794 -+ return unlikely(tif_need_resched());
2795 -+}
2796 -+
2797 -+static inline void __current_clr_polling(void)
2798 - {
2799 - clear_thread_flag(TIF_POLLING_NRFLAG);
2800 - }
2801 -+
2802 -+static inline bool __must_check current_clr_polling_and_test(void)
2803 -+{
2804 -+ __current_clr_polling();
2805 -+
2806 -+ /*
2807 -+ * Polling state must be visible before we test NEED_RESCHED,
2808 -+ * paired by resched_task()
2809 -+ */
2810 -+ smp_mb__after_clear_bit();
2811 -+
2812 -+ return unlikely(tif_need_resched());
2813 -+}
2814 -+
2815 - #else
2816 - static inline int tsk_is_polling(struct task_struct *p) { return 0; }
2817 --static inline void current_set_polling(void) { }
2818 --static inline void current_clr_polling(void) { }
2819 -+static inline void __current_set_polling(void) { }
2820 -+static inline void __current_clr_polling(void) { }
2821 -+
2822 -+static inline bool __must_check current_set_polling_and_test(void)
2823 -+{
2824 -+ return unlikely(tif_need_resched());
2825 -+}
2826 -+static inline bool __must_check current_clr_polling_and_test(void)
2827 -+{
2828 -+ return unlikely(tif_need_resched());
2829 -+}
2830 - #endif
2831 -
2832 - /*
2833 -diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
2834 -index e7e0473..4ae6f32 100644
2835 ---- a/include/linux/thread_info.h
2836 -+++ b/include/linux/thread_info.h
2837 -@@ -107,6 +107,8 @@ static inline int test_ti_thread_flag(struct thread_info *ti, int flag)
2838 - #define set_need_resched() set_thread_flag(TIF_NEED_RESCHED)
2839 - #define clear_need_resched() clear_thread_flag(TIF_NEED_RESCHED)
2840 -
2841 -+#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED)
2842 -+
2843 - #if defined TIF_RESTORE_SIGMASK && !defined HAVE_SET_RESTORE_SIGMASK
2844 - /*
2845 - * An arch can define its own version of set_restore_sigmask() to get the
2846 -diff --git a/include/linux/usb.h b/include/linux/usb.h
2847 -index 001629c..39cfa0a 100644
2848 ---- a/include/linux/usb.h
2849 -+++ b/include/linux/usb.h
2850 -@@ -475,7 +475,8 @@ struct usb3_lpm_parameters {
2851 - * @lpm_capable: device supports LPM
2852 - * @usb2_hw_lpm_capable: device can perform USB2 hardware LPM
2853 - * @usb2_hw_lpm_besl_capable: device can perform USB2 hardware BESL LPM
2854 -- * @usb2_hw_lpm_enabled: USB2 hardware LPM enabled
2855 -+ * @usb2_hw_lpm_enabled: USB2 hardware LPM is enabled
2856 -+ * @usb2_hw_lpm_allowed: Userspace allows USB 2.0 LPM to be enabled
2857 - * @usb3_lpm_enabled: USB3 hardware LPM enabled
2858 - * @string_langid: language ID for strings
2859 - * @product: iProduct string, if present (static)
2860 -@@ -548,6 +549,7 @@ struct usb_device {
2861 - unsigned usb2_hw_lpm_capable:1;
2862 - unsigned usb2_hw_lpm_besl_capable:1;
2863 - unsigned usb2_hw_lpm_enabled:1;
2864 -+ unsigned usb2_hw_lpm_allowed:1;
2865 - unsigned usb3_lpm_enabled:1;
2866 - int string_langid;
2867 -
2868 -diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h
2869 -index 9031a26..ae6c3b8 100644
2870 ---- a/include/sound/compress_driver.h
2871 -+++ b/include/sound/compress_driver.h
2872 -@@ -171,4 +171,13 @@ static inline void snd_compr_fragment_elapsed(struct snd_compr_stream *stream)
2873 - wake_up(&stream->runtime->sleep);
2874 - }
2875 -
2876 -+static inline void snd_compr_drain_notify(struct snd_compr_stream *stream)
2877 -+{
2878 -+ if (snd_BUG_ON(!stream))
2879 -+ return;
2880 -+
2881 -+ stream->runtime->state = SNDRV_PCM_STATE_SETUP;
2882 -+ wake_up(&stream->runtime->sleep);
2883 -+}
2884 -+
2885 - #endif
2886 -diff --git a/ipc/shm.c b/ipc/shm.c
2887 -index d697396..7a51443 100644
2888 ---- a/ipc/shm.c
2889 -+++ b/ipc/shm.c
2890 -@@ -208,15 +208,18 @@ static void shm_open(struct vm_area_struct *vma)
2891 - */
2892 - static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
2893 - {
2894 -+ struct file *shm_file;
2895 -+
2896 -+ shm_file = shp->shm_file;
2897 -+ shp->shm_file = NULL;
2898 - ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
2899 - shm_rmid(ns, shp);
2900 - shm_unlock(shp);
2901 -- if (!is_file_hugepages(shp->shm_file))
2902 -- shmem_lock(shp->shm_file, 0, shp->mlock_user);
2903 -+ if (!is_file_hugepages(shm_file))
2904 -+ shmem_lock(shm_file, 0, shp->mlock_user);
2905 - else if (shp->mlock_user)
2906 -- user_shm_unlock(file_inode(shp->shm_file)->i_size,
2907 -- shp->mlock_user);
2908 -- fput (shp->shm_file);
2909 -+ user_shm_unlock(file_inode(shm_file)->i_size, shp->mlock_user);
2910 -+ fput(shm_file);
2911 - ipc_rcu_putref(shp, shm_rcu_free);
2912 - }
2913 -
2914 -@@ -974,15 +977,25 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
2915 - ipc_lock_object(&shp->shm_perm);
2916 - if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
2917 - kuid_t euid = current_euid();
2918 -- err = -EPERM;
2919 - if (!uid_eq(euid, shp->shm_perm.uid) &&
2920 -- !uid_eq(euid, shp->shm_perm.cuid))
2921 -+ !uid_eq(euid, shp->shm_perm.cuid)) {
2922 -+ err = -EPERM;
2923 - goto out_unlock0;
2924 -- if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK))
2925 -+ }
2926 -+ if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) {
2927 -+ err = -EPERM;
2928 - goto out_unlock0;
2929 -+ }
2930 - }
2931 -
2932 - shm_file = shp->shm_file;
2933 -+
2934 -+ /* check if shm_destroy() is tearing down shp */
2935 -+ if (shm_file == NULL) {
2936 -+ err = -EIDRM;
2937 -+ goto out_unlock0;
2938 -+ }
2939 -+
2940 - if (is_file_hugepages(shm_file))
2941 - goto out_unlock0;
2942 -
2943 -@@ -1101,6 +1114,14 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
2944 - goto out_unlock;
2945 -
2946 - ipc_lock_object(&shp->shm_perm);
2947 -+
2948 -+ /* check if shm_destroy() is tearing down shp */
2949 -+ if (shp->shm_file == NULL) {
2950 -+ ipc_unlock_object(&shp->shm_perm);
2951 -+ err = -EIDRM;
2952 -+ goto out_unlock;
2953 -+ }
2954 -+
2955 - path = shp->shm_file->f_path;
2956 - path_get(&path);
2957 - shp->shm_nattch++;
2958 -diff --git a/kernel/cpu/idle.c b/kernel/cpu/idle.c
2959 -index e695c0a..c261409 100644
2960 ---- a/kernel/cpu/idle.c
2961 -+++ b/kernel/cpu/idle.c
2962 -@@ -44,7 +44,7 @@ static inline int cpu_idle_poll(void)
2963 - rcu_idle_enter();
2964 - trace_cpu_idle_rcuidle(0, smp_processor_id());
2965 - local_irq_enable();
2966 -- while (!need_resched())
2967 -+ while (!tif_need_resched())
2968 - cpu_relax();
2969 - trace_cpu_idle_rcuidle(PWR_EVENT_EXIT, smp_processor_id());
2970 - rcu_idle_exit();
2971 -@@ -92,8 +92,7 @@ static void cpu_idle_loop(void)
2972 - if (cpu_idle_force_poll || tick_check_broadcast_expired()) {
2973 - cpu_idle_poll();
2974 - } else {
2975 -- current_clr_polling();
2976 -- if (!need_resched()) {
2977 -+ if (!current_clr_polling_and_test()) {
2978 - stop_critical_timings();
2979 - rcu_idle_enter();
2980 - arch_cpu_idle();
2981 -@@ -103,7 +102,7 @@ static void cpu_idle_loop(void)
2982 - } else {
2983 - local_irq_enable();
2984 - }
2985 -- current_set_polling();
2986 -+ __current_set_polling();
2987 - }
2988 - arch_cpu_idle_exit();
2989 - }
2990 -@@ -129,7 +128,7 @@ void cpu_startup_entry(enum cpuhp_state state)
2991 - */
2992 - boot_init_stack_canary();
2993 - #endif
2994 -- current_set_polling();
2995 -+ __current_set_polling();
2996 - arch_cpu_idle_prepare();
2997 - cpu_idle_loop();
2998 - }
2999 -diff --git a/kernel/ptrace.c b/kernel/ptrace.c
3000 -index dd562e9..1f4bcb3 100644
3001 ---- a/kernel/ptrace.c
3002 -+++ b/kernel/ptrace.c
3003 -@@ -257,7 +257,8 @@ ok:
3004 - if (task->mm)
3005 - dumpable = get_dumpable(task->mm);
3006 - rcu_read_lock();
3007 -- if (!dumpable && !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
3008 -+ if (dumpable != SUID_DUMP_USER &&
3009 -+ !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
3010 - rcu_read_unlock();
3011 - return -EPERM;
3012 - }
3013 -diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
3014 -index 80c36bc..78e27e3 100644
3015 ---- a/kernel/trace/trace_event_perf.c
3016 -+++ b/kernel/trace/trace_event_perf.c
3017 -@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
3018 - {
3019 - /* The ftrace function trace is allowed only for root. */
3020 - if (ftrace_event_is_function(tp_event) &&
3021 -- perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
3022 -+ perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
3023 - return -EPERM;
3024 -
3025 - /* No tracing, just counting, so no obvious leak */
3026 -diff --git a/mm/slub.c b/mm/slub.c
3027 -index c3eb3d3..96f2169 100644
3028 ---- a/mm/slub.c
3029 -+++ b/mm/slub.c
3030 -@@ -1217,8 +1217,8 @@ static unsigned long kmem_cache_flags(unsigned long object_size,
3031 - /*
3032 - * Enable debugging if selected on the kernel commandline.
3033 - */
3034 -- if (slub_debug && (!slub_debug_slabs ||
3035 -- !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs))))
3036 -+ if (slub_debug && (!slub_debug_slabs || (name &&
3037 -+ !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs)))))
3038 - flags |= slub_debug;
3039 -
3040 - return flags;
3041 -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
3042 -index 0846566..cc24323 100644
3043 ---- a/net/sunrpc/auth_gss/auth_gss.c
3044 -+++ b/net/sunrpc/auth_gss/auth_gss.c
3045 -@@ -482,6 +482,7 @@ gss_alloc_msg(struct gss_auth *gss_auth,
3046 - switch (vers) {
3047 - case 0:
3048 - gss_encode_v0_msg(gss_msg);
3049 -+ break;
3050 - default:
3051 - gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
3052 - };
3053 -diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
3054 -index 7747960..941d19f 100644
3055 ---- a/net/sunrpc/clnt.c
3056 -+++ b/net/sunrpc/clnt.c
3057 -@@ -656,14 +656,16 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client);
3058 - /*
3059 - * Free an RPC client
3060 - */
3061 --static void
3062 -+static struct rpc_clnt *
3063 - rpc_free_client(struct rpc_clnt *clnt)
3064 - {
3065 -+ struct rpc_clnt *parent = NULL;
3066 -+
3067 - dprintk_rcu("RPC: destroying %s client for %s\n",
3068 - clnt->cl_program->name,
3069 - rcu_dereference(clnt->cl_xprt)->servername);
3070 - if (clnt->cl_parent != clnt)
3071 -- rpc_release_client(clnt->cl_parent);
3072 -+ parent = clnt->cl_parent;
3073 - rpc_clnt_remove_pipedir(clnt);
3074 - rpc_unregister_client(clnt);
3075 - rpc_free_iostats(clnt->cl_metrics);
3076 -@@ -672,18 +674,17 @@ rpc_free_client(struct rpc_clnt *clnt)
3077 - rpciod_down();
3078 - rpc_free_clid(clnt);
3079 - kfree(clnt);
3080 -+ return parent;
3081 - }
3082 -
3083 - /*
3084 - * Free an RPC client
3085 - */
3086 --static void
3087 -+static struct rpc_clnt *
3088 - rpc_free_auth(struct rpc_clnt *clnt)
3089 - {
3090 -- if (clnt->cl_auth == NULL) {
3091 -- rpc_free_client(clnt);
3092 -- return;
3093 -- }
3094 -+ if (clnt->cl_auth == NULL)
3095 -+ return rpc_free_client(clnt);
3096 -
3097 - /*
3098 - * Note: RPCSEC_GSS may need to send NULL RPC calls in order to
3099 -@@ -694,7 +695,8 @@ rpc_free_auth(struct rpc_clnt *clnt)
3100 - rpcauth_release(clnt->cl_auth);
3101 - clnt->cl_auth = NULL;
3102 - if (atomic_dec_and_test(&clnt->cl_count))
3103 -- rpc_free_client(clnt);
3104 -+ return rpc_free_client(clnt);
3105 -+ return NULL;
3106 - }
3107 -
3108 - /*
3109 -@@ -705,10 +707,13 @@ rpc_release_client(struct rpc_clnt *clnt)
3110 - {
3111 - dprintk("RPC: rpc_release_client(%p)\n", clnt);
3112 -
3113 -- if (list_empty(&clnt->cl_tasks))
3114 -- wake_up(&destroy_wait);
3115 -- if (atomic_dec_and_test(&clnt->cl_count))
3116 -- rpc_free_auth(clnt);
3117 -+ do {
3118 -+ if (list_empty(&clnt->cl_tasks))
3119 -+ wake_up(&destroy_wait);
3120 -+ if (!atomic_dec_and_test(&clnt->cl_count))
3121 -+ break;
3122 -+ clnt = rpc_free_auth(clnt);
3123 -+ } while (clnt != NULL);
3124 - }
3125 - EXPORT_SYMBOL_GPL(rpc_release_client);
3126 -
3127 -diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
3128 -index ee03d35..b752e1d 100644
3129 ---- a/net/sunrpc/xprtsock.c
3130 -+++ b/net/sunrpc/xprtsock.c
3131 -@@ -393,8 +393,10 @@ static int xs_send_kvec(struct socket *sock, struct sockaddr *addr, int addrlen,
3132 - return kernel_sendmsg(sock, &msg, NULL, 0, 0);
3133 - }
3134 -
3135 --static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more)
3136 -+static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more, bool zerocopy)
3137 - {
3138 -+ ssize_t (*do_sendpage)(struct socket *sock, struct page *page,
3139 -+ int offset, size_t size, int flags);
3140 - struct page **ppage;
3141 - unsigned int remainder;
3142 - int err, sent = 0;
3143 -@@ -403,6 +405,9 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
3144 - base += xdr->page_base;
3145 - ppage = xdr->pages + (base >> PAGE_SHIFT);
3146 - base &= ~PAGE_MASK;
3147 -+ do_sendpage = sock->ops->sendpage;
3148 -+ if (!zerocopy)
3149 -+ do_sendpage = sock_no_sendpage;
3150 - for(;;) {
3151 - unsigned int len = min_t(unsigned int, PAGE_SIZE - base, remainder);
3152 - int flags = XS_SENDMSG_FLAGS;
3153 -@@ -410,7 +415,7 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
3154 - remainder -= len;
3155 - if (remainder != 0 || more)
3156 - flags |= MSG_MORE;
3157 -- err = sock->ops->sendpage(sock, *ppage, base, len, flags);
3158 -+ err = do_sendpage(sock, *ppage, base, len, flags);
3159 - if (remainder == 0 || err != len)
3160 - break;
3161 - sent += err;
3162 -@@ -431,9 +436,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
3163 - * @addrlen: UDP only -- length of destination address
3164 - * @xdr: buffer containing this request
3165 - * @base: starting position in the buffer
3166 -+ * @zerocopy: true if it is safe to use sendpage()
3167 - *
3168 - */
3169 --static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base)
3170 -+static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base, bool zerocopy)
3171 - {
3172 - unsigned int remainder = xdr->len - base;
3173 - int err, sent = 0;
3174 -@@ -461,7 +467,7 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
3175 - if (base < xdr->page_len) {
3176 - unsigned int len = xdr->page_len - base;
3177 - remainder -= len;
3178 -- err = xs_send_pagedata(sock, xdr, base, remainder != 0);
3179 -+ err = xs_send_pagedata(sock, xdr, base, remainder != 0, zerocopy);
3180 - if (remainder == 0 || err != len)
3181 - goto out;
3182 - sent += err;
3183 -@@ -564,7 +570,7 @@ static int xs_local_send_request(struct rpc_task *task)
3184 - req->rq_svec->iov_base, req->rq_svec->iov_len);
3185 -
3186 - status = xs_sendpages(transport->sock, NULL, 0,
3187 -- xdr, req->rq_bytes_sent);
3188 -+ xdr, req->rq_bytes_sent, true);
3189 - dprintk("RPC: %s(%u) = %d\n",
3190 - __func__, xdr->len - req->rq_bytes_sent, status);
3191 - if (likely(status >= 0)) {
3192 -@@ -620,7 +626,7 @@ static int xs_udp_send_request(struct rpc_task *task)
3193 - status = xs_sendpages(transport->sock,
3194 - xs_addr(xprt),
3195 - xprt->addrlen, xdr,
3196 -- req->rq_bytes_sent);
3197 -+ req->rq_bytes_sent, true);
3198 -
3199 - dprintk("RPC: xs_udp_send_request(%u) = %d\n",
3200 - xdr->len - req->rq_bytes_sent, status);
3201 -@@ -693,6 +699,7 @@ static int xs_tcp_send_request(struct rpc_task *task)
3202 - struct rpc_xprt *xprt = req->rq_xprt;
3203 - struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
3204 - struct xdr_buf *xdr = &req->rq_snd_buf;
3205 -+ bool zerocopy = true;
3206 - int status;
3207 -
3208 - xs_encode_stream_record_marker(&req->rq_snd_buf);
3209 -@@ -700,13 +707,20 @@ static int xs_tcp_send_request(struct rpc_task *task)
3210 - xs_pktdump("packet data:",
3211 - req->rq_svec->iov_base,
3212 - req->rq_svec->iov_len);
3213 -+ /* Don't use zero copy if this is a resend. If the RPC call
3214 -+ * completes while the socket holds a reference to the pages,
3215 -+ * then we may end up resending corrupted data.
3216 -+ */
3217 -+ if (task->tk_flags & RPC_TASK_SENT)
3218 -+ zerocopy = false;
3219 -
3220 - /* Continue transmitting the packet/record. We must be careful
3221 - * to cope with writespace callbacks arriving _after_ we have
3222 - * called sendmsg(). */
3223 - while (1) {
3224 - status = xs_sendpages(transport->sock,
3225 -- NULL, 0, xdr, req->rq_bytes_sent);
3226 -+ NULL, 0, xdr, req->rq_bytes_sent,
3227 -+ zerocopy);
3228 -
3229 - dprintk("RPC: xs_tcp_send_request(%u) = %d\n",
3230 - xdr->len - req->rq_bytes_sent, status);
3231 -diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
3232 -index 399433a..a9c3d3c 100644
3233 ---- a/security/integrity/ima/ima_policy.c
3234 -+++ b/security/integrity/ima/ima_policy.c
3235 -@@ -73,7 +73,6 @@ static struct ima_rule_entry default_rules[] = {
3236 - {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
3237 - {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
3238 - {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
3239 -- {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
3240 - {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC},
3241 - {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
3242 - {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
3243 -diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
3244 -index bea523a..d9af638 100644
3245 ---- a/sound/core/compress_offload.c
3246 -+++ b/sound/core/compress_offload.c
3247 -@@ -680,14 +680,48 @@ static int snd_compr_stop(struct snd_compr_stream *stream)
3248 - return -EPERM;
3249 - retval = stream->ops->trigger(stream, SNDRV_PCM_TRIGGER_STOP);
3250 - if (!retval) {
3251 -- stream->runtime->state = SNDRV_PCM_STATE_SETUP;
3252 -- wake_up(&stream->runtime->sleep);
3253 -+ snd_compr_drain_notify(stream);
3254 - stream->runtime->total_bytes_available = 0;
3255 - stream->runtime->total_bytes_transferred = 0;
3256 - }
3257 - return retval;
3258 - }
3259 -
3260 -+static int snd_compress_wait_for_drain(struct snd_compr_stream *stream)
3261 -+{
3262 -+ int ret;
3263 -+
3264 -+ /*
3265 -+ * We are called with lock held. So drop the lock while we wait for
3266 -+ * drain complete notfication from the driver
3267 -+ *
3268 -+ * It is expected that driver will notify the drain completion and then
3269 -+ * stream will be moved to SETUP state, even if draining resulted in an
3270 -+ * error. We can trigger next track after this.
3271 -+ */
3272 -+ stream->runtime->state = SNDRV_PCM_STATE_DRAINING;
3273 -+ mutex_unlock(&stream->device->lock);
3274 -+
3275 -+ /* we wait for drain to complete here, drain can return when
3276 -+ * interruption occurred, wait returned error or success.
3277 -+ * For the first two cases we don't do anything different here and
3278 -+ * return after waking up
3279 -+ */
3280 -+
3281 -+ ret = wait_event_interruptible(stream->runtime->sleep,
3282 -+ (stream->runtime->state != SNDRV_PCM_STATE_DRAINING));
3283 -+ if (ret == -ERESTARTSYS)
3284 -+ pr_debug("wait aborted by a signal");
3285 -+ else if (ret)
3286 -+ pr_debug("wait for drain failed with %d\n", ret);
3287 -+
3288 -+
3289 -+ wake_up(&stream->runtime->sleep);
3290 -+ mutex_lock(&stream->device->lock);
3291 -+
3292 -+ return ret;
3293 -+}
3294 -+
3295 - static int snd_compr_drain(struct snd_compr_stream *stream)
3296 - {
3297 - int retval;
3298 -@@ -695,12 +729,15 @@ static int snd_compr_drain(struct snd_compr_stream *stream)
3299 - if (stream->runtime->state == SNDRV_PCM_STATE_PREPARED ||
3300 - stream->runtime->state == SNDRV_PCM_STATE_SETUP)
3301 - return -EPERM;
3302 -+
3303 - retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_DRAIN);
3304 -- if (!retval) {
3305 -- stream->runtime->state = SNDRV_PCM_STATE_DRAINING;
3306 -+ if (retval) {
3307 -+ pr_debug("SND_COMPR_TRIGGER_DRAIN failed %d\n", retval);
3308 - wake_up(&stream->runtime->sleep);
3309 -+ return retval;
3310 - }
3311 -- return retval;
3312 -+
3313 -+ return snd_compress_wait_for_drain(stream);
3314 - }
3315 -
3316 - static int snd_compr_next_track(struct snd_compr_stream *stream)
3317 -@@ -736,9 +773,14 @@ static int snd_compr_partial_drain(struct snd_compr_stream *stream)
3318 - return -EPERM;
3319 -
3320 - retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_PARTIAL_DRAIN);
3321 -+ if (retval) {
3322 -+ pr_debug("Partial drain returned failure\n");
3323 -+ wake_up(&stream->runtime->sleep);
3324 -+ return retval;
3325 -+ }
3326 -
3327 - stream->next_track = false;
3328 -- return retval;
3329 -+ return snd_compress_wait_for_drain(stream);
3330 - }
3331 -
3332 - static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3333 -diff --git a/sound/drivers/pcsp/pcsp.c b/sound/drivers/pcsp/pcsp.c
3334 -index 1c19cd7..83b8a9a 100644
3335 ---- a/sound/drivers/pcsp/pcsp.c
3336 -+++ b/sound/drivers/pcsp/pcsp.c
3337 -@@ -187,8 +187,8 @@ static int pcsp_probe(struct platform_device *dev)
3338 - static int pcsp_remove(struct platform_device *dev)
3339 - {
3340 - struct snd_pcsp *chip = platform_get_drvdata(dev);
3341 -- alsa_card_pcsp_exit(chip);
3342 - pcspkr_input_remove(chip->input_dev);
3343 -+ alsa_card_pcsp_exit(chip);
3344 - return 0;
3345 - }
3346 -
3347 -diff --git a/sound/isa/msnd/msnd_pinnacle.c b/sound/isa/msnd/msnd_pinnacle.c
3348 -index 81aeb93..0a90bd6 100644
3349 ---- a/sound/isa/msnd/msnd_pinnacle.c
3350 -+++ b/sound/isa/msnd/msnd_pinnacle.c
3351 -@@ -73,9 +73,11 @@
3352 - #ifdef MSND_CLASSIC
3353 - # include "msnd_classic.h"
3354 - # define LOGNAME "msnd_classic"
3355 -+# define DEV_NAME "msnd-classic"
3356 - #else
3357 - # include "msnd_pinnacle.h"
3358 - # define LOGNAME "snd_msnd_pinnacle"
3359 -+# define DEV_NAME "msnd-pinnacle"
3360 - #endif
3361 -
3362 - static void set_default_audio_parameters(struct snd_msnd *chip)
3363 -@@ -1067,8 +1069,6 @@ static int snd_msnd_isa_remove(struct device *pdev, unsigned int dev)
3364 - return 0;
3365 - }
3366 -
3367 --#define DEV_NAME "msnd-pinnacle"
3368 --
3369 - static struct isa_driver snd_msnd_driver = {
3370 - .match = snd_msnd_isa_match,
3371 - .probe = snd_msnd_isa_probe,
3372 -diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
3373 -index 748c6a9..e938a68 100644
3374 ---- a/sound/pci/hda/hda_codec.c
3375 -+++ b/sound/pci/hda/hda_codec.c
3376 -@@ -2579,9 +2579,6 @@ int snd_hda_codec_reset(struct hda_codec *codec)
3377 - cancel_delayed_work_sync(&codec->jackpoll_work);
3378 - #ifdef CONFIG_PM
3379 - cancel_delayed_work_sync(&codec->power_work);
3380 -- codec->power_on = 0;
3381 -- codec->power_transition = 0;
3382 -- codec->power_jiffies = jiffies;
3383 - flush_workqueue(bus->workq);
3384 - #endif
3385 - snd_hda_ctls_clear(codec);
3386 -@@ -3991,6 +3988,10 @@ static void hda_call_codec_resume(struct hda_codec *codec)
3387 - * in the resume / power-save sequence
3388 - */
3389 - hda_keep_power_on(codec);
3390 -+ if (codec->pm_down_notified) {
3391 -+ codec->pm_down_notified = 0;
3392 -+ hda_call_pm_notify(codec->bus, true);
3393 -+ }
3394 - hda_set_power_state(codec, AC_PWRST_D0);
3395 - restore_shutup_pins(codec);
3396 - hda_exec_init_verbs(codec);
3397 -diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
3398 -index b7c89df..3067ed4 100644
3399 ---- a/sound/pci/hda/hda_generic.c
3400 -+++ b/sound/pci/hda/hda_generic.c
3401 -@@ -549,11 +549,15 @@ static hda_nid_t look_for_out_mute_nid(struct hda_codec *codec,
3402 - static hda_nid_t look_for_out_vol_nid(struct hda_codec *codec,
3403 - struct nid_path *path)
3404 - {
3405 -+ struct hda_gen_spec *spec = codec->spec;
3406 - int i;
3407 -
3408 - for (i = path->depth - 1; i >= 0; i--) {
3409 -- if (nid_has_volume(codec, path->path[i], HDA_OUTPUT))
3410 -- return path->path[i];
3411 -+ hda_nid_t nid = path->path[i];
3412 -+ if ((spec->out_vol_mask >> nid) & 1)
3413 -+ continue;
3414 -+ if (nid_has_volume(codec, nid, HDA_OUTPUT))
3415 -+ return nid;
3416 - }
3417 - return 0;
3418 - }
3419 -@@ -792,10 +796,10 @@ static void set_pin_eapd(struct hda_codec *codec, hda_nid_t pin, bool enable)
3420 - if (spec->own_eapd_ctl ||
3421 - !(snd_hda_query_pin_caps(codec, pin) & AC_PINCAP_EAPD))
3422 - return;
3423 -- if (codec->inv_eapd)
3424 -- enable = !enable;
3425 - if (spec->keep_eapd_on && !enable)
3426 - return;
3427 -+ if (codec->inv_eapd)
3428 -+ enable = !enable;
3429 - snd_hda_codec_update_cache(codec, pin, 0,
3430 - AC_VERB_SET_EAPD_BTLENABLE,
3431 - enable ? 0x02 : 0x00);
3432 -diff --git a/sound/pci/hda/hda_generic.h b/sound/pci/hda/hda_generic.h
3433 -index 48d4402..7e45cb4 100644
3434 ---- a/sound/pci/hda/hda_generic.h
3435 -+++ b/sound/pci/hda/hda_generic.h
3436 -@@ -242,6 +242,9 @@ struct hda_gen_spec {
3437 - /* additional mute flags (only effective with auto_mute_via_amp=1) */
3438 - u64 mute_bits;
3439 -
3440 -+ /* bitmask for skipping volume controls */
3441 -+ u64 out_vol_mask;
3442 -+
3443 - /* badness tables for output path evaluations */
3444 - const struct badness_table *main_out_badness;
3445 - const struct badness_table *extra_out_badness;
3446 -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
3447 -index 6e61a01..a63aff2 100644
3448 ---- a/sound/pci/hda/hda_intel.c
3449 -+++ b/sound/pci/hda/hda_intel.c
3450 -@@ -612,6 +612,11 @@ enum {
3451 - #define AZX_DCAPS_INTEL_PCH \
3452 - (AZX_DCAPS_INTEL_PCH_NOPM | AZX_DCAPS_PM_RUNTIME)
3453 -
3454 -+#define AZX_DCAPS_INTEL_HASWELL \
3455 -+ (AZX_DCAPS_SCH_SNOOP | AZX_DCAPS_ALIGN_BUFSIZE | \
3456 -+ AZX_DCAPS_COUNT_LPIB_DELAY | AZX_DCAPS_PM_RUNTIME | \
3457 -+ AZX_DCAPS_I915_POWERWELL)
3458 -+
3459 - /* quirks for ATI SB / AMD Hudson */
3460 - #define AZX_DCAPS_PRESET_ATI_SB \
3461 - (AZX_DCAPS_ATI_SNOOP | AZX_DCAPS_NO_TCSEL | \
3462 -@@ -3987,14 +3992,11 @@ static DEFINE_PCI_DEVICE_TABLE(azx_ids) = {
3463 - .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH },
3464 - /* Haswell */
3465 - { PCI_DEVICE(0x8086, 0x0a0c),
3466 -- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH |
3467 -- AZX_DCAPS_I915_POWERWELL },
3468 -+ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL },
3469 - { PCI_DEVICE(0x8086, 0x0c0c),
3470 -- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH |
3471 -- AZX_DCAPS_I915_POWERWELL },
3472 -+ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL },
3473 - { PCI_DEVICE(0x8086, 0x0d0c),
3474 -- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH |
3475 -- AZX_DCAPS_I915_POWERWELL },
3476 -+ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL },
3477 - /* 5 Series/3400 */
3478 - { PCI_DEVICE(0x8086, 0x3b56),
3479 - .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_NOPM },
3480 -diff --git a/sound/pci/hda/patch_analog.c b/sound/pci/hda/patch_analog.c
3481 -index 2aa2f57..a52d2a1 100644
3482 ---- a/sound/pci/hda/patch_analog.c
3483 -+++ b/sound/pci/hda/patch_analog.c
3484 -@@ -219,8 +219,12 @@ static int alloc_ad_spec(struct hda_codec *codec)
3485 - static void ad_fixup_inv_jack_detect(struct hda_codec *codec,
3486 - const struct hda_fixup *fix, int action)
3487 - {
3488 -- if (action == HDA_FIXUP_ACT_PRE_PROBE)
3489 -+ struct ad198x_spec *spec = codec->spec;
3490 -+
3491 -+ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
3492 - codec->inv_jack_detect = 1;
3493 -+ spec->gen.keep_eapd_on = 1;
3494 -+ }
3495 - }
3496 -
3497 - enum {
3498 -diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
3499 -index 18d9725..072755c 100644
3500 ---- a/sound/pci/hda/patch_cirrus.c
3501 -+++ b/sound/pci/hda/patch_cirrus.c
3502 -@@ -597,6 +597,7 @@ static int patch_cs420x(struct hda_codec *codec)
3503 - * Its layout is no longer compatible with CS4206/CS4207
3504 - */
3505 - enum {
3506 -+ CS4208_MAC_AUTO,
3507 - CS4208_MBA6,
3508 - CS4208_GPIO0,
3509 - };
3510 -@@ -608,7 +609,12 @@ static const struct hda_model_fixup cs4208_models[] = {
3511 - };
3512 -
3513 - static const struct snd_pci_quirk cs4208_fixup_tbl[] = {
3514 -- /* codec SSID */
3515 -+ SND_PCI_QUIRK_VENDOR(0x106b, "Apple", CS4208_MAC_AUTO),
3516 -+ {} /* terminator */
3517 -+};
3518 -+
3519 -+/* codec SSID matching */
3520 -+static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = {
3521 - SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
3522 - SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
3523 - {} /* terminator */
3524 -@@ -626,6 +632,20 @@ static void cs4208_fixup_gpio0(struct hda_codec *codec,
3525 - }
3526 - }
3527 -
3528 -+static const struct hda_fixup cs4208_fixups[];
3529 -+
3530 -+/* remap the fixup from codec SSID and apply it */
3531 -+static void cs4208_fixup_mac(struct hda_codec *codec,
3532 -+ const struct hda_fixup *fix, int action)
3533 -+{
3534 -+ if (action != HDA_FIXUP_ACT_PRE_PROBE)
3535 -+ return;
3536 -+ snd_hda_pick_fixup(codec, NULL, cs4208_mac_fixup_tbl, cs4208_fixups);
3537 -+ if (codec->fixup_id < 0 || codec->fixup_id == CS4208_MAC_AUTO)
3538 -+ codec->fixup_id = CS4208_GPIO0; /* default fixup */
3539 -+ snd_hda_apply_fixup(codec, action);
3540 -+}
3541 -+
3542 - static const struct hda_fixup cs4208_fixups[] = {
3543 - [CS4208_MBA6] = {
3544 - .type = HDA_FIXUP_PINS,
3545 -@@ -637,6 +657,10 @@ static const struct hda_fixup cs4208_fixups[] = {
3546 - .type = HDA_FIXUP_FUNC,
3547 - .v.func = cs4208_fixup_gpio0,
3548 - },
3549 -+ [CS4208_MAC_AUTO] = {
3550 -+ .type = HDA_FIXUP_FUNC,
3551 -+ .v.func = cs4208_fixup_mac,
3552 -+ },
3553 - };
3554 -
3555 - /* correct the 0dB offset of input pins */
3556 -@@ -660,6 +684,8 @@ static int patch_cs4208(struct hda_codec *codec)
3557 - return -ENOMEM;
3558 -
3559 - spec->gen.automute_hook = cs_automute;
3560 -+ /* exclude NID 0x10 (HP) from output volumes due to different steps */
3561 -+ spec->gen.out_vol_mask = 1ULL << 0x10;
3562 -
3563 - snd_hda_pick_fixup(codec, cs4208_models, cs4208_fixup_tbl,
3564 - cs4208_fixups);
3565 -diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c
3566 -index ec68eae..96f07ce 100644
3567 ---- a/sound/pci/hda/patch_conexant.c
3568 -+++ b/sound/pci/hda/patch_conexant.c
3569 -@@ -3568,6 +3568,8 @@ static const struct hda_codec_preset snd_hda_preset_conexant[] = {
3570 - .patch = patch_conexant_auto },
3571 - { .id = 0x14f15115, .name = "CX20757",
3572 - .patch = patch_conexant_auto },
3573 -+ { .id = 0x14f151d7, .name = "CX20952",
3574 -+ .patch = patch_conexant_auto },
3575 - {} /* terminator */
3576 - };
3577 -
3578 -@@ -3594,6 +3596,7 @@ MODULE_ALIAS("snd-hda-codec-id:14f15111");
3579 - MODULE_ALIAS("snd-hda-codec-id:14f15113");
3580 - MODULE_ALIAS("snd-hda-codec-id:14f15114");
3581 - MODULE_ALIAS("snd-hda-codec-id:14f15115");
3582 -+MODULE_ALIAS("snd-hda-codec-id:14f151d7");
3583 -
3584 - MODULE_LICENSE("GPL");
3585 - MODULE_DESCRIPTION("Conexant HD-audio codec");
3586 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
3587 -index 8ad5543..2f39631 100644
3588 ---- a/sound/pci/hda/patch_realtek.c
3589 -+++ b/sound/pci/hda/patch_realtek.c
3590 -@@ -1043,6 +1043,7 @@ enum {
3591 - ALC880_FIXUP_UNIWILL,
3592 - ALC880_FIXUP_UNIWILL_DIG,
3593 - ALC880_FIXUP_Z71V,
3594 -+ ALC880_FIXUP_ASUS_W5A,
3595 - ALC880_FIXUP_3ST_BASE,
3596 - ALC880_FIXUP_3ST,
3597 - ALC880_FIXUP_3ST_DIG,
3598 -@@ -1213,6 +1214,26 @@ static const struct hda_fixup alc880_fixups[] = {
3599 - { }
3600 - }
3601 - },
3602 -+ [ALC880_FIXUP_ASUS_W5A] = {
3603 -+ .type = HDA_FIXUP_PINS,
3604 -+ .v.pins = (const struct hda_pintbl[]) {
3605 -+ /* set up the whole pins as BIOS is utterly broken */
3606 -+ { 0x14, 0x0121411f }, /* HP */
3607 -+ { 0x15, 0x411111f0 }, /* N/A */
3608 -+ { 0x16, 0x411111f0 }, /* N/A */
3609 -+ { 0x17, 0x411111f0 }, /* N/A */
3610 -+ { 0x18, 0x90a60160 }, /* mic */
3611 -+ { 0x19, 0x411111f0 }, /* N/A */
3612 -+ { 0x1a, 0x411111f0 }, /* N/A */
3613 -+ { 0x1b, 0x411111f0 }, /* N/A */
3614 -+ { 0x1c, 0x411111f0 }, /* N/A */
3615 -+ { 0x1d, 0x411111f0 }, /* N/A */
3616 -+ { 0x1e, 0xb743111e }, /* SPDIF out */
3617 -+ { }
3618 -+ },
3619 -+ .chained = true,
3620 -+ .chain_id = ALC880_FIXUP_GPIO1,
3621 -+ },
3622 - [ALC880_FIXUP_3ST_BASE] = {
3623 - .type = HDA_FIXUP_PINS,
3624 - .v.pins = (const struct hda_pintbl[]) {
3625 -@@ -1334,6 +1355,7 @@ static const struct hda_fixup alc880_fixups[] = {
3626 -
3627 - static const struct snd_pci_quirk alc880_fixup_tbl[] = {
3628 - SND_PCI_QUIRK(0x1019, 0x0f69, "Coeus G610P", ALC880_FIXUP_W810),
3629 -+ SND_PCI_QUIRK(0x1043, 0x10c3, "ASUS W5A", ALC880_FIXUP_ASUS_W5A),
3630 - SND_PCI_QUIRK(0x1043, 0x1964, "ASUS Z71V", ALC880_FIXUP_Z71V),
3631 - SND_PCI_QUIRK_VENDOR(0x1043, "ASUS", ALC880_FIXUP_GPIO1),
3632 - SND_PCI_QUIRK(0x1558, 0x5401, "Clevo GPIO2", ALC880_FIXUP_GPIO2),
3633 -@@ -1479,6 +1501,7 @@ enum {
3634 - ALC260_FIXUP_KN1,
3635 - ALC260_FIXUP_FSC_S7020,
3636 - ALC260_FIXUP_FSC_S7020_JWSE,
3637 -+ ALC260_FIXUP_VAIO_PINS,
3638 - };
3639 -
3640 - static void alc260_gpio1_automute(struct hda_codec *codec)
3641 -@@ -1619,6 +1642,24 @@ static const struct hda_fixup alc260_fixups[] = {
3642 - .chained = true,
3643 - .chain_id = ALC260_FIXUP_FSC_S7020,
3644 - },
3645 -+ [ALC260_FIXUP_VAIO_PINS] = {
3646 -+ .type = HDA_FIXUP_PINS,
3647 -+ .v.pins = (const struct hda_pintbl[]) {
3648 -+ /* Pin configs are missing completely on some VAIOs */
3649 -+ { 0x0f, 0x01211020 },
3650 -+ { 0x10, 0x0001003f },
3651 -+ { 0x11, 0x411111f0 },
3652 -+ { 0x12, 0x01a15930 },
3653 -+ { 0x13, 0x411111f0 },
3654 -+ { 0x14, 0x411111f0 },
3655 -+ { 0x15, 0x411111f0 },
3656 -+ { 0x16, 0x411111f0 },
3657 -+ { 0x17, 0x411111f0 },
3658 -+ { 0x18, 0x411111f0 },
3659 -+ { 0x19, 0x411111f0 },
3660 -+ { }
3661 -+ }
3662 -+ },
3663 - };
3664 -
3665 - static const struct snd_pci_quirk alc260_fixup_tbl[] = {
3666 -@@ -1627,6 +1668,8 @@ static const struct snd_pci_quirk alc260_fixup_tbl[] = {
3667 - SND_PCI_QUIRK(0x1025, 0x008f, "Acer", ALC260_FIXUP_GPIO1),
3668 - SND_PCI_QUIRK(0x103c, 0x280a, "HP dc5750", ALC260_FIXUP_HP_DC5750),
3669 - SND_PCI_QUIRK(0x103c, 0x30ba, "HP Presario B1900", ALC260_FIXUP_HP_B1900),
3670 -+ SND_PCI_QUIRK(0x104d, 0x81bb, "Sony VAIO", ALC260_FIXUP_VAIO_PINS),
3671 -+ SND_PCI_QUIRK(0x104d, 0x81e2, "Sony VAIO TX", ALC260_FIXUP_HP_PIN_0F),
3672 - SND_PCI_QUIRK(0x10cf, 0x1326, "FSC LifeBook S7020", ALC260_FIXUP_FSC_S7020),
3673 - SND_PCI_QUIRK(0x1509, 0x4540, "Favorit 100XS", ALC260_FIXUP_GPIO1),
3674 - SND_PCI_QUIRK(0x152d, 0x0729, "Quanta KN1", ALC260_FIXUP_KN1),
3675 -@@ -2388,6 +2431,7 @@ static const struct hda_verb alc268_beep_init_verbs[] = {
3676 - enum {
3677 - ALC268_FIXUP_INV_DMIC,
3678 - ALC268_FIXUP_HP_EAPD,
3679 -+ ALC268_FIXUP_SPDIF,
3680 - };
3681 -
3682 - static const struct hda_fixup alc268_fixups[] = {
3683 -@@ -2402,6 +2446,13 @@ static const struct hda_fixup alc268_fixups[] = {
3684 - {}
3685 - }
3686 - },
3687 -+ [ALC268_FIXUP_SPDIF] = {
3688 -+ .type = HDA_FIXUP_PINS,
3689 -+ .v.pins = (const struct hda_pintbl[]) {
3690 -+ { 0x1e, 0x014b1180 }, /* enable SPDIF out */
3691 -+ {}
3692 -+ }
3693 -+ },
3694 - };
3695 -
3696 - static const struct hda_model_fixup alc268_fixup_models[] = {
3697 -@@ -2411,6 +2462,7 @@ static const struct hda_model_fixup alc268_fixup_models[] = {
3698 - };
3699 -
3700 - static const struct snd_pci_quirk alc268_fixup_tbl[] = {
3701 -+ SND_PCI_QUIRK(0x1025, 0x0139, "Acer TravelMate 6293", ALC268_FIXUP_SPDIF),
3702 - SND_PCI_QUIRK(0x1025, 0x015b, "Acer AOA 150 (ZG5)", ALC268_FIXUP_INV_DMIC),
3703 - /* below is codec SSID since multiple Toshiba laptops have the
3704 - * same PCI SSID 1179:ff00
3705 -@@ -2540,6 +2592,7 @@ enum {
3706 - ALC269_TYPE_ALC283,
3707 - ALC269_TYPE_ALC284,
3708 - ALC269_TYPE_ALC286,
3709 -+ ALC269_TYPE_ALC255,
3710 - };
3711 -
3712 - /*
3713 -@@ -2565,6 +2618,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec)
3714 - case ALC269_TYPE_ALC282:
3715 - case ALC269_TYPE_ALC283:
3716 - case ALC269_TYPE_ALC286:
3717 -+ case ALC269_TYPE_ALC255:
3718 - ssids = alc269_ssids;
3719 - break;
3720 - default:
3721 -@@ -2944,6 +2998,23 @@ static void alc269_fixup_mic_mute_hook(void *private_data, int enabled)
3722 - snd_hda_set_pin_ctl_cache(codec, spec->mute_led_nid, pinval);
3723 - }
3724 -
3725 -+/* Make sure the led works even in runtime suspend */
3726 -+static unsigned int led_power_filter(struct hda_codec *codec,
3727 -+ hda_nid_t nid,
3728 -+ unsigned int power_state)
3729 -+{
3730 -+ struct alc_spec *spec = codec->spec;
3731 -+
3732 -+ if (power_state != AC_PWRST_D3 || nid != spec->mute_led_nid)
3733 -+ return power_state;
3734 -+
3735 -+ /* Set pin ctl again, it might have just been set to 0 */
3736 -+ snd_hda_set_pin_ctl(codec, nid,
3737 -+ snd_hda_codec_get_pin_target(codec, nid));
3738 -+
3739 -+ return AC_PWRST_D0;
3740 -+}
3741 -+
3742 - static void alc269_fixup_hp_mute_led(struct hda_codec *codec,
3743 - const struct hda_fixup *fix, int action)
3744 - {
3745 -@@ -2963,6 +3034,7 @@ static void alc269_fixup_hp_mute_led(struct hda_codec *codec,
3746 - spec->mute_led_nid = pin - 0x0a + 0x18;
3747 - spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook;
3748 - spec->gen.vmaster_mute_enum = 1;
3749 -+ codec->power_filter = led_power_filter;
3750 - snd_printd("Detected mute LED for %x:%d\n", spec->mute_led_nid,
3751 - spec->mute_led_polarity);
3752 - break;
3753 -@@ -2978,6 +3050,7 @@ static void alc269_fixup_hp_mute_led_mic1(struct hda_codec *codec,
3754 - spec->mute_led_nid = 0x18;
3755 - spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook;
3756 - spec->gen.vmaster_mute_enum = 1;
3757 -+ codec->power_filter = led_power_filter;
3758 - }
3759 - }
3760 -
3761 -@@ -2990,6 +3063,7 @@ static void alc269_fixup_hp_mute_led_mic2(struct hda_codec *codec,
3762 - spec->mute_led_nid = 0x19;
3763 - spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook;
3764 - spec->gen.vmaster_mute_enum = 1;
3765 -+ codec->power_filter = led_power_filter;
3766 - }
3767 - }
3768 -
3769 -@@ -3230,8 +3304,10 @@ static void alc_update_headset_mode(struct hda_codec *codec)
3770 - else
3771 - new_headset_mode = ALC_HEADSET_MODE_HEADPHONE;
3772 -
3773 -- if (new_headset_mode == spec->current_headset_mode)
3774 -+ if (new_headset_mode == spec->current_headset_mode) {
3775 -+ snd_hda_gen_update_outputs(codec);
3776 - return;
3777 -+ }
3778 -
3779 - switch (new_headset_mode) {
3780 - case ALC_HEADSET_MODE_UNPLUGGED:
3781 -@@ -3895,6 +3971,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
3782 - SND_PCI_QUIRK(0x1028, 0x0608, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
3783 - SND_PCI_QUIRK(0x1028, 0x0609, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
3784 - SND_PCI_QUIRK(0x1028, 0x0613, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
3785 -+ SND_PCI_QUIRK(0x1028, 0x0614, "Dell Inspiron 3135", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
3786 - SND_PCI_QUIRK(0x1028, 0x0616, "Dell Vostro 5470", ALC290_FIXUP_MONO_SPEAKERS),
3787 - SND_PCI_QUIRK(0x1028, 0x15cc, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE),
3788 - SND_PCI_QUIRK(0x1028, 0x15cd, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE),
3789 -@@ -4128,6 +4205,9 @@ static int patch_alc269(struct hda_codec *codec)
3790 - case 0x10ec0286:
3791 - spec->codec_variant = ALC269_TYPE_ALC286;
3792 - break;
3793 -+ case 0x10ec0255:
3794 -+ spec->codec_variant = ALC269_TYPE_ALC255;
3795 -+ break;
3796 - }
3797 -
3798 - if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) {
3799 -@@ -4842,6 +4922,7 @@ static int patch_alc680(struct hda_codec *codec)
3800 - static const struct hda_codec_preset snd_hda_preset_realtek[] = {
3801 - { .id = 0x10ec0221, .name = "ALC221", .patch = patch_alc269 },
3802 - { .id = 0x10ec0233, .name = "ALC233", .patch = patch_alc269 },
3803 -+ { .id = 0x10ec0255, .name = "ALC255", .patch = patch_alc269 },
3804 - { .id = 0x10ec0260, .name = "ALC260", .patch = patch_alc260 },
3805 - { .id = 0x10ec0262, .name = "ALC262", .patch = patch_alc262 },
3806 - { .id = 0x10ec0267, .name = "ALC267", .patch = patch_alc268 },
3807 -diff --git a/sound/usb/6fire/chip.c b/sound/usb/6fire/chip.c
3808 -index c39c779..66edc4a 100644
3809 ---- a/sound/usb/6fire/chip.c
3810 -+++ b/sound/usb/6fire/chip.c
3811 -@@ -101,7 +101,7 @@ static int usb6fire_chip_probe(struct usb_interface *intf,
3812 - usb_set_intfdata(intf, chips[i]);
3813 - mutex_unlock(&register_mutex);
3814 - return 0;
3815 -- } else if (regidx < 0)
3816 -+ } else if (!devices[i] && regidx < 0)
3817 - regidx = i;
3818 - }
3819 - if (regidx < 0) {
3820 -diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
3821 -index 72a130b..c329c8f 100644
3822 ---- a/virt/kvm/iommu.c
3823 -+++ b/virt/kvm/iommu.c
3824 -@@ -103,6 +103,10 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
3825 - while ((gfn << PAGE_SHIFT) & (page_size - 1))
3826 - page_size >>= 1;
3827 -
3828 -+ /* Make sure hva is aligned to the page size we want to map */
3829 -+ while (__gfn_to_hva_memslot(slot, gfn) & (page_size - 1))
3830 -+ page_size >>= 1;
3831 -+
3832 - /*
3833 - * Pin all pages we are about to map in memory. This is
3834 - * important because we unmap and unpin in 4kb steps later.
3835
3836 diff --git a/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch b/3.12.2/4420_grsecurity-3.0-3.12.2-201312032145.patch
3837 similarity index 99%
3838 rename from 3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch
3839 rename to 3.12.2/4420_grsecurity-3.0-3.12.2-201312032145.patch
3840 index 284b9ed..f703780 100644
3841 --- a/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch
3842 +++ b/3.12.2/4420_grsecurity-3.0-3.12.2-201312032145.patch
3843 @@ -829,7 +829,7 @@ index 98838a0..b304fb4 100644
3844 /* Allow reads even for write-only mappings */
3845 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
3846 diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
3847 -index 1ad6fb6..4e7fae5 100644
3848 +index 1ad6fb6..9406b3d 100644
3849 --- a/arch/arm/Kconfig
3850 +++ b/arch/arm/Kconfig
3851 @@ -1832,7 +1832,7 @@ config ALIGNMENT_TRAP
3852 @@ -841,6 +841,14 @@ index 1ad6fb6..4e7fae5 100644
3853 default y if CPU_FEROCEON
3854 help
3855 Implement faster copy_to_user and clear_user methods for CPU
3856 +@@ -2097,6 +2097,7 @@ config XIP_PHYS_ADDR
3857 + config KEXEC
3858 + bool "Kexec system call (EXPERIMENTAL)"
3859 + depends on (!SMP || PM_SLEEP_SMP)
3860 ++ depends on !GRKERNSEC_KMEM
3861 + help
3862 + kexec is a system call that implements the ability to shutdown your
3863 + current kernel, and to start another kernel. It is like a reboot
3864 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
3865 index da1c77d..2ee6056 100644
3866 --- a/arch/arm/include/asm/atomic.h
3867 @@ -4824,6 +4832,18 @@ index f4ca594..adc72fd6 100644
3868
3869 #define __cacheline_aligned __aligned(L1_CACHE_BYTES)
3870 #define ____cacheline_aligned __aligned(L1_CACHE_BYTES)
3871 +diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
3872 +index 7740ab1..17fa8c5 100644
3873 +--- a/arch/ia64/Kconfig
3874 ++++ b/arch/ia64/Kconfig
3875 +@@ -554,6 +554,7 @@ source "drivers/sn/Kconfig"
3876 + config KEXEC
3877 + bool "kexec system call"
3878 + depends on !IA64_HP_SIM && (!SMP || HOTPLUG_CPU)
3879 ++ depends on !GRKERNSEC_KMEM
3880 + help
3881 + kexec is a system call that implements the ability to shutdown your
3882 + current kernel, and to start another kernel. It is like a reboot
3883 diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h
3884 index 6e6fe18..a6ae668 100644
3885 --- a/arch/ia64/include/asm/atomic.h
3886 @@ -5354,6 +5374,18 @@ index 4efe96a..60e8699 100644
3887
3888 #define SMP_CACHE_BYTES L1_CACHE_BYTES
3889
3890 +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
3891 +index f75ab4a..adc6968 100644
3892 +--- a/arch/mips/Kconfig
3893 ++++ b/arch/mips/Kconfig
3894 +@@ -2283,6 +2283,7 @@ source "kernel/Kconfig.preempt"
3895 +
3896 + config KEXEC
3897 + bool "Kexec system call"
3898 ++ depends on !GRKERNSEC_KMEM
3899 + help
3900 + kexec is a system call that implements the ability to shutdown your
3901 + current kernel, and to start another kernel. It is like a reboot
3902 diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
3903 index 08b6079..8b554d2 100644
3904 --- a/arch/mips/include/asm/atomic.h
3905 @@ -7458,6 +7490,18 @@ index 0293588..3b229aa 100644
3906
3907 /*
3908 * If for any reason at all we couldn't handle the fault, make
3909 +diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
3910 +index 38f3b7e..7e485c0 100644
3911 +--- a/arch/powerpc/Kconfig
3912 ++++ b/arch/powerpc/Kconfig
3913 +@@ -378,6 +378,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE
3914 + config KEXEC
3915 + bool "kexec system call"
3916 + depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP))
3917 ++ depends on !GRKERNSEC_KMEM
3918 + help
3919 + kexec is a system call that implements the ability to shutdown your
3920 + current kernel, and to start another kernel. It is like a reboot
3921 diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
3922 index e3b1d41..8e81edf 100644
3923 --- a/arch/powerpc/include/asm/atomic.h
3924 @@ -11336,6 +11380,18 @@ index ed82eda..0d80e77 100644
3925 #endif /* CONFIG_SMP */
3926 #endif /* CONFIG_DEBUG_DCFLUSH */
3927 }
3928 +diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
3929 +index d45a2c4..3c05a78 100644
3930 +--- a/arch/tile/Kconfig
3931 ++++ b/arch/tile/Kconfig
3932 +@@ -185,6 +185,7 @@ source "kernel/Kconfig.hz"
3933 +
3934 + config KEXEC
3935 + bool "kexec system call"
3936 ++ depends on !GRKERNSEC_KMEM
3937 + ---help---
3938 + kexec is a system call that implements the ability to shutdown your
3939 + current kernel, and to start another kernel. It is like a reboot
3940 diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h
3941 index ad220ee..2f537b3 100644
3942 --- a/arch/tile/include/asm/atomic_64.h
3943 @@ -11541,7 +11597,7 @@ index ad8f795..2c7eec6 100644
3944 /*
3945 * Memory returned by kmalloc() may be used for DMA, so we must make
3946 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
3947 -index f67e839..419b5f7 100644
3948 +index f67e839..bfd4748 100644
3949 --- a/arch/x86/Kconfig
3950 +++ b/arch/x86/Kconfig
3951 @@ -247,7 +247,7 @@ config X86_HT
3952 @@ -11596,7 +11652,15 @@ index f67e839..419b5f7 100644
3953 ---help---
3954 This option turns on the -fstack-protector GCC feature. This
3955 feature puts, at the beginning of functions, a canary value on
3956 -@@ -1733,6 +1735,8 @@ config X86_NEED_RELOCS
3957 +@@ -1632,6 +1634,7 @@ source kernel/Kconfig.hz
3958 +
3959 + config KEXEC
3960 + bool "kexec system call"
3961 ++ depends on !GRKERNSEC_KMEM
3962 + ---help---
3963 + kexec is a system call that implements the ability to shutdown your
3964 + current kernel, and to start another kernel. It is like a reboot
3965 +@@ -1733,6 +1736,8 @@ config X86_NEED_RELOCS
3966 config PHYSICAL_ALIGN
3967 hex "Alignment value to which kernel should be aligned"
3968 default "0x1000000"
3969 @@ -11605,7 +11669,7 @@ index f67e839..419b5f7 100644
3970 range 0x2000 0x1000000 if X86_32
3971 range 0x200000 0x1000000 if X86_64
3972 ---help---
3973 -@@ -1812,9 +1816,10 @@ config DEBUG_HOTPLUG_CPU0
3974 +@@ -1812,9 +1817,10 @@ config DEBUG_HOTPLUG_CPU0
3975 If unsure, say N.
3976
3977 config COMPAT_VDSO
3978 @@ -14207,7 +14271,7 @@ index 722aa3b..3a0bb27 100644
3979 /* Atomic operations are already serializing on x86 */
3980 #define smp_mb__before_atomic_dec() barrier()
3981 diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
3982 -index b154de7..aadebd8 100644
3983 +index b154de7..a7cef48 100644
3984 --- a/arch/x86/include/asm/atomic64_32.h
3985 +++ b/arch/x86/include/asm/atomic64_32.h
3986 @@ -12,6 +12,14 @@ typedef struct {
3987 @@ -14279,7 +14343,7 @@ index b154de7..aadebd8 100644
3988 * atomic64_xchg - xchg atomic64 variable
3989 * @v: pointer to type atomic64_t
3990 * @n: value to assign
3991 -@@ -112,6 +145,22 @@ static inline void atomic64_set(atomic64_t *v, long long i)
3992 +@@ -112,12 +145,41 @@ static inline void atomic64_set(atomic64_t *v, long long i)
3993 }
3994
3995 /**
3996 @@ -14302,16 +14366,10 @@ index b154de7..aadebd8 100644
3997 * atomic64_read - read atomic64 variable
3998 * @v: pointer to type atomic64_t
3999 *
4000 -@@ -125,6 +174,19 @@ static inline long long atomic64_read(const atomic64_t *v)
4001 - }
4002 -
4003 - /**
4004 -+ * atomic64_read_unchecked - read atomic64 variable
4005 -+ * @v: pointer to type atomic64_unchecked_t
4006 -+ *
4007 -+ * Atomically reads the value of @v and returns it.
4008 -+ */
4009 -+static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v)
4010 + * Atomically reads the value of @v and returns it.
4011 + */
4012 +-static inline long long atomic64_read(const atomic64_t *v)
4013 ++static inline long long __intentional_overflow(-1) atomic64_read(const atomic64_t *v)
4014 +{
4015 + long long r;
4016 + alternative_atomic64(read, "=&A" (r), "c" (v) : "memory");
4017 @@ -14319,9 +14377,15 @@ index b154de7..aadebd8 100644
4018 + }
4019 +
4020 +/**
4021 - * atomic64_add_return - add and return
4022 - * @i: integer value to add
4023 - * @v: pointer to type atomic64_t
4024 ++ * atomic64_read_unchecked - read atomic64 variable
4025 ++ * @v: pointer to type atomic64_unchecked_t
4026 ++ *
4027 ++ * Atomically reads the value of @v and returns it.
4028 ++ */
4029 ++static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v)
4030 + {
4031 + long long r;
4032 + alternative_atomic64(read, "=&A" (r), "c" (v) : "memory");
4033 @@ -139,6 +201,21 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
4034 return i;
4035 }
4036 @@ -14382,12 +14446,15 @@ index b154de7..aadebd8 100644
4037 * @i: integer value to subtract
4038 * @v: pointer to type atomic64_t
4039 diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
4040 -index 0e1cbfc..5623683 100644
4041 +index 0e1cbfc..adf5aa7 100644
4042 --- a/arch/x86/include/asm/atomic64_64.h
4043 +++ b/arch/x86/include/asm/atomic64_64.h
4044 -@@ -18,7 +18,19 @@
4045 +@@ -16,9 +16,21 @@
4046 + * Atomically reads the value of @v.
4047 + * Doesn't imply a read memory barrier.
4048 */
4049 - static inline long atomic64_read(const atomic64_t *v)
4050 +-static inline long atomic64_read(const atomic64_t *v)
4051 ++static inline long __intentional_overflow(-1) atomic64_read(const atomic64_t *v)
4052 {
4053 - return (*(volatile long *)&(v)->counter);
4054 + return (*(volatile const long *)&(v)->counter);
4055 @@ -23385,7 +23452,7 @@ index a979b5b..1d6db75 100644
4056 .callback = dmi_io_delay_0xed_port,
4057 .ident = "Compaq Presario V6000",
4058 diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
4059 -index 4ddaf66..6292f4e 100644
4060 +index 4ddaf66..49d5c18 100644
4061 --- a/arch/x86/kernel/ioport.c
4062 +++ b/arch/x86/kernel/ioport.c
4063 @@ -6,6 +6,7 @@
4064 @@ -23396,19 +23463,19 @@ index 4ddaf66..6292f4e 100644
4065 #include <linux/errno.h>
4066 #include <linux/types.h>
4067 #include <linux/ioport.h>
4068 -@@ -28,6 +29,12 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
4069 -
4070 - if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
4071 +@@ -30,6 +31,12 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
4072 return -EINVAL;
4073 + if (turn_on && !capable(CAP_SYS_RAWIO))
4074 + return -EPERM;
4075 +#ifdef CONFIG_GRKERNSEC_IO
4076 + if (turn_on && grsec_disable_privio) {
4077 + gr_handle_ioperm();
4078 -+ return -EPERM;
4079 ++ return -ENODEV;
4080 + }
4081 +#endif
4082 - if (turn_on && !capable(CAP_SYS_RAWIO))
4083 - return -EPERM;
4084
4085 + /*
4086 + * If it's the first ioperm() call in this thread's lifetime, set the
4087 @@ -54,7 +61,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
4088 * because the ->io_bitmap_max value must match the bitmap
4089 * contents:
4090 @@ -23418,19 +23485,19 @@ index 4ddaf66..6292f4e 100644
4091
4092 if (turn_on)
4093 bitmap_clear(t->io_bitmap_ptr, from, num);
4094 -@@ -103,6 +110,12 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
4095 - return -EINVAL;
4096 - /* Trying to gain more privileges? */
4097 +@@ -105,6 +112,12 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
4098 if (level > old) {
4099 + if (!capable(CAP_SYS_RAWIO))
4100 + return -EPERM;
4101 +#ifdef CONFIG_GRKERNSEC_IO
4102 + if (grsec_disable_privio) {
4103 + gr_handle_iopl();
4104 -+ return -EPERM;
4105 ++ return -ENODEV;
4106 + }
4107 +#endif
4108 - if (!capable(CAP_SYS_RAWIO))
4109 - return -EPERM;
4110 }
4111 + regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
4112 + t->iopl = level << 12;
4113 diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
4114 index 22d0687..e07b2a5 100644
4115 --- a/arch/x86/kernel/irq.c
4116 @@ -61557,10 +61624,10 @@ index 2b8952d..a60c6be 100644
4117 kfree(s);
4118 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
4119 new file mode 100644
4120 -index 0000000..6d22fbe
4121 +index 0000000..a78d810
4122 --- /dev/null
4123 +++ b/grsecurity/Kconfig
4124 -@@ -0,0 +1,1112 @@
4125 +@@ -0,0 +1,1107 @@
4126 +#
4127 +# grecurity configuration
4128 +#
4129 @@ -61574,21 +61641,15 @@ index 0000000..6d22fbe
4130 + help
4131 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
4132 + be written to or read from to modify or leak the contents of the running
4133 -+ kernel. /dev/port will also not be allowed to be opened and support
4134 -+ for /dev/cpu/*/msr will be removed. If you have module
4135 -+ support disabled, enabling this will close up five ways that are
4136 -+ currently used to insert malicious code into the running kernel.
4137 ++ kernel. /dev/port will also not be allowed to be opened, and support
4138 ++ for /dev/cpu/*/msr and kexec will be removed. If you have module
4139 ++ support disabled, enabling this will close up six ways that are
4140 ++ currently used to insert malicious code into the running kernel.
4141 +
4142 -+ Even with all these features enabled, we still highly recommend that
4143 ++ Even with this feature enabled, we still highly recommend that
4144 + you use the RBAC system, as it is still possible for an attacker to
4145 -+ modify the running kernel through privileged I/O granted by ioperm/iopl.
4146 -+
4147 -+ If you are not using XFree86, you may be able to stop this additional
4148 -+ case by enabling the 'Disable privileged I/O' option. Though nothing
4149 -+ legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
4150 -+ but only to video memory, which is the only writing we allow in this
4151 -+ case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
4152 -+ not be allowed to mprotect it with PROT_WRITE later.
4153 ++ modify the running kernel through other more obscure methods.
4154 ++
4155 + Enabling this feature will prevent the "cpupower" and "powertop" tools
4156 + from working.
4157 +
4158 @@ -61624,10 +61685,11 @@ index 0000000..6d22fbe
4159 + the most notable of which are XFree86 and hwclock. hwclock can be
4160 + remedied by having RTC support in the kernel, so real-time
4161 + clock support is enabled if this option is enabled, to ensure
4162 -+ that hwclock operates correctly. XFree86 still will not
4163 -+ operate correctly with this option enabled, so DO NOT CHOOSE Y
4164 -+ IF YOU USE XFree86. If you use XFree86 and you still want to
4165 -+ protect your kernel against modification, use the RBAC system.
4166 ++ that hwclock operates correctly.
4167 ++
4168 ++ If you're using XFree86 or a version of Xorg from 2012 or earlier,
4169 ++ you may not be able to boot into a graphical environment with this
4170 ++ option enabled. In this case, you should use the RBAC system instead.
4171 +
4172 +config GRKERNSEC_JIT_HARDEN
4173 + bool "Harden BPF JIT against spray attacks"
4174 @@ -80032,7 +80094,7 @@ index a67ef9d..2d17ed9 100644
4175 #ifdef CONFIG_BLK_DEV_RAM
4176 int fd;
4177 diff --git a/init/main.c b/init/main.c
4178 -index 63d3e8f..291fa8a 100644
4179 +index 63d3e8f..50bd5f8 100644
4180 --- a/init/main.c
4181 +++ b/init/main.c
4182 @@ -103,6 +103,8 @@ static inline void mark_rodata_ro(void) { }
4183 @@ -80044,7 +80106,7 @@ index 63d3e8f..291fa8a 100644
4184 /*
4185 * Debug helper: via this flag we know that we are in 'early bootup code'
4186 * where only the boot processor is running with IRQ disabled. This means
4187 -@@ -156,6 +158,74 @@ static int __init set_reset_devices(char *str)
4188 +@@ -156,6 +158,75 @@ static int __init set_reset_devices(char *str)
4189
4190 __setup("reset_devices", set_reset_devices);
4191
4192 @@ -80088,6 +80150,7 @@ index 63d3e8f..291fa8a 100644
4193 + clone_pgd_mask = ~(pgdval_t)0UL;
4194 + pax_user_shadow_base = 0UL;
4195 + setup_clear_cpu_cap(X86_FEATURE_PCID);
4196 ++ setup_clear_cpu_cap(X86_FEATURE_INVPCID);
4197 +#endif
4198 +
4199 + return 0;
4200 @@ -80119,7 +80182,7 @@ index 63d3e8f..291fa8a 100644
4201 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
4202 const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
4203 static const char *panic_later, *panic_param;
4204 -@@ -682,25 +752,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
4205 +@@ -682,25 +753,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
4206 {
4207 int count = preempt_count();
4208 int ret;
4209 @@ -80150,7 +80213,7 @@ index 63d3e8f..291fa8a 100644
4210 return ret;
4211 }
4212
4213 -@@ -807,10 +876,14 @@ static int run_init_process(const char *init_filename)
4214 +@@ -807,10 +877,14 @@ static int run_init_process(const char *init_filename)
4215 {
4216 argv_init[0] = init_filename;
4217 return do_execve(init_filename,
4218 @@ -80167,7 +80230,7 @@ index 63d3e8f..291fa8a 100644
4219 static noinline void __init kernel_init_freeable(void);
4220
4221 static int __ref kernel_init(void *unused)
4222 -@@ -831,6 +904,11 @@ static int __ref kernel_init(void *unused)
4223 +@@ -831,6 +905,11 @@ static int __ref kernel_init(void *unused)
4224 pr_err("Failed to execute %s\n", ramdisk_execute_command);
4225 }
4226
4227 @@ -80179,7 +80242,7 @@ index 63d3e8f..291fa8a 100644
4228 /*
4229 * We try each of these until one succeeds.
4230 *
4231 -@@ -885,7 +963,7 @@ static noinline void __init kernel_init_freeable(void)
4232 +@@ -885,7 +964,7 @@ static noinline void __init kernel_init_freeable(void)
4233 do_basic_setup();
4234
4235 /* Open the /dev/console on the rootfs, this should never fail */
4236 @@ -80188,7 +80251,7 @@ index 63d3e8f..291fa8a 100644
4237 pr_err("Warning: unable to open an initial console.\n");
4238
4239 (void) sys_dup(0);
4240 -@@ -898,11 +976,13 @@ static noinline void __init kernel_init_freeable(void)
4241 +@@ -898,11 +977,13 @@ static noinline void __init kernel_init_freeable(void)
4242 if (!ramdisk_execute_command)
4243 ramdisk_execute_command = "/init";
4244
4245 @@ -84241,7 +84304,7 @@ index 5f97eab..db8f687 100644
4246 unsigned long jiffies_force_qs; /* Time at which to invoke */
4247 /* force_quiescent_state(). */
4248 diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h
4249 -index 130c97b..da2e5fc 100644
4250 +index 130c97b..33c0d3d 100644
4251 --- a/kernel/rcutree_plugin.h
4252 +++ b/kernel/rcutree_plugin.h
4253 @@ -900,7 +900,7 @@ void synchronize_rcu_expedited(void)
4254 @@ -84316,9 +84379,12 @@ index 130c97b..da2e5fc 100644
4255 }
4256 }
4257
4258 -@@ -2425,9 +2425,9 @@ static void rcu_sysidle_enter(struct rcu_dynticks *rdtp, int irq)
4259 +@@ -2423,11 +2423,11 @@ static void rcu_sysidle_enter(struct rcu_dynticks *rdtp, int irq)
4260 +
4261 + /* Record start of fully idle period. */
4262 j = jiffies;
4263 - ACCESS_ONCE(rdtp->dynticks_idle_jiffies) = j;
4264 +- ACCESS_ONCE(rdtp->dynticks_idle_jiffies) = j;
4265 ++ ACCESS_ONCE_RW(rdtp->dynticks_idle_jiffies) = j;
4266 smp_mb__before_atomic_inc();
4267 - atomic_inc(&rdtp->dynticks_idle);
4268 + atomic_inc_unchecked(&rdtp->dynticks_idle);
4269 @@ -84349,6 +84415,33 @@ index 130c97b..da2e5fc 100644
4270 if (cur & 0x1) {
4271 *isidle = false; /* We are not idle! */
4272 return;
4273 +@@ -2598,7 +2598,7 @@ static void rcu_sysidle(unsigned long j)
4274 + case RCU_SYSIDLE_NOT:
4275 +
4276 + /* First time all are idle, so note a short idle period. */
4277 +- ACCESS_ONCE(full_sysidle_state) = RCU_SYSIDLE_SHORT;
4278 ++ ACCESS_ONCE_RW(full_sysidle_state) = RCU_SYSIDLE_SHORT;
4279 + break;
4280 +
4281 + case RCU_SYSIDLE_SHORT:
4282 +@@ -2635,7 +2635,7 @@ static void rcu_sysidle(unsigned long j)
4283 + static void rcu_sysidle_cancel(void)
4284 + {
4285 + smp_mb();
4286 +- ACCESS_ONCE(full_sysidle_state) = RCU_SYSIDLE_NOT;
4287 ++ ACCESS_ONCE_RW(full_sysidle_state) = RCU_SYSIDLE_NOT;
4288 + }
4289 +
4290 + /*
4291 +@@ -2683,7 +2683,7 @@ static void rcu_sysidle_cb(struct rcu_head *rhp)
4292 + smp_mb(); /* grace period precedes setting inuse. */
4293 +
4294 + rshp = container_of(rhp, struct rcu_sysidle_head, rh);
4295 +- ACCESS_ONCE(rshp->inuse) = 0;
4296 ++ ACCESS_ONCE_RW(rshp->inuse) = 0;
4297 + }
4298 +
4299 + /*
4300 diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c
4301 index cf6c174..a8f4b50 100644
4302 --- a/kernel/rcutree_trace.c
4303
4304 diff --git a/3.12.2/4450_grsec-kconfig-default-gids.patch b/3.12.2/4450_grsec-kconfig-default-gids.patch
4305 index b50114e..aa9d567 100644
4306 --- a/3.12.2/4450_grsec-kconfig-default-gids.patch
4307 +++ b/3.12.2/4450_grsec-kconfig-default-gids.patch
4308 @@ -16,7 +16,7 @@ from shooting themselves in the foot.
4309 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
4310 --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400
4311 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400
4312 -@@ -626,7 +626,7 @@
4313 +@@ -621,7 +621,7 @@
4314 config GRKERNSEC_AUDIT_GID
4315 int "GID for auditing"
4316 depends on GRKERNSEC_AUDIT_GROUP
4317 @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
4318
4319 config GRKERNSEC_EXECLOG
4320 bool "Exec logging"
4321 -@@ -853,7 +853,7 @@
4322 +@@ -848,7 +848,7 @@
4323 config GRKERNSEC_TPE_UNTRUSTED_GID
4324 int "GID for TPE-untrusted users"
4325 depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
4326 @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
4327 help
4328 Setting this GID determines what group TPE restrictions will be
4329 *enabled* for. If the sysctl option is enabled, a sysctl option
4330 -@@ -862,7 +862,7 @@
4331 +@@ -857,7 +857,7 @@
4332 config GRKERNSEC_TPE_TRUSTED_GID
4333 int "GID for TPE-trusted users"
4334 depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
4335 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
4336 help
4337 Setting this GID determines what group TPE restrictions will be
4338 *disabled* for. If the sysctl option is enabled, a sysctl option
4339 -@@ -955,7 +955,7 @@
4340 +@@ -950,7 +950,7 @@
4341 config GRKERNSEC_SOCKET_ALL_GID
4342 int "GID to deny all sockets for"
4343 depends on GRKERNSEC_SOCKET_ALL
4344 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
4345 help
4346 Here you can choose the GID to disable socket access for. Remember to
4347 add the users you want socket access disabled for to the GID
4348 -@@ -976,7 +976,7 @@
4349 +@@ -971,7 +971,7 @@
4350 config GRKERNSEC_SOCKET_CLIENT_GID
4351 int "GID to deny client sockets for"
4352 depends on GRKERNSEC_SOCKET_CLIENT
4353 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
4354 help
4355 Here you can choose the GID to disable client socket access for.
4356 Remember to add the users you want client socket access disabled for to
4357 -@@ -994,7 +994,7 @@
4358 +@@ -989,7 +989,7 @@
4359 config GRKERNSEC_SOCKET_SERVER_GID
4360 int "GID to deny server sockets for"
4361 depends on GRKERNSEC_SOCKET_SERVER
4362
4363 diff --git a/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch
4364 index b26c0b4..6490fca 100644
4365 --- a/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch
4366 +++ b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch
4367 @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
4368 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
4369 --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
4370 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
4371 -@@ -1089,6 +1089,27 @@
4372 +@@ -1084,6 +1084,27 @@
4373 menu "Logging Options"
4374 depends on GRKERNSEC
4375
4376
4377 diff --git a/3.12.2/4470_disable-compat_vdso.patch b/3.12.2/4470_disable-compat_vdso.patch
4378 index a9b2b0f..209dfae 100644
4379 --- a/3.12.2/4470_disable-compat_vdso.patch
4380 +++ b/3.12.2/4470_disable-compat_vdso.patch
4381 @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
4382 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
4383 --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
4384 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
4385 -@@ -1817,17 +1817,8 @@
4386 +@@ -1818,17 +1818,8 @@
4387
4388 config COMPAT_VDSO
4389 def_bool n
4390
4391 diff --git a/3.2.53/0000_README b/3.2.53/0000_README
4392 index 8426af2..9af2616 100644
4393 --- a/3.2.53/0000_README
4394 +++ b/3.2.53/0000_README
4395 @@ -130,7 +130,7 @@ Patch: 1052_linux-3.2.53.patch
4396 From: http://www.kernel.org
4397 Desc: Linux 3.2.53
4398
4399 -Patch: 4420_grsecurity-3.0-3.2.53-201312011108.patch
4400 +Patch: 4420_grsecurity-3.0-3.2.53-201312021727.patch
4401 From: http://www.grsecurity.net
4402 Desc: hardened-sources base patch from upstream grsecurity
4403
4404
4405 diff --git a/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch b/3.2.53/4420_grsecurity-3.0-3.2.53-201312021727.patch
4406 similarity index 99%
4407 rename from 3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch
4408 rename to 3.2.53/4420_grsecurity-3.0-3.2.53-201312021727.patch
4409 index 15444aa..0b81548 100644
4410 --- a/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch
4411 +++ b/3.2.53/4420_grsecurity-3.0-3.2.53-201312021727.patch
4412 @@ -11516,7 +11516,7 @@ index 58cb6d4..a4b806c 100644
4413 /* Atomic operations are already serializing on x86 */
4414 #define smp_mb__before_atomic_dec() barrier()
4415 diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
4416 -index 24098aa..1e37723 100644
4417 +index 24098aa..820ea9d 100644
4418 --- a/arch/x86/include/asm/atomic64_32.h
4419 +++ b/arch/x86/include/asm/atomic64_32.h
4420 @@ -12,6 +12,14 @@ typedef struct {
4421 @@ -11556,7 +11556,7 @@ index 24098aa..1e37723 100644
4422 * atomic64_xchg - xchg atomic64 variable
4423 * @v: pointer to type atomic64_t
4424 * @n: value to assign
4425 -@@ -77,6 +100,24 @@ static inline void atomic64_set(atomic64_t *v, long long i)
4426 +@@ -77,12 +100,30 @@ static inline void atomic64_set(atomic64_t *v, long long i)
4427 }
4428
4429 /**
4430 @@ -11581,6 +11581,13 @@ index 24098aa..1e37723 100644
4431 * atomic64_read - read atomic64 variable
4432 * @v: pointer to type atomic64_t
4433 *
4434 + * Atomically reads the value of @v and returns it.
4435 + */
4436 +-static inline long long atomic64_read(atomic64_t *v)
4437 ++static inline long long __intentional_overflow(-1) atomic64_read(atomic64_t *v)
4438 + {
4439 + long long r;
4440 + asm volatile(ATOMIC64_ALTERNATIVE(read)
4441 @@ -93,6 +134,22 @@ static inline long long atomic64_read(atomic64_t *v)
4442 }
4443
4444 @@ -11669,12 +11676,15 @@ index 24098aa..1e37723 100644
4445 * @i: integer value to subtract
4446 * @v: pointer to type atomic64_t
4447 diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
4448 -index 0e1cbfc..5623683 100644
4449 +index 0e1cbfc..adf5aa7 100644
4450 --- a/arch/x86/include/asm/atomic64_64.h
4451 +++ b/arch/x86/include/asm/atomic64_64.h
4452 -@@ -18,7 +18,19 @@
4453 +@@ -16,9 +16,21 @@
4454 + * Atomically reads the value of @v.
4455 + * Doesn't imply a read memory barrier.
4456 */
4457 - static inline long atomic64_read(const atomic64_t *v)
4458 +-static inline long atomic64_read(const atomic64_t *v)
4459 ++static inline long __intentional_overflow(-1) atomic64_read(const atomic64_t *v)
4460 {
4461 - return (*(volatile long *)&(v)->counter);
4462 + return (*(volatile const long *)&(v)->counter);
Report Message
Find on MARC Find on Google Groups