Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.9.11/, 4.9.12/
Date: Sat, 25 Feb 2017 11:58:11
Message-Id: 1488023842.b29d22f84076b2b7b21dd32836b57ca262dcd8db.blueness@gentoo
1 commit: b29d22f84076b2b7b21dd32836b57ca262dcd8db
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Feb 25 11:57:22 2017 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Feb 25 11:57:22 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=b29d22f8
7
8 grsecurity-3.1-4.9.12-201702231830
9
10 4.9.11/1009_linux-4.9.10.patch | 2157 --------------------
11 4.9.11/1010_linux-4.9.11.patch | 1893 -----------------
12 {4.9.11 => 4.9.12}/0000_README | 10 +-
13 .../4420_grsecurity-3.1-4.9.12-201702231830.patch | 299 +--
14 {4.9.11 => 4.9.12}/4425_grsec_remove_EI_PAX.patch | 0
15 .../4426_default_XATTR_PAX_FLAGS.patch | 0
16 .../4427_force_XATTR_PAX_tmpfs.patch | 0
17 .../4430_grsec-remove-localversion-grsec.patch | 0
18 {4.9.11 => 4.9.12}/4435_grsec-mute-warnings.patch | 0
19 .../4440_grsec-remove-protected-paths.patch | 0
20 .../4450_grsec-kconfig-default-gids.patch | 0
21 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
22 {4.9.11 => 4.9.12}/4470_disable-compat_vdso.patch | 0
23 {4.9.11 => 4.9.12}/4475_emutramp_default_on.patch | 0
24 14 files changed, 161 insertions(+), 4198 deletions(-)
25
26 diff --git a/4.9.11/1009_linux-4.9.10.patch b/4.9.11/1009_linux-4.9.10.patch
27 deleted file mode 100644
28 index 1767b59..0000000
29 --- a/4.9.11/1009_linux-4.9.10.patch
30 +++ /dev/null
31 @@ -1,2157 +0,0 @@
32 -diff --git a/Makefile b/Makefile
33 -index c0c41c9..d2fe757 100644
34 ---- a/Makefile
35 -+++ b/Makefile
36 -@@ -1,6 +1,6 @@
37 - VERSION = 4
38 - PATCHLEVEL = 9
39 --SUBLEVEL = 9
40 -+SUBLEVEL = 10
41 - EXTRAVERSION =
42 - NAME = Roaring Lionus
43 -
44 -diff --git a/arch/arc/kernel/unaligned.c b/arch/arc/kernel/unaligned.c
45 -index 91ebe38..5f69c3b 100644
46 ---- a/arch/arc/kernel/unaligned.c
47 -+++ b/arch/arc/kernel/unaligned.c
48 -@@ -243,7 +243,7 @@ int misaligned_fixup(unsigned long address, struct pt_regs *regs,
49 -
50 - /* clear any remanants of delay slot */
51 - if (delay_mode(regs)) {
52 -- regs->ret = regs->bta ~1U;
53 -+ regs->ret = regs->bta & ~1U;
54 - regs->status32 &= ~STATUS_DE_MASK;
55 - } else {
56 - regs->ret += state.instr_len;
57 -diff --git a/arch/arm/boot/dts/imx6dl.dtsi b/arch/arm/boot/dts/imx6dl.dtsi
58 -index 1ade195..7aa120f 100644
59 ---- a/arch/arm/boot/dts/imx6dl.dtsi
60 -+++ b/arch/arm/boot/dts/imx6dl.dtsi
61 -@@ -137,7 +137,7 @@
62 - &gpio4 {
63 - gpio-ranges = <&iomuxc 5 136 1>, <&iomuxc 6 145 1>, <&iomuxc 7 150 1>,
64 - <&iomuxc 8 146 1>, <&iomuxc 9 151 1>, <&iomuxc 10 147 1>,
65 -- <&iomuxc 11 151 1>, <&iomuxc 12 148 1>, <&iomuxc 13 153 1>,
66 -+ <&iomuxc 11 152 1>, <&iomuxc 12 148 1>, <&iomuxc 13 153 1>,
67 - <&iomuxc 14 149 1>, <&iomuxc 15 154 1>, <&iomuxc 16 39 7>,
68 - <&iomuxc 23 56 1>, <&iomuxc 24 61 7>, <&iomuxc 31 46 1>;
69 - };
70 -diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
71 -index ce131ed..ae738a6 100644
72 ---- a/arch/arm/kernel/ptrace.c
73 -+++ b/arch/arm/kernel/ptrace.c
74 -@@ -600,7 +600,7 @@ static int gpr_set(struct task_struct *target,
75 - const void *kbuf, const void __user *ubuf)
76 - {
77 - int ret;
78 -- struct pt_regs newregs;
79 -+ struct pt_regs newregs = *task_pt_regs(target);
80 -
81 - ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
82 - &newregs,
83 -diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
84 -index 3a2e678..0122ad1 100644
85 ---- a/arch/arm/mm/fault.c
86 -+++ b/arch/arm/mm/fault.c
87 -@@ -610,9 +610,9 @@ static int __init early_abort_handler(unsigned long addr, unsigned int fsr,
88 -
89 - void __init early_abt_enable(void)
90 - {
91 -- fsr_info[22].fn = early_abort_handler;
92 -+ fsr_info[FSR_FS_AEA].fn = early_abort_handler;
93 - local_abt_enable();
94 -- fsr_info[22].fn = do_bad;
95 -+ fsr_info[FSR_FS_AEA].fn = do_bad;
96 - }
97 -
98 - #ifndef CONFIG_ARM_LPAE
99 -diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h
100 -index 67532f2..afc1f84 100644
101 ---- a/arch/arm/mm/fault.h
102 -+++ b/arch/arm/mm/fault.h
103 -@@ -11,11 +11,15 @@
104 - #define FSR_FS5_0 (0x3f)
105 -
106 - #ifdef CONFIG_ARM_LPAE
107 -+#define FSR_FS_AEA 17
108 -+
109 - static inline int fsr_fs(unsigned int fsr)
110 - {
111 - return fsr & FSR_FS5_0;
112 - }
113 - #else
114 -+#define FSR_FS_AEA 22
115 -+
116 - static inline int fsr_fs(unsigned int fsr)
117 - {
118 - return (fsr & FSR_FS3_0) | (fsr & FSR_FS4) >> 6;
119 -diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
120 -index 9e1499f..13f5fad 100644
121 ---- a/arch/powerpc/include/asm/reg.h
122 -+++ b/arch/powerpc/include/asm/reg.h
123 -@@ -641,9 +641,10 @@
124 - #define SRR1_ISI_N_OR_G 0x10000000 /* ISI: Access is no-exec or G */
125 - #define SRR1_ISI_PROT 0x08000000 /* ISI: Other protection fault */
126 - #define SRR1_WAKEMASK 0x00380000 /* reason for wakeup */
127 --#define SRR1_WAKEMASK_P8 0x003c0000 /* reason for wakeup on POWER8 */
128 -+#define SRR1_WAKEMASK_P8 0x003c0000 /* reason for wakeup on POWER8 and 9 */
129 - #define SRR1_WAKESYSERR 0x00300000 /* System error */
130 - #define SRR1_WAKEEE 0x00200000 /* External interrupt */
131 -+#define SRR1_WAKEHVI 0x00240000 /* Hypervisor Virtualization Interrupt (P9) */
132 - #define SRR1_WAKEMT 0x00280000 /* mtctrl */
133 - #define SRR1_WAKEHMI 0x00280000 /* Hypervisor maintenance */
134 - #define SRR1_WAKEDEC 0x00180000 /* Decrementer interrupt */
135 -diff --git a/arch/powerpc/include/asm/xics.h b/arch/powerpc/include/asm/xics.h
136 -index f0b2385..e0b9e57 100644
137 ---- a/arch/powerpc/include/asm/xics.h
138 -+++ b/arch/powerpc/include/asm/xics.h
139 -@@ -44,6 +44,7 @@ static inline int icp_hv_init(void) { return -ENODEV; }
140 -
141 - #ifdef CONFIG_PPC_POWERNV
142 - extern int icp_opal_init(void);
143 -+extern void icp_opal_flush_interrupt(void);
144 - #else
145 - static inline int icp_opal_init(void) { return -ENODEV; }
146 - #endif
147 -diff --git a/arch/powerpc/mm/tlb-radix.c b/arch/powerpc/mm/tlb-radix.c
148 -index 3493cf4..71697ff 100644
149 ---- a/arch/powerpc/mm/tlb-radix.c
150 -+++ b/arch/powerpc/mm/tlb-radix.c
151 -@@ -50,9 +50,7 @@ static inline void _tlbiel_pid(unsigned long pid, unsigned long ric)
152 - for (set = 0; set < POWER9_TLB_SETS_RADIX ; set++) {
153 - __tlbiel_pid(pid, set, ric);
154 - }
155 -- if (cpu_has_feature(CPU_FTR_POWER9_DD1))
156 -- asm volatile(PPC_INVALIDATE_ERAT : : :"memory");
157 -- return;
158 -+ asm volatile(PPC_INVALIDATE_ERAT "; isync" : : :"memory");
159 - }
160 -
161 - static inline void _tlbie_pid(unsigned long pid, unsigned long ric)
162 -@@ -85,8 +83,6 @@ static inline void _tlbiel_va(unsigned long va, unsigned long pid,
163 - asm volatile(PPC_TLBIEL(%0, %4, %3, %2, %1)
164 - : : "r"(rb), "i"(r), "i"(prs), "i"(ric), "r"(rs) : "memory");
165 - asm volatile("ptesync": : :"memory");
166 -- if (cpu_has_feature(CPU_FTR_POWER9_DD1))
167 -- asm volatile(PPC_INVALIDATE_ERAT : : :"memory");
168 - }
169 -
170 - static inline void _tlbie_va(unsigned long va, unsigned long pid,
171 -diff --git a/arch/powerpc/platforms/powernv/smp.c b/arch/powerpc/platforms/powernv/smp.c
172 -index c789258..eec0e8d 100644
173 ---- a/arch/powerpc/platforms/powernv/smp.c
174 -+++ b/arch/powerpc/platforms/powernv/smp.c
175 -@@ -155,8 +155,10 @@ static void pnv_smp_cpu_kill_self(void)
176 - wmask = SRR1_WAKEMASK_P8;
177 -
178 - idle_states = pnv_get_supported_cpuidle_states();
179 -+
180 - /* We don't want to take decrementer interrupts while we are offline,
181 -- * so clear LPCR:PECE1. We keep PECE2 enabled.
182 -+ * so clear LPCR:PECE1. We keep PECE2 (and LPCR_PECE_HVEE on P9)
183 -+ * enabled as to let IPIs in.
184 - */
185 - mtspr(SPRN_LPCR, mfspr(SPRN_LPCR) & ~(u64)LPCR_PECE1);
186 -
187 -@@ -206,8 +208,12 @@ static void pnv_smp_cpu_kill_self(void)
188 - * contains 0.
189 - */
190 - if (((srr1 & wmask) == SRR1_WAKEEE) ||
191 -+ ((srr1 & wmask) == SRR1_WAKEHVI) ||
192 - (local_paca->irq_happened & PACA_IRQ_EE)) {
193 -- icp_native_flush_interrupt();
194 -+ if (cpu_has_feature(CPU_FTR_ARCH_300))
195 -+ icp_opal_flush_interrupt();
196 -+ else
197 -+ icp_native_flush_interrupt();
198 - } else if ((srr1 & wmask) == SRR1_WAKEHDBELL) {
199 - unsigned long msg = PPC_DBELL_TYPE(PPC_DBELL_SERVER);
200 - asm volatile(PPC_MSGCLR(%0) : : "r" (msg));
201 -@@ -221,6 +227,8 @@ static void pnv_smp_cpu_kill_self(void)
202 - if (srr1 && !generic_check_cpu_restart(cpu))
203 - DBG("CPU%d Unexpected exit while offline !\n", cpu);
204 - }
205 -+
206 -+ /* Re-enable decrementer interrupts */
207 - mtspr(SPRN_LPCR, mfspr(SPRN_LPCR) | LPCR_PECE1);
208 - DBG("CPU%d coming online...\n", cpu);
209 - }
210 -diff --git a/arch/powerpc/sysdev/xics/icp-opal.c b/arch/powerpc/sysdev/xics/icp-opal.c
211 -index 60c5765..c96c0cb 100644
212 ---- a/arch/powerpc/sysdev/xics/icp-opal.c
213 -+++ b/arch/powerpc/sysdev/xics/icp-opal.c
214 -@@ -132,6 +132,35 @@ static irqreturn_t icp_opal_ipi_action(int irq, void *dev_id)
215 - return smp_ipi_demux();
216 - }
217 -
218 -+/*
219 -+ * Called when an interrupt is received on an off-line CPU to
220 -+ * clear the interrupt, so that the CPU can go back to nap mode.
221 -+ */
222 -+void icp_opal_flush_interrupt(void)
223 -+{
224 -+ unsigned int xirr;
225 -+ unsigned int vec;
226 -+
227 -+ do {
228 -+ xirr = icp_opal_get_xirr();
229 -+ vec = xirr & 0x00ffffff;
230 -+ if (vec == XICS_IRQ_SPURIOUS)
231 -+ break;
232 -+ if (vec == XICS_IPI) {
233 -+ /* Clear pending IPI */
234 -+ int cpu = smp_processor_id();
235 -+ kvmppc_set_host_ipi(cpu, 0);
236 -+ opal_int_set_mfrr(get_hard_smp_processor_id(cpu), 0xff);
237 -+ } else {
238 -+ pr_err("XICS: hw interrupt 0x%x to offline cpu, "
239 -+ "disabling\n", vec);
240 -+ xics_mask_unknown_vec(vec);
241 -+ }
242 -+
243 -+ /* EOI the interrupt */
244 -+ } while (opal_int_eoi(xirr) > 0);
245 -+}
246 -+
247 - #endif /* CONFIG_SMP */
248 -
249 - static const struct icp_ops icp_opal_ops = {
250 -diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
251 -index 984a7bf..83db0ea 100644
252 ---- a/arch/x86/include/asm/processor.h
253 -+++ b/arch/x86/include/asm/processor.h
254 -@@ -104,6 +104,7 @@ struct cpuinfo_x86 {
255 - __u8 x86_phys_bits;
256 - /* CPUID returned core id bits: */
257 - __u8 x86_coreid_bits;
258 -+ __u8 cu_id;
259 - /* Max extended CPUID function supported: */
260 - __u32 extended_cpuid_level;
261 - /* Maximum supported CPUID level, -1=no CPUID: */
262 -diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
263 -index 7249f15..d1e2556 100644
264 ---- a/arch/x86/kernel/apic/io_apic.c
265 -+++ b/arch/x86/kernel/apic/io_apic.c
266 -@@ -1876,7 +1876,6 @@ static struct irq_chip ioapic_chip __read_mostly = {
267 - .irq_ack = irq_chip_ack_parent,
268 - .irq_eoi = ioapic_ack_level,
269 - .irq_set_affinity = ioapic_set_affinity,
270 -- .irq_retrigger = irq_chip_retrigger_hierarchy,
271 - .flags = IRQCHIP_SKIP_SET_WAKE,
272 - };
273 -
274 -@@ -1888,7 +1887,6 @@ static struct irq_chip ioapic_ir_chip __read_mostly = {
275 - .irq_ack = irq_chip_ack_parent,
276 - .irq_eoi = ioapic_ir_ack_level,
277 - .irq_set_affinity = ioapic_set_affinity,
278 -- .irq_retrigger = irq_chip_retrigger_hierarchy,
279 - .flags = IRQCHIP_SKIP_SET_WAKE,
280 - };
281 -
282 -diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
283 -index 1d31672..2b4cf04 100644
284 ---- a/arch/x86/kernel/cpu/amd.c
285 -+++ b/arch/x86/kernel/cpu/amd.c
286 -@@ -309,8 +309,22 @@ static void amd_get_topology(struct cpuinfo_x86 *c)
287 -
288 - /* get information required for multi-node processors */
289 - if (boot_cpu_has(X86_FEATURE_TOPOEXT)) {
290 -+ u32 eax, ebx, ecx, edx;
291 -
292 -- node_id = cpuid_ecx(0x8000001e) & 7;
293 -+ cpuid(0x8000001e, &eax, &ebx, &ecx, &edx);
294 -+
295 -+ node_id = ecx & 0xff;
296 -+ smp_num_siblings = ((ebx >> 8) & 0xff) + 1;
297 -+
298 -+ if (c->x86 == 0x15)
299 -+ c->cu_id = ebx & 0xff;
300 -+
301 -+ if (c->x86 >= 0x17) {
302 -+ c->cpu_core_id = ebx & 0xff;
303 -+
304 -+ if (smp_num_siblings > 1)
305 -+ c->x86_max_cores /= smp_num_siblings;
306 -+ }
307 -
308 - /*
309 - * We may have multiple LLCs if L3 caches exist, so check if we
310 -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
311 -index 023c7bf..4eece91 100644
312 ---- a/arch/x86/kernel/cpu/common.c
313 -+++ b/arch/x86/kernel/cpu/common.c
314 -@@ -1015,6 +1015,7 @@ static void identify_cpu(struct cpuinfo_x86 *c)
315 - c->x86_model_id[0] = '\0'; /* Unset */
316 - c->x86_max_cores = 1;
317 - c->x86_coreid_bits = 0;
318 -+ c->cu_id = 0xff;
319 - #ifdef CONFIG_X86_64
320 - c->x86_clflush_size = 64;
321 - c->x86_phys_bits = 36;
322 -diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
323 -index e9bbe02..36171bc 100644
324 ---- a/arch/x86/kernel/smpboot.c
325 -+++ b/arch/x86/kernel/smpboot.c
326 -@@ -423,9 +423,15 @@ static bool match_smt(struct cpuinfo_x86 *c, struct cpuinfo_x86 *o)
327 - int cpu1 = c->cpu_index, cpu2 = o->cpu_index;
328 -
329 - if (c->phys_proc_id == o->phys_proc_id &&
330 -- per_cpu(cpu_llc_id, cpu1) == per_cpu(cpu_llc_id, cpu2) &&
331 -- c->cpu_core_id == o->cpu_core_id)
332 -- return topology_sane(c, o, "smt");
333 -+ per_cpu(cpu_llc_id, cpu1) == per_cpu(cpu_llc_id, cpu2)) {
334 -+ if (c->cpu_core_id == o->cpu_core_id)
335 -+ return topology_sane(c, o, "smt");
336 -+
337 -+ if ((c->cu_id != 0xff) &&
338 -+ (o->cu_id != 0xff) &&
339 -+ (c->cu_id == o->cu_id))
340 -+ return topology_sane(c, o, "smt");
341 -+ }
342 -
343 - } else if (c->phys_proc_id == o->phys_proc_id &&
344 - c->cpu_core_id == o->cpu_core_id) {
345 -diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
346 -index ea9c49a..8aa6bea 100644
347 ---- a/arch/x86/mm/dump_pagetables.c
348 -+++ b/arch/x86/mm/dump_pagetables.c
349 -@@ -15,6 +15,7 @@
350 - #include <linux/debugfs.h>
351 - #include <linux/mm.h>
352 - #include <linux/init.h>
353 -+#include <linux/sched.h>
354 - #include <linux/seq_file.h>
355 -
356 - #include <asm/pgtable.h>
357 -@@ -406,6 +407,7 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd,
358 - } else
359 - note_page(m, &st, __pgprot(0), 1);
360 -
361 -+ cond_resched();
362 - start++;
363 - }
364 -
365 -diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
366 -index e9c0993..e8817e2 100644
367 ---- a/crypto/algif_aead.c
368 -+++ b/crypto/algif_aead.c
369 -@@ -671,9 +671,9 @@ static int aead_recvmsg_sync(struct socket *sock, struct msghdr *msg, int flags)
370 - unlock:
371 - list_for_each_entry_safe(rsgl, tmp, &ctx->list, list) {
372 - af_alg_free_sg(&rsgl->sgl);
373 -+ list_del(&rsgl->list);
374 - if (rsgl != &ctx->first_rsgl)
375 - sock_kfree_s(sk, rsgl, sizeof(*rsgl));
376 -- list_del(&rsgl->list);
377 - }
378 - INIT_LIST_HEAD(&ctx->list);
379 - aead_wmem_wakeup(sk);
380 -diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
381 -index 312c4b4..6eb6733 100644
382 ---- a/drivers/acpi/nfit/core.c
383 -+++ b/drivers/acpi/nfit/core.c
384 -@@ -2704,6 +2704,7 @@ static int acpi_nfit_flush_probe(struct nvdimm_bus_descriptor *nd_desc)
385 - struct acpi_nfit_desc *acpi_desc = to_acpi_nfit_desc(nd_desc);
386 - struct device *dev = acpi_desc->dev;
387 - struct acpi_nfit_flush_work flush;
388 -+ int rc;
389 -
390 - /* bounce the device lock to flush acpi_nfit_add / acpi_nfit_notify */
391 - device_lock(dev);
392 -@@ -2716,7 +2717,10 @@ static int acpi_nfit_flush_probe(struct nvdimm_bus_descriptor *nd_desc)
393 - INIT_WORK_ONSTACK(&flush.work, flush_probe);
394 - COMPLETION_INITIALIZER_ONSTACK(flush.cmp);
395 - queue_work(nfit_wq, &flush.work);
396 -- return wait_for_completion_interruptible(&flush.cmp);
397 -+
398 -+ rc = wait_for_completion_interruptible(&flush.cmp);
399 -+ cancel_work_sync(&flush.work);
400 -+ return rc;
401 - }
402 -
403 - static int acpi_nfit_clear_to_send(struct nvdimm_bus_descriptor *nd_desc,
404 -diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
405 -index 4737520..80fa656 100644
406 ---- a/drivers/cpufreq/intel_pstate.c
407 -+++ b/drivers/cpufreq/intel_pstate.c
408 -@@ -820,6 +820,25 @@ static void intel_pstate_hwp_enable(struct cpudata *cpudata)
409 - wrmsrl_on_cpu(cpudata->cpu, MSR_PM_ENABLE, 0x1);
410 - }
411 -
412 -+#define MSR_IA32_POWER_CTL_BIT_EE 19
413 -+
414 -+/* Disable energy efficiency optimization */
415 -+static void intel_pstate_disable_ee(int cpu)
416 -+{
417 -+ u64 power_ctl;
418 -+ int ret;
419 -+
420 -+ ret = rdmsrl_on_cpu(cpu, MSR_IA32_POWER_CTL, &power_ctl);
421 -+ if (ret)
422 -+ return;
423 -+
424 -+ if (!(power_ctl & BIT(MSR_IA32_POWER_CTL_BIT_EE))) {
425 -+ pr_info("Disabling energy efficiency optimization\n");
426 -+ power_ctl |= BIT(MSR_IA32_POWER_CTL_BIT_EE);
427 -+ wrmsrl_on_cpu(cpu, MSR_IA32_POWER_CTL, power_ctl);
428 -+ }
429 -+}
430 -+
431 - static int atom_get_min_pstate(void)
432 - {
433 - u64 value;
434 -@@ -1420,6 +1439,11 @@ static const struct x86_cpu_id intel_pstate_cpu_oob_ids[] __initconst = {
435 - {}
436 - };
437 -
438 -+static const struct x86_cpu_id intel_pstate_cpu_ee_disable_ids[] = {
439 -+ ICPU(INTEL_FAM6_KABYLAKE_DESKTOP, core_params),
440 -+ {}
441 -+};
442 -+
443 - static int intel_pstate_init_cpu(unsigned int cpunum)
444 - {
445 - struct cpudata *cpu;
446 -@@ -1435,6 +1459,12 @@ static int intel_pstate_init_cpu(unsigned int cpunum)
447 - cpu->cpu = cpunum;
448 -
449 - if (hwp_active) {
450 -+ const struct x86_cpu_id *id;
451 -+
452 -+ id = x86_match_cpu(intel_pstate_cpu_ee_disable_ids);
453 -+ if (id)
454 -+ intel_pstate_disable_ee(cpunum);
455 -+
456 - intel_pstate_hwp_enable(cpu);
457 - pid_params.sample_rate_ms = 50;
458 - pid_params.sample_rate_ns = 50 * NSEC_PER_MSEC;
459 -diff --git a/drivers/crypto/ccp/ccp-dev-v5.c b/drivers/crypto/ccp/ccp-dev-v5.c
460 -index faf3cb3..a388bf2 100644
461 ---- a/drivers/crypto/ccp/ccp-dev-v5.c
462 -+++ b/drivers/crypto/ccp/ccp-dev-v5.c
463 -@@ -955,7 +955,7 @@ static irqreturn_t ccp5_irq_handler(int irq, void *data)
464 - static void ccp5_config(struct ccp_device *ccp)
465 - {
466 - /* Public side */
467 -- iowrite32(0x00001249, ccp->io_regs + CMD5_REQID_CONFIG_OFFSET);
468 -+ iowrite32(0x0, ccp->io_regs + CMD5_REQID_CONFIG_OFFSET);
469 - }
470 -
471 - static void ccp5other_config(struct ccp_device *ccp)
472 -diff --git a/drivers/crypto/ccp/ccp-dev.h b/drivers/crypto/ccp/ccp-dev.h
473 -index da5f4a6..340aef1 100644
474 ---- a/drivers/crypto/ccp/ccp-dev.h
475 -+++ b/drivers/crypto/ccp/ccp-dev.h
476 -@@ -238,6 +238,7 @@ struct ccp_dma_chan {
477 - struct ccp_device *ccp;
478 -
479 - spinlock_t lock;
480 -+ struct list_head created;
481 - struct list_head pending;
482 - struct list_head active;
483 - struct list_head complete;
484 -diff --git a/drivers/crypto/ccp/ccp-dmaengine.c b/drivers/crypto/ccp/ccp-dmaengine.c
485 -index 6553912..e5d9278 100644
486 ---- a/drivers/crypto/ccp/ccp-dmaengine.c
487 -+++ b/drivers/crypto/ccp/ccp-dmaengine.c
488 -@@ -63,6 +63,7 @@ static void ccp_free_chan_resources(struct dma_chan *dma_chan)
489 - ccp_free_desc_resources(chan->ccp, &chan->complete);
490 - ccp_free_desc_resources(chan->ccp, &chan->active);
491 - ccp_free_desc_resources(chan->ccp, &chan->pending);
492 -+ ccp_free_desc_resources(chan->ccp, &chan->created);
493 -
494 - spin_unlock_irqrestore(&chan->lock, flags);
495 - }
496 -@@ -273,6 +274,7 @@ static dma_cookie_t ccp_tx_submit(struct dma_async_tx_descriptor *tx_desc)
497 - spin_lock_irqsave(&chan->lock, flags);
498 -
499 - cookie = dma_cookie_assign(tx_desc);
500 -+ list_del(&desc->entry);
501 - list_add_tail(&desc->entry, &chan->pending);
502 -
503 - spin_unlock_irqrestore(&chan->lock, flags);
504 -@@ -426,7 +428,7 @@ static struct ccp_dma_desc *ccp_create_desc(struct dma_chan *dma_chan,
505 -
506 - spin_lock_irqsave(&chan->lock, sflags);
507 -
508 -- list_add_tail(&desc->entry, &chan->pending);
509 -+ list_add_tail(&desc->entry, &chan->created);
510 -
511 - spin_unlock_irqrestore(&chan->lock, sflags);
512 -
513 -@@ -610,6 +612,7 @@ static int ccp_terminate_all(struct dma_chan *dma_chan)
514 - /*TODO: Purge the complete list? */
515 - ccp_free_desc_resources(chan->ccp, &chan->active);
516 - ccp_free_desc_resources(chan->ccp, &chan->pending);
517 -+ ccp_free_desc_resources(chan->ccp, &chan->created);
518 -
519 - spin_unlock_irqrestore(&chan->lock, flags);
520 -
521 -@@ -679,6 +682,7 @@ int ccp_dmaengine_register(struct ccp_device *ccp)
522 - chan->ccp = ccp;
523 -
524 - spin_lock_init(&chan->lock);
525 -+ INIT_LIST_HEAD(&chan->created);
526 - INIT_LIST_HEAD(&chan->pending);
527 - INIT_LIST_HEAD(&chan->active);
528 - INIT_LIST_HEAD(&chan->complete);
529 -diff --git a/drivers/crypto/chelsio/chcr_core.c b/drivers/crypto/chelsio/chcr_core.c
530 -index fb5f9bb..6aece3f 100644
531 ---- a/drivers/crypto/chelsio/chcr_core.c
532 -+++ b/drivers/crypto/chelsio/chcr_core.c
533 -@@ -51,6 +51,7 @@ static struct cxgb4_uld_info chcr_uld_info = {
534 - int assign_chcr_device(struct chcr_dev **dev)
535 - {
536 - struct uld_ctx *u_ctx;
537 -+ int ret = -ENXIO;
538 -
539 - /*
540 - * Which device to use if multiple devices are available TODO
541 -@@ -58,15 +59,14 @@ int assign_chcr_device(struct chcr_dev **dev)
542 - * must go to the same device to maintain the ordering.
543 - */
544 - mutex_lock(&dev_mutex); /* TODO ? */
545 -- u_ctx = list_first_entry(&uld_ctx_list, struct uld_ctx, entry);
546 -- if (!u_ctx) {
547 -- mutex_unlock(&dev_mutex);
548 -- return -ENXIO;
549 -+ list_for_each_entry(u_ctx, &uld_ctx_list, entry)
550 -+ if (u_ctx && u_ctx->dev) {
551 -+ *dev = u_ctx->dev;
552 -+ ret = 0;
553 -+ break;
554 - }
555 --
556 -- *dev = u_ctx->dev;
557 - mutex_unlock(&dev_mutex);
558 -- return 0;
559 -+ return ret;
560 - }
561 -
562 - static int chcr_dev_add(struct uld_ctx *u_ctx)
563 -@@ -203,10 +203,8 @@ static int chcr_uld_state_change(void *handle, enum cxgb4_state state)
564 -
565 - static int __init chcr_crypto_init(void)
566 - {
567 -- if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, &chcr_uld_info)) {
568 -+ if (cxgb4_register_uld(CXGB4_ULD_CRYPTO, &chcr_uld_info))
569 - pr_err("ULD register fail: No chcr crypto support in cxgb4");
570 -- return -1;
571 -- }
572 -
573 - return 0;
574 - }
575 -diff --git a/drivers/crypto/qat/qat_c62x/adf_drv.c b/drivers/crypto/qat/qat_c62x/adf_drv.c
576 -index bc5cbc1..5b2d78a 100644
577 ---- a/drivers/crypto/qat/qat_c62x/adf_drv.c
578 -+++ b/drivers/crypto/qat/qat_c62x/adf_drv.c
579 -@@ -233,7 +233,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
580 - &hw_data->accel_capabilities_mask);
581 -
582 - /* Find and map all the device's BARS */
583 -- i = 0;
584 -+ i = (hw_data->fuses & ADF_DEVICE_FUSECTL_MASK) ? 1 : 0;
585 - bar_mask = pci_select_bars(pdev, IORESOURCE_MEM);
586 - for_each_set_bit(bar_nr, (const unsigned long *)&bar_mask,
587 - ADF_PCI_MAX_BARS * 2) {
588 -diff --git a/drivers/crypto/qat/qat_common/adf_accel_devices.h b/drivers/crypto/qat/qat_common/adf_accel_devices.h
589 -index e882253..33f0a62 100644
590 ---- a/drivers/crypto/qat/qat_common/adf_accel_devices.h
591 -+++ b/drivers/crypto/qat/qat_common/adf_accel_devices.h
592 -@@ -69,6 +69,7 @@
593 - #define ADF_ERRSOU5 (0x3A000 + 0xD8)
594 - #define ADF_DEVICE_FUSECTL_OFFSET 0x40
595 - #define ADF_DEVICE_LEGFUSE_OFFSET 0x4C
596 -+#define ADF_DEVICE_FUSECTL_MASK 0x80000000
597 - #define ADF_PCI_MAX_BARS 3
598 - #define ADF_DEVICE_NAME_LENGTH 32
599 - #define ADF_ETR_MAX_RINGS_PER_BANK 16
600 -diff --git a/drivers/crypto/qat/qat_common/qat_hal.c b/drivers/crypto/qat/qat_common/qat_hal.c
601 -index 1e480f1..8c4fd25 100644
602 ---- a/drivers/crypto/qat/qat_common/qat_hal.c
603 -+++ b/drivers/crypto/qat/qat_common/qat_hal.c
604 -@@ -456,7 +456,7 @@ static int qat_hal_init_esram(struct icp_qat_fw_loader_handle *handle)
605 - unsigned int csr_val;
606 - int times = 30;
607 -
608 -- if (handle->pci_dev->device == ADF_C3XXX_PCI_DEVICE_ID)
609 -+ if (handle->pci_dev->device != ADF_DH895XCC_PCI_DEVICE_ID)
610 - return 0;
611 -
612 - csr_val = ADF_CSR_RD(csr_addr, 0);
613 -@@ -716,7 +716,7 @@ int qat_hal_init(struct adf_accel_dev *accel_dev)
614 - (void __iomem *)((uintptr_t)handle->hal_cap_ae_xfer_csr_addr_v +
615 - LOCAL_TO_XFER_REG_OFFSET);
616 - handle->pci_dev = pci_info->pci_dev;
617 -- if (handle->pci_dev->device != ADF_C3XXX_PCI_DEVICE_ID) {
618 -+ if (handle->pci_dev->device == ADF_DH895XCC_PCI_DEVICE_ID) {
619 - sram_bar =
620 - &pci_info->pci_bars[hw_data->get_sram_bar_id(hw_data)];
621 - handle->hal_sram_addr_v = sram_bar->virt_addr;
622 -diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
623 -index e6862a7..4e19bde 100644
624 ---- a/drivers/gpu/drm/drm_atomic.c
625 -+++ b/drivers/gpu/drm/drm_atomic.c
626 -@@ -1759,16 +1759,16 @@ int drm_mode_atomic_ioctl(struct drm_device *dev,
627 -
628 - if (ret && arg->flags & DRM_MODE_PAGE_FLIP_EVENT) {
629 - /*
630 -- * TEST_ONLY and PAGE_FLIP_EVENT are mutually exclusive,
631 -- * if they weren't, this code should be called on success
632 -- * for TEST_ONLY too.
633 -+ * Free the allocated event. drm_atomic_helper_setup_commit
634 -+ * can allocate an event too, so only free it if it's ours
635 -+ * to prevent a double free in drm_atomic_state_clear.
636 - */
637 --
638 - for_each_crtc_in_state(state, crtc, crtc_state, i) {
639 -- if (!crtc_state->event)
640 -- continue;
641 --
642 -- drm_event_cancel_free(dev, &crtc_state->event->base);
643 -+ struct drm_pending_vblank_event *event = crtc_state->event;
644 -+ if (event && (event->base.fence || event->base.file_priv)) {
645 -+ drm_event_cancel_free(dev, &event->base);
646 -+ crtc_state->event = NULL;
647 -+ }
648 - }
649 - }
650 -
651 -diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
652 -index a218c2e..0c400f8 100644
653 ---- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
654 -+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
655 -@@ -1215,14 +1215,14 @@ validate_exec_list(struct drm_device *dev,
656 - if (exec[i].offset !=
657 - gen8_canonical_addr(exec[i].offset & PAGE_MASK))
658 - return -EINVAL;
659 --
660 -- /* From drm_mm perspective address space is continuous,
661 -- * so from this point we're always using non-canonical
662 -- * form internally.
663 -- */
664 -- exec[i].offset = gen8_noncanonical_addr(exec[i].offset);
665 - }
666 -
667 -+ /* From drm_mm perspective address space is continuous,
668 -+ * so from this point we're always using non-canonical
669 -+ * form internally.
670 -+ */
671 -+ exec[i].offset = gen8_noncanonical_addr(exec[i].offset);
672 -+
673 - if (exec[i].alignment && !is_power_of_2(exec[i].alignment))
674 - return -EINVAL;
675 -
676 -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
677 -index 8079e5b..b9be8a6 100644
678 ---- a/drivers/gpu/drm/i915/intel_display.c
679 -+++ b/drivers/gpu/drm/i915/intel_display.c
680 -@@ -4280,10 +4280,10 @@ static void page_flip_completed(struct intel_crtc *intel_crtc)
681 - drm_crtc_vblank_put(&intel_crtc->base);
682 -
683 - wake_up_all(&dev_priv->pending_flip_queue);
684 -- queue_work(dev_priv->wq, &work->unpin_work);
685 --
686 - trace_i915_flip_complete(intel_crtc->plane,
687 - work->pending_flip_obj);
688 -+
689 -+ queue_work(dev_priv->wq, &work->unpin_work);
690 - }
691 -
692 - static int intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc)
693 -diff --git a/drivers/gpu/drm/i915/intel_dpll_mgr.c b/drivers/gpu/drm/i915/intel_dpll_mgr.c
694 -index 1c59ca5..cae27c5 100644
695 ---- a/drivers/gpu/drm/i915/intel_dpll_mgr.c
696 -+++ b/drivers/gpu/drm/i915/intel_dpll_mgr.c
697 -@@ -1723,7 +1723,8 @@ bxt_get_dpll(struct intel_crtc *crtc,
698 - return NULL;
699 -
700 - if ((encoder->type == INTEL_OUTPUT_DP ||
701 -- encoder->type == INTEL_OUTPUT_EDP) &&
702 -+ encoder->type == INTEL_OUTPUT_EDP ||
703 -+ encoder->type == INTEL_OUTPUT_DP_MST) &&
704 - !bxt_ddi_dp_set_dpll_hw_state(clock, &dpll_hw_state))
705 - return NULL;
706 -
707 -diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
708 -index 16f91c8..5fb4c6d 100644
709 ---- a/drivers/hv/channel.c
710 -+++ b/drivers/hv/channel.c
711 -@@ -39,7 +39,7 @@
712 - * vmbus_setevent- Trigger an event notification on the specified
713 - * channel.
714 - */
715 --static void vmbus_setevent(struct vmbus_channel *channel)
716 -+void vmbus_setevent(struct vmbus_channel *channel)
717 - {
718 - struct hv_monitor_page *monitorpage;
719 -
720 -@@ -65,6 +65,7 @@ static void vmbus_setevent(struct vmbus_channel *channel)
721 - vmbus_set_event(channel);
722 - }
723 - }
724 -+EXPORT_SYMBOL_GPL(vmbus_setevent);
725 -
726 - /*
727 - * vmbus_open - Open the specified channel.
728 -@@ -635,8 +636,6 @@ int vmbus_sendpacket_ctl(struct vmbus_channel *channel, void *buffer,
729 - u32 packetlen_aligned = ALIGN(packetlen, sizeof(u64));
730 - struct kvec bufferlist[3];
731 - u64 aligned_data = 0;
732 -- int ret;
733 -- bool signal = false;
734 - bool lock = channel->acquire_ring_lock;
735 - int num_vecs = ((bufferlen != 0) ? 3 : 1);
736 -
737 -@@ -656,33 +655,9 @@ int vmbus_sendpacket_ctl(struct vmbus_channel *channel, void *buffer,
738 - bufferlist[2].iov_base = &aligned_data;
739 - bufferlist[2].iov_len = (packetlen_aligned - packetlen);
740 -
741 -- ret = hv_ringbuffer_write(&channel->outbound, bufferlist, num_vecs,
742 -- &signal, lock, channel->signal_policy);
743 --
744 -- /*
745 -- * Signalling the host is conditional on many factors:
746 -- * 1. The ring state changed from being empty to non-empty.
747 -- * This is tracked by the variable "signal".
748 -- * 2. The variable kick_q tracks if more data will be placed
749 -- * on the ring. We will not signal if more data is
750 -- * to be placed.
751 -- *
752 -- * Based on the channel signal state, we will decide
753 -- * which signaling policy will be applied.
754 -- *
755 -- * If we cannot write to the ring-buffer; signal the host
756 -- * even if we may not have written anything. This is a rare
757 -- * enough condition that it should not matter.
758 -- * NOTE: in this case, the hvsock channel is an exception, because
759 -- * it looks the host side's hvsock implementation has a throttling
760 -- * mechanism which can hurt the performance otherwise.
761 -- */
762 --
763 -- if (((ret == 0) && kick_q && signal) ||
764 -- (ret && !is_hvsock_channel(channel)))
765 -- vmbus_setevent(channel);
766 -+ return hv_ringbuffer_write(channel, bufferlist, num_vecs,
767 -+ lock, kick_q);
768 -
769 -- return ret;
770 - }
771 - EXPORT_SYMBOL(vmbus_sendpacket_ctl);
772 -
773 -@@ -723,7 +698,6 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel,
774 - u32 flags,
775 - bool kick_q)
776 - {
777 -- int ret;
778 - int i;
779 - struct vmbus_channel_packet_page_buffer desc;
780 - u32 descsize;
781 -@@ -731,7 +705,6 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel,
782 - u32 packetlen_aligned;
783 - struct kvec bufferlist[3];
784 - u64 aligned_data = 0;
785 -- bool signal = false;
786 - bool lock = channel->acquire_ring_lock;
787 -
788 - if (pagecount > MAX_PAGE_BUFFER_COUNT)
789 -@@ -769,29 +742,8 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel,
790 - bufferlist[2].iov_base = &aligned_data;
791 - bufferlist[2].iov_len = (packetlen_aligned - packetlen);
792 -
793 -- ret = hv_ringbuffer_write(&channel->outbound, bufferlist, 3,
794 -- &signal, lock, channel->signal_policy);
795 --
796 -- /*
797 -- * Signalling the host is conditional on many factors:
798 -- * 1. The ring state changed from being empty to non-empty.
799 -- * This is tracked by the variable "signal".
800 -- * 2. The variable kick_q tracks if more data will be placed
801 -- * on the ring. We will not signal if more data is
802 -- * to be placed.
803 -- *
804 -- * Based on the channel signal state, we will decide
805 -- * which signaling policy will be applied.
806 -- *
807 -- * If we cannot write to the ring-buffer; signal the host
808 -- * even if we may not have written anything. This is a rare
809 -- * enough condition that it should not matter.
810 -- */
811 --
812 -- if (((ret == 0) && kick_q && signal) || (ret))
813 -- vmbus_setevent(channel);
814 --
815 -- return ret;
816 -+ return hv_ringbuffer_write(channel, bufferlist, 3,
817 -+ lock, kick_q);
818 - }
819 - EXPORT_SYMBOL_GPL(vmbus_sendpacket_pagebuffer_ctl);
820 -
821 -@@ -822,12 +774,10 @@ int vmbus_sendpacket_mpb_desc(struct vmbus_channel *channel,
822 - u32 desc_size,
823 - void *buffer, u32 bufferlen, u64 requestid)
824 - {
825 -- int ret;
826 - u32 packetlen;
827 - u32 packetlen_aligned;
828 - struct kvec bufferlist[3];
829 - u64 aligned_data = 0;
830 -- bool signal = false;
831 - bool lock = channel->acquire_ring_lock;
832 -
833 - packetlen = desc_size + bufferlen;
834 -@@ -848,13 +798,8 @@ int vmbus_sendpacket_mpb_desc(struct vmbus_channel *channel,
835 - bufferlist[2].iov_base = &aligned_data;
836 - bufferlist[2].iov_len = (packetlen_aligned - packetlen);
837 -
838 -- ret = hv_ringbuffer_write(&channel->outbound, bufferlist, 3,
839 -- &signal, lock, channel->signal_policy);
840 --
841 -- if (ret == 0 && signal)
842 -- vmbus_setevent(channel);
843 --
844 -- return ret;
845 -+ return hv_ringbuffer_write(channel, bufferlist, 3,
846 -+ lock, true);
847 - }
848 - EXPORT_SYMBOL_GPL(vmbus_sendpacket_mpb_desc);
849 -
850 -@@ -866,14 +811,12 @@ int vmbus_sendpacket_multipagebuffer(struct vmbus_channel *channel,
851 - struct hv_multipage_buffer *multi_pagebuffer,
852 - void *buffer, u32 bufferlen, u64 requestid)
853 - {
854 -- int ret;
855 - struct vmbus_channel_packet_multipage_buffer desc;
856 - u32 descsize;
857 - u32 packetlen;
858 - u32 packetlen_aligned;
859 - struct kvec bufferlist[3];
860 - u64 aligned_data = 0;
861 -- bool signal = false;
862 - bool lock = channel->acquire_ring_lock;
863 - u32 pfncount = NUM_PAGES_SPANNED(multi_pagebuffer->offset,
864 - multi_pagebuffer->len);
865 -@@ -913,13 +856,8 @@ int vmbus_sendpacket_multipagebuffer(struct vmbus_channel *channel,
866 - bufferlist[2].iov_base = &aligned_data;
867 - bufferlist[2].iov_len = (packetlen_aligned - packetlen);
868 -
869 -- ret = hv_ringbuffer_write(&channel->outbound, bufferlist, 3,
870 -- &signal, lock, channel->signal_policy);
871 --
872 -- if (ret == 0 && signal)
873 -- vmbus_setevent(channel);
874 --
875 -- return ret;
876 -+ return hv_ringbuffer_write(channel, bufferlist, 3,
877 -+ lock, true);
878 - }
879 - EXPORT_SYMBOL_GPL(vmbus_sendpacket_multipagebuffer);
880 -
881 -@@ -941,16 +879,9 @@ __vmbus_recvpacket(struct vmbus_channel *channel, void *buffer,
882 - u32 bufferlen, u32 *buffer_actual_len, u64 *requestid,
883 - bool raw)
884 - {
885 -- int ret;
886 -- bool signal = false;
887 -+ return hv_ringbuffer_read(channel, buffer, bufferlen,
888 -+ buffer_actual_len, requestid, raw);
889 -
890 -- ret = hv_ringbuffer_read(&channel->inbound, buffer, bufferlen,
891 -- buffer_actual_len, requestid, &signal, raw);
892 --
893 -- if (signal)
894 -- vmbus_setevent(channel);
895 --
896 -- return ret;
897 - }
898 -
899 - int vmbus_recvpacket(struct vmbus_channel *channel, void *buffer,
900 -diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
901 -index 1bc1d479..caf3418 100644
902 ---- a/drivers/hv/channel_mgmt.c
903 -+++ b/drivers/hv/channel_mgmt.c
904 -@@ -449,8 +449,6 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel)
905 - }
906 -
907 - dev_type = hv_get_dev_type(newchannel);
908 -- if (dev_type == HV_NIC)
909 -- set_channel_signal_state(newchannel, HV_SIGNAL_POLICY_EXPLICIT);
910 -
911 - init_vp_index(newchannel, dev_type);
912 -
913 -diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
914 -index a5b4442..2b13f2a 100644
915 ---- a/drivers/hv/hyperv_vmbus.h
916 -+++ b/drivers/hv/hyperv_vmbus.h
917 -@@ -527,14 +527,14 @@ int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info,
918 -
919 - void hv_ringbuffer_cleanup(struct hv_ring_buffer_info *ring_info);
920 -
921 --int hv_ringbuffer_write(struct hv_ring_buffer_info *ring_info,
922 -+int hv_ringbuffer_write(struct vmbus_channel *channel,
923 - struct kvec *kv_list,
924 -- u32 kv_count, bool *signal, bool lock,
925 -- enum hv_signal_policy policy);
926 -+ u32 kv_count, bool lock,
927 -+ bool kick_q);
928 -
929 --int hv_ringbuffer_read(struct hv_ring_buffer_info *inring_info,
930 -+int hv_ringbuffer_read(struct vmbus_channel *channel,
931 - void *buffer, u32 buflen, u32 *buffer_actual_len,
932 -- u64 *requestid, bool *signal, bool raw);
933 -+ u64 *requestid, bool raw);
934 -
935 - void hv_ringbuffer_get_debuginfo(struct hv_ring_buffer_info *ring_info,
936 - struct hv_ring_buffer_debug_info *debug_info);
937 -diff --git a/drivers/hv/ring_buffer.c b/drivers/hv/ring_buffer.c
938 -index 08043da..308dbda 100644
939 ---- a/drivers/hv/ring_buffer.c
940 -+++ b/drivers/hv/ring_buffer.c
941 -@@ -66,21 +66,25 @@ u32 hv_end_read(struct hv_ring_buffer_info *rbi)
942 - * once the ring buffer is empty, it will clear the
943 - * interrupt_mask and re-check to see if new data has
944 - * arrived.
945 -+ *
946 -+ * KYS: Oct. 30, 2016:
947 -+ * It looks like Windows hosts have logic to deal with DOS attacks that
948 -+ * can be triggered if it receives interrupts when it is not expecting
949 -+ * the interrupt. The host expects interrupts only when the ring
950 -+ * transitions from empty to non-empty (or full to non full on the guest
951 -+ * to host ring).
952 -+ * So, base the signaling decision solely on the ring state until the
953 -+ * host logic is fixed.
954 - */
955 -
956 --static bool hv_need_to_signal(u32 old_write, struct hv_ring_buffer_info *rbi,
957 -- enum hv_signal_policy policy)
958 -+static void hv_signal_on_write(u32 old_write, struct vmbus_channel *channel,
959 -+ bool kick_q)
960 - {
961 -+ struct hv_ring_buffer_info *rbi = &channel->outbound;
962 -+
963 - virt_mb();
964 - if (READ_ONCE(rbi->ring_buffer->interrupt_mask))
965 -- return false;
966 --
967 -- /*
968 -- * When the client wants to control signaling,
969 -- * we only honour the host interrupt mask.
970 -- */
971 -- if (policy == HV_SIGNAL_POLICY_EXPLICIT)
972 -- return true;
973 -+ return;
974 -
975 - /* check interrupt_mask before read_index */
976 - virt_rmb();
977 -@@ -89,9 +93,9 @@ static bool hv_need_to_signal(u32 old_write, struct hv_ring_buffer_info *rbi,
978 - * ring transitions from being empty to non-empty.
979 - */
980 - if (old_write == READ_ONCE(rbi->ring_buffer->read_index))
981 -- return true;
982 -+ vmbus_setevent(channel);
983 -
984 -- return false;
985 -+ return;
986 - }
987 -
988 - /* Get the next write location for the specified ring buffer. */
989 -@@ -280,9 +284,9 @@ void hv_ringbuffer_cleanup(struct hv_ring_buffer_info *ring_info)
990 - }
991 -
992 - /* Write to the ring buffer. */
993 --int hv_ringbuffer_write(struct hv_ring_buffer_info *outring_info,
994 -- struct kvec *kv_list, u32 kv_count, bool *signal, bool lock,
995 -- enum hv_signal_policy policy)
996 -+int hv_ringbuffer_write(struct vmbus_channel *channel,
997 -+ struct kvec *kv_list, u32 kv_count, bool lock,
998 -+ bool kick_q)
999 - {
1000 - int i = 0;
1001 - u32 bytes_avail_towrite;
1002 -@@ -292,6 +296,7 @@ int hv_ringbuffer_write(struct hv_ring_buffer_info *outring_info,
1003 - u32 old_write;
1004 - u64 prev_indices = 0;
1005 - unsigned long flags = 0;
1006 -+ struct hv_ring_buffer_info *outring_info = &channel->outbound;
1007 -
1008 - for (i = 0; i < kv_count; i++)
1009 - totalbytes_towrite += kv_list[i].iov_len;
1010 -@@ -344,13 +349,13 @@ int hv_ringbuffer_write(struct hv_ring_buffer_info *outring_info,
1011 - if (lock)
1012 - spin_unlock_irqrestore(&outring_info->ring_lock, flags);
1013 -
1014 -- *signal = hv_need_to_signal(old_write, outring_info, policy);
1015 -+ hv_signal_on_write(old_write, channel, kick_q);
1016 - return 0;
1017 - }
1018 -
1019 --int hv_ringbuffer_read(struct hv_ring_buffer_info *inring_info,
1020 -+int hv_ringbuffer_read(struct vmbus_channel *channel,
1021 - void *buffer, u32 buflen, u32 *buffer_actual_len,
1022 -- u64 *requestid, bool *signal, bool raw)
1023 -+ u64 *requestid, bool raw)
1024 - {
1025 - u32 bytes_avail_toread;
1026 - u32 next_read_location = 0;
1027 -@@ -359,6 +364,7 @@ int hv_ringbuffer_read(struct hv_ring_buffer_info *inring_info,
1028 - u32 offset;
1029 - u32 packetlen;
1030 - int ret = 0;
1031 -+ struct hv_ring_buffer_info *inring_info = &channel->inbound;
1032 -
1033 - if (buflen <= 0)
1034 - return -EINVAL;
1035 -@@ -377,6 +383,7 @@ int hv_ringbuffer_read(struct hv_ring_buffer_info *inring_info,
1036 - return ret;
1037 - }
1038 -
1039 -+ init_cached_read_index(channel);
1040 - next_read_location = hv_get_next_read_location(inring_info);
1041 - next_read_location = hv_copyfrom_ringbuffer(inring_info, &desc,
1042 - sizeof(desc),
1043 -@@ -416,7 +423,7 @@ int hv_ringbuffer_read(struct hv_ring_buffer_info *inring_info,
1044 - /* Update the read index */
1045 - hv_set_next_read_location(inring_info, next_read_location);
1046 -
1047 -- *signal = hv_need_to_signal_on_read(inring_info);
1048 -+ hv_signal_on_read(channel);
1049 -
1050 - return ret;
1051 - }
1052 -diff --git a/drivers/infiniband/sw/rxe/rxe_mr.c b/drivers/infiniband/sw/rxe/rxe_mr.c
1053 -index 1869152..9b732c5 100644
1054 ---- a/drivers/infiniband/sw/rxe/rxe_mr.c
1055 -+++ b/drivers/infiniband/sw/rxe/rxe_mr.c
1056 -@@ -59,9 +59,11 @@ int mem_check_range(struct rxe_mem *mem, u64 iova, size_t length)
1057 -
1058 - case RXE_MEM_TYPE_MR:
1059 - case RXE_MEM_TYPE_FMR:
1060 -- return ((iova < mem->iova) ||
1061 -- ((iova + length) > (mem->iova + mem->length))) ?
1062 -- -EFAULT : 0;
1063 -+ if (iova < mem->iova ||
1064 -+ length > mem->length ||
1065 -+ iova > mem->iova + mem->length - length)
1066 -+ return -EFAULT;
1067 -+ return 0;
1068 -
1069 - default:
1070 - return -EFAULT;
1071 -diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c b/drivers/infiniband/sw/rxe/rxe_resp.c
1072 -index dd3d88a..ccf6247 100644
1073 ---- a/drivers/infiniband/sw/rxe/rxe_resp.c
1074 -+++ b/drivers/infiniband/sw/rxe/rxe_resp.c
1075 -@@ -472,7 +472,7 @@ static enum resp_states check_rkey(struct rxe_qp *qp,
1076 - goto err2;
1077 - }
1078 -
1079 -- resid = mtu;
1080 -+ qp->resp.resid = mtu;
1081 - } else {
1082 - if (pktlen != resid) {
1083 - state = RESPST_ERR_LENGTH;
1084 -diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
1085 -index 92595b9..022be0e 100644
1086 ---- a/drivers/input/misc/uinput.c
1087 -+++ b/drivers/input/misc/uinput.c
1088 -@@ -263,13 +263,21 @@ static int uinput_create_device(struct uinput_device *udev)
1089 - return -EINVAL;
1090 - }
1091 -
1092 -- if (test_bit(ABS_MT_SLOT, dev->absbit)) {
1093 -- nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1;
1094 -- error = input_mt_init_slots(dev, nslot, 0);
1095 -- if (error)
1096 -+ if (test_bit(EV_ABS, dev->evbit)) {
1097 -+ input_alloc_absinfo(dev);
1098 -+ if (!dev->absinfo) {
1099 -+ error = -EINVAL;
1100 - goto fail1;
1101 -- } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) {
1102 -- input_set_events_per_packet(dev, 60);
1103 -+ }
1104 -+
1105 -+ if (test_bit(ABS_MT_SLOT, dev->absbit)) {
1106 -+ nslot = input_abs_get_max(dev, ABS_MT_SLOT) + 1;
1107 -+ error = input_mt_init_slots(dev, nslot, 0);
1108 -+ if (error)
1109 -+ goto fail1;
1110 -+ } else if (test_bit(ABS_MT_POSITION_X, dev->absbit)) {
1111 -+ input_set_events_per_packet(dev, 60);
1112 -+ }
1113 - }
1114 -
1115 - if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) {
1116 -diff --git a/drivers/md/dm-rq.c b/drivers/md/dm-rq.c
1117 -index 31a89c8..2c96542 100644
1118 ---- a/drivers/md/dm-rq.c
1119 -+++ b/drivers/md/dm-rq.c
1120 -@@ -804,6 +804,10 @@ static void dm_old_request_fn(struct request_queue *q)
1121 - int srcu_idx;
1122 - struct dm_table *map = dm_get_live_table(md, &srcu_idx);
1123 -
1124 -+ if (unlikely(!map)) {
1125 -+ dm_put_live_table(md, srcu_idx);
1126 -+ return;
1127 -+ }
1128 - ti = dm_table_find_target(map, pos);
1129 - dm_put_live_table(md, srcu_idx);
1130 - }
1131 -diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h
1132 -index 878950a..2cf8b1d 100644
1133 ---- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h
1134 -+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h
1135 -@@ -1007,9 +1007,7 @@
1136 -
1137 - static inline void dsaf_write_reg(void __iomem *base, u32 reg, u32 value)
1138 - {
1139 -- u8 __iomem *reg_addr = ACCESS_ONCE(base);
1140 --
1141 -- writel(value, reg_addr + reg);
1142 -+ writel(value, base + reg);
1143 - }
1144 -
1145 - #define dsaf_write_dev(a, reg, value) \
1146 -@@ -1017,9 +1015,7 @@ static inline void dsaf_write_reg(void __iomem *base, u32 reg, u32 value)
1147 -
1148 - static inline u32 dsaf_read_reg(u8 __iomem *base, u32 reg)
1149 - {
1150 -- u8 __iomem *reg_addr = ACCESS_ONCE(base);
1151 --
1152 -- return readl(reg_addr + reg);
1153 -+ return readl(base + reg);
1154 - }
1155 -
1156 - static inline void dsaf_write_syscon(struct regmap *base, u32 reg, u32 value)
1157 -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c
1158 -index 27ff401..51c6a57 100644
1159 ---- a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c
1160 -+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c
1161 -@@ -991,6 +991,7 @@ static int mlx5e_set_rxfh(struct net_device *dev, const u32 *indir,
1162 - {
1163 - struct mlx5e_priv *priv = netdev_priv(dev);
1164 - int inlen = MLX5_ST_SZ_BYTES(modify_tir_in);
1165 -+ bool hash_changed = false;
1166 - void *in;
1167 -
1168 - if ((hfunc != ETH_RSS_HASH_NO_CHANGE) &&
1169 -@@ -1012,14 +1013,21 @@ static int mlx5e_set_rxfh(struct net_device *dev, const u32 *indir,
1170 - mlx5e_redirect_rqt(priv, rqtn, MLX5E_INDIR_RQT_SIZE, 0);
1171 - }
1172 -
1173 -- if (key)
1174 -+ if (hfunc != ETH_RSS_HASH_NO_CHANGE &&
1175 -+ hfunc != priv->params.rss_hfunc) {
1176 -+ priv->params.rss_hfunc = hfunc;
1177 -+ hash_changed = true;
1178 -+ }
1179 -+
1180 -+ if (key) {
1181 - memcpy(priv->params.toeplitz_hash_key, key,
1182 - sizeof(priv->params.toeplitz_hash_key));
1183 -+ hash_changed = hash_changed ||
1184 -+ priv->params.rss_hfunc == ETH_RSS_HASH_TOP;
1185 -+ }
1186 -
1187 -- if (hfunc != ETH_RSS_HASH_NO_CHANGE)
1188 -- priv->params.rss_hfunc = hfunc;
1189 --
1190 -- mlx5e_modify_tirs_hash(priv, in, inlen);
1191 -+ if (hash_changed)
1192 -+ mlx5e_modify_tirs_hash(priv, in, inlen);
1193 -
1194 - mutex_unlock(&priv->state_lock);
1195 -
1196 -diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c
1197 -index 720b5fa..c2ac39a 100644
1198 ---- a/drivers/net/hyperv/netvsc.c
1199 -+++ b/drivers/net/hyperv/netvsc.c
1200 -@@ -1288,6 +1288,9 @@ void netvsc_channel_cb(void *context)
1201 - ndev = hv_get_drvdata(device);
1202 - buffer = get_per_channel_state(channel);
1203 -
1204 -+ /* commit_rd_index() -> hv_signal_on_read() needs this. */
1205 -+ init_cached_read_index(channel);
1206 -+
1207 - do {
1208 - desc = get_next_pkt_raw(channel);
1209 - if (desc != NULL) {
1210 -@@ -1340,6 +1343,9 @@ void netvsc_channel_cb(void *context)
1211 -
1212 - bufferlen = bytes_recvd;
1213 - }
1214 -+
1215 -+ init_cached_read_index(channel);
1216 -+
1217 - } while (1);
1218 -
1219 - if (bufferlen > NETVSC_PACKET_SIZE)
1220 -diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c
1221 -index 8b6e37c..20bfb37 100644
1222 ---- a/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c
1223 -+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c
1224 -@@ -96,7 +96,7 @@ int rtl92c_init_sw_vars(struct ieee80211_hw *hw)
1225 - struct rtl_priv *rtlpriv = rtl_priv(hw);
1226 - struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
1227 - struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
1228 -- char *fw_name = "rtlwifi/rtl8192cfwU.bin";
1229 -+ char *fw_name;
1230 -
1231 - rtl8192ce_bt_reg_init(hw);
1232 -
1233 -@@ -168,8 +168,13 @@ int rtl92c_init_sw_vars(struct ieee80211_hw *hw)
1234 - }
1235 -
1236 - /* request fw */
1237 -- if (IS_81XXC_VENDOR_UMC_B_CUT(rtlhal->version))
1238 -+ if (IS_VENDOR_UMC_A_CUT(rtlhal->version) &&
1239 -+ !IS_92C_SERIAL(rtlhal->version))
1240 -+ fw_name = "rtlwifi/rtl8192cfwU.bin";
1241 -+ else if (IS_81XXC_VENDOR_UMC_B_CUT(rtlhal->version))
1242 - fw_name = "rtlwifi/rtl8192cfwU_B.bin";
1243 -+ else
1244 -+ fw_name = "rtlwifi/rtl8192cfw.bin";
1245 -
1246 - rtlpriv->max_fw_size = 0x4000;
1247 - pr_info("Using firmware %s\n", fw_name);
1248 -diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
1249 -index bf2744e..0cdcb21 100644
1250 ---- a/drivers/net/xen-netfront.c
1251 -+++ b/drivers/net/xen-netfront.c
1252 -@@ -1397,6 +1397,8 @@ static void xennet_disconnect_backend(struct netfront_info *info)
1253 - for (i = 0; i < num_queues && info->queues; ++i) {
1254 - struct netfront_queue *queue = &info->queues[i];
1255 -
1256 -+ del_timer_sync(&queue->rx_refill_timer);
1257 -+
1258 - if (queue->tx_irq && (queue->tx_irq == queue->rx_irq))
1259 - unbind_from_irqhandler(queue->tx_irq, queue);
1260 - if (queue->tx_irq && (queue->tx_irq != queue->rx_irq)) {
1261 -@@ -1751,7 +1753,6 @@ static void xennet_destroy_queues(struct netfront_info *info)
1262 -
1263 - if (netif_running(info->netdev))
1264 - napi_disable(&queue->napi);
1265 -- del_timer_sync(&queue->rx_refill_timer);
1266 - netif_napi_del(&queue->napi);
1267 - }
1268 -
1269 -diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c
1270 -index 1480734..aefca64 100644
1271 ---- a/drivers/nvdimm/namespace_devs.c
1272 -+++ b/drivers/nvdimm/namespace_devs.c
1273 -@@ -962,8 +962,8 @@ static ssize_t __size_store(struct device *dev, unsigned long long val)
1274 - struct nvdimm_drvdata *ndd;
1275 - struct nd_label_id label_id;
1276 - u32 flags = 0, remainder;
1277 -+ int rc, i, id = -1;
1278 - u8 *uuid = NULL;
1279 -- int rc, i;
1280 -
1281 - if (dev->driver || ndns->claim)
1282 - return -EBUSY;
1283 -@@ -972,11 +972,13 @@ static ssize_t __size_store(struct device *dev, unsigned long long val)
1284 - struct nd_namespace_pmem *nspm = to_nd_namespace_pmem(dev);
1285 -
1286 - uuid = nspm->uuid;
1287 -+ id = nspm->id;
1288 - } else if (is_namespace_blk(dev)) {
1289 - struct nd_namespace_blk *nsblk = to_nd_namespace_blk(dev);
1290 -
1291 - uuid = nsblk->uuid;
1292 - flags = NSLABEL_FLAG_LOCAL;
1293 -+ id = nsblk->id;
1294 - }
1295 -
1296 - /*
1297 -@@ -1039,10 +1041,11 @@ static ssize_t __size_store(struct device *dev, unsigned long long val)
1298 -
1299 - /*
1300 - * Try to delete the namespace if we deleted all of its
1301 -- * allocation, this is not the seed device for the region, and
1302 -- * it is not actively claimed by a btt instance.
1303 -+ * allocation, this is not the seed or 0th device for the
1304 -+ * region, and it is not actively claimed by a btt, pfn, or dax
1305 -+ * instance.
1306 - */
1307 -- if (val == 0 && nd_region->ns_seed != dev && !ndns->claim)
1308 -+ if (val == 0 && id != 0 && nd_region->ns_seed != dev && !ndns->claim)
1309 - nd_device_unregister(dev, ND_ASYNC);
1310 -
1311 - return rc;
1312 -diff --git a/drivers/nvdimm/pfn_devs.c b/drivers/nvdimm/pfn_devs.c
1313 -index a2ac9e6..6c033c9 100644
1314 ---- a/drivers/nvdimm/pfn_devs.c
1315 -+++ b/drivers/nvdimm/pfn_devs.c
1316 -@@ -627,15 +627,12 @@ static int nd_pfn_init(struct nd_pfn *nd_pfn)
1317 - size = resource_size(&nsio->res);
1318 - npfns = (size - start_pad - end_trunc - SZ_8K) / SZ_4K;
1319 - if (nd_pfn->mode == PFN_MODE_PMEM) {
1320 -- unsigned long memmap_size;
1321 --
1322 - /*
1323 - * vmemmap_populate_hugepages() allocates the memmap array in
1324 - * HPAGE_SIZE chunks.
1325 - */
1326 -- memmap_size = ALIGN(64 * npfns, HPAGE_SIZE);
1327 -- offset = ALIGN(start + SZ_8K + memmap_size + dax_label_reserve,
1328 -- nd_pfn->align) - start;
1329 -+ offset = ALIGN(start + SZ_8K + 64 * npfns + dax_label_reserve,
1330 -+ max(nd_pfn->align, HPAGE_SIZE)) - start;
1331 - } else if (nd_pfn->mode == PFN_MODE_RAM)
1332 - offset = ALIGN(start + SZ_8K + dax_label_reserve,
1333 - nd_pfn->align) - start;
1334 -diff --git a/drivers/s390/scsi/zfcp_fsf.c b/drivers/s390/scsi/zfcp_fsf.c
1335 -index 75f820ca..27ff38f 100644
1336 ---- a/drivers/s390/scsi/zfcp_fsf.c
1337 -+++ b/drivers/s390/scsi/zfcp_fsf.c
1338 -@@ -1583,7 +1583,7 @@ static void zfcp_fsf_open_wka_port_handler(struct zfcp_fsf_req *req)
1339 - int zfcp_fsf_open_wka_port(struct zfcp_fc_wka_port *wka_port)
1340 - {
1341 - struct zfcp_qdio *qdio = wka_port->adapter->qdio;
1342 -- struct zfcp_fsf_req *req = NULL;
1343 -+ struct zfcp_fsf_req *req;
1344 - int retval = -EIO;
1345 -
1346 - spin_lock_irq(&qdio->req_q_lock);
1347 -@@ -1612,7 +1612,7 @@ int zfcp_fsf_open_wka_port(struct zfcp_fc_wka_port *wka_port)
1348 - zfcp_fsf_req_free(req);
1349 - out:
1350 - spin_unlock_irq(&qdio->req_q_lock);
1351 -- if (req && !IS_ERR(req))
1352 -+ if (!retval)
1353 - zfcp_dbf_rec_run_wka("fsowp_1", wka_port, req->req_id);
1354 - return retval;
1355 - }
1356 -@@ -1638,7 +1638,7 @@ static void zfcp_fsf_close_wka_port_handler(struct zfcp_fsf_req *req)
1357 - int zfcp_fsf_close_wka_port(struct zfcp_fc_wka_port *wka_port)
1358 - {
1359 - struct zfcp_qdio *qdio = wka_port->adapter->qdio;
1360 -- struct zfcp_fsf_req *req = NULL;
1361 -+ struct zfcp_fsf_req *req;
1362 - int retval = -EIO;
1363 -
1364 - spin_lock_irq(&qdio->req_q_lock);
1365 -@@ -1667,7 +1667,7 @@ int zfcp_fsf_close_wka_port(struct zfcp_fc_wka_port *wka_port)
1366 - zfcp_fsf_req_free(req);
1367 - out:
1368 - spin_unlock_irq(&qdio->req_q_lock);
1369 -- if (req && !IS_ERR(req))
1370 -+ if (!retval)
1371 - zfcp_dbf_rec_run_wka("fscwp_1", wka_port, req->req_id);
1372 - return retval;
1373 - }
1374 -diff --git a/drivers/scsi/aacraid/comminit.c b/drivers/scsi/aacraid/comminit.c
1375 -index 341ea32..792d3e7 100644
1376 ---- a/drivers/scsi/aacraid/comminit.c
1377 -+++ b/drivers/scsi/aacraid/comminit.c
1378 -@@ -50,9 +50,13 @@ struct aac_common aac_config = {
1379 -
1380 - static inline int aac_is_msix_mode(struct aac_dev *dev)
1381 - {
1382 -- u32 status;
1383 -+ u32 status = 0;
1384 -
1385 -- status = src_readl(dev, MUnit.OMR);
1386 -+ if (dev->pdev->device == PMC_DEVICE_S6 ||
1387 -+ dev->pdev->device == PMC_DEVICE_S7 ||
1388 -+ dev->pdev->device == PMC_DEVICE_S8) {
1389 -+ status = src_readl(dev, MUnit.OMR);
1390 -+ }
1391 - return (status & AAC_INT_MODE_MSIX);
1392 - }
1393 -
1394 -diff --git a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
1395 -index e3b911c..91dfd58 100644
1396 ---- a/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
1397 -+++ b/drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c
1398 -@@ -3929,6 +3929,7 @@ static struct configfs_attribute *ibmvscsis_tpg_attrs[] = {
1399 - static const struct target_core_fabric_ops ibmvscsis_ops = {
1400 - .module = THIS_MODULE,
1401 - .name = "ibmvscsis",
1402 -+ .max_data_sg_nents = MAX_TXU / PAGE_SIZE,
1403 - .get_fabric_name = ibmvscsis_get_fabric_name,
1404 - .tpg_get_wwn = ibmvscsis_get_fabric_wwn,
1405 - .tpg_get_tag = ibmvscsis_get_tag,
1406 -diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
1407 -index f84a608..8a7941b 100644
1408 ---- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
1409 -+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
1410 -@@ -51,6 +51,7 @@
1411 - #include <linux/workqueue.h>
1412 - #include <linux/delay.h>
1413 - #include <linux/pci.h>
1414 -+#include <linux/pci-aspm.h>
1415 - #include <linux/interrupt.h>
1416 - #include <linux/aer.h>
1417 - #include <linux/raid_class.h>
1418 -@@ -8706,6 +8707,8 @@ _scsih_probe(struct pci_dev *pdev, const struct pci_device_id *id)
1419 -
1420 - switch (hba_mpi_version) {
1421 - case MPI2_VERSION:
1422 -+ pci_disable_link_state(pdev, PCIE_LINK_STATE_L0S |
1423 -+ PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM);
1424 - /* Use mpt2sas driver host template for SAS 2.0 HBA's */
1425 - shost = scsi_host_alloc(&mpt2sas_driver_template,
1426 - sizeof(struct MPT3SAS_ADAPTER));
1427 -diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
1428 -index 078d797..bea819e 100644
1429 ---- a/drivers/scsi/qla2xxx/qla_os.c
1430 -+++ b/drivers/scsi/qla2xxx/qla_os.c
1431 -@@ -1459,7 +1459,7 @@ qla2x00_abort_all_cmds(scsi_qla_host_t *vha, int res)
1432 - /* Don't abort commands in adapter during EEH
1433 - * recovery as it's not accessible/responding.
1434 - */
1435 -- if (!ha->flags.eeh_busy) {
1436 -+ if (GET_CMD_SP(sp) && !ha->flags.eeh_busy) {
1437 - /* Get a reference to the sp and drop the lock.
1438 - * The reference ensures this sp->done() call
1439 - * - and not the call in qla2xxx_eh_abort() -
1440 -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
1441 -index 6b42348..ea9617c 100644
1442 ---- a/drivers/target/target_core_device.c
1443 -+++ b/drivers/target/target_core_device.c
1444 -@@ -351,7 +351,15 @@ int core_enable_device_list_for_node(
1445 - kfree(new);
1446 - return -EINVAL;
1447 - }
1448 -- BUG_ON(orig->se_lun_acl != NULL);
1449 -+ if (orig->se_lun_acl != NULL) {
1450 -+ pr_warn_ratelimited("Detected existing explicit"
1451 -+ " se_lun_acl->se_lun_group reference for %s"
1452 -+ " mapped_lun: %llu, failing\n",
1453 -+ nacl->initiatorname, mapped_lun);
1454 -+ mutex_unlock(&nacl->lun_entry_mutex);
1455 -+ kfree(new);
1456 -+ return -EINVAL;
1457 -+ }
1458 -
1459 - rcu_assign_pointer(new->se_lun, lun);
1460 - rcu_assign_pointer(new->se_lun_acl, lun_acl);
1461 -diff --git a/drivers/target/target_core_sbc.c b/drivers/target/target_core_sbc.c
1462 -index 04f616b..aabd660 100644
1463 ---- a/drivers/target/target_core_sbc.c
1464 -+++ b/drivers/target/target_core_sbc.c
1465 -@@ -450,6 +450,7 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
1466 - int *post_ret)
1467 - {
1468 - struct se_device *dev = cmd->se_dev;
1469 -+ sense_reason_t ret = TCM_NO_SENSE;
1470 -
1471 - /*
1472 - * Only set SCF_COMPARE_AND_WRITE_POST to force a response fall-through
1473 -@@ -457,9 +458,12 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
1474 - * sent to the backend driver.
1475 - */
1476 - spin_lock_irq(&cmd->t_state_lock);
1477 -- if ((cmd->transport_state & CMD_T_SENT) && !cmd->scsi_status) {
1478 -+ if (cmd->transport_state & CMD_T_SENT) {
1479 - cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST;
1480 - *post_ret = 1;
1481 -+
1482 -+ if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
1483 -+ ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1484 - }
1485 - spin_unlock_irq(&cmd->t_state_lock);
1486 -
1487 -@@ -469,7 +473,7 @@ static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
1488 - */
1489 - up(&dev->caw_sem);
1490 -
1491 -- return TCM_NO_SENSE;
1492 -+ return ret;
1493 - }
1494 -
1495 - static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
1496 -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
1497 -index 7dfefd6..767d1eb6 100644
1498 ---- a/drivers/target/target_core_transport.c
1499 -+++ b/drivers/target/target_core_transport.c
1500 -@@ -457,8 +457,20 @@ static void target_complete_nacl(struct kref *kref)
1501 - {
1502 - struct se_node_acl *nacl = container_of(kref,
1503 - struct se_node_acl, acl_kref);
1504 -+ struct se_portal_group *se_tpg = nacl->se_tpg;
1505 -
1506 -- complete(&nacl->acl_free_comp);
1507 -+ if (!nacl->dynamic_stop) {
1508 -+ complete(&nacl->acl_free_comp);
1509 -+ return;
1510 -+ }
1511 -+
1512 -+ mutex_lock(&se_tpg->acl_node_mutex);
1513 -+ list_del(&nacl->acl_list);
1514 -+ mutex_unlock(&se_tpg->acl_node_mutex);
1515 -+
1516 -+ core_tpg_wait_for_nacl_pr_ref(nacl);
1517 -+ core_free_device_list_for_node(nacl, se_tpg);
1518 -+ kfree(nacl);
1519 - }
1520 -
1521 - void target_put_nacl(struct se_node_acl *nacl)
1522 -@@ -499,12 +511,39 @@ EXPORT_SYMBOL(transport_deregister_session_configfs);
1523 - void transport_free_session(struct se_session *se_sess)
1524 - {
1525 - struct se_node_acl *se_nacl = se_sess->se_node_acl;
1526 -+
1527 - /*
1528 - * Drop the se_node_acl->nacl_kref obtained from within
1529 - * core_tpg_get_initiator_node_acl().
1530 - */
1531 - if (se_nacl) {
1532 -+ struct se_portal_group *se_tpg = se_nacl->se_tpg;
1533 -+ const struct target_core_fabric_ops *se_tfo = se_tpg->se_tpg_tfo;
1534 -+ unsigned long flags;
1535 -+
1536 - se_sess->se_node_acl = NULL;
1537 -+
1538 -+ /*
1539 -+ * Also determine if we need to drop the extra ->cmd_kref if
1540 -+ * it had been previously dynamically generated, and
1541 -+ * the endpoint is not caching dynamic ACLs.
1542 -+ */
1543 -+ mutex_lock(&se_tpg->acl_node_mutex);
1544 -+ if (se_nacl->dynamic_node_acl &&
1545 -+ !se_tfo->tpg_check_demo_mode_cache(se_tpg)) {
1546 -+ spin_lock_irqsave(&se_nacl->nacl_sess_lock, flags);
1547 -+ if (list_empty(&se_nacl->acl_sess_list))
1548 -+ se_nacl->dynamic_stop = true;
1549 -+ spin_unlock_irqrestore(&se_nacl->nacl_sess_lock, flags);
1550 -+
1551 -+ if (se_nacl->dynamic_stop)
1552 -+ list_del(&se_nacl->acl_list);
1553 -+ }
1554 -+ mutex_unlock(&se_tpg->acl_node_mutex);
1555 -+
1556 -+ if (se_nacl->dynamic_stop)
1557 -+ target_put_nacl(se_nacl);
1558 -+
1559 - target_put_nacl(se_nacl);
1560 - }
1561 - if (se_sess->sess_cmd_map) {
1562 -@@ -518,16 +557,12 @@ EXPORT_SYMBOL(transport_free_session);
1563 - void transport_deregister_session(struct se_session *se_sess)
1564 - {
1565 - struct se_portal_group *se_tpg = se_sess->se_tpg;
1566 -- const struct target_core_fabric_ops *se_tfo;
1567 -- struct se_node_acl *se_nacl;
1568 - unsigned long flags;
1569 -- bool drop_nacl = false;
1570 -
1571 - if (!se_tpg) {
1572 - transport_free_session(se_sess);
1573 - return;
1574 - }
1575 -- se_tfo = se_tpg->se_tpg_tfo;
1576 -
1577 - spin_lock_irqsave(&se_tpg->session_lock, flags);
1578 - list_del(&se_sess->sess_list);
1579 -@@ -535,33 +570,15 @@ void transport_deregister_session(struct se_session *se_sess)
1580 - se_sess->fabric_sess_ptr = NULL;
1581 - spin_unlock_irqrestore(&se_tpg->session_lock, flags);
1582 -
1583 -- /*
1584 -- * Determine if we need to do extra work for this initiator node's
1585 -- * struct se_node_acl if it had been previously dynamically generated.
1586 -- */
1587 -- se_nacl = se_sess->se_node_acl;
1588 --
1589 -- mutex_lock(&se_tpg->acl_node_mutex);
1590 -- if (se_nacl && se_nacl->dynamic_node_acl) {
1591 -- if (!se_tfo->tpg_check_demo_mode_cache(se_tpg)) {
1592 -- list_del(&se_nacl->acl_list);
1593 -- drop_nacl = true;
1594 -- }
1595 -- }
1596 -- mutex_unlock(&se_tpg->acl_node_mutex);
1597 --
1598 -- if (drop_nacl) {
1599 -- core_tpg_wait_for_nacl_pr_ref(se_nacl);
1600 -- core_free_device_list_for_node(se_nacl, se_tpg);
1601 -- se_sess->se_node_acl = NULL;
1602 -- kfree(se_nacl);
1603 -- }
1604 - pr_debug("TARGET_CORE[%s]: Deregistered fabric_sess\n",
1605 - se_tpg->se_tpg_tfo->get_fabric_name());
1606 - /*
1607 - * If last kref is dropping now for an explicit NodeACL, awake sleeping
1608 - * ->acl_free_comp caller to wakeup configfs se_node_acl->acl_group
1609 - * removal context from within transport_free_session() code.
1610 -+ *
1611 -+ * For dynamic ACL, target_put_nacl() uses target_complete_nacl()
1612 -+ * to release all remaining generate_node_acl=1 created ACL resources.
1613 - */
1614 -
1615 - transport_free_session(se_sess);
1616 -@@ -3086,7 +3103,6 @@ static void target_tmr_work(struct work_struct *work)
1617 - spin_unlock_irqrestore(&cmd->t_state_lock, flags);
1618 - goto check_stop;
1619 - }
1620 -- cmd->t_state = TRANSPORT_ISTATE_PROCESSING;
1621 - spin_unlock_irqrestore(&cmd->t_state_lock, flags);
1622 -
1623 - cmd->se_tfo->queue_tm_rsp(cmd);
1624 -@@ -3099,11 +3115,25 @@ int transport_generic_handle_tmr(
1625 - struct se_cmd *cmd)
1626 - {
1627 - unsigned long flags;
1628 -+ bool aborted = false;
1629 -
1630 - spin_lock_irqsave(&cmd->t_state_lock, flags);
1631 -- cmd->transport_state |= CMD_T_ACTIVE;
1632 -+ if (cmd->transport_state & CMD_T_ABORTED) {
1633 -+ aborted = true;
1634 -+ } else {
1635 -+ cmd->t_state = TRANSPORT_ISTATE_PROCESSING;
1636 -+ cmd->transport_state |= CMD_T_ACTIVE;
1637 -+ }
1638 - spin_unlock_irqrestore(&cmd->t_state_lock, flags);
1639 -
1640 -+ if (aborted) {
1641 -+ pr_warn_ratelimited("handle_tmr caught CMD_T_ABORTED TMR %d"
1642 -+ "ref_tag: %llu tag: %llu\n", cmd->se_tmr_req->function,
1643 -+ cmd->se_tmr_req->ref_task_tag, cmd->tag);
1644 -+ transport_cmd_check_stop_to_fabric(cmd);
1645 -+ return 0;
1646 -+ }
1647 -+
1648 - INIT_WORK(&cmd->work, target_tmr_work);
1649 - queue_work(cmd->se_dev->tmr_wq, &cmd->work);
1650 - return 0;
1651 -diff --git a/drivers/target/target_core_xcopy.c b/drivers/target/target_core_xcopy.c
1652 -index 094a144..18848ba 100644
1653 ---- a/drivers/target/target_core_xcopy.c
1654 -+++ b/drivers/target/target_core_xcopy.c
1655 -@@ -836,7 +836,7 @@ static void target_xcopy_do_work(struct work_struct *work)
1656 - " CHECK_CONDITION -> sending response\n", rc);
1657 - ec_cmd->scsi_status = SAM_STAT_CHECK_CONDITION;
1658 - }
1659 -- target_complete_cmd(ec_cmd, SAM_STAT_CHECK_CONDITION);
1660 -+ target_complete_cmd(ec_cmd, ec_cmd->scsi_status);
1661 - }
1662 -
1663 - sense_reason_t target_do_xcopy(struct se_cmd *se_cmd)
1664 -diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
1665 -index 7acbd2c..1782804 100644
1666 ---- a/fs/btrfs/ioctl.c
1667 -+++ b/fs/btrfs/ioctl.c
1668 -@@ -5648,6 +5648,10 @@ long btrfs_ioctl(struct file *file, unsigned int
1669 - #ifdef CONFIG_COMPAT
1670 - long btrfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1671 - {
1672 -+ /*
1673 -+ * These all access 32-bit values anyway so no further
1674 -+ * handling is necessary.
1675 -+ */
1676 - switch (cmd) {
1677 - case FS_IOC32_GETFLAGS:
1678 - cmd = FS_IOC_GETFLAGS;
1679 -@@ -5658,8 +5662,6 @@ long btrfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1680 - case FS_IOC32_GETVERSION:
1681 - cmd = FS_IOC_GETVERSION;
1682 - break;
1683 -- default:
1684 -- return -ENOIOCTLCMD;
1685 - }
1686 -
1687 - return btrfs_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1688 -diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
1689 -index da7fbf1..fa3b155 100644
1690 ---- a/include/linux/cpumask.h
1691 -+++ b/include/linux/cpumask.h
1692 -@@ -560,7 +560,7 @@ static inline void cpumask_copy(struct cpumask *dstp,
1693 - static inline int cpumask_parse_user(const char __user *buf, int len,
1694 - struct cpumask *dstp)
1695 - {
1696 -- return bitmap_parse_user(buf, len, cpumask_bits(dstp), nr_cpu_ids);
1697 -+ return bitmap_parse_user(buf, len, cpumask_bits(dstp), nr_cpumask_bits);
1698 - }
1699 -
1700 - /**
1701 -@@ -575,7 +575,7 @@ static inline int cpumask_parselist_user(const char __user *buf, int len,
1702 - struct cpumask *dstp)
1703 - {
1704 - return bitmap_parselist_user(buf, len, cpumask_bits(dstp),
1705 -- nr_cpu_ids);
1706 -+ nr_cpumask_bits);
1707 - }
1708 -
1709 - /**
1710 -@@ -590,7 +590,7 @@ static inline int cpumask_parse(const char *buf, struct cpumask *dstp)
1711 - char *nl = strchr(buf, '\n');
1712 - unsigned int len = nl ? (unsigned int)(nl - buf) : strlen(buf);
1713 -
1714 -- return bitmap_parse(buf, len, cpumask_bits(dstp), nr_cpu_ids);
1715 -+ return bitmap_parse(buf, len, cpumask_bits(dstp), nr_cpumask_bits);
1716 - }
1717 -
1718 - /**
1719 -@@ -602,7 +602,7 @@ static inline int cpumask_parse(const char *buf, struct cpumask *dstp)
1720 - */
1721 - static inline int cpulist_parse(const char *buf, struct cpumask *dstp)
1722 - {
1723 -- return bitmap_parselist(buf, cpumask_bits(dstp), nr_cpu_ids);
1724 -+ return bitmap_parselist(buf, cpumask_bits(dstp), nr_cpumask_bits);
1725 - }
1726 -
1727 - /**
1728 -diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h
1729 -index cd184bd..c92a083 100644
1730 ---- a/include/linux/hyperv.h
1731 -+++ b/include/linux/hyperv.h
1732 -@@ -128,6 +128,7 @@ struct hv_ring_buffer_info {
1733 - u32 ring_data_startoffset;
1734 - u32 priv_write_index;
1735 - u32 priv_read_index;
1736 -+ u32 cached_read_index;
1737 - };
1738 -
1739 - /*
1740 -@@ -180,6 +181,19 @@ static inline u32 hv_get_bytes_to_write(struct hv_ring_buffer_info *rbi)
1741 - return write;
1742 - }
1743 -
1744 -+static inline u32 hv_get_cached_bytes_to_write(
1745 -+ const struct hv_ring_buffer_info *rbi)
1746 -+{
1747 -+ u32 read_loc, write_loc, dsize, write;
1748 -+
1749 -+ dsize = rbi->ring_datasize;
1750 -+ read_loc = rbi->cached_read_index;
1751 -+ write_loc = rbi->ring_buffer->write_index;
1752 -+
1753 -+ write = write_loc >= read_loc ? dsize - (write_loc - read_loc) :
1754 -+ read_loc - write_loc;
1755 -+ return write;
1756 -+}
1757 - /*
1758 - * VMBUS version is 32 bit entity broken up into
1759 - * two 16 bit quantities: major_number. minor_number.
1760 -@@ -1447,6 +1461,7 @@ void hv_event_tasklet_enable(struct vmbus_channel *channel);
1761 -
1762 - void hv_process_channel_removal(struct vmbus_channel *channel, u32 relid);
1763 -
1764 -+void vmbus_setevent(struct vmbus_channel *channel);
1765 - /*
1766 - * Negotiated version with the Host.
1767 - */
1768 -@@ -1479,10 +1494,11 @@ hv_get_ring_buffer(struct hv_ring_buffer_info *ring_info)
1769 - * there is room for the producer to send the pending packet.
1770 - */
1771 -
1772 --static inline bool hv_need_to_signal_on_read(struct hv_ring_buffer_info *rbi)
1773 -+static inline void hv_signal_on_read(struct vmbus_channel *channel)
1774 - {
1775 -- u32 cur_write_sz;
1776 -+ u32 cur_write_sz, cached_write_sz;
1777 - u32 pending_sz;
1778 -+ struct hv_ring_buffer_info *rbi = &channel->inbound;
1779 -
1780 - /*
1781 - * Issue a full memory barrier before making the signaling decision.
1782 -@@ -1500,14 +1516,26 @@ static inline bool hv_need_to_signal_on_read(struct hv_ring_buffer_info *rbi)
1783 - pending_sz = READ_ONCE(rbi->ring_buffer->pending_send_sz);
1784 - /* If the other end is not blocked on write don't bother. */
1785 - if (pending_sz == 0)
1786 -- return false;
1787 -+ return;
1788 -
1789 - cur_write_sz = hv_get_bytes_to_write(rbi);
1790 -
1791 -- if (cur_write_sz >= pending_sz)
1792 -- return true;
1793 -+ if (cur_write_sz < pending_sz)
1794 -+ return;
1795 -+
1796 -+ cached_write_sz = hv_get_cached_bytes_to_write(rbi);
1797 -+ if (cached_write_sz < pending_sz)
1798 -+ vmbus_setevent(channel);
1799 -+
1800 -+ return;
1801 -+}
1802 -+
1803 -+static inline void
1804 -+init_cached_read_index(struct vmbus_channel *channel)
1805 -+{
1806 -+ struct hv_ring_buffer_info *rbi = &channel->inbound;
1807 -
1808 -- return false;
1809 -+ rbi->cached_read_index = rbi->ring_buffer->read_index;
1810 - }
1811 -
1812 - /*
1813 -@@ -1571,6 +1599,8 @@ static inline void put_pkt_raw(struct vmbus_channel *channel,
1814 - * This call commits the read index and potentially signals the host.
1815 - * Here is the pattern for using the "in-place" consumption APIs:
1816 - *
1817 -+ * init_cached_read_index();
1818 -+ *
1819 - * while (get_next_pkt_raw() {
1820 - * process the packet "in-place";
1821 - * put_pkt_raw();
1822 -@@ -1589,8 +1619,7 @@ static inline void commit_rd_index(struct vmbus_channel *channel)
1823 - virt_rmb();
1824 - ring_info->ring_buffer->read_index = ring_info->priv_read_index;
1825 -
1826 -- if (hv_need_to_signal_on_read(ring_info))
1827 -- vmbus_set_event(channel);
1828 -+ hv_signal_on_read(channel);
1829 - }
1830 -
1831 -
1832 -diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
1833 -index c211900..48bc1ac 100644
1834 ---- a/include/target/target_core_base.h
1835 -+++ b/include/target/target_core_base.h
1836 -@@ -538,6 +538,7 @@ struct se_node_acl {
1837 - char initiatorname[TRANSPORT_IQN_LEN];
1838 - /* Used to signal demo mode created ACL, disabled by default */
1839 - bool dynamic_node_acl;
1840 -+ bool dynamic_stop;
1841 - u32 queue_depth;
1842 - u32 acl_index;
1843 - enum target_prot_type saved_prot_type;
1844 -diff --git a/kernel/events/core.c b/kernel/events/core.c
1845 -index b1cfd74..4b33231 100644
1846 ---- a/kernel/events/core.c
1847 -+++ b/kernel/events/core.c
1848 -@@ -3461,14 +3461,15 @@ struct perf_read_data {
1849 - int ret;
1850 - };
1851 -
1852 --static int find_cpu_to_read(struct perf_event *event, int local_cpu)
1853 -+static int __perf_event_read_cpu(struct perf_event *event, int event_cpu)
1854 - {
1855 -- int event_cpu = event->oncpu;
1856 - u16 local_pkg, event_pkg;
1857 -
1858 - if (event->group_caps & PERF_EV_CAP_READ_ACTIVE_PKG) {
1859 -- event_pkg = topology_physical_package_id(event_cpu);
1860 -- local_pkg = topology_physical_package_id(local_cpu);
1861 -+ int local_cpu = smp_processor_id();
1862 -+
1863 -+ event_pkg = topology_physical_package_id(event_cpu);
1864 -+ local_pkg = topology_physical_package_id(local_cpu);
1865 -
1866 - if (event_pkg == local_pkg)
1867 - return local_cpu;
1868 -@@ -3598,7 +3599,7 @@ u64 perf_event_read_local(struct perf_event *event)
1869 -
1870 - static int perf_event_read(struct perf_event *event, bool group)
1871 - {
1872 -- int ret = 0, cpu_to_read, local_cpu;
1873 -+ int event_cpu, ret = 0;
1874 -
1875 - /*
1876 - * If event is enabled and currently active on a CPU, update the
1877 -@@ -3611,21 +3612,25 @@ static int perf_event_read(struct perf_event *event, bool group)
1878 - .ret = 0,
1879 - };
1880 -
1881 -- local_cpu = get_cpu();
1882 -- cpu_to_read = find_cpu_to_read(event, local_cpu);
1883 -- put_cpu();
1884 -+ event_cpu = READ_ONCE(event->oncpu);
1885 -+ if ((unsigned)event_cpu >= nr_cpu_ids)
1886 -+ return 0;
1887 -+
1888 -+ preempt_disable();
1889 -+ event_cpu = __perf_event_read_cpu(event, event_cpu);
1890 -
1891 - /*
1892 - * Purposely ignore the smp_call_function_single() return
1893 - * value.
1894 - *
1895 -- * If event->oncpu isn't a valid CPU it means the event got
1896 -+ * If event_cpu isn't a valid CPU it means the event got
1897 - * scheduled out and that will have updated the event count.
1898 - *
1899 - * Therefore, either way, we'll have an up-to-date event count
1900 - * after this.
1901 - */
1902 -- (void)smp_call_function_single(cpu_to_read, __perf_event_read, &data, 1);
1903 -+ (void)smp_call_function_single(event_cpu, __perf_event_read, &data, 1);
1904 -+ preempt_enable();
1905 - ret = data.ret;
1906 - } else if (event->state == PERF_EVENT_STATE_INACTIVE) {
1907 - struct perf_event_context *ctx = event->ctx;
1908 -diff --git a/kernel/stacktrace.c b/kernel/stacktrace.c
1909 -index b6e4c16..9c15a91 100644
1910 ---- a/kernel/stacktrace.c
1911 -+++ b/kernel/stacktrace.c
1912 -@@ -18,10 +18,8 @@ void print_stack_trace(struct stack_trace *trace, int spaces)
1913 - if (WARN_ON(!trace->entries))
1914 - return;
1915 -
1916 -- for (i = 0; i < trace->nr_entries; i++) {
1917 -- printk("%*c", 1 + spaces, ' ');
1918 -- print_ip_sym(trace->entries[i]);
1919 -- }
1920 -+ for (i = 0; i < trace->nr_entries; i++)
1921 -+ printk("%*c%pS\n", 1 + spaces, ' ', (void *)trace->entries[i]);
1922 - }
1923 - EXPORT_SYMBOL_GPL(print_stack_trace);
1924 -
1925 -@@ -29,7 +27,6 @@ int snprint_stack_trace(char *buf, size_t size,
1926 - struct stack_trace *trace, int spaces)
1927 - {
1928 - int i;
1929 -- unsigned long ip;
1930 - int generated;
1931 - int total = 0;
1932 -
1933 -@@ -37,9 +34,8 @@ int snprint_stack_trace(char *buf, size_t size,
1934 - return 0;
1935 -
1936 - for (i = 0; i < trace->nr_entries; i++) {
1937 -- ip = trace->entries[i];
1938 -- generated = snprintf(buf, size, "%*c[<%p>] %pS\n",
1939 -- 1 + spaces, ' ', (void *) ip, (void *) ip);
1940 -+ generated = snprintf(buf, size, "%*c%pS\n", 1 + spaces, ' ',
1941 -+ (void *)trace->entries[i]);
1942 -
1943 - total += generated;
1944 -
1945 -diff --git a/mm/slub.c b/mm/slub.c
1946 -index 2b3e740..7aa0e97 100644
1947 ---- a/mm/slub.c
1948 -+++ b/mm/slub.c
1949 -@@ -1419,6 +1419,10 @@ static int init_cache_random_seq(struct kmem_cache *s)
1950 - int err;
1951 - unsigned long i, count = oo_objects(s->oo);
1952 -
1953 -+ /* Bailout if already initialised */
1954 -+ if (s->random_seq)
1955 -+ return 0;
1956 -+
1957 - err = cache_random_seq_create(s, count, GFP_KERNEL);
1958 - if (err) {
1959 - pr_err("SLUB: Unable to initialize free list for %s\n",
1960 -diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
1961 -index 42120d9..50e1b7f 100644
1962 ---- a/net/mac80211/mesh.c
1963 -+++ b/net/mac80211/mesh.c
1964 -@@ -339,7 +339,7 @@ int mesh_add_vendor_ies(struct ieee80211_sub_if_data *sdata,
1965 - /* fast-forward to vendor IEs */
1966 - offset = ieee80211_ie_split_vendor(ifmsh->ie, ifmsh->ie_len, 0);
1967 -
1968 -- if (offset) {
1969 -+ if (offset < ifmsh->ie_len) {
1970 - len = ifmsh->ie_len - offset;
1971 - data = ifmsh->ie + offset;
1972 - if (skb_tailroom(skb) < len)
1973 -diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
1974 -index 1b3c18c..cd7a419 100644
1975 ---- a/net/wireless/nl80211.c
1976 -+++ b/net/wireless/nl80211.c
1977 -@@ -5874,6 +5874,7 @@ do { \
1978 - break;
1979 - }
1980 - cfg->ht_opmode = ht_opmode;
1981 -+ mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
1982 - }
1983 - FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
1984 - 1, 65535, mask,
1985 -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
1986 -index 09fd610..c2da45a 100644
1987 ---- a/security/selinux/hooks.c
1988 -+++ b/security/selinux/hooks.c
1989 -@@ -5858,7 +5858,7 @@ static int selinux_setprocattr(struct task_struct *p,
1990 - return error;
1991 -
1992 - /* Obtain a SID for the context, if one was specified. */
1993 -- if (size && str[1] && str[1] != '\n') {
1994 -+ if (size && str[0] && str[0] != '\n') {
1995 - if (str[size-1] == '\n') {
1996 - str[size-1] = 0;
1997 - size--;
1998 -diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c
1999 -index c850345..dfa5156 100644
2000 ---- a/sound/core/seq/seq_memory.c
2001 -+++ b/sound/core/seq/seq_memory.c
2002 -@@ -419,7 +419,6 @@ int snd_seq_pool_done(struct snd_seq_pool *pool)
2003 - {
2004 - unsigned long flags;
2005 - struct snd_seq_event_cell *ptr;
2006 -- int max_count = 5 * HZ;
2007 -
2008 - if (snd_BUG_ON(!pool))
2009 - return -EINVAL;
2010 -@@ -432,14 +431,8 @@ int snd_seq_pool_done(struct snd_seq_pool *pool)
2011 - if (waitqueue_active(&pool->output_sleep))
2012 - wake_up(&pool->output_sleep);
2013 -
2014 -- while (atomic_read(&pool->counter) > 0) {
2015 -- if (max_count == 0) {
2016 -- pr_warn("ALSA: snd_seq_pool_done timeout: %d cells remain\n", atomic_read(&pool->counter));
2017 -- break;
2018 -- }
2019 -+ while (atomic_read(&pool->counter) > 0)
2020 - schedule_timeout_uninterruptible(1);
2021 -- max_count--;
2022 -- }
2023 -
2024 - /* release all resources */
2025 - spin_lock_irqsave(&pool->lock, flags);
2026 -diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c
2027 -index 0bec02e..450c518 100644
2028 ---- a/sound/core/seq/seq_queue.c
2029 -+++ b/sound/core/seq/seq_queue.c
2030 -@@ -181,6 +181,8 @@ void __exit snd_seq_queues_delete(void)
2031 - }
2032 - }
2033 -
2034 -+static void queue_use(struct snd_seq_queue *queue, int client, int use);
2035 -+
2036 - /* allocate a new queue -
2037 - * return queue index value or negative value for error
2038 - */
2039 -@@ -192,11 +194,11 @@ int snd_seq_queue_alloc(int client, int locked, unsigned int info_flags)
2040 - if (q == NULL)
2041 - return -ENOMEM;
2042 - q->info_flags = info_flags;
2043 -+ queue_use(q, client, 1);
2044 - if (queue_list_add(q) < 0) {
2045 - queue_delete(q);
2046 - return -ENOMEM;
2047 - }
2048 -- snd_seq_queue_use(q->queue, client, 1); /* use this queue */
2049 - return q->queue;
2050 - }
2051 -
2052 -@@ -502,19 +504,9 @@ int snd_seq_queue_timer_set_tempo(int queueid, int client,
2053 - return result;
2054 - }
2055 -
2056 --
2057 --/* use or unuse this queue -
2058 -- * if it is the first client, starts the timer.
2059 -- * if it is not longer used by any clients, stop the timer.
2060 -- */
2061 --int snd_seq_queue_use(int queueid, int client, int use)
2062 -+/* use or unuse this queue */
2063 -+static void queue_use(struct snd_seq_queue *queue, int client, int use)
2064 - {
2065 -- struct snd_seq_queue *queue;
2066 --
2067 -- queue = queueptr(queueid);
2068 -- if (queue == NULL)
2069 -- return -EINVAL;
2070 -- mutex_lock(&queue->timer_mutex);
2071 - if (use) {
2072 - if (!test_and_set_bit(client, queue->clients_bitmap))
2073 - queue->clients++;
2074 -@@ -529,6 +521,21 @@ int snd_seq_queue_use(int queueid, int client, int use)
2075 - } else {
2076 - snd_seq_timer_close(queue);
2077 - }
2078 -+}
2079 -+
2080 -+/* use or unuse this queue -
2081 -+ * if it is the first client, starts the timer.
2082 -+ * if it is not longer used by any clients, stop the timer.
2083 -+ */
2084 -+int snd_seq_queue_use(int queueid, int client, int use)
2085 -+{
2086 -+ struct snd_seq_queue *queue;
2087 -+
2088 -+ queue = queueptr(queueid);
2089 -+ if (queue == NULL)
2090 -+ return -EINVAL;
2091 -+ mutex_lock(&queue->timer_mutex);
2092 -+ queue_use(queue, client, use);
2093 - mutex_unlock(&queue->timer_mutex);
2094 - queuefree(queue);
2095 - return 0;
2096 -diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
2097 -index 56e5204..4bf4833 100644
2098 ---- a/sound/pci/hda/patch_hdmi.c
2099 -+++ b/sound/pci/hda/patch_hdmi.c
2100 -@@ -3638,6 +3638,7 @@ HDA_CODEC_ENTRY(0x10de0070, "GPU 70 HDMI/DP", patch_nvhdmi),
2101 - HDA_CODEC_ENTRY(0x10de0071, "GPU 71 HDMI/DP", patch_nvhdmi),
2102 - HDA_CODEC_ENTRY(0x10de0072, "GPU 72 HDMI/DP", patch_nvhdmi),
2103 - HDA_CODEC_ENTRY(0x10de007d, "GPU 7d HDMI/DP", patch_nvhdmi),
2104 -+HDA_CODEC_ENTRY(0x10de0080, "GPU 80 HDMI/DP", patch_nvhdmi),
2105 - HDA_CODEC_ENTRY(0x10de0082, "GPU 82 HDMI/DP", patch_nvhdmi),
2106 - HDA_CODEC_ENTRY(0x10de0083, "GPU 83 HDMI/DP", patch_nvhdmi),
2107 - HDA_CODEC_ENTRY(0x10de8001, "MCP73 HDMI", patch_nvhdmi_2ch),
2108 -diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c
2109 -index 90009c0..ab3c280 100644
2110 ---- a/sound/usb/line6/driver.c
2111 -+++ b/sound/usb/line6/driver.c
2112 -@@ -754,8 +754,9 @@ int line6_probe(struct usb_interface *interface,
2113 - goto error;
2114 - }
2115 -
2116 -+ line6_get_interval(line6);
2117 -+
2118 - if (properties->capabilities & LINE6_CAP_CONTROL) {
2119 -- line6_get_interval(line6);
2120 - ret = line6_init_cap_control(line6);
2121 - if (ret < 0)
2122 - goto error;
2123 -diff --git a/tools/perf/builtin-diff.c b/tools/perf/builtin-diff.c
2124 -index 9ff0db4..933aeec 100644
2125 ---- a/tools/perf/builtin-diff.c
2126 -+++ b/tools/perf/builtin-diff.c
2127 -@@ -1199,7 +1199,7 @@ static int ui_init(void)
2128 - BUG_ON(1);
2129 - }
2130 -
2131 -- perf_hpp__register_sort_field(fmt);
2132 -+ perf_hpp__prepend_sort_field(fmt);
2133 - return 0;
2134 - }
2135 -
2136 -diff --git a/tools/perf/ui/hist.c b/tools/perf/ui/hist.c
2137 -index 3738839..18cfcdc9 100644
2138 ---- a/tools/perf/ui/hist.c
2139 -+++ b/tools/perf/ui/hist.c
2140 -@@ -521,6 +521,12 @@ void perf_hpp_list__register_sort_field(struct perf_hpp_list *list,
2141 - list_add_tail(&format->sort_list, &list->sorts);
2142 - }
2143 -
2144 -+void perf_hpp_list__prepend_sort_field(struct perf_hpp_list *list,
2145 -+ struct perf_hpp_fmt *format)
2146 -+{
2147 -+ list_add(&format->sort_list, &list->sorts);
2148 -+}
2149 -+
2150 - void perf_hpp__column_unregister(struct perf_hpp_fmt *format)
2151 - {
2152 - list_del(&format->list);
2153 -@@ -560,6 +566,10 @@ void perf_hpp__setup_output_field(struct perf_hpp_list *list)
2154 - perf_hpp_list__for_each_sort_list(list, fmt) {
2155 - struct perf_hpp_fmt *pos;
2156 -
2157 -+ /* skip sort-only fields ("sort_compute" in perf diff) */
2158 -+ if (!fmt->entry && !fmt->color)
2159 -+ continue;
2160 -+
2161 - perf_hpp_list__for_each_format(list, pos) {
2162 - if (fmt_equal(fmt, pos))
2163 - goto next;
2164 -diff --git a/tools/perf/util/hist.h b/tools/perf/util/hist.h
2165 -index 9928fed..a440a04 100644
2166 ---- a/tools/perf/util/hist.h
2167 -+++ b/tools/perf/util/hist.h
2168 -@@ -282,6 +282,8 @@ void perf_hpp_list__column_register(struct perf_hpp_list *list,
2169 - struct perf_hpp_fmt *format);
2170 - void perf_hpp_list__register_sort_field(struct perf_hpp_list *list,
2171 - struct perf_hpp_fmt *format);
2172 -+void perf_hpp_list__prepend_sort_field(struct perf_hpp_list *list,
2173 -+ struct perf_hpp_fmt *format);
2174 -
2175 - static inline void perf_hpp__column_register(struct perf_hpp_fmt *format)
2176 - {
2177 -@@ -293,6 +295,11 @@ static inline void perf_hpp__register_sort_field(struct perf_hpp_fmt *format)
2178 - perf_hpp_list__register_sort_field(&perf_hpp_list, format);
2179 - }
2180 -
2181 -+static inline void perf_hpp__prepend_sort_field(struct perf_hpp_fmt *format)
2182 -+{
2183 -+ perf_hpp_list__prepend_sort_field(&perf_hpp_list, format);
2184 -+}
2185 -+
2186 - #define perf_hpp_list__for_each_format(_list, format) \
2187 - list_for_each_entry(format, &(_list)->fields, list)
2188 -
2189
2190 diff --git a/4.9.11/1010_linux-4.9.11.patch b/4.9.11/1010_linux-4.9.11.patch
2191 deleted file mode 100644
2192 index 59eb5c7..0000000
2193 --- a/4.9.11/1010_linux-4.9.11.patch
2194 +++ /dev/null
2195 @@ -1,1893 +0,0 @@
2196 -diff --git a/Makefile b/Makefile
2197 -index d2fe757..18b0c5a 100644
2198 ---- a/Makefile
2199 -+++ b/Makefile
2200 -@@ -1,6 +1,6 @@
2201 - VERSION = 4
2202 - PATCHLEVEL = 9
2203 --SUBLEVEL = 10
2204 -+SUBLEVEL = 11
2205 - EXTRAVERSION =
2206 - NAME = Roaring Lionus
2207 -
2208 -diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
2209 -index ebb4e95..96d80df 100644
2210 ---- a/arch/x86/kernel/fpu/core.c
2211 -+++ b/arch/x86/kernel/fpu/core.c
2212 -@@ -236,7 +236,8 @@ void fpstate_init(union fpregs_state *state)
2213 - * it will #GP. Make sure it is replaced after the memset().
2214 - */
2215 - if (static_cpu_has(X86_FEATURE_XSAVES))
2216 -- state->xsave.header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT;
2217 -+ state->xsave.header.xcomp_bv = XCOMP_BV_COMPACTED_FORMAT |
2218 -+ xfeatures_mask;
2219 -
2220 - if (static_cpu_has(X86_FEATURE_FXSR))
2221 - fpstate_init_fxstate(&state->fxsave);
2222 -diff --git a/drivers/net/ethernet/mellanox/mlx4/en_rx.c b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
2223 -index f2e8bed..4d3ddc2 100644
2224 ---- a/drivers/net/ethernet/mellanox/mlx4/en_rx.c
2225 -+++ b/drivers/net/ethernet/mellanox/mlx4/en_rx.c
2226 -@@ -507,8 +507,11 @@ void mlx4_en_recover_from_oom(struct mlx4_en_priv *priv)
2227 - return;
2228 -
2229 - for (ring = 0; ring < priv->rx_ring_num; ring++) {
2230 -- if (mlx4_en_is_ring_empty(priv->rx_ring[ring]))
2231 -+ if (mlx4_en_is_ring_empty(priv->rx_ring[ring])) {
2232 -+ local_bh_disable();
2233 - napi_reschedule(&priv->rx_cq[ring]->napi);
2234 -+ local_bh_enable();
2235 -+ }
2236 - }
2237 - }
2238 -
2239 -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en.h b/drivers/net/ethernet/mellanox/mlx5/core/en.h
2240 -index 71382df..81d8e3b 100644
2241 ---- a/drivers/net/ethernet/mellanox/mlx5/core/en.h
2242 -+++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h
2243 -@@ -765,7 +765,8 @@ void mlx5e_disable_vlan_filter(struct mlx5e_priv *priv);
2244 - int mlx5e_modify_rqs_vsd(struct mlx5e_priv *priv, bool vsd);
2245 -
2246 - int mlx5e_redirect_rqt(struct mlx5e_priv *priv, u32 rqtn, int sz, int ix);
2247 --void mlx5e_build_tir_ctx_hash(void *tirc, struct mlx5e_priv *priv);
2248 -+void mlx5e_build_indir_tir_ctx_hash(struct mlx5e_priv *priv, void *tirc,
2249 -+ enum mlx5e_traffic_types tt);
2250 -
2251 - int mlx5e_open_locked(struct net_device *netdev);
2252 - int mlx5e_close_locked(struct net_device *netdev);
2253 -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c
2254 -index 51c6a57..126cfeb 100644
2255 ---- a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c
2256 -+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c
2257 -@@ -975,15 +975,18 @@ static int mlx5e_get_rxfh(struct net_device *netdev, u32 *indir, u8 *key,
2258 -
2259 - static void mlx5e_modify_tirs_hash(struct mlx5e_priv *priv, void *in, int inlen)
2260 - {
2261 -- struct mlx5_core_dev *mdev = priv->mdev;
2262 - void *tirc = MLX5_ADDR_OF(modify_tir_in, in, ctx);
2263 -- int i;
2264 -+ struct mlx5_core_dev *mdev = priv->mdev;
2265 -+ int ctxlen = MLX5_ST_SZ_BYTES(tirc);
2266 -+ int tt;
2267 -
2268 - MLX5_SET(modify_tir_in, in, bitmask.hash, 1);
2269 -- mlx5e_build_tir_ctx_hash(tirc, priv);
2270 -
2271 -- for (i = 0; i < MLX5E_NUM_INDIR_TIRS; i++)
2272 -- mlx5_core_modify_tir(mdev, priv->indir_tir[i].tirn, in, inlen);
2273 -+ for (tt = 0; tt < MLX5E_NUM_INDIR_TIRS; tt++) {
2274 -+ memset(tirc, 0, ctxlen);
2275 -+ mlx5e_build_indir_tir_ctx_hash(priv, tirc, tt);
2276 -+ mlx5_core_modify_tir(mdev, priv->indir_tir[tt].tirn, in, inlen);
2277 -+ }
2278 - }
2279 -
2280 - static int mlx5e_set_rxfh(struct net_device *dev, const u32 *indir,
2281 -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
2282 -index 5dc3e24..b3067137 100644
2283 ---- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
2284 -+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
2285 -@@ -1978,8 +1978,23 @@ static void mlx5e_build_tir_ctx_lro(void *tirc, struct mlx5e_priv *priv)
2286 - MLX5_SET(tirc, tirc, lro_timeout_period_usecs, priv->params.lro_timeout);
2287 - }
2288 -
2289 --void mlx5e_build_tir_ctx_hash(void *tirc, struct mlx5e_priv *priv)
2290 -+void mlx5e_build_indir_tir_ctx_hash(struct mlx5e_priv *priv, void *tirc,
2291 -+ enum mlx5e_traffic_types tt)
2292 - {
2293 -+ void *hfso = MLX5_ADDR_OF(tirc, tirc, rx_hash_field_selector_outer);
2294 -+
2295 -+#define MLX5_HASH_IP (MLX5_HASH_FIELD_SEL_SRC_IP |\
2296 -+ MLX5_HASH_FIELD_SEL_DST_IP)
2297 -+
2298 -+#define MLX5_HASH_IP_L4PORTS (MLX5_HASH_FIELD_SEL_SRC_IP |\
2299 -+ MLX5_HASH_FIELD_SEL_DST_IP |\
2300 -+ MLX5_HASH_FIELD_SEL_L4_SPORT |\
2301 -+ MLX5_HASH_FIELD_SEL_L4_DPORT)
2302 -+
2303 -+#define MLX5_HASH_IP_IPSEC_SPI (MLX5_HASH_FIELD_SEL_SRC_IP |\
2304 -+ MLX5_HASH_FIELD_SEL_DST_IP |\
2305 -+ MLX5_HASH_FIELD_SEL_IPSEC_SPI)
2306 -+
2307 - MLX5_SET(tirc, tirc, rx_hash_fn,
2308 - mlx5e_rx_hash_fn(priv->params.rss_hfunc));
2309 - if (priv->params.rss_hfunc == ETH_RSS_HASH_TOP) {
2310 -@@ -1991,6 +2006,88 @@ void mlx5e_build_tir_ctx_hash(void *tirc, struct mlx5e_priv *priv)
2311 - MLX5_SET(tirc, tirc, rx_hash_symmetric, 1);
2312 - memcpy(rss_key, priv->params.toeplitz_hash_key, len);
2313 - }
2314 -+
2315 -+ switch (tt) {
2316 -+ case MLX5E_TT_IPV4_TCP:
2317 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2318 -+ MLX5_L3_PROT_TYPE_IPV4);
2319 -+ MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2320 -+ MLX5_L4_PROT_TYPE_TCP);
2321 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2322 -+ MLX5_HASH_IP_L4PORTS);
2323 -+ break;
2324 -+
2325 -+ case MLX5E_TT_IPV6_TCP:
2326 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2327 -+ MLX5_L3_PROT_TYPE_IPV6);
2328 -+ MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2329 -+ MLX5_L4_PROT_TYPE_TCP);
2330 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2331 -+ MLX5_HASH_IP_L4PORTS);
2332 -+ break;
2333 -+
2334 -+ case MLX5E_TT_IPV4_UDP:
2335 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2336 -+ MLX5_L3_PROT_TYPE_IPV4);
2337 -+ MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2338 -+ MLX5_L4_PROT_TYPE_UDP);
2339 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2340 -+ MLX5_HASH_IP_L4PORTS);
2341 -+ break;
2342 -+
2343 -+ case MLX5E_TT_IPV6_UDP:
2344 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2345 -+ MLX5_L3_PROT_TYPE_IPV6);
2346 -+ MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2347 -+ MLX5_L4_PROT_TYPE_UDP);
2348 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2349 -+ MLX5_HASH_IP_L4PORTS);
2350 -+ break;
2351 -+
2352 -+ case MLX5E_TT_IPV4_IPSEC_AH:
2353 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2354 -+ MLX5_L3_PROT_TYPE_IPV4);
2355 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2356 -+ MLX5_HASH_IP_IPSEC_SPI);
2357 -+ break;
2358 -+
2359 -+ case MLX5E_TT_IPV6_IPSEC_AH:
2360 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2361 -+ MLX5_L3_PROT_TYPE_IPV6);
2362 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2363 -+ MLX5_HASH_IP_IPSEC_SPI);
2364 -+ break;
2365 -+
2366 -+ case MLX5E_TT_IPV4_IPSEC_ESP:
2367 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2368 -+ MLX5_L3_PROT_TYPE_IPV4);
2369 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2370 -+ MLX5_HASH_IP_IPSEC_SPI);
2371 -+ break;
2372 -+
2373 -+ case MLX5E_TT_IPV6_IPSEC_ESP:
2374 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2375 -+ MLX5_L3_PROT_TYPE_IPV6);
2376 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2377 -+ MLX5_HASH_IP_IPSEC_SPI);
2378 -+ break;
2379 -+
2380 -+ case MLX5E_TT_IPV4:
2381 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2382 -+ MLX5_L3_PROT_TYPE_IPV4);
2383 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2384 -+ MLX5_HASH_IP);
2385 -+ break;
2386 -+
2387 -+ case MLX5E_TT_IPV6:
2388 -+ MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2389 -+ MLX5_L3_PROT_TYPE_IPV6);
2390 -+ MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2391 -+ MLX5_HASH_IP);
2392 -+ break;
2393 -+ default:
2394 -+ WARN_ONCE(true, "%s: bad traffic type!\n", __func__);
2395 -+ }
2396 - }
2397 -
2398 - static int mlx5e_modify_tirs_lro(struct mlx5e_priv *priv)
2399 -@@ -2360,110 +2457,13 @@ void mlx5e_cleanup_nic_tx(struct mlx5e_priv *priv)
2400 - static void mlx5e_build_indir_tir_ctx(struct mlx5e_priv *priv, u32 *tirc,
2401 - enum mlx5e_traffic_types tt)
2402 - {
2403 -- void *hfso = MLX5_ADDR_OF(tirc, tirc, rx_hash_field_selector_outer);
2404 --
2405 - MLX5_SET(tirc, tirc, transport_domain, priv->mdev->mlx5e_res.td.tdn);
2406 -
2407 --#define MLX5_HASH_IP (MLX5_HASH_FIELD_SEL_SRC_IP |\
2408 -- MLX5_HASH_FIELD_SEL_DST_IP)
2409 --
2410 --#define MLX5_HASH_IP_L4PORTS (MLX5_HASH_FIELD_SEL_SRC_IP |\
2411 -- MLX5_HASH_FIELD_SEL_DST_IP |\
2412 -- MLX5_HASH_FIELD_SEL_L4_SPORT |\
2413 -- MLX5_HASH_FIELD_SEL_L4_DPORT)
2414 --
2415 --#define MLX5_HASH_IP_IPSEC_SPI (MLX5_HASH_FIELD_SEL_SRC_IP |\
2416 -- MLX5_HASH_FIELD_SEL_DST_IP |\
2417 -- MLX5_HASH_FIELD_SEL_IPSEC_SPI)
2418 --
2419 - mlx5e_build_tir_ctx_lro(tirc, priv);
2420 -
2421 - MLX5_SET(tirc, tirc, disp_type, MLX5_TIRC_DISP_TYPE_INDIRECT);
2422 - MLX5_SET(tirc, tirc, indirect_table, priv->indir_rqt.rqtn);
2423 -- mlx5e_build_tir_ctx_hash(tirc, priv);
2424 --
2425 -- switch (tt) {
2426 -- case MLX5E_TT_IPV4_TCP:
2427 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2428 -- MLX5_L3_PROT_TYPE_IPV4);
2429 -- MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2430 -- MLX5_L4_PROT_TYPE_TCP);
2431 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2432 -- MLX5_HASH_IP_L4PORTS);
2433 -- break;
2434 --
2435 -- case MLX5E_TT_IPV6_TCP:
2436 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2437 -- MLX5_L3_PROT_TYPE_IPV6);
2438 -- MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2439 -- MLX5_L4_PROT_TYPE_TCP);
2440 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2441 -- MLX5_HASH_IP_L4PORTS);
2442 -- break;
2443 --
2444 -- case MLX5E_TT_IPV4_UDP:
2445 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2446 -- MLX5_L3_PROT_TYPE_IPV4);
2447 -- MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2448 -- MLX5_L4_PROT_TYPE_UDP);
2449 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2450 -- MLX5_HASH_IP_L4PORTS);
2451 -- break;
2452 --
2453 -- case MLX5E_TT_IPV6_UDP:
2454 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2455 -- MLX5_L3_PROT_TYPE_IPV6);
2456 -- MLX5_SET(rx_hash_field_select, hfso, l4_prot_type,
2457 -- MLX5_L4_PROT_TYPE_UDP);
2458 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2459 -- MLX5_HASH_IP_L4PORTS);
2460 -- break;
2461 --
2462 -- case MLX5E_TT_IPV4_IPSEC_AH:
2463 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2464 -- MLX5_L3_PROT_TYPE_IPV4);
2465 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2466 -- MLX5_HASH_IP_IPSEC_SPI);
2467 -- break;
2468 --
2469 -- case MLX5E_TT_IPV6_IPSEC_AH:
2470 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2471 -- MLX5_L3_PROT_TYPE_IPV6);
2472 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2473 -- MLX5_HASH_IP_IPSEC_SPI);
2474 -- break;
2475 --
2476 -- case MLX5E_TT_IPV4_IPSEC_ESP:
2477 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2478 -- MLX5_L3_PROT_TYPE_IPV4);
2479 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2480 -- MLX5_HASH_IP_IPSEC_SPI);
2481 -- break;
2482 --
2483 -- case MLX5E_TT_IPV6_IPSEC_ESP:
2484 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2485 -- MLX5_L3_PROT_TYPE_IPV6);
2486 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2487 -- MLX5_HASH_IP_IPSEC_SPI);
2488 -- break;
2489 --
2490 -- case MLX5E_TT_IPV4:
2491 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2492 -- MLX5_L3_PROT_TYPE_IPV4);
2493 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2494 -- MLX5_HASH_IP);
2495 -- break;
2496 --
2497 -- case MLX5E_TT_IPV6:
2498 -- MLX5_SET(rx_hash_field_select, hfso, l3_prot_type,
2499 -- MLX5_L3_PROT_TYPE_IPV6);
2500 -- MLX5_SET(rx_hash_field_select, hfso, selected_fields,
2501 -- MLX5_HASH_IP);
2502 -- break;
2503 -- default:
2504 -- WARN_ONCE(true,
2505 -- "mlx5e_build_indir_tir_ctx: bad traffic type!\n");
2506 -- }
2507 -+ mlx5e_build_indir_tir_ctx_hash(priv, tirc, tt);
2508 - }
2509 -
2510 - static void mlx5e_build_direct_tir_ctx(struct mlx5e_priv *priv, u32 *tirc,
2511 -diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
2512 -index 914e546..7e20e4b 100644
2513 ---- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
2514 -+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c
2515 -@@ -1110,9 +1110,8 @@ static struct mlx5_flow_rule *add_rule_fg(struct mlx5_flow_group *fg,
2516 - return rule;
2517 - }
2518 - rule = add_rule_fte(fte, fg, dest);
2519 -- unlock_ref_node(&fte->node);
2520 - if (IS_ERR(rule))
2521 -- goto unlock_fg;
2522 -+ goto unlock_fte;
2523 - else
2524 - goto add_rule;
2525 - }
2526 -@@ -1130,6 +1129,7 @@ static struct mlx5_flow_rule *add_rule_fg(struct mlx5_flow_group *fg,
2527 - goto unlock_fg;
2528 - }
2529 - tree_init_node(&fte->node, 0, del_fte);
2530 -+ nested_lock_ref_node(&fte->node, FS_MUTEX_CHILD);
2531 - rule = add_rule_fte(fte, fg, dest);
2532 - if (IS_ERR(rule)) {
2533 - kfree(fte);
2534 -@@ -1142,6 +1142,8 @@ static struct mlx5_flow_rule *add_rule_fg(struct mlx5_flow_group *fg,
2535 - list_add(&fte->node.list, prev);
2536 - add_rule:
2537 - tree_add_node(&rule->node, &fte->node);
2538 -+unlock_fte:
2539 -+ unlock_ref_node(&fte->node);
2540 - unlock_fg:
2541 - unlock_ref_node(&fg->node);
2542 - return rule;
2543 -diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c b/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c
2544 -index 7df4ff1..7d19029 100644
2545 ---- a/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c
2546 -+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c
2547 -@@ -305,8 +305,12 @@ static int dwmac1000_irq_status(struct mac_device_info *hw,
2548 - {
2549 - void __iomem *ioaddr = hw->pcsr;
2550 - u32 intr_status = readl(ioaddr + GMAC_INT_STATUS);
2551 -+ u32 intr_mask = readl(ioaddr + GMAC_INT_MASK);
2552 - int ret = 0;
2553 -
2554 -+ /* Discard masked bits */
2555 -+ intr_status &= ~intr_mask;
2556 -+
2557 - /* Not used events (e.g. MMC interrupts) are not handled. */
2558 - if ((intr_status & GMAC_INT_STATUS_MMCTIS))
2559 - x->mmc_tx_irq_n++;
2560 -diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
2561 -index 6255973..1b65f0f 100644
2562 ---- a/drivers/net/loopback.c
2563 -+++ b/drivers/net/loopback.c
2564 -@@ -164,6 +164,7 @@ static void loopback_setup(struct net_device *dev)
2565 - {
2566 - dev->mtu = 64 * 1024;
2567 - dev->hard_header_len = ETH_HLEN; /* 14 */
2568 -+ dev->min_header_len = ETH_HLEN; /* 14 */
2569 - dev->addr_len = ETH_ALEN; /* 6 */
2570 - dev->type = ARPHRD_LOOPBACK; /* 0x0001*/
2571 - dev->flags = IFF_LOOPBACK;
2572 -diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
2573 -index 6f38daf..adea6f5 100644
2574 ---- a/drivers/net/macvtap.c
2575 -+++ b/drivers/net/macvtap.c
2576 -@@ -682,7 +682,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
2577 - ssize_t n;
2578 -
2579 - if (q->flags & IFF_VNET_HDR) {
2580 -- vnet_hdr_len = q->vnet_hdr_sz;
2581 -+ vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz);
2582 -
2583 - err = -EINVAL;
2584 - if (len < vnet_hdr_len)
2585 -@@ -822,7 +822,7 @@ static ssize_t macvtap_put_user(struct macvtap_queue *q,
2586 -
2587 - if (q->flags & IFF_VNET_HDR) {
2588 - struct virtio_net_hdr vnet_hdr;
2589 -- vnet_hdr_len = q->vnet_hdr_sz;
2590 -+ vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz);
2591 - if (iov_iter_count(iter) < vnet_hdr_len)
2592 - return -EINVAL;
2593 -
2594 -diff --git a/drivers/net/tun.c b/drivers/net/tun.c
2595 -index 18402d7..b31aca8 100644
2596 ---- a/drivers/net/tun.c
2597 -+++ b/drivers/net/tun.c
2598 -@@ -1187,9 +1187,11 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
2599 - }
2600 -
2601 - if (tun->flags & IFF_VNET_HDR) {
2602 -- if (len < tun->vnet_hdr_sz)
2603 -+ int vnet_hdr_sz = READ_ONCE(tun->vnet_hdr_sz);
2604 -+
2605 -+ if (len < vnet_hdr_sz)
2606 - return -EINVAL;
2607 -- len -= tun->vnet_hdr_sz;
2608 -+ len -= vnet_hdr_sz;
2609 -
2610 - n = copy_from_iter(&gso, sizeof(gso), from);
2611 - if (n != sizeof(gso))
2612 -@@ -1201,7 +1203,7 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
2613 -
2614 - if (tun16_to_cpu(tun, gso.hdr_len) > len)
2615 - return -EINVAL;
2616 -- iov_iter_advance(from, tun->vnet_hdr_sz - sizeof(gso));
2617 -+ iov_iter_advance(from, vnet_hdr_sz - sizeof(gso));
2618 - }
2619 -
2620 - if ((tun->flags & TUN_TYPE_MASK) == IFF_TAP) {
2621 -@@ -1348,7 +1350,7 @@ static ssize_t tun_put_user(struct tun_struct *tun,
2622 - vlan_hlen = VLAN_HLEN;
2623 -
2624 - if (tun->flags & IFF_VNET_HDR)
2625 -- vnet_hdr_sz = tun->vnet_hdr_sz;
2626 -+ vnet_hdr_sz = READ_ONCE(tun->vnet_hdr_sz);
2627 -
2628 - total = skb->len + vlan_hlen + vnet_hdr_sz;
2629 -
2630 -diff --git a/drivers/net/usb/catc.c b/drivers/net/usb/catc.c
2631 -index d9ca05d..4086415 100644
2632 ---- a/drivers/net/usb/catc.c
2633 -+++ b/drivers/net/usb/catc.c
2634 -@@ -777,7 +777,7 @@ static int catc_probe(struct usb_interface *intf, const struct usb_device_id *id
2635 - struct net_device *netdev;
2636 - struct catc *catc;
2637 - u8 broadcast[ETH_ALEN];
2638 -- int i, pktsz;
2639 -+ int pktsz, ret;
2640 -
2641 - if (usb_set_interface(usbdev,
2642 - intf->altsetting->desc.bInterfaceNumber, 1)) {
2643 -@@ -812,12 +812,8 @@ static int catc_probe(struct usb_interface *intf, const struct usb_device_id *id
2644 - if ((!catc->ctrl_urb) || (!catc->tx_urb) ||
2645 - (!catc->rx_urb) || (!catc->irq_urb)) {
2646 - dev_err(&intf->dev, "No free urbs available.\n");
2647 -- usb_free_urb(catc->ctrl_urb);
2648 -- usb_free_urb(catc->tx_urb);
2649 -- usb_free_urb(catc->rx_urb);
2650 -- usb_free_urb(catc->irq_urb);
2651 -- free_netdev(netdev);
2652 -- return -ENOMEM;
2653 -+ ret = -ENOMEM;
2654 -+ goto fail_free;
2655 - }
2656 -
2657 - /* The F5U011 has the same vendor/product as the netmate but a device version of 0x130 */
2658 -@@ -845,15 +841,24 @@ static int catc_probe(struct usb_interface *intf, const struct usb_device_id *id
2659 - catc->irq_buf, 2, catc_irq_done, catc, 1);
2660 -
2661 - if (!catc->is_f5u011) {
2662 -+ u32 *buf;
2663 -+ int i;
2664 -+
2665 - dev_dbg(dev, "Checking memory size\n");
2666 -
2667 -- i = 0x12345678;
2668 -- catc_write_mem(catc, 0x7a80, &i, 4);
2669 -- i = 0x87654321;
2670 -- catc_write_mem(catc, 0xfa80, &i, 4);
2671 -- catc_read_mem(catc, 0x7a80, &i, 4);
2672 -+ buf = kmalloc(4, GFP_KERNEL);
2673 -+ if (!buf) {
2674 -+ ret = -ENOMEM;
2675 -+ goto fail_free;
2676 -+ }
2677 -+
2678 -+ *buf = 0x12345678;
2679 -+ catc_write_mem(catc, 0x7a80, buf, 4);
2680 -+ *buf = 0x87654321;
2681 -+ catc_write_mem(catc, 0xfa80, buf, 4);
2682 -+ catc_read_mem(catc, 0x7a80, buf, 4);
2683 -
2684 -- switch (i) {
2685 -+ switch (*buf) {
2686 - case 0x12345678:
2687 - catc_set_reg(catc, TxBufCount, 8);
2688 - catc_set_reg(catc, RxBufCount, 32);
2689 -@@ -868,6 +873,8 @@ static int catc_probe(struct usb_interface *intf, const struct usb_device_id *id
2690 - dev_dbg(dev, "32k Memory\n");
2691 - break;
2692 - }
2693 -+
2694 -+ kfree(buf);
2695 -
2696 - dev_dbg(dev, "Getting MAC from SEEROM.\n");
2697 -
2698 -@@ -914,16 +921,21 @@ static int catc_probe(struct usb_interface *intf, const struct usb_device_id *id
2699 - usb_set_intfdata(intf, catc);
2700 -
2701 - SET_NETDEV_DEV(netdev, &intf->dev);
2702 -- if (register_netdev(netdev) != 0) {
2703 -- usb_set_intfdata(intf, NULL);
2704 -- usb_free_urb(catc->ctrl_urb);
2705 -- usb_free_urb(catc->tx_urb);
2706 -- usb_free_urb(catc->rx_urb);
2707 -- usb_free_urb(catc->irq_urb);
2708 -- free_netdev(netdev);
2709 -- return -EIO;
2710 -- }
2711 -+ ret = register_netdev(netdev);
2712 -+ if (ret)
2713 -+ goto fail_clear_intfdata;
2714 -+
2715 - return 0;
2716 -+
2717 -+fail_clear_intfdata:
2718 -+ usb_set_intfdata(intf, NULL);
2719 -+fail_free:
2720 -+ usb_free_urb(catc->ctrl_urb);
2721 -+ usb_free_urb(catc->tx_urb);
2722 -+ usb_free_urb(catc->rx_urb);
2723 -+ usb_free_urb(catc->irq_urb);
2724 -+ free_netdev(netdev);
2725 -+ return ret;
2726 - }
2727 -
2728 - static void catc_disconnect(struct usb_interface *intf)
2729 -diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
2730 -index 1434e5d..ee40ac2 100644
2731 ---- a/drivers/net/usb/pegasus.c
2732 -+++ b/drivers/net/usb/pegasus.c
2733 -@@ -126,40 +126,61 @@ static void async_ctrl_callback(struct urb *urb)
2734 -
2735 - static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
2736 - {
2737 -+ u8 *buf;
2738 - int ret;
2739 -
2740 -+ buf = kmalloc(size, GFP_NOIO);
2741 -+ if (!buf)
2742 -+ return -ENOMEM;
2743 -+
2744 - ret = usb_control_msg(pegasus->usb, usb_rcvctrlpipe(pegasus->usb, 0),
2745 - PEGASUS_REQ_GET_REGS, PEGASUS_REQT_READ, 0,
2746 -- indx, data, size, 1000);
2747 -+ indx, buf, size, 1000);
2748 - if (ret < 0)
2749 - netif_dbg(pegasus, drv, pegasus->net,
2750 - "%s returned %d\n", __func__, ret);
2751 -+ else if (ret <= size)
2752 -+ memcpy(data, buf, ret);
2753 -+ kfree(buf);
2754 - return ret;
2755 - }
2756 -
2757 --static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
2758 -+static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size,
2759 -+ const void *data)
2760 - {
2761 -+ u8 *buf;
2762 - int ret;
2763 -
2764 -+ buf = kmemdup(data, size, GFP_NOIO);
2765 -+ if (!buf)
2766 -+ return -ENOMEM;
2767 -+
2768 - ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
2769 - PEGASUS_REQ_SET_REGS, PEGASUS_REQT_WRITE, 0,
2770 -- indx, data, size, 100);
2771 -+ indx, buf, size, 100);
2772 - if (ret < 0)
2773 - netif_dbg(pegasus, drv, pegasus->net,
2774 - "%s returned %d\n", __func__, ret);
2775 -+ kfree(buf);
2776 - return ret;
2777 - }
2778 -
2779 - static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data)
2780 - {
2781 -+ u8 *buf;
2782 - int ret;
2783 -
2784 -+ buf = kmemdup(&data, 1, GFP_NOIO);
2785 -+ if (!buf)
2786 -+ return -ENOMEM;
2787 -+
2788 - ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
2789 - PEGASUS_REQ_SET_REG, PEGASUS_REQT_WRITE, data,
2790 -- indx, &data, 1, 1000);
2791 -+ indx, buf, 1, 1000);
2792 - if (ret < 0)
2793 - netif_dbg(pegasus, drv, pegasus->net,
2794 - "%s returned %d\n", __func__, ret);
2795 -+ kfree(buf);
2796 - return ret;
2797 - }
2798 -
2799 -diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
2800 -index 7c72bfa..dc4f7ea 100644
2801 ---- a/drivers/net/usb/rtl8150.c
2802 -+++ b/drivers/net/usb/rtl8150.c
2803 -@@ -155,16 +155,36 @@ static const char driver_name [] = "rtl8150";
2804 - */
2805 - static int get_registers(rtl8150_t * dev, u16 indx, u16 size, void *data)
2806 - {
2807 -- return usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0),
2808 -- RTL8150_REQ_GET_REGS, RTL8150_REQT_READ,
2809 -- indx, 0, data, size, 500);
2810 -+ void *buf;
2811 -+ int ret;
2812 -+
2813 -+ buf = kmalloc(size, GFP_NOIO);
2814 -+ if (!buf)
2815 -+ return -ENOMEM;
2816 -+
2817 -+ ret = usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0),
2818 -+ RTL8150_REQ_GET_REGS, RTL8150_REQT_READ,
2819 -+ indx, 0, buf, size, 500);
2820 -+ if (ret > 0 && ret <= size)
2821 -+ memcpy(data, buf, ret);
2822 -+ kfree(buf);
2823 -+ return ret;
2824 - }
2825 -
2826 --static int set_registers(rtl8150_t * dev, u16 indx, u16 size, void *data)
2827 -+static int set_registers(rtl8150_t * dev, u16 indx, u16 size, const void *data)
2828 - {
2829 -- return usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
2830 -- RTL8150_REQ_SET_REGS, RTL8150_REQT_WRITE,
2831 -- indx, 0, data, size, 500);
2832 -+ void *buf;
2833 -+ int ret;
2834 -+
2835 -+ buf = kmemdup(data, size, GFP_NOIO);
2836 -+ if (!buf)
2837 -+ return -ENOMEM;
2838 -+
2839 -+ ret = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
2840 -+ RTL8150_REQ_SET_REGS, RTL8150_REQT_WRITE,
2841 -+ indx, 0, buf, size, 500);
2842 -+ kfree(buf);
2843 -+ return ret;
2844 - }
2845 -
2846 - static void async_set_reg_cb(struct urb *urb)
2847 -diff --git a/include/linux/can/core.h b/include/linux/can/core.h
2848 -index a087500..df08a41 100644
2849 ---- a/include/linux/can/core.h
2850 -+++ b/include/linux/can/core.h
2851 -@@ -45,10 +45,9 @@ struct can_proto {
2852 - extern int can_proto_register(const struct can_proto *cp);
2853 - extern void can_proto_unregister(const struct can_proto *cp);
2854 -
2855 --extern int can_rx_register(struct net_device *dev, canid_t can_id,
2856 -- canid_t mask,
2857 -- void (*func)(struct sk_buff *, void *),
2858 -- void *data, char *ident);
2859 -+int can_rx_register(struct net_device *dev, canid_t can_id, canid_t mask,
2860 -+ void (*func)(struct sk_buff *, void *),
2861 -+ void *data, char *ident, struct sock *sk);
2862 -
2863 - extern void can_rx_unregister(struct net_device *dev, canid_t can_id,
2864 - canid_t mask,
2865 -diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
2866 -index d83590e..bb9b102 100644
2867 ---- a/include/linux/netdevice.h
2868 -+++ b/include/linux/netdevice.h
2869 -@@ -1508,6 +1508,7 @@ enum netdev_priv_flags {
2870 - * @mtu: Interface MTU value
2871 - * @type: Interface hardware type
2872 - * @hard_header_len: Maximum hardware header length.
2873 -+ * @min_header_len: Minimum hardware header length
2874 - *
2875 - * @needed_headroom: Extra headroom the hardware may need, but not in all
2876 - * cases can this be guaranteed
2877 -@@ -1728,6 +1729,7 @@ struct net_device {
2878 - unsigned int mtu;
2879 - unsigned short type;
2880 - unsigned short hard_header_len;
2881 -+ unsigned short min_header_len;
2882 -
2883 - unsigned short needed_headroom;
2884 - unsigned short needed_tailroom;
2885 -@@ -2783,6 +2785,8 @@ static inline bool dev_validate_header(const struct net_device *dev,
2886 - {
2887 - if (likely(len >= dev->hard_header_len))
2888 - return true;
2889 -+ if (len < dev->min_header_len)
2890 -+ return false;
2891 -
2892 - if (capable(CAP_SYS_RAWIO)) {
2893 - memset(ll_header + len, 0, dev->hard_header_len - len);
2894 -diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
2895 -index 3ebb168..a34b141 100644
2896 ---- a/include/net/cipso_ipv4.h
2897 -+++ b/include/net/cipso_ipv4.h
2898 -@@ -309,6 +309,10 @@ static inline int cipso_v4_validate(const struct sk_buff *skb,
2899 - }
2900 -
2901 - for (opt_iter = 6; opt_iter < opt_len;) {
2902 -+ if (opt_iter + 1 == opt_len) {
2903 -+ err_offset = opt_iter;
2904 -+ goto out;
2905 -+ }
2906 - tag_len = opt[opt_iter + 1];
2907 - if ((tag_len == 0) || (tag_len > (opt_len - opt_iter))) {
2908 - err_offset = opt_iter + 1;
2909 -diff --git a/include/net/ipv6.h b/include/net/ipv6.h
2910 -index f11ca83..7f15f95 100644
2911 ---- a/include/net/ipv6.h
2912 -+++ b/include/net/ipv6.h
2913 -@@ -871,7 +871,7 @@ int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb);
2914 - * upper-layer output functions
2915 - */
2916 - int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
2917 -- struct ipv6_txoptions *opt, int tclass);
2918 -+ __u32 mark, struct ipv6_txoptions *opt, int tclass);
2919 -
2920 - int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr);
2921 -
2922 -diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
2923 -index fc7c0db..3f40132 100644
2924 ---- a/include/net/lwtunnel.h
2925 -+++ b/include/net/lwtunnel.h
2926 -@@ -176,7 +176,10 @@ static inline int lwtunnel_valid_encap_type(u16 encap_type)
2927 - }
2928 - static inline int lwtunnel_valid_encap_type_attr(struct nlattr *attr, int len)
2929 - {
2930 -- return -EOPNOTSUPP;
2931 -+ /* return 0 since we are not walking attr looking for
2932 -+ * RTA_ENCAP_TYPE attribute on nexthops.
2933 -+ */
2934 -+ return 0;
2935 - }
2936 -
2937 - static inline int lwtunnel_build_state(struct net_device *dev, u16 encap_type,
2938 -diff --git a/net/can/af_can.c b/net/can/af_can.c
2939 -index 1108079..5488e4a 100644
2940 ---- a/net/can/af_can.c
2941 -+++ b/net/can/af_can.c
2942 -@@ -445,6 +445,7 @@ static struct hlist_head *find_rcv_list(canid_t *can_id, canid_t *mask,
2943 - * @func: callback function on filter match
2944 - * @data: returned parameter for callback function
2945 - * @ident: string for calling module identification
2946 -+ * @sk: socket pointer (might be NULL)
2947 - *
2948 - * Description:
2949 - * Invokes the callback function with the received sk_buff and the given
2950 -@@ -468,7 +469,7 @@ static struct hlist_head *find_rcv_list(canid_t *can_id, canid_t *mask,
2951 - */
2952 - int can_rx_register(struct net_device *dev, canid_t can_id, canid_t mask,
2953 - void (*func)(struct sk_buff *, void *), void *data,
2954 -- char *ident)
2955 -+ char *ident, struct sock *sk)
2956 - {
2957 - struct receiver *r;
2958 - struct hlist_head *rl;
2959 -@@ -496,6 +497,7 @@ int can_rx_register(struct net_device *dev, canid_t can_id, canid_t mask,
2960 - r->func = func;
2961 - r->data = data;
2962 - r->ident = ident;
2963 -+ r->sk = sk;
2964 -
2965 - hlist_add_head_rcu(&r->list, rl);
2966 - d->entries++;
2967 -@@ -520,8 +522,11 @@ EXPORT_SYMBOL(can_rx_register);
2968 - static void can_rx_delete_receiver(struct rcu_head *rp)
2969 - {
2970 - struct receiver *r = container_of(rp, struct receiver, rcu);
2971 -+ struct sock *sk = r->sk;
2972 -
2973 - kmem_cache_free(rcv_cache, r);
2974 -+ if (sk)
2975 -+ sock_put(sk);
2976 - }
2977 -
2978 - /**
2979 -@@ -596,8 +601,11 @@ void can_rx_unregister(struct net_device *dev, canid_t can_id, canid_t mask,
2980 - spin_unlock(&can_rcvlists_lock);
2981 -
2982 - /* schedule the receiver item for deletion */
2983 -- if (r)
2984 -+ if (r) {
2985 -+ if (r->sk)
2986 -+ sock_hold(r->sk);
2987 - call_rcu(&r->rcu, can_rx_delete_receiver);
2988 -+ }
2989 - }
2990 - EXPORT_SYMBOL(can_rx_unregister);
2991 -
2992 -diff --git a/net/can/af_can.h b/net/can/af_can.h
2993 -index fca0fe9..b86f512 100644
2994 ---- a/net/can/af_can.h
2995 -+++ b/net/can/af_can.h
2996 -@@ -50,13 +50,14 @@
2997 -
2998 - struct receiver {
2999 - struct hlist_node list;
3000 -- struct rcu_head rcu;
3001 - canid_t can_id;
3002 - canid_t mask;
3003 - unsigned long matches;
3004 - void (*func)(struct sk_buff *, void *);
3005 - void *data;
3006 - char *ident;
3007 -+ struct sock *sk;
3008 -+ struct rcu_head rcu;
3009 - };
3010 -
3011 - #define CAN_SFF_RCV_ARRAY_SZ (1 << CAN_SFF_ID_BITS)
3012 -diff --git a/net/can/bcm.c b/net/can/bcm.c
3013 -index 5e9ed5e..e4f694d 100644
3014 ---- a/net/can/bcm.c
3015 -+++ b/net/can/bcm.c
3016 -@@ -1225,7 +1225,7 @@ static int bcm_rx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
3017 - err = can_rx_register(dev, op->can_id,
3018 - REGMASK(op->can_id),
3019 - bcm_rx_handler, op,
3020 -- "bcm");
3021 -+ "bcm", sk);
3022 -
3023 - op->rx_reg_dev = dev;
3024 - dev_put(dev);
3025 -@@ -1234,7 +1234,7 @@ static int bcm_rx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg,
3026 - } else
3027 - err = can_rx_register(NULL, op->can_id,
3028 - REGMASK(op->can_id),
3029 -- bcm_rx_handler, op, "bcm");
3030 -+ bcm_rx_handler, op, "bcm", sk);
3031 - if (err) {
3032 - /* this bcm rx op is broken -> remove it */
3033 - list_del(&op->list);
3034 -diff --git a/net/can/gw.c b/net/can/gw.c
3035 -index 4551687..77c8af4 100644
3036 ---- a/net/can/gw.c
3037 -+++ b/net/can/gw.c
3038 -@@ -442,7 +442,7 @@ static inline int cgw_register_filter(struct cgw_job *gwj)
3039 - {
3040 - return can_rx_register(gwj->src.dev, gwj->ccgw.filter.can_id,
3041 - gwj->ccgw.filter.can_mask, can_can_gw_rcv,
3042 -- gwj, "gw");
3043 -+ gwj, "gw", NULL);
3044 - }
3045 -
3046 - static inline void cgw_unregister_filter(struct cgw_job *gwj)
3047 -diff --git a/net/can/raw.c b/net/can/raw.c
3048 -index b075f02..6dc546a 100644
3049 ---- a/net/can/raw.c
3050 -+++ b/net/can/raw.c
3051 -@@ -190,7 +190,7 @@ static int raw_enable_filters(struct net_device *dev, struct sock *sk,
3052 - for (i = 0; i < count; i++) {
3053 - err = can_rx_register(dev, filter[i].can_id,
3054 - filter[i].can_mask,
3055 -- raw_rcv, sk, "raw");
3056 -+ raw_rcv, sk, "raw", sk);
3057 - if (err) {
3058 - /* clean up successfully registered filters */
3059 - while (--i >= 0)
3060 -@@ -211,7 +211,7 @@ static int raw_enable_errfilter(struct net_device *dev, struct sock *sk,
3061 -
3062 - if (err_mask)
3063 - err = can_rx_register(dev, 0, err_mask | CAN_ERR_FLAG,
3064 -- raw_rcv, sk, "raw");
3065 -+ raw_rcv, sk, "raw", sk);
3066 -
3067 - return err;
3068 - }
3069 -diff --git a/net/core/dev.c b/net/core/dev.c
3070 -index df51c50..60b0a604 100644
3071 ---- a/net/core/dev.c
3072 -+++ b/net/core/dev.c
3073 -@@ -1696,24 +1696,19 @@ EXPORT_SYMBOL_GPL(net_dec_egress_queue);
3074 -
3075 - static struct static_key netstamp_needed __read_mostly;
3076 - #ifdef HAVE_JUMP_LABEL
3077 --/* We are not allowed to call static_key_slow_dec() from irq context
3078 -- * If net_disable_timestamp() is called from irq context, defer the
3079 -- * static_key_slow_dec() calls.
3080 -- */
3081 - static atomic_t netstamp_needed_deferred;
3082 --#endif
3083 --
3084 --void net_enable_timestamp(void)
3085 -+static void netstamp_clear(struct work_struct *work)
3086 - {
3087 --#ifdef HAVE_JUMP_LABEL
3088 - int deferred = atomic_xchg(&netstamp_needed_deferred, 0);
3089 -
3090 -- if (deferred) {
3091 -- while (--deferred)
3092 -- static_key_slow_dec(&netstamp_needed);
3093 -- return;
3094 -- }
3095 -+ while (deferred--)
3096 -+ static_key_slow_dec(&netstamp_needed);
3097 -+}
3098 -+static DECLARE_WORK(netstamp_work, netstamp_clear);
3099 - #endif
3100 -+
3101 -+void net_enable_timestamp(void)
3102 -+{
3103 - static_key_slow_inc(&netstamp_needed);
3104 - }
3105 - EXPORT_SYMBOL(net_enable_timestamp);
3106 -@@ -1721,12 +1716,12 @@ EXPORT_SYMBOL(net_enable_timestamp);
3107 - void net_disable_timestamp(void)
3108 - {
3109 - #ifdef HAVE_JUMP_LABEL
3110 -- if (in_interrupt()) {
3111 -- atomic_inc(&netstamp_needed_deferred);
3112 -- return;
3113 -- }
3114 --#endif
3115 -+ /* net_disable_timestamp() can be called from non process context */
3116 -+ atomic_inc(&netstamp_needed_deferred);
3117 -+ schedule_work(&netstamp_work);
3118 -+#else
3119 - static_key_slow_dec(&netstamp_needed);
3120 -+#endif
3121 - }
3122 - EXPORT_SYMBOL(net_disable_timestamp);
3123 -
3124 -diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
3125 -index 715e5d1..7506c03 100644
3126 ---- a/net/dccp/ipv6.c
3127 -+++ b/net/dccp/ipv6.c
3128 -@@ -227,7 +227,7 @@ static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req
3129 - opt = ireq->ipv6_opt;
3130 - if (!opt)
3131 - opt = rcu_dereference(np->opt);
3132 -- err = ip6_xmit(sk, skb, &fl6, opt, np->tclass);
3133 -+ err = ip6_xmit(sk, skb, &fl6, sk->sk_mark, opt, np->tclass);
3134 - rcu_read_unlock();
3135 - err = net_xmit_eval(err);
3136 - }
3137 -@@ -281,7 +281,7 @@ static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
3138 - dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
3139 - if (!IS_ERR(dst)) {
3140 - skb_dst_set(skb, dst);
3141 -- ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);
3142 -+ ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0);
3143 - DCCP_INC_STATS(DCCP_MIB_OUTSEGS);
3144 - DCCP_INC_STATS(DCCP_MIB_OUTRSTS);
3145 - return;
3146 -diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c
3147 -index da38621..0f99297 100644
3148 ---- a/net/dsa/dsa2.c
3149 -+++ b/net/dsa/dsa2.c
3150 -@@ -273,6 +273,7 @@ static int dsa_user_port_apply(struct device_node *port, u32 index,
3151 - if (err) {
3152 - dev_warn(ds->dev, "Failed to create slave %d: %d\n",
3153 - index, err);
3154 -+ ds->ports[index].netdev = NULL;
3155 - return err;
3156 - }
3157 -
3158 -diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c
3159 -index 02acfff..24d7aff 100644
3160 ---- a/net/ethernet/eth.c
3161 -+++ b/net/ethernet/eth.c
3162 -@@ -356,6 +356,7 @@ void ether_setup(struct net_device *dev)
3163 - dev->header_ops = &eth_header_ops;
3164 - dev->type = ARPHRD_ETHER;
3165 - dev->hard_header_len = ETH_HLEN;
3166 -+ dev->min_header_len = ETH_HLEN;
3167 - dev->mtu = ETH_DATA_LEN;
3168 - dev->addr_len = ETH_ALEN;
3169 - dev->tx_queue_len = 1000; /* Ethernet wants good queues */
3170 -diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
3171 -index 72d6f05..ae20616 100644
3172 ---- a/net/ipv4/cipso_ipv4.c
3173 -+++ b/net/ipv4/cipso_ipv4.c
3174 -@@ -1587,6 +1587,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option)
3175 - goto validate_return_locked;
3176 - }
3177 -
3178 -+ if (opt_iter + 1 == opt_len) {
3179 -+ err_offset = opt_iter;
3180 -+ goto validate_return_locked;
3181 -+ }
3182 - tag_len = tag[1];
3183 - if (tag_len > (opt_len - opt_iter)) {
3184 - err_offset = opt_iter + 1;
3185 -diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
3186 -index 32a08bc..1bc623d 100644
3187 ---- a/net/ipv4/igmp.c
3188 -+++ b/net/ipv4/igmp.c
3189 -@@ -1172,6 +1172,7 @@ static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im)
3190 - psf->sf_crcount = im->crcount;
3191 - }
3192 - in_dev_put(pmc->interface);
3193 -+ kfree(pmc);
3194 - }
3195 - spin_unlock_bh(&im->lock);
3196 - }
3197 -diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
3198 -index 877bdb0..e5c1dbe 100644
3199 ---- a/net/ipv4/ip_output.c
3200 -+++ b/net/ipv4/ip_output.c
3201 -@@ -1606,6 +1606,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb,
3202 - sk->sk_protocol = ip_hdr(skb)->protocol;
3203 - sk->sk_bound_dev_if = arg->bound_dev_if;
3204 - sk->sk_sndbuf = sysctl_wmem_default;
3205 -+ sk->sk_mark = fl4.flowi4_mark;
3206 - err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base,
3207 - len, 0, &ipc, &rt, MSG_DONTWAIT);
3208 - if (unlikely(err)) {
3209 -diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
3210 -index f226f408..65336f3 100644
3211 ---- a/net/ipv4/ip_sockglue.c
3212 -+++ b/net/ipv4/ip_sockglue.c
3213 -@@ -1215,7 +1215,14 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb)
3214 - pktinfo->ipi_ifindex = 0;
3215 - pktinfo->ipi_spec_dst.s_addr = 0;
3216 - }
3217 -- skb_dst_drop(skb);
3218 -+ /* We need to keep the dst for __ip_options_echo()
3219 -+ * We could restrict the test to opt.ts_needtime || opt.srr,
3220 -+ * but the following is good enough as IP options are not often used.
3221 -+ */
3222 -+ if (unlikely(IPCB(skb)->opt.optlen))
3223 -+ skb_dst_force(skb);
3224 -+ else
3225 -+ skb_dst_drop(skb);
3226 - }
3227 -
3228 - int ip_setsockopt(struct sock *sk, int level,
3229 -diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
3230 -index 96b8e2b..105c074 100644
3231 ---- a/net/ipv4/ping.c
3232 -+++ b/net/ipv4/ping.c
3233 -@@ -642,6 +642,8 @@ static int ping_v4_push_pending_frames(struct sock *sk, struct pingfakehdr *pfh,
3234 - {
3235 - struct sk_buff *skb = skb_peek(&sk->sk_write_queue);
3236 -
3237 -+ if (!skb)
3238 -+ return 0;
3239 - pfh->wcheck = csum_partial((char *)&pfh->icmph,
3240 - sizeof(struct icmphdr), pfh->wcheck);
3241 - pfh->icmph.checksum = csum_fold(pfh->wcheck);
3242 -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
3243 -index 814af89..6a90a0e 100644
3244 ---- a/net/ipv4/tcp.c
3245 -+++ b/net/ipv4/tcp.c
3246 -@@ -772,6 +772,12 @@ ssize_t tcp_splice_read(struct socket *sock, loff_t *ppos,
3247 - ret = -EAGAIN;
3248 - break;
3249 - }
3250 -+ /* if __tcp_splice_read() got nothing while we have
3251 -+ * an skb in receive queue, we do not want to loop.
3252 -+ * This might happen with URG data.
3253 -+ */
3254 -+ if (!skb_queue_empty(&sk->sk_receive_queue))
3255 -+ break;
3256 - sk_wait_data(sk, &timeo, NULL);
3257 - if (signal_pending(current)) {
3258 - ret = sock_intr_errno(timeo);
3259 -diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
3260 -index 896e9df..65d6189 100644
3261 ---- a/net/ipv4/tcp_output.c
3262 -+++ b/net/ipv4/tcp_output.c
3263 -@@ -2436,9 +2436,11 @@ u32 __tcp_select_window(struct sock *sk)
3264 - int full_space = min_t(int, tp->window_clamp, allowed_space);
3265 - int window;
3266 -
3267 -- if (mss > full_space)
3268 -+ if (unlikely(mss > full_space)) {
3269 - mss = full_space;
3270 --
3271 -+ if (mss <= 0)
3272 -+ return 0;
3273 -+ }
3274 - if (free_space < (full_space >> 1)) {
3275 - icsk->icsk_ack.quick = 0;
3276 -
3277 -diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
3278 -index 532c3ef..798a095 100644
3279 ---- a/net/ipv6/inet6_connection_sock.c
3280 -+++ b/net/ipv6/inet6_connection_sock.c
3281 -@@ -173,7 +173,7 @@ int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused
3282 - /* Restore final destination back after routing done */
3283 - fl6.daddr = sk->sk_v6_daddr;
3284 -
3285 -- res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt),
3286 -+ res = ip6_xmit(sk, skb, &fl6, sk->sk_mark, rcu_dereference(np->opt),
3287 - np->tclass);
3288 - rcu_read_unlock();
3289 - return res;
3290 -diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
3291 -index d7d6d3a..0a59220 100644
3292 ---- a/net/ipv6/ip6_gre.c
3293 -+++ b/net/ipv6/ip6_gre.c
3294 -@@ -367,35 +367,37 @@ static void ip6gre_tunnel_uninit(struct net_device *dev)
3295 -
3296 -
3297 - static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
3298 -- u8 type, u8 code, int offset, __be32 info)
3299 -+ u8 type, u8 code, int offset, __be32 info)
3300 - {
3301 -- const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)skb->data;
3302 -- __be16 *p = (__be16 *)(skb->data + offset);
3303 -- int grehlen = offset + 4;
3304 -+ const struct gre_base_hdr *greh;
3305 -+ const struct ipv6hdr *ipv6h;
3306 -+ int grehlen = sizeof(*greh);
3307 - struct ip6_tnl *t;
3308 -+ int key_off = 0;
3309 - __be16 flags;
3310 -+ __be32 key;
3311 -
3312 -- flags = p[0];
3313 -- if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
3314 -- if (flags&(GRE_VERSION|GRE_ROUTING))
3315 -- return;
3316 -- if (flags&GRE_KEY) {
3317 -- grehlen += 4;
3318 -- if (flags&GRE_CSUM)
3319 -- grehlen += 4;
3320 -- }
3321 -+ if (!pskb_may_pull(skb, offset + grehlen))
3322 -+ return;
3323 -+ greh = (const struct gre_base_hdr *)(skb->data + offset);
3324 -+ flags = greh->flags;
3325 -+ if (flags & (GRE_VERSION | GRE_ROUTING))
3326 -+ return;
3327 -+ if (flags & GRE_CSUM)
3328 -+ grehlen += 4;
3329 -+ if (flags & GRE_KEY) {
3330 -+ key_off = grehlen + offset;
3331 -+ grehlen += 4;
3332 - }
3333 -
3334 -- /* If only 8 bytes returned, keyed message will be dropped here */
3335 -- if (!pskb_may_pull(skb, grehlen))
3336 -+ if (!pskb_may_pull(skb, offset + grehlen))
3337 - return;
3338 - ipv6h = (const struct ipv6hdr *)skb->data;
3339 -- p = (__be16 *)(skb->data + offset);
3340 -+ greh = (const struct gre_base_hdr *)(skb->data + offset);
3341 -+ key = key_off ? *(__be32 *)(skb->data + key_off) : 0;
3342 -
3343 - t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr,
3344 -- flags & GRE_KEY ?
3345 -- *(((__be32 *)p) + (grehlen / 4) - 1) : 0,
3346 -- p[1]);
3347 -+ key, greh->protocol);
3348 - if (!t)
3349 - return;
3350 -
3351 -diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
3352 -index 59eb4ed..9a87bfb 100644
3353 ---- a/net/ipv6/ip6_output.c
3354 -+++ b/net/ipv6/ip6_output.c
3355 -@@ -163,7 +163,7 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
3356 - * which are using proper atomic operations or spinlocks.
3357 - */
3358 - int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
3359 -- struct ipv6_txoptions *opt, int tclass)
3360 -+ __u32 mark, struct ipv6_txoptions *opt, int tclass)
3361 - {
3362 - struct net *net = sock_net(sk);
3363 - const struct ipv6_pinfo *np = inet6_sk(sk);
3364 -@@ -230,7 +230,7 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
3365 -
3366 - skb->protocol = htons(ETH_P_IPV6);
3367 - skb->priority = sk->sk_priority;
3368 -- skb->mark = sk->sk_mark;
3369 -+ skb->mark = mark;
3370 -
3371 - mtu = dst_mtu(dst);
3372 - if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
3373 -diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
3374 -index f95437f..f6ba452 100644
3375 ---- a/net/ipv6/ip6_tunnel.c
3376 -+++ b/net/ipv6/ip6_tunnel.c
3377 -@@ -400,18 +400,19 @@ ip6_tnl_dev_uninit(struct net_device *dev)
3378 -
3379 - __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
3380 - {
3381 -- const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) raw;
3382 -- __u8 nexthdr = ipv6h->nexthdr;
3383 -- __u16 off = sizeof(*ipv6h);
3384 -+ const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw;
3385 -+ unsigned int nhoff = raw - skb->data;
3386 -+ unsigned int off = nhoff + sizeof(*ipv6h);
3387 -+ u8 next, nexthdr = ipv6h->nexthdr;
3388 -
3389 - while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) {
3390 -- __u16 optlen = 0;
3391 - struct ipv6_opt_hdr *hdr;
3392 -- if (raw + off + sizeof(*hdr) > skb->data &&
3393 -- !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr)))
3394 -+ u16 optlen;
3395 -+
3396 -+ if (!pskb_may_pull(skb, off + sizeof(*hdr)))
3397 - break;
3398 -
3399 -- hdr = (struct ipv6_opt_hdr *) (raw + off);
3400 -+ hdr = (struct ipv6_opt_hdr *)(skb->data + off);
3401 - if (nexthdr == NEXTHDR_FRAGMENT) {
3402 - struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr;
3403 - if (frag_hdr->frag_off)
3404 -@@ -422,20 +423,29 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
3405 - } else {
3406 - optlen = ipv6_optlen(hdr);
3407 - }
3408 -+ /* cache hdr->nexthdr, since pskb_may_pull() might
3409 -+ * invalidate hdr
3410 -+ */
3411 -+ next = hdr->nexthdr;
3412 - if (nexthdr == NEXTHDR_DEST) {
3413 -- __u16 i = off + 2;
3414 -+ u16 i = 2;
3415 -+
3416 -+ /* Remember : hdr is no longer valid at this point. */
3417 -+ if (!pskb_may_pull(skb, off + optlen))
3418 -+ break;
3419 -+
3420 - while (1) {
3421 - struct ipv6_tlv_tnl_enc_lim *tel;
3422 -
3423 - /* No more room for encapsulation limit */
3424 -- if (i + sizeof (*tel) > off + optlen)
3425 -+ if (i + sizeof(*tel) > optlen)
3426 - break;
3427 -
3428 -- tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i];
3429 -+ tel = (struct ipv6_tlv_tnl_enc_lim *)(skb->data + off + i);
3430 - /* return index of option if found and valid */
3431 - if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
3432 - tel->length == 1)
3433 -- return i;
3434 -+ return i + off - nhoff;
3435 - /* else jump to next option */
3436 - if (tel->type)
3437 - i += tel->length + 2;
3438 -@@ -443,7 +453,7 @@ __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
3439 - i++;
3440 - }
3441 - }
3442 -- nexthdr = hdr->nexthdr;
3443 -+ nexthdr = next;
3444 - off += optlen;
3445 - }
3446 - return 0;
3447 -diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
3448 -index 14a3903..1bdc703 100644
3449 ---- a/net/ipv6/mcast.c
3450 -+++ b/net/ipv6/mcast.c
3451 -@@ -81,7 +81,7 @@ static void mld_gq_timer_expire(unsigned long data);
3452 - static void mld_ifc_timer_expire(unsigned long data);
3453 - static void mld_ifc_event(struct inet6_dev *idev);
3454 - static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *pmc);
3455 --static void mld_del_delrec(struct inet6_dev *idev, const struct in6_addr *addr);
3456 -+static void mld_del_delrec(struct inet6_dev *idev, struct ifmcaddr6 *pmc);
3457 - static void mld_clear_delrec(struct inet6_dev *idev);
3458 - static bool mld_in_v1_mode(const struct inet6_dev *idev);
3459 - static int sf_setstate(struct ifmcaddr6 *pmc);
3460 -@@ -692,9 +692,9 @@ static void igmp6_group_dropped(struct ifmcaddr6 *mc)
3461 - dev_mc_del(dev, buf);
3462 - }
3463 -
3464 -- if (mc->mca_flags & MAF_NOREPORT)
3465 -- goto done;
3466 - spin_unlock_bh(&mc->mca_lock);
3467 -+ if (mc->mca_flags & MAF_NOREPORT)
3468 -+ return;
3469 -
3470 - if (!mc->idev->dead)
3471 - igmp6_leave_group(mc);
3472 -@@ -702,8 +702,6 @@ static void igmp6_group_dropped(struct ifmcaddr6 *mc)
3473 - spin_lock_bh(&mc->mca_lock);
3474 - if (del_timer(&mc->mca_timer))
3475 - atomic_dec(&mc->mca_refcnt);
3476 --done:
3477 -- ip6_mc_clear_src(mc);
3478 - spin_unlock_bh(&mc->mca_lock);
3479 - }
3480 -
3481 -@@ -748,10 +746,11 @@ static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im)
3482 - spin_unlock_bh(&idev->mc_lock);
3483 - }
3484 -
3485 --static void mld_del_delrec(struct inet6_dev *idev, const struct in6_addr *pmca)
3486 -+static void mld_del_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im)
3487 - {
3488 - struct ifmcaddr6 *pmc, *pmc_prev;
3489 -- struct ip6_sf_list *psf, *psf_next;
3490 -+ struct ip6_sf_list *psf;
3491 -+ struct in6_addr *pmca = &im->mca_addr;
3492 -
3493 - spin_lock_bh(&idev->mc_lock);
3494 - pmc_prev = NULL;
3495 -@@ -768,14 +767,21 @@ static void mld_del_delrec(struct inet6_dev *idev, const struct in6_addr *pmca)
3496 - }
3497 - spin_unlock_bh(&idev->mc_lock);
3498 -
3499 -+ spin_lock_bh(&im->mca_lock);
3500 - if (pmc) {
3501 -- for (psf = pmc->mca_tomb; psf; psf = psf_next) {
3502 -- psf_next = psf->sf_next;
3503 -- kfree(psf);
3504 -+ im->idev = pmc->idev;
3505 -+ im->mca_crcount = idev->mc_qrv;
3506 -+ im->mca_sfmode = pmc->mca_sfmode;
3507 -+ if (pmc->mca_sfmode == MCAST_INCLUDE) {
3508 -+ im->mca_tomb = pmc->mca_tomb;
3509 -+ im->mca_sources = pmc->mca_sources;
3510 -+ for (psf = im->mca_sources; psf; psf = psf->sf_next)
3511 -+ psf->sf_crcount = im->mca_crcount;
3512 - }
3513 - in6_dev_put(pmc->idev);
3514 - kfree(pmc);
3515 - }
3516 -+ spin_unlock_bh(&im->mca_lock);
3517 - }
3518 -
3519 - static void mld_clear_delrec(struct inet6_dev *idev)
3520 -@@ -904,7 +910,7 @@ int ipv6_dev_mc_inc(struct net_device *dev, const struct in6_addr *addr)
3521 - mca_get(mc);
3522 - write_unlock_bh(&idev->lock);
3523 -
3524 -- mld_del_delrec(idev, &mc->mca_addr);
3525 -+ mld_del_delrec(idev, mc);
3526 - igmp6_group_added(mc);
3527 - ma_put(mc);
3528 - return 0;
3529 -@@ -927,6 +933,7 @@ int __ipv6_dev_mc_dec(struct inet6_dev *idev, const struct in6_addr *addr)
3530 - write_unlock_bh(&idev->lock);
3531 -
3532 - igmp6_group_dropped(ma);
3533 -+ ip6_mc_clear_src(ma);
3534 -
3535 - ma_put(ma);
3536 - return 0;
3537 -@@ -2501,15 +2508,17 @@ void ipv6_mc_down(struct inet6_dev *idev)
3538 - /* Withdraw multicast list */
3539 -
3540 - read_lock_bh(&idev->lock);
3541 -- mld_ifc_stop_timer(idev);
3542 -- mld_gq_stop_timer(idev);
3543 -- mld_dad_stop_timer(idev);
3544 -
3545 - for (i = idev->mc_list; i; i = i->next)
3546 - igmp6_group_dropped(i);
3547 -- read_unlock_bh(&idev->lock);
3548 -
3549 -- mld_clear_delrec(idev);
3550 -+ /* Should stop timer after group drop. or we will
3551 -+ * start timer again in mld_ifc_event()
3552 -+ */
3553 -+ mld_ifc_stop_timer(idev);
3554 -+ mld_gq_stop_timer(idev);
3555 -+ mld_dad_stop_timer(idev);
3556 -+ read_unlock_bh(&idev->lock);
3557 - }
3558 -
3559 - static void ipv6_mc_reset(struct inet6_dev *idev)
3560 -@@ -2531,8 +2540,10 @@ void ipv6_mc_up(struct inet6_dev *idev)
3561 -
3562 - read_lock_bh(&idev->lock);
3563 - ipv6_mc_reset(idev);
3564 -- for (i = idev->mc_list; i; i = i->next)
3565 -+ for (i = idev->mc_list; i; i = i->next) {
3566 -+ mld_del_delrec(idev, i);
3567 - igmp6_group_added(i);
3568 -+ }
3569 - read_unlock_bh(&idev->lock);
3570 - }
3571 -
3572 -@@ -2565,6 +2576,7 @@ void ipv6_mc_destroy_dev(struct inet6_dev *idev)
3573 -
3574 - /* Deactivate timers */
3575 - ipv6_mc_down(idev);
3576 -+ mld_clear_delrec(idev);
3577 -
3578 - /* Delete all-nodes address. */
3579 - /* We cannot call ipv6_dev_mc_dec() directly, our caller in
3580 -@@ -2579,11 +2591,9 @@ void ipv6_mc_destroy_dev(struct inet6_dev *idev)
3581 - write_lock_bh(&idev->lock);
3582 - while ((i = idev->mc_list) != NULL) {
3583 - idev->mc_list = i->next;
3584 -- write_unlock_bh(&idev->lock);
3585 -
3586 -- igmp6_group_dropped(i);
3587 -+ write_unlock_bh(&idev->lock);
3588 - ma_put(i);
3589 --
3590 - write_lock_bh(&idev->lock);
3591 - }
3592 - write_unlock_bh(&idev->lock);
3593 -diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
3594 -index b1cdf80..40d7405 100644
3595 ---- a/net/ipv6/sit.c
3596 -+++ b/net/ipv6/sit.c
3597 -@@ -1390,6 +1390,7 @@ static int ipip6_tunnel_init(struct net_device *dev)
3598 - err = dst_cache_init(&tunnel->dst_cache, GFP_KERNEL);
3599 - if (err) {
3600 - free_percpu(dev->tstats);
3601 -+ dev->tstats = NULL;
3602 - return err;
3603 - }
3604 -
3605 -diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
3606 -index b9f1fee..6673965 100644
3607 ---- a/net/ipv6/tcp_ipv6.c
3608 -+++ b/net/ipv6/tcp_ipv6.c
3609 -@@ -467,7 +467,7 @@ static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
3610 - opt = ireq->ipv6_opt;
3611 - if (!opt)
3612 - opt = rcu_dereference(np->opt);
3613 -- err = ip6_xmit(sk, skb, fl6, opt, np->tclass);
3614 -+ err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
3615 - rcu_read_unlock();
3616 - err = net_xmit_eval(err);
3617 - }
3618 -@@ -837,7 +837,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32
3619 - dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
3620 - if (!IS_ERR(dst)) {
3621 - skb_dst_set(buff, dst);
3622 -- ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
3623 -+ ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
3624 - TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
3625 - if (rst)
3626 - TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
3627 -@@ -987,6 +987,16 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
3628 - return 0; /* don't send reset */
3629 - }
3630 -
3631 -+static void tcp_v6_restore_cb(struct sk_buff *skb)
3632 -+{
3633 -+ /* We need to move header back to the beginning if xfrm6_policy_check()
3634 -+ * and tcp_v6_fill_cb() are going to be called again.
3635 -+ * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
3636 -+ */
3637 -+ memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
3638 -+ sizeof(struct inet6_skb_parm));
3639 -+}
3640 -+
3641 - static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
3642 - struct request_sock *req,
3643 - struct dst_entry *dst,
3644 -@@ -1178,8 +1188,10 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
3645 - sk_gfp_mask(sk, GFP_ATOMIC));
3646 - consume_skb(ireq->pktopts);
3647 - ireq->pktopts = NULL;
3648 -- if (newnp->pktoptions)
3649 -+ if (newnp->pktoptions) {
3650 -+ tcp_v6_restore_cb(newnp->pktoptions);
3651 - skb_set_owner_r(newnp->pktoptions, newsk);
3652 -+ }
3653 - }
3654 - }
3655 -
3656 -@@ -1194,16 +1206,6 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
3657 - return NULL;
3658 - }
3659 -
3660 --static void tcp_v6_restore_cb(struct sk_buff *skb)
3661 --{
3662 -- /* We need to move header back to the beginning if xfrm6_policy_check()
3663 -- * and tcp_v6_fill_cb() are going to be called again.
3664 -- * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
3665 -- */
3666 -- memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
3667 -- sizeof(struct inet6_skb_parm));
3668 --}
3669 --
3670 - /* The socket must have it's spinlock held when we get
3671 - * here, unless it is a TCP_LISTEN socket.
3672 - *
3673 -diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
3674 -index 2599af6..181e755c 100644
3675 ---- a/net/l2tp/l2tp_core.h
3676 -+++ b/net/l2tp/l2tp_core.h
3677 -@@ -273,6 +273,7 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb,
3678 - int l2tp_nl_register_ops(enum l2tp_pwtype pw_type,
3679 - const struct l2tp_nl_cmd_ops *ops);
3680 - void l2tp_nl_unregister_ops(enum l2tp_pwtype pw_type);
3681 -+int l2tp_ioctl(struct sock *sk, int cmd, unsigned long arg);
3682 -
3683 - /* Session reference counts. Incremented when code obtains a reference
3684 - * to a session.
3685 -diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c
3686 -index 8938b6b..c0f0750 100644
3687 ---- a/net/l2tp/l2tp_ip.c
3688 -+++ b/net/l2tp/l2tp_ip.c
3689 -@@ -11,6 +11,7 @@
3690 -
3691 - #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3692 -
3693 -+#include <asm/ioctls.h>
3694 - #include <linux/icmp.h>
3695 - #include <linux/module.h>
3696 - #include <linux/skbuff.h>
3697 -@@ -560,6 +561,30 @@ static int l2tp_ip_recvmsg(struct sock *sk, struct msghdr *msg,
3698 - return err ? err : copied;
3699 - }
3700 -
3701 -+int l2tp_ioctl(struct sock *sk, int cmd, unsigned long arg)
3702 -+{
3703 -+ struct sk_buff *skb;
3704 -+ int amount;
3705 -+
3706 -+ switch (cmd) {
3707 -+ case SIOCOUTQ:
3708 -+ amount = sk_wmem_alloc_get(sk);
3709 -+ break;
3710 -+ case SIOCINQ:
3711 -+ spin_lock_bh(&sk->sk_receive_queue.lock);
3712 -+ skb = skb_peek(&sk->sk_receive_queue);
3713 -+ amount = skb ? skb->len : 0;
3714 -+ spin_unlock_bh(&sk->sk_receive_queue.lock);
3715 -+ break;
3716 -+
3717 -+ default:
3718 -+ return -ENOIOCTLCMD;
3719 -+ }
3720 -+
3721 -+ return put_user(amount, (int __user *)arg);
3722 -+}
3723 -+EXPORT_SYMBOL(l2tp_ioctl);
3724 -+
3725 - static struct proto l2tp_ip_prot = {
3726 - .name = "L2TP/IP",
3727 - .owner = THIS_MODULE,
3728 -@@ -568,7 +593,7 @@ static struct proto l2tp_ip_prot = {
3729 - .bind = l2tp_ip_bind,
3730 - .connect = l2tp_ip_connect,
3731 - .disconnect = l2tp_ip_disconnect,
3732 -- .ioctl = udp_ioctl,
3733 -+ .ioctl = l2tp_ioctl,
3734 - .destroy = l2tp_ip_destroy_sock,
3735 - .setsockopt = ip_setsockopt,
3736 - .getsockopt = ip_getsockopt,
3737 -diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
3738 -index aa821cb..1a65c9a 100644
3739 ---- a/net/l2tp/l2tp_ip6.c
3740 -+++ b/net/l2tp/l2tp_ip6.c
3741 -@@ -729,7 +729,7 @@ static struct proto l2tp_ip6_prot = {
3742 - .bind = l2tp_ip6_bind,
3743 - .connect = l2tp_ip6_connect,
3744 - .disconnect = l2tp_ip6_disconnect,
3745 -- .ioctl = udp_ioctl,
3746 -+ .ioctl = l2tp_ioctl,
3747 - .destroy = l2tp_ip6_destroy_sock,
3748 - .setsockopt = ipv6_setsockopt,
3749 - .getsockopt = ipv6_getsockopt,
3750 -diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
3751 -index 94e4a59..458722b 100644
3752 ---- a/net/packet/af_packet.c
3753 -+++ b/net/packet/af_packet.c
3754 -@@ -2813,7 +2813,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
3755 - struct virtio_net_hdr vnet_hdr = { 0 };
3756 - int offset = 0;
3757 - struct packet_sock *po = pkt_sk(sk);
3758 -- int hlen, tlen;
3759 -+ int hlen, tlen, linear;
3760 - int extra_len = 0;
3761 -
3762 - /*
3763 -@@ -2874,8 +2874,9 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
3764 - err = -ENOBUFS;
3765 - hlen = LL_RESERVED_SPACE(dev);
3766 - tlen = dev->needed_tailroom;
3767 -- skb = packet_alloc_skb(sk, hlen + tlen, hlen, len,
3768 -- __virtio16_to_cpu(vio_le(), vnet_hdr.hdr_len),
3769 -+ linear = __virtio16_to_cpu(vio_le(), vnet_hdr.hdr_len);
3770 -+ linear = max(linear, min_t(int, len, dev->hard_header_len));
3771 -+ skb = packet_alloc_skb(sk, hlen + tlen, hlen, len, linear,
3772 - msg->msg_flags & MSG_DONTWAIT, &err);
3773 - if (skb == NULL)
3774 - goto out_unlock;
3775 -diff --git a/net/sched/cls_matchall.c b/net/sched/cls_matchall.c
3776 -index f935429..b12bc2a 100644
3777 ---- a/net/sched/cls_matchall.c
3778 -+++ b/net/sched/cls_matchall.c
3779 -@@ -16,16 +16,11 @@
3780 - #include <net/sch_generic.h>
3781 - #include <net/pkt_cls.h>
3782 -
3783 --struct cls_mall_filter {
3784 -+struct cls_mall_head {
3785 - struct tcf_exts exts;
3786 - struct tcf_result res;
3787 - u32 handle;
3788 -- struct rcu_head rcu;
3789 - u32 flags;
3790 --};
3791 --
3792 --struct cls_mall_head {
3793 -- struct cls_mall_filter *filter;
3794 - struct rcu_head rcu;
3795 - };
3796 -
3797 -@@ -33,38 +28,29 @@ static int mall_classify(struct sk_buff *skb, const struct tcf_proto *tp,
3798 - struct tcf_result *res)
3799 - {
3800 - struct cls_mall_head *head = rcu_dereference_bh(tp->root);
3801 -- struct cls_mall_filter *f = head->filter;
3802 -
3803 -- if (tc_skip_sw(f->flags))
3804 -+ if (tc_skip_sw(head->flags))
3805 - return -1;
3806 -
3807 -- return tcf_exts_exec(skb, &f->exts, res);
3808 -+ return tcf_exts_exec(skb, &head->exts, res);
3809 - }
3810 -
3811 - static int mall_init(struct tcf_proto *tp)
3812 - {
3813 -- struct cls_mall_head *head;
3814 --
3815 -- head = kzalloc(sizeof(*head), GFP_KERNEL);
3816 -- if (!head)
3817 -- return -ENOBUFS;
3818 --
3819 -- rcu_assign_pointer(tp->root, head);
3820 --
3821 - return 0;
3822 - }
3823 -
3824 --static void mall_destroy_filter(struct rcu_head *head)
3825 -+static void mall_destroy_rcu(struct rcu_head *rcu)
3826 - {
3827 -- struct cls_mall_filter *f = container_of(head, struct cls_mall_filter, rcu);
3828 -+ struct cls_mall_head *head = container_of(rcu, struct cls_mall_head,
3829 -+ rcu);
3830 -
3831 -- tcf_exts_destroy(&f->exts);
3832 --
3833 -- kfree(f);
3834 -+ tcf_exts_destroy(&head->exts);
3835 -+ kfree(head);
3836 - }
3837 -
3838 - static int mall_replace_hw_filter(struct tcf_proto *tp,
3839 -- struct cls_mall_filter *f,
3840 -+ struct cls_mall_head *head,
3841 - unsigned long cookie)
3842 - {
3843 - struct net_device *dev = tp->q->dev_queue->dev;
3844 -@@ -74,7 +60,7 @@ static int mall_replace_hw_filter(struct tcf_proto *tp,
3845 - offload.type = TC_SETUP_MATCHALL;
3846 - offload.cls_mall = &mall_offload;
3847 - offload.cls_mall->command = TC_CLSMATCHALL_REPLACE;
3848 -- offload.cls_mall->exts = &f->exts;
3849 -+ offload.cls_mall->exts = &head->exts;
3850 - offload.cls_mall->cookie = cookie;
3851 -
3852 - return dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol,
3853 -@@ -82,7 +68,7 @@ static int mall_replace_hw_filter(struct tcf_proto *tp,
3854 - }
3855 -
3856 - static void mall_destroy_hw_filter(struct tcf_proto *tp,
3857 -- struct cls_mall_filter *f,
3858 -+ struct cls_mall_head *head,
3859 - unsigned long cookie)
3860 - {
3861 - struct net_device *dev = tp->q->dev_queue->dev;
3862 -@@ -103,29 +89,20 @@ static bool mall_destroy(struct tcf_proto *tp, bool force)
3863 - {
3864 - struct cls_mall_head *head = rtnl_dereference(tp->root);
3865 - struct net_device *dev = tp->q->dev_queue->dev;
3866 -- struct cls_mall_filter *f = head->filter;
3867 -
3868 -- if (!force && f)
3869 -- return false;
3870 -+ if (!head)
3871 -+ return true;
3872 -
3873 -- if (f) {
3874 -- if (tc_should_offload(dev, tp, f->flags))
3875 -- mall_destroy_hw_filter(tp, f, (unsigned long) f);
3876 -+ if (tc_should_offload(dev, tp, head->flags))
3877 -+ mall_destroy_hw_filter(tp, head, (unsigned long) head);
3878 -
3879 -- call_rcu(&f->rcu, mall_destroy_filter);
3880 -- }
3881 -- kfree_rcu(head, rcu);
3882 -+ call_rcu(&head->rcu, mall_destroy_rcu);
3883 - return true;
3884 - }
3885 -
3886 - static unsigned long mall_get(struct tcf_proto *tp, u32 handle)
3887 - {
3888 -- struct cls_mall_head *head = rtnl_dereference(tp->root);
3889 -- struct cls_mall_filter *f = head->filter;
3890 --
3891 -- if (f && f->handle == handle)
3892 -- return (unsigned long) f;
3893 -- return 0;
3894 -+ return 0UL;
3895 - }
3896 -
3897 - static const struct nla_policy mall_policy[TCA_MATCHALL_MAX + 1] = {
3898 -@@ -134,7 +111,7 @@ static const struct nla_policy mall_policy[TCA_MATCHALL_MAX + 1] = {
3899 - };
3900 -
3901 - static int mall_set_parms(struct net *net, struct tcf_proto *tp,
3902 -- struct cls_mall_filter *f,
3903 -+ struct cls_mall_head *head,
3904 - unsigned long base, struct nlattr **tb,
3905 - struct nlattr *est, bool ovr)
3906 - {
3907 -@@ -147,11 +124,11 @@ static int mall_set_parms(struct net *net, struct tcf_proto *tp,
3908 - return err;
3909 -
3910 - if (tb[TCA_MATCHALL_CLASSID]) {
3911 -- f->res.classid = nla_get_u32(tb[TCA_MATCHALL_CLASSID]);
3912 -- tcf_bind_filter(tp, &f->res, base);
3913 -+ head->res.classid = nla_get_u32(tb[TCA_MATCHALL_CLASSID]);
3914 -+ tcf_bind_filter(tp, &head->res, base);
3915 - }
3916 -
3917 -- tcf_exts_change(tp, &f->exts, &e);
3918 -+ tcf_exts_change(tp, &head->exts, &e);
3919 -
3920 - return 0;
3921 - }
3922 -@@ -162,21 +139,17 @@ static int mall_change(struct net *net, struct sk_buff *in_skb,
3923 - unsigned long *arg, bool ovr)
3924 - {
3925 - struct cls_mall_head *head = rtnl_dereference(tp->root);
3926 -- struct cls_mall_filter *fold = (struct cls_mall_filter *) *arg;
3927 - struct net_device *dev = tp->q->dev_queue->dev;
3928 -- struct cls_mall_filter *f;
3929 - struct nlattr *tb[TCA_MATCHALL_MAX + 1];
3930 -+ struct cls_mall_head *new;
3931 - u32 flags = 0;
3932 - int err;
3933 -
3934 - if (!tca[TCA_OPTIONS])
3935 - return -EINVAL;
3936 -
3937 -- if (head->filter)
3938 -- return -EBUSY;
3939 --
3940 -- if (fold)
3941 -- return -EINVAL;
3942 -+ if (head)
3943 -+ return -EEXIST;
3944 -
3945 - err = nla_parse_nested(tb, TCA_MATCHALL_MAX,
3946 - tca[TCA_OPTIONS], mall_policy);
3947 -@@ -189,23 +162,23 @@ static int mall_change(struct net *net, struct sk_buff *in_skb,
3948 - return -EINVAL;
3949 - }
3950 -
3951 -- f = kzalloc(sizeof(*f), GFP_KERNEL);
3952 -- if (!f)
3953 -+ new = kzalloc(sizeof(*new), GFP_KERNEL);
3954 -+ if (!new)
3955 - return -ENOBUFS;
3956 -
3957 -- tcf_exts_init(&f->exts, TCA_MATCHALL_ACT, 0);
3958 -+ tcf_exts_init(&new->exts, TCA_MATCHALL_ACT, 0);
3959 -
3960 - if (!handle)
3961 - handle = 1;
3962 -- f->handle = handle;
3963 -- f->flags = flags;
3964 -+ new->handle = handle;
3965 -+ new->flags = flags;
3966 -
3967 -- err = mall_set_parms(net, tp, f, base, tb, tca[TCA_RATE], ovr);
3968 -+ err = mall_set_parms(net, tp, new, base, tb, tca[TCA_RATE], ovr);
3969 - if (err)
3970 - goto errout;
3971 -
3972 - if (tc_should_offload(dev, tp, flags)) {
3973 -- err = mall_replace_hw_filter(tp, f, (unsigned long) f);
3974 -+ err = mall_replace_hw_filter(tp, new, (unsigned long) new);
3975 - if (err) {
3976 - if (tc_skip_sw(flags))
3977 - goto errout;
3978 -@@ -214,39 +187,29 @@ static int mall_change(struct net *net, struct sk_buff *in_skb,
3979 - }
3980 - }
3981 -
3982 -- *arg = (unsigned long) f;
3983 -- rcu_assign_pointer(head->filter, f);
3984 --
3985 -+ *arg = (unsigned long) head;
3986 -+ rcu_assign_pointer(tp->root, new);
3987 -+ if (head)
3988 -+ call_rcu(&head->rcu, mall_destroy_rcu);
3989 - return 0;
3990 -
3991 - errout:
3992 -- kfree(f);
3993 -+ kfree(new);
3994 - return err;
3995 - }
3996 -
3997 - static int mall_delete(struct tcf_proto *tp, unsigned long arg)
3998 - {
3999 -- struct cls_mall_head *head = rtnl_dereference(tp->root);
4000 -- struct cls_mall_filter *f = (struct cls_mall_filter *) arg;
4001 -- struct net_device *dev = tp->q->dev_queue->dev;
4002 --
4003 -- if (tc_should_offload(dev, tp, f->flags))
4004 -- mall_destroy_hw_filter(tp, f, (unsigned long) f);
4005 --
4006 -- RCU_INIT_POINTER(head->filter, NULL);
4007 -- tcf_unbind_filter(tp, &f->res);
4008 -- call_rcu(&f->rcu, mall_destroy_filter);
4009 -- return 0;
4010 -+ return -EOPNOTSUPP;
4011 - }
4012 -
4013 - static void mall_walk(struct tcf_proto *tp, struct tcf_walker *arg)
4014 - {
4015 - struct cls_mall_head *head = rtnl_dereference(tp->root);
4016 -- struct cls_mall_filter *f = head->filter;
4017 -
4018 - if (arg->count < arg->skip)
4019 - goto skip;
4020 -- if (arg->fn(tp, (unsigned long) f, arg) < 0)
4021 -+ if (arg->fn(tp, (unsigned long) head, arg) < 0)
4022 - arg->stop = 1;
4023 - skip:
4024 - arg->count++;
4025 -@@ -255,28 +218,28 @@ static void mall_walk(struct tcf_proto *tp, struct tcf_walker *arg)
4026 - static int mall_dump(struct net *net, struct tcf_proto *tp, unsigned long fh,
4027 - struct sk_buff *skb, struct tcmsg *t)
4028 - {
4029 -- struct cls_mall_filter *f = (struct cls_mall_filter *) fh;
4030 -+ struct cls_mall_head *head = (struct cls_mall_head *) fh;
4031 - struct nlattr *nest;
4032 -
4033 -- if (!f)
4034 -+ if (!head)
4035 - return skb->len;
4036 -
4037 -- t->tcm_handle = f->handle;
4038 -+ t->tcm_handle = head->handle;
4039 -
4040 - nest = nla_nest_start(skb, TCA_OPTIONS);
4041 - if (!nest)
4042 - goto nla_put_failure;
4043 -
4044 -- if (f->res.classid &&
4045 -- nla_put_u32(skb, TCA_MATCHALL_CLASSID, f->res.classid))
4046 -+ if (head->res.classid &&
4047 -+ nla_put_u32(skb, TCA_MATCHALL_CLASSID, head->res.classid))
4048 - goto nla_put_failure;
4049 -
4050 -- if (tcf_exts_dump(skb, &f->exts))
4051 -+ if (tcf_exts_dump(skb, &head->exts))
4052 - goto nla_put_failure;
4053 -
4054 - nla_nest_end(skb, nest);
4055 -
4056 -- if (tcf_exts_dump_stats(skb, &f->exts) < 0)
4057 -+ if (tcf_exts_dump_stats(skb, &head->exts) < 0)
4058 - goto nla_put_failure;
4059 -
4060 - return skb->len;
4061 -diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
4062 -index 176af30..6a2532d 100644
4063 ---- a/net/sctp/ipv6.c
4064 -+++ b/net/sctp/ipv6.c
4065 -@@ -222,7 +222,8 @@ static int sctp_v6_xmit(struct sk_buff *skb, struct sctp_transport *transport)
4066 - SCTP_INC_STATS(sock_net(sk), SCTP_MIB_OUTSCTPPACKS);
4067 -
4068 - rcu_read_lock();
4069 -- res = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt), np->tclass);
4070 -+ res = ip6_xmit(sk, skb, fl6, sk->sk_mark, rcu_dereference(np->opt),
4071 -+ np->tclass);
4072 - rcu_read_unlock();
4073 - return res;
4074 - }
4075 -diff --git a/net/sctp/socket.c b/net/sctp/socket.c
4076 -index ca12aa3..6cbe5bd 100644
4077 ---- a/net/sctp/socket.c
4078 -+++ b/net/sctp/socket.c
4079 -@@ -7427,7 +7427,8 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
4080 - */
4081 - release_sock(sk);
4082 - current_timeo = schedule_timeout(current_timeo);
4083 -- BUG_ON(sk != asoc->base.sk);
4084 -+ if (sk != asoc->base.sk)
4085 -+ goto do_error;
4086 - lock_sock(sk);
4087 -
4088 - *timeo_p = current_timeo;
4089
4090 diff --git a/4.9.11/0000_README b/4.9.12/0000_README
4091 similarity index 89%
4092 rename from 4.9.11/0000_README
4093 rename to 4.9.12/0000_README
4094 index 27a4c3e..fde5541 100644
4095 --- a/4.9.11/0000_README
4096 +++ b/4.9.12/0000_README
4097 @@ -2,15 +2,7 @@ README
4098 -----------------------------------------------------------------------------
4099 Individual Patch Descriptions:
4100 -----------------------------------------------------------------------------
4101 -Patch: 1009_linux-4.9.10.patch
4102 -From: http://www.kernel.org
4103 -Desc: Linux 4.9.10
4104 -
4105 -Patch: 1010_linux-4.9.11.patch
4106 -From: http://www.kernel.org
4107 -Desc: Linux 4.9.11
4108 -
4109 -Patch: 4420_grsecurity-3.1-4.9.11-201702181444.patch
4110 +Patch: 4420_grsecurity-3.1-4.9.12-201702231830.patch
4111 From: http://www.grsecurity.net
4112 Desc: hardened-sources base patch from upstream grsecurity
4113
4114
4115 diff --git a/4.9.11/4420_grsecurity-3.1-4.9.11-201702181444.patch b/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch
4116 similarity index 99%
4117 rename from 4.9.11/4420_grsecurity-3.1-4.9.11-201702181444.patch
4118 rename to 4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch
4119 index 91575ee..ce908bf 100644
4120 --- a/4.9.11/4420_grsecurity-3.1-4.9.11-201702181444.patch
4121 +++ b/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch
4122 @@ -419,7 +419,7 @@ index 3d0ae15..84e5412 100644
4123 cmd_syscalls = $(CONFIG_SHELL) $< $(CC) $(c_flags) $(missing_syscalls_flags)
4124
4125 diff --git a/Makefile b/Makefile
4126 -index 18b0c5a..54a9fea 100644
4127 +index 3cd6f6f..43e4233 100644
4128 --- a/Makefile
4129 +++ b/Makefile
4130 @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
4131 @@ -26426,7 +26426,7 @@ index 17f2186..f394307 100644
4132
4133 /*
4134 diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
4135 -index 83db0ea..137bc2c 100644
4136 +index 83db0ea..0ad5d22 100644
4137 --- a/arch/x86/include/asm/processor.h
4138 +++ b/arch/x86/include/asm/processor.h
4139 @@ -136,7 +136,7 @@ struct cpuinfo_x86 {
4140 @@ -26447,18 +26447,10 @@ index 83db0ea..137bc2c 100644
4141 #define cpu_data(cpu) per_cpu(cpu_info, cpu)
4142 #else
4143 #define cpu_info boot_cpu_data
4144 -@@ -206,9 +206,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
4145 +@@ -206,9 +206,13 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
4146 : "memory");
4147 }
4148
4149 -+/* invpcid (%rdx),%rax */
4150 -+#define __ASM_INVPCID ".byte 0x66,0x0f,0x38,0x82,0x02"
4151 -+
4152 -+#define INVPCID_SINGLE_ADDRESS 0UL
4153 -+#define INVPCID_SINGLE_CONTEXT 1UL
4154 -+#define INVPCID_ALL_GLOBAL 2UL
4155 -+#define INVPCID_ALL_NONGLOBAL 3UL
4156 -+
4157 +#define PCID_KERNEL 0UL
4158 +#define PCID_USER 1UL
4159 +#define PCID_NOFLUSH (1UL << 63)
4160 @@ -26470,7 +26462,7 @@ index 83db0ea..137bc2c 100644
4161 }
4162
4163 #ifdef CONFIG_X86_32
4164 -@@ -308,11 +320,9 @@ struct tss_struct {
4165 +@@ -308,11 +312,9 @@ struct tss_struct {
4166
4167 } ____cacheline_aligned;
4168
4169 @@ -26483,7 +26475,7 @@ index 83db0ea..137bc2c 100644
4170
4171 /*
4172 * Save the original ist values for checking stack pointers during debugging
4173 -@@ -341,6 +351,7 @@ DECLARE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __visible;
4174 +@@ -341,6 +343,7 @@ DECLARE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __visible;
4175 DECLARE_INIT_PER_CPU(irq_stack_union);
4176
4177 DECLARE_PER_CPU(char *, irq_stack_ptr);
4178 @@ -26491,7 +26483,7 @@ index 83db0ea..137bc2c 100644
4179 DECLARE_PER_CPU(unsigned int, irq_count);
4180 extern asmlinkage void ignore_sysret(void);
4181 #else /* X86_64 */
4182 -@@ -389,6 +400,7 @@ struct thread_struct {
4183 +@@ -389,6 +392,7 @@ struct thread_struct {
4184 unsigned short ds;
4185 unsigned short fsindex;
4186 unsigned short gsindex;
4187 @@ -26499,7 +26491,7 @@ index 83db0ea..137bc2c 100644
4188 #endif
4189
4190 u32 status; /* thread synchronous flags */
4191 -@@ -405,6 +417,9 @@ struct thread_struct {
4192 +@@ -405,6 +409,9 @@ struct thread_struct {
4193 unsigned long gs;
4194 #endif
4195
4196 @@ -26509,7 +26501,7 @@ index 83db0ea..137bc2c 100644
4197 /* Save middle states of ptrace breakpoints */
4198 struct perf_event *ptrace_bps[HBP_NUM];
4199 /* Debug status used for traps, single steps, etc... */
4200 -@@ -426,17 +441,11 @@ struct thread_struct {
4201 +@@ -426,17 +433,11 @@ struct thread_struct {
4202 unsigned io_bitmap_max;
4203
4204 mm_segment_t addr_limit;
4205 @@ -26529,7 +26521,7 @@ index 83db0ea..137bc2c 100644
4206
4207 /*
4208 * Thread-synchronous status.
4209 -@@ -488,12 +497,8 @@ static inline void native_swapgs(void)
4210 +@@ -488,12 +489,8 @@ static inline void native_swapgs(void)
4211
4212 static inline unsigned long current_top_of_stack(void)
4213 {
4214 @@ -26542,7 +26534,7 @@ index 83db0ea..137bc2c 100644
4215 }
4216
4217 #ifdef CONFIG_PARAVIRT
4218 -@@ -718,20 +723,30 @@ static inline void spin_lock_prefetch(const void *x)
4219 +@@ -718,20 +715,30 @@ static inline void spin_lock_prefetch(const void *x)
4220 #define TOP_OF_INIT_STACK ((unsigned long)&init_stack + sizeof(init_stack) - \
4221 TOP_OF_KERNEL_STACK_PADDING)
4222
4223 @@ -26574,7 +26566,7 @@ index 83db0ea..137bc2c 100644
4224 }
4225
4226 /*
4227 -@@ -744,12 +759,7 @@ static inline void spin_lock_prefetch(const void *x)
4228 +@@ -744,12 +751,7 @@ static inline void spin_lock_prefetch(const void *x)
4229 * "struct pt_regs" is possible, but they may contain the
4230 * completely wrong values.
4231 */
4232 @@ -26588,7 +26580,7 @@ index 83db0ea..137bc2c 100644
4233
4234 #define KSTK_ESP(task) (task_pt_regs(task)->sp)
4235
4236 -@@ -763,13 +773,13 @@ static inline void spin_lock_prefetch(const void *x)
4237 +@@ -763,13 +765,13 @@ static inline void spin_lock_prefetch(const void *x)
4238 * particular problem by preventing anything from being mapped
4239 * at the maximum canonical address.
4240 */
4241 @@ -26604,7 +26596,7 @@ index 83db0ea..137bc2c 100644
4242
4243 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
4244 IA32_PAGE_OFFSET : TASK_SIZE_MAX)
4245 -@@ -782,6 +792,7 @@ static inline void spin_lock_prefetch(const void *x)
4246 +@@ -782,6 +784,7 @@ static inline void spin_lock_prefetch(const void *x)
4247 #define INIT_THREAD { \
4248 .sp0 = TOP_OF_INIT_STACK, \
4249 .addr_limit = KERNEL_DS, \
4250 @@ -26612,7 +26604,7 @@ index 83db0ea..137bc2c 100644
4251 }
4252
4253 #define task_pt_regs(tsk) ((struct pt_regs *)(tsk)->thread.sp0 - 1)
4254 -@@ -800,6 +811,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
4255 +@@ -800,6 +803,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
4256 */
4257 #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
4258
4259 @@ -26623,7 +26615,7 @@ index 83db0ea..137bc2c 100644
4260 #define KSTK_EIP(task) (task_pt_regs(task)->ip)
4261
4262 /* Get/set a process' ability to use the timestamp counter instruction */
4263 -@@ -845,7 +860,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
4264 +@@ -845,7 +852,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
4265 return 0;
4266 }
4267
4268 @@ -26632,7 +26624,7 @@ index 83db0ea..137bc2c 100644
4269 extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
4270
4271 void default_idle(void);
4272 -@@ -855,6 +870,6 @@ bool xen_set_default_idle(void);
4273 +@@ -855,6 +862,6 @@ bool xen_set_default_idle(void);
4274 #define xen_set_default_idle 0
4275 #endif
4276
4277 @@ -27484,7 +27476,7 @@ index ad6f5eb0..1b4909d 100644
4278
4279 #ifdef CONFIG_COMPAT
4280 diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
4281 -index 6fa8594..30950f3 100644
4282 +index 6fa8594..c5b8ce1 100644
4283 --- a/arch/x86/include/asm/tlbflush.h
4284 +++ b/arch/x86/include/asm/tlbflush.h
4285 @@ -89,7 +89,9 @@ static inline void cr4_set_bits(unsigned long mask)
4286 @@ -27515,15 +27507,12 @@ index 6fa8594..30950f3 100644
4287 return this_cpu_read(cpu_tlbstate.cr4);
4288 }
4289
4290 -@@ -135,6 +140,25 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
4291 +@@ -135,6 +140,22 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
4292
4293 static inline void __native_flush_tlb(void)
4294 {
4295 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
4296 -+ u64 descriptor[2];
4297 -+
4298 -+ descriptor[0] = PCID_KERNEL;
4299 -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_NONGLOBAL) : "memory");
4300 ++ invpcid_flush_all_nonglobals();
4301 + return;
4302 + }
4303 +
4304 @@ -27541,58 +27530,35 @@ index 6fa8594..30950f3 100644
4305 /*
4306 * If current->mm == NULL then we borrow a mm which may change during a
4307 * task switch and therefore we must not be preempted while we write CR3
4308 -@@ -147,13 +171,21 @@ static inline void __native_flush_tlb(void)
4309 -
4310 - static inline void __native_flush_tlb_global_irq_disabled(void)
4311 - {
4312 -- unsigned long cr4;
4313 -+ if (static_cpu_has(X86_FEATURE_INVPCID)) {
4314 -+ u64 descriptor[2];
4315 -
4316 -- cr4 = this_cpu_read(cpu_tlbstate.cr4);
4317 -- /* clear PGE */
4318 -- native_write_cr4(cr4 & ~X86_CR4_PGE);
4319 -- /* write old PGE again and flush TLBs */
4320 -- native_write_cr4(cr4);
4321 -+ descriptor[0] = PCID_KERNEL;
4322 -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_GLOBAL) : "memory");
4323 -+ } else {
4324 -+ unsigned long cr4;
4325 -+
4326 -+ cr4 = this_cpu_read(cpu_tlbstate.cr4);
4327 -+ BUG_ON(cr4 != __read_cr4());
4328 -+ /* clear PGE */
4329 -+ native_write_cr4(cr4 & ~X86_CR4_PGE);
4330 -+ /* write old PGE again and flush TLBs */
4331 -+ native_write_cr4(cr4);
4332 -+ }
4333 - }
4334 +@@ -150,6 +171,7 @@ static inline void __native_flush_tlb_global_irq_disabled(void)
4335 + unsigned long cr4;
4336
4337 - static inline void __native_flush_tlb_global(void)
4338 -@@ -183,6 +215,43 @@ static inline void __native_flush_tlb_global(void)
4339 + cr4 = this_cpu_read(cpu_tlbstate.cr4);
4340 ++ BUG_ON(cr4 != __read_cr4());
4341 + /* clear PGE */
4342 + native_write_cr4(cr4 & ~X86_CR4_PGE);
4343 + /* write old PGE again and flush TLBs */
4344 +@@ -183,6 +205,40 @@ static inline void __native_flush_tlb_global(void)
4345
4346 static inline void __native_flush_tlb_single(unsigned long addr)
4347 {
4348 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
4349 -+ u64 descriptor[2];
4350 -+
4351 -+ descriptor[0] = PCID_KERNEL;
4352 -+ descriptor[1] = addr;
4353 ++ unsigned long pcid = PCID_KERNEL;
4354 +
4355 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
4356 + if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
4357 + if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) {
4358 + if (addr < TASK_SIZE_MAX)
4359 -+ descriptor[1] += pax_user_shadow_base;
4360 -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
4361 ++ invpcid_flush_one(pcid, addr + pax_user_shadow_base);
4362 ++ else
4363 ++ invpcid_flush_one(pcid, addr);
4364 + }
4365 +
4366 -+ descriptor[0] = PCID_USER;
4367 -+ descriptor[1] = addr;
4368 ++ pcid = PCID_USER;
4369 + }
4370 +#endif
4371 +
4372 -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
4373 ++ invpcid_flush_one(pcid, addr);
4374 + return;
4375 + }
4376 +
4377 @@ -28723,7 +28689,7 @@ index 4858733..3353d988 100644
4378 #endif
4379 initial_code = (unsigned long)wakeup_long64;
4380 diff --git a/arch/x86/kernel/acpi/wakeup_32.S b/arch/x86/kernel/acpi/wakeup_32.S
4381 -index 0c26b1b..dcc0a4f 100644
4382 +index 0c26b1b..dfa105a 100644
4383 --- a/arch/x86/kernel/acpi/wakeup_32.S
4384 +++ b/arch/x86/kernel/acpi/wakeup_32.S
4385 @@ -2,6 +2,7 @@
4386 @@ -28734,7 +28700,16 @@ index 0c26b1b..dcc0a4f 100644
4387
4388 # Copyright 2003, 2008 Pavel Machek <pavel@××××.cz>, distribute under GPLv2
4389
4390 -@@ -31,13 +32,11 @@ wakeup_pmode_return:
4391 +@@ -14,8 +15,6 @@ wakeup_pmode_return:
4392 + movw %ax, %ss
4393 + movw %ax, %fs
4394 + movw %ax, %gs
4395 +-
4396 +- movw $__USER_DS, %ax
4397 + movw %ax, %ds
4398 + movw %ax, %es
4399 +
4400 +@@ -31,13 +30,11 @@ wakeup_pmode_return:
4401 # and restore the stack ... but you need gdt for this to work
4402 movl saved_context_esp, %esp
4403
4404 @@ -28750,7 +28725,7 @@ index 0c26b1b..dcc0a4f 100644
4405
4406 bogus_magic:
4407 jmp bogus_magic
4408 -@@ -59,7 +58,7 @@ save_registers:
4409 +@@ -59,7 +56,7 @@ save_registers:
4410 popl saved_context_eflags
4411
4412 movl $ret_point, saved_eip
4413 @@ -28759,7 +28734,7 @@ index 0c26b1b..dcc0a4f 100644
4414
4415
4416 restore_registers:
4417 -@@ -69,13 +68,14 @@ restore_registers:
4418 +@@ -69,13 +66,14 @@ restore_registers:
4419 movl saved_context_edi, %edi
4420 pushl saved_context_eflags
4421 popfl
4422 @@ -28778,7 +28753,7 @@ index 0c26b1b..dcc0a4f 100644
4423 addl $4, %esp
4424
4425 # In case of S3 failure, we'll emerge here. Jump
4426 -@@ -83,9 +83,9 @@ ENTRY(do_suspend_lowlevel)
4427 +@@ -83,9 +81,9 @@ ENTRY(do_suspend_lowlevel)
4428 jmp ret_point
4429 .p2align 4,,7
4430 ret_point:
4431 @@ -42699,7 +42674,7 @@ index f65a33f..f408a99 100644
4432 }
4433
4434 diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
4435 -index a7655f6..895549a 100644
4436 +index a7655f6..0cab8dd 100644
4437 --- a/arch/x86/mm/tlb.c
4438 +++ b/arch/x86/mm/tlb.c
4439 @@ -47,7 +47,11 @@ void leave_mm(int cpu)
4440 @@ -42714,7 +42689,7 @@ index a7655f6..895549a 100644
4441 /*
4442 * This gets called in the idle path where RCU
4443 * functions differently. Tracing normally
4444 -@@ -61,6 +65,51 @@ EXPORT_SYMBOL_GPL(leave_mm);
4445 +@@ -61,6 +65,47 @@ EXPORT_SYMBOL_GPL(leave_mm);
4446
4447 #endif /* CONFIG_SMP */
4448
4449 @@ -42741,13 +42716,9 @@ index a7655f6..895549a 100644
4450 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
4451 + if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
4452 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
4453 -+ u64 descriptor[2];
4454 -+ descriptor[0] = PCID_USER;
4455 -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
4456 -+ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) {
4457 -+ descriptor[0] = PCID_KERNEL;
4458 -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
4459 -+ }
4460 ++ invpcid_flush_single_context(PCID_USER);
4461 ++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF))
4462 ++ invpcid_flush_single_context(PCID_KERNEL);
4463 + } else {
4464 + write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
4465 + if (static_cpu_has(X86_FEATURE_STRONGUDEREF))
4466 @@ -42766,7 +42737,7 @@ index a7655f6..895549a 100644
4467 void switch_mm(struct mm_struct *prev, struct mm_struct *next,
4468 struct task_struct *tsk)
4469 {
4470 -@@ -75,6 +124,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4471 +@@ -75,6 +120,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4472 struct task_struct *tsk)
4473 {
4474 unsigned cpu = smp_processor_id();
4475 @@ -42776,7 +42747,7 @@ index a7655f6..895549a 100644
4476
4477 if (likely(prev != next)) {
4478 if (IS_ENABLED(CONFIG_VMAP_STACK)) {
4479 -@@ -89,9 +141,14 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4480 +@@ -89,9 +137,14 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4481
4482 if (unlikely(pgd_none(*pgd)))
4483 set_pgd(pgd, init_mm.pgd[stack_pgd_index]);
4484 @@ -42791,7 +42762,7 @@ index a7655f6..895549a 100644
4485 this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
4486 this_cpu_write(cpu_tlbstate.active_mm, next);
4487 #endif
4488 -@@ -111,7 +168,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4489 +@@ -111,7 +164,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4490 * We need to prevent an outcome in which CPU 1 observes
4491 * the new PTE value and CPU 0 observes bit 1 clear in
4492 * mm_cpumask. (If that occurs, then the IPI will never
4493 @@ -42800,7 +42771,7 @@ index a7655f6..895549a 100644
4494 *
4495 * The bad outcome can occur if either CPU's load is
4496 * reordered before that CPU's store, so both CPUs must
4497 -@@ -126,7 +183,11 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4498 +@@ -126,7 +179,11 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4499 * ordering guarantee we need.
4500 *
4501 */
4502 @@ -42812,7 +42783,7 @@ index a7655f6..895549a 100644
4503
4504 trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
4505
4506 -@@ -152,9 +213,31 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4507 +@@ -152,9 +209,31 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4508 if (unlikely(prev->context.ldt != next->context.ldt))
4509 load_mm_ldt(next);
4510 #endif
4511 @@ -42845,7 +42816,7 @@ index a7655f6..895549a 100644
4512 this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
4513 BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
4514
4515 -@@ -175,13 +258,30 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4516 +@@ -175,13 +254,30 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next,
4517 * As above, load_cr3() is serializing and orders TLB
4518 * fills with respect to the mm_cpumask write.
4519 */
4520 @@ -45142,10 +45113,18 @@ index eff224d..ab792d2 100644
4521 + pax_ret check_events
4522 ENDPROC(check_events)
4523 diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S
4524 -index feb6d40..c8fd8e7 100644
4525 +index feb6d40..4292c19 100644
4526 --- a/arch/x86/xen/xen-asm_32.S
4527 +++ b/arch/x86/xen/xen-asm_32.S
4528 -@@ -28,7 +28,7 @@ check_events:
4529 +@@ -15,6 +15,7 @@
4530 + #include <asm/processor-flags.h>
4531 + #include <asm/segment.h>
4532 + #include <asm/asm.h>
4533 ++#include <asm/alternative-asm.h>
4534 +
4535 + #include <xen/interface/xen.h>
4536 +
4537 +@@ -28,7 +29,7 @@ check_events:
4538 push %eax
4539 push %ecx
4540 push %edx
4541 @@ -45154,7 +45133,7 @@ index feb6d40..c8fd8e7 100644
4542 pop %edx
4543 pop %ecx
4544 pop %eax
4545 -@@ -85,7 +85,7 @@ ENTRY(xen_iret)
4546 +@@ -85,7 +86,7 @@ ENTRY(xen_iret)
4547 pushw %fs
4548 movl $(__KERNEL_PERCPU), %eax
4549 movl %eax, %fs
4550 @@ -45204,7 +45183,7 @@ index 7f8d8ab..3032b77 100644
4551 #endif /* CONFIG_XEN_PVH */
4552
4553 diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
4554 -index 3cbce3b..f1221bc 100644
4555 +index 3cbce3b..c58120b 100644
4556 --- a/arch/x86/xen/xen-ops.h
4557 +++ b/arch/x86/xen/xen-ops.h
4558 @@ -16,8 +16,6 @@ void xen_syscall_target(void);
4559 @@ -45216,6 +45195,19 @@ index 3cbce3b..f1221bc 100644
4560 struct trap_info;
4561 void xen_copy_trap_info(struct trap_info *traps);
4562
4563 +@@ -133,9 +131,9 @@ static inline void __init xen_efi_init(void)
4564 + extern char name##_end[] __visible; \
4565 + extern char name##_reloc[] __visible
4566 +
4567 +-DECL_ASM(void, xen_irq_enable_direct, void);
4568 +-DECL_ASM(void, xen_irq_disable_direct, void);
4569 +-DECL_ASM(unsigned long, xen_save_fl_direct, void);
4570 ++DECL_ASM(asmlinkage void, xen_irq_enable_direct, void);
4571 ++DECL_ASM(asmlinkage void, xen_irq_disable_direct, void);
4572 ++DECL_ASM(asmlinkage unsigned long, xen_save_fl_direct, void);
4573 + DECL_ASM(void, xen_restore_fl_direct, unsigned long);
4574 +
4575 + /* These are not functions, and cannot be called normally */
4576 diff --git a/arch/xtensa/variants/dc232b/include/variant/core.h b/arch/xtensa/variants/dc232b/include/variant/core.h
4577 index 525bd3d..ef888b1 100644
4578 --- a/arch/xtensa/variants/dc232b/include/variant/core.h
4579 @@ -60577,7 +60569,7 @@ index ca4abe1..0b029ef 100644
4580 }
4581
4582 diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h
4583 -index 6b420a5..d5acb8f 100644
4584 +index c3ea03c..7412315 100644
4585 --- a/drivers/md/bcache/bcache.h
4586 +++ b/drivers/md/bcache/bcache.h
4587 @@ -433,12 +433,12 @@ struct cache {
4588 @@ -60599,7 +60591,7 @@ index 6b420a5..d5acb8f 100644
4589
4590 struct gc_stat {
4591 diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
4592 -index 81d3db4..46e8b68 100644
4593 +index 2efdce0..e30d873 100644
4594 --- a/drivers/md/bcache/btree.c
4595 +++ b/drivers/md/bcache/btree.c
4596 @@ -336,15 +336,17 @@ static void btree_complete_write(struct btree *b, struct btree_write *w)
4597 @@ -60863,7 +60855,7 @@ index 5c4bdde..99659fe 100644
4598 struct bio *bio = &io->bio.bio;
4599
4600 diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
4601 -index 40ffe5e..6757bd6 100644
4602 +index a37c177..a4dfbfc 100644
4603 --- a/drivers/md/bcache/request.c
4604 +++ b/drivers/md/bcache/request.c
4605 @@ -24,7 +24,7 @@
4606 @@ -60917,7 +60909,7 @@ index 40ffe5e..6757bd6 100644
4607 struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
4608 struct bio *bio = op->bio, *n;
4609
4610 -@@ -313,8 +316,9 @@ static void bch_data_insert_start(struct closure *cl)
4611 +@@ -311,8 +314,9 @@ static void bch_data_insert_start(struct closure *cl)
4612 * If s->bypass is true, instead of inserting the data it invalidates the
4613 * region of the cache represented by s->cache_bio and op->inode.
4614 */
4615 @@ -60928,7 +60920,7 @@ index 40ffe5e..6757bd6 100644
4616 struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
4617
4618 trace_bcache_write(op->c, op->inode, op->bio,
4619 -@@ -322,7 +326,7 @@ void bch_data_insert(struct closure *cl)
4620 +@@ -320,7 +324,7 @@ void bch_data_insert(struct closure *cl)
4621
4622 bch_keylist_init(&op->insert_keys);
4623 bio_get(op->bio);
4624 @@ -60937,7 +60929,7 @@ index 40ffe5e..6757bd6 100644
4625 }
4626
4627 /* Congested? */
4628 -@@ -570,8 +574,9 @@ static int cache_lookup_fn(struct btree_op *op, struct btree *b, struct bkey *k)
4629 +@@ -568,8 +572,9 @@ static int cache_lookup_fn(struct btree_op *op, struct btree *b, struct bkey *k)
4630 return n == bio ? MAP_DONE : MAP_CONTINUE;
4631 }
4632
4633 @@ -60948,7 +60940,7 @@ index 40ffe5e..6757bd6 100644
4634 struct search *s = container_of(cl, struct search, iop.cl);
4635 struct bio *bio = &s->bio.bio;
4636 int ret;
4637 -@@ -631,8 +636,9 @@ static void do_bio_hook(struct search *s, struct bio *orig_bio)
4638 +@@ -629,8 +634,9 @@ static void do_bio_hook(struct search *s, struct bio *orig_bio)
4639 bio_cnt_set(bio, 3);
4640 }
4641
4642 @@ -60959,7 +60951,7 @@ index 40ffe5e..6757bd6 100644
4643 struct search *s = container_of(cl, struct search, cl);
4644 bio_complete(s);
4645
4646 -@@ -676,19 +682,21 @@ static inline struct search *search_alloc(struct bio *bio,
4647 +@@ -674,19 +680,21 @@ static inline struct search *search_alloc(struct bio *bio,
4648
4649 /* Cached devices */
4650
4651 @@ -60984,7 +60976,7 @@ index 40ffe5e..6757bd6 100644
4652 struct search *s = container_of(cl, struct search, cl);
4653
4654 if (s->iop.replace_collision)
4655 -@@ -697,11 +705,12 @@ static void cached_dev_cache_miss_done(struct closure *cl)
4656 +@@ -695,11 +703,12 @@ static void cached_dev_cache_miss_done(struct closure *cl)
4657 if (s->iop.bio)
4658 bio_free_pages(s->iop.bio);
4659
4660 @@ -60999,7 +60991,7 @@ index 40ffe5e..6757bd6 100644
4661 struct search *s = container_of(cl, struct search, cl);
4662 struct bio *bio = &s->bio.bio;
4663
4664 -@@ -720,8 +729,9 @@ static void cached_dev_read_error(struct closure *cl)
4665 +@@ -718,8 +727,9 @@ static void cached_dev_read_error(struct closure *cl)
4666 continue_at(cl, cached_dev_cache_miss_done, NULL);
4667 }
4668
4669 @@ -61010,7 +61002,7 @@ index 40ffe5e..6757bd6 100644
4670 struct search *s = container_of(cl, struct search, cl);
4671 struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
4672
4673 -@@ -760,8 +770,9 @@ static void cached_dev_read_done(struct closure *cl)
4674 +@@ -758,8 +768,9 @@ static void cached_dev_read_done(struct closure *cl)
4675 continue_at(cl, cached_dev_cache_miss_done, NULL);
4676 }
4677
4678 @@ -61021,7 +61013,7 @@ index 40ffe5e..6757bd6 100644
4679 struct search *s = container_of(cl, struct search, cl);
4680 struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
4681
4682 -@@ -859,13 +870,14 @@ static void cached_dev_read(struct cached_dev *dc, struct search *s)
4683 +@@ -857,13 +868,14 @@ static void cached_dev_read(struct cached_dev *dc, struct search *s)
4684
4685 /* Process writes */
4686
4687 @@ -61038,7 +61030,7 @@ index 40ffe5e..6757bd6 100644
4688 }
4689
4690 static void cached_dev_write(struct cached_dev *dc, struct search *s)
4691 -@@ -937,8 +949,9 @@ static void cached_dev_write(struct cached_dev *dc, struct search *s)
4692 +@@ -935,8 +947,9 @@ static void cached_dev_write(struct cached_dev *dc, struct search *s)
4693 continue_at(cl, cached_dev_write_complete, NULL);
4694 }
4695
4696 @@ -61049,7 +61041,7 @@ index 40ffe5e..6757bd6 100644
4697 struct search *s = container_of(cl, struct search, cl);
4698 struct bio *bio = &s->bio.bio;
4699
4700 -@@ -1058,8 +1071,9 @@ static int flash_dev_cache_miss(struct btree *b, struct search *s,
4701 +@@ -1056,8 +1069,9 @@ static int flash_dev_cache_miss(struct btree *b, struct search *s,
4702 return MAP_CONTINUE;
4703 }
4704
4705 @@ -61187,7 +61179,7 @@ index adbff14..018c2d2 100644
4706 struct cache_stat_collector collector;
4707
4708 diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
4709 -index 849ad44..a9e695e 100644
4710 +index 66669c8..3296d7e 100644
4711 --- a/drivers/md/bcache/super.c
4712 +++ b/drivers/md/bcache/super.c
4713 @@ -240,8 +240,9 @@ static void __write_super(struct cache_sb *sb, struct bio *bio)
4714 @@ -79806,10 +79798,10 @@ index cf04a36..54dd630 100644
4715 !(SDEBUG_OPT_NO_CDB_NOISE & sdebug_opts))) {
4716 char b[120];
4717 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
4718 -index 2cca9cf..cbe4c6d 100644
4719 +index e64eae4..465011a 100644
4720 --- a/drivers/scsi/scsi_lib.c
4721 +++ b/drivers/scsi/scsi_lib.c
4722 -@@ -1513,7 +1513,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
4723 +@@ -1514,7 +1514,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
4724 shost = sdev->host;
4725 scsi_init_cmd_errh(cmd);
4726 cmd->result = DID_NO_CONNECT << 16;
4727 @@ -79818,7 +79810,7 @@ index 2cca9cf..cbe4c6d 100644
4728
4729 /*
4730 * SCSI request completion path will do scsi_device_unbusy(),
4731 -@@ -1536,9 +1536,9 @@ static void scsi_softirq_done(struct request *rq)
4732 +@@ -1537,9 +1537,9 @@ static void scsi_softirq_done(struct request *rq)
4733
4734 INIT_LIST_HEAD(&cmd->eh_entry);
4735
4736 @@ -79830,7 +79822,7 @@ index 2cca9cf..cbe4c6d 100644
4737
4738 disposition = scsi_decide_disposition(cmd);
4739 if (disposition != SUCCESS &&
4740 -@@ -1579,7 +1579,7 @@ static int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
4741 +@@ -1580,7 +1580,7 @@ static int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
4742 struct Scsi_Host *host = cmd->device->host;
4743 int rtn = 0;
4744
4745 @@ -80008,7 +80000,7 @@ index 51e5629..caef5f7 100644
4746 if (!sdp->request_queue->rq_timeout) {
4747 if (sdp->type != TYPE_MOD)
4748 diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
4749 -index dbe5b4b..1242bc3 100644
4750 +index 121de0a..f2ba1bb 100644
4751 --- a/drivers/scsi/sg.c
4752 +++ b/drivers/scsi/sg.c
4753 @@ -1083,7 +1083,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
4754 @@ -123707,7 +123699,7 @@ index 368bfb9..5b43f37 100644
4755 {
4756 const struct seq_operations *op = ((struct seq_file *)file->private_data)->op;
4757 diff --git a/fs/splice.c b/fs/splice.c
4758 -index 63b8f54..8292069 100644
4759 +index 8dd79ec..0a56b1a 100644
4760 --- a/fs/splice.c
4761 +++ b/fs/splice.c
4762 @@ -188,7 +188,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
4763 @@ -123719,7 +123711,7 @@ index 63b8f54..8292069 100644
4764 send_sig(SIGPIPE, current, 0);
4765 ret = -EPIPE;
4766 goto out;
4767 -@@ -227,7 +227,7 @@ ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
4768 +@@ -228,7 +228,7 @@ ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
4769 {
4770 int ret;
4771
4772 @@ -123728,7 +123720,7 @@ index 63b8f54..8292069 100644
4773 send_sig(SIGPIPE, current, 0);
4774 ret = -EPIPE;
4775 } else if (pipe->nrbufs == pipe->buffers) {
4776 -@@ -359,7 +359,7 @@ static ssize_t kernel_readv(struct file *file, const struct kvec *vec,
4777 +@@ -360,7 +360,7 @@ static ssize_t kernel_readv(struct file *file, const struct kvec *vec,
4778 old_fs = get_fs();
4779 set_fs(get_ds());
4780 /* The cast to a user pointer is valid due to the set_fs() */
4781 @@ -123737,7 +123729,7 @@ index 63b8f54..8292069 100644
4782 set_fs(old_fs);
4783
4784 return res;
4785 -@@ -374,7 +374,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count,
4786 +@@ -375,7 +375,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count,
4787 old_fs = get_fs();
4788 set_fs(get_ds());
4789 /* The cast to a user pointer is valid due to the set_fs() */
4790 @@ -123746,7 +123738,7 @@ index 63b8f54..8292069 100644
4791 set_fs(old_fs);
4792
4793 return res;
4794 -@@ -533,7 +533,7 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des
4795 +@@ -534,7 +534,7 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des
4796 pipe_buf_release(pipe, buf);
4797 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
4798 pipe->nrbufs--;
4799 @@ -123755,7 +123747,7 @@ index 63b8f54..8292069 100644
4800 sd->need_wakeup = true;
4801 }
4802
4803 -@@ -564,10 +564,10 @@ static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_des
4804 +@@ -565,10 +565,10 @@ static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_des
4805 return -ERESTARTSYS;
4806
4807 while (!pipe->nrbufs) {
4808 @@ -123768,7 +123760,7 @@ index 63b8f54..8292069 100644
4809 return 0;
4810
4811 if (sd->flags & SPLICE_F_NONBLOCK)
4812 -@@ -781,7 +781,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
4813 +@@ -782,7 +782,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
4814 pipe_buf_release(pipe, buf);
4815 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
4816 pipe->nrbufs--;
4817 @@ -123777,7 +123769,7 @@ index 63b8f54..8292069 100644
4818 sd.need_wakeup = true;
4819 } else {
4820 buf->offset += ret;
4821 -@@ -944,7 +944,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
4822 +@@ -945,7 +945,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
4823 * out of the pipe right after the splice_to_pipe(). So set
4824 * PIPE_READERS appropriately.
4825 */
4826 @@ -123786,7 +123778,7 @@ index 63b8f54..8292069 100644
4827
4828 current->splice_pipe = pipe;
4829 }
4830 -@@ -1087,7 +1087,7 @@ EXPORT_SYMBOL(do_splice_direct);
4831 +@@ -1088,7 +1088,7 @@ EXPORT_SYMBOL(do_splice_direct);
4832 static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
4833 {
4834 for (;;) {
4835 @@ -123795,7 +123787,7 @@ index 63b8f54..8292069 100644
4836 send_sig(SIGPIPE, current, 0);
4837 return -EPIPE;
4838 }
4839 -@@ -1097,9 +1097,9 @@ static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
4840 +@@ -1098,9 +1098,9 @@ static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
4841 return -EAGAIN;
4842 if (signal_pending(current))
4843 return -ERESTARTSYS;
4844 @@ -123807,7 +123799,7 @@ index 63b8f54..8292069 100644
4845 }
4846 }
4847
4848 -@@ -1446,9 +1446,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
4849 +@@ -1447,9 +1447,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
4850 ret = -ERESTARTSYS;
4851 break;
4852 }
4853 @@ -123819,7 +123811,7 @@ index 63b8f54..8292069 100644
4854 if (flags & SPLICE_F_NONBLOCK) {
4855 ret = -EAGAIN;
4856 break;
4857 -@@ -1480,7 +1480,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
4858 +@@ -1481,7 +1481,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
4859 pipe_lock(pipe);
4860
4861 while (pipe->nrbufs >= pipe->buffers) {
4862 @@ -123828,7 +123820,7 @@ index 63b8f54..8292069 100644
4863 send_sig(SIGPIPE, current, 0);
4864 ret = -EPIPE;
4865 break;
4866 -@@ -1493,9 +1493,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
4867 +@@ -1494,9 +1494,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
4868 ret = -ERESTARTSYS;
4869 break;
4870 }
4871 @@ -123840,7 +123832,7 @@ index 63b8f54..8292069 100644
4872 }
4873
4874 pipe_unlock(pipe);
4875 -@@ -1531,14 +1531,14 @@ static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
4876 +@@ -1532,14 +1532,14 @@ static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
4877 pipe_double_lock(ipipe, opipe);
4878
4879 do {
4880 @@ -123857,7 +123849,7 @@ index 63b8f54..8292069 100644
4881 break;
4882
4883 /*
4884 -@@ -1635,7 +1635,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
4885 +@@ -1636,7 +1636,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
4886 pipe_double_lock(ipipe, opipe);
4887
4888 do {
4889 @@ -123866,7 +123858,7 @@ index 63b8f54..8292069 100644
4890 send_sig(SIGPIPE, current, 0);
4891 if (!ret)
4892 ret = -EPIPE;
4893 -@@ -1680,7 +1680,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
4894 +@@ -1681,7 +1681,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
4895 * return EAGAIN if we have the potential of some data in the
4896 * future, otherwise just return 0
4897 */
4898 @@ -140150,7 +140142,7 @@ index 063962f..d34f2da 100644
4899 static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page)
4900 {
4901 diff --git a/include/linux/hwmon-sysfs.h b/include/linux/hwmon-sysfs.h
4902 -index 1c7b89a..7dda400 100644
4903 +index 1c7b89a..7dda4003 100644
4904 --- a/include/linux/hwmon-sysfs.h
4905 +++ b/include/linux/hwmon-sysfs.h
4906 @@ -25,7 +25,8 @@
4907 @@ -149727,7 +149719,7 @@ index ba8a015..37d2e1d 100644
4908 int threads = max_threads;
4909 int min = MIN_THREADS;
4910 diff --git a/kernel/futex.c b/kernel/futex.c
4911 -index 2c4be46..46c5c89 100644
4912 +index 38b68c2..1940ab9 100644
4913 --- a/kernel/futex.c
4914 +++ b/kernel/futex.c
4915 @@ -210,7 +210,7 @@ struct futex_pi_state {
4916 @@ -151741,7 +151733,7 @@ index 4f0f060..d6c1a7d 100644
4917
4918 /**
4919 diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
4920 -index f7a55e9..85fe3ba 100644
4921 +index 9c5b231..aaa4a5c 100644
4922 --- a/kernel/printk/printk.c
4923 +++ b/kernel/printk/printk.c
4924 @@ -588,7 +588,7 @@ static int log_store(int facility, int level,
4925 @@ -164833,6 +164825,20 @@ index 0df2aa6..7db59f7 100644
4926 .init = sysctl_core_net_init,
4927 .exit = sysctl_core_net_exit,
4928 };
4929 +diff --git a/net/dccp/input.c b/net/dccp/input.c
4930 +index ba34718..8fedc2d 100644
4931 +--- a/net/dccp/input.c
4932 ++++ b/net/dccp/input.c
4933 +@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
4934 + if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
4935 + skb) < 0)
4936 + return 1;
4937 +- goto discard;
4938 ++ consume_skb(skb);
4939 ++ return 0;
4940 + }
4941 + if (dh->dccph_type == DCCP_PKT_RESET)
4942 + goto discard;
4943 diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
4944 index 13d6b1a..eaa0cee 100644
4945 --- a/net/decnet/af_decnet.c
4946 @@ -209399,10 +209405,10 @@ index 0000000..1181e93
4947 +size_mei_msg_data_65529_fields size mei_msg_data 0 65529 NULL
4948 diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_fns.data b/scripts/gcc-plugins/size_overflow_plugin/e_fns.data
4949 new file mode 100644
4950 -index 0000000..75e575c
4951 +index 0000000..103f4c7
4952 --- /dev/null
4953 +++ b/scripts/gcc-plugins/size_overflow_plugin/e_fns.data
4954 -@@ -0,0 +1,5032 @@
4955 +@@ -0,0 +1,5033 @@
4956 +logi_dj_recv_query_paired_devices_fndecl_13_fns logi_dj_recv_query_paired_devices fndecl 0 13 NULL
4957 +response_length_ib_uverbs_ex_destroy_wq_resp_15_fns response_length ib_uverbs_ex_destroy_wq_resp 0 15 NULL
4958 +kfd_wait_on_events_fndecl_19_fns kfd_wait_on_events fndecl 2 19 NULL
4959 @@ -213550,6 +213556,7 @@ index 0000000..75e575c
4960 +__hwahc_op_set_ptk_fndecl_54157_fns __hwahc_op_set_ptk fndecl 5 54157 NULL
4961 +b43_nphy_load_samples_fndecl_54162_fns b43_nphy_load_samples fndecl 3 54162 NULL
4962 +cpu_type_read_fndecl_54191_fns cpu_type_read fndecl 3 54191 NULL
4963 ++smsusb_sendrequest_fndecl_54196_fns smsusb_sendrequest fndecl 3 54196 NULL
4964 +p_filesz_elf32_phdr_54204_fns p_filesz elf32_phdr 0 54204 NULL
4965 +numeraseregions_mtd_info_54223_fns numeraseregions mtd_info 0 54223 NULL
4966 +__kfifo_to_user_fndecl_54232_fns __kfifo_to_user fndecl 3 54232 NULL
4967 @@ -225693,7 +225700,7 @@ index 0a578fe..b81f62d 100644
4968 })
4969
4970 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
4971 -index 7f9ee29..71d4ab0 100644
4972 +index 7f9ee29..39268bd 100644
4973 --- a/virt/kvm/kvm_main.c
4974 +++ b/virt/kvm/kvm_main.c
4975 @@ -93,12 +93,17 @@ LIST_HEAD(vm_list);
4976 @@ -225763,7 +225770,21 @@ index 7f9ee29..71d4ab0 100644
4977 .release = kvm_vm_release,
4978 .unlocked_ioctl = kvm_vm_ioctl,
4979 #ifdef CONFIG_KVM_COMPAT
4980 -@@ -3231,7 +3244,7 @@ static long kvm_dev_ioctl(struct file *filp,
4981 +@@ -3181,11 +3194,13 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
4982 + return PTR_ERR(file);
4983 + }
4984 +
4985 ++#ifndef CONFIG_GRKERNSEC_SYSFS_RESTRICT
4986 + if (kvm_create_vm_debugfs(kvm, r) < 0) {
4987 + put_unused_fd(r);
4988 + fput(file);
4989 + return -ENOMEM;
4990 + }
4991 ++#endif
4992 +
4993 + fd_install(r, file);
4994 + return r;
4995 +@@ -3231,7 +3246,7 @@ static long kvm_dev_ioctl(struct file *filp,
4996 return r;
4997 }
4998
4999 @@ -225772,7 +225793,7 @@ index 7f9ee29..71d4ab0 100644
5000 .unlocked_ioctl = kvm_dev_ioctl,
5001 .compat_ioctl = kvm_dev_ioctl,
5002 .llseek = noop_llseek,
5003 -@@ -3257,7 +3270,7 @@ static void hardware_enable_nolock(void *junk)
5004 +@@ -3257,7 +3272,7 @@ static void hardware_enable_nolock(void *junk)
5005
5006 if (r) {
5007 cpumask_clear_cpu(cpu, cpus_hardware_enabled);
5008 @@ -225781,7 +225802,7 @@ index 7f9ee29..71d4ab0 100644
5009 pr_info("kvm: enabling virtualization on CPU%d failed\n", cpu);
5010 }
5011 }
5012 -@@ -3314,10 +3327,10 @@ static int hardware_enable_all(void)
5013 +@@ -3314,10 +3329,10 @@ static int hardware_enable_all(void)
5014
5015 kvm_usage_count++;
5016 if (kvm_usage_count == 1) {
5017 @@ -225794,7 +225815,7 @@ index 7f9ee29..71d4ab0 100644
5018 hardware_disable_all_nolock();
5019 r = -EBUSY;
5020 }
5021 -@@ -3877,8 +3890,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
5022 +@@ -3877,8 +3892,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
5023 /* A kmem cache lets us meet the alignment requirements of fx_save. */
5024 if (!vcpu_align)
5025 vcpu_align = __alignof__(struct kvm_vcpu);
5026 @@ -225806,7 +225827,7 @@ index 7f9ee29..71d4ab0 100644
5027 if (!kvm_vcpu_cache) {
5028 r = -ENOMEM;
5029 goto out_free_3;
5030 -@@ -3888,9 +3902,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
5031 +@@ -3888,9 +3904,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
5032 if (r)
5033 goto out_free;
5034
5035 @@ -225818,7 +225839,7 @@ index 7f9ee29..71d4ab0 100644
5036
5037 r = misc_register(&kvm_dev);
5038 if (r) {
5039 -@@ -3900,9 +3916,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
5040 +@@ -3900,9 +3918,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
5041
5042 register_syscore_ops(&kvm_syscore_ops);
5043
5044
5045 diff --git a/4.9.11/4425_grsec_remove_EI_PAX.patch b/4.9.12/4425_grsec_remove_EI_PAX.patch
5046 similarity index 100%
5047 rename from 4.9.11/4425_grsec_remove_EI_PAX.patch
5048 rename to 4.9.12/4425_grsec_remove_EI_PAX.patch
5049
5050 diff --git a/4.9.11/4426_default_XATTR_PAX_FLAGS.patch b/4.9.12/4426_default_XATTR_PAX_FLAGS.patch
5051 similarity index 100%
5052 rename from 4.9.11/4426_default_XATTR_PAX_FLAGS.patch
5053 rename to 4.9.12/4426_default_XATTR_PAX_FLAGS.patch
5054
5055 diff --git a/4.9.11/4427_force_XATTR_PAX_tmpfs.patch b/4.9.12/4427_force_XATTR_PAX_tmpfs.patch
5056 similarity index 100%
5057 rename from 4.9.11/4427_force_XATTR_PAX_tmpfs.patch
5058 rename to 4.9.12/4427_force_XATTR_PAX_tmpfs.patch
5059
5060 diff --git a/4.9.11/4430_grsec-remove-localversion-grsec.patch b/4.9.12/4430_grsec-remove-localversion-grsec.patch
5061 similarity index 100%
5062 rename from 4.9.11/4430_grsec-remove-localversion-grsec.patch
5063 rename to 4.9.12/4430_grsec-remove-localversion-grsec.patch
5064
5065 diff --git a/4.9.11/4435_grsec-mute-warnings.patch b/4.9.12/4435_grsec-mute-warnings.patch
5066 similarity index 100%
5067 rename from 4.9.11/4435_grsec-mute-warnings.patch
5068 rename to 4.9.12/4435_grsec-mute-warnings.patch
5069
5070 diff --git a/4.9.11/4440_grsec-remove-protected-paths.patch b/4.9.12/4440_grsec-remove-protected-paths.patch
5071 similarity index 100%
5072 rename from 4.9.11/4440_grsec-remove-protected-paths.patch
5073 rename to 4.9.12/4440_grsec-remove-protected-paths.patch
5074
5075 diff --git a/4.9.11/4450_grsec-kconfig-default-gids.patch b/4.9.12/4450_grsec-kconfig-default-gids.patch
5076 similarity index 100%
5077 rename from 4.9.11/4450_grsec-kconfig-default-gids.patch
5078 rename to 4.9.12/4450_grsec-kconfig-default-gids.patch
5079
5080 diff --git a/4.9.11/4465_selinux-avc_audit-log-curr_ip.patch b/4.9.12/4465_selinux-avc_audit-log-curr_ip.patch
5081 similarity index 100%
5082 rename from 4.9.11/4465_selinux-avc_audit-log-curr_ip.patch
5083 rename to 4.9.12/4465_selinux-avc_audit-log-curr_ip.patch
5084
5085 diff --git a/4.9.11/4470_disable-compat_vdso.patch b/4.9.12/4470_disable-compat_vdso.patch
5086 similarity index 100%
5087 rename from 4.9.11/4470_disable-compat_vdso.patch
5088 rename to 4.9.12/4470_disable-compat_vdso.patch
5089
5090 diff --git a/4.9.11/4475_emutramp_default_on.patch b/4.9.12/4475_emutramp_default_on.patch
5091 similarity index 100%
5092 rename from 4.9.11/4475_emutramp_default_on.patch
5093 rename to 4.9.12/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups