Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.51/, 3.11.2/, 2.6.32/, 3.11.1/
Date: Sun, 29 Sep 2013 19:12:53
Message-Id: 1380482003.290728f2970dde95a2499c72844cff0e09f97bae.blueness@gentoo
1 commit: 290728f2970dde95a2499c72844cff0e09f97bae
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sun Sep 29 19:13:23 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Sep 29 19:13:23 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=290728f2
7
8 Grsec/PaX: 2.9.1-{2.6.32.61,3.2.51,3.11.2}-201309281102
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.61-201309281101.patch} | 88 +-
13 2.6.32/4440_grsec-remove-protected-paths.patch | 2 +-
14 2.6.32/4450_grsec-kconfig-default-gids.patch | 12 +-
15 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
16 {3.11.1 => 3.11.2}/0000_README | 6 +-
17 3.11.2/1001_linux-3.11.2.patch | 4419 ++++++++++++++++++++
18 ...4420_grsecurity-2.9.1-3.11.2-201309281103.patch | 757 ++--
19 {3.11.1 => 3.11.2}/4425_grsec_remove_EI_PAX.patch | 0
20 .../4427_force_XATTR_PAX_tmpfs.patch | 0
21 .../4430_grsec-remove-localversion-grsec.patch | 0
22 {3.11.1 => 3.11.2}/4435_grsec-mute-warnings.patch | 0
23 .../4440_grsec-remove-protected-paths.patch | 0
24 .../4450_grsec-kconfig-default-gids.patch | 0
25 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
26 {3.11.1 => 3.11.2}/4470_disable-compat_vdso.patch | 0
27 {3.11.1 => 3.11.2}/4475_emutramp_default_on.patch | 0
28 3.2.51/0000_README | 2 +-
29 ...420_grsecurity-2.9.1-3.2.51-201309281102.patch} | 347 +-
30 19 files changed, 5079 insertions(+), 558 deletions(-)
31
32 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
33 index c481225..381f8d3 100644
34 --- a/2.6.32/0000_README
35 +++ b/2.6.32/0000_README
36 @@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch
37 From: http://www.kernel.org
38 Desc: Linux 2.6.32.61
39
40 -Patch: 4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch
41 +Patch: 4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch
42 From: http://www.grsecurity.net
43 Desc: hardened-sources base patch from upstream grsecurity
44
45
46 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch
47 similarity index 99%
48 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch
49 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch
50 index 41ba8b2..80f4104 100644
51 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch
52 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch
53 @@ -45625,7 +45625,7 @@ index 3beb26d..6ce9c4a 100644
54 INIT_LIST_HEAD(&rdev->fence_drv.emited);
55 INIT_LIST_HEAD(&rdev->fence_drv.signaled);
56 diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c
57 -index a1bf11d..4a123c0 100644
58 +index a1bf11de..4a123c0 100644
59 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c
60 +++ b/drivers/gpu/drm/radeon/radeon_ioc32.c
61 @@ -368,7 +368,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd,
62 @@ -91904,10 +91904,10 @@ index 0000000..5a3ac97
63 +}
64 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
65 new file mode 100644
66 -index 0000000..b6b5239
67 +index 0000000..462a28e
68 --- /dev/null
69 +++ b/grsecurity/gracl_ip.c
70 -@@ -0,0 +1,388 @@
71 +@@ -0,0 +1,387 @@
72 +#include <linux/kernel.h>
73 +#include <asm/uaccess.h>
74 +#include <asm/errno.h>
75 @@ -92000,6 +92000,8 @@ index 0000000..b6b5239
76 + return gr_sockfamilies[family];
77 +}
78 +
79 ++extern const struct net_proto_family *net_families[NPROTO] __read_mostly;
80 ++
81 +int
82 +gr_search_socket(const int domain, const int type, const int protocol)
83 +{
84 @@ -92079,10 +92081,7 @@ index 0000000..b6b5239
85 + if (domain == PF_INET)
86 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
87 + gr_socktype_to_name(type), gr_proto_to_name(protocol));
88 -+ else
89 -+#ifndef CONFIG_IPV6
90 -+ if (domain != PF_INET6)
91 -+#endif
92 ++ else if (net_families[domain] != NULL)
93 + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
94 + gr_socktype_to_name(type), protocol);
95 +
96 @@ -95482,7 +95481,7 @@ index 0000000..7512ea9
97 +}
98 diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c
99 new file mode 100644
100 -index 0000000..5a6d4bc
101 +index 0000000..5a6d4bc1
102 --- /dev/null
103 +++ b/grsecurity/grsec_sysctl.c
104 @@ -0,0 +1,527 @@
105 @@ -111522,7 +111521,7 @@ index aaca868..2ebecdc 100644
106 err = -EPERM;
107 goto out;
108 diff --git a/mm/mlock.c b/mm/mlock.c
109 -index 2d846cf..ca1e492 100644
110 +index 2d846cf..1183f13 100644
111 --- a/mm/mlock.c
112 +++ b/mm/mlock.c
113 @@ -13,6 +13,7 @@
114 @@ -111625,7 +111624,15 @@ index 2d846cf..ca1e492 100644
115
116 newflags = vma->vm_flags | VM_LOCKED;
117 if (!(flags & MCL_CURRENT))
118 -@@ -570,6 +572,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
119 +@@ -545,6 +547,7 @@ static int do_mlockall(int flags)
120 +
121 + /* Ignore errors */
122 + mlock_fixup(vma, &prev, vma->vm_start, vma->vm_end, newflags);
123 ++ cond_resched();
124 + }
125 + out:
126 + return 0;
127 +@@ -570,6 +573,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
128 lock_limit >>= PAGE_SHIFT;
129
130 ret = -ENOMEM;
131 @@ -118962,7 +118969,7 @@ index e04c9f8..51bc18e 100644
132 + (rtt >> sctp_rto_alpha);
133 } else {
134 diff --git a/net/socket.c b/net/socket.c
135 -index bf9fc68..0ea7e39 100644
136 +index bf9fc68..27b436e 100644
137 --- a/net/socket.c
138 +++ b/net/socket.c
139 @@ -87,6 +87,7 @@
140 @@ -118995,6 +119002,15 @@ index bf9fc68..0ea7e39 100644
141 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
142 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
143 unsigned long nr_segs, loff_t pos);
144 +@@ -148,7 +164,7 @@ static const struct file_operations socket_file_ops = {
145 + */
146 +
147 + static DEFINE_SPINLOCK(net_family_lock);
148 +-static const struct net_proto_family *net_families[NPROTO] __read_mostly;
149 ++const struct net_proto_family *net_families[NPROTO] __read_mostly;
150 +
151 + /*
152 + * Statistics counters of the socket lists
153 @@ -298,7 +314,7 @@ static int sockfs_get_sb(struct file_system_type *fs_type,
154 mnt);
155 }
156 @@ -119013,24 +119029,28 @@ index bf9fc68..0ea7e39 100644
157
158 /* Compatibility.
159
160 -@@ -1283,6 +1301,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
161 - if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
162 - flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
163 +@@ -1174,6 +1192,20 @@ static int __sock_create(struct net *net, int family, int type, int protocol,
164 + if (err)
165 + return err;
166
167 -+ if(!gr_search_socket(family, type, protocol)) {
168 -+ retval = -EACCES;
169 -+ goto out;
170 ++ if(!kern && !gr_search_socket(family, type, protocol)) {
171 ++ if (net_families[family] == NULL)
172 ++ return -EAFNOSUPPORT;
173 ++ else
174 ++ return -EACCES;
175 + }
176 +
177 -+ if (gr_handle_sock_all(family, type, protocol)) {
178 -+ retval = -EACCES;
179 -+ goto out;
180 ++ if (!kern && gr_handle_sock_all(family, type, protocol)) {
181 ++ if (net_families[family] == NULL)
182 ++ return -EAFNOSUPPORT;
183 ++ else
184 ++ return -EACCES;
185 + }
186 +
187 - retval = sock_create(family, type, protocol, &sock);
188 - if (retval < 0)
189 - goto out;
190 -@@ -1415,6 +1443,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
191 + /*
192 + * Allocate the socket and allow the family to set things up. if
193 + * the protocol is 0, the family is instructed to select an appropriate
194 +@@ -1415,6 +1447,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
195 if (sock) {
196 err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
197 if (err >= 0) {
198 @@ -119045,7 +119065,7 @@ index bf9fc68..0ea7e39 100644
199 err = security_socket_bind(sock,
200 (struct sockaddr *)&address,
201 addrlen);
202 -@@ -1423,6 +1459,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
203 +@@ -1423,6 +1463,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
204 (struct sockaddr *)
205 &address, addrlen);
206 }
207 @@ -119053,7 +119073,7 @@ index bf9fc68..0ea7e39 100644
208 fput_light(sock->file, fput_needed);
209 }
210 return err;
211 -@@ -1446,10 +1483,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
212 +@@ -1446,10 +1487,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
213 if ((unsigned)backlog > somaxconn)
214 backlog = somaxconn;
215
216 @@ -119074,7 +119094,7 @@ index bf9fc68..0ea7e39 100644
217 fput_light(sock->file, fput_needed);
218 }
219 return err;
220 -@@ -1492,6 +1539,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
221 +@@ -1492,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
222 newsock->type = sock->type;
223 newsock->ops = sock->ops;
224
225 @@ -119093,7 +119113,7 @@ index bf9fc68..0ea7e39 100644
226 /*
227 * We don't need try_module_get here, as the listening socket (sock)
228 * has the protocol module (sock->ops->owner) held.
229 -@@ -1534,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
230 +@@ -1534,6 +1597,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
231 fd_install(newfd, newfile);
232 err = newfd;
233
234 @@ -119102,7 +119122,7 @@ index bf9fc68..0ea7e39 100644
235 out_put:
236 fput_light(sock->file, fput_needed);
237 out:
238 -@@ -1571,6 +1632,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
239 +@@ -1571,6 +1636,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
240 int, addrlen)
241 {
242 struct socket *sock;
243 @@ -119110,7 +119130,7 @@ index bf9fc68..0ea7e39 100644
244 struct sockaddr_storage address;
245 int err, fput_needed;
246
247 -@@ -1581,6 +1643,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
248 +@@ -1581,6 +1647,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
249 if (err < 0)
250 goto out_put;
251
252 @@ -119128,7 +119148,7 @@ index bf9fc68..0ea7e39 100644
253 err =
254 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
255 if (err)
256 -@@ -1728,7 +1801,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
257 +@@ -1728,7 +1805,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
258 struct socket *sock;
259 struct iovec iov;
260 struct msghdr msg;
261 @@ -119137,7 +119157,7 @@ index bf9fc68..0ea7e39 100644
262 int err, err2;
263 int fput_needed;
264
265 -@@ -1882,6 +1955,8 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags)
266 +@@ -1882,6 +1959,8 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags)
267 int err, ctl_len, iov_size, total_len;
268 int fput_needed;
269
270 @@ -119146,7 +119166,7 @@ index bf9fc68..0ea7e39 100644
271 err = -EFAULT;
272 if (MSG_CMSG_COMPAT & flags) {
273 if (get_compat_msghdr(&msg_sys, msg_compat))
274 -@@ -1987,7 +2062,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
275 +@@ -1987,7 +2066,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
276 int fput_needed;
277
278 /* kernel mode address */
279 @@ -119155,7 +119175,7 @@ index bf9fc68..0ea7e39 100644
280
281 /* user mode address pointers */
282 struct sockaddr __user *uaddr;
283 -@@ -2022,7 +2097,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
284 +@@ -2022,7 +2101,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
285 * kernel msghdr to use the kernel address space)
286 */
287
288
289 diff --git a/2.6.32/4440_grsec-remove-protected-paths.patch b/2.6.32/4440_grsec-remove-protected-paths.patch
290 index 339cc6e..38d465e 100644
291 --- a/2.6.32/4440_grsec-remove-protected-paths.patch
292 +++ b/2.6.32/4440_grsec-remove-protected-paths.patch
293 @@ -6,7 +6,7 @@ the filesystem.
294 diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile
295 --- a/grsecurity/Makefile 2011-10-19 19:48:21.000000000 -0400
296 +++ b/grsecurity/Makefile 2011-10-19 19:50:44.000000000 -0400
297 -@@ -29,10 +29,4 @@
298 +@@ -34,10 +34,4 @@
299 ifdef CONFIG_GRKERNSEC_HIDESYM
300 extra-y := grsec_hidesym.o
301 $(obj)/grsec_hidesym.o:
302
303 diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch
304 index 87aa8e4..3dfdc8f 100644
305 --- a/2.6.32/4450_grsec-kconfig-default-gids.patch
306 +++ b/2.6.32/4450_grsec-kconfig-default-gids.patch
307 @@ -16,7 +16,7 @@ from shooting themselves in the foot.
308 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
309 --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400
310 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400
311 -@@ -570,7 +570,7 @@
312 +@@ -572,7 +572,7 @@
313 config GRKERNSEC_AUDIT_GID
314 int "GID for auditing"
315 depends on GRKERNSEC_AUDIT_GROUP
316 @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
317
318 config GRKERNSEC_EXECLOG
319 bool "Exec logging"
320 -@@ -790,7 +790,7 @@
321 +@@ -792,7 +792,7 @@
322 config GRKERNSEC_TPE_UNTRUSTED_GID
323 int "GID for TPE-untrusted users"
324 depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
325 @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
326 help
327 Setting this GID determines what group TPE restrictions will be
328 *enabled* for. If the sysctl option is enabled, a sysctl option
329 -@@ -799,7 +799,7 @@
330 +@@ -801,7 +801,7 @@
331 config GRKERNSEC_TPE_TRUSTED_GID
332 int "GID for TPE-trusted users"
333 depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
334 @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
335 help
336 Setting this GID determines what group TPE restrictions will be
337 *disabled* for. If the sysctl option is enabled, a sysctl option
338 -@@ -892,7 +892,7 @@
339 +@@ -894,7 +894,7 @@
340 config GRKERNSEC_SOCKET_ALL_GID
341 int "GID to deny all sockets for"
342 depends on GRKERNSEC_SOCKET_ALL
343 @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
344 help
345 Here you can choose the GID to disable socket access for. Remember to
346 add the users you want socket access disabled for to the GID
347 -@@ -913,7 +913,7 @@
348 +@@ -915,7 +915,7 @@
349 config GRKERNSEC_SOCKET_CLIENT_GID
350 int "GID to deny client sockets for"
351 depends on GRKERNSEC_SOCKET_CLIENT
352 @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
353 help
354 Here you can choose the GID to disable client socket access for.
355 Remember to add the users you want client socket access disabled for to
356 -@@ -931,7 +931,7 @@
357 +@@ -933,7 +933,7 @@
358 config GRKERNSEC_SOCKET_SERVER_GID
359 int "GID to deny server sockets for"
360 depends on GRKERNSEC_SOCKET_SERVER
361
362 diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
363 index 19027c3..418ae16 100644
364 --- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
365 +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
366 @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
367 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
368 --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400
369 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400
370 -@@ -990,6 +990,27 @@
371 +@@ -1027,6 +1027,27 @@
372 menu "Logging Options"
373 depends on GRKERNSEC
374
375
376 diff --git a/3.11.1/0000_README b/3.11.2/0000_README
377 similarity index 92%
378 rename from 3.11.1/0000_README
379 rename to 3.11.2/0000_README
380 index da0f1cd..b666b59 100644
381 --- a/3.11.1/0000_README
382 +++ b/3.11.2/0000_README
383 @@ -2,7 +2,11 @@ README
384 -----------------------------------------------------------------------------
385 Individual Patch Descriptions:
386 -----------------------------------------------------------------------------
387 -Patch: 4420_grsecurity-2.9.1-3.11.1-201309221838.patch
388 +Patch: 1001_linux-3.11.2.patch
389 +From: http://www.kernel.org
390 +Desc: Linux 3.11.2
391 +
392 +Patch: 4420_grsecurity-2.9.1-3.11.2-201309281103.patch
393 From: http://www.grsecurity.net
394 Desc: hardened-sources base patch from upstream grsecurity
395
396
397 diff --git a/3.11.2/1001_linux-3.11.2.patch b/3.11.2/1001_linux-3.11.2.patch
398 new file mode 100644
399 index 0000000..5d8bdf1
400 --- /dev/null
401 +++ b/3.11.2/1001_linux-3.11.2.patch
402 @@ -0,0 +1,4419 @@
403 +diff --git a/Makefile b/Makefile
404 +index efd2396..aede319 100644
405 +--- a/Makefile
406 ++++ b/Makefile
407 +@@ -1,6 +1,6 @@
408 + VERSION = 3
409 + PATCHLEVEL = 11
410 +-SUBLEVEL = 1
411 ++SUBLEVEL = 2
412 + EXTRAVERSION =
413 + NAME = Linux for Workgroups
414 +
415 +diff --git a/arch/arc/include/asm/sections.h b/arch/arc/include/asm/sections.h
416 +index 6fc1159..764f1e3 100644
417 +--- a/arch/arc/include/asm/sections.h
418 ++++ b/arch/arc/include/asm/sections.h
419 +@@ -11,7 +11,6 @@
420 +
421 + #include <asm-generic/sections.h>
422 +
423 +-extern char _int_vec_base_lds[];
424 + extern char __arc_dccm_base[];
425 + extern char __dtb_start[];
426 +
427 +diff --git a/arch/arc/kernel/head.S b/arch/arc/kernel/head.S
428 +index 2a913f8..0f944f0 100644
429 +--- a/arch/arc/kernel/head.S
430 ++++ b/arch/arc/kernel/head.S
431 +@@ -34,6 +34,9 @@ stext:
432 + ; IDENTITY Reg [ 3 2 1 0 ]
433 + ; (cpu-id) ^^^ => Zero for UP ARC700
434 + ; => #Core-ID if SMP (Master 0)
435 ++ ; Note that non-boot CPUs might not land here if halt-on-reset and
436 ++ ; instead breath life from @first_lines_of_secondary, but we still
437 ++ ; need to make sure only boot cpu takes this path.
438 + GET_CPU_ID r5
439 + cmp r5, 0
440 + jnz arc_platform_smp_wait_to_boot
441 +@@ -98,6 +101,8 @@ stext:
442 +
443 + first_lines_of_secondary:
444 +
445 ++ sr @_int_vec_base_lds, [AUX_INTR_VEC_BASE]
446 ++
447 + ; setup per-cpu idle task as "current" on this CPU
448 + ld r0, [@secondary_idle_tsk]
449 + SET_CURR_TASK_ON_CPU r0, r1
450 +diff --git a/arch/arc/kernel/irq.c b/arch/arc/kernel/irq.c
451 +index 305b3f8..5fc9245 100644
452 +--- a/arch/arc/kernel/irq.c
453 ++++ b/arch/arc/kernel/irq.c
454 +@@ -24,7 +24,6 @@
455 + * -Needed for each CPU (hence not foldable into init_IRQ)
456 + *
457 + * what it does ?
458 +- * -setup Vector Table Base Reg - in case Linux not linked at 0x8000_0000
459 + * -Disable all IRQs (on CPU side)
460 + * -Optionally, setup the High priority Interrupts as Level 2 IRQs
461 + */
462 +diff --git a/arch/arc/kernel/setup.c b/arch/arc/kernel/setup.c
463 +index 6b08345..e818563 100644
464 +--- a/arch/arc/kernel/setup.c
465 ++++ b/arch/arc/kernel/setup.c
466 +@@ -47,10 +47,7 @@ void read_arc_build_cfg_regs(void)
467 + READ_BCR(AUX_IDENTITY, cpu->core);
468 +
469 + cpu->timers = read_aux_reg(ARC_REG_TIMERS_BCR);
470 +-
471 + cpu->vec_base = read_aux_reg(AUX_INTR_VEC_BASE);
472 +- if (cpu->vec_base == 0)
473 +- cpu->vec_base = (unsigned int)_int_vec_base_lds;
474 +
475 + READ_BCR(ARC_REG_D_UNCACH_BCR, uncached_space);
476 + cpu->uncached_base = uncached_space.start << 24;
477 +diff --git a/arch/arm/mach-versatile/include/mach/platform.h b/arch/arm/mach-versatile/include/mach/platform.h
478 +index ec08740..6f938cc 100644
479 +--- a/arch/arm/mach-versatile/include/mach/platform.h
480 ++++ b/arch/arm/mach-versatile/include/mach/platform.h
481 +@@ -231,12 +231,14 @@
482 + /* PCI space */
483 + #define VERSATILE_PCI_BASE 0x41000000 /* PCI Interface */
484 + #define VERSATILE_PCI_CFG_BASE 0x42000000
485 ++#define VERSATILE_PCI_IO_BASE 0x43000000
486 + #define VERSATILE_PCI_MEM_BASE0 0x44000000
487 + #define VERSATILE_PCI_MEM_BASE1 0x50000000
488 + #define VERSATILE_PCI_MEM_BASE2 0x60000000
489 + /* Sizes of above maps */
490 + #define VERSATILE_PCI_BASE_SIZE 0x01000000
491 + #define VERSATILE_PCI_CFG_BASE_SIZE 0x02000000
492 ++#define VERSATILE_PCI_IO_BASE_SIZE 0x01000000
493 + #define VERSATILE_PCI_MEM_BASE0_SIZE 0x0c000000 /* 32Mb */
494 + #define VERSATILE_PCI_MEM_BASE1_SIZE 0x10000000 /* 256Mb */
495 + #define VERSATILE_PCI_MEM_BASE2_SIZE 0x10000000 /* 256Mb */
496 +diff --git a/arch/arm/mach-versatile/pci.c b/arch/arm/mach-versatile/pci.c
497 +index e92e5e0..c97be4e 100644
498 +--- a/arch/arm/mach-versatile/pci.c
499 ++++ b/arch/arm/mach-versatile/pci.c
500 +@@ -43,9 +43,9 @@
501 + #define PCI_IMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x0)
502 + #define PCI_IMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x4)
503 + #define PCI_IMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x8)
504 +-#define PCI_SMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x10)
505 +-#define PCI_SMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x14)
506 +-#define PCI_SMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x18)
507 ++#define PCI_SMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x14)
508 ++#define PCI_SMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x18)
509 ++#define PCI_SMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x1c)
510 + #define PCI_SELFID __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0xc)
511 +
512 + #define DEVICE_ID_OFFSET 0x00
513 +@@ -170,8 +170,8 @@ static struct pci_ops pci_versatile_ops = {
514 + .write = versatile_write_config,
515 + };
516 +
517 +-static struct resource io_mem = {
518 +- .name = "PCI I/O space",
519 ++static struct resource unused_mem = {
520 ++ .name = "PCI unused",
521 + .start = VERSATILE_PCI_MEM_BASE0,
522 + .end = VERSATILE_PCI_MEM_BASE0+VERSATILE_PCI_MEM_BASE0_SIZE-1,
523 + .flags = IORESOURCE_MEM,
524 +@@ -195,9 +195,9 @@ static int __init pci_versatile_setup_resources(struct pci_sys_data *sys)
525 + {
526 + int ret = 0;
527 +
528 +- ret = request_resource(&iomem_resource, &io_mem);
529 ++ ret = request_resource(&iomem_resource, &unused_mem);
530 + if (ret) {
531 +- printk(KERN_ERR "PCI: unable to allocate I/O "
532 ++ printk(KERN_ERR "PCI: unable to allocate unused "
533 + "memory region (%d)\n", ret);
534 + goto out;
535 + }
536 +@@ -205,7 +205,7 @@ static int __init pci_versatile_setup_resources(struct pci_sys_data *sys)
537 + if (ret) {
538 + printk(KERN_ERR "PCI: unable to allocate non-prefetchable "
539 + "memory region (%d)\n", ret);
540 +- goto release_io_mem;
541 ++ goto release_unused_mem;
542 + }
543 + ret = request_resource(&iomem_resource, &pre_mem);
544 + if (ret) {
545 +@@ -225,8 +225,8 @@ static int __init pci_versatile_setup_resources(struct pci_sys_data *sys)
546 +
547 + release_non_mem:
548 + release_resource(&non_mem);
549 +- release_io_mem:
550 +- release_resource(&io_mem);
551 ++ release_unused_mem:
552 ++ release_resource(&unused_mem);
553 + out:
554 + return ret;
555 + }
556 +@@ -246,7 +246,7 @@ int __init pci_versatile_setup(int nr, struct pci_sys_data *sys)
557 + goto out;
558 + }
559 +
560 +- ret = pci_ioremap_io(0, VERSATILE_PCI_MEM_BASE0);
561 ++ ret = pci_ioremap_io(0, VERSATILE_PCI_IO_BASE);
562 + if (ret)
563 + goto out;
564 +
565 +@@ -295,6 +295,19 @@ int __init pci_versatile_setup(int nr, struct pci_sys_data *sys)
566 + __raw_writel(PHYS_OFFSET, local_pci_cfg_base + PCI_BASE_ADDRESS_2);
567 +
568 + /*
569 ++ * For many years the kernel and QEMU were symbiotically buggy
570 ++ * in that they both assumed the same broken IRQ mapping.
571 ++ * QEMU therefore attempts to auto-detect old broken kernels
572 ++ * so that they still work on newer QEMU as they did on old
573 ++ * QEMU. Since we now use the correct (ie matching-hardware)
574 ++ * IRQ mapping we write a definitely different value to a
575 ++ * PCI_INTERRUPT_LINE register to tell QEMU that we expect
576 ++ * real hardware behaviour and it need not be backwards
577 ++ * compatible for us. This write is harmless on real hardware.
578 ++ */
579 ++ __raw_writel(0, VERSATILE_PCI_VIRT_BASE+PCI_INTERRUPT_LINE);
580 ++
581 ++ /*
582 + * Do not to map Versatile FPGA PCI device into memory space
583 + */
584 + pci_slot_ignore |= (1 << myslot);
585 +@@ -327,13 +340,13 @@ static int __init versatile_map_irq(const struct pci_dev *dev, u8 slot, u8 pin)
586 + {
587 + int irq;
588 +
589 +- /* slot, pin, irq
590 +- * 24 1 IRQ_SIC_PCI0
591 +- * 25 1 IRQ_SIC_PCI1
592 +- * 26 1 IRQ_SIC_PCI2
593 +- * 27 1 IRQ_SIC_PCI3
594 ++ /*
595 ++ * Slot INTA INTB INTC INTD
596 ++ * 31 PCI1 PCI2 PCI3 PCI0
597 ++ * 30 PCI0 PCI1 PCI2 PCI3
598 ++ * 29 PCI3 PCI0 PCI1 PCI2
599 + */
600 +- irq = IRQ_SIC_PCI0 + ((slot - 24 + pin - 1) & 3);
601 ++ irq = IRQ_SIC_PCI0 + ((slot + 2 + pin - 1) & 3);
602 +
603 + return irq;
604 + }
605 +diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
606 +index 8a6295c..7071fca 100644
607 +--- a/arch/arm/xen/enlighten.c
608 ++++ b/arch/arm/xen/enlighten.c
609 +@@ -273,12 +273,15 @@ core_initcall(xen_guest_init);
610 +
611 + static int __init xen_pm_init(void)
612 + {
613 ++ if (!xen_domain())
614 ++ return -ENODEV;
615 ++
616 + pm_power_off = xen_power_off;
617 + arm_pm_restart = xen_restart;
618 +
619 + return 0;
620 + }
621 +-subsys_initcall(xen_pm_init);
622 ++late_initcall(xen_pm_init);
623 +
624 + static irqreturn_t xen_arm_callback(int irq, void *arg)
625 + {
626 +diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c
627 +index 12e6ccb..cea1594 100644
628 +--- a/arch/arm64/kernel/perf_event.c
629 ++++ b/arch/arm64/kernel/perf_event.c
630 +@@ -325,7 +325,10 @@ validate_event(struct pmu_hw_events *hw_events,
631 + if (is_software_event(event))
632 + return 1;
633 +
634 +- if (event->pmu != leader_pmu || event->state <= PERF_EVENT_STATE_OFF)
635 ++ if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF)
636 ++ return 1;
637 ++
638 ++ if (event->state == PERF_EVENT_STATE_OFF && !event->attr.enable_on_exec)
639 + return 1;
640 +
641 + return armpmu->get_event_idx(hw_events, &fake_event) >= 0;
642 +@@ -781,7 +784,7 @@ static const unsigned armv8_pmuv3_perf_cache_map[PERF_COUNT_HW_CACHE_MAX]
643 + /*
644 + * PMXEVTYPER: Event selection reg
645 + */
646 +-#define ARMV8_EVTYPE_MASK 0xc00000ff /* Mask for writable bits */
647 ++#define ARMV8_EVTYPE_MASK 0xc80000ff /* Mask for writable bits */
648 + #define ARMV8_EVTYPE_EVENT 0xff /* Mask for EVENT bits */
649 +
650 + /*
651 +diff --git a/arch/mips/ath79/clock.c b/arch/mips/ath79/clock.c
652 +index 765ef30..733017b 100644
653 +--- a/arch/mips/ath79/clock.c
654 ++++ b/arch/mips/ath79/clock.c
655 +@@ -164,7 +164,7 @@ static void __init ar933x_clocks_init(void)
656 + ath79_ahb_clk.rate = freq / t;
657 + }
658 +
659 +- ath79_wdt_clk.rate = ath79_ref_clk.rate;
660 ++ ath79_wdt_clk.rate = ath79_ahb_clk.rate;
661 + ath79_uart_clk.rate = ath79_ref_clk.rate;
662 + }
663 +
664 +diff --git a/arch/powerpc/kernel/align.c b/arch/powerpc/kernel/align.c
665 +index ee5b690..52e5758 100644
666 +--- a/arch/powerpc/kernel/align.c
667 ++++ b/arch/powerpc/kernel/align.c
668 +@@ -764,6 +764,16 @@ int fix_alignment(struct pt_regs *regs)
669 + nb = aligninfo[instr].len;
670 + flags = aligninfo[instr].flags;
671 +
672 ++ /* ldbrx/stdbrx overlap lfs/stfs in the DSISR unfortunately */
673 ++ if (IS_XFORM(instruction) && ((instruction >> 1) & 0x3ff) == 532) {
674 ++ nb = 8;
675 ++ flags = LD+SW;
676 ++ } else if (IS_XFORM(instruction) &&
677 ++ ((instruction >> 1) & 0x3ff) == 660) {
678 ++ nb = 8;
679 ++ flags = ST+SW;
680 ++ }
681 ++
682 + /* Byteswap little endian loads and stores */
683 + swiz = 0;
684 + if (regs->msr & MSR_LE) {
685 +diff --git a/arch/powerpc/kvm/book3s_xics.c b/arch/powerpc/kvm/book3s_xics.c
686 +index 94c1dd4..a3a5cb8 100644
687 +--- a/arch/powerpc/kvm/book3s_xics.c
688 ++++ b/arch/powerpc/kvm/book3s_xics.c
689 +@@ -19,6 +19,7 @@
690 + #include <asm/hvcall.h>
691 + #include <asm/xics.h>
692 + #include <asm/debug.h>
693 ++#include <asm/time.h>
694 +
695 + #include <linux/debugfs.h>
696 + #include <linux/seq_file.h>
697 +diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c
698 +index c11c823..54b998f 100644
699 +--- a/arch/powerpc/platforms/pseries/setup.c
700 ++++ b/arch/powerpc/platforms/pseries/setup.c
701 +@@ -354,7 +354,7 @@ static int alloc_dispatch_log_kmem_cache(void)
702 + }
703 + early_initcall(alloc_dispatch_log_kmem_cache);
704 +
705 +-static void pSeries_idle(void)
706 ++static void pseries_lpar_idle(void)
707 + {
708 + /* This would call on the cpuidle framework, and the back-end pseries
709 + * driver to go to idle states
710 +@@ -362,10 +362,22 @@ static void pSeries_idle(void)
711 + if (cpuidle_idle_call()) {
712 + /* On error, execute default handler
713 + * to go into low thread priority and possibly
714 +- * low power mode.
715 ++ * low power mode by cedeing processor to hypervisor
716 + */
717 +- HMT_low();
718 +- HMT_very_low();
719 ++
720 ++ /* Indicate to hypervisor that we are idle. */
721 ++ get_lppaca()->idle = 1;
722 ++
723 ++ /*
724 ++ * Yield the processor to the hypervisor. We return if
725 ++ * an external interrupt occurs (which are driven prior
726 ++ * to returning here) or if a prod occurs from another
727 ++ * processor. When returning here, external interrupts
728 ++ * are enabled.
729 ++ */
730 ++ cede_processor();
731 ++
732 ++ get_lppaca()->idle = 0;
733 + }
734 + }
735 +
736 +@@ -456,15 +468,14 @@ static void __init pSeries_setup_arch(void)
737 +
738 + pSeries_nvram_init();
739 +
740 +- if (firmware_has_feature(FW_FEATURE_SPLPAR)) {
741 ++ if (firmware_has_feature(FW_FEATURE_LPAR)) {
742 + vpa_init(boot_cpuid);
743 +- ppc_md.power_save = pSeries_idle;
744 +- }
745 +-
746 +- if (firmware_has_feature(FW_FEATURE_LPAR))
747 ++ ppc_md.power_save = pseries_lpar_idle;
748 + ppc_md.enable_pmcs = pseries_lpar_enable_pmcs;
749 +- else
750 ++ } else {
751 ++ /* No special idle routine */
752 + ppc_md.enable_pmcs = power4_enable_pmcs;
753 ++ }
754 +
755 + ppc_md.pcibios_root_bridge_prepare = pseries_root_bridge_prepare;
756 +
757 +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
758 +index d5f10a4..7092392 100644
759 +--- a/arch/s390/net/bpf_jit_comp.c
760 ++++ b/arch/s390/net/bpf_jit_comp.c
761 +@@ -805,7 +805,7 @@ static struct bpf_binary_header *bpf_alloc_binary(unsigned int bpfsize,
762 + return NULL;
763 + memset(header, 0, sz);
764 + header->pages = sz / PAGE_SIZE;
765 +- hole = sz - bpfsize + sizeof(*header);
766 ++ hole = sz - (bpfsize + sizeof(*header));
767 + /* Insert random number of illegal instructions before BPF code
768 + * and make sure the first instruction starts at an even address.
769 + */
770 +diff --git a/arch/um/include/shared/os.h b/arch/um/include/shared/os.h
771 +index 95feaa4..c70a234 100644
772 +--- a/arch/um/include/shared/os.h
773 ++++ b/arch/um/include/shared/os.h
774 +@@ -200,6 +200,7 @@ extern int os_unmap_memory(void *addr, int len);
775 + extern int os_drop_memory(void *addr, int length);
776 + extern int can_drop_memory(void);
777 + extern void os_flush_stdout(void);
778 ++extern int os_mincore(void *addr, unsigned long len);
779 +
780 + /* execvp.c */
781 + extern int execvp_noalloc(char *buf, const char *file, char *const argv[]);
782 +diff --git a/arch/um/kernel/Makefile b/arch/um/kernel/Makefile
783 +index babe218..d8b78a0 100644
784 +--- a/arch/um/kernel/Makefile
785 ++++ b/arch/um/kernel/Makefile
786 +@@ -13,7 +13,7 @@ clean-files :=
787 + obj-y = config.o exec.o exitcode.o irq.o ksyms.o mem.o \
788 + physmem.o process.o ptrace.o reboot.o sigio.o \
789 + signal.o smp.o syscall.o sysrq.o time.o tlb.o trap.o \
790 +- um_arch.o umid.o skas/
791 ++ um_arch.o umid.o maccess.o skas/
792 +
793 + obj-$(CONFIG_BLK_DEV_INITRD) += initrd.o
794 + obj-$(CONFIG_GPROF) += gprof_syms.o
795 +diff --git a/arch/um/kernel/maccess.c b/arch/um/kernel/maccess.c
796 +new file mode 100644
797 +index 0000000..1f3d5c4
798 +--- /dev/null
799 ++++ b/arch/um/kernel/maccess.c
800 +@@ -0,0 +1,24 @@
801 ++/*
802 ++ * Copyright (C) 2013 Richard Weinberger <richrd@×××.at>
803 ++ *
804 ++ * This program is free software; you can redistribute it and/or modify
805 ++ * it under the terms of the GNU General Public License version 2 as
806 ++ * published by the Free Software Foundation.
807 ++ */
808 ++
809 ++#include <linux/uaccess.h>
810 ++#include <linux/kernel.h>
811 ++#include <os.h>
812 ++
813 ++long probe_kernel_read(void *dst, const void *src, size_t size)
814 ++{
815 ++ void *psrc = (void *)rounddown((unsigned long)src, PAGE_SIZE);
816 ++
817 ++ if ((unsigned long)src < PAGE_SIZE || size <= 0)
818 ++ return -EFAULT;
819 ++
820 ++ if (os_mincore(psrc, size + src - psrc) <= 0)
821 ++ return -EFAULT;
822 ++
823 ++ return __probe_kernel_read(dst, src, size);
824 ++}
825 +diff --git a/arch/um/os-Linux/process.c b/arch/um/os-Linux/process.c
826 +index b8f34c9..67b9c8f 100644
827 +--- a/arch/um/os-Linux/process.c
828 ++++ b/arch/um/os-Linux/process.c
829 +@@ -4,6 +4,7 @@
830 + */
831 +
832 + #include <stdio.h>
833 ++#include <stdlib.h>
834 + #include <unistd.h>
835 + #include <errno.h>
836 + #include <signal.h>
837 +@@ -232,6 +233,57 @@ out:
838 + return ok;
839 + }
840 +
841 ++static int os_page_mincore(void *addr)
842 ++{
843 ++ char vec[2];
844 ++ int ret;
845 ++
846 ++ ret = mincore(addr, UM_KERN_PAGE_SIZE, vec);
847 ++ if (ret < 0) {
848 ++ if (errno == ENOMEM || errno == EINVAL)
849 ++ return 0;
850 ++ else
851 ++ return -errno;
852 ++ }
853 ++
854 ++ return vec[0] & 1;
855 ++}
856 ++
857 ++int os_mincore(void *addr, unsigned long len)
858 ++{
859 ++ char *vec;
860 ++ int ret, i;
861 ++
862 ++ if (len <= UM_KERN_PAGE_SIZE)
863 ++ return os_page_mincore(addr);
864 ++
865 ++ vec = calloc(1, (len + UM_KERN_PAGE_SIZE - 1) / UM_KERN_PAGE_SIZE);
866 ++ if (!vec)
867 ++ return -ENOMEM;
868 ++
869 ++ ret = mincore(addr, UM_KERN_PAGE_SIZE, vec);
870 ++ if (ret < 0) {
871 ++ if (errno == ENOMEM || errno == EINVAL)
872 ++ ret = 0;
873 ++ else
874 ++ ret = -errno;
875 ++
876 ++ goto out;
877 ++ }
878 ++
879 ++ for (i = 0; i < ((len + UM_KERN_PAGE_SIZE - 1) / UM_KERN_PAGE_SIZE); i++) {
880 ++ if (!(vec[i] & 1)) {
881 ++ ret = 0;
882 ++ goto out;
883 ++ }
884 ++ }
885 ++
886 ++ ret = 1;
887 ++out:
888 ++ free(vec);
889 ++ return ret;
890 ++}
891 ++
892 + void init_new_thread_signals(void)
893 + {
894 + set_handler(SIGSEGV);
895 +diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
896 +index bccfca6..665a730 100644
897 +--- a/arch/x86/ia32/ia32_signal.c
898 ++++ b/arch/x86/ia32/ia32_signal.c
899 +@@ -457,7 +457,7 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
900 + else
901 + put_user_ex(0, &frame->uc.uc_flags);
902 + put_user_ex(0, &frame->uc.uc_link);
903 +- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp);
904 ++ compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp);
905 +
906 + if (ksig->ka.sa.sa_flags & SA_RESTORER)
907 + restorer = ksig->ka.sa.sa_restorer;
908 +diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h
909 +index 46fc474..f50de69 100644
910 +--- a/arch/x86/include/asm/checksum_32.h
911 ++++ b/arch/x86/include/asm/checksum_32.h
912 +@@ -49,9 +49,15 @@ static inline __wsum csum_partial_copy_from_user(const void __user *src,
913 + int len, __wsum sum,
914 + int *err_ptr)
915 + {
916 ++ __wsum ret;
917 ++
918 + might_sleep();
919 +- return csum_partial_copy_generic((__force void *)src, dst,
920 +- len, sum, err_ptr, NULL);
921 ++ stac();
922 ++ ret = csum_partial_copy_generic((__force void *)src, dst,
923 ++ len, sum, err_ptr, NULL);
924 ++ clac();
925 ++
926 ++ return ret;
927 + }
928 +
929 + /*
930 +@@ -176,10 +182,16 @@ static inline __wsum csum_and_copy_to_user(const void *src,
931 + int len, __wsum sum,
932 + int *err_ptr)
933 + {
934 ++ __wsum ret;
935 ++
936 + might_sleep();
937 +- if (access_ok(VERIFY_WRITE, dst, len))
938 +- return csum_partial_copy_generic(src, (__force void *)dst,
939 +- len, sum, NULL, err_ptr);
940 ++ if (access_ok(VERIFY_WRITE, dst, len)) {
941 ++ stac();
942 ++ ret = csum_partial_copy_generic(src, (__force void *)dst,
943 ++ len, sum, NULL, err_ptr);
944 ++ clac();
945 ++ return ret;
946 ++ }
947 +
948 + if (len)
949 + *err_ptr = -EFAULT;
950 +diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h
951 +index 29e3093..aa97342 100644
952 +--- a/arch/x86/include/asm/mce.h
953 ++++ b/arch/x86/include/asm/mce.h
954 +@@ -32,11 +32,20 @@
955 + #define MCI_STATUS_PCC (1ULL<<57) /* processor context corrupt */
956 + #define MCI_STATUS_S (1ULL<<56) /* Signaled machine check */
957 + #define MCI_STATUS_AR (1ULL<<55) /* Action required */
958 +-#define MCACOD 0xffff /* MCA Error Code */
959 ++
960 ++/*
961 ++ * Note that the full MCACOD field of IA32_MCi_STATUS MSR is
962 ++ * bits 15:0. But bit 12 is the 'F' bit, defined for corrected
963 ++ * errors to indicate that errors are being filtered by hardware.
964 ++ * We should mask out bit 12 when looking for specific signatures
965 ++ * of uncorrected errors - so the F bit is deliberately skipped
966 ++ * in this #define.
967 ++ */
968 ++#define MCACOD 0xefff /* MCA Error Code */
969 +
970 + /* Architecturally defined codes from SDM Vol. 3B Chapter 15 */
971 + #define MCACOD_SCRUB 0x00C0 /* 0xC0-0xCF Memory Scrubbing */
972 +-#define MCACOD_SCRUBMSK 0xfff0
973 ++#define MCACOD_SCRUBMSK 0xeff0 /* Skip bit 12 ('F' bit) */
974 + #define MCACOD_L3WB 0x017A /* L3 Explicit Writeback */
975 + #define MCACOD_DATA 0x0134 /* Data Load */
976 + #define MCACOD_INSTR 0x0150 /* Instruction Fetch */
977 +diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
978 +index cdbf367..be12c53 100644
979 +--- a/arch/x86/include/asm/mmu_context.h
980 ++++ b/arch/x86/include/asm/mmu_context.h
981 +@@ -45,22 +45,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
982 + /* Re-load page tables */
983 + load_cr3(next->pgd);
984 +
985 +- /* stop flush ipis for the previous mm */
986 ++ /* Stop flush ipis for the previous mm */
987 + cpumask_clear_cpu(cpu, mm_cpumask(prev));
988 +
989 +- /*
990 +- * load the LDT, if the LDT is different:
991 +- */
992 ++ /* Load the LDT, if the LDT is different: */
993 + if (unlikely(prev->context.ldt != next->context.ldt))
994 + load_LDT_nolock(&next->context);
995 + }
996 + #ifdef CONFIG_SMP
997 +- else {
998 ++ else {
999 + this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
1000 + BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
1001 +
1002 +- if (!cpumask_test_and_set_cpu(cpu, mm_cpumask(next))) {
1003 +- /* We were in lazy tlb mode and leave_mm disabled
1004 ++ if (!cpumask_test_cpu(cpu, mm_cpumask(next))) {
1005 ++ /*
1006 ++ * On established mms, the mm_cpumask is only changed
1007 ++ * from irq context, from ptep_clear_flush() while in
1008 ++ * lazy tlb mode, and here. Irqs are blocked during
1009 ++ * schedule, protecting us from simultaneous changes.
1010 ++ */
1011 ++ cpumask_set_cpu(cpu, mm_cpumask(next));
1012 ++ /*
1013 ++ * We were in lazy tlb mode and leave_mm disabled
1014 + * tlb flush IPI delivery. We must reload CR3
1015 + * to make sure to use no freed page tables.
1016 + */
1017 +diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
1018 +index 3048ded..59554dc 100644
1019 +--- a/arch/x86/kernel/amd_nb.c
1020 ++++ b/arch/x86/kernel/amd_nb.c
1021 +@@ -20,6 +20,7 @@ const struct pci_device_id amd_nb_misc_ids[] = {
1022 + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_10H_NB_MISC) },
1023 + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F3) },
1024 + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M10H_F3) },
1025 ++ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M30H_NB_F3) },
1026 + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F3) },
1027 + {}
1028 + };
1029 +@@ -27,6 +28,7 @@ EXPORT_SYMBOL(amd_nb_misc_ids);
1030 +
1031 + static const struct pci_device_id amd_nb_link_ids[] = {
1032 + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F4) },
1033 ++ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M30H_NB_F4) },
1034 + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F4) },
1035 + {}
1036 + };
1037 +@@ -81,13 +83,20 @@ int amd_cache_northbridges(void)
1038 + next_northbridge(misc, amd_nb_misc_ids);
1039 + node_to_amd_nb(i)->link = link =
1040 + next_northbridge(link, amd_nb_link_ids);
1041 +- }
1042 ++ }
1043 +
1044 ++ /* GART present only on Fam15h upto model 0fh */
1045 + if (boot_cpu_data.x86 == 0xf || boot_cpu_data.x86 == 0x10 ||
1046 +- boot_cpu_data.x86 == 0x15)
1047 ++ (boot_cpu_data.x86 == 0x15 && boot_cpu_data.x86_model < 0x10))
1048 + amd_northbridges.flags |= AMD_NB_GART;
1049 +
1050 + /*
1051 ++ * Check for L3 cache presence.
1052 ++ */
1053 ++ if (!cpuid_edx(0x80000006))
1054 ++ return 0;
1055 ++
1056 ++ /*
1057 + * Some CPU families support L3 Cache Index Disable. There are some
1058 + * limitations because of E382 and E388 on family 0x10.
1059 + */
1060 +diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
1061 +index cf91358..d859eea 100644
1062 +--- a/arch/x86/kernel/signal.c
1063 ++++ b/arch/x86/kernel/signal.c
1064 +@@ -358,7 +358,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
1065 + else
1066 + put_user_ex(0, &frame->uc.uc_flags);
1067 + put_user_ex(0, &frame->uc.uc_link);
1068 +- err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
1069 ++ save_altstack_ex(&frame->uc.uc_stack, regs->sp);
1070 +
1071 + /* Set up to return from userspace. */
1072 + restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
1073 +@@ -423,7 +423,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
1074 + else
1075 + put_user_ex(0, &frame->uc.uc_flags);
1076 + put_user_ex(0, &frame->uc.uc_link);
1077 +- err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
1078 ++ save_altstack_ex(&frame->uc.uc_stack, regs->sp);
1079 +
1080 + /* Set up to return from userspace. If provided, use a stub
1081 + already in userspace. */
1082 +@@ -490,7 +490,7 @@ static int x32_setup_rt_frame(struct ksignal *ksig,
1083 + else
1084 + put_user_ex(0, &frame->uc.uc_flags);
1085 + put_user_ex(0, &frame->uc.uc_link);
1086 +- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp);
1087 ++ compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp);
1088 + put_user_ex(0, &frame->uc.uc__pad0);
1089 +
1090 + if (ksig->ka.sa.sa_flags & SA_RESTORER) {
1091 +diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c
1092 +index 25b7ae8..7609e0e 100644
1093 +--- a/arch/x86/lib/csum-wrappers_64.c
1094 ++++ b/arch/x86/lib/csum-wrappers_64.c
1095 +@@ -6,6 +6,7 @@
1096 + */
1097 + #include <asm/checksum.h>
1098 + #include <linux/module.h>
1099 ++#include <asm/smap.h>
1100 +
1101 + /**
1102 + * csum_partial_copy_from_user - Copy and checksum from user space.
1103 +@@ -52,8 +53,10 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
1104 + len -= 2;
1105 + }
1106 + }
1107 ++ stac();
1108 + isum = csum_partial_copy_generic((__force const void *)src,
1109 + dst, len, isum, errp, NULL);
1110 ++ clac();
1111 + if (unlikely(*errp))
1112 + goto out_err;
1113 +
1114 +@@ -82,6 +85,8 @@ __wsum
1115 + csum_partial_copy_to_user(const void *src, void __user *dst,
1116 + int len, __wsum isum, int *errp)
1117 + {
1118 ++ __wsum ret;
1119 ++
1120 + might_sleep();
1121 +
1122 + if (unlikely(!access_ok(VERIFY_WRITE, dst, len))) {
1123 +@@ -105,8 +110,11 @@ csum_partial_copy_to_user(const void *src, void __user *dst,
1124 + }
1125 +
1126 + *errp = 0;
1127 +- return csum_partial_copy_generic(src, (void __force *)dst,
1128 +- len, isum, NULL, errp);
1129 ++ stac();
1130 ++ ret = csum_partial_copy_generic(src, (void __force *)dst,
1131 ++ len, isum, NULL, errp);
1132 ++ clac();
1133 ++ return ret;
1134 + }
1135 + EXPORT_SYMBOL(csum_partial_copy_to_user);
1136 +
1137 +diff --git a/arch/xtensa/kernel/xtensa_ksyms.c b/arch/xtensa/kernel/xtensa_ksyms.c
1138 +index d8507f8..74a60c7 100644
1139 +--- a/arch/xtensa/kernel/xtensa_ksyms.c
1140 ++++ b/arch/xtensa/kernel/xtensa_ksyms.c
1141 +@@ -25,6 +25,7 @@
1142 + #include <asm/io.h>
1143 + #include <asm/page.h>
1144 + #include <asm/pgalloc.h>
1145 ++#include <asm/ftrace.h>
1146 + #ifdef CONFIG_BLK_DEV_FD
1147 + #include <asm/floppy.h>
1148 + #endif
1149 +diff --git a/crypto/api.c b/crypto/api.c
1150 +index 3b61803..37c4c72 100644
1151 +--- a/crypto/api.c
1152 ++++ b/crypto/api.c
1153 +@@ -34,6 +34,8 @@ EXPORT_SYMBOL_GPL(crypto_alg_sem);
1154 + BLOCKING_NOTIFIER_HEAD(crypto_chain);
1155 + EXPORT_SYMBOL_GPL(crypto_chain);
1156 +
1157 ++static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg);
1158 ++
1159 + struct crypto_alg *crypto_mod_get(struct crypto_alg *alg)
1160 + {
1161 + return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL;
1162 +@@ -144,8 +146,11 @@ static struct crypto_alg *crypto_larval_add(const char *name, u32 type,
1163 + }
1164 + up_write(&crypto_alg_sem);
1165 +
1166 +- if (alg != &larval->alg)
1167 ++ if (alg != &larval->alg) {
1168 + kfree(larval);
1169 ++ if (crypto_is_larval(alg))
1170 ++ alg = crypto_larval_wait(alg);
1171 ++ }
1172 +
1173 + return alg;
1174 + }
1175 +diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c
1176 +index 6a38218..fb78bb9 100644
1177 +--- a/drivers/acpi/acpi_lpss.c
1178 ++++ b/drivers/acpi/acpi_lpss.c
1179 +@@ -257,12 +257,13 @@ static int acpi_lpss_create_device(struct acpi_device *adev,
1180 + pdata->mmio_size = resource_size(&rentry->res);
1181 + pdata->mmio_base = ioremap(rentry->res.start,
1182 + pdata->mmio_size);
1183 +- pdata->dev_desc = dev_desc;
1184 + break;
1185 + }
1186 +
1187 + acpi_dev_free_resource_list(&resource_list);
1188 +
1189 ++ pdata->dev_desc = dev_desc;
1190 ++
1191 + if (dev_desc->clk_required) {
1192 + ret = register_device_clock(adev, pdata);
1193 + if (ret) {
1194 +diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
1195 +index 5917839..a67853e 100644
1196 +--- a/drivers/acpi/pci_root.c
1197 ++++ b/drivers/acpi/pci_root.c
1198 +@@ -378,6 +378,7 @@ static int acpi_pci_root_add(struct acpi_device *device,
1199 + struct acpi_pci_root *root;
1200 + u32 flags, base_flags;
1201 + acpi_handle handle = device->handle;
1202 ++ bool no_aspm = false, clear_aspm = false;
1203 +
1204 + root = kzalloc(sizeof(struct acpi_pci_root), GFP_KERNEL);
1205 + if (!root)
1206 +@@ -437,27 +438,6 @@ static int acpi_pci_root_add(struct acpi_device *device,
1207 + flags = base_flags = OSC_PCI_SEGMENT_GROUPS_SUPPORT;
1208 + acpi_pci_osc_support(root, flags);
1209 +
1210 +- /*
1211 +- * TBD: Need PCI interface for enumeration/configuration of roots.
1212 +- */
1213 +-
1214 +- /*
1215 +- * Scan the Root Bridge
1216 +- * --------------------
1217 +- * Must do this prior to any attempt to bind the root device, as the
1218 +- * PCI namespace does not get created until this call is made (and
1219 +- * thus the root bridge's pci_dev does not exist).
1220 +- */
1221 +- root->bus = pci_acpi_scan_root(root);
1222 +- if (!root->bus) {
1223 +- dev_err(&device->dev,
1224 +- "Bus %04x:%02x not present in PCI namespace\n",
1225 +- root->segment, (unsigned int)root->secondary.start);
1226 +- result = -ENODEV;
1227 +- goto end;
1228 +- }
1229 +-
1230 +- /* Indicate support for various _OSC capabilities. */
1231 + if (pci_ext_cfg_avail())
1232 + flags |= OSC_EXT_PCI_CONFIG_SUPPORT;
1233 + if (pcie_aspm_support_enabled()) {
1234 +@@ -471,7 +451,7 @@ static int acpi_pci_root_add(struct acpi_device *device,
1235 + if (ACPI_FAILURE(status)) {
1236 + dev_info(&device->dev, "ACPI _OSC support "
1237 + "notification failed, disabling PCIe ASPM\n");
1238 +- pcie_no_aspm();
1239 ++ no_aspm = true;
1240 + flags = base_flags;
1241 + }
1242 + }
1243 +@@ -503,7 +483,7 @@ static int acpi_pci_root_add(struct acpi_device *device,
1244 + * We have ASPM control, but the FADT indicates
1245 + * that it's unsupported. Clear it.
1246 + */
1247 +- pcie_clear_aspm(root->bus);
1248 ++ clear_aspm = true;
1249 + }
1250 + } else {
1251 + dev_info(&device->dev,
1252 +@@ -512,7 +492,14 @@ static int acpi_pci_root_add(struct acpi_device *device,
1253 + acpi_format_exception(status), flags);
1254 + dev_info(&device->dev,
1255 + "ACPI _OSC control for PCIe not granted, disabling ASPM\n");
1256 +- pcie_no_aspm();
1257 ++ /*
1258 ++ * We want to disable ASPM here, but aspm_disabled
1259 ++ * needs to remain in its state from boot so that we
1260 ++ * properly handle PCIe 1.1 devices. So we set this
1261 ++ * flag here, to defer the action until after the ACPI
1262 ++ * root scan.
1263 ++ */
1264 ++ no_aspm = true;
1265 + }
1266 + } else {
1267 + dev_info(&device->dev,
1268 +@@ -520,6 +507,33 @@ static int acpi_pci_root_add(struct acpi_device *device,
1269 + "(_OSC support mask: 0x%02x)\n", flags);
1270 + }
1271 +
1272 ++ /*
1273 ++ * TBD: Need PCI interface for enumeration/configuration of roots.
1274 ++ */
1275 ++
1276 ++ /*
1277 ++ * Scan the Root Bridge
1278 ++ * --------------------
1279 ++ * Must do this prior to any attempt to bind the root device, as the
1280 ++ * PCI namespace does not get created until this call is made (and
1281 ++ * thus the root bridge's pci_dev does not exist).
1282 ++ */
1283 ++ root->bus = pci_acpi_scan_root(root);
1284 ++ if (!root->bus) {
1285 ++ dev_err(&device->dev,
1286 ++ "Bus %04x:%02x not present in PCI namespace\n",
1287 ++ root->segment, (unsigned int)root->secondary.start);
1288 ++ result = -ENODEV;
1289 ++ goto end;
1290 ++ }
1291 ++
1292 ++ if (clear_aspm) {
1293 ++ dev_info(&device->dev, "Disabling ASPM (FADT indicates it is unsupported)\n");
1294 ++ pcie_clear_aspm(root->bus);
1295 ++ }
1296 ++ if (no_aspm)
1297 ++ pcie_no_aspm();
1298 ++
1299 + pci_acpi_add_bus_pm_notifier(device, root->bus);
1300 + if (device->wakeup.flags.run_wake)
1301 + device_set_run_wake(root->bus->bridge, true);
1302 +diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
1303 +index a439602..c8dac74 100644
1304 +--- a/drivers/base/firmware_class.c
1305 ++++ b/drivers/base/firmware_class.c
1306 +@@ -868,8 +868,15 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent,
1307 + goto err_del_dev;
1308 + }
1309 +
1310 ++ mutex_lock(&fw_lock);
1311 ++ list_add(&buf->pending_list, &pending_fw_head);
1312 ++ mutex_unlock(&fw_lock);
1313 ++
1314 + retval = device_create_file(f_dev, &dev_attr_loading);
1315 + if (retval) {
1316 ++ mutex_lock(&fw_lock);
1317 ++ list_del_init(&buf->pending_list);
1318 ++ mutex_unlock(&fw_lock);
1319 + dev_err(f_dev, "%s: device_create_file failed\n", __func__);
1320 + goto err_del_bin_attr;
1321 + }
1322 +@@ -884,10 +891,6 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent,
1323 + kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD);
1324 + }
1325 +
1326 +- mutex_lock(&fw_lock);
1327 +- list_add(&buf->pending_list, &pending_fw_head);
1328 +- mutex_unlock(&fw_lock);
1329 +-
1330 + wait_for_completion(&buf->completion);
1331 +
1332 + cancel_delayed_work_sync(&fw_priv->timeout_work);
1333 +diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c
1334 +index 5349575..6c2652a 100644
1335 +--- a/drivers/base/regmap/regmap-debugfs.c
1336 ++++ b/drivers/base/regmap/regmap-debugfs.c
1337 +@@ -85,8 +85,8 @@ static unsigned int regmap_debugfs_get_dump_start(struct regmap *map,
1338 + unsigned int reg_offset;
1339 +
1340 + /* Suppress the cache if we're using a subrange */
1341 +- if (from)
1342 +- return from;
1343 ++ if (base)
1344 ++ return base;
1345 +
1346 + /*
1347 + * If we don't have a cache build one so we don't have to do a
1348 +diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
1349 +index 4ad2ad9..45aa20a 100644
1350 +--- a/drivers/block/rbd.c
1351 ++++ b/drivers/block/rbd.c
1352 +@@ -1557,11 +1557,12 @@ rbd_img_obj_request_read_callback(struct rbd_obj_request *obj_request)
1353 + obj_request, obj_request->img_request, obj_request->result,
1354 + xferred, length);
1355 + /*
1356 +- * ENOENT means a hole in the image. We zero-fill the
1357 +- * entire length of the request. A short read also implies
1358 +- * zero-fill to the end of the request. Either way we
1359 +- * update the xferred count to indicate the whole request
1360 +- * was satisfied.
1361 ++ * ENOENT means a hole in the image. We zero-fill the entire
1362 ++ * length of the request. A short read also implies zero-fill
1363 ++ * to the end of the request. An error requires the whole
1364 ++ * length of the request to be reported finished with an error
1365 ++ * to the block layer. In each case we update the xferred
1366 ++ * count to indicate the whole request was satisfied.
1367 + */
1368 + rbd_assert(obj_request->type != OBJ_REQUEST_NODATA);
1369 + if (obj_request->result == -ENOENT) {
1370 +@@ -1570,14 +1571,13 @@ rbd_img_obj_request_read_callback(struct rbd_obj_request *obj_request)
1371 + else
1372 + zero_pages(obj_request->pages, 0, length);
1373 + obj_request->result = 0;
1374 +- obj_request->xferred = length;
1375 + } else if (xferred < length && !obj_request->result) {
1376 + if (obj_request->type == OBJ_REQUEST_BIO)
1377 + zero_bio_chain(obj_request->bio_list, xferred);
1378 + else
1379 + zero_pages(obj_request->pages, xferred, length);
1380 +- obj_request->xferred = length;
1381 + }
1382 ++ obj_request->xferred = length;
1383 + obj_request_done_set(obj_request);
1384 + }
1385 +
1386 +diff --git a/drivers/clk/clk-wm831x.c b/drivers/clk/clk-wm831x.c
1387 +index 1b3f8c9..1d5af3f 100644
1388 +--- a/drivers/clk/clk-wm831x.c
1389 ++++ b/drivers/clk/clk-wm831x.c
1390 +@@ -360,6 +360,8 @@ static int wm831x_clk_probe(struct platform_device *pdev)
1391 + if (!clkdata)
1392 + return -ENOMEM;
1393 +
1394 ++ clkdata->wm831x = wm831x;
1395 ++
1396 + /* XTAL_ENA can only be set via OTP/InstantConfig so just read once */
1397 + ret = wm831x_reg_read(wm831x, WM831X_CLOCK_CONTROL_2);
1398 + if (ret < 0) {
1399 +diff --git a/drivers/cpuidle/coupled.c b/drivers/cpuidle/coupled.c
1400 +index 2a297f8..fe853903 100644
1401 +--- a/drivers/cpuidle/coupled.c
1402 ++++ b/drivers/cpuidle/coupled.c
1403 +@@ -106,6 +106,7 @@ struct cpuidle_coupled {
1404 + cpumask_t coupled_cpus;
1405 + int requested_state[NR_CPUS];
1406 + atomic_t ready_waiting_counts;
1407 ++ atomic_t abort_barrier;
1408 + int online_count;
1409 + int refcnt;
1410 + int prevent;
1411 +@@ -122,12 +123,19 @@ static DEFINE_MUTEX(cpuidle_coupled_lock);
1412 + static DEFINE_PER_CPU(struct call_single_data, cpuidle_coupled_poke_cb);
1413 +
1414 + /*
1415 +- * The cpuidle_coupled_poked_mask mask is used to avoid calling
1416 ++ * The cpuidle_coupled_poke_pending mask is used to avoid calling
1417 + * __smp_call_function_single with the per cpu call_single_data struct already
1418 + * in use. This prevents a deadlock where two cpus are waiting for each others
1419 + * call_single_data struct to be available
1420 + */
1421 +-static cpumask_t cpuidle_coupled_poked_mask;
1422 ++static cpumask_t cpuidle_coupled_poke_pending;
1423 ++
1424 ++/*
1425 ++ * The cpuidle_coupled_poked mask is used to ensure that each cpu has been poked
1426 ++ * once to minimize entering the ready loop with a poke pending, which would
1427 ++ * require aborting and retrying.
1428 ++ */
1429 ++static cpumask_t cpuidle_coupled_poked;
1430 +
1431 + /**
1432 + * cpuidle_coupled_parallel_barrier - synchronize all online coupled cpus
1433 +@@ -291,10 +299,11 @@ static inline int cpuidle_coupled_get_state(struct cpuidle_device *dev,
1434 + return state;
1435 + }
1436 +
1437 +-static void cpuidle_coupled_poked(void *info)
1438 ++static void cpuidle_coupled_handle_poke(void *info)
1439 + {
1440 + int cpu = (unsigned long)info;
1441 +- cpumask_clear_cpu(cpu, &cpuidle_coupled_poked_mask);
1442 ++ cpumask_set_cpu(cpu, &cpuidle_coupled_poked);
1443 ++ cpumask_clear_cpu(cpu, &cpuidle_coupled_poke_pending);
1444 + }
1445 +
1446 + /**
1447 +@@ -313,7 +322,7 @@ static void cpuidle_coupled_poke(int cpu)
1448 + {
1449 + struct call_single_data *csd = &per_cpu(cpuidle_coupled_poke_cb, cpu);
1450 +
1451 +- if (!cpumask_test_and_set_cpu(cpu, &cpuidle_coupled_poked_mask))
1452 ++ if (!cpumask_test_and_set_cpu(cpu, &cpuidle_coupled_poke_pending))
1453 + __smp_call_function_single(cpu, csd, 0);
1454 + }
1455 +
1456 +@@ -340,30 +349,19 @@ static void cpuidle_coupled_poke_others(int this_cpu,
1457 + * @coupled: the struct coupled that contains the current cpu
1458 + * @next_state: the index in drv->states of the requested state for this cpu
1459 + *
1460 +- * Updates the requested idle state for the specified cpuidle device,
1461 +- * poking all coupled cpus out of idle if necessary to let them see the new
1462 +- * state.
1463 ++ * Updates the requested idle state for the specified cpuidle device.
1464 ++ * Returns the number of waiting cpus.
1465 + */
1466 +-static void cpuidle_coupled_set_waiting(int cpu,
1467 ++static int cpuidle_coupled_set_waiting(int cpu,
1468 + struct cpuidle_coupled *coupled, int next_state)
1469 + {
1470 +- int w;
1471 +-
1472 + coupled->requested_state[cpu] = next_state;
1473 +
1474 + /*
1475 +- * If this is the last cpu to enter the waiting state, poke
1476 +- * all the other cpus out of their waiting state so they can
1477 +- * enter a deeper state. This can race with one of the cpus
1478 +- * exiting the waiting state due to an interrupt and
1479 +- * decrementing waiting_count, see comment below.
1480 +- *
1481 + * The atomic_inc_return provides a write barrier to order the write
1482 + * to requested_state with the later write that increments ready_count.
1483 + */
1484 +- w = atomic_inc_return(&coupled->ready_waiting_counts) & WAITING_MASK;
1485 +- if (w == coupled->online_count)
1486 +- cpuidle_coupled_poke_others(cpu, coupled);
1487 ++ return atomic_inc_return(&coupled->ready_waiting_counts) & WAITING_MASK;
1488 + }
1489 +
1490 + /**
1491 +@@ -410,19 +408,33 @@ static void cpuidle_coupled_set_done(int cpu, struct cpuidle_coupled *coupled)
1492 + * been processed and the poke bit has been cleared.
1493 + *
1494 + * Other interrupts may also be processed while interrupts are enabled, so
1495 +- * need_resched() must be tested after turning interrupts off again to make sure
1496 ++ * need_resched() must be tested after this function returns to make sure
1497 + * the interrupt didn't schedule work that should take the cpu out of idle.
1498 + *
1499 +- * Returns 0 if need_resched was false, -EINTR if need_resched was true.
1500 ++ * Returns 0 if no poke was pending, 1 if a poke was cleared.
1501 + */
1502 + static int cpuidle_coupled_clear_pokes(int cpu)
1503 + {
1504 ++ if (!cpumask_test_cpu(cpu, &cpuidle_coupled_poke_pending))
1505 ++ return 0;
1506 ++
1507 + local_irq_enable();
1508 +- while (cpumask_test_cpu(cpu, &cpuidle_coupled_poked_mask))
1509 ++ while (cpumask_test_cpu(cpu, &cpuidle_coupled_poke_pending))
1510 + cpu_relax();
1511 + local_irq_disable();
1512 +
1513 +- return need_resched() ? -EINTR : 0;
1514 ++ return 1;
1515 ++}
1516 ++
1517 ++static bool cpuidle_coupled_any_pokes_pending(struct cpuidle_coupled *coupled)
1518 ++{
1519 ++ cpumask_t cpus;
1520 ++ int ret;
1521 ++
1522 ++ cpumask_and(&cpus, cpu_online_mask, &coupled->coupled_cpus);
1523 ++ ret = cpumask_and(&cpus, &cpuidle_coupled_poke_pending, &cpus);
1524 ++
1525 ++ return ret;
1526 + }
1527 +
1528 + /**
1529 +@@ -449,12 +461,14 @@ int cpuidle_enter_state_coupled(struct cpuidle_device *dev,
1530 + {
1531 + int entered_state = -1;
1532 + struct cpuidle_coupled *coupled = dev->coupled;
1533 ++ int w;
1534 +
1535 + if (!coupled)
1536 + return -EINVAL;
1537 +
1538 + while (coupled->prevent) {
1539 +- if (cpuidle_coupled_clear_pokes(dev->cpu)) {
1540 ++ cpuidle_coupled_clear_pokes(dev->cpu);
1541 ++ if (need_resched()) {
1542 + local_irq_enable();
1543 + return entered_state;
1544 + }
1545 +@@ -465,15 +479,37 @@ int cpuidle_enter_state_coupled(struct cpuidle_device *dev,
1546 + /* Read barrier ensures online_count is read after prevent is cleared */
1547 + smp_rmb();
1548 +
1549 +- cpuidle_coupled_set_waiting(dev->cpu, coupled, next_state);
1550 ++reset:
1551 ++ cpumask_clear_cpu(dev->cpu, &cpuidle_coupled_poked);
1552 ++
1553 ++ w = cpuidle_coupled_set_waiting(dev->cpu, coupled, next_state);
1554 ++ /*
1555 ++ * If this is the last cpu to enter the waiting state, poke
1556 ++ * all the other cpus out of their waiting state so they can
1557 ++ * enter a deeper state. This can race with one of the cpus
1558 ++ * exiting the waiting state due to an interrupt and
1559 ++ * decrementing waiting_count, see comment below.
1560 ++ */
1561 ++ if (w == coupled->online_count) {
1562 ++ cpumask_set_cpu(dev->cpu, &cpuidle_coupled_poked);
1563 ++ cpuidle_coupled_poke_others(dev->cpu, coupled);
1564 ++ }
1565 +
1566 + retry:
1567 + /*
1568 + * Wait for all coupled cpus to be idle, using the deepest state
1569 +- * allowed for a single cpu.
1570 ++ * allowed for a single cpu. If this was not the poking cpu, wait
1571 ++ * for at least one poke before leaving to avoid a race where
1572 ++ * two cpus could arrive at the waiting loop at the same time,
1573 ++ * but the first of the two to arrive could skip the loop without
1574 ++ * processing the pokes from the last to arrive.
1575 + */
1576 +- while (!cpuidle_coupled_cpus_waiting(coupled)) {
1577 +- if (cpuidle_coupled_clear_pokes(dev->cpu)) {
1578 ++ while (!cpuidle_coupled_cpus_waiting(coupled) ||
1579 ++ !cpumask_test_cpu(dev->cpu, &cpuidle_coupled_poked)) {
1580 ++ if (cpuidle_coupled_clear_pokes(dev->cpu))
1581 ++ continue;
1582 ++
1583 ++ if (need_resched()) {
1584 + cpuidle_coupled_set_not_waiting(dev->cpu, coupled);
1585 + goto out;
1586 + }
1587 +@@ -487,12 +523,19 @@ retry:
1588 + dev->safe_state_index);
1589 + }
1590 +
1591 +- if (cpuidle_coupled_clear_pokes(dev->cpu)) {
1592 ++ cpuidle_coupled_clear_pokes(dev->cpu);
1593 ++ if (need_resched()) {
1594 + cpuidle_coupled_set_not_waiting(dev->cpu, coupled);
1595 + goto out;
1596 + }
1597 +
1598 + /*
1599 ++ * Make sure final poke status for this cpu is visible before setting
1600 ++ * cpu as ready.
1601 ++ */
1602 ++ smp_wmb();
1603 ++
1604 ++ /*
1605 + * All coupled cpus are probably idle. There is a small chance that
1606 + * one of the other cpus just became active. Increment the ready count,
1607 + * and spin until all coupled cpus have incremented the counter. Once a
1608 +@@ -511,6 +554,28 @@ retry:
1609 + cpu_relax();
1610 + }
1611 +
1612 ++ /*
1613 ++ * Make sure read of all cpus ready is done before reading pending pokes
1614 ++ */
1615 ++ smp_rmb();
1616 ++
1617 ++ /*
1618 ++ * There is a small chance that a cpu left and reentered idle after this
1619 ++ * cpu saw that all cpus were waiting. The cpu that reentered idle will
1620 ++ * have sent this cpu a poke, which will still be pending after the
1621 ++ * ready loop. The pending interrupt may be lost by the interrupt
1622 ++ * controller when entering the deep idle state. It's not possible to
1623 ++ * clear a pending interrupt without turning interrupts on and handling
1624 ++ * it, and it's too late to turn on interrupts here, so reset the
1625 ++ * coupled idle state of all cpus and retry.
1626 ++ */
1627 ++ if (cpuidle_coupled_any_pokes_pending(coupled)) {
1628 ++ cpuidle_coupled_set_done(dev->cpu, coupled);
1629 ++ /* Wait for all cpus to see the pending pokes */
1630 ++ cpuidle_coupled_parallel_barrier(dev, &coupled->abort_barrier);
1631 ++ goto reset;
1632 ++ }
1633 ++
1634 + /* all cpus have acked the coupled state */
1635 + next_state = cpuidle_coupled_get_state(dev, coupled);
1636 +
1637 +@@ -596,7 +661,7 @@ have_coupled:
1638 + coupled->refcnt++;
1639 +
1640 + csd = &per_cpu(cpuidle_coupled_poke_cb, dev->cpu);
1641 +- csd->func = cpuidle_coupled_poked;
1642 ++ csd->func = cpuidle_coupled_handle_poke;
1643 + csd->info = (void *)(unsigned long)dev->cpu;
1644 +
1645 + return 0;
1646 +diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
1647 +index 8b6a034..8b3d901 100644
1648 +--- a/drivers/edac/amd64_edac.c
1649 ++++ b/drivers/edac/amd64_edac.c
1650 +@@ -2470,8 +2470,15 @@ static int amd64_init_one_instance(struct pci_dev *F2)
1651 + layers[0].size = pvt->csels[0].b_cnt;
1652 + layers[0].is_virt_csrow = true;
1653 + layers[1].type = EDAC_MC_LAYER_CHANNEL;
1654 +- layers[1].size = pvt->channel_count;
1655 ++
1656 ++ /*
1657 ++ * Always allocate two channels since we can have setups with DIMMs on
1658 ++ * only one channel. Also, this simplifies handling later for the price
1659 ++ * of a couple of KBs tops.
1660 ++ */
1661 ++ layers[1].size = 2;
1662 + layers[1].is_virt_csrow = false;
1663 ++
1664 + mci = edac_mc_alloc(nid, ARRAY_SIZE(layers), layers, 0);
1665 + if (!mci)
1666 + goto err_siblings;
1667 +diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c
1668 +index 95d6f4b..70fc133 100644
1669 +--- a/drivers/gpu/drm/drm_edid.c
1670 ++++ b/drivers/gpu/drm/drm_edid.c
1671 +@@ -125,6 +125,9 @@ static struct edid_quirk {
1672 +
1673 + /* ViewSonic VA2026w */
1674 + { "VSC", 5020, EDID_QUIRK_FORCE_REDUCED_BLANKING },
1675 ++
1676 ++ /* Medion MD 30217 PG */
1677 ++ { "MED", 0x7b8, EDID_QUIRK_PREFER_LARGE_75 },
1678 + };
1679 +
1680 + /*
1681 +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
1682 +index be79f47..ca40d1b 100644
1683 +--- a/drivers/gpu/drm/i915/intel_display.c
1684 ++++ b/drivers/gpu/drm/i915/intel_display.c
1685 +@@ -7809,6 +7809,19 @@ intel_modeset_pipe_config(struct drm_crtc *crtc,
1686 + pipe_config->cpu_transcoder = to_intel_crtc(crtc)->pipe;
1687 + pipe_config->shared_dpll = DPLL_ID_PRIVATE;
1688 +
1689 ++ /*
1690 ++ * Sanitize sync polarity flags based on requested ones. If neither
1691 ++ * positive or negative polarity is requested, treat this as meaning
1692 ++ * negative polarity.
1693 ++ */
1694 ++ if (!(pipe_config->adjusted_mode.flags &
1695 ++ (DRM_MODE_FLAG_PHSYNC | DRM_MODE_FLAG_NHSYNC)))
1696 ++ pipe_config->adjusted_mode.flags |= DRM_MODE_FLAG_NHSYNC;
1697 ++
1698 ++ if (!(pipe_config->adjusted_mode.flags &
1699 ++ (DRM_MODE_FLAG_PVSYNC | DRM_MODE_FLAG_NVSYNC)))
1700 ++ pipe_config->adjusted_mode.flags |= DRM_MODE_FLAG_NVSYNC;
1701 ++
1702 + /* Compute a starting value for pipe_config->pipe_bpp taking the source
1703 + * plane pixel format and any sink constraints into account. Returns the
1704 + * source plane bpp so that dithering can be selected on mismatches
1705 +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
1706 +index 36668d1..5956445 100644
1707 +--- a/drivers/hid/hid-core.c
1708 ++++ b/drivers/hid/hid-core.c
1709 +@@ -63,6 +63,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type,
1710 + struct hid_report_enum *report_enum = device->report_enum + type;
1711 + struct hid_report *report;
1712 +
1713 ++ if (id >= HID_MAX_IDS)
1714 ++ return NULL;
1715 + if (report_enum->report_id_hash[id])
1716 + return report_enum->report_id_hash[id];
1717 +
1718 +@@ -404,8 +406,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
1719 +
1720 + case HID_GLOBAL_ITEM_TAG_REPORT_ID:
1721 + parser->global.report_id = item_udata(item);
1722 +- if (parser->global.report_id == 0) {
1723 +- hid_err(parser->device, "report_id 0 is invalid\n");
1724 ++ if (parser->global.report_id == 0 ||
1725 ++ parser->global.report_id >= HID_MAX_IDS) {
1726 ++ hid_err(parser->device, "report_id %u is invalid\n",
1727 ++ parser->global.report_id);
1728 + return -1;
1729 + }
1730 + return 0;
1731 +@@ -575,7 +579,7 @@ static void hid_close_report(struct hid_device *device)
1732 + for (i = 0; i < HID_REPORT_TYPES; i++) {
1733 + struct hid_report_enum *report_enum = device->report_enum + i;
1734 +
1735 +- for (j = 0; j < 256; j++) {
1736 ++ for (j = 0; j < HID_MAX_IDS; j++) {
1737 + struct hid_report *report = report_enum->report_id_hash[j];
1738 + if (report)
1739 + hid_free_report(report);
1740 +@@ -1152,7 +1156,12 @@ EXPORT_SYMBOL_GPL(hid_output_report);
1741 +
1742 + int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1743 + {
1744 +- unsigned size = field->report_size;
1745 ++ unsigned size;
1746 ++
1747 ++ if (!field)
1748 ++ return -1;
1749 ++
1750 ++ size = field->report_size;
1751 +
1752 + hid_dump_input(field->report->device, field->usage + offset, value);
1753 +
1754 +@@ -1597,6 +1606,7 @@ static const struct hid_device_id hid_have_special_driver[] = {
1755 + { HID_USB_DEVICE(USB_VENDOR_ID_KENSINGTON, USB_DEVICE_ID_KS_SLIMBLADE) },
1756 + { HID_USB_DEVICE(USB_VENDOR_ID_KEYTOUCH, USB_DEVICE_ID_KEYTOUCH_IEC) },
1757 + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE) },
1758 ++ { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_GENIUS_GX_IMPERATOR) },
1759 + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_ERGO_525V) },
1760 + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_EASYPEN_I405X) },
1761 + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_MOUSEPEN_I608X) },
1762 +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
1763 +index ffe4c7a..22134d4 100644
1764 +--- a/drivers/hid/hid-ids.h
1765 ++++ b/drivers/hid/hid-ids.h
1766 +@@ -135,9 +135,9 @@
1767 + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_JIS 0x023b
1768 + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ANSI 0x0255
1769 + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ISO 0x0256
1770 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0291
1771 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0292
1772 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0293
1773 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0290
1774 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0291
1775 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0292
1776 + #define USB_DEVICE_ID_APPLE_FOUNTAIN_TP_ONLY 0x030a
1777 + #define USB_DEVICE_ID_APPLE_GEYSER1_TP_ONLY 0x030b
1778 + #define USB_DEVICE_ID_APPLE_IRCONTROL 0x8240
1779 +@@ -482,6 +482,7 @@
1780 + #define USB_VENDOR_ID_KYE 0x0458
1781 + #define USB_DEVICE_ID_KYE_ERGO_525V 0x0087
1782 + #define USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE 0x0138
1783 ++#define USB_DEVICE_ID_GENIUS_GX_IMPERATOR 0x4018
1784 + #define USB_DEVICE_ID_KYE_GPEN_560 0x5003
1785 + #define USB_DEVICE_ID_KYE_EASYPEN_I405X 0x5010
1786 + #define USB_DEVICE_ID_KYE_MOUSEPEN_I608X 0x5011
1787 +@@ -658,6 +659,7 @@
1788 + #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_16 0x0012
1789 + #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_17 0x0013
1790 + #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_18 0x0014
1791 ++#define USB_DEVICE_ID_NTRIG_DUOSENSE 0x1500
1792 +
1793 + #define USB_VENDOR_ID_ONTRAK 0x0a07
1794 + #define USB_DEVICE_ID_ONTRAK_ADU100 0x0064
1795 +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
1796 +index 7480799..3fc4034 100644
1797 +--- a/drivers/hid/hid-input.c
1798 ++++ b/drivers/hid/hid-input.c
1799 +@@ -340,7 +340,7 @@ static int hidinput_get_battery_property(struct power_supply *psy,
1800 + {
1801 + struct hid_device *dev = container_of(psy, struct hid_device, battery);
1802 + int ret = 0;
1803 +- __u8 buf[2] = {};
1804 ++ __u8 *buf;
1805 +
1806 + switch (prop) {
1807 + case POWER_SUPPLY_PROP_PRESENT:
1808 +@@ -349,12 +349,19 @@ static int hidinput_get_battery_property(struct power_supply *psy,
1809 + break;
1810 +
1811 + case POWER_SUPPLY_PROP_CAPACITY:
1812 ++
1813 ++ buf = kmalloc(2 * sizeof(__u8), GFP_KERNEL);
1814 ++ if (!buf) {
1815 ++ ret = -ENOMEM;
1816 ++ break;
1817 ++ }
1818 + ret = dev->hid_get_raw_report(dev, dev->battery_report_id,
1819 +- buf, sizeof(buf),
1820 ++ buf, 2,
1821 + dev->battery_report_type);
1822 +
1823 + if (ret != 2) {
1824 + ret = -ENODATA;
1825 ++ kfree(buf);
1826 + break;
1827 + }
1828 + ret = 0;
1829 +@@ -364,6 +371,7 @@ static int hidinput_get_battery_property(struct power_supply *psy,
1830 + buf[1] <= dev->battery_max)
1831 + val->intval = (100 * (buf[1] - dev->battery_min)) /
1832 + (dev->battery_max - dev->battery_min);
1833 ++ kfree(buf);
1834 + break;
1835 +
1836 + case POWER_SUPPLY_PROP_MODEL_NAME:
1837 +diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
1838 +index 1e2ee2aa..7384512 100644
1839 +--- a/drivers/hid/hid-kye.c
1840 ++++ b/drivers/hid/hid-kye.c
1841 +@@ -268,6 +268,26 @@ static __u8 easypen_m610x_rdesc_fixed[] = {
1842 + 0xC0 /* End Collection */
1843 + };
1844 +
1845 ++static __u8 *kye_consumer_control_fixup(struct hid_device *hdev, __u8 *rdesc,
1846 ++ unsigned int *rsize, int offset, const char *device_name) {
1847 ++ /*
1848 ++ * the fixup that need to be done:
1849 ++ * - change Usage Maximum in the Comsumer Control
1850 ++ * (report ID 3) to a reasonable value
1851 ++ */
1852 ++ if (*rsize >= offset + 31 &&
1853 ++ /* Usage Page (Consumer Devices) */
1854 ++ rdesc[offset] == 0x05 && rdesc[offset + 1] == 0x0c &&
1855 ++ /* Usage (Consumer Control) */
1856 ++ rdesc[offset + 2] == 0x09 && rdesc[offset + 3] == 0x01 &&
1857 ++ /* Usage Maximum > 12287 */
1858 ++ rdesc[offset + 10] == 0x2a && rdesc[offset + 12] > 0x2f) {
1859 ++ hid_info(hdev, "fixing up %s report descriptor\n", device_name);
1860 ++ rdesc[offset + 12] = 0x2f;
1861 ++ }
1862 ++ return rdesc;
1863 ++}
1864 ++
1865 + static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1866 + unsigned int *rsize)
1867 + {
1868 +@@ -315,23 +335,12 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
1869 + }
1870 + break;
1871 + case USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE:
1872 +- /*
1873 +- * the fixup that need to be done:
1874 +- * - change Usage Maximum in the Comsumer Control
1875 +- * (report ID 3) to a reasonable value
1876 +- */
1877 +- if (*rsize >= 135 &&
1878 +- /* Usage Page (Consumer Devices) */
1879 +- rdesc[104] == 0x05 && rdesc[105] == 0x0c &&
1880 +- /* Usage (Consumer Control) */
1881 +- rdesc[106] == 0x09 && rdesc[107] == 0x01 &&
1882 +- /* Usage Maximum > 12287 */
1883 +- rdesc[114] == 0x2a && rdesc[116] > 0x2f) {
1884 +- hid_info(hdev,
1885 +- "fixing up Genius Gila Gaming Mouse "
1886 +- "report descriptor\n");
1887 +- rdesc[116] = 0x2f;
1888 +- }
1889 ++ rdesc = kye_consumer_control_fixup(hdev, rdesc, rsize, 104,
1890 ++ "Genius Gila Gaming Mouse");
1891 ++ break;
1892 ++ case USB_DEVICE_ID_GENIUS_GX_IMPERATOR:
1893 ++ rdesc = kye_consumer_control_fixup(hdev, rdesc, rsize, 83,
1894 ++ "Genius Gx Imperator Keyboard");
1895 + break;
1896 + }
1897 + return rdesc;
1898 +@@ -428,6 +437,8 @@ static const struct hid_device_id kye_devices[] = {
1899 + USB_DEVICE_ID_KYE_EASYPEN_M610X) },
1900 + { HID_USB_DEVICE(USB_VENDOR_ID_KYE,
1901 + USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE) },
1902 ++ { HID_USB_DEVICE(USB_VENDOR_ID_KYE,
1903 ++ USB_DEVICE_ID_GENIUS_GX_IMPERATOR) },
1904 + { }
1905 + };
1906 + MODULE_DEVICE_TABLE(hid, kye_devices);
1907 +diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
1908 +index ef95102..5482156 100644
1909 +--- a/drivers/hid/hid-ntrig.c
1910 ++++ b/drivers/hid/hid-ntrig.c
1911 +@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev)
1912 + struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT].
1913 + report_id_hash[0x0d];
1914 +
1915 +- if (!report)
1916 ++ if (!report || report->maxfield < 1 ||
1917 ++ report->field[0]->report_count < 1)
1918 + return -EINVAL;
1919 +
1920 + hid_hw_request(hdev, report, HID_REQ_GET_REPORT);
1921 +diff --git a/drivers/hid/hid-picolcd_cir.c b/drivers/hid/hid-picolcd_cir.c
1922 +index e346038..59d5eb1 100644
1923 +--- a/drivers/hid/hid-picolcd_cir.c
1924 ++++ b/drivers/hid/hid-picolcd_cir.c
1925 +@@ -145,6 +145,7 @@ void picolcd_exit_cir(struct picolcd_data *data)
1926 + struct rc_dev *rdev = data->rc_dev;
1927 +
1928 + data->rc_dev = NULL;
1929 +- rc_unregister_device(rdev);
1930 ++ if (rdev)
1931 ++ rc_unregister_device(rdev);
1932 + }
1933 +
1934 +diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
1935 +index b48092d..acbb0210 100644
1936 +--- a/drivers/hid/hid-picolcd_core.c
1937 ++++ b/drivers/hid/hid-picolcd_core.c
1938 +@@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev,
1939 + buf += 10;
1940 + cnt -= 10;
1941 + }
1942 +- if (!report)
1943 ++ if (!report || report->maxfield != 1)
1944 + return -EINVAL;
1945 +
1946 + while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r'))
1947 +diff --git a/drivers/hid/hid-picolcd_fb.c b/drivers/hid/hid-picolcd_fb.c
1948 +index 591f6b2..c930ab8 100644
1949 +--- a/drivers/hid/hid-picolcd_fb.c
1950 ++++ b/drivers/hid/hid-picolcd_fb.c
1951 +@@ -593,10 +593,14 @@ err_nomem:
1952 + void picolcd_exit_framebuffer(struct picolcd_data *data)
1953 + {
1954 + struct fb_info *info = data->fb_info;
1955 +- struct picolcd_fb_data *fbdata = info->par;
1956 ++ struct picolcd_fb_data *fbdata;
1957 + unsigned long flags;
1958 +
1959 ++ if (!info)
1960 ++ return;
1961 ++
1962 + device_remove_file(&data->hdev->dev, &dev_attr_fb_update_rate);
1963 ++ fbdata = info->par;
1964 +
1965 + /* disconnect framebuffer from HID dev */
1966 + spin_lock_irqsave(&fbdata->lock, flags);
1967 +diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c
1968 +index d29112f..2dcd7d9 100644
1969 +--- a/drivers/hid/hid-pl.c
1970 ++++ b/drivers/hid/hid-pl.c
1971 +@@ -132,8 +132,14 @@ static int plff_init(struct hid_device *hid)
1972 + strong = &report->field[0]->value[2];
1973 + weak = &report->field[0]->value[3];
1974 + debug("detected single-field device");
1975 +- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 &&
1976 +- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) {
1977 ++ } else if (report->field[0]->maxusage == 1 &&
1978 ++ report->field[0]->usage[0].hid ==
1979 ++ (HID_UP_LED | 0x43) &&
1980 ++ report->maxfield >= 4 &&
1981 ++ report->field[0]->report_count >= 1 &&
1982 ++ report->field[1]->report_count >= 1 &&
1983 ++ report->field[2]->report_count >= 1 &&
1984 ++ report->field[3]->report_count >= 1) {
1985 + report->field[0]->value[0] = 0x00;
1986 + report->field[1]->value[0] = 0x00;
1987 + strong = &report->field[2]->value[0];
1988 +diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c
1989 +index ca749810..aa34755 100644
1990 +--- a/drivers/hid/hid-sensor-hub.c
1991 ++++ b/drivers/hid/hid-sensor-hub.c
1992 +@@ -221,7 +221,8 @@ int sensor_hub_get_feature(struct hid_sensor_hub_device *hsdev, u32 report_id,
1993 +
1994 + mutex_lock(&data->mutex);
1995 + report = sensor_hub_report(report_id, hsdev->hdev, HID_FEATURE_REPORT);
1996 +- if (!report || (field_index >= report->maxfield)) {
1997 ++ if (!report || (field_index >= report->maxfield) ||
1998 ++ report->field[field_index]->report_count < 1) {
1999 + ret = -EINVAL;
2000 + goto done_proc;
2001 + }
2002 +diff --git a/drivers/hid/hid-speedlink.c b/drivers/hid/hid-speedlink.c
2003 +index a2f587d..7112f3e 100644
2004 +--- a/drivers/hid/hid-speedlink.c
2005 ++++ b/drivers/hid/hid-speedlink.c
2006 +@@ -3,7 +3,7 @@
2007 + * Fixes "jumpy" cursor and removes nonexistent keyboard LEDS from
2008 + * the HID descriptor.
2009 + *
2010 +- * Copyright (c) 2011 Stefan Kriwanek <mail@××××××××××××××.de>
2011 ++ * Copyright (c) 2011, 2013 Stefan Kriwanek <dev@××××××××××××××.de>
2012 + */
2013 +
2014 + /*
2015 +@@ -46,8 +46,13 @@ static int speedlink_event(struct hid_device *hdev, struct hid_field *field,
2016 + struct hid_usage *usage, __s32 value)
2017 + {
2018 + /* No other conditions due to usage_table. */
2019 +- /* Fix "jumpy" cursor (invalid events sent by device). */
2020 +- if (value == 256)
2021 ++
2022 ++ /* This fixes the "jumpy" cursor occuring due to invalid events sent
2023 ++ * by the device. Some devices only send them with value==+256, others
2024 ++ * don't. However, catching abs(value)>=256 is restrictive enough not
2025 ++ * to interfere with devices that were bug-free (has been tested).
2026 ++ */
2027 ++ if (abs(value) >= 256)
2028 + return 1;
2029 + /* Drop useless distance 0 events (on button clicks etc.) as well */
2030 + if (value == 0)
2031 +diff --git a/drivers/hid/hid-wiimote-core.c b/drivers/hid/hid-wiimote-core.c
2032 +index 0c06054..6602098 100644
2033 +--- a/drivers/hid/hid-wiimote-core.c
2034 ++++ b/drivers/hid/hid-wiimote-core.c
2035 +@@ -212,10 +212,12 @@ static __u8 select_drm(struct wiimote_data *wdata)
2036 +
2037 + if (ir == WIIPROTO_FLAG_IR_BASIC) {
2038 + if (wdata->state.flags & WIIPROTO_FLAG_ACCEL) {
2039 +- if (ext)
2040 +- return WIIPROTO_REQ_DRM_KAIE;
2041 +- else
2042 +- return WIIPROTO_REQ_DRM_KAI;
2043 ++ /* GEN10 and ealier devices bind IR formats to DRMs.
2044 ++ * Hence, we cannot use DRM_KAI here as it might be
2045 ++ * bound to IR_EXT. Use DRM_KAIE unconditionally so we
2046 ++ * work with all devices and our parsers can use the
2047 ++ * fixed formats, too. */
2048 ++ return WIIPROTO_REQ_DRM_KAIE;
2049 + } else {
2050 + return WIIPROTO_REQ_DRM_KIE;
2051 + }
2052 +diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c
2053 +index 6f1feb2..dbfe300 100644
2054 +--- a/drivers/hid/hidraw.c
2055 ++++ b/drivers/hid/hidraw.c
2056 +@@ -113,7 +113,7 @@ static ssize_t hidraw_send_report(struct file *file, const char __user *buffer,
2057 + __u8 *buf;
2058 + int ret = 0;
2059 +
2060 +- if (!hidraw_table[minor]) {
2061 ++ if (!hidraw_table[minor] || !hidraw_table[minor]->exist) {
2062 + ret = -ENODEV;
2063 + goto out;
2064 + }
2065 +@@ -261,7 +261,7 @@ static int hidraw_open(struct inode *inode, struct file *file)
2066 + }
2067 +
2068 + mutex_lock(&minors_lock);
2069 +- if (!hidraw_table[minor]) {
2070 ++ if (!hidraw_table[minor] || !hidraw_table[minor]->exist) {
2071 + err = -ENODEV;
2072 + goto out_unlock;
2073 + }
2074 +@@ -302,39 +302,38 @@ static int hidraw_fasync(int fd, struct file *file, int on)
2075 + return fasync_helper(fd, file, on, &list->fasync);
2076 + }
2077 +
2078 ++static void drop_ref(struct hidraw *hidraw, int exists_bit)
2079 ++{
2080 ++ if (exists_bit) {
2081 ++ hid_hw_close(hidraw->hid);
2082 ++ hidraw->exist = 0;
2083 ++ if (hidraw->open)
2084 ++ wake_up_interruptible(&hidraw->wait);
2085 ++ } else {
2086 ++ --hidraw->open;
2087 ++ }
2088 ++
2089 ++ if (!hidraw->open && !hidraw->exist) {
2090 ++ device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor));
2091 ++ hidraw_table[hidraw->minor] = NULL;
2092 ++ kfree(hidraw);
2093 ++ }
2094 ++}
2095 ++
2096 + static int hidraw_release(struct inode * inode, struct file * file)
2097 + {
2098 + unsigned int minor = iminor(inode);
2099 +- struct hidraw *dev;
2100 + struct hidraw_list *list = file->private_data;
2101 +- int ret;
2102 +- int i;
2103 +
2104 + mutex_lock(&minors_lock);
2105 +- if (!hidraw_table[minor]) {
2106 +- ret = -ENODEV;
2107 +- goto unlock;
2108 +- }
2109 +
2110 + list_del(&list->node);
2111 +- dev = hidraw_table[minor];
2112 +- if (!--dev->open) {
2113 +- if (list->hidraw->exist) {
2114 +- hid_hw_power(dev->hid, PM_HINT_NORMAL);
2115 +- hid_hw_close(dev->hid);
2116 +- } else {
2117 +- kfree(list->hidraw);
2118 +- }
2119 +- }
2120 +-
2121 +- for (i = 0; i < HIDRAW_BUFFER_SIZE; ++i)
2122 +- kfree(list->buffer[i].value);
2123 + kfree(list);
2124 +- ret = 0;
2125 +-unlock:
2126 +- mutex_unlock(&minors_lock);
2127 +
2128 +- return ret;
2129 ++ drop_ref(hidraw_table[minor], 0);
2130 ++
2131 ++ mutex_unlock(&minors_lock);
2132 ++ return 0;
2133 + }
2134 +
2135 + static long hidraw_ioctl(struct file *file, unsigned int cmd,
2136 +@@ -539,18 +538,9 @@ void hidraw_disconnect(struct hid_device *hid)
2137 + struct hidraw *hidraw = hid->hidraw;
2138 +
2139 + mutex_lock(&minors_lock);
2140 +- hidraw->exist = 0;
2141 +-
2142 +- device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor));
2143 +
2144 +- hidraw_table[hidraw->minor] = NULL;
2145 ++ drop_ref(hidraw, 1);
2146 +
2147 +- if (hidraw->open) {
2148 +- hid_hw_close(hid);
2149 +- wake_up_interruptible(&hidraw->wait);
2150 +- } else {
2151 +- kfree(hidraw);
2152 +- }
2153 + mutex_unlock(&minors_lock);
2154 + }
2155 + EXPORT_SYMBOL_GPL(hidraw_disconnect);
2156 +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c
2157 +index 19b8360..0734552 100644
2158 +--- a/drivers/hid/usbhid/hid-quirks.c
2159 ++++ b/drivers/hid/usbhid/hid-quirks.c
2160 +@@ -109,6 +109,8 @@ static const struct hid_blacklist {
2161 + { USB_VENDOR_ID_SIGMA_MICRO, USB_DEVICE_ID_SIGMA_MICRO_KEYBOARD, HID_QUIRK_NO_INIT_REPORTS },
2162 + { USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_MOUSEPEN_I608X, HID_QUIRK_MULTI_INPUT },
2163 + { USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_EASYPEN_M610X, HID_QUIRK_MULTI_INPUT },
2164 ++ { USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_DUOSENSE, HID_QUIRK_NO_INIT_REPORTS },
2165 ++
2166 + { 0, 0 }
2167 + };
2168 +
2169 +diff --git a/drivers/input/mouse/bcm5974.c b/drivers/input/mouse/bcm5974.c
2170 +index 4ef4d5e..a73f961 100644
2171 +--- a/drivers/input/mouse/bcm5974.c
2172 ++++ b/drivers/input/mouse/bcm5974.c
2173 +@@ -89,9 +89,9 @@
2174 + #define USB_DEVICE_ID_APPLE_WELLSPRING7A_ISO 0x025a
2175 + #define USB_DEVICE_ID_APPLE_WELLSPRING7A_JIS 0x025b
2176 + /* MacbookAir6,2 (unibody, June 2013) */
2177 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0291
2178 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0292
2179 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0293
2180 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0290
2181 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0291
2182 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0292
2183 +
2184 + #define BCM5974_DEVICE(prod) { \
2185 + .match_flags = (USB_DEVICE_ID_MATCH_DEVICE | \
2186 +diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
2187 +index eec0d3e..15e9b57 100644
2188 +--- a/drivers/iommu/intel-iommu.c
2189 ++++ b/drivers/iommu/intel-iommu.c
2190 +@@ -890,56 +890,54 @@ static int dma_pte_clear_range(struct dmar_domain *domain,
2191 + return order;
2192 + }
2193 +
2194 ++static void dma_pte_free_level(struct dmar_domain *domain, int level,
2195 ++ struct dma_pte *pte, unsigned long pfn,
2196 ++ unsigned long start_pfn, unsigned long last_pfn)
2197 ++{
2198 ++ pfn = max(start_pfn, pfn);
2199 ++ pte = &pte[pfn_level_offset(pfn, level)];
2200 ++
2201 ++ do {
2202 ++ unsigned long level_pfn;
2203 ++ struct dma_pte *level_pte;
2204 ++
2205 ++ if (!dma_pte_present(pte) || dma_pte_superpage(pte))
2206 ++ goto next;
2207 ++
2208 ++ level_pfn = pfn & level_mask(level - 1);
2209 ++ level_pte = phys_to_virt(dma_pte_addr(pte));
2210 ++
2211 ++ if (level > 2)
2212 ++ dma_pte_free_level(domain, level - 1, level_pte,
2213 ++ level_pfn, start_pfn, last_pfn);
2214 ++
2215 ++ /* If range covers entire pagetable, free it */
2216 ++ if (!(start_pfn > level_pfn ||
2217 ++ last_pfn < level_pfn + level_size(level))) {
2218 ++ dma_clear_pte(pte);
2219 ++ domain_flush_cache(domain, pte, sizeof(*pte));
2220 ++ free_pgtable_page(level_pte);
2221 ++ }
2222 ++next:
2223 ++ pfn += level_size(level);
2224 ++ } while (!first_pte_in_page(++pte) && pfn <= last_pfn);
2225 ++}
2226 ++
2227 + /* free page table pages. last level pte should already be cleared */
2228 + static void dma_pte_free_pagetable(struct dmar_domain *domain,
2229 + unsigned long start_pfn,
2230 + unsigned long last_pfn)
2231 + {
2232 + int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT;
2233 +- struct dma_pte *first_pte, *pte;
2234 +- int total = agaw_to_level(domain->agaw);
2235 +- int level;
2236 +- unsigned long tmp;
2237 +- int large_page = 2;
2238 +
2239 + BUG_ON(addr_width < BITS_PER_LONG && start_pfn >> addr_width);
2240 + BUG_ON(addr_width < BITS_PER_LONG && last_pfn >> addr_width);
2241 + BUG_ON(start_pfn > last_pfn);
2242 +
2243 + /* We don't need lock here; nobody else touches the iova range */
2244 +- level = 2;
2245 +- while (level <= total) {
2246 +- tmp = align_to_level(start_pfn, level);
2247 +-
2248 +- /* If we can't even clear one PTE at this level, we're done */
2249 +- if (tmp + level_size(level) - 1 > last_pfn)
2250 +- return;
2251 +-
2252 +- do {
2253 +- large_page = level;
2254 +- first_pte = pte = dma_pfn_level_pte(domain, tmp, level, &large_page);
2255 +- if (large_page > level)
2256 +- level = large_page + 1;
2257 +- if (!pte) {
2258 +- tmp = align_to_level(tmp + 1, level + 1);
2259 +- continue;
2260 +- }
2261 +- do {
2262 +- if (dma_pte_present(pte)) {
2263 +- free_pgtable_page(phys_to_virt(dma_pte_addr(pte)));
2264 +- dma_clear_pte(pte);
2265 +- }
2266 +- pte++;
2267 +- tmp += level_size(level);
2268 +- } while (!first_pte_in_page(pte) &&
2269 +- tmp + level_size(level) - 1 <= last_pfn);
2270 ++ dma_pte_free_level(domain, agaw_to_level(domain->agaw),
2271 ++ domain->pgd, 0, start_pfn, last_pfn);
2272 +
2273 +- domain_flush_cache(domain, first_pte,
2274 +- (void *)pte - (void *)first_pte);
2275 +-
2276 +- } while (tmp && tmp + level_size(level) - 1 <= last_pfn);
2277 +- level++;
2278 +- }
2279 + /* free pgd */
2280 + if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) {
2281 + free_pgtable_page(domain->pgd);
2282 +diff --git a/drivers/leds/leds-wm831x-status.c b/drivers/leds/leds-wm831x-status.c
2283 +index 120815a..5a19abd 100644
2284 +--- a/drivers/leds/leds-wm831x-status.c
2285 ++++ b/drivers/leds/leds-wm831x-status.c
2286 +@@ -230,9 +230,9 @@ static int wm831x_status_probe(struct platform_device *pdev)
2287 + int id = pdev->id % ARRAY_SIZE(chip_pdata->status);
2288 + int ret;
2289 +
2290 +- res = platform_get_resource(pdev, IORESOURCE_IO, 0);
2291 ++ res = platform_get_resource(pdev, IORESOURCE_REG, 0);
2292 + if (res == NULL) {
2293 +- dev_err(&pdev->dev, "No I/O resource\n");
2294 ++ dev_err(&pdev->dev, "No register resource\n");
2295 + ret = -EINVAL;
2296 + goto err;
2297 + }
2298 +diff --git a/drivers/media/common/siano/smsdvb-main.c b/drivers/media/common/siano/smsdvb-main.c
2299 +index 0862622..63676a8 100644
2300 +--- a/drivers/media/common/siano/smsdvb-main.c
2301 ++++ b/drivers/media/common/siano/smsdvb-main.c
2302 +@@ -276,7 +276,8 @@ static void smsdvb_update_per_slices(struct smsdvb_client_t *client,
2303 +
2304 + /* Legacy PER/BER */
2305 + tmp = p->ets_packets * 65535;
2306 +- do_div(tmp, p->ts_packets + p->ets_packets);
2307 ++ if (p->ts_packets + p->ets_packets)
2308 ++ do_div(tmp, p->ts_packets + p->ets_packets);
2309 + client->legacy_per = tmp;
2310 + }
2311 +
2312 +diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c
2313 +index 856374b..2c7217f 100644
2314 +--- a/drivers/media/dvb-frontends/mb86a20s.c
2315 ++++ b/drivers/media/dvb-frontends/mb86a20s.c
2316 +@@ -157,7 +157,6 @@ static struct regdata mb86a20s_init2[] = {
2317 + { 0x45, 0x04 }, /* CN symbol 4 */
2318 + { 0x48, 0x04 }, /* CN manual mode */
2319 +
2320 +- { 0x50, 0xd5 }, { 0x51, 0x01 }, /* Serial */
2321 + { 0x50, 0xd6 }, { 0x51, 0x1f },
2322 + { 0x50, 0xd2 }, { 0x51, 0x03 },
2323 + { 0x50, 0xd7 }, { 0x51, 0xbf },
2324 +@@ -1860,16 +1859,15 @@ static int mb86a20s_initfe(struct dvb_frontend *fe)
2325 + dev_dbg(&state->i2c->dev, "%s: IF=%d, IF reg=0x%06llx\n",
2326 + __func__, state->if_freq, (long long)pll);
2327 +
2328 +- if (!state->config->is_serial) {
2329 ++ if (!state->config->is_serial)
2330 + regD5 &= ~1;
2331 +
2332 +- rc = mb86a20s_writereg(state, 0x50, 0xd5);
2333 +- if (rc < 0)
2334 +- goto err;
2335 +- rc = mb86a20s_writereg(state, 0x51, regD5);
2336 +- if (rc < 0)
2337 +- goto err;
2338 +- }
2339 ++ rc = mb86a20s_writereg(state, 0x50, 0xd5);
2340 ++ if (rc < 0)
2341 ++ goto err;
2342 ++ rc = mb86a20s_writereg(state, 0x51, regD5);
2343 ++ if (rc < 0)
2344 ++ goto err;
2345 +
2346 + rc = mb86a20s_writeregdata(state, mb86a20s_init2);
2347 + if (rc < 0)
2348 +diff --git a/drivers/media/pci/cx88/cx88.h b/drivers/media/pci/cx88/cx88.h
2349 +index afe0eae..28893a6 100644
2350 +--- a/drivers/media/pci/cx88/cx88.h
2351 ++++ b/drivers/media/pci/cx88/cx88.h
2352 +@@ -259,7 +259,7 @@ struct cx88_input {
2353 + };
2354 +
2355 + enum cx88_audio_chip {
2356 +- CX88_AUDIO_WM8775,
2357 ++ CX88_AUDIO_WM8775 = 1,
2358 + CX88_AUDIO_TVAUDIO,
2359 + };
2360 +
2361 +diff --git a/drivers/media/platform/exynos-gsc/gsc-core.c b/drivers/media/platform/exynos-gsc/gsc-core.c
2362 +index 559fab2..1ec60264 100644
2363 +--- a/drivers/media/platform/exynos-gsc/gsc-core.c
2364 ++++ b/drivers/media/platform/exynos-gsc/gsc-core.c
2365 +@@ -1122,10 +1122,14 @@ static int gsc_probe(struct platform_device *pdev)
2366 + goto err_clk;
2367 + }
2368 +
2369 +- ret = gsc_register_m2m_device(gsc);
2370 ++ ret = v4l2_device_register(dev, &gsc->v4l2_dev);
2371 + if (ret)
2372 + goto err_clk;
2373 +
2374 ++ ret = gsc_register_m2m_device(gsc);
2375 ++ if (ret)
2376 ++ goto err_v4l2;
2377 ++
2378 + platform_set_drvdata(pdev, gsc);
2379 + pm_runtime_enable(dev);
2380 + ret = pm_runtime_get_sync(&pdev->dev);
2381 +@@ -1147,6 +1151,8 @@ err_pm:
2382 + pm_runtime_put(dev);
2383 + err_m2m:
2384 + gsc_unregister_m2m_device(gsc);
2385 ++err_v4l2:
2386 ++ v4l2_device_unregister(&gsc->v4l2_dev);
2387 + err_clk:
2388 + gsc_clk_put(gsc);
2389 + return ret;
2390 +@@ -1157,6 +1163,7 @@ static int gsc_remove(struct platform_device *pdev)
2391 + struct gsc_dev *gsc = platform_get_drvdata(pdev);
2392 +
2393 + gsc_unregister_m2m_device(gsc);
2394 ++ v4l2_device_unregister(&gsc->v4l2_dev);
2395 +
2396 + vb2_dma_contig_cleanup_ctx(gsc->alloc_ctx);
2397 + pm_runtime_disable(&pdev->dev);
2398 +diff --git a/drivers/media/platform/exynos-gsc/gsc-core.h b/drivers/media/platform/exynos-gsc/gsc-core.h
2399 +index cc19bba..76435d3 100644
2400 +--- a/drivers/media/platform/exynos-gsc/gsc-core.h
2401 ++++ b/drivers/media/platform/exynos-gsc/gsc-core.h
2402 +@@ -343,6 +343,7 @@ struct gsc_dev {
2403 + unsigned long state;
2404 + struct vb2_alloc_ctx *alloc_ctx;
2405 + struct video_device vdev;
2406 ++ struct v4l2_device v4l2_dev;
2407 + };
2408 +
2409 + /**
2410 +diff --git a/drivers/media/platform/exynos-gsc/gsc-m2m.c b/drivers/media/platform/exynos-gsc/gsc-m2m.c
2411 +index 40a73f7..e576ff2 100644
2412 +--- a/drivers/media/platform/exynos-gsc/gsc-m2m.c
2413 ++++ b/drivers/media/platform/exynos-gsc/gsc-m2m.c
2414 +@@ -751,6 +751,7 @@ int gsc_register_m2m_device(struct gsc_dev *gsc)
2415 + gsc->vdev.release = video_device_release_empty;
2416 + gsc->vdev.lock = &gsc->lock;
2417 + gsc->vdev.vfl_dir = VFL_DIR_M2M;
2418 ++ gsc->vdev.v4l2_dev = &gsc->v4l2_dev;
2419 + snprintf(gsc->vdev.name, sizeof(gsc->vdev.name), "%s.%d:m2m",
2420 + GSC_MODULE_NAME, gsc->id);
2421 +
2422 +diff --git a/drivers/media/platform/exynos4-is/fimc-lite.c b/drivers/media/platform/exynos4-is/fimc-lite.c
2423 +index 08fbfed..e85dc4f 100644
2424 +--- a/drivers/media/platform/exynos4-is/fimc-lite.c
2425 ++++ b/drivers/media/platform/exynos4-is/fimc-lite.c
2426 +@@ -90,7 +90,7 @@ static const struct fimc_fmt fimc_lite_formats[] = {
2427 + .name = "RAW10 (GRBG)",
2428 + .fourcc = V4L2_PIX_FMT_SGRBG10,
2429 + .colorspace = V4L2_COLORSPACE_SRGB,
2430 +- .depth = { 10 },
2431 ++ .depth = { 16 },
2432 + .color = FIMC_FMT_RAW10,
2433 + .memplanes = 1,
2434 + .mbus_code = V4L2_MBUS_FMT_SGRBG10_1X10,
2435 +@@ -99,7 +99,7 @@ static const struct fimc_fmt fimc_lite_formats[] = {
2436 + .name = "RAW12 (GRBG)",
2437 + .fourcc = V4L2_PIX_FMT_SGRBG12,
2438 + .colorspace = V4L2_COLORSPACE_SRGB,
2439 +- .depth = { 12 },
2440 ++ .depth = { 16 },
2441 + .color = FIMC_FMT_RAW12,
2442 + .memplanes = 1,
2443 + .mbus_code = V4L2_MBUS_FMT_SGRBG12_1X12,
2444 +diff --git a/drivers/media/platform/exynos4-is/media-dev.c b/drivers/media/platform/exynos4-is/media-dev.c
2445 +index 19f556c..91f21e2 100644
2446 +--- a/drivers/media/platform/exynos4-is/media-dev.c
2447 ++++ b/drivers/media/platform/exynos4-is/media-dev.c
2448 +@@ -1530,9 +1530,9 @@ static int fimc_md_probe(struct platform_device *pdev)
2449 + err_unlock:
2450 + mutex_unlock(&fmd->media_dev.graph_mutex);
2451 + err_clk:
2452 +- media_device_unregister(&fmd->media_dev);
2453 + fimc_md_put_clocks(fmd);
2454 + fimc_md_unregister_entities(fmd);
2455 ++ media_device_unregister(&fmd->media_dev);
2456 + err_md:
2457 + v4l2_device_unregister(&fmd->v4l2_dev);
2458 + return ret;
2459 +diff --git a/drivers/mmc/host/tmio_mmc_dma.c b/drivers/mmc/host/tmio_mmc_dma.c
2460 +index 47bdb8f..65edb4a 100644
2461 +--- a/drivers/mmc/host/tmio_mmc_dma.c
2462 ++++ b/drivers/mmc/host/tmio_mmc_dma.c
2463 +@@ -104,6 +104,7 @@ static void tmio_mmc_start_dma_rx(struct tmio_mmc_host *host)
2464 + pio:
2465 + if (!desc) {
2466 + /* DMA failed, fall back to PIO */
2467 ++ tmio_mmc_enable_dma(host, false);
2468 + if (ret >= 0)
2469 + ret = -EIO;
2470 + host->chan_rx = NULL;
2471 +@@ -116,7 +117,6 @@ pio:
2472 + }
2473 + dev_warn(&host->pdev->dev,
2474 + "DMA failed: %d, falling back to PIO\n", ret);
2475 +- tmio_mmc_enable_dma(host, false);
2476 + }
2477 +
2478 + dev_dbg(&host->pdev->dev, "%s(): desc %p, cookie %d, sg[%d]\n", __func__,
2479 +@@ -185,6 +185,7 @@ static void tmio_mmc_start_dma_tx(struct tmio_mmc_host *host)
2480 + pio:
2481 + if (!desc) {
2482 + /* DMA failed, fall back to PIO */
2483 ++ tmio_mmc_enable_dma(host, false);
2484 + if (ret >= 0)
2485 + ret = -EIO;
2486 + host->chan_tx = NULL;
2487 +@@ -197,7 +198,6 @@ pio:
2488 + }
2489 + dev_warn(&host->pdev->dev,
2490 + "DMA failed: %d, falling back to PIO\n", ret);
2491 +- tmio_mmc_enable_dma(host, false);
2492 + }
2493 +
2494 + dev_dbg(&host->pdev->dev, "%s(): desc %p, cookie %d\n", __func__,
2495 +diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
2496 +index dfcd0a5..fb8c4de 100644
2497 +--- a/drivers/mtd/nand/nand_base.c
2498 ++++ b/drivers/mtd/nand/nand_base.c
2499 +@@ -2793,7 +2793,9 @@ static void nand_set_defaults(struct nand_chip *chip, int busw)
2500 +
2501 + if (!chip->select_chip)
2502 + chip->select_chip = nand_select_chip;
2503 +- if (!chip->read_byte)
2504 ++
2505 ++ /* If called twice, pointers that depend on busw may need to be reset */
2506 ++ if (!chip->read_byte || chip->read_byte == nand_read_byte)
2507 + chip->read_byte = busw ? nand_read_byte16 : nand_read_byte;
2508 + if (!chip->read_word)
2509 + chip->read_word = nand_read_word;
2510 +@@ -2801,9 +2803,9 @@ static void nand_set_defaults(struct nand_chip *chip, int busw)
2511 + chip->block_bad = nand_block_bad;
2512 + if (!chip->block_markbad)
2513 + chip->block_markbad = nand_default_block_markbad;
2514 +- if (!chip->write_buf)
2515 ++ if (!chip->write_buf || chip->write_buf == nand_write_buf)
2516 + chip->write_buf = busw ? nand_write_buf16 : nand_write_buf;
2517 +- if (!chip->read_buf)
2518 ++ if (!chip->read_buf || chip->read_buf == nand_read_buf)
2519 + chip->read_buf = busw ? nand_read_buf16 : nand_read_buf;
2520 + if (!chip->scan_bbt)
2521 + chip->scan_bbt = nand_default_bbt;
2522 +diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
2523 +index 5df49d3..c95bfb1 100644
2524 +--- a/drivers/mtd/ubi/wl.c
2525 ++++ b/drivers/mtd/ubi/wl.c
2526 +@@ -1069,6 +1069,9 @@ static int wear_leveling_worker(struct ubi_device *ubi, struct ubi_work *wrk,
2527 + if (!(e2->ec - e1->ec >= UBI_WL_THRESHOLD)) {
2528 + dbg_wl("no WL needed: min used EC %d, max free EC %d",
2529 + e1->ec, e2->ec);
2530 ++
2531 ++ /* Give the unused PEB back */
2532 ++ wl_tree_add(e2, &ubi->free);
2533 + goto out_cancel;
2534 + }
2535 + self_check_in_wl_tree(ubi, e1, &ubi->used);
2536 +diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
2537 +index b017818..90ab292 100644
2538 +--- a/drivers/net/ethernet/marvell/mvneta.c
2539 ++++ b/drivers/net/ethernet/marvell/mvneta.c
2540 +@@ -138,7 +138,9 @@
2541 + #define MVNETA_GMAC_FORCE_LINK_PASS BIT(1)
2542 + #define MVNETA_GMAC_CONFIG_MII_SPEED BIT(5)
2543 + #define MVNETA_GMAC_CONFIG_GMII_SPEED BIT(6)
2544 ++#define MVNETA_GMAC_AN_SPEED_EN BIT(7)
2545 + #define MVNETA_GMAC_CONFIG_FULL_DUPLEX BIT(12)
2546 ++#define MVNETA_GMAC_AN_DUPLEX_EN BIT(13)
2547 + #define MVNETA_MIB_COUNTERS_BASE 0x3080
2548 + #define MVNETA_MIB_LATE_COLLISION 0x7c
2549 + #define MVNETA_DA_FILT_SPEC_MCAST 0x3400
2550 +@@ -915,6 +917,13 @@ static void mvneta_defaults_set(struct mvneta_port *pp)
2551 + /* Assign port SDMA configuration */
2552 + mvreg_write(pp, MVNETA_SDMA_CONFIG, val);
2553 +
2554 ++ /* Disable PHY polling in hardware, since we're using the
2555 ++ * kernel phylib to do this.
2556 ++ */
2557 ++ val = mvreg_read(pp, MVNETA_UNIT_CONTROL);
2558 ++ val &= ~MVNETA_PHY_POLLING_ENABLE;
2559 ++ mvreg_write(pp, MVNETA_UNIT_CONTROL, val);
2560 ++
2561 + mvneta_set_ucast_table(pp, -1);
2562 + mvneta_set_special_mcast_table(pp, -1);
2563 + mvneta_set_other_mcast_table(pp, -1);
2564 +@@ -2307,7 +2316,9 @@ static void mvneta_adjust_link(struct net_device *ndev)
2565 + val = mvreg_read(pp, MVNETA_GMAC_AUTONEG_CONFIG);
2566 + val &= ~(MVNETA_GMAC_CONFIG_MII_SPEED |
2567 + MVNETA_GMAC_CONFIG_GMII_SPEED |
2568 +- MVNETA_GMAC_CONFIG_FULL_DUPLEX);
2569 ++ MVNETA_GMAC_CONFIG_FULL_DUPLEX |
2570 ++ MVNETA_GMAC_AN_SPEED_EN |
2571 ++ MVNETA_GMAC_AN_DUPLEX_EN);
2572 +
2573 + if (phydev->duplex)
2574 + val |= MVNETA_GMAC_CONFIG_FULL_DUPLEX;
2575 +diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.c b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
2576 +index 1f694ab..77d3a70 100644
2577 +--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c
2578 ++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c
2579 +@@ -1173,6 +1173,10 @@ skip_ws_det:
2580 + * is_on == 0 means MRC CCK is OFF (more noise imm)
2581 + */
2582 + bool is_on = param ? 1 : 0;
2583 ++
2584 ++ if (ah->caps.rx_chainmask == 1)
2585 ++ break;
2586 ++
2587 + REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL,
2588 + AR_PHY_MRC_CCK_ENABLE, is_on);
2589 + REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL,
2590 +diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h
2591 +index c1224b5..020b9b3 100644
2592 +--- a/drivers/net/wireless/ath/ath9k/ath9k.h
2593 ++++ b/drivers/net/wireless/ath/ath9k/ath9k.h
2594 +@@ -79,10 +79,6 @@ struct ath_config {
2595 + sizeof(struct ath_buf_state)); \
2596 + } while (0)
2597 +
2598 +-#define ATH_RXBUF_RESET(_bf) do { \
2599 +- (_bf)->bf_stale = false; \
2600 +- } while (0)
2601 +-
2602 + /**
2603 + * enum buffer_type - Buffer type flags
2604 + *
2605 +@@ -317,6 +313,7 @@ struct ath_rx {
2606 + struct ath_descdma rxdma;
2607 + struct ath_rx_edma rx_edma[ATH9K_RX_QUEUE_MAX];
2608 +
2609 ++ struct ath_buf *buf_hold;
2610 + struct sk_buff *frag;
2611 +
2612 + u32 ampdu_ref;
2613 +diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c
2614 +index 865e043..b4902b3 100644
2615 +--- a/drivers/net/wireless/ath/ath9k/recv.c
2616 ++++ b/drivers/net/wireless/ath/ath9k/recv.c
2617 +@@ -42,8 +42,6 @@ static void ath_rx_buf_link(struct ath_softc *sc, struct ath_buf *bf)
2618 + struct ath_desc *ds;
2619 + struct sk_buff *skb;
2620 +
2621 +- ATH_RXBUF_RESET(bf);
2622 +-
2623 + ds = bf->bf_desc;
2624 + ds->ds_link = 0; /* link to null */
2625 + ds->ds_data = bf->bf_buf_addr;
2626 +@@ -70,6 +68,14 @@ static void ath_rx_buf_link(struct ath_softc *sc, struct ath_buf *bf)
2627 + sc->rx.rxlink = &ds->ds_link;
2628 + }
2629 +
2630 ++static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_buf *bf)
2631 ++{
2632 ++ if (sc->rx.buf_hold)
2633 ++ ath_rx_buf_link(sc, sc->rx.buf_hold);
2634 ++
2635 ++ sc->rx.buf_hold = bf;
2636 ++}
2637 ++
2638 + static void ath_setdefantenna(struct ath_softc *sc, u32 antenna)
2639 + {
2640 + /* XXX block beacon interrupts */
2641 +@@ -117,7 +123,6 @@ static bool ath_rx_edma_buf_link(struct ath_softc *sc,
2642 +
2643 + skb = bf->bf_mpdu;
2644 +
2645 +- ATH_RXBUF_RESET(bf);
2646 + memset(skb->data, 0, ah->caps.rx_status_len);
2647 + dma_sync_single_for_device(sc->dev, bf->bf_buf_addr,
2648 + ah->caps.rx_status_len, DMA_TO_DEVICE);
2649 +@@ -432,6 +437,7 @@ int ath_startrecv(struct ath_softc *sc)
2650 + if (list_empty(&sc->rx.rxbuf))
2651 + goto start_recv;
2652 +
2653 ++ sc->rx.buf_hold = NULL;
2654 + sc->rx.rxlink = NULL;
2655 + list_for_each_entry_safe(bf, tbf, &sc->rx.rxbuf, list) {
2656 + ath_rx_buf_link(sc, bf);
2657 +@@ -677,6 +683,9 @@ static struct ath_buf *ath_get_next_rx_buf(struct ath_softc *sc,
2658 + }
2659 +
2660 + bf = list_first_entry(&sc->rx.rxbuf, struct ath_buf, list);
2661 ++ if (bf == sc->rx.buf_hold)
2662 ++ return NULL;
2663 ++
2664 + ds = bf->bf_desc;
2665 +
2666 + /*
2667 +@@ -1375,7 +1384,7 @@ requeue:
2668 + if (edma) {
2669 + ath_rx_edma_buf_link(sc, qtype);
2670 + } else {
2671 +- ath_rx_buf_link(sc, bf);
2672 ++ ath_rx_buf_relink(sc, bf);
2673 + ath9k_hw_rxena(ah);
2674 + }
2675 + } while (1);
2676 +diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
2677 +index 9279927..ab64683 100644
2678 +--- a/drivers/net/wireless/ath/ath9k/xmit.c
2679 ++++ b/drivers/net/wireless/ath/ath9k/xmit.c
2680 +@@ -2602,6 +2602,7 @@ void ath_tx_node_init(struct ath_softc *sc, struct ath_node *an)
2681 + for (acno = 0, ac = &an->ac[acno];
2682 + acno < IEEE80211_NUM_ACS; acno++, ac++) {
2683 + ac->sched = false;
2684 ++ ac->clear_ps_filter = true;
2685 + ac->txq = sc->tx.txq_map[acno];
2686 + INIT_LIST_HEAD(&ac->tid_q);
2687 + }
2688 +diff --git a/drivers/net/wireless/brcm80211/brcmsmac/dma.c b/drivers/net/wireless/brcm80211/brcmsmac/dma.c
2689 +index 1860c57..4fb9635 100644
2690 +--- a/drivers/net/wireless/brcm80211/brcmsmac/dma.c
2691 ++++ b/drivers/net/wireless/brcm80211/brcmsmac/dma.c
2692 +@@ -1015,9 +1015,10 @@ static bool dma64_txidle(struct dma_info *di)
2693 +
2694 + /*
2695 + * post receive buffers
2696 +- * return false is refill failed completely and ring is empty this will stall
2697 +- * the rx dma and user might want to call rxfill again asap. This unlikely
2698 +- * happens on memory-rich NIC, but often on memory-constrained dongle
2699 ++ * Return false if refill failed completely or dma mapping failed. The ring
2700 ++ * is empty, which will stall the rx dma and user might want to call rxfill
2701 ++ * again asap. This is unlikely to happen on a memory-rich NIC, but often on
2702 ++ * memory-constrained dongle.
2703 + */
2704 + bool dma_rxfill(struct dma_pub *pub)
2705 + {
2706 +@@ -1078,6 +1079,8 @@ bool dma_rxfill(struct dma_pub *pub)
2707 +
2708 + pa = dma_map_single(di->dmadev, p->data, di->rxbufsize,
2709 + DMA_FROM_DEVICE);
2710 ++ if (dma_mapping_error(di->dmadev, pa))
2711 ++ return false;
2712 +
2713 + /* save the free packet pointer */
2714 + di->rxp[rxout] = p;
2715 +@@ -1284,7 +1287,11 @@ static void dma_txenq(struct dma_info *di, struct sk_buff *p)
2716 +
2717 + /* get physical address of buffer start */
2718 + pa = dma_map_single(di->dmadev, data, len, DMA_TO_DEVICE);
2719 +-
2720 ++ /* if mapping failed, free skb */
2721 ++ if (dma_mapping_error(di->dmadev, pa)) {
2722 ++ brcmu_pkt_buf_free_skb(p);
2723 ++ return;
2724 ++ }
2725 + /* With a DMA segment list, Descriptor table is filled
2726 + * using the segment list instead of looping over
2727 + * buffers in multi-chain DMA. Therefore, EOF for SGLIST
2728 +diff --git a/drivers/of/base.c b/drivers/of/base.c
2729 +index 5c54279..bf8432f 100644
2730 +--- a/drivers/of/base.c
2731 ++++ b/drivers/of/base.c
2732 +@@ -1629,6 +1629,7 @@ void of_alias_scan(void * (*dt_alloc)(u64 size, u64 align))
2733 + ap = dt_alloc(sizeof(*ap) + len + 1, 4);
2734 + if (!ap)
2735 + continue;
2736 ++ memset(ap, 0, sizeof(*ap) + len + 1);
2737 + ap->alias = start;
2738 + of_alias_add(ap, np, id, start, len);
2739 + }
2740 +diff --git a/drivers/pinctrl/pinctrl-at91.c b/drivers/pinctrl/pinctrl-at91.c
2741 +index b90a3a0..19afb9a 100644
2742 +--- a/drivers/pinctrl/pinctrl-at91.c
2743 ++++ b/drivers/pinctrl/pinctrl-at91.c
2744 +@@ -325,7 +325,7 @@ static void at91_mux_disable_interrupt(void __iomem *pio, unsigned mask)
2745 +
2746 + static unsigned at91_mux_get_pullup(void __iomem *pio, unsigned pin)
2747 + {
2748 +- return (readl_relaxed(pio + PIO_PUSR) >> pin) & 0x1;
2749 ++ return !((readl_relaxed(pio + PIO_PUSR) >> pin) & 0x1);
2750 + }
2751 +
2752 + static void at91_mux_set_pullup(void __iomem *pio, unsigned mask, bool on)
2753 +@@ -445,7 +445,7 @@ static void at91_mux_pio3_set_debounce(void __iomem *pio, unsigned mask,
2754 +
2755 + static bool at91_mux_pio3_get_pulldown(void __iomem *pio, unsigned pin)
2756 + {
2757 +- return (__raw_readl(pio + PIO_PPDSR) >> pin) & 0x1;
2758 ++ return !((__raw_readl(pio + PIO_PPDSR) >> pin) & 0x1);
2759 + }
2760 +
2761 + static void at91_mux_pio3_set_pulldown(void __iomem *pio, unsigned mask, bool is_on)
2762 +diff --git a/drivers/scsi/mpt3sas/Makefile b/drivers/scsi/mpt3sas/Makefile
2763 +index 4c1d2e7..efb0c4c 100644
2764 +--- a/drivers/scsi/mpt3sas/Makefile
2765 ++++ b/drivers/scsi/mpt3sas/Makefile
2766 +@@ -1,5 +1,5 @@
2767 + # mpt3sas makefile
2768 +-obj-m += mpt3sas.o
2769 ++obj-$(CONFIG_SCSI_MPT3SAS) += mpt3sas.o
2770 + mpt3sas-y += mpt3sas_base.o \
2771 + mpt3sas_config.o \
2772 + mpt3sas_scsih.o \
2773 +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
2774 +index 86fcf2c..2783dd7 100644
2775 +--- a/drivers/scsi/sd.c
2776 ++++ b/drivers/scsi/sd.c
2777 +@@ -2419,14 +2419,9 @@ sd_read_cache_type(struct scsi_disk *sdkp, unsigned char *buffer)
2778 + }
2779 + }
2780 +
2781 +- if (modepage == 0x3F) {
2782 +- sd_printk(KERN_ERR, sdkp, "No Caching mode page "
2783 +- "present\n");
2784 +- goto defaults;
2785 +- } else if ((buffer[offset] & 0x3f) != modepage) {
2786 +- sd_printk(KERN_ERR, sdkp, "Got wrong page\n");
2787 +- goto defaults;
2788 +- }
2789 ++ sd_printk(KERN_ERR, sdkp, "No Caching mode page found\n");
2790 ++ goto defaults;
2791 ++
2792 + Page_found:
2793 + if (modepage == 8) {
2794 + sdkp->WCE = ((buffer[offset + 2] & 0x04) != 0);
2795 +diff --git a/drivers/staging/comedi/drivers/dt282x.c b/drivers/staging/comedi/drivers/dt282x.c
2796 +index c1950e3..674b236 100644
2797 +--- a/drivers/staging/comedi/drivers/dt282x.c
2798 ++++ b/drivers/staging/comedi/drivers/dt282x.c
2799 +@@ -264,8 +264,9 @@ struct dt282x_private {
2800 + } \
2801 + udelay(5); \
2802 + } \
2803 +- if (_i) \
2804 ++ if (_i) { \
2805 + b \
2806 ++ } \
2807 + } while (0)
2808 +
2809 + static int prep_ai_dma(struct comedi_device *dev, int chan, int size);
2810 +diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
2811 +index e77fb6e..8f54c50 100644
2812 +--- a/drivers/staging/zram/zram_drv.c
2813 ++++ b/drivers/staging/zram/zram_drv.c
2814 +@@ -445,6 +445,14 @@ static int zram_bvec_write(struct zram *zram, struct bio_vec *bvec, u32 index,
2815 + goto out;
2816 + }
2817 +
2818 ++ /*
2819 ++ * zram_slot_free_notify could miss free so that let's
2820 ++ * double check.
2821 ++ */
2822 ++ if (unlikely(meta->table[index].handle ||
2823 ++ zram_test_flag(meta, index, ZRAM_ZERO)))
2824 ++ zram_free_page(zram, index);
2825 ++
2826 + ret = lzo1x_1_compress(uncmem, PAGE_SIZE, src, &clen,
2827 + meta->compress_workmem);
2828 +
2829 +@@ -504,6 +512,20 @@ out:
2830 + return ret;
2831 + }
2832 +
2833 ++static void handle_pending_slot_free(struct zram *zram)
2834 ++{
2835 ++ struct zram_slot_free *free_rq;
2836 ++
2837 ++ spin_lock(&zram->slot_free_lock);
2838 ++ while (zram->slot_free_rq) {
2839 ++ free_rq = zram->slot_free_rq;
2840 ++ zram->slot_free_rq = free_rq->next;
2841 ++ zram_free_page(zram, free_rq->index);
2842 ++ kfree(free_rq);
2843 ++ }
2844 ++ spin_unlock(&zram->slot_free_lock);
2845 ++}
2846 ++
2847 + static int zram_bvec_rw(struct zram *zram, struct bio_vec *bvec, u32 index,
2848 + int offset, struct bio *bio, int rw)
2849 + {
2850 +@@ -511,10 +533,12 @@ static int zram_bvec_rw(struct zram *zram, struct bio_vec *bvec, u32 index,
2851 +
2852 + if (rw == READ) {
2853 + down_read(&zram->lock);
2854 ++ handle_pending_slot_free(zram);
2855 + ret = zram_bvec_read(zram, bvec, index, offset, bio);
2856 + up_read(&zram->lock);
2857 + } else {
2858 + down_write(&zram->lock);
2859 ++ handle_pending_slot_free(zram);
2860 + ret = zram_bvec_write(zram, bvec, index, offset);
2861 + up_write(&zram->lock);
2862 + }
2863 +@@ -522,11 +546,13 @@ static int zram_bvec_rw(struct zram *zram, struct bio_vec *bvec, u32 index,
2864 + return ret;
2865 + }
2866 +
2867 +-static void zram_reset_device(struct zram *zram)
2868 ++static void zram_reset_device(struct zram *zram, bool reset_capacity)
2869 + {
2870 + size_t index;
2871 + struct zram_meta *meta;
2872 +
2873 ++ flush_work(&zram->free_work);
2874 ++
2875 + down_write(&zram->init_lock);
2876 + if (!zram->init_done) {
2877 + up_write(&zram->init_lock);
2878 +@@ -551,7 +577,8 @@ static void zram_reset_device(struct zram *zram)
2879 + memset(&zram->stats, 0, sizeof(zram->stats));
2880 +
2881 + zram->disksize = 0;
2882 +- set_capacity(zram->disk, 0);
2883 ++ if (reset_capacity)
2884 ++ set_capacity(zram->disk, 0);
2885 + up_write(&zram->init_lock);
2886 + }
2887 +
2888 +@@ -635,7 +662,7 @@ static ssize_t reset_store(struct device *dev,
2889 + if (bdev)
2890 + fsync_bdev(bdev);
2891 +
2892 +- zram_reset_device(zram);
2893 ++ zram_reset_device(zram, true);
2894 + return len;
2895 + }
2896 +
2897 +@@ -720,16 +747,40 @@ error:
2898 + bio_io_error(bio);
2899 + }
2900 +
2901 ++static void zram_slot_free(struct work_struct *work)
2902 ++{
2903 ++ struct zram *zram;
2904 ++
2905 ++ zram = container_of(work, struct zram, free_work);
2906 ++ down_write(&zram->lock);
2907 ++ handle_pending_slot_free(zram);
2908 ++ up_write(&zram->lock);
2909 ++}
2910 ++
2911 ++static void add_slot_free(struct zram *zram, struct zram_slot_free *free_rq)
2912 ++{
2913 ++ spin_lock(&zram->slot_free_lock);
2914 ++ free_rq->next = zram->slot_free_rq;
2915 ++ zram->slot_free_rq = free_rq;
2916 ++ spin_unlock(&zram->slot_free_lock);
2917 ++}
2918 ++
2919 + static void zram_slot_free_notify(struct block_device *bdev,
2920 + unsigned long index)
2921 + {
2922 + struct zram *zram;
2923 ++ struct zram_slot_free *free_rq;
2924 +
2925 + zram = bdev->bd_disk->private_data;
2926 +- down_write(&zram->lock);
2927 +- zram_free_page(zram, index);
2928 +- up_write(&zram->lock);
2929 + atomic64_inc(&zram->stats.notify_free);
2930 ++
2931 ++ free_rq = kmalloc(sizeof(struct zram_slot_free), GFP_ATOMIC);
2932 ++ if (!free_rq)
2933 ++ return;
2934 ++
2935 ++ free_rq->index = index;
2936 ++ add_slot_free(zram, free_rq);
2937 ++ schedule_work(&zram->free_work);
2938 + }
2939 +
2940 + static const struct block_device_operations zram_devops = {
2941 +@@ -776,6 +827,10 @@ static int create_device(struct zram *zram, int device_id)
2942 + init_rwsem(&zram->lock);
2943 + init_rwsem(&zram->init_lock);
2944 +
2945 ++ INIT_WORK(&zram->free_work, zram_slot_free);
2946 ++ spin_lock_init(&zram->slot_free_lock);
2947 ++ zram->slot_free_rq = NULL;
2948 ++
2949 + zram->queue = blk_alloc_queue(GFP_KERNEL);
2950 + if (!zram->queue) {
2951 + pr_err("Error allocating disk queue for device %d\n",
2952 +@@ -902,10 +957,12 @@ static void __exit zram_exit(void)
2953 + for (i = 0; i < num_devices; i++) {
2954 + zram = &zram_devices[i];
2955 +
2956 +- get_disk(zram->disk);
2957 + destroy_device(zram);
2958 +- zram_reset_device(zram);
2959 +- put_disk(zram->disk);
2960 ++ /*
2961 ++ * Shouldn't access zram->disk after destroy_device
2962 ++ * because destroy_device already released zram->disk.
2963 ++ */
2964 ++ zram_reset_device(zram, false);
2965 + }
2966 +
2967 + unregister_blkdev(zram_major, "zram");
2968 +diff --git a/drivers/staging/zram/zram_drv.h b/drivers/staging/zram/zram_drv.h
2969 +index 9e57bfb..97a3acf 100644
2970 +--- a/drivers/staging/zram/zram_drv.h
2971 ++++ b/drivers/staging/zram/zram_drv.h
2972 +@@ -94,11 +94,20 @@ struct zram_meta {
2973 + struct zs_pool *mem_pool;
2974 + };
2975 +
2976 ++struct zram_slot_free {
2977 ++ unsigned long index;
2978 ++ struct zram_slot_free *next;
2979 ++};
2980 ++
2981 + struct zram {
2982 + struct zram_meta *meta;
2983 + struct rw_semaphore lock; /* protect compression buffers, table,
2984 + * 32bit stat counters against concurrent
2985 + * notifications, reads and writes */
2986 ++
2987 ++ struct work_struct free_work; /* handle pending free request */
2988 ++ struct zram_slot_free *slot_free_rq; /* list head of free request */
2989 ++
2990 + struct request_queue *queue;
2991 + struct gendisk *disk;
2992 + int init_done;
2993 +@@ -109,6 +118,7 @@ struct zram {
2994 + * we can store in a disk.
2995 + */
2996 + u64 disksize; /* bytes */
2997 ++ spinlock_t slot_free_lock;
2998 +
2999 + struct zram_stats stats;
3000 + };
3001 +diff --git a/drivers/target/target_core_alua.c b/drivers/target/target_core_alua.c
3002 +index cbe48ab..f608fbc 100644
3003 +--- a/drivers/target/target_core_alua.c
3004 ++++ b/drivers/target/target_core_alua.c
3005 +@@ -730,7 +730,7 @@ static int core_alua_write_tpg_metadata(
3006 + if (ret < 0)
3007 + pr_err("Error writing ALUA metadata file: %s\n", path);
3008 + fput(file);
3009 +- return ret ? -EIO : 0;
3010 ++ return (ret < 0) ? -EIO : 0;
3011 + }
3012 +
3013 + /*
3014 +diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c
3015 +index bd78faf..adec5a8 100644
3016 +--- a/drivers/target/target_core_pr.c
3017 ++++ b/drivers/target/target_core_pr.c
3018 +@@ -1949,7 +1949,7 @@ static int __core_scsi3_write_aptpl_to_file(
3019 + pr_debug("Error writing APTPL metadata file: %s\n", path);
3020 + fput(file);
3021 +
3022 +- return ret ? -EIO : 0;
3023 ++ return (ret < 0) ? -EIO : 0;
3024 + }
3025 +
3026 + /*
3027 +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
3028 +index 366af83..20689b9 100644
3029 +--- a/drivers/tty/tty_io.c
3030 ++++ b/drivers/tty/tty_io.c
3031 +@@ -850,7 +850,8 @@ void disassociate_ctty(int on_exit)
3032 + struct pid *tty_pgrp = tty_get_pgrp(tty);
3033 + if (tty_pgrp) {
3034 + kill_pgrp(tty_pgrp, SIGHUP, on_exit);
3035 +- kill_pgrp(tty_pgrp, SIGCONT, on_exit);
3036 ++ if (!on_exit)
3037 ++ kill_pgrp(tty_pgrp, SIGCONT, on_exit);
3038 + put_pid(tty_pgrp);
3039 + }
3040 + }
3041 +diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c
3042 +index 8a230f0..d3318a0 100644
3043 +--- a/drivers/usb/class/cdc-wdm.c
3044 ++++ b/drivers/usb/class/cdc-wdm.c
3045 +@@ -209,6 +209,7 @@ skip_error:
3046 + static void wdm_int_callback(struct urb *urb)
3047 + {
3048 + int rv = 0;
3049 ++ int responding;
3050 + int status = urb->status;
3051 + struct wdm_device *desc;
3052 + struct usb_cdc_notification *dr;
3053 +@@ -262,8 +263,8 @@ static void wdm_int_callback(struct urb *urb)
3054 +
3055 + spin_lock(&desc->iuspin);
3056 + clear_bit(WDM_READ, &desc->flags);
3057 +- set_bit(WDM_RESPONDING, &desc->flags);
3058 +- if (!test_bit(WDM_DISCONNECTING, &desc->flags)
3059 ++ responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
3060 ++ if (!responding && !test_bit(WDM_DISCONNECTING, &desc->flags)
3061 + && !test_bit(WDM_SUSPENDING, &desc->flags)) {
3062 + rv = usb_submit_urb(desc->response, GFP_ATOMIC);
3063 + dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d",
3064 +@@ -685,16 +686,20 @@ static void wdm_rxwork(struct work_struct *work)
3065 + {
3066 + struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
3067 + unsigned long flags;
3068 +- int rv;
3069 ++ int rv = 0;
3070 ++ int responding;
3071 +
3072 + spin_lock_irqsave(&desc->iuspin, flags);
3073 + if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
3074 + spin_unlock_irqrestore(&desc->iuspin, flags);
3075 + } else {
3076 ++ responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
3077 + spin_unlock_irqrestore(&desc->iuspin, flags);
3078 +- rv = usb_submit_urb(desc->response, GFP_KERNEL);
3079 ++ if (!responding)
3080 ++ rv = usb_submit_urb(desc->response, GFP_KERNEL);
3081 + if (rv < 0 && rv != -EPERM) {
3082 + spin_lock_irqsave(&desc->iuspin, flags);
3083 ++ clear_bit(WDM_RESPONDING, &desc->flags);
3084 + if (!test_bit(WDM_DISCONNECTING, &desc->flags))
3085 + schedule_work(&desc->rxwork);
3086 + spin_unlock_irqrestore(&desc->iuspin, flags);
3087 +diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c
3088 +index 7199adc..a6b2cab 100644
3089 +--- a/drivers/usb/core/config.c
3090 ++++ b/drivers/usb/core/config.c
3091 +@@ -424,7 +424,8 @@ static int usb_parse_configuration(struct usb_device *dev, int cfgidx,
3092 +
3093 + memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE);
3094 + if (config->desc.bDescriptorType != USB_DT_CONFIG ||
3095 +- config->desc.bLength < USB_DT_CONFIG_SIZE) {
3096 ++ config->desc.bLength < USB_DT_CONFIG_SIZE ||
3097 ++ config->desc.bLength > size) {
3098 + dev_err(ddev, "invalid descriptor for config index %d: "
3099 + "type = 0x%X, length = %d\n", cfgidx,
3100 + config->desc.bDescriptorType, config->desc.bLength);
3101 +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
3102 +index 558313d..17c3785 100644
3103 +--- a/drivers/usb/core/hub.c
3104 ++++ b/drivers/usb/core/hub.c
3105 +@@ -2918,7 +2918,6 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg)
3106 + {
3107 + struct usb_hub *hub = usb_hub_to_struct_hub(udev->parent);
3108 + struct usb_port *port_dev = hub->ports[udev->portnum - 1];
3109 +- enum pm_qos_flags_status pm_qos_stat;
3110 + int port1 = udev->portnum;
3111 + int status;
3112 + bool really_suspend = true;
3113 +@@ -2956,7 +2955,7 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg)
3114 + status);
3115 + /* bail if autosuspend is requested */
3116 + if (PMSG_IS_AUTO(msg))
3117 +- return status;
3118 ++ goto err_wakeup;
3119 + }
3120 + }
3121 +
3122 +@@ -2965,14 +2964,16 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg)
3123 + usb_set_usb2_hardware_lpm(udev, 0);
3124 +
3125 + if (usb_disable_ltm(udev)) {
3126 +- dev_err(&udev->dev, "%s Failed to disable LTM before suspend\n.",
3127 +- __func__);
3128 +- return -ENOMEM;
3129 ++ dev_err(&udev->dev, "Failed to disable LTM before suspend\n.");
3130 ++ status = -ENOMEM;
3131 ++ if (PMSG_IS_AUTO(msg))
3132 ++ goto err_ltm;
3133 + }
3134 + if (usb_unlocked_disable_lpm(udev)) {
3135 +- dev_err(&udev->dev, "%s Failed to disable LPM before suspend\n.",
3136 +- __func__);
3137 +- return -ENOMEM;
3138 ++ dev_err(&udev->dev, "Failed to disable LPM before suspend\n.");
3139 ++ status = -ENOMEM;
3140 ++ if (PMSG_IS_AUTO(msg))
3141 ++ goto err_lpm3;
3142 + }
3143 +
3144 + /* see 7.1.7.6 */
3145 +@@ -3000,28 +3001,31 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg)
3146 + if (status) {
3147 + dev_dbg(hub->intfdev, "can't suspend port %d, status %d\n",
3148 + port1, status);
3149 +- /* paranoia: "should not happen" */
3150 +- if (udev->do_remote_wakeup) {
3151 +- if (!hub_is_superspeed(hub->hdev)) {
3152 +- (void) usb_control_msg(udev,
3153 +- usb_sndctrlpipe(udev, 0),
3154 +- USB_REQ_CLEAR_FEATURE,
3155 +- USB_RECIP_DEVICE,
3156 +- USB_DEVICE_REMOTE_WAKEUP, 0,
3157 +- NULL, 0,
3158 +- USB_CTRL_SET_TIMEOUT);
3159 +- } else
3160 +- (void) usb_disable_function_remotewakeup(udev);
3161 +-
3162 +- }
3163 +
3164 ++ /* Try to enable USB3 LPM and LTM again */
3165 ++ usb_unlocked_enable_lpm(udev);
3166 ++ err_lpm3:
3167 ++ usb_enable_ltm(udev);
3168 ++ err_ltm:
3169 + /* Try to enable USB2 hardware LPM again */
3170 + if (udev->usb2_hw_lpm_capable == 1)
3171 + usb_set_usb2_hardware_lpm(udev, 1);
3172 +
3173 +- /* Try to enable USB3 LTM and LPM again */
3174 +- usb_enable_ltm(udev);
3175 +- usb_unlocked_enable_lpm(udev);
3176 ++ if (udev->do_remote_wakeup) {
3177 ++ if (udev->speed < USB_SPEED_SUPER)
3178 ++ usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
3179 ++ USB_REQ_CLEAR_FEATURE,
3180 ++ USB_RECIP_DEVICE,
3181 ++ USB_DEVICE_REMOTE_WAKEUP, 0,
3182 ++ NULL, 0, USB_CTRL_SET_TIMEOUT);
3183 ++ else
3184 ++ usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
3185 ++ USB_REQ_CLEAR_FEATURE,
3186 ++ USB_RECIP_INTERFACE,
3187 ++ USB_INTRF_FUNC_SUSPEND, 0,
3188 ++ NULL, 0, USB_CTRL_SET_TIMEOUT);
3189 ++ }
3190 ++ err_wakeup:
3191 +
3192 + /* System sleep transitions should never fail */
3193 + if (!PMSG_IS_AUTO(msg))
3194 +@@ -3039,16 +3043,7 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg)
3195 + usb_set_device_state(udev, USB_STATE_SUSPENDED);
3196 + }
3197 +
3198 +- /*
3199 +- * Check whether current status meets the requirement of
3200 +- * usb port power off mechanism
3201 +- */
3202 +- pm_qos_stat = dev_pm_qos_flags(&port_dev->dev,
3203 +- PM_QOS_FLAG_NO_POWER_OFF);
3204 +- if (!udev->do_remote_wakeup
3205 +- && pm_qos_stat != PM_QOS_FLAGS_ALL
3206 +- && udev->persist_enabled
3207 +- && !status) {
3208 ++ if (status == 0 && !udev->do_remote_wakeup && udev->persist_enabled) {
3209 + pm_runtime_put_sync(&port_dev->dev);
3210 + port_dev->did_runtime_put = true;
3211 + }
3212 +diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c
3213 +index d6b0fad..9909911 100644
3214 +--- a/drivers/usb/core/port.c
3215 ++++ b/drivers/usb/core/port.c
3216 +@@ -89,22 +89,19 @@ static int usb_port_runtime_resume(struct device *dev)
3217 + retval = usb_hub_set_port_power(hdev, hub, port1, true);
3218 + if (port_dev->child && !retval) {
3219 + /*
3220 +- * Wait for usb hub port to be reconnected in order to make
3221 +- * the resume procedure successful.
3222 ++ * Attempt to wait for usb hub port to be reconnected in order
3223 ++ * to make the resume procedure successful. The device may have
3224 ++ * disconnected while the port was powered off, so ignore the
3225 ++ * return status.
3226 + */
3227 + retval = hub_port_debounce_be_connected(hub, port1);
3228 +- if (retval < 0) {
3229 ++ if (retval < 0)
3230 + dev_dbg(&port_dev->dev, "can't get reconnection after setting port power on, status %d\n",
3231 + retval);
3232 +- goto out;
3233 +- }
3234 + usb_clear_port_feature(hdev, port1, USB_PORT_FEAT_C_ENABLE);
3235 +-
3236 +- /* Set return value to 0 if debounce successful */
3237 + retval = 0;
3238 + }
3239 +
3240 +-out:
3241 + clear_bit(port1, hub->busy_bits);
3242 + usb_autopm_put_interface(intf);
3243 + return retval;
3244 +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
3245 +index f77083f..14d28d6 100644
3246 +--- a/drivers/usb/dwc3/gadget.c
3247 ++++ b/drivers/usb/dwc3/gadget.c
3248 +@@ -1508,6 +1508,15 @@ static int dwc3_gadget_start(struct usb_gadget *g,
3249 + int irq;
3250 + u32 reg;
3251 +
3252 ++ irq = platform_get_irq(to_platform_device(dwc->dev), 0);
3253 ++ ret = request_threaded_irq(irq, dwc3_interrupt, dwc3_thread_interrupt,
3254 ++ IRQF_SHARED | IRQF_ONESHOT, "dwc3", dwc);
3255 ++ if (ret) {
3256 ++ dev_err(dwc->dev, "failed to request irq #%d --> %d\n",
3257 ++ irq, ret);
3258 ++ goto err0;
3259 ++ }
3260 ++
3261 + spin_lock_irqsave(&dwc->lock, flags);
3262 +
3263 + if (dwc->gadget_driver) {
3264 +@@ -1515,7 +1524,7 @@ static int dwc3_gadget_start(struct usb_gadget *g,
3265 + dwc->gadget.name,
3266 + dwc->gadget_driver->driver.name);
3267 + ret = -EBUSY;
3268 +- goto err0;
3269 ++ goto err1;
3270 + }
3271 +
3272 + dwc->gadget_driver = driver;
3273 +@@ -1551,42 +1560,38 @@ static int dwc3_gadget_start(struct usb_gadget *g,
3274 + ret = __dwc3_gadget_ep_enable(dep, &dwc3_gadget_ep0_desc, NULL, false);
3275 + if (ret) {
3276 + dev_err(dwc->dev, "failed to enable %s\n", dep->name);
3277 +- goto err0;
3278 ++ goto err2;
3279 + }
3280 +
3281 + dep = dwc->eps[1];
3282 + ret = __dwc3_gadget_ep_enable(dep, &dwc3_gadget_ep0_desc, NULL, false);
3283 + if (ret) {
3284 + dev_err(dwc->dev, "failed to enable %s\n", dep->name);
3285 +- goto err1;
3286 ++ goto err3;
3287 + }
3288 +
3289 + /* begin to receive SETUP packets */
3290 + dwc->ep0state = EP0_SETUP_PHASE;
3291 + dwc3_ep0_out_start(dwc);
3292 +
3293 +- irq = platform_get_irq(to_platform_device(dwc->dev), 0);
3294 +- ret = request_threaded_irq(irq, dwc3_interrupt, dwc3_thread_interrupt,
3295 +- IRQF_SHARED | IRQF_ONESHOT, "dwc3", dwc);
3296 +- if (ret) {
3297 +- dev_err(dwc->dev, "failed to request irq #%d --> %d\n",
3298 +- irq, ret);
3299 +- goto err1;
3300 +- }
3301 +-
3302 + dwc3_gadget_enable_irq(dwc);
3303 +
3304 + spin_unlock_irqrestore(&dwc->lock, flags);
3305 +
3306 + return 0;
3307 +
3308 +-err1:
3309 ++err3:
3310 + __dwc3_gadget_ep_disable(dwc->eps[0]);
3311 +
3312 +-err0:
3313 ++err2:
3314 + dwc->gadget_driver = NULL;
3315 ++
3316 ++err1:
3317 + spin_unlock_irqrestore(&dwc->lock, flags);
3318 +
3319 ++ free_irq(irq, dwc);
3320 ++
3321 ++err0:
3322 + return ret;
3323 + }
3324 +
3325 +@@ -1600,9 +1605,6 @@ static int dwc3_gadget_stop(struct usb_gadget *g,
3326 + spin_lock_irqsave(&dwc->lock, flags);
3327 +
3328 + dwc3_gadget_disable_irq(dwc);
3329 +- irq = platform_get_irq(to_platform_device(dwc->dev), 0);
3330 +- free_irq(irq, dwc);
3331 +-
3332 + __dwc3_gadget_ep_disable(dwc->eps[0]);
3333 + __dwc3_gadget_ep_disable(dwc->eps[1]);
3334 +
3335 +@@ -1610,6 +1612,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g,
3336 +
3337 + spin_unlock_irqrestore(&dwc->lock, flags);
3338 +
3339 ++ irq = platform_get_irq(to_platform_device(dwc->dev), 0);
3340 ++ free_irq(irq, dwc);
3341 ++
3342 + return 0;
3343 + }
3344 +
3345 +diff --git a/drivers/usb/gadget/uvc_queue.c b/drivers/usb/gadget/uvc_queue.c
3346 +index e617047..0bb5d50 100644
3347 +--- a/drivers/usb/gadget/uvc_queue.c
3348 ++++ b/drivers/usb/gadget/uvc_queue.c
3349 +@@ -193,12 +193,16 @@ static int uvc_queue_buffer(struct uvc_video_queue *queue,
3350 +
3351 + mutex_lock(&queue->mutex);
3352 + ret = vb2_qbuf(&queue->queue, buf);
3353 ++ if (ret < 0)
3354 ++ goto done;
3355 ++
3356 + spin_lock_irqsave(&queue->irqlock, flags);
3357 + ret = (queue->flags & UVC_QUEUE_PAUSED) != 0;
3358 + queue->flags &= ~UVC_QUEUE_PAUSED;
3359 + spin_unlock_irqrestore(&queue->irqlock, flags);
3360 +- mutex_unlock(&queue->mutex);
3361 +
3362 ++done:
3363 ++ mutex_unlock(&queue->mutex);
3364 + return ret;
3365 + }
3366 +
3367 +diff --git a/drivers/usb/host/ehci-mxc.c b/drivers/usb/host/ehci-mxc.c
3368 +index e4c34ac..4c166e1 100644
3369 +--- a/drivers/usb/host/ehci-mxc.c
3370 ++++ b/drivers/usb/host/ehci-mxc.c
3371 +@@ -184,7 +184,7 @@ static int ehci_mxc_drv_remove(struct platform_device *pdev)
3372 + if (pdata && pdata->exit)
3373 + pdata->exit(pdev);
3374 +
3375 +- if (pdata->otg)
3376 ++ if (pdata && pdata->otg)
3377 + usb_phy_shutdown(pdata->otg);
3378 +
3379 + clk_disable_unprepare(priv->usbclk);
3380 +diff --git a/drivers/usb/host/ohci-pci.c b/drivers/usb/host/ohci-pci.c
3381 +index 279b049..ec337c2 100644
3382 +--- a/drivers/usb/host/ohci-pci.c
3383 ++++ b/drivers/usb/host/ohci-pci.c
3384 +@@ -289,7 +289,7 @@ static struct pci_driver ohci_pci_driver = {
3385 + .remove = usb_hcd_pci_remove,
3386 + .shutdown = usb_hcd_pci_shutdown,
3387 +
3388 +-#ifdef CONFIG_PM_SLEEP
3389 ++#ifdef CONFIG_PM
3390 + .driver = {
3391 + .pm = &usb_hcd_pci_pm_ops
3392 + },
3393 +diff --git a/drivers/usb/host/xhci-ext-caps.h b/drivers/usb/host/xhci-ext-caps.h
3394 +index 8d7a132..9fe3225 100644
3395 +--- a/drivers/usb/host/xhci-ext-caps.h
3396 ++++ b/drivers/usb/host/xhci-ext-caps.h
3397 +@@ -71,7 +71,7 @@
3398 +
3399 + /* USB 2.0 xHCI 1.0 hardware LMP capability - section 7.2.2.1.3.2 */
3400 + #define XHCI_HLC (1 << 19)
3401 +-#define XHCI_BLC (1 << 19)
3402 ++#define XHCI_BLC (1 << 20)
3403 +
3404 + /* command register values to disable interrupts and halt the HC */
3405 + /* start/stop HC execution - do not write unless HC is halted*/
3406 +diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
3407 +index 51e22bf..6eca5a5 100644
3408 +--- a/drivers/usb/host/xhci-plat.c
3409 ++++ b/drivers/usb/host/xhci-plat.c
3410 +@@ -24,7 +24,7 @@ static void xhci_plat_quirks(struct device *dev, struct xhci_hcd *xhci)
3411 + * here that the generic code does not try to make a pci_dev from our
3412 + * dev struct in order to setup MSI
3413 + */
3414 +- xhci->quirks |= XHCI_BROKEN_MSI;
3415 ++ xhci->quirks |= XHCI_PLAT;
3416 + }
3417 +
3418 + /* called during probe() after chip reset completes */
3419 +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
3420 +index 9478caa..b3c4162 100644
3421 +--- a/drivers/usb/host/xhci.c
3422 ++++ b/drivers/usb/host/xhci.c
3423 +@@ -343,9 +343,14 @@ static void __maybe_unused xhci_msix_sync_irqs(struct xhci_hcd *xhci)
3424 + static int xhci_try_enable_msi(struct usb_hcd *hcd)
3425 + {
3426 + struct xhci_hcd *xhci = hcd_to_xhci(hcd);
3427 +- struct pci_dev *pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller);
3428 ++ struct pci_dev *pdev;
3429 + int ret;
3430 +
3431 ++ /* The xhci platform device has set up IRQs through usb_add_hcd. */
3432 ++ if (xhci->quirks & XHCI_PLAT)
3433 ++ return 0;
3434 ++
3435 ++ pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller);
3436 + /*
3437 + * Some Fresco Logic host controllers advertise MSI, but fail to
3438 + * generate interrupts. Don't even try to enable MSI.
3439 +@@ -3581,10 +3586,21 @@ void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
3440 + {
3441 + struct xhci_hcd *xhci = hcd_to_xhci(hcd);
3442 + struct xhci_virt_device *virt_dev;
3443 ++ struct device *dev = hcd->self.controller;
3444 + unsigned long flags;
3445 + u32 state;
3446 + int i, ret;
3447 +
3448 ++#ifndef CONFIG_USB_DEFAULT_PERSIST
3449 ++ /*
3450 ++ * We called pm_runtime_get_noresume when the device was attached.
3451 ++ * Decrement the counter here to allow controller to runtime suspend
3452 ++ * if no devices remain.
3453 ++ */
3454 ++ if (xhci->quirks & XHCI_RESET_ON_RESUME)
3455 ++ pm_runtime_put_noidle(dev);
3456 ++#endif
3457 ++
3458 + ret = xhci_check_args(hcd, udev, NULL, 0, true, __func__);
3459 + /* If the host is halted due to driver unload, we still need to free the
3460 + * device.
3461 +@@ -3656,6 +3672,7 @@ static int xhci_reserve_host_control_ep_resources(struct xhci_hcd *xhci)
3462 + int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
3463 + {
3464 + struct xhci_hcd *xhci = hcd_to_xhci(hcd);
3465 ++ struct device *dev = hcd->self.controller;
3466 + unsigned long flags;
3467 + int timeleft;
3468 + int ret;
3469 +@@ -3708,6 +3725,16 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
3470 + goto disable_slot;
3471 + }
3472 + udev->slot_id = xhci->slot_id;
3473 ++
3474 ++#ifndef CONFIG_USB_DEFAULT_PERSIST
3475 ++ /*
3476 ++ * If resetting upon resume, we can't put the controller into runtime
3477 ++ * suspend if there is a device attached.
3478 ++ */
3479 ++ if (xhci->quirks & XHCI_RESET_ON_RESUME)
3480 ++ pm_runtime_get_noresume(dev);
3481 ++#endif
3482 ++
3483 + /* Is this a LS or FS device under a HS hub? */
3484 + /* Hub or peripherial? */
3485 + return 1;
3486 +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
3487 +index c338741..6ab1e60 100644
3488 +--- a/drivers/usb/host/xhci.h
3489 ++++ b/drivers/usb/host/xhci.h
3490 +@@ -1542,6 +1542,7 @@ struct xhci_hcd {
3491 + #define XHCI_SPURIOUS_REBOOT (1 << 13)
3492 + #define XHCI_COMP_MODE_QUIRK (1 << 14)
3493 + #define XHCI_AVOID_BEI (1 << 15)
3494 ++#define XHCI_PLAT (1 << 16)
3495 + unsigned int num_active_eps;
3496 + unsigned int limit_active_eps;
3497 + /* There are two roothubs to keep track of bus suspend info for */
3498 +diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c
3499 +index b013001..84657e0 100644
3500 +--- a/drivers/usb/serial/mos7720.c
3501 ++++ b/drivers/usb/serial/mos7720.c
3502 +@@ -374,7 +374,7 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport,
3503 + kfree(urbtrack);
3504 + return -ENOMEM;
3505 + }
3506 +- urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_KERNEL);
3507 ++ urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_ATOMIC);
3508 + if (!urbtrack->setup) {
3509 + usb_free_urb(urbtrack->urb);
3510 + kfree(urbtrack);
3511 +@@ -382,8 +382,8 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport,
3512 + }
3513 + urbtrack->setup->bRequestType = (__u8)0x40;
3514 + urbtrack->setup->bRequest = (__u8)0x0e;
3515 +- urbtrack->setup->wValue = get_reg_value(reg, dummy);
3516 +- urbtrack->setup->wIndex = get_reg_index(reg);
3517 ++ urbtrack->setup->wValue = cpu_to_le16(get_reg_value(reg, dummy));
3518 ++ urbtrack->setup->wIndex = cpu_to_le16(get_reg_index(reg));
3519 + urbtrack->setup->wLength = 0;
3520 + usb_fill_control_urb(urbtrack->urb, usbdev,
3521 + usb_sndctrlpipe(usbdev, 0),
3522 +diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c
3523 +index 04cdeb8..c4d2298 100644
3524 +--- a/drivers/xen/grant-table.c
3525 ++++ b/drivers/xen/grant-table.c
3526 +@@ -730,9 +730,18 @@ void gnttab_request_free_callback(struct gnttab_free_callback *callback,
3527 + void (*fn)(void *), void *arg, u16 count)
3528 + {
3529 + unsigned long flags;
3530 ++ struct gnttab_free_callback *cb;
3531 ++
3532 + spin_lock_irqsave(&gnttab_list_lock, flags);
3533 +- if (callback->next)
3534 +- goto out;
3535 ++
3536 ++ /* Check if the callback is already on the list */
3537 ++ cb = gnttab_free_callback_list;
3538 ++ while (cb) {
3539 ++ if (cb == callback)
3540 ++ goto out;
3541 ++ cb = cb->next;
3542 ++ }
3543 ++
3544 + callback->fn = fn;
3545 + callback->arg = arg;
3546 + callback->count = count;
3547 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
3548 +index 238a055..9877a2a 100644
3549 +--- a/fs/btrfs/ioctl.c
3550 ++++ b/fs/btrfs/ioctl.c
3551 +@@ -3312,6 +3312,9 @@ static long btrfs_ioctl_dev_replace(struct btrfs_root *root, void __user *arg)
3552 +
3553 + switch (p->cmd) {
3554 + case BTRFS_IOCTL_DEV_REPLACE_CMD_START:
3555 ++ if (root->fs_info->sb->s_flags & MS_RDONLY)
3556 ++ return -EROFS;
3557 ++
3558 + if (atomic_xchg(
3559 + &root->fs_info->mutually_exclusive_operation_running,
3560 + 1)) {
3561 +diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c
3562 +index e0b4ef3..a5ce62e 100644
3563 +--- a/fs/ceph/ioctl.c
3564 ++++ b/fs/ceph/ioctl.c
3565 +@@ -196,8 +196,10 @@ static long ceph_ioctl_get_dataloc(struct file *file, void __user *arg)
3566 + r = ceph_calc_file_object_mapping(&ci->i_layout, dl.file_offset, len,
3567 + &dl.object_no, &dl.object_offset,
3568 + &olen);
3569 +- if (r < 0)
3570 ++ if (r < 0) {
3571 ++ up_read(&osdc->map_sem);
3572 + return -EIO;
3573 ++ }
3574 + dl.file_offset -= dl.object_offset;
3575 + dl.object_size = ceph_file_layout_object_size(ci->i_layout);
3576 + dl.block_size = ceph_file_layout_su(ci->i_layout);
3577 +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
3578 +index d67c550..37950c6 100644
3579 +--- a/fs/cifs/connect.c
3580 ++++ b/fs/cifs/connect.c
3581 +@@ -379,6 +379,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
3582 + try_to_freeze();
3583 +
3584 + /* we should try only the port we connected to before */
3585 ++ mutex_lock(&server->srv_mutex);
3586 + rc = generic_ip_connect(server);
3587 + if (rc) {
3588 + cifs_dbg(FYI, "reconnect error %d\n", rc);
3589 +@@ -390,6 +391,7 @@ cifs_reconnect(struct TCP_Server_Info *server)
3590 + server->tcpStatus = CifsNeedNegotiate;
3591 + spin_unlock(&GlobalMid_Lock);
3592 + }
3593 ++ mutex_unlock(&server->srv_mutex);
3594 + } while (server->tcpStatus == CifsNeedReconnect);
3595 +
3596 + return rc;
3597 +diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c
3598 +index b0c4334..f851d03 100644
3599 +--- a/fs/cifs/smb2misc.c
3600 ++++ b/fs/cifs/smb2misc.c
3601 +@@ -417,96 +417,108 @@ cifs_ses_oplock_break(struct work_struct *work)
3602 + }
3603 +
3604 + static bool
3605 +-smb2_is_valid_lease_break(char *buffer, struct TCP_Server_Info *server)
3606 ++smb2_tcon_has_lease(struct cifs_tcon *tcon, struct smb2_lease_break *rsp,
3607 ++ struct smb2_lease_break_work *lw)
3608 + {
3609 +- struct smb2_lease_break *rsp = (struct smb2_lease_break *)buffer;
3610 +- struct list_head *tmp, *tmp1, *tmp2;
3611 +- struct cifs_ses *ses;
3612 +- struct cifs_tcon *tcon;
3613 +- struct cifsInodeInfo *cinode;
3614 ++ bool found;
3615 ++ __u8 lease_state;
3616 ++ struct list_head *tmp;
3617 + struct cifsFileInfo *cfile;
3618 + struct cifs_pending_open *open;
3619 +- struct smb2_lease_break_work *lw;
3620 +- bool found;
3621 ++ struct cifsInodeInfo *cinode;
3622 + int ack_req = le32_to_cpu(rsp->Flags &
3623 + SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED);
3624 +
3625 +- lw = kmalloc(sizeof(struct smb2_lease_break_work), GFP_KERNEL);
3626 +- if (!lw)
3627 +- return false;
3628 ++ lease_state = smb2_map_lease_to_oplock(rsp->NewLeaseState);
3629 +
3630 +- INIT_WORK(&lw->lease_break, cifs_ses_oplock_break);
3631 +- lw->lease_state = rsp->NewLeaseState;
3632 ++ list_for_each(tmp, &tcon->openFileList) {
3633 ++ cfile = list_entry(tmp, struct cifsFileInfo, tlist);
3634 ++ cinode = CIFS_I(cfile->dentry->d_inode);
3635 +
3636 +- cifs_dbg(FYI, "Checking for lease break\n");
3637 ++ if (memcmp(cinode->lease_key, rsp->LeaseKey,
3638 ++ SMB2_LEASE_KEY_SIZE))
3639 ++ continue;
3640 +
3641 +- /* look up tcon based on tid & uid */
3642 +- spin_lock(&cifs_tcp_ses_lock);
3643 +- list_for_each(tmp, &server->smb_ses_list) {
3644 +- ses = list_entry(tmp, struct cifs_ses, smb_ses_list);
3645 ++ cifs_dbg(FYI, "found in the open list\n");
3646 ++ cifs_dbg(FYI, "lease key match, lease break 0x%d\n",
3647 ++ le32_to_cpu(rsp->NewLeaseState));
3648 +
3649 +- spin_lock(&cifs_file_list_lock);
3650 +- list_for_each(tmp1, &ses->tcon_list) {
3651 +- tcon = list_entry(tmp1, struct cifs_tcon, tcon_list);
3652 ++ smb2_set_oplock_level(cinode, lease_state);
3653 +
3654 +- cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks);
3655 +- list_for_each(tmp2, &tcon->openFileList) {
3656 +- cfile = list_entry(tmp2, struct cifsFileInfo,
3657 +- tlist);
3658 +- cinode = CIFS_I(cfile->dentry->d_inode);
3659 ++ if (ack_req)
3660 ++ cfile->oplock_break_cancelled = false;
3661 ++ else
3662 ++ cfile->oplock_break_cancelled = true;
3663 +
3664 +- if (memcmp(cinode->lease_key, rsp->LeaseKey,
3665 +- SMB2_LEASE_KEY_SIZE))
3666 +- continue;
3667 ++ queue_work(cifsiod_wq, &cfile->oplock_break);
3668 ++ kfree(lw);
3669 ++ return true;
3670 ++ }
3671 +
3672 +- cifs_dbg(FYI, "found in the open list\n");
3673 +- cifs_dbg(FYI, "lease key match, lease break 0x%d\n",
3674 +- le32_to_cpu(rsp->NewLeaseState));
3675 ++ found = false;
3676 ++ list_for_each_entry(open, &tcon->pending_opens, olist) {
3677 ++ if (memcmp(open->lease_key, rsp->LeaseKey,
3678 ++ SMB2_LEASE_KEY_SIZE))
3679 ++ continue;
3680 ++
3681 ++ if (!found && ack_req) {
3682 ++ found = true;
3683 ++ memcpy(lw->lease_key, open->lease_key,
3684 ++ SMB2_LEASE_KEY_SIZE);
3685 ++ lw->tlink = cifs_get_tlink(open->tlink);
3686 ++ queue_work(cifsiod_wq, &lw->lease_break);
3687 ++ }
3688 +
3689 +- smb2_set_oplock_level(cinode,
3690 +- smb2_map_lease_to_oplock(rsp->NewLeaseState));
3691 ++ cifs_dbg(FYI, "found in the pending open list\n");
3692 ++ cifs_dbg(FYI, "lease key match, lease break 0x%d\n",
3693 ++ le32_to_cpu(rsp->NewLeaseState));
3694 +
3695 +- if (ack_req)
3696 +- cfile->oplock_break_cancelled = false;
3697 +- else
3698 +- cfile->oplock_break_cancelled = true;
3699 ++ open->oplock = lease_state;
3700 ++ }
3701 ++ return found;
3702 ++}
3703 +
3704 +- queue_work(cifsiod_wq, &cfile->oplock_break);
3705 ++static bool
3706 ++smb2_is_valid_lease_break(char *buffer)
3707 ++{
3708 ++ struct smb2_lease_break *rsp = (struct smb2_lease_break *)buffer;
3709 ++ struct list_head *tmp, *tmp1, *tmp2;
3710 ++ struct TCP_Server_Info *server;
3711 ++ struct cifs_ses *ses;
3712 ++ struct cifs_tcon *tcon;
3713 ++ struct smb2_lease_break_work *lw;
3714 +
3715 +- spin_unlock(&cifs_file_list_lock);
3716 +- spin_unlock(&cifs_tcp_ses_lock);
3717 +- return true;
3718 +- }
3719 ++ lw = kmalloc(sizeof(struct smb2_lease_break_work), GFP_KERNEL);
3720 ++ if (!lw)
3721 ++ return false;
3722 +
3723 +- found = false;
3724 +- list_for_each_entry(open, &tcon->pending_opens, olist) {
3725 +- if (memcmp(open->lease_key, rsp->LeaseKey,
3726 +- SMB2_LEASE_KEY_SIZE))
3727 +- continue;
3728 ++ INIT_WORK(&lw->lease_break, cifs_ses_oplock_break);
3729 ++ lw->lease_state = rsp->NewLeaseState;
3730 +
3731 +- if (!found && ack_req) {
3732 +- found = true;
3733 +- memcpy(lw->lease_key, open->lease_key,
3734 +- SMB2_LEASE_KEY_SIZE);
3735 +- lw->tlink = cifs_get_tlink(open->tlink);
3736 +- queue_work(cifsiod_wq,
3737 +- &lw->lease_break);
3738 +- }
3739 ++ cifs_dbg(FYI, "Checking for lease break\n");
3740 ++
3741 ++ /* look up tcon based on tid & uid */
3742 ++ spin_lock(&cifs_tcp_ses_lock);
3743 ++ list_for_each(tmp, &cifs_tcp_ses_list) {
3744 ++ server = list_entry(tmp, struct TCP_Server_Info, tcp_ses_list);
3745 +
3746 +- cifs_dbg(FYI, "found in the pending open list\n");
3747 +- cifs_dbg(FYI, "lease key match, lease break 0x%d\n",
3748 +- le32_to_cpu(rsp->NewLeaseState));
3749 ++ list_for_each(tmp1, &server->smb_ses_list) {
3750 ++ ses = list_entry(tmp1, struct cifs_ses, smb_ses_list);
3751 +
3752 +- open->oplock =
3753 +- smb2_map_lease_to_oplock(rsp->NewLeaseState);
3754 +- }
3755 +- if (found) {
3756 +- spin_unlock(&cifs_file_list_lock);
3757 +- spin_unlock(&cifs_tcp_ses_lock);
3758 +- return true;
3759 ++ spin_lock(&cifs_file_list_lock);
3760 ++ list_for_each(tmp2, &ses->tcon_list) {
3761 ++ tcon = list_entry(tmp2, struct cifs_tcon,
3762 ++ tcon_list);
3763 ++ cifs_stats_inc(
3764 ++ &tcon->stats.cifs_stats.num_oplock_brks);
3765 ++ if (smb2_tcon_has_lease(tcon, rsp, lw)) {
3766 ++ spin_unlock(&cifs_file_list_lock);
3767 ++ spin_unlock(&cifs_tcp_ses_lock);
3768 ++ return true;
3769 ++ }
3770 + }
3771 ++ spin_unlock(&cifs_file_list_lock);
3772 + }
3773 +- spin_unlock(&cifs_file_list_lock);
3774 + }
3775 + spin_unlock(&cifs_tcp_ses_lock);
3776 + kfree(lw);
3777 +@@ -532,7 +544,7 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server)
3778 + if (rsp->StructureSize !=
3779 + smb2_rsp_struct_sizes[SMB2_OPLOCK_BREAK_HE]) {
3780 + if (le16_to_cpu(rsp->StructureSize) == 44)
3781 +- return smb2_is_valid_lease_break(buffer, server);
3782 ++ return smb2_is_valid_lease_break(buffer);
3783 + else
3784 + return false;
3785 + }
3786 +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
3787 +index c2ca04e..ea4d188 100644
3788 +--- a/fs/ext4/inode.c
3789 ++++ b/fs/ext4/inode.c
3790 +@@ -1890,6 +1890,26 @@ static int ext4_writepage(struct page *page,
3791 + return ret;
3792 + }
3793 +
3794 ++static int mpage_submit_page(struct mpage_da_data *mpd, struct page *page)
3795 ++{
3796 ++ int len;
3797 ++ loff_t size = i_size_read(mpd->inode);
3798 ++ int err;
3799 ++
3800 ++ BUG_ON(page->index != mpd->first_page);
3801 ++ if (page->index == size >> PAGE_CACHE_SHIFT)
3802 ++ len = size & ~PAGE_CACHE_MASK;
3803 ++ else
3804 ++ len = PAGE_CACHE_SIZE;
3805 ++ clear_page_dirty_for_io(page);
3806 ++ err = ext4_bio_write_page(&mpd->io_submit, page, len, mpd->wbc);
3807 ++ if (!err)
3808 ++ mpd->wbc->nr_to_write--;
3809 ++ mpd->first_page++;
3810 ++
3811 ++ return err;
3812 ++}
3813 ++
3814 + #define BH_FLAGS ((1 << BH_Unwritten) | (1 << BH_Delay))
3815 +
3816 + /*
3817 +@@ -1904,82 +1924,94 @@ static int ext4_writepage(struct page *page,
3818 + *
3819 + * @mpd - extent of blocks
3820 + * @lblk - logical number of the block in the file
3821 +- * @b_state - b_state of the buffer head added
3822 ++ * @bh - buffer head we want to add to the extent
3823 + *
3824 +- * the function is used to collect contig. blocks in same state
3825 ++ * The function is used to collect contig. blocks in the same state. If the
3826 ++ * buffer doesn't require mapping for writeback and we haven't started the
3827 ++ * extent of buffers to map yet, the function returns 'true' immediately - the
3828 ++ * caller can write the buffer right away. Otherwise the function returns true
3829 ++ * if the block has been added to the extent, false if the block couldn't be
3830 ++ * added.
3831 + */
3832 +-static int mpage_add_bh_to_extent(struct mpage_da_data *mpd, ext4_lblk_t lblk,
3833 +- unsigned long b_state)
3834 ++static bool mpage_add_bh_to_extent(struct mpage_da_data *mpd, ext4_lblk_t lblk,
3835 ++ struct buffer_head *bh)
3836 + {
3837 + struct ext4_map_blocks *map = &mpd->map;
3838 +
3839 +- /* Don't go larger than mballoc is willing to allocate */
3840 +- if (map->m_len >= MAX_WRITEPAGES_EXTENT_LEN)
3841 +- return 0;
3842 ++ /* Buffer that doesn't need mapping for writeback? */
3843 ++ if (!buffer_dirty(bh) || !buffer_mapped(bh) ||
3844 ++ (!buffer_delay(bh) && !buffer_unwritten(bh))) {
3845 ++ /* So far no extent to map => we write the buffer right away */
3846 ++ if (map->m_len == 0)
3847 ++ return true;
3848 ++ return false;
3849 ++ }
3850 +
3851 + /* First block in the extent? */
3852 + if (map->m_len == 0) {
3853 + map->m_lblk = lblk;
3854 + map->m_len = 1;
3855 +- map->m_flags = b_state & BH_FLAGS;
3856 +- return 1;
3857 ++ map->m_flags = bh->b_state & BH_FLAGS;
3858 ++ return true;
3859 + }
3860 +
3861 ++ /* Don't go larger than mballoc is willing to allocate */
3862 ++ if (map->m_len >= MAX_WRITEPAGES_EXTENT_LEN)
3863 ++ return false;
3864 ++
3865 + /* Can we merge the block to our big extent? */
3866 + if (lblk == map->m_lblk + map->m_len &&
3867 +- (b_state & BH_FLAGS) == map->m_flags) {
3868 ++ (bh->b_state & BH_FLAGS) == map->m_flags) {
3869 + map->m_len++;
3870 +- return 1;
3871 ++ return true;
3872 + }
3873 +- return 0;
3874 ++ return false;
3875 + }
3876 +
3877 +-static bool add_page_bufs_to_extent(struct mpage_da_data *mpd,
3878 +- struct buffer_head *head,
3879 +- struct buffer_head *bh,
3880 +- ext4_lblk_t lblk)
3881 ++/*
3882 ++ * mpage_process_page_bufs - submit page buffers for IO or add them to extent
3883 ++ *
3884 ++ * @mpd - extent of blocks for mapping
3885 ++ * @head - the first buffer in the page
3886 ++ * @bh - buffer we should start processing from
3887 ++ * @lblk - logical number of the block in the file corresponding to @bh
3888 ++ *
3889 ++ * Walk through page buffers from @bh upto @head (exclusive) and either submit
3890 ++ * the page for IO if all buffers in this page were mapped and there's no
3891 ++ * accumulated extent of buffers to map or add buffers in the page to the
3892 ++ * extent of buffers to map. The function returns 1 if the caller can continue
3893 ++ * by processing the next page, 0 if it should stop adding buffers to the
3894 ++ * extent to map because we cannot extend it anymore. It can also return value
3895 ++ * < 0 in case of error during IO submission.
3896 ++ */
3897 ++static int mpage_process_page_bufs(struct mpage_da_data *mpd,
3898 ++ struct buffer_head *head,
3899 ++ struct buffer_head *bh,
3900 ++ ext4_lblk_t lblk)
3901 + {
3902 + struct inode *inode = mpd->inode;
3903 ++ int err;
3904 + ext4_lblk_t blocks = (i_size_read(inode) + (1 << inode->i_blkbits) - 1)
3905 + >> inode->i_blkbits;
3906 +
3907 + do {
3908 + BUG_ON(buffer_locked(bh));
3909 +
3910 +- if (!buffer_dirty(bh) || !buffer_mapped(bh) ||
3911 +- (!buffer_delay(bh) && !buffer_unwritten(bh)) ||
3912 +- lblk >= blocks) {
3913 ++ if (lblk >= blocks || !mpage_add_bh_to_extent(mpd, lblk, bh)) {
3914 + /* Found extent to map? */
3915 + if (mpd->map.m_len)
3916 +- return false;
3917 +- if (lblk >= blocks)
3918 +- return true;
3919 +- continue;
3920 ++ return 0;
3921 ++ /* Everything mapped so far and we hit EOF */
3922 ++ break;
3923 + }
3924 +- if (!mpage_add_bh_to_extent(mpd, lblk, bh->b_state))
3925 +- return false;
3926 + } while (lblk++, (bh = bh->b_this_page) != head);
3927 +- return true;
3928 +-}
3929 +-
3930 +-static int mpage_submit_page(struct mpage_da_data *mpd, struct page *page)
3931 +-{
3932 +- int len;
3933 +- loff_t size = i_size_read(mpd->inode);
3934 +- int err;
3935 +-
3936 +- BUG_ON(page->index != mpd->first_page);
3937 +- if (page->index == size >> PAGE_CACHE_SHIFT)
3938 +- len = size & ~PAGE_CACHE_MASK;
3939 +- else
3940 +- len = PAGE_CACHE_SIZE;
3941 +- clear_page_dirty_for_io(page);
3942 +- err = ext4_bio_write_page(&mpd->io_submit, page, len, mpd->wbc);
3943 +- if (!err)
3944 +- mpd->wbc->nr_to_write--;
3945 +- mpd->first_page++;
3946 +-
3947 +- return err;
3948 ++ /* So far everything mapped? Submit the page for IO. */
3949 ++ if (mpd->map.m_len == 0) {
3950 ++ err = mpage_submit_page(mpd, head->b_page);
3951 ++ if (err < 0)
3952 ++ return err;
3953 ++ }
3954 ++ return lblk < blocks;
3955 + }
3956 +
3957 + /*
3958 +@@ -2003,8 +2035,6 @@ static int mpage_map_and_submit_buffers(struct mpage_da_data *mpd)
3959 + struct inode *inode = mpd->inode;
3960 + struct buffer_head *head, *bh;
3961 + int bpp_bits = PAGE_CACHE_SHIFT - inode->i_blkbits;
3962 +- ext4_lblk_t blocks = (i_size_read(inode) + (1 << inode->i_blkbits) - 1)
3963 +- >> inode->i_blkbits;
3964 + pgoff_t start, end;
3965 + ext4_lblk_t lblk;
3966 + sector_t pblock;
3967 +@@ -2039,18 +2069,26 @@ static int mpage_map_and_submit_buffers(struct mpage_da_data *mpd)
3968 + */
3969 + mpd->map.m_len = 0;
3970 + mpd->map.m_flags = 0;
3971 +- add_page_bufs_to_extent(mpd, head, bh,
3972 +- lblk);
3973 ++ /*
3974 ++ * FIXME: If dioread_nolock supports
3975 ++ * blocksize < pagesize, we need to make
3976 ++ * sure we add size mapped so far to
3977 ++ * io_end->size as the following call
3978 ++ * can submit the page for IO.
3979 ++ */
3980 ++ err = mpage_process_page_bufs(mpd, head,
3981 ++ bh, lblk);
3982 + pagevec_release(&pvec);
3983 +- return 0;
3984 ++ if (err > 0)
3985 ++ err = 0;
3986 ++ return err;
3987 + }
3988 + if (buffer_delay(bh)) {
3989 + clear_buffer_delay(bh);
3990 + bh->b_blocknr = pblock++;
3991 + }
3992 + clear_buffer_unwritten(bh);
3993 +- } while (++lblk < blocks &&
3994 +- (bh = bh->b_this_page) != head);
3995 ++ } while (lblk++, (bh = bh->b_this_page) != head);
3996 +
3997 + /*
3998 + * FIXME: This is going to break if dioread_nolock
3999 +@@ -2319,14 +2357,10 @@ static int mpage_prepare_extent_to_map(struct mpage_da_data *mpd)
4000 + lblk = ((ext4_lblk_t)page->index) <<
4001 + (PAGE_CACHE_SHIFT - blkbits);
4002 + head = page_buffers(page);
4003 +- if (!add_page_bufs_to_extent(mpd, head, head, lblk))
4004 ++ err = mpage_process_page_bufs(mpd, head, head, lblk);
4005 ++ if (err <= 0)
4006 + goto out;
4007 +- /* So far everything mapped? Submit the page for IO. */
4008 +- if (mpd->map.m_len == 0) {
4009 +- err = mpage_submit_page(mpd, page);
4010 +- if (err < 0)
4011 +- goto out;
4012 +- }
4013 ++ err = 0;
4014 +
4015 + /*
4016 + * Accumulated enough dirty pages? This doesn't apply
4017 +@@ -4566,7 +4600,9 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr)
4018 + ext4_journal_stop(handle);
4019 + }
4020 +
4021 +- if (attr->ia_valid & ATTR_SIZE) {
4022 ++ if (attr->ia_valid & ATTR_SIZE && attr->ia_size != inode->i_size) {
4023 ++ handle_t *handle;
4024 ++ loff_t oldsize = inode->i_size;
4025 +
4026 + if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
4027 + struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
4028 +@@ -4574,73 +4610,60 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr)
4029 + if (attr->ia_size > sbi->s_bitmap_maxbytes)
4030 + return -EFBIG;
4031 + }
4032 +- }
4033 +-
4034 +- if (S_ISREG(inode->i_mode) &&
4035 +- attr->ia_valid & ATTR_SIZE &&
4036 +- (attr->ia_size < inode->i_size)) {
4037 +- handle_t *handle;
4038 +-
4039 +- handle = ext4_journal_start(inode, EXT4_HT_INODE, 3);
4040 +- if (IS_ERR(handle)) {
4041 +- error = PTR_ERR(handle);
4042 +- goto err_out;
4043 +- }
4044 +- if (ext4_handle_valid(handle)) {
4045 +- error = ext4_orphan_add(handle, inode);
4046 +- orphan = 1;
4047 +- }
4048 +- EXT4_I(inode)->i_disksize = attr->ia_size;
4049 +- rc = ext4_mark_inode_dirty(handle, inode);
4050 +- if (!error)
4051 +- error = rc;
4052 +- ext4_journal_stop(handle);
4053 +-
4054 +- if (ext4_should_order_data(inode)) {
4055 +- error = ext4_begin_ordered_truncate(inode,
4056 ++ if (S_ISREG(inode->i_mode) &&
4057 ++ (attr->ia_size < inode->i_size)) {
4058 ++ if (ext4_should_order_data(inode)) {
4059 ++ error = ext4_begin_ordered_truncate(inode,
4060 + attr->ia_size);
4061 +- if (error) {
4062 +- /* Do as much error cleanup as possible */
4063 +- handle = ext4_journal_start(inode,
4064 +- EXT4_HT_INODE, 3);
4065 +- if (IS_ERR(handle)) {
4066 +- ext4_orphan_del(NULL, inode);
4067 ++ if (error)
4068 + goto err_out;
4069 +- }
4070 +- ext4_orphan_del(handle, inode);
4071 +- orphan = 0;
4072 +- ext4_journal_stop(handle);
4073 ++ }
4074 ++ handle = ext4_journal_start(inode, EXT4_HT_INODE, 3);
4075 ++ if (IS_ERR(handle)) {
4076 ++ error = PTR_ERR(handle);
4077 ++ goto err_out;
4078 ++ }
4079 ++ if (ext4_handle_valid(handle)) {
4080 ++ error = ext4_orphan_add(handle, inode);
4081 ++ orphan = 1;
4082 ++ }
4083 ++ EXT4_I(inode)->i_disksize = attr->ia_size;
4084 ++ rc = ext4_mark_inode_dirty(handle, inode);
4085 ++ if (!error)
4086 ++ error = rc;
4087 ++ ext4_journal_stop(handle);
4088 ++ if (error) {
4089 ++ ext4_orphan_del(NULL, inode);
4090 + goto err_out;
4091 + }
4092 + }
4093 +- }
4094 +-
4095 +- if (attr->ia_valid & ATTR_SIZE) {
4096 +- if (attr->ia_size != inode->i_size) {
4097 +- loff_t oldsize = inode->i_size;
4098 +
4099 +- i_size_write(inode, attr->ia_size);
4100 +- /*
4101 +- * Blocks are going to be removed from the inode. Wait
4102 +- * for dio in flight. Temporarily disable
4103 +- * dioread_nolock to prevent livelock.
4104 +- */
4105 +- if (orphan) {
4106 +- if (!ext4_should_journal_data(inode)) {
4107 +- ext4_inode_block_unlocked_dio(inode);
4108 +- inode_dio_wait(inode);
4109 +- ext4_inode_resume_unlocked_dio(inode);
4110 +- } else
4111 +- ext4_wait_for_tail_page_commit(inode);
4112 +- }
4113 +- /*
4114 +- * Truncate pagecache after we've waited for commit
4115 +- * in data=journal mode to make pages freeable.
4116 +- */
4117 +- truncate_pagecache(inode, oldsize, inode->i_size);
4118 ++ i_size_write(inode, attr->ia_size);
4119 ++ /*
4120 ++ * Blocks are going to be removed from the inode. Wait
4121 ++ * for dio in flight. Temporarily disable
4122 ++ * dioread_nolock to prevent livelock.
4123 ++ */
4124 ++ if (orphan) {
4125 ++ if (!ext4_should_journal_data(inode)) {
4126 ++ ext4_inode_block_unlocked_dio(inode);
4127 ++ inode_dio_wait(inode);
4128 ++ ext4_inode_resume_unlocked_dio(inode);
4129 ++ } else
4130 ++ ext4_wait_for_tail_page_commit(inode);
4131 + }
4132 +- ext4_truncate(inode);
4133 ++ /*
4134 ++ * Truncate pagecache after we've waited for commit
4135 ++ * in data=journal mode to make pages freeable.
4136 ++ */
4137 ++ truncate_pagecache(inode, oldsize, inode->i_size);
4138 + }
4139 ++ /*
4140 ++ * We want to call ext4_truncate() even if attr->ia_size ==
4141 ++ * inode->i_size for cases like truncation of fallocated space
4142 ++ */
4143 ++ if (attr->ia_valid & ATTR_SIZE)
4144 ++ ext4_truncate(inode);
4145 +
4146 + if (!rc) {
4147 + setattr_copy(inode, attr);
4148 +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
4149 +index 72a5d5b..8fec28f 100644
4150 +--- a/fs/fuse/dir.c
4151 ++++ b/fs/fuse/dir.c
4152 +@@ -1174,6 +1174,8 @@ static int parse_dirfile(char *buf, size_t nbytes, struct file *file,
4153 + return -EIO;
4154 + if (reclen > nbytes)
4155 + break;
4156 ++ if (memchr(dirent->name, '/', dirent->namelen) != NULL)
4157 ++ return -EIO;
4158 +
4159 + if (!dir_emit(ctx, dirent->name, dirent->namelen,
4160 + dirent->ino, dirent->type))
4161 +@@ -1320,6 +1322,8 @@ static int parse_dirplusfile(char *buf, size_t nbytes, struct file *file,
4162 + return -EIO;
4163 + if (reclen > nbytes)
4164 + break;
4165 ++ if (memchr(dirent->name, '/', dirent->namelen) != NULL)
4166 ++ return -EIO;
4167 +
4168 + if (!over) {
4169 + /* We fill entries into dstbuf only as much as
4170 +@@ -1590,6 +1594,7 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr,
4171 + struct file *file)
4172 + {
4173 + struct fuse_conn *fc = get_fuse_conn(inode);
4174 ++ struct fuse_inode *fi = get_fuse_inode(inode);
4175 + struct fuse_req *req;
4176 + struct fuse_setattr_in inarg;
4177 + struct fuse_attr_out outarg;
4178 +@@ -1617,8 +1622,10 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr,
4179 + if (IS_ERR(req))
4180 + return PTR_ERR(req);
4181 +
4182 +- if (is_truncate)
4183 ++ if (is_truncate) {
4184 + fuse_set_nowrite(inode);
4185 ++ set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
4186 ++ }
4187 +
4188 + memset(&inarg, 0, sizeof(inarg));
4189 + memset(&outarg, 0, sizeof(outarg));
4190 +@@ -1680,12 +1687,14 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr,
4191 + invalidate_inode_pages2(inode->i_mapping);
4192 + }
4193 +
4194 ++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
4195 + return 0;
4196 +
4197 + error:
4198 + if (is_truncate)
4199 + fuse_release_nowrite(inode);
4200 +
4201 ++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
4202 + return err;
4203 + }
4204 +
4205 +@@ -1749,6 +1758,8 @@ static int fuse_setxattr(struct dentry *entry, const char *name,
4206 + fc->no_setxattr = 1;
4207 + err = -EOPNOTSUPP;
4208 + }
4209 ++ if (!err)
4210 ++ fuse_invalidate_attr(inode);
4211 + return err;
4212 + }
4213 +
4214 +@@ -1878,6 +1889,8 @@ static int fuse_removexattr(struct dentry *entry, const char *name)
4215 + fc->no_removexattr = 1;
4216 + err = -EOPNOTSUPP;
4217 + }
4218 ++ if (!err)
4219 ++ fuse_invalidate_attr(inode);
4220 + return err;
4221 + }
4222 +
4223 +diff --git a/fs/fuse/file.c b/fs/fuse/file.c
4224 +index 5c121fe..d409dea 100644
4225 +--- a/fs/fuse/file.c
4226 ++++ b/fs/fuse/file.c
4227 +@@ -629,7 +629,8 @@ static void fuse_read_update_size(struct inode *inode, loff_t size,
4228 + struct fuse_inode *fi = get_fuse_inode(inode);
4229 +
4230 + spin_lock(&fc->lock);
4231 +- if (attr_ver == fi->attr_version && size < inode->i_size) {
4232 ++ if (attr_ver == fi->attr_version && size < inode->i_size &&
4233 ++ !test_bit(FUSE_I_SIZE_UNSTABLE, &fi->state)) {
4234 + fi->attr_version = ++fc->attr_version;
4235 + i_size_write(inode, size);
4236 + }
4237 +@@ -1032,12 +1033,16 @@ static ssize_t fuse_perform_write(struct file *file,
4238 + {
4239 + struct inode *inode = mapping->host;
4240 + struct fuse_conn *fc = get_fuse_conn(inode);
4241 ++ struct fuse_inode *fi = get_fuse_inode(inode);
4242 + int err = 0;
4243 + ssize_t res = 0;
4244 +
4245 + if (is_bad_inode(inode))
4246 + return -EIO;
4247 +
4248 ++ if (inode->i_size < pos + iov_iter_count(ii))
4249 ++ set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
4250 ++
4251 + do {
4252 + struct fuse_req *req;
4253 + ssize_t count;
4254 +@@ -1073,6 +1078,7 @@ static ssize_t fuse_perform_write(struct file *file,
4255 + if (res > 0)
4256 + fuse_write_update_size(inode, pos);
4257 +
4258 ++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
4259 + fuse_invalidate_attr(inode);
4260 +
4261 + return res > 0 ? res : err;
4262 +@@ -1529,7 +1535,6 @@ static int fuse_writepage_locked(struct page *page)
4263 +
4264 + inc_bdi_stat(mapping->backing_dev_info, BDI_WRITEBACK);
4265 + inc_zone_page_state(tmp_page, NR_WRITEBACK_TEMP);
4266 +- end_page_writeback(page);
4267 +
4268 + spin_lock(&fc->lock);
4269 + list_add(&req->writepages_entry, &fi->writepages);
4270 +@@ -1537,6 +1542,8 @@ static int fuse_writepage_locked(struct page *page)
4271 + fuse_flush_writepages(inode);
4272 + spin_unlock(&fc->lock);
4273 +
4274 ++ end_page_writeback(page);
4275 ++
4276 + return 0;
4277 +
4278 + err_free:
4279 +diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
4280 +index fde7249..5ced199 100644
4281 +--- a/fs/fuse/fuse_i.h
4282 ++++ b/fs/fuse/fuse_i.h
4283 +@@ -115,6 +115,8 @@ struct fuse_inode {
4284 + enum {
4285 + /** Advise readdirplus */
4286 + FUSE_I_ADVISE_RDPLUS,
4287 ++ /** An operation changing file size is in progress */
4288 ++ FUSE_I_SIZE_UNSTABLE,
4289 + };
4290 +
4291 + struct fuse_conn;
4292 +diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
4293 +index 0b57859..e0fe703 100644
4294 +--- a/fs/fuse/inode.c
4295 ++++ b/fs/fuse/inode.c
4296 +@@ -201,7 +201,8 @@ void fuse_change_attributes(struct inode *inode, struct fuse_attr *attr,
4297 + struct timespec old_mtime;
4298 +
4299 + spin_lock(&fc->lock);
4300 +- if (attr_version != 0 && fi->attr_version > attr_version) {
4301 ++ if ((attr_version != 0 && fi->attr_version > attr_version) ||
4302 ++ test_bit(FUSE_I_SIZE_UNSTABLE, &fi->state)) {
4303 + spin_unlock(&fc->lock);
4304 + return;
4305 + }
4306 +diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
4307 +index c348d6d..e5d408a 100644
4308 +--- a/fs/isofs/inode.c
4309 ++++ b/fs/isofs/inode.c
4310 +@@ -117,8 +117,8 @@ static void destroy_inodecache(void)
4311 +
4312 + static int isofs_remount(struct super_block *sb, int *flags, char *data)
4313 + {
4314 +- /* we probably want a lot more here */
4315 +- *flags |= MS_RDONLY;
4316 ++ if (!(*flags & MS_RDONLY))
4317 ++ return -EROFS;
4318 + return 0;
4319 + }
4320 +
4321 +@@ -763,15 +763,6 @@ root_found:
4322 + */
4323 + s->s_maxbytes = 0x80000000000LL;
4324 +
4325 +- /*
4326 +- * The CDROM is read-only, has no nodes (devices) on it, and since
4327 +- * all of the files appear to be owned by root, we really do not want
4328 +- * to allow suid. (suid or devices will not show up unless we have
4329 +- * Rock Ridge extensions)
4330 +- */
4331 +-
4332 +- s->s_flags |= MS_RDONLY /* | MS_NODEV | MS_NOSUID */;
4333 +-
4334 + /* Set this for reference. Its not currently used except on write
4335 + which we don't have .. */
4336 +
4337 +@@ -1530,6 +1521,9 @@ struct inode *isofs_iget(struct super_block *sb,
4338 + static struct dentry *isofs_mount(struct file_system_type *fs_type,
4339 + int flags, const char *dev_name, void *data)
4340 + {
4341 ++ /* We don't support read-write mounts */
4342 ++ if (!(flags & MS_RDONLY))
4343 ++ return ERR_PTR(-EACCES);
4344 + return mount_bdev(fs_type, flags, dev_name, data, isofs_fill_super);
4345 + }
4346 +
4347 +diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c
4348 +index 2487116..8460647 100644
4349 +--- a/fs/ocfs2/extent_map.c
4350 ++++ b/fs/ocfs2/extent_map.c
4351 +@@ -781,7 +781,6 @@ int ocfs2_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo,
4352 + cpos = map_start >> osb->s_clustersize_bits;
4353 + mapping_end = ocfs2_clusters_for_bytes(inode->i_sb,
4354 + map_start + map_len);
4355 +- mapping_end -= cpos;
4356 + is_last = 0;
4357 + while (cpos < mapping_end && !is_last) {
4358 + u32 fe_flags;
4359 +diff --git a/fs/proc/root.c b/fs/proc/root.c
4360 +index e0a790d..0e0e83c 100644
4361 +--- a/fs/proc/root.c
4362 ++++ b/fs/proc/root.c
4363 +@@ -110,7 +110,8 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
4364 + ns = task_active_pid_ns(current);
4365 + options = data;
4366 +
4367 +- if (!current_user_ns()->may_mount_proc)
4368 ++ if (!current_user_ns()->may_mount_proc ||
4369 ++ !ns_capable(ns->user_ns, CAP_SYS_ADMIN))
4370 + return ERR_PTR(-EPERM);
4371 + }
4372 +
4373 +diff --git a/include/linux/compat.h b/include/linux/compat.h
4374 +index 7f0c1dd..ec1aee4 100644
4375 +--- a/include/linux/compat.h
4376 ++++ b/include/linux/compat.h
4377 +@@ -669,6 +669,13 @@ asmlinkage long compat_sys_sigaltstack(const compat_stack_t __user *uss_ptr,
4378 +
4379 + int compat_restore_altstack(const compat_stack_t __user *uss);
4380 + int __compat_save_altstack(compat_stack_t __user *, unsigned long);
4381 ++#define compat_save_altstack_ex(uss, sp) do { \
4382 ++ compat_stack_t __user *__uss = uss; \
4383 ++ struct task_struct *t = current; \
4384 ++ put_user_ex(ptr_to_compat((void __user *)t->sas_ss_sp), &__uss->ss_sp); \
4385 ++ put_user_ex(sas_ss_flags(sp), &__uss->ss_flags); \
4386 ++ put_user_ex(t->sas_ss_size, &__uss->ss_size); \
4387 ++} while (0);
4388 +
4389 + asmlinkage long compat_sys_sched_rr_get_interval(compat_pid_t pid,
4390 + struct compat_timespec __user *interval);
4391 +diff --git a/include/linux/hid.h b/include/linux/hid.h
4392 +index 0c48991..ff545cc 100644
4393 +--- a/include/linux/hid.h
4394 ++++ b/include/linux/hid.h
4395 +@@ -393,10 +393,12 @@ struct hid_report {
4396 + struct hid_device *device; /* associated device */
4397 + };
4398 +
4399 ++#define HID_MAX_IDS 256
4400 ++
4401 + struct hid_report_enum {
4402 + unsigned numbered;
4403 + struct list_head report_list;
4404 +- struct hid_report *report_id_hash[256];
4405 ++ struct hid_report *report_id_hash[HID_MAX_IDS];
4406 + };
4407 +
4408 + #define HID_REPORT_TYPES 3
4409 +diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
4410 +index 3bed2e8..d1fe5d0 100644
4411 +--- a/include/linux/pci_ids.h
4412 ++++ b/include/linux/pci_ids.h
4413 +@@ -518,6 +518,8 @@
4414 + #define PCI_DEVICE_ID_AMD_11H_NB_MISC 0x1303
4415 + #define PCI_DEVICE_ID_AMD_11H_NB_LINK 0x1304
4416 + #define PCI_DEVICE_ID_AMD_15H_M10H_F3 0x1403
4417 ++#define PCI_DEVICE_ID_AMD_15H_M30H_NB_F3 0x141d
4418 ++#define PCI_DEVICE_ID_AMD_15H_M30H_NB_F4 0x141e
4419 + #define PCI_DEVICE_ID_AMD_15H_NB_F0 0x1600
4420 + #define PCI_DEVICE_ID_AMD_15H_NB_F1 0x1601
4421 + #define PCI_DEVICE_ID_AMD_15H_NB_F2 0x1602
4422 +diff --git a/include/linux/rculist.h b/include/linux/rculist.h
4423 +index f4b1001..4106721 100644
4424 +--- a/include/linux/rculist.h
4425 ++++ b/include/linux/rculist.h
4426 +@@ -267,8 +267,9 @@ static inline void list_splice_init_rcu(struct list_head *list,
4427 + */
4428 + #define list_first_or_null_rcu(ptr, type, member) \
4429 + ({struct list_head *__ptr = (ptr); \
4430 +- struct list_head __rcu *__next = list_next_rcu(__ptr); \
4431 +- likely(__ptr != __next) ? container_of(__next, type, member) : NULL; \
4432 ++ struct list_head *__next = ACCESS_ONCE(__ptr->next); \
4433 ++ likely(__ptr != __next) ? \
4434 ++ list_entry_rcu(__next, type, member) : NULL; \
4435 + })
4436 +
4437 + /**
4438 +diff --git a/include/linux/signal.h b/include/linux/signal.h
4439 +index d897484..2ac423b 100644
4440 +--- a/include/linux/signal.h
4441 ++++ b/include/linux/signal.h
4442 +@@ -434,6 +434,14 @@ void signals_init(void);
4443 + int restore_altstack(const stack_t __user *);
4444 + int __save_altstack(stack_t __user *, unsigned long);
4445 +
4446 ++#define save_altstack_ex(uss, sp) do { \
4447 ++ stack_t __user *__uss = uss; \
4448 ++ struct task_struct *t = current; \
4449 ++ put_user_ex((void __user *)t->sas_ss_sp, &__uss->ss_sp); \
4450 ++ put_user_ex(sas_ss_flags(sp), &__uss->ss_flags); \
4451 ++ put_user_ex(t->sas_ss_size, &__uss->ss_size); \
4452 ++} while (0);
4453 ++
4454 + #ifdef CONFIG_PROC_FS
4455 + struct seq_file;
4456 + extern void render_sigset_t(struct seq_file *, const char *, sigset_t *);
4457 +diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h
4458 +index 1e88377..3e541e6 100644
4459 +--- a/include/linux/usb/hcd.h
4460 ++++ b/include/linux/usb/hcd.h
4461 +@@ -411,7 +411,7 @@ extern int usb_hcd_pci_probe(struct pci_dev *dev,
4462 + extern void usb_hcd_pci_remove(struct pci_dev *dev);
4463 + extern void usb_hcd_pci_shutdown(struct pci_dev *dev);
4464 +
4465 +-#ifdef CONFIG_PM_SLEEP
4466 ++#ifdef CONFIG_PM
4467 + extern const struct dev_pm_ops usb_hcd_pci_pm_ops;
4468 + #endif
4469 + #endif /* CONFIG_PCI */
4470 +diff --git a/ipc/msg.c b/ipc/msg.c
4471 +index 9f29d9e..b65fdf1 100644
4472 +--- a/ipc/msg.c
4473 ++++ b/ipc/msg.c
4474 +@@ -680,16 +680,18 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
4475 + goto out_unlock1;
4476 + }
4477 +
4478 ++ ipc_lock_object(&msq->q_perm);
4479 ++
4480 + for (;;) {
4481 + struct msg_sender s;
4482 +
4483 + err = -EACCES;
4484 + if (ipcperms(ns, &msq->q_perm, S_IWUGO))
4485 +- goto out_unlock1;
4486 ++ goto out_unlock0;
4487 +
4488 + err = security_msg_queue_msgsnd(msq, msg, msgflg);
4489 + if (err)
4490 +- goto out_unlock1;
4491 ++ goto out_unlock0;
4492 +
4493 + if (msgsz + msq->q_cbytes <= msq->q_qbytes &&
4494 + 1 + msq->q_qnum <= msq->q_qbytes) {
4495 +@@ -699,10 +701,9 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
4496 + /* queue full, wait: */
4497 + if (msgflg & IPC_NOWAIT) {
4498 + err = -EAGAIN;
4499 +- goto out_unlock1;
4500 ++ goto out_unlock0;
4501 + }
4502 +
4503 +- ipc_lock_object(&msq->q_perm);
4504 + ss_add(msq, &s);
4505 +
4506 + if (!ipc_rcu_getref(msq)) {
4507 +@@ -730,10 +731,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext,
4508 + goto out_unlock0;
4509 + }
4510 +
4511 +- ipc_unlock_object(&msq->q_perm);
4512 + }
4513 +-
4514 +- ipc_lock_object(&msq->q_perm);
4515 + msq->q_lspid = task_tgid_vnr(current);
4516 + msq->q_stime = get_seconds();
4517 +
4518 +diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
4519 +index f356974..ad8e1bd 100644
4520 +--- a/kernel/events/uprobes.c
4521 ++++ b/kernel/events/uprobes.c
4522 +@@ -1682,12 +1682,10 @@ static bool handle_trampoline(struct pt_regs *regs)
4523 + tmp = ri;
4524 + ri = ri->next;
4525 + kfree(tmp);
4526 ++ utask->depth--;
4527 +
4528 + if (!chained)
4529 + break;
4530 +-
4531 +- utask->depth--;
4532 +-
4533 + BUG_ON(!ri);
4534 + }
4535 +
4536 +diff --git a/kernel/fork.c b/kernel/fork.c
4537 +index bf46287..200a7a2 100644
4538 +--- a/kernel/fork.c
4539 ++++ b/kernel/fork.c
4540 +@@ -1173,10 +1173,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
4541 + return ERR_PTR(-EINVAL);
4542 +
4543 + /*
4544 +- * If the new process will be in a different pid namespace
4545 +- * don't allow the creation of threads.
4546 ++ * If the new process will be in a different pid namespace don't
4547 ++ * allow it to share a thread group or signal handlers with the
4548 ++ * forking task.
4549 + */
4550 +- if ((clone_flags & (CLONE_VM|CLONE_NEWPID)) &&
4551 ++ if ((clone_flags & (CLONE_SIGHAND | CLONE_NEWPID)) &&
4552 + (task_active_pid_ns(current) !=
4553 + current->nsproxy->pid_ns_for_children))
4554 + return ERR_PTR(-EINVAL);
4555 +diff --git a/kernel/pid.c b/kernel/pid.c
4556 +index 66505c1..ebe5e80 100644
4557 +--- a/kernel/pid.c
4558 ++++ b/kernel/pid.c
4559 +@@ -265,6 +265,7 @@ void free_pid(struct pid *pid)
4560 + struct pid_namespace *ns = upid->ns;
4561 + hlist_del_rcu(&upid->pid_chain);
4562 + switch(--ns->nr_hashed) {
4563 ++ case 2:
4564 + case 1:
4565 + /* When all that is left in the pid namespace
4566 + * is the reaper wake up the reaper. The reaper
4567 +diff --git a/mm/huge_memory.c b/mm/huge_memory.c
4568 +index a92012a..f2820fb 100644
4569 +--- a/mm/huge_memory.c
4570 ++++ b/mm/huge_memory.c
4571 +@@ -2296,6 +2296,8 @@ static void collapse_huge_page(struct mm_struct *mm,
4572 + goto out;
4573 +
4574 + vma = find_vma(mm, address);
4575 ++ if (!vma)
4576 ++ goto out;
4577 + hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK;
4578 + hend = vma->vm_end & HPAGE_PMD_MASK;
4579 + if (address < hstart || address + HPAGE_PMD_SIZE > hend)
4580 +diff --git a/mm/memcontrol.c b/mm/memcontrol.c
4581 +index 0878ff7..aa44621 100644
4582 +--- a/mm/memcontrol.c
4583 ++++ b/mm/memcontrol.c
4584 +@@ -5616,7 +5616,13 @@ static int compare_thresholds(const void *a, const void *b)
4585 + const struct mem_cgroup_threshold *_a = a;
4586 + const struct mem_cgroup_threshold *_b = b;
4587 +
4588 +- return _a->threshold - _b->threshold;
4589 ++ if (_a->threshold > _b->threshold)
4590 ++ return 1;
4591 ++
4592 ++ if (_a->threshold < _b->threshold)
4593 ++ return -1;
4594 ++
4595 ++ return 0;
4596 + }
4597 +
4598 + static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
4599 +diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c
4600 +index dd47889..dbc0a73 100644
4601 +--- a/net/ceph/osd_client.c
4602 ++++ b/net/ceph/osd_client.c
4603 +@@ -2129,6 +2129,8 @@ int ceph_osdc_start_request(struct ceph_osd_client *osdc,
4604 + dout("osdc_start_request failed map, "
4605 + " will retry %lld\n", req->r_tid);
4606 + rc = 0;
4607 ++ } else {
4608 ++ __unregister_request(osdc, req);
4609 + }
4610 + goto out_unlock;
4611 + }
4612 +diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
4613 +index 603ddd9..dbd9a47 100644
4614 +--- a/net/ceph/osdmap.c
4615 ++++ b/net/ceph/osdmap.c
4616 +@@ -1129,7 +1129,7 @@ static int *calc_pg_raw(struct ceph_osdmap *osdmap, struct ceph_pg pgid,
4617 +
4618 + /* pg_temp? */
4619 + pgid.seed = ceph_stable_mod(pgid.seed, pool->pg_num,
4620 +- pool->pgp_num_mask);
4621 ++ pool->pg_num_mask);
4622 + pg = __lookup_pg_mapping(&osdmap->pg_temp, pgid);
4623 + if (pg) {
4624 + *num = pg->len;
4625 +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
4626 +index cc9e02d..7a98d52 100644
4627 +--- a/net/mac80211/mlme.c
4628 ++++ b/net/mac80211/mlme.c
4629 +@@ -2851,14 +2851,6 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
4630 + ieee80211_rx_bss_put(local, bss);
4631 + sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
4632 + }
4633 +-
4634 +- if (!sdata->u.mgd.associated ||
4635 +- !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid))
4636 +- return;
4637 +-
4638 +- ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
4639 +- elems, true);
4640 +-
4641 + }
4642 +
4643 +
4644 +@@ -3147,6 +3139,9 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
4645 +
4646 + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
4647 +
4648 ++ ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
4649 ++ &elems, true);
4650 ++
4651 + if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
4652 + elems.wmm_param_len))
4653 + changed |= BSS_CHANGED_QOS;
4654 +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
4655 +index 8860dd5..9552da2 100644
4656 +--- a/sound/pci/hda/hda_intel.c
4657 ++++ b/sound/pci/hda/hda_intel.c
4658 +@@ -3376,6 +3376,7 @@ static struct snd_pci_quirk msi_black_list[] = {
4659 + SND_PCI_QUIRK(0x1043, 0x81f2, "ASUS", 0), /* Athlon64 X2 + nvidia */
4660 + SND_PCI_QUIRK(0x1043, 0x81f6, "ASUS", 0), /* nvidia */
4661 + SND_PCI_QUIRK(0x1043, 0x822d, "ASUS", 0), /* Athlon64 X2 + nvidia MCP55 */
4662 ++ SND_PCI_QUIRK(0x1179, 0xfb44, "Toshiba Satellite C870", 0), /* AMD Hudson */
4663 + SND_PCI_QUIRK(0x1849, 0x0888, "ASRock", 0), /* Athlon64 X2 + nvidia */
4664 + SND_PCI_QUIRK(0xa0a0, 0x0575, "Aopen MZ915-M", 0), /* ICH6 */
4665 + {}
4666 +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c
4667 +index 9f35862..45850f6 100644
4668 +--- a/sound/pci/hda/patch_hdmi.c
4669 ++++ b/sound/pci/hda/patch_hdmi.c
4670 +@@ -67,6 +67,8 @@ struct hdmi_spec_per_pin {
4671 + struct delayed_work work;
4672 + struct snd_kcontrol *eld_ctl;
4673 + int repoll_count;
4674 ++ bool setup; /* the stream has been set up by prepare callback */
4675 ++ int channels; /* current number of channels */
4676 + bool non_pcm;
4677 + bool chmap_set; /* channel-map override by ALSA API? */
4678 + unsigned char chmap[8]; /* ALSA API channel-map */
4679 +@@ -551,6 +553,17 @@ static int hdmi_channel_allocation(struct hdmi_eld *eld, int channels)
4680 + }
4681 + }
4682 +
4683 ++ if (!ca) {
4684 ++ /* if there was no match, select the regular ALSA channel
4685 ++ * allocation with the matching number of channels */
4686 ++ for (i = 0; i < ARRAY_SIZE(channel_allocations); i++) {
4687 ++ if (channels == channel_allocations[i].channels) {
4688 ++ ca = channel_allocations[i].ca_index;
4689 ++ break;
4690 ++ }
4691 ++ }
4692 ++ }
4693 ++
4694 + snd_print_channel_allocation(eld->info.spk_alloc, buf, sizeof(buf));
4695 + snd_printdd("HDMI: select CA 0x%x for %d-channel allocation: %s\n",
4696 + ca, channels, buf);
4697 +@@ -868,18 +881,19 @@ static bool hdmi_infoframe_uptodate(struct hda_codec *codec, hda_nid_t pin_nid,
4698 + return true;
4699 + }
4700 +
4701 +-static void hdmi_setup_audio_infoframe(struct hda_codec *codec, int pin_idx,
4702 +- bool non_pcm,
4703 +- struct snd_pcm_substream *substream)
4704 ++static void hdmi_setup_audio_infoframe(struct hda_codec *codec,
4705 ++ struct hdmi_spec_per_pin *per_pin,
4706 ++ bool non_pcm)
4707 + {
4708 +- struct hdmi_spec *spec = codec->spec;
4709 +- struct hdmi_spec_per_pin *per_pin = get_pin(spec, pin_idx);
4710 + hda_nid_t pin_nid = per_pin->pin_nid;
4711 +- int channels = substream->runtime->channels;
4712 ++ int channels = per_pin->channels;
4713 + struct hdmi_eld *eld;
4714 + int ca;
4715 + union audio_infoframe ai;
4716 +
4717 ++ if (!channels)
4718 ++ return;
4719 ++
4720 + eld = &per_pin->sink_eld;
4721 + if (!eld->monitor_present)
4722 + return;
4723 +@@ -1329,6 +1343,7 @@ static void hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll)
4724 + eld_changed = true;
4725 + }
4726 + if (update_eld) {
4727 ++ bool old_eld_valid = pin_eld->eld_valid;
4728 + pin_eld->eld_valid = eld->eld_valid;
4729 + eld_changed = pin_eld->eld_size != eld->eld_size ||
4730 + memcmp(pin_eld->eld_buffer, eld->eld_buffer,
4731 +@@ -1338,6 +1353,18 @@ static void hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll)
4732 + eld->eld_size);
4733 + pin_eld->eld_size = eld->eld_size;
4734 + pin_eld->info = eld->info;
4735 ++
4736 ++ /* Haswell-specific workaround: re-setup when the transcoder is
4737 ++ * changed during the stream playback
4738 ++ */
4739 ++ if (codec->vendor_id == 0x80862807 &&
4740 ++ eld->eld_valid && !old_eld_valid && per_pin->setup) {
4741 ++ snd_hda_codec_write(codec, pin_nid, 0,
4742 ++ AC_VERB_SET_AMP_GAIN_MUTE,
4743 ++ AMP_OUT_UNMUTE);
4744 ++ hdmi_setup_audio_infoframe(codec, per_pin,
4745 ++ per_pin->non_pcm);
4746 ++ }
4747 + }
4748 + mutex_unlock(&pin_eld->lock);
4749 +
4750 +@@ -1510,14 +1537,17 @@ static int generic_hdmi_playback_pcm_prepare(struct hda_pcm_stream *hinfo,
4751 + hda_nid_t cvt_nid = hinfo->nid;
4752 + struct hdmi_spec *spec = codec->spec;
4753 + int pin_idx = hinfo_to_pin_index(spec, hinfo);
4754 +- hda_nid_t pin_nid = get_pin(spec, pin_idx)->pin_nid;
4755 ++ struct hdmi_spec_per_pin *per_pin = get_pin(spec, pin_idx);
4756 ++ hda_nid_t pin_nid = per_pin->pin_nid;
4757 + bool non_pcm;
4758 +
4759 + non_pcm = check_non_pcm_per_cvt(codec, cvt_nid);
4760 ++ per_pin->channels = substream->runtime->channels;
4761 ++ per_pin->setup = true;
4762 +
4763 + hdmi_set_channel_count(codec, cvt_nid, substream->runtime->channels);
4764 +
4765 +- hdmi_setup_audio_infoframe(codec, pin_idx, non_pcm, substream);
4766 ++ hdmi_setup_audio_infoframe(codec, per_pin, non_pcm);
4767 +
4768 + return hdmi_setup_stream(codec, cvt_nid, pin_nid, stream_tag, format);
4769 + }
4770 +@@ -1557,6 +1587,9 @@ static int hdmi_pcm_close(struct hda_pcm_stream *hinfo,
4771 + snd_hda_spdif_ctls_unassign(codec, pin_idx);
4772 + per_pin->chmap_set = false;
4773 + memset(per_pin->chmap, 0, sizeof(per_pin->chmap));
4774 ++
4775 ++ per_pin->setup = false;
4776 ++ per_pin->channels = 0;
4777 + }
4778 +
4779 + return 0;
4780 +@@ -1692,8 +1725,7 @@ static int hdmi_chmap_ctl_put(struct snd_kcontrol *kcontrol,
4781 + per_pin->chmap_set = true;
4782 + memcpy(per_pin->chmap, chmap, sizeof(chmap));
4783 + if (prepared)
4784 +- hdmi_setup_audio_infoframe(codec, pin_idx, per_pin->non_pcm,
4785 +- substream);
4786 ++ hdmi_setup_audio_infoframe(codec, per_pin, per_pin->non_pcm);
4787 +
4788 + return 0;
4789 + }
4790 +diff --git a/sound/soc/codecs/mc13783.c b/sound/soc/codecs/mc13783.c
4791 +index 5402dfb..8a8d936 100644
4792 +--- a/sound/soc/codecs/mc13783.c
4793 ++++ b/sound/soc/codecs/mc13783.c
4794 +@@ -126,6 +126,10 @@ static int mc13783_write(struct snd_soc_codec *codec,
4795 +
4796 + ret = mc13xxx_reg_write(priv->mc13xxx, reg, value);
4797 +
4798 ++ /* include errata fix for spi audio problems */
4799 ++ if (reg == MC13783_AUDIO_CODEC || reg == MC13783_AUDIO_DAC)
4800 ++ ret = mc13xxx_reg_write(priv->mc13xxx, reg, value);
4801 ++
4802 + mc13xxx_unlock(priv->mc13xxx);
4803 +
4804 + return ret;
4805 +diff --git a/sound/soc/codecs/wm8960.c b/sound/soc/codecs/wm8960.c
4806 +index 0a4ffdd..5e5af89 100644
4807 +--- a/sound/soc/codecs/wm8960.c
4808 ++++ b/sound/soc/codecs/wm8960.c
4809 +@@ -857,9 +857,9 @@ static int wm8960_set_dai_pll(struct snd_soc_dai *codec_dai, int pll_id,
4810 + if (pll_div.k) {
4811 + reg |= 0x20;
4812 +
4813 +- snd_soc_write(codec, WM8960_PLL2, (pll_div.k >> 18) & 0x3f);
4814 +- snd_soc_write(codec, WM8960_PLL3, (pll_div.k >> 9) & 0x1ff);
4815 +- snd_soc_write(codec, WM8960_PLL4, pll_div.k & 0x1ff);
4816 ++ snd_soc_write(codec, WM8960_PLL2, (pll_div.k >> 16) & 0xff);
4817 ++ snd_soc_write(codec, WM8960_PLL3, (pll_div.k >> 8) & 0xff);
4818 ++ snd_soc_write(codec, WM8960_PLL4, pll_div.k & 0xff);
4819 + }
4820 + snd_soc_write(codec, WM8960_PLL1, reg);
4821 +
4822
4823 diff --git a/3.11.1/4420_grsecurity-2.9.1-3.11.1-201309221838.patch b/3.11.2/4420_grsecurity-2.9.1-3.11.2-201309281103.patch
4824 similarity index 99%
4825 rename from 3.11.1/4420_grsecurity-2.9.1-3.11.1-201309221838.patch
4826 rename to 3.11.2/4420_grsecurity-2.9.1-3.11.2-201309281103.patch
4827 index f7acb39..3abf324 100644
4828 --- a/3.11.1/4420_grsecurity-2.9.1-3.11.1-201309221838.patch
4829 +++ b/3.11.2/4420_grsecurity-2.9.1-3.11.2-201309281103.patch
4830 @@ -281,7 +281,7 @@ index 7f9d4f5..6d1afd6 100644
4831
4832 pcd. [PARIDE]
4833 diff --git a/Makefile b/Makefile
4834 -index efd2396..682975d 100644
4835 +index aede319..6bf55a4 100644
4836 --- a/Makefile
4837 +++ b/Makefile
4838 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
4839 @@ -2745,10 +2745,10 @@ index 2c7cc1e..ab2e911 100644
4840 mcr p15, 0, r4, c2, c0, 0 @ load page table pointer
4841 #endif
4842 diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c
4843 -index 85c3fb6..b3068b1 100644
4844 +index 85c3fb6..054c2dc 100644
4845 --- a/arch/arm/kernel/module.c
4846 +++ b/arch/arm/kernel/module.c
4847 -@@ -37,12 +37,37 @@
4848 +@@ -37,12 +37,39 @@
4849 #endif
4850
4851 #ifdef CONFIG_MMU
4852 @@ -2779,11 +2779,13 @@ index 85c3fb6..b3068b1 100644
4853 +{
4854 + module_free(mod, module_region);
4855 +}
4856 ++EXPORT_SYMBOL(module_free_exec);
4857 +
4858 +void *module_alloc_exec(unsigned long size)
4859 +{
4860 + return __module_alloc(size, PAGE_KERNEL_EXEC);
4861 +}
4862 ++EXPORT_SYMBOL(module_alloc_exec);
4863 +#endif
4864 #endif
4865
4866 @@ -3128,7 +3130,7 @@ index ab517fc..9adf2fa 100644
4867 /*
4868 * on V7-M there is no need to copy the vector table to a dedicated
4869 diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
4870 -index 7bcee5c..64c9c5f 100644
4871 +index 7bcee5c..e2f3249 100644
4872 --- a/arch/arm/kernel/vmlinux.lds.S
4873 +++ b/arch/arm/kernel/vmlinux.lds.S
4874 @@ -8,7 +8,11 @@
4875 @@ -3144,6 +3146,15 @@ index 7bcee5c..64c9c5f 100644
4876 #define PROC_INFO \
4877 . = ALIGN(4); \
4878 VMLINUX_SYMBOL(__proc_info_begin) = .; \
4879 +@@ -34,7 +38,7 @@
4880 + #endif
4881 +
4882 + #if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
4883 +- defined(CONFIG_GENERIC_BUG)
4884 ++ defined(CONFIG_GENERIC_BUG) || defined(CONFIG_PAX_REFCOUNT)
4885 + #define ARM_EXIT_KEEP(x) x
4886 + #define ARM_EXIT_DISCARD(x)
4887 + #else
4888 @@ -90,6 +94,11 @@ SECTIONS
4889 _text = .;
4890 HEAD_TEXT
4891 @@ -13233,7 +13244,7 @@ index bae3aba..c1788c1 100644
4892 set_fs(KERNEL_DS);
4893 has_dumped = 1;
4894 diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
4895 -index bccfca6..a312009 100644
4896 +index 665a730..8e7a67a 100644
4897 --- a/arch/x86/ia32/ia32_signal.c
4898 +++ b/arch/x86/ia32/ia32_signal.c
4899 @@ -338,7 +338,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs,
4900 @@ -13263,12 +13274,7 @@ index bccfca6..a312009 100644
4901 };
4902
4903 frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate);
4904 -@@ -457,20 +457,22 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
4905 - else
4906 - put_user_ex(0, &frame->uc.uc_flags);
4907 - put_user_ex(0, &frame->uc.uc_link);
4908 -- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp);
4909 -+ __compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp);
4910 +@@ -461,16 +461,18 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
4911
4912 if (ksig->ka.sa.sa_flags & SA_RESTORER)
4913 restorer = ksig->ka.sa.sa_restorer;
4914 @@ -14738,7 +14744,7 @@ index 9863ee3..4a1f8e1 100644
4915 return _PAGE_CACHE_WC;
4916 else if (pg_flags == _PGMT_UC_MINUS)
4917 diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h
4918 -index 46fc474..b02b0f9 100644
4919 +index f50de69..2b0a458 100644
4920 --- a/arch/x86/include/asm/checksum_32.h
4921 +++ b/arch/x86/include/asm/checksum_32.h
4922 @@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_generic(const void *src, void *dst,
4923 @@ -14756,24 +14762,24 @@ index 46fc474..b02b0f9 100644
4924 /*
4925 * Note: when you get a NULL pointer exception here this means someone
4926 * passed in an incorrect kernel address to one of these functions.
4927 -@@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_from_user(const void __user *src,
4928 - int *err_ptr)
4929 - {
4930 - might_sleep();
4931 -- return csum_partial_copy_generic((__force void *)src, dst,
4932 -+ return csum_partial_copy_generic_from_user((__force void *)src, dst,
4933 - len, sum, err_ptr, NULL);
4934 - }
4935 +@@ -53,7 +61,7 @@ static inline __wsum csum_partial_copy_from_user(const void __user *src,
4936
4937 -@@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_user(const void *src,
4938 - {
4939 might_sleep();
4940 - if (access_ok(VERIFY_WRITE, dst, len))
4941 -- return csum_partial_copy_generic(src, (__force void *)dst,
4942 -+ return csum_partial_copy_generic_to_user(src, (__force void *)dst,
4943 - len, sum, NULL, err_ptr);
4944 + stac();
4945 +- ret = csum_partial_copy_generic((__force void *)src, dst,
4946 ++ ret = csum_partial_copy_generic_from_user((__force void *)src, dst,
4947 + len, sum, err_ptr, NULL);
4948 + clac();
4949
4950 - if (len)
4951 +@@ -187,7 +195,7 @@ static inline __wsum csum_and_copy_to_user(const void *src,
4952 + might_sleep();
4953 + if (access_ok(VERIFY_WRITE, dst, len)) {
4954 + stac();
4955 +- ret = csum_partial_copy_generic(src, (__force void *)dst,
4956 ++ ret = csum_partial_copy_generic_to_user(src, (__force void *)dst,
4957 + len, sum, NULL, err_ptr);
4958 + clac();
4959 + return ret;
4960 diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
4961 index d47786a..ce1b05d 100644
4962 --- a/arch/x86/include/asm/cmpxchg.h
4963 @@ -15760,7 +15766,7 @@ index 5f55e69..e20bfb1 100644
4964
4965 #ifdef CONFIG_SMP
4966 diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
4967 -index cdbf367..ce8f82b 100644
4968 +index be12c53..2124e35 100644
4969 --- a/arch/x86/include/asm/mmu_context.h
4970 +++ b/arch/x86/include/asm/mmu_context.h
4971 @@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm);
4972 @@ -15838,13 +15844,12 @@ index cdbf367..ce8f82b 100644
4973 load_cr3(next->pgd);
4974 +#endif
4975
4976 - /* stop flush ipis for the previous mm */
4977 + /* Stop flush ipis for the previous mm */
4978 cpumask_clear_cpu(cpu, mm_cpumask(prev));
4979 -@@ -53,9 +106,63 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
4980 - */
4981 +@@ -51,9 +104,63 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
4982 + /* Load the LDT, if the LDT is different: */
4983 if (unlikely(prev->context.ldt != next->context.ldt))
4984 load_LDT_nolock(&next->context);
4985 -- }
4986 +
4987 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
4988 + if (!(__supported_pte_mask & _PAGE_NX)) {
4989 @@ -15859,14 +15864,14 @@ index cdbf367..ce8f82b 100644
4990 + if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
4991 + prev->context.user_cs_limit != next->context.user_cs_limit))
4992 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
4993 - #ifdef CONFIG_SMP
4994 ++#ifdef CONFIG_SMP
4995 + else if (unlikely(tlbstate != TLBSTATE_OK))
4996 + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
4997 +#endif
4998 +#endif
4999 +
5000 -+ }
5001 - else {
5002 + }
5003 ++ else {
5004 +
5005 +#ifdef CONFIG_PAX_PER_CPU_PGD
5006 + pax_open_kernel();
5007 @@ -15901,11 +15906,12 @@ index cdbf367..ce8f82b 100644
5008 + load_cr3(get_cpu_pgd(cpu, kernel));
5009 +#endif
5010 +
5011 -+#ifdef CONFIG_SMP
5012 + #ifdef CONFIG_SMP
5013 +- else {
5014 this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
5015 BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
5016
5017 -@@ -64,11 +171,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
5018 +@@ -70,11 +177,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
5019 * tlb flush IPI delivery. We must reload CR3
5020 * to make sure to use no freed page tables.
5021 */
5022 @@ -25235,7 +25241,7 @@ index 5cdff03..80fa283 100644
5023 * Up to this point, the boot CPU has been using .init.data
5024 * area. Reload any changed state for the boot CPU.
5025 diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
5026 -index cf91358..a7081ea 100644
5027 +index d859eea..44e17c4 100644
5028 --- a/arch/x86/kernel/signal.c
5029 +++ b/arch/x86/kernel/signal.c
5030 @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp)
5031 @@ -25268,12 +25274,8 @@ index cf91358..a7081ea 100644
5032
5033 if (err)
5034 return -EFAULT;
5035 -@@ -358,10 +358,13 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
5036 - else
5037 - put_user_ex(0, &frame->uc.uc_flags);
5038 - put_user_ex(0, &frame->uc.uc_link);
5039 -- err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
5040 -+ __save_altstack_ex(&frame->uc.uc_stack, regs->sp);
5041 +@@ -361,7 +361,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
5042 + save_altstack_ex(&frame->uc.uc_stack, regs->sp);
5043
5044 /* Set up to return from userspace. */
5045 - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
5046 @@ -25293,15 +25295,6 @@ index cf91358..a7081ea 100644
5047 } put_user_catch(err);
5048
5049 err |= copy_siginfo_to_user(&frame->info, &ksig->info);
5050 -@@ -423,7 +426,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
5051 - else
5052 - put_user_ex(0, &frame->uc.uc_flags);
5053 - put_user_ex(0, &frame->uc.uc_link);
5054 -- err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
5055 -+ __save_altstack_ex(&frame->uc.uc_stack, regs->sp);
5056 -
5057 - /* Set up to return from userspace. If provided, use a stub
5058 - already in userspace. */
5059 @@ -609,7 +612,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
5060 {
5061 int usig = signr_convert(ksig->sig);
5062 @@ -27941,38 +27934,37 @@ index 2419d5f..953ee51 100644
5063 CFI_RESTORE_STATE
5064
5065 diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c
5066 -index 25b7ae8..c40113e 100644
5067 +index 7609e0e..b449b98 100644
5068 --- a/arch/x86/lib/csum-wrappers_64.c
5069 +++ b/arch/x86/lib/csum-wrappers_64.c
5070 -@@ -52,8 +52,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
5071 +@@ -53,10 +53,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
5072 len -= 2;
5073 }
5074 }
5075 -- isum = csum_partial_copy_generic((__force const void *)src,
5076 + pax_open_userland();
5077 -+ stac();
5078 + stac();
5079 +- isum = csum_partial_copy_generic((__force const void *)src,
5080 + isum = csum_partial_copy_generic((const void __force_kernel *)____m(src),
5081 dst, len, isum, errp, NULL);
5082 -+ clac();
5083 + clac();
5084 + pax_close_userland();
5085 if (unlikely(*errp))
5086 goto out_err;
5087
5088 -@@ -105,8 +109,13 @@ csum_partial_copy_to_user(const void *src, void __user *dst,
5089 +@@ -110,10 +112,12 @@ csum_partial_copy_to_user(const void *src, void __user *dst,
5090 }
5091
5092 *errp = 0;
5093 -- return csum_partial_copy_generic(src, (void __force *)dst,
5094 + pax_open_userland();
5095 -+ stac();
5096 -+ isum = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst),
5097 - len, isum, NULL, errp);
5098 -+ clac();
5099 + stac();
5100 +- ret = csum_partial_copy_generic(src, (void __force *)dst,
5101 ++ ret = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst),
5102 + len, isum, NULL, errp);
5103 + clac();
5104 + pax_close_userland();
5105 -+ return isum;
5106 + return ret;
5107 }
5108 EXPORT_SYMBOL(csum_partial_copy_to_user);
5109 -
5110 diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S
5111 index a451235..1daa956 100644
5112 --- a/arch/x86/lib/getuser.S
5113 @@ -34319,7 +34311,7 @@ index 290792a..416f287 100644
5114 spin_lock_init(&blkcg->lock);
5115 INIT_RADIX_TREE(&blkcg->blkg_tree, GFP_ATOMIC);
5116 diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c
5117 -index 4b8d9b54..ff76220 100644
5118 +index 4b8d9b54..a7178c0 100644
5119 --- a/block/blk-iopoll.c
5120 +++ b/block/blk-iopoll.c
5121 @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll)
5122 @@ -34327,7 +34319,7 @@ index 4b8d9b54..ff76220 100644
5123 EXPORT_SYMBOL(blk_iopoll_complete);
5124
5125 -static void blk_iopoll_softirq(struct softirq_action *h)
5126 -+static void blk_iopoll_softirq(void)
5127 ++static __latent_entropy void blk_iopoll_softirq(void)
5128 {
5129 struct list_head *list = &__get_cpu_var(blk_cpu_iopoll);
5130 int rearm = 0, budget = blk_iopoll_budget;
5131 @@ -34345,7 +34337,7 @@ index 623e1cd..ca1e109 100644
5132 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
5133 else
5134 diff --git a/block/blk-softirq.c b/block/blk-softirq.c
5135 -index ec9e606..2244d4e 100644
5136 +index ec9e606..3f38839 100644
5137 --- a/block/blk-softirq.c
5138 +++ b/block/blk-softirq.c
5139 @@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done);
5140 @@ -34353,7 +34345,7 @@ index ec9e606..2244d4e 100644
5141 * while passing them to the queue registered handler.
5142 */
5143 -static void blk_done_softirq(struct softirq_action *h)
5144 -+static void blk_done_softirq(void)
5145 ++static __latent_entropy void blk_done_softirq(void)
5146 {
5147 struct list_head *cpu_list, local_list;
5148
5149 @@ -34513,32 +34505,6 @@ index a5ffcc9..3cedc9c 100644
5150 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
5151 goto error;
5152
5153 -diff --git a/crypto/api.c b/crypto/api.c
5154 -index 3b61803..37c4c72 100644
5155 ---- a/crypto/api.c
5156 -+++ b/crypto/api.c
5157 -@@ -34,6 +34,8 @@ EXPORT_SYMBOL_GPL(crypto_alg_sem);
5158 - BLOCKING_NOTIFIER_HEAD(crypto_chain);
5159 - EXPORT_SYMBOL_GPL(crypto_chain);
5160 -
5161 -+static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg);
5162 -+
5163 - struct crypto_alg *crypto_mod_get(struct crypto_alg *alg)
5164 - {
5165 - return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL;
5166 -@@ -144,8 +146,11 @@ static struct crypto_alg *crypto_larval_add(const char *name, u32 type,
5167 - }
5168 - up_write(&crypto_alg_sem);
5169 -
5170 -- if (alg != &larval->alg)
5171 -+ if (alg != &larval->alg) {
5172 - kfree(larval);
5173 -+ if (crypto_is_larval(alg))
5174 -+ alg = crypto_larval_wait(alg);
5175 -+ }
5176 -
5177 - return alg;
5178 - }
5179 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
5180 index 7bdd61b..afec999 100644
5181 --- a/crypto/cryptd.c
5182 @@ -35969,19 +35935,18 @@ index e8d11b6..7b1b36f 100644
5183 }
5184 EXPORT_SYMBOL_GPL(unregister_syscore_ops);
5185 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
5186 -index 62b6c2c..4a11354 100644
5187 +index 62b6c2c..002d10f 100644
5188 --- a/drivers/block/cciss.c
5189 +++ b/drivers/block/cciss.c
5190 -@@ -1189,6 +1189,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
5191 +@@ -1189,6 +1189,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
5192 int err;
5193 u32 cp;
5194
5195 + memset(&arg64, 0, sizeof(arg64));
5196 -+
5197 err = 0;
5198 err |=
5199 copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
5200 -@@ -3010,7 +3012,7 @@ static void start_io(ctlr_info_t *h)
5201 +@@ -3010,7 +3011,7 @@ static void start_io(ctlr_info_t *h)
5202 while (!list_empty(&h->reqQ)) {
5203 c = list_entry(h->reqQ.next, CommandList_struct, list);
5204 /* can't do anything if fifo is full */
5205 @@ -35990,7 +35955,7 @@ index 62b6c2c..4a11354 100644
5206 dev_warn(&h->pdev->dev, "fifo full\n");
5207 break;
5208 }
5209 -@@ -3020,7 +3022,7 @@ static void start_io(ctlr_info_t *h)
5210 +@@ -3020,7 +3021,7 @@ static void start_io(ctlr_info_t *h)
5211 h->Qdepth--;
5212
5213 /* Tell the controller execute command */
5214 @@ -35999,7 +35964,7 @@ index 62b6c2c..4a11354 100644
5215
5216 /* Put job onto the completed Q */
5217 addQ(&h->cmpQ, c);
5218 -@@ -3446,17 +3448,17 @@ startio:
5219 +@@ -3446,17 +3447,17 @@ startio:
5220
5221 static inline unsigned long get_next_completion(ctlr_info_t *h)
5222 {
5223 @@ -36020,7 +35985,7 @@ index 62b6c2c..4a11354 100644
5224 (h->interrupts_enabled == 0));
5225 }
5226
5227 -@@ -3489,7 +3491,7 @@ static inline u32 next_command(ctlr_info_t *h)
5228 +@@ -3489,7 +3490,7 @@ static inline u32 next_command(ctlr_info_t *h)
5229 u32 a;
5230
5231 if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
5232 @@ -36029,7 +35994,7 @@ index 62b6c2c..4a11354 100644
5233
5234 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
5235 a = *(h->reply_pool_head); /* Next cmd in ring buffer */
5236 -@@ -4046,7 +4048,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
5237 +@@ -4046,7 +4047,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
5238 trans_support & CFGTBL_Trans_use_short_tags);
5239
5240 /* Change the access methods to the performant access methods */
5241 @@ -36038,7 +36003,7 @@ index 62b6c2c..4a11354 100644
5242 h->transMethod = CFGTBL_Trans_Performant;
5243
5244 return;
5245 -@@ -4319,7 +4321,7 @@ static int cciss_pci_init(ctlr_info_t *h)
5246 +@@ -4319,7 +4320,7 @@ static int cciss_pci_init(ctlr_info_t *h)
5247 if (prod_index < 0)
5248 return -ENODEV;
5249 h->product_name = products[prod_index].product_name;
5250 @@ -36047,7 +36012,7 @@ index 62b6c2c..4a11354 100644
5251
5252 if (cciss_board_disabled(h)) {
5253 dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
5254 -@@ -5051,7 +5053,7 @@ reinit_after_soft_reset:
5255 +@@ -5051,7 +5052,7 @@ reinit_after_soft_reset:
5256 }
5257
5258 /* make sure the board interrupts are off */
5259 @@ -36056,7 +36021,7 @@ index 62b6c2c..4a11354 100644
5260 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx);
5261 if (rc)
5262 goto clean2;
5263 -@@ -5101,7 +5103,7 @@ reinit_after_soft_reset:
5264 +@@ -5101,7 +5102,7 @@ reinit_after_soft_reset:
5265 * fake ones to scoop up any residual completions.
5266 */
5267 spin_lock_irqsave(&h->lock, flags);
5268 @@ -36065,7 +36030,7 @@ index 62b6c2c..4a11354 100644
5269 spin_unlock_irqrestore(&h->lock, flags);
5270 free_irq(h->intr[h->intr_mode], h);
5271 rc = cciss_request_irq(h, cciss_msix_discard_completions,
5272 -@@ -5121,9 +5123,9 @@ reinit_after_soft_reset:
5273 +@@ -5121,9 +5122,9 @@ reinit_after_soft_reset:
5274 dev_info(&h->pdev->dev, "Board READY.\n");
5275 dev_info(&h->pdev->dev,
5276 "Waiting for stale completions to drain.\n");
5277 @@ -36077,7 +36042,7 @@ index 62b6c2c..4a11354 100644
5278
5279 rc = controller_reset_failed(h->cfgtable);
5280 if (rc)
5281 -@@ -5146,7 +5148,7 @@ reinit_after_soft_reset:
5282 +@@ -5146,7 +5147,7 @@ reinit_after_soft_reset:
5283 cciss_scsi_setup(h);
5284
5285 /* Turn the interrupts on so we can service requests */
5286 @@ -36086,7 +36051,7 @@ index 62b6c2c..4a11354 100644
5287
5288 /* Get the firmware version */
5289 inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
5290 -@@ -5218,7 +5220,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
5291 +@@ -5218,7 +5219,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
5292 kfree(flush_buf);
5293 if (return_code != IO_OK)
5294 dev_warn(&h->pdev->dev, "Error flushing cache\n");
5295 @@ -38551,10 +38516,10 @@ index 3d92a7c..9a9cfd7 100644
5296 iir = I915_READ(IIR);
5297
5298 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
5299 -index be79f47..95e150b 100644
5300 +index ca40d1b..6baacfd 100644
5301 --- a/drivers/gpu/drm/i915/intel_display.c
5302 +++ b/drivers/gpu/drm/i915/intel_display.c
5303 -@@ -9418,13 +9418,13 @@ struct intel_quirk {
5304 +@@ -9431,13 +9431,13 @@ struct intel_quirk {
5305 int subsystem_vendor;
5306 int subsystem_device;
5307 void (*hook)(struct drm_device *dev);
5308 @@ -38570,7 +38535,7 @@ index be79f47..95e150b 100644
5309
5310 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
5311 {
5312 -@@ -9432,18 +9432,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
5313 +@@ -9445,18 +9445,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
5314 return 1;
5315 }
5316
5317 @@ -39427,41 +39392,10 @@ index 5360e5a..c2c0d26 100644
5318 err = drm_debugfs_create_files(dc->debugfs_files,
5319 ARRAY_SIZE(debugfs_files),
5320 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
5321 -index 36668d1..9f4ccb0 100644
5322 +index 5956445..1d30d7e 100644
5323 --- a/drivers/hid/hid-core.c
5324 +++ b/drivers/hid/hid-core.c
5325 -@@ -63,6 +63,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type,
5326 - struct hid_report_enum *report_enum = device->report_enum + type;
5327 - struct hid_report *report;
5328 -
5329 -+ if (id >= HID_MAX_IDS)
5330 -+ return NULL;
5331 - if (report_enum->report_id_hash[id])
5332 - return report_enum->report_id_hash[id];
5333 -
5334 -@@ -404,8 +406,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
5335 -
5336 - case HID_GLOBAL_ITEM_TAG_REPORT_ID:
5337 - parser->global.report_id = item_udata(item);
5338 -- if (parser->global.report_id == 0) {
5339 -- hid_err(parser->device, "report_id 0 is invalid\n");
5340 -+ if (parser->global.report_id == 0 ||
5341 -+ parser->global.report_id >= HID_MAX_IDS) {
5342 -+ hid_err(parser->device, "report_id %u is invalid\n",
5343 -+ parser->global.report_id);
5344 - return -1;
5345 - }
5346 - return 0;
5347 -@@ -575,7 +579,7 @@ static void hid_close_report(struct hid_device *device)
5348 - for (i = 0; i < HID_REPORT_TYPES; i++) {
5349 - struct hid_report_enum *report_enum = device->report_enum + i;
5350 -
5351 -- for (j = 0; j < 256; j++) {
5352 -+ for (j = 0; j < HID_MAX_IDS; j++) {
5353 - struct hid_report *report = report_enum->report_id_hash[j];
5354 - if (report)
5355 - hid_free_report(report);
5356 -@@ -755,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
5357 +@@ -759,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
5358 }
5359 EXPORT_SYMBOL_GPL(hid_parse_report);
5360
5361 @@ -39518,21 +39452,7 @@ index 36668d1..9f4ccb0 100644
5362 /**
5363 * hid_open_report - open a driver-specific device report
5364 *
5365 -@@ -1152,7 +1206,12 @@ EXPORT_SYMBOL_GPL(hid_output_report);
5366 -
5367 - int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
5368 - {
5369 -- unsigned size = field->report_size;
5370 -+ unsigned size;
5371 -+
5372 -+ if (!field)
5373 -+ return -1;
5374 -+
5375 -+ size = field->report_size;
5376 -
5377 - hid_dump_input(field->report->device, field->usage + offset, value);
5378 -
5379 -@@ -2285,7 +2344,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
5380 +@@ -2295,7 +2345,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
5381
5382 int hid_add_device(struct hid_device *hdev)
5383 {
5384 @@ -39541,7 +39461,7 @@ index 36668d1..9f4ccb0 100644
5385 int ret;
5386
5387 if (WARN_ON(hdev->status & HID_STAT_ADDED))
5388 -@@ -2319,7 +2378,7 @@ int hid_add_device(struct hid_device *hdev)
5389 +@@ -2329,7 +2379,7 @@ int hid_add_device(struct hid_device *hdev)
5390 /* XXX hack, any other cleaner solution after the driver core
5391 * is converted to allow more than 20 bytes as the device name? */
5392 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
5393 @@ -39815,68 +39735,6 @@ index cb0e361..2aa275e 100644
5394 }
5395
5396 for (r = 0; r < report->maxfield; r++) {
5397 -diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
5398 -index ef95102..5482156 100644
5399 ---- a/drivers/hid/hid-ntrig.c
5400 -+++ b/drivers/hid/hid-ntrig.c
5401 -@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev)
5402 - struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT].
5403 - report_id_hash[0x0d];
5404 -
5405 -- if (!report)
5406 -+ if (!report || report->maxfield < 1 ||
5407 -+ report->field[0]->report_count < 1)
5408 - return -EINVAL;
5409 -
5410 - hid_hw_request(hdev, report, HID_REQ_GET_REPORT);
5411 -diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
5412 -index b48092d..72bba1e 100644
5413 ---- a/drivers/hid/hid-picolcd_core.c
5414 -+++ b/drivers/hid/hid-picolcd_core.c
5415 -@@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev,
5416 - buf += 10;
5417 - cnt -= 10;
5418 - }
5419 -- if (!report)
5420 -+ if (!report || report->maxfield < 1)
5421 - return -EINVAL;
5422 -
5423 - while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r'))
5424 -diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c
5425 -index d29112f..2dcd7d9 100644
5426 ---- a/drivers/hid/hid-pl.c
5427 -+++ b/drivers/hid/hid-pl.c
5428 -@@ -132,8 +132,14 @@ static int plff_init(struct hid_device *hid)
5429 - strong = &report->field[0]->value[2];
5430 - weak = &report->field[0]->value[3];
5431 - debug("detected single-field device");
5432 -- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 &&
5433 -- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) {
5434 -+ } else if (report->field[0]->maxusage == 1 &&
5435 -+ report->field[0]->usage[0].hid ==
5436 -+ (HID_UP_LED | 0x43) &&
5437 -+ report->maxfield >= 4 &&
5438 -+ report->field[0]->report_count >= 1 &&
5439 -+ report->field[1]->report_count >= 1 &&
5440 -+ report->field[2]->report_count >= 1 &&
5441 -+ report->field[3]->report_count >= 1) {
5442 - report->field[0]->value[0] = 0x00;
5443 - report->field[1]->value[0] = 0x00;
5444 - strong = &report->field[2]->value[0];
5445 -diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c
5446 -index ca749810..aa34755 100644
5447 ---- a/drivers/hid/hid-sensor-hub.c
5448 -+++ b/drivers/hid/hid-sensor-hub.c
5449 -@@ -221,7 +221,8 @@ int sensor_hub_get_feature(struct hid_sensor_hub_device *hsdev, u32 report_id,
5450 -
5451 - mutex_lock(&data->mutex);
5452 - report = sensor_hub_report(report_id, hsdev->hdev, HID_FEATURE_REPORT);
5453 -- if (!report || (field_index >= report->maxfield)) {
5454 -+ if (!report || (field_index >= report->maxfield) ||
5455 -+ report->field[field_index]->report_count < 1) {
5456 - ret = -EINVAL;
5457 - goto done_proc;
5458 - }
5459 diff --git a/drivers/hid/hid-steelseries.c b/drivers/hid/hid-steelseries.c
5460 index d164911..ef42e86 100644
5461 --- a/drivers/hid/hid-steelseries.c
5462 @@ -47364,10 +47222,10 @@ index f379c7f..e8fc69c 100644
5463
5464 transport_setup_device(&rport->dev);
5465 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
5466 -index 86fcf2c..26d8594 100644
5467 +index 2783dd7..d20395b 100644
5468 --- a/drivers/scsi/sd.c
5469 +++ b/drivers/scsi/sd.c
5470 -@@ -2938,7 +2938,7 @@ static int sd_probe(struct device *dev)
5471 +@@ -2933,7 +2933,7 @@ static int sd_probe(struct device *dev)
5472 sdkp->disk = gd;
5473 sdkp->index = index;
5474 atomic_set(&sdkp->openers, 0);
5475 @@ -48853,10 +48711,10 @@ index d5cc3ac..3263411 100644
5476
5477 if (get_user(c, buf))
5478 diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
5479 -index 366af83..6db51c3 100644
5480 +index 20689b9..7fd3a31 100644
5481 --- a/drivers/tty/tty_io.c
5482 +++ b/drivers/tty/tty_io.c
5483 -@@ -3467,7 +3467,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
5484 +@@ -3468,7 +3468,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
5485
5486 void tty_default_fops(struct file_operations *fops)
5487 {
5488 @@ -49287,7 +49145,7 @@ index 014dc99..4d25fd7 100644
5489 wake_up(&usb_kill_urb_queue);
5490 usb_put_urb(urb);
5491 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
5492 -index 558313d..8cadfa5 100644
5493 +index 17c3785..deffb11 100644
5494 --- a/drivers/usb/core/hub.c
5495 +++ b/drivers/usb/core/hub.c
5496 @@ -27,6 +27,7 @@
5497 @@ -49298,7 +49156,7 @@ index 558313d..8cadfa5 100644
5498
5499 #include <asm/uaccess.h>
5500 #include <asm/byteorder.h>
5501 -@@ -4426,6 +4427,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
5502 +@@ -4421,6 +4422,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
5503 goto done;
5504 return;
5505 }
5506 @@ -49349,7 +49207,7 @@ index 7dad603..350f7a9 100644
5507 INIT_LIST_HEAD(&dev->ep0.urb_list);
5508 dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;
5509 diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
5510 -index f77083f..f3e2e34 100644
5511 +index 14d28d6..5f511ac 100644
5512 --- a/drivers/usb/dwc3/gadget.c
5513 +++ b/drivers/usb/dwc3/gadget.c
5514 @@ -550,8 +550,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep,
5515 @@ -52541,7 +52399,7 @@ index 89dec7f..361b0d75 100644
5516 fd_offset + ex.a_text);
5517 if (error != N_DATADDR(ex)) {
5518 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
5519 -index 100edcc..ed95731 100644
5520 +index 100edcc..244db37 100644
5521 --- a/fs/binfmt_elf.c
5522 +++ b/fs/binfmt_elf.c
5523 @@ -34,6 +34,7 @@
5524 @@ -52695,7 +52553,22 @@ index 100edcc..ed95731 100644
5525 error = -ENOMEM;
5526 goto out_close;
5527 }
5528 -@@ -538,6 +567,315 @@ out:
5529 +@@ -525,9 +554,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
5530 + elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
5531 +
5532 + /* Map the last of the bss segment */
5533 +- error = vm_brk(elf_bss, last_bss - elf_bss);
5534 +- if (BAD_ADDR(error))
5535 +- goto out_close;
5536 ++ if (last_bss > elf_bss) {
5537 ++ error = vm_brk(elf_bss, last_bss - elf_bss);
5538 ++ if (BAD_ADDR(error))
5539 ++ goto out_close;
5540 ++ }
5541 + }
5542 +
5543 + error = load_addr;
5544 +@@ -538,6 +569,315 @@ out:
5545 return error;
5546 }
5547
5548 @@ -53011,7 +52884,7 @@ index 100edcc..ed95731 100644
5549 /*
5550 * These are the functions used to load ELF style executables and shared
5551 * libraries. There is no binary dependent code anywhere else.
5552 -@@ -554,6 +892,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
5553 +@@ -554,6 +894,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
5554 {
5555 unsigned int random_variable = 0;
5556
5557 @@ -53023,7 +52896,7 @@ index 100edcc..ed95731 100644
5558 if ((current->flags & PF_RANDOMIZE) &&
5559 !(current->personality & ADDR_NO_RANDOMIZE)) {
5560 random_variable = get_random_int() & STACK_RND_MASK;
5561 -@@ -572,7 +915,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
5562 +@@ -572,7 +917,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
5563 unsigned long load_addr = 0, load_bias = 0;
5564 int load_addr_set = 0;
5565 char * elf_interpreter = NULL;
5566 @@ -53032,7 +52905,7 @@ index 100edcc..ed95731 100644
5567 struct elf_phdr *elf_ppnt, *elf_phdata;
5568 unsigned long elf_bss, elf_brk;
5569 int retval, i;
5570 -@@ -582,12 +925,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
5571 +@@ -582,12 +927,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
5572 unsigned long start_code, end_code, start_data, end_data;
5573 unsigned long reloc_func_desc __maybe_unused = 0;
5574 int executable_stack = EXSTACK_DEFAULT;
5575 @@ -53046,7 +52919,7 @@ index 100edcc..ed95731 100644
5576
5577 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
5578 if (!loc) {
5579 -@@ -723,11 +1066,81 @@ static int load_elf_binary(struct linux_binprm *bprm)
5580 +@@ -723,11 +1068,81 @@ static int load_elf_binary(struct linux_binprm *bprm)
5581 goto out_free_dentry;
5582
5583 /* OK, This is the point of no return */
5584 @@ -53129,7 +53002,7 @@ index 100edcc..ed95731 100644
5585 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
5586 current->personality |= READ_IMPLIES_EXEC;
5587
5588 -@@ -817,6 +1230,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
5589 +@@ -817,6 +1232,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
5590 #else
5591 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
5592 #endif
5593 @@ -53150,7 +53023,7 @@ index 100edcc..ed95731 100644
5594 }
5595
5596 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
5597 -@@ -849,9 +1276,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
5598 +@@ -849,9 +1278,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
5599 * allowed task size. Note that p_filesz must always be
5600 * <= p_memsz so it is only necessary to check p_memsz.
5601 */
5602 @@ -53163,7 +53036,7 @@ index 100edcc..ed95731 100644
5603 /* set_brk can never work. Avoid overflows. */
5604 send_sig(SIGKILL, current, 0);
5605 retval = -EINVAL;
5606 -@@ -890,17 +1317,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
5607 +@@ -890,17 +1319,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
5608 goto out_free_dentry;
5609 }
5610 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
5611 @@ -53215,7 +53088,7 @@ index 100edcc..ed95731 100644
5612 load_bias);
5613 if (!IS_ERR((void *)elf_entry)) {
5614 /*
5615 -@@ -1122,7 +1577,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
5616 +@@ -1122,7 +1579,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
5617 * Decide what to dump of a segment, part, all or none.
5618 */
5619 static unsigned long vma_dump_size(struct vm_area_struct *vma,
5620 @@ -53224,7 +53097,7 @@ index 100edcc..ed95731 100644
5621 {
5622 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
5623
5624 -@@ -1160,7 +1615,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
5625 +@@ -1160,7 +1617,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
5626 if (vma->vm_file == NULL)
5627 return 0;
5628
5629 @@ -53233,7 +53106,7 @@ index 100edcc..ed95731 100644
5630 goto whole;
5631
5632 /*
5633 -@@ -1385,9 +1840,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
5634 +@@ -1385,9 +1842,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
5635 {
5636 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
5637 int i = 0;
5638 @@ -53245,7 +53118,7 @@ index 100edcc..ed95731 100644
5639 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
5640 }
5641
5642 -@@ -1396,7 +1851,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
5643 +@@ -1396,7 +1853,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
5644 {
5645 mm_segment_t old_fs = get_fs();
5646 set_fs(KERNEL_DS);
5647 @@ -53254,7 +53127,7 @@ index 100edcc..ed95731 100644
5648 set_fs(old_fs);
5649 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
5650 }
5651 -@@ -2017,14 +2472,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
5652 +@@ -2017,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
5653 }
5654
5655 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
5656 @@ -53271,7 +53144,7 @@ index 100edcc..ed95731 100644
5657 return size;
5658 }
5659
5660 -@@ -2117,7 +2572,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5661 +@@ -2117,7 +2574,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5662
5663 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
5664
5665 @@ -53280,7 +53153,7 @@ index 100edcc..ed95731 100644
5666 offset += elf_core_extra_data_size();
5667 e_shoff = offset;
5668
5669 -@@ -2131,10 +2586,12 @@ static int elf_core_dump(struct coredump_params *cprm)
5670 +@@ -2131,10 +2588,12 @@ static int elf_core_dump(struct coredump_params *cprm)
5671 offset = dataoff;
5672
5673 size += sizeof(*elf);
5674 @@ -53293,7 +53166,7 @@ index 100edcc..ed95731 100644
5675 if (size > cprm->limit
5676 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
5677 goto end_coredump;
5678 -@@ -2148,7 +2605,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5679 +@@ -2148,7 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5680 phdr.p_offset = offset;
5681 phdr.p_vaddr = vma->vm_start;
5682 phdr.p_paddr = 0;
5683 @@ -53302,7 +53175,7 @@ index 100edcc..ed95731 100644
5684 phdr.p_memsz = vma->vm_end - vma->vm_start;
5685 offset += phdr.p_filesz;
5686 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
5687 -@@ -2159,6 +2616,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5688 +@@ -2159,6 +2618,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5689 phdr.p_align = ELF_EXEC_PAGESIZE;
5690
5691 size += sizeof(phdr);
5692 @@ -53310,7 +53183,7 @@ index 100edcc..ed95731 100644
5693 if (size > cprm->limit
5694 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
5695 goto end_coredump;
5696 -@@ -2183,7 +2641,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5697 +@@ -2183,7 +2643,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5698 unsigned long addr;
5699 unsigned long end;
5700
5701 @@ -53319,7 +53192,7 @@ index 100edcc..ed95731 100644
5702
5703 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
5704 struct page *page;
5705 -@@ -2192,6 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5706 +@@ -2192,6 +2652,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5707 page = get_dump_page(addr);
5708 if (page) {
5709 void *kaddr = kmap(page);
5710 @@ -53327,7 +53200,7 @@ index 100edcc..ed95731 100644
5711 stop = ((size += PAGE_SIZE) > cprm->limit) ||
5712 !dump_write(cprm->file, kaddr,
5713 PAGE_SIZE);
5714 -@@ -2209,6 +2668,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5715 +@@ -2209,6 +2670,7 @@ static int elf_core_dump(struct coredump_params *cprm)
5716
5717 if (e_phnum == PN_XNUM) {
5718 size += sizeof(*shdr4extnum);
5719 @@ -53335,7 +53208,7 @@ index 100edcc..ed95731 100644
5720 if (size > cprm->limit
5721 || !dump_write(cprm->file, shdr4extnum,
5722 sizeof(*shdr4extnum)))
5723 -@@ -2229,6 +2689,167 @@ out:
5724 +@@ -2229,6 +2691,167 @@ out:
5725
5726 #endif /* CONFIG_ELF_CORE */
5727
5728 @@ -53657,7 +53530,7 @@ index a4b38f9..f86a509 100644
5729 spin_lock_init(&delayed_root->lock);
5730 init_waitqueue_head(&delayed_root->wait);
5731 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
5732 -index 238a055..1e33cd5 100644
5733 +index 9877a2a..7ebf9ab 100644
5734 --- a/fs/btrfs/ioctl.c
5735 +++ b/fs/btrfs/ioctl.c
5736 @@ -3097,9 +3097,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
5737 @@ -57333,10 +57206,10 @@ index 1d55f94..088da65 100644
5738 }
5739
5740 diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
5741 -index 72a5d5b..c991011 100644
5742 +index 8fec28f..cd40dba 100644
5743 --- a/fs/fuse/dir.c
5744 +++ b/fs/fuse/dir.c
5745 -@@ -1433,7 +1433,7 @@ static char *read_link(struct dentry *dentry)
5746 +@@ -1437,7 +1437,7 @@ static char *read_link(struct dentry *dentry)
5747 return link;
5748 }
5749
5750 @@ -60028,10 +59901,10 @@ index 7129046..f2779c6 100644
5751 kfree(ctl_table_arg);
5752 goto out;
5753 diff --git a/fs/proc/root.c b/fs/proc/root.c
5754 -index e0a790d..21e095e 100644
5755 +index 0e0e83c..005ba6a 100644
5756 --- a/fs/proc/root.c
5757 +++ b/fs/proc/root.c
5758 -@@ -182,7 +182,15 @@ void __init proc_root_init(void)
5759 +@@ -183,7 +183,15 @@ void __init proc_root_init(void)
5760 #ifdef CONFIG_PROC_DEVICETREE
5761 proc_device_tree_init();
5762 #endif
5763 @@ -67426,10 +67299,10 @@ index 0000000..a340c17
5764 +}
5765 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
5766 new file mode 100644
5767 -index 0000000..8132048
5768 +index 0000000..f056b81
5769 --- /dev/null
5770 +++ b/grsecurity/gracl_ip.c
5771 -@@ -0,0 +1,387 @@
5772 +@@ -0,0 +1,386 @@
5773 +#include <linux/kernel.h>
5774 +#include <asm/uaccess.h>
5775 +#include <asm/errno.h>
5776 @@ -67521,6 +67394,8 @@ index 0000000..8132048
5777 + return gr_sockfamilies[family];
5778 +}
5779 +
5780 ++extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
5781 ++
5782 +int
5783 +gr_search_socket(const int domain, const int type, const int protocol)
5784 +{
5785 @@ -67600,10 +67475,7 @@ index 0000000..8132048
5786 + if (domain == PF_INET)
5787 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
5788 + gr_socktype_to_name(type), gr_proto_to_name(protocol));
5789 -+ else
5790 -+#ifndef CONFIG_IPV6
5791 -+ if (domain != PF_INET6)
5792 -+#endif
5793 ++ else if (rcu_access_pointer(net_families[domain]) != NULL)
5794 + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
5795 + gr_socktype_to_name(type), protocol);
5796 +
5797 @@ -72535,7 +72407,7 @@ index 1ec14a7..d0654a2 100644
5798 /**
5799 * struct clk_init_data - holds init data that's common to all clocks and is
5800 diff --git a/include/linux/compat.h b/include/linux/compat.h
5801 -index 7f0c1dd..206ac34 100644
5802 +index ec1aee4..1077986 100644
5803 --- a/include/linux/compat.h
5804 +++ b/include/linux/compat.h
5805 @@ -312,7 +312,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
5806 @@ -72556,14 +72428,6 @@ index 7f0c1dd..206ac34 100644
5807
5808 asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, size_t);
5809 /*
5810 -@@ -669,6 +669,7 @@ asmlinkage long compat_sys_sigaltstack(const compat_stack_t __user *uss_ptr,
5811 -
5812 - int compat_restore_altstack(const compat_stack_t __user *uss);
5813 - int __compat_save_altstack(compat_stack_t __user *, unsigned long);
5814 -+void __compat_save_altstack_ex(compat_stack_t __user *, unsigned long);
5815 -
5816 - asmlinkage long compat_sys_sched_rr_get_interval(compat_pid_t pid,
5817 - struct compat_timespec __user *interval);
5818 diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
5819 index 842de22..7f3a41f 100644
5820 --- a/include/linux/compiler-gcc4.h
5821 @@ -73242,7 +73106,7 @@ index 1c804b0..1432c2b 100644
5822
5823 /*
5824 diff --git a/include/linux/genhd.h b/include/linux/genhd.h
5825 -index 9f3c275..911b591 100644
5826 +index 9f3c275..8bdff5d 100644
5827 --- a/include/linux/genhd.h
5828 +++ b/include/linux/genhd.h
5829 @@ -194,7 +194,7 @@ struct gendisk {
5830 @@ -73254,6 +73118,15 @@ index 9f3c275..911b591 100644
5831 struct disk_events *ev;
5832 #ifdef CONFIG_BLK_DEV_INTEGRITY
5833 struct blk_integrity *integrity;
5834 +@@ -435,7 +435,7 @@ extern void disk_flush_events(struct gendisk *disk, unsigned int mask);
5835 + extern unsigned int disk_clear_events(struct gendisk *disk, unsigned int mask);
5836 +
5837 + /* drivers/char/random.c */
5838 +-extern void add_disk_randomness(struct gendisk *disk);
5839 ++extern void add_disk_randomness(struct gendisk *disk) __latent_entropy;
5840 + extern void rand_initialize_disk(struct gendisk *disk);
5841 +
5842 + static inline sector_t get_start_sect(struct block_device *bdev)
5843 diff --git a/include/linux/genl_magic_func.h b/include/linux/genl_magic_func.h
5844 index 023bc34..b02b46a 100644
5845 --- a/include/linux/genl_magic_func.h
5846 @@ -74589,24 +74462,10 @@ index 0000000..e7ffaaf
5847 +
5848 +#endif
5849 diff --git a/include/linux/hid.h b/include/linux/hid.h
5850 -index 0c48991..76e41d8 100644
5851 +index ff545cc..76e41d8 100644
5852 --- a/include/linux/hid.h
5853 +++ b/include/linux/hid.h
5854 -@@ -393,10 +393,12 @@ struct hid_report {
5855 - struct hid_device *device; /* associated device */
5856 - };
5857 -
5858 -+#define HID_MAX_IDS 256
5859 -+
5860 - struct hid_report_enum {
5861 - unsigned numbered;
5862 - struct list_head report_list;
5863 -- struct hid_report *report_id_hash[256];
5864 -+ struct hid_report *report_id_hash[HID_MAX_IDS];
5865 - };
5866 -
5867 - #define HID_REPORT_TYPES 3
5868 -@@ -747,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data);
5869 +@@ -749,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data);
5870 struct hid_device *hid_allocate_device(void);
5871 struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id);
5872 int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size);
5873 @@ -76143,10 +76002,10 @@ index 34a1e10..03a6d03 100644
5874 struct proc_ns {
5875 void *ns;
5876 diff --git a/include/linux/random.h b/include/linux/random.h
5877 -index 3b9377d..943ad4a 100644
5878 +index 3b9377d..e418336 100644
5879 --- a/include/linux/random.h
5880 +++ b/include/linux/random.h
5881 -@@ -10,6 +10,16 @@
5882 +@@ -10,9 +10,19 @@
5883
5884
5885 extern void add_device_randomness(const void *, unsigned int);
5886 @@ -76161,8 +76020,13 @@ index 3b9377d..943ad4a 100644
5887 +}
5888 +
5889 extern void add_input_randomness(unsigned int type, unsigned int code,
5890 - unsigned int value);
5891 - extern void add_interrupt_randomness(int irq, int irq_flags);
5892 +- unsigned int value);
5893 +-extern void add_interrupt_randomness(int irq, int irq_flags);
5894 ++ unsigned int value) __latent_entropy;
5895 ++extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy;
5896 +
5897 + extern void get_random_bytes(void *buf, int nbytes);
5898 + extern void get_random_bytes_arch(void *buf, int nbytes);
5899 @@ -32,6 +42,11 @@ void prandom_seed(u32 seed);
5900 u32 prandom_u32_state(struct rnd_state *);
5901 void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
5902 @@ -76176,7 +76040,7 @@ index 3b9377d..943ad4a 100644
5903 * Handle minimum values for seeds
5904 */
5905 diff --git a/include/linux/rculist.h b/include/linux/rculist.h
5906 -index f4b1001..8ddb2b6 100644
5907 +index 4106721..132d42c 100644
5908 --- a/include/linux/rculist.h
5909 +++ b/include/linux/rculist.h
5910 @@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new,
5911 @@ -76642,18 +76506,6 @@ index 429c199..4d42e38 100644
5912 };
5913
5914 /* shm_mode upper byte flags */
5915 -diff --git a/include/linux/signal.h b/include/linux/signal.h
5916 -index d897484..323ba98 100644
5917 ---- a/include/linux/signal.h
5918 -+++ b/include/linux/signal.h
5919 -@@ -433,6 +433,7 @@ void signals_init(void);
5920 -
5921 - int restore_altstack(const stack_t __user *);
5922 - int __save_altstack(stack_t __user *, unsigned long);
5923 -+void __save_altstack_ex(stack_t __user *, unsigned long);
5924 -
5925 - #ifdef CONFIG_PROC_FS
5926 - struct seq_file;
5927 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
5928 index 3b71a4e..5c9f309 100644
5929 --- a/include/linux/skbuff.h
5930 @@ -79442,7 +79294,7 @@ index ae1996d..a35f2cc 100644
5931 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
5932 u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
5933 diff --git a/ipc/msg.c b/ipc/msg.c
5934 -index 9f29d9e..8f284e0 100644
5935 +index b65fdf1..89ec2b1 100644
5936 --- a/ipc/msg.c
5937 +++ b/ipc/msg.c
5938 @@ -291,18 +291,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
5939 @@ -80358,7 +80210,7 @@ index ca65997..60df03d 100644
5940 /* Callchain handling */
5941 extern struct perf_callchain_entry *
5942 diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c
5943 -index f356974..cb8c570 100644
5944 +index ad8e1bd..fed7ba9 100644
5945 --- a/kernel/events/uprobes.c
5946 +++ b/kernel/events/uprobes.c
5947 @@ -1556,7 +1556,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr)
5948 @@ -80431,7 +80283,7 @@ index a949819..a5f127d 100644
5949 {
5950 struct signal_struct *sig = current->signal;
5951 diff --git a/kernel/fork.c b/kernel/fork.c
5952 -index bf46287..2af185d 100644
5953 +index 200a7a2..43e52da 100644
5954 --- a/kernel/fork.c
5955 +++ b/kernel/fork.c
5956 @@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
5957 @@ -80680,7 +80532,7 @@ index bf46287..2af185d 100644
5958 unsigned long stack_start,
5959 unsigned long stack_size,
5960 int __user *child_tidptr,
5961 -@@ -1200,6 +1250,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
5962 +@@ -1201,6 +1251,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
5963 DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
5964 #endif
5965 retval = -EAGAIN;
5966 @@ -80690,7 +80542,7 @@ index bf46287..2af185d 100644
5967 if (atomic_read(&p->real_cred->user->processes) >=
5968 task_rlimit(p, RLIMIT_NPROC)) {
5969 if (p->real_cred->user != INIT_USER &&
5970 -@@ -1449,6 +1502,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
5971 +@@ -1450,6 +1503,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
5972 goto bad_fork_free_pid;
5973 }
5974
5975 @@ -80702,7 +80554,7 @@ index bf46287..2af185d 100644
5976 if (likely(p->pid)) {
5977 ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
5978
5979 -@@ -1534,6 +1592,8 @@ bad_fork_cleanup_count:
5980 +@@ -1535,6 +1593,8 @@ bad_fork_cleanup_count:
5981 bad_fork_free:
5982 free_task(p);
5983 fork_out:
5984 @@ -80711,7 +80563,7 @@ index bf46287..2af185d 100644
5985 return ERR_PTR(retval);
5986 }
5987
5988 -@@ -1604,6 +1664,7 @@ long do_fork(unsigned long clone_flags,
5989 +@@ -1605,6 +1665,7 @@ long do_fork(unsigned long clone_flags,
5990
5991 p = copy_process(clone_flags, stack_start, stack_size,
5992 child_tidptr, NULL, trace);
5993 @@ -80719,7 +80571,7 @@ index bf46287..2af185d 100644
5994 /*
5995 * Do this prior waking up the new thread - the thread pointer
5996 * might get invalid after that point, if the thread exits quickly.
5997 -@@ -1618,6 +1679,8 @@ long do_fork(unsigned long clone_flags,
5998 +@@ -1619,6 +1680,8 @@ long do_fork(unsigned long clone_flags,
5999 if (clone_flags & CLONE_PARENT_SETTID)
6000 put_user(nr, parent_tidptr);
6001
6002 @@ -80728,7 +80580,7 @@ index bf46287..2af185d 100644
6003 if (clone_flags & CLONE_VFORK) {
6004 p->vfork_done = &vfork;
6005 init_completion(&vfork);
6006 -@@ -1734,7 +1797,7 @@ void __init proc_caches_init(void)
6007 +@@ -1735,7 +1798,7 @@ void __init proc_caches_init(void)
6008 mm_cachep = kmem_cache_create("mm_struct",
6009 sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
6010 SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
6011 @@ -80737,7 +80589,7 @@ index bf46287..2af185d 100644
6012 mmap_init();
6013 nsproxy_cache_init();
6014 }
6015 -@@ -1774,7 +1837,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
6016 +@@ -1775,7 +1838,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
6017 return 0;
6018
6019 /* don't need lock here; in the worst case we'll do useless copy */
6020 @@ -80746,7 +80598,7 @@ index bf46287..2af185d 100644
6021 return 0;
6022
6023 *new_fsp = copy_fs_struct(fs);
6024 -@@ -1886,7 +1949,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
6025 +@@ -1887,7 +1950,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
6026 fs = current->fs;
6027 spin_lock(&fs->lock);
6028 current->fs = new_fs;
6029 @@ -80848,7 +80700,7 @@ index 9b22d03..6295b62 100644
6030 prev->next = info->next;
6031 else
6032 diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
6033 -index 383319b..cd2b391 100644
6034 +index 383319b..56ebb13 100644
6035 --- a/kernel/hrtimer.c
6036 +++ b/kernel/hrtimer.c
6037 @@ -1438,7 +1438,7 @@ void hrtimer_peek_ahead_timers(void)
6038 @@ -80856,7 +80708,7 @@ index 383319b..cd2b391 100644
6039 }
6040
6041 -static void run_hrtimer_softirq(struct softirq_action *h)
6042 -+static void run_hrtimer_softirq(void)
6043 ++static __latent_entropy void run_hrtimer_softirq(void)
6044 {
6045 hrtimer_peek_ahead_timers();
6046 }
6047 @@ -82351,7 +82203,7 @@ index 8018646..b6a5b4f 100644
6048 }
6049 EXPORT_SYMBOL(__stack_chk_fail);
6050 diff --git a/kernel/pid.c b/kernel/pid.c
6051 -index 66505c1..87af12c 100644
6052 +index ebe5e80..5d6d634 100644
6053 --- a/kernel/pid.c
6054 +++ b/kernel/pid.c
6055 @@ -33,6 +33,7 @@
6056 @@ -82371,7 +82223,7 @@ index 66505c1..87af12c 100644
6057
6058 int pid_max_min = RESERVED_PIDS + 1;
6059 int pid_max_max = PID_MAX_LIMIT;
6060 -@@ -439,10 +440,18 @@ EXPORT_SYMBOL(pid_task);
6061 +@@ -440,10 +441,18 @@ EXPORT_SYMBOL(pid_task);
6062 */
6063 struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
6064 {
6065 @@ -82391,7 +82243,7 @@ index 66505c1..87af12c 100644
6066 }
6067
6068 struct task_struct *find_task_by_vpid(pid_t vnr)
6069 -@@ -450,6 +459,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
6070 +@@ -451,6 +460,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
6071 return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
6072 }
6073
6074 @@ -82789,7 +82641,7 @@ index cce6ba8..7c758b1f 100644
6075 }
6076 return till_stall_check * HZ + RCU_STALL_DELAY_DELTA;
6077 diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c
6078 -index aa34411..78e5ccb 100644
6079 +index aa34411..4832cd4 100644
6080 --- a/kernel/rcutiny.c
6081 +++ b/kernel/rcutiny.c
6082 @@ -45,7 +45,7 @@
6083 @@ -82806,7 +82658,7 @@ index aa34411..78e5ccb 100644
6084 }
6085
6086 -static void rcu_process_callbacks(struct softirq_action *unused)
6087 -+static void rcu_process_callbacks(void)
6088 ++static __latent_entropy void rcu_process_callbacks(void)
6089 {
6090 __rcu_process_callbacks(&rcu_sched_ctrlblk);
6091 __rcu_process_callbacks(&rcu_bh_ctrlblk);
6092 @@ -82978,7 +82830,7 @@ index f4871e5..8ef5741 100644
6093 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
6094 per_cpu(rcu_torture_count, cpu)[i] = 0;
6095 diff --git a/kernel/rcutree.c b/kernel/rcutree.c
6096 -index 068de3a..df7da65 100644
6097 +index 068de3a..5e7db2f 100644
6098 --- a/kernel/rcutree.c
6099 +++ b/kernel/rcutree.c
6100 @@ -358,9 +358,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
6101 @@ -83107,7 +82959,7 @@ index 068de3a..df7da65 100644
6102 * Do RCU core processing for the current CPU.
6103 */
6104 -static void rcu_process_callbacks(struct softirq_action *unused)
6105 -+static void rcu_process_callbacks(void)
6106 ++static __latent_entropy void rcu_process_callbacks(void)
6107 {
6108 struct rcu_state *rsp;
6109
6110 @@ -83724,7 +83576,7 @@ index 05c39f0..442e6fe 100644
6111 #else
6112 static void register_sched_domain_sysctl(void)
6113 diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
6114 -index 68f1609..640ba13 100644
6115 +index 68f1609..2a9fe8a 100644
6116 --- a/kernel/sched/fair.c
6117 +++ b/kernel/sched/fair.c
6118 @@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated)
6119 @@ -83741,7 +83593,7 @@ index 68f1609..640ba13 100644
6120 * Also triggered for nohz idle balancing (with nohz_balancing_kick set).
6121 */
6122 -static void run_rebalance_domains(struct softirq_action *h)
6123 -+static void run_rebalance_domains(void)
6124 ++static __latent_entropy void run_rebalance_domains(void)
6125 {
6126 int this_cpu = smp_processor_id();
6127 struct rq *this_rq = cpu_rq(this_cpu);
6128 @@ -83759,7 +83611,7 @@ index ef0a7b2..1b728c1 100644
6129 #define sched_class_highest (&stop_sched_class)
6130 #define for_each_class(class) \
6131 diff --git a/kernel/signal.c b/kernel/signal.c
6132 -index 50e4107..08bcb94 100644
6133 +index 50e4107..9409983 100644
6134 --- a/kernel/signal.c
6135 +++ b/kernel/signal.c
6136 @@ -51,12 +51,12 @@ static struct kmem_cache *sigqueue_cachep;
6137 @@ -83885,24 +83737,7 @@ index 50e4107..08bcb94 100644
6138 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
6139 error = check_kill_permission(sig, info, p);
6140 /*
6141 -@@ -3219,6 +3250,16 @@ int __save_altstack(stack_t __user *uss, unsigned long sp)
6142 - __put_user(t->sas_ss_size, &uss->ss_size);
6143 - }
6144 -
6145 -+#ifdef CONFIG_X86
6146 -+void __save_altstack_ex(stack_t __user *uss, unsigned long sp)
6147 -+{
6148 -+ struct task_struct *t = current;
6149 -+ put_user_ex((void __user *)t->sas_ss_sp, &uss->ss_sp);
6150 -+ put_user_ex(sas_ss_flags(sp), &uss->ss_flags);
6151 -+ put_user_ex(t->sas_ss_size, &uss->ss_size);
6152 -+}
6153 -+#endif
6154 -+
6155 - #ifdef CONFIG_COMPAT
6156 - COMPAT_SYSCALL_DEFINE2(sigaltstack,
6157 - const compat_stack_t __user *, uss_ptr,
6158 -@@ -3240,8 +3281,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
6159 +@@ -3240,8 +3271,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
6160 }
6161 seg = get_fs();
6162 set_fs(KERNEL_DS);
6163 @@ -83913,23 +83748,6 @@ index 50e4107..08bcb94 100644
6164 compat_user_stack_pointer());
6165 set_fs(seg);
6166 if (ret >= 0 && uoss_ptr) {
6167 -@@ -3268,6 +3309,16 @@ int __compat_save_altstack(compat_stack_t __user *uss, unsigned long sp)
6168 - __put_user(sas_ss_flags(sp), &uss->ss_flags) |
6169 - __put_user(t->sas_ss_size, &uss->ss_size);
6170 - }
6171 -+
6172 -+#ifdef CONFIG_X86
6173 -+void __compat_save_altstack_ex(compat_stack_t __user *uss, unsigned long sp)
6174 -+{
6175 -+ struct task_struct *t = current;
6176 -+ put_user_ex(ptr_to_compat((void __user *)t->sas_ss_sp), &uss->ss_sp);
6177 -+ put_user_ex(sas_ss_flags(sp), &uss->ss_flags);
6178 -+ put_user_ex(t->sas_ss_size, &uss->ss_size);
6179 -+}
6180 -+#endif
6181 - #endif
6182 -
6183 - #ifdef __ARCH_WANT_SYS_SIGPENDING
6184 diff --git a/kernel/smpboot.c b/kernel/smpboot.c
6185 index eb89e18..a4e6792 100644
6186 --- a/kernel/smpboot.c
6187 @@ -83953,7 +83771,7 @@ index eb89e18..a4e6792 100644
6188 mutex_unlock(&smpboot_threads_lock);
6189 put_online_cpus();
6190 diff --git a/kernel/softirq.c b/kernel/softirq.c
6191 -index be3d351..9e4d5f2 100644
6192 +index be3d351..e57af82 100644
6193 --- a/kernel/softirq.c
6194 +++ b/kernel/softirq.c
6195 @@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
6196 @@ -83993,7 +83811,7 @@ index be3d351..9e4d5f2 100644
6197 EXPORT_SYMBOL(__tasklet_hi_schedule_first);
6198
6199 -static void tasklet_action(struct softirq_action *a)
6200 -+static void tasklet_action(void)
6201 ++static __latent_entropy void tasklet_action(void)
6202 {
6203 struct tasklet_struct *list;
6204
6205 @@ -84002,7 +83820,7 @@ index be3d351..9e4d5f2 100644
6206 }
6207
6208 -static void tasklet_hi_action(struct softirq_action *a)
6209 -+static void tasklet_hi_action(void)
6210 ++static __latent_entropy void tasklet_hi_action(void)
6211 {
6212 struct tasklet_struct *list;
6213
6214 @@ -84652,7 +84470,7 @@ index 0b537f2..40d6c20 100644
6215 return -ENOMEM;
6216 return 0;
6217 diff --git a/kernel/timer.c b/kernel/timer.c
6218 -index 4296d13..8998609 100644
6219 +index 4296d13..0164b04 100644
6220 --- a/kernel/timer.c
6221 +++ b/kernel/timer.c
6222 @@ -1366,7 +1366,7 @@ void update_process_times(int user_tick)
6223 @@ -84660,7 +84478,7 @@ index 4296d13..8998609 100644
6224 * This function runs timers and the timer-tq in bottom half context.
6225 */
6226 -static void run_timer_softirq(struct softirq_action *h)
6227 -+static void run_timer_softirq(void)
6228 ++static __latent_entropy void run_timer_softirq(void)
6229 {
6230 struct tvec_base *base = __this_cpu_read(tvec_bases);
6231
6232 @@ -85763,6 +85581,19 @@ index c24c2f7..06e070b 100644
6233 + pax_close_kernel();
6234 +}
6235 +EXPORT_SYMBOL(pax_list_del_rcu);
6236 +diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
6237 +index 7deeb62..144eb47 100644
6238 +--- a/lib/percpu-refcount.c
6239 ++++ b/lib/percpu-refcount.c
6240 +@@ -29,7 +29,7 @@
6241 + * can't hit 0 before we've added up all the percpu refs.
6242 + */
6243 +
6244 +-#define PCPU_COUNT_BIAS (1U << 31)
6245 ++#define PCPU_COUNT_BIAS (1U << 30)
6246 +
6247 + /**
6248 + * percpu_ref_init - initialize a percpu refcount
6249 diff --git a/lib/radix-tree.c b/lib/radix-tree.c
6250 index e796429..6e38f9f 100644
6251 --- a/lib/radix-tree.c
6252 @@ -87290,7 +87121,7 @@ index 6f0c244..6d1ae32 100644
6253 err = -EPERM;
6254 goto out;
6255 diff --git a/mm/mlock.c b/mm/mlock.c
6256 -index 79b7cf7..9944291 100644
6257 +index 79b7cf7..37472bf 100644
6258 --- a/mm/mlock.c
6259 +++ b/mm/mlock.c
6260 @@ -13,6 +13,7 @@
6261 @@ -87340,7 +87171,7 @@ index 79b7cf7..9944291 100644
6262 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
6263 error = do_mlock(start, len, 1);
6264 up_write(&current->mm->mmap_sem);
6265 -@@ -500,6 +510,11 @@ static int do_mlockall(int flags)
6266 +@@ -500,12 +510,18 @@ static int do_mlockall(int flags)
6267 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
6268 vm_flags_t newflags;
6269
6270 @@ -87352,7 +87183,14 @@ index 79b7cf7..9944291 100644
6271 newflags = vma->vm_flags & ~VM_LOCKED;
6272 if (flags & MCL_CURRENT)
6273 newflags |= VM_LOCKED;
6274 -@@ -532,6 +547,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
6275 +
6276 + /* Ignore errors */
6277 + mlock_fixup(vma, &prev, vma->vm_start, vma->vm_end, newflags);
6278 ++ cond_resched();
6279 + }
6280 + out:
6281 + return 0;
6282 +@@ -532,6 +548,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
6283 lock_limit >>= PAGE_SHIFT;
6284
6285 ret = -ENOMEM;
6286 @@ -91477,7 +91315,7 @@ index 8ab48cd..57b1a80 100644
6287
6288 return err;
6289 diff --git a/net/core/dev.c b/net/core/dev.c
6290 -index 26755dd..5020ced 100644
6291 +index 26755dd..2a232de 100644
6292 --- a/net/core/dev.c
6293 +++ b/net/core/dev.c
6294 @@ -1680,14 +1680,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
6295 @@ -91520,7 +91358,7 @@ index 26755dd..5020ced 100644
6296 EXPORT_SYMBOL(netif_rx_ni);
6297
6298 -static void net_tx_action(struct softirq_action *h)
6299 -+static void net_tx_action(void)
6300 ++static __latent_entropy void net_tx_action(void)
6301 {
6302 struct softnet_data *sd = &__get_cpu_var(softnet_data);
6303
6304 @@ -91538,7 +91376,7 @@ index 26755dd..5020ced 100644
6305 EXPORT_SYMBOL(netif_napi_del);
6306
6307 -static void net_rx_action(struct softirq_action *h)
6308 -+static void net_rx_action(void)
6309 ++static __latent_entropy void net_rx_action(void)
6310 {
6311 struct softnet_data *sd = &__get_cpu_var(softnet_data);
6312 unsigned long time_limit = jiffies + 2;
6313 @@ -93358,6 +93196,96 @@ index 90747f1..505320d 100644
6314 .kind = "ip6gretap",
6315 .maxtype = IFLA_GRE_MAX,
6316 .policy = ip6gre_policy,
6317 +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
6318 +index e7ceb6c..44df1c9 100644
6319 +--- a/net/ipv6/ip6_output.c
6320 ++++ b/net/ipv6/ip6_output.c
6321 +@@ -1040,6 +1040,8 @@ static inline int ip6_ufo_append_data(struct sock *sk,
6322 + * udp datagram
6323 + */
6324 + if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
6325 ++ struct frag_hdr fhdr;
6326 ++
6327 + skb = sock_alloc_send_skb(sk,
6328 + hh_len + fragheaderlen + transhdrlen + 20,
6329 + (flags & MSG_DONTWAIT), &err);
6330 +@@ -1061,12 +1063,6 @@ static inline int ip6_ufo_append_data(struct sock *sk,
6331 + skb->protocol = htons(ETH_P_IPV6);
6332 + skb->ip_summed = CHECKSUM_PARTIAL;
6333 + skb->csum = 0;
6334 +- }
6335 +-
6336 +- err = skb_append_datato_frags(sk,skb, getfrag, from,
6337 +- (length - transhdrlen));
6338 +- if (!err) {
6339 +- struct frag_hdr fhdr;
6340 +
6341 + /* Specify the length of each IPv6 datagram fragment.
6342 + * It has to be a multiple of 8.
6343 +@@ -1077,15 +1073,10 @@ static inline int ip6_ufo_append_data(struct sock *sk,
6344 + ipv6_select_ident(&fhdr, rt);
6345 + skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
6346 + __skb_queue_tail(&sk->sk_write_queue, skb);
6347 +-
6348 +- return 0;
6349 + }
6350 +- /* There is not enough support do UPD LSO,
6351 +- * so follow normal path
6352 +- */
6353 +- kfree_skb(skb);
6354 +
6355 +- return err;
6356 ++ return skb_append_datato_frags(sk, skb, getfrag, from,
6357 ++ (length - transhdrlen));
6358 + }
6359 +
6360 + static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
6361 +@@ -1252,27 +1243,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
6362 + * --yoshfuji
6363 + */
6364 +
6365 ++ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP ||
6366 ++ sk->sk_protocol == IPPROTO_RAW)) {
6367 ++ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
6368 ++ return -EMSGSIZE;
6369 ++ }
6370 ++
6371 ++ skb = skb_peek_tail(&sk->sk_write_queue);
6372 + cork->length += length;
6373 +- if (length > mtu) {
6374 +- int proto = sk->sk_protocol;
6375 +- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
6376 +- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
6377 +- return -EMSGSIZE;
6378 +- }
6379 +-
6380 +- if (proto == IPPROTO_UDP &&
6381 +- (rt->dst.dev->features & NETIF_F_UFO)) {
6382 +-
6383 +- err = ip6_ufo_append_data(sk, getfrag, from, length,
6384 +- hh_len, fragheaderlen,
6385 +- transhdrlen, mtu, flags, rt);
6386 +- if (err)
6387 +- goto error;
6388 +- return 0;
6389 +- }
6390 ++ if (((length > mtu) ||
6391 ++ (skb && skb_is_gso(skb))) &&
6392 ++ (sk->sk_protocol == IPPROTO_UDP) &&
6393 ++ (rt->dst.dev->features & NETIF_F_UFO)) {
6394 ++ err = ip6_ufo_append_data(sk, getfrag, from, length,
6395 ++ hh_len, fragheaderlen,
6396 ++ transhdrlen, mtu, flags, rt);
6397 ++ if (err)
6398 ++ goto error;
6399 ++ return 0;
6400 + }
6401 +
6402 +- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
6403 ++ if (!skb)
6404 + goto alloc_new_skb;
6405 +
6406 + while (length > 0) {
6407 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
6408 index 46ba243..576f50e 100644
6409 --- a/net/ipv6/ip6_tunnel.c
6410 @@ -95749,7 +95677,7 @@ index 9a5c4c9..46e4b29 100644
6411
6412 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
6413 diff --git a/net/socket.c b/net/socket.c
6414 -index b2d7c62..04f19ea 100644
6415 +index b2d7c62..441a7ef 100644
6416 --- a/net/socket.c
6417 +++ b/net/socket.c
6418 @@ -88,6 +88,7 @@
6419 @@ -95769,6 +95697,15 @@ index b2d7c62..04f19ea 100644
6420 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
6421 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
6422 unsigned long nr_segs, loff_t pos);
6423 +@@ -162,7 +165,7 @@ static const struct file_operations socket_file_ops = {
6424 + */
6425 +
6426 + static DEFINE_SPINLOCK(net_family_lock);
6427 +-static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
6428 ++const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
6429 +
6430 + /*
6431 + * Statistics counters of the socket lists
6432 @@ -327,7 +330,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type,
6433 &sockfs_dentry_operations, SOCKFS_MAGIC);
6434 }
6435 @@ -95787,24 +95724,28 @@ index b2d7c62..04f19ea 100644
6436
6437 /* Compatibility.
6438
6439 -@@ -1394,6 +1399,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
6440 - if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
6441 - flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
6442 +@@ -1283,6 +1288,20 @@ int __sock_create(struct net *net, int family, int type, int protocol,
6443 + if (err)
6444 + return err;
6445
6446 -+ if(!gr_search_socket(family, type, protocol)) {
6447 -+ retval = -EACCES;
6448 -+ goto out;
6449 ++ if(!kern && !gr_search_socket(family, type, protocol)) {
6450 ++ if (rcu_access_pointer(net_families[family]) == NULL)
6451 ++ return -EAFNOSUPPORT;
6452 ++ else
6453 ++ return -EACCES;
6454 + }
6455 +
6456 -+ if (gr_handle_sock_all(family, type, protocol)) {
6457 -+ retval = -EACCES;
6458 -+ goto out;
6459 ++ if (!kern && gr_handle_sock_all(family, type, protocol)) {
6460 ++ if (rcu_access_pointer(net_families[family]) == NULL)
6461 ++ return -EAFNOSUPPORT;
6462 ++ else
6463 ++ return -EACCES;
6464 + }
6465 +
6466 - retval = sock_create(family, type, protocol, &sock);
6467 - if (retval < 0)
6468 - goto out;
6469 -@@ -1521,6 +1536,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
6470 + /*
6471 + * Allocate the socket and allow the family to set things up. if
6472 + * the protocol is 0, the family is instructed to select an appropriate
6473 +@@ -1521,6 +1540,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
6474 if (sock) {
6475 err = move_addr_to_kernel(umyaddr, addrlen, &address);
6476 if (err >= 0) {
6477 @@ -95819,7 +95760,7 @@ index b2d7c62..04f19ea 100644
6478 err = security_socket_bind(sock,
6479 (struct sockaddr *)&address,
6480 addrlen);
6481 -@@ -1529,6 +1552,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
6482 +@@ -1529,6 +1556,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
6483 (struct sockaddr *)
6484 &address, addrlen);
6485 }
6486 @@ -95827,7 +95768,7 @@ index b2d7c62..04f19ea 100644
6487 fput_light(sock->file, fput_needed);
6488 }
6489 return err;
6490 -@@ -1552,10 +1576,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
6491 +@@ -1552,10 +1580,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
6492 if ((unsigned int)backlog > somaxconn)
6493 backlog = somaxconn;
6494
6495 @@ -95848,7 +95789,7 @@ index b2d7c62..04f19ea 100644
6496 fput_light(sock->file, fput_needed);
6497 }
6498 return err;
6499 -@@ -1599,6 +1633,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
6500 +@@ -1599,6 +1637,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
6501 newsock->type = sock->type;
6502 newsock->ops = sock->ops;
6503
6504 @@ -95867,7 +95808,7 @@ index b2d7c62..04f19ea 100644
6505 /*
6506 * We don't need try_module_get here, as the listening socket (sock)
6507 * has the protocol module (sock->ops->owner) held.
6508 -@@ -1644,6 +1690,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
6509 +@@ -1644,6 +1694,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
6510 fd_install(newfd, newfile);
6511 err = newfd;
6512
6513 @@ -95876,7 +95817,7 @@ index b2d7c62..04f19ea 100644
6514 out_put:
6515 fput_light(sock->file, fput_needed);
6516 out:
6517 -@@ -1676,6 +1724,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
6518 +@@ -1676,6 +1728,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
6519 int, addrlen)
6520 {
6521 struct socket *sock;
6522 @@ -95884,7 +95825,7 @@ index b2d7c62..04f19ea 100644
6523 struct sockaddr_storage address;
6524 int err, fput_needed;
6525
6526 -@@ -1686,6 +1735,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
6527 +@@ -1686,6 +1739,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
6528 if (err < 0)
6529 goto out_put;
6530
6531 @@ -95902,7 +95843,7 @@ index b2d7c62..04f19ea 100644
6532 err =
6533 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
6534 if (err)
6535 -@@ -1767,6 +1827,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
6536 +@@ -1767,6 +1831,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
6537 * the protocol.
6538 */
6539
6540 @@ -95911,7 +95852,7 @@ index b2d7c62..04f19ea 100644
6541 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
6542 unsigned int, flags, struct sockaddr __user *, addr,
6543 int, addr_len)
6544 -@@ -1833,7 +1895,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
6545 +@@ -1833,7 +1899,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
6546 struct socket *sock;
6547 struct iovec iov;
6548 struct msghdr msg;
6549 @@ -95920,7 +95861,7 @@ index b2d7c62..04f19ea 100644
6550 int err, err2;
6551 int fput_needed;
6552
6553 -@@ -2040,7 +2102,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
6554 +@@ -2040,7 +2106,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
6555 * checking falls down on this.
6556 */
6557 if (copy_from_user(ctl_buf,
6558 @@ -95929,7 +95870,7 @@ index b2d7c62..04f19ea 100644
6559 ctl_len))
6560 goto out_freectl;
6561 msg_sys->msg_control = ctl_buf;
6562 -@@ -2191,7 +2253,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
6563 +@@ -2191,7 +2257,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
6564 int err, total_len, len;
6565
6566 /* kernel mode address */
6567 @@ -95938,7 +95879,7 @@ index b2d7c62..04f19ea 100644
6568
6569 /* user mode address pointers */
6570 struct sockaddr __user *uaddr;
6571 -@@ -2219,7 +2281,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
6572 +@@ -2219,7 +2285,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
6573 * kernel msghdr to use the kernel address space)
6574 */
6575
6576 @@ -95947,7 +95888,7 @@ index b2d7c62..04f19ea 100644
6577 uaddr_len = COMPAT_NAMELEN(msg);
6578 if (MSG_CMSG_COMPAT & flags) {
6579 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
6580 -@@ -2974,7 +3036,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
6581 +@@ -2974,7 +3040,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
6582 old_fs = get_fs();
6583 set_fs(KERNEL_DS);
6584 err = dev_ioctl(net, cmd,
6585 @@ -95956,7 +95897,7 @@ index b2d7c62..04f19ea 100644
6586 set_fs(old_fs);
6587
6588 return err;
6589 -@@ -3083,7 +3145,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
6590 +@@ -3083,7 +3149,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
6591
6592 old_fs = get_fs();
6593 set_fs(KERNEL_DS);
6594 @@ -95965,7 +95906,7 @@ index b2d7c62..04f19ea 100644
6595 set_fs(old_fs);
6596
6597 if (cmd == SIOCGIFMAP && !err) {
6598 -@@ -3188,7 +3250,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
6599 +@@ -3188,7 +3254,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
6600 ret |= __get_user(rtdev, &(ur4->rt_dev));
6601 if (rtdev) {
6602 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
6603 @@ -95974,7 +95915,7 @@ index b2d7c62..04f19ea 100644
6604 devname[15] = 0;
6605 } else
6606 r4.rt_dev = NULL;
6607 -@@ -3414,8 +3476,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
6608 +@@ -3414,8 +3480,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
6609 int __user *uoptlen;
6610 int err;
6611
6612 @@ -95985,7 +95926,7 @@ index b2d7c62..04f19ea 100644
6613
6614 set_fs(KERNEL_DS);
6615 if (level == SOL_SOCKET)
6616 -@@ -3435,7 +3497,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
6617 +@@ -3435,7 +3501,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
6618 char __user *uoptval;
6619 int err;
6620
6621 @@ -101154,7 +101095,7 @@ index 0000000..698da67
6622 +}
6623 diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
6624 new file mode 100644
6625 -index 0000000..2ef6fd9
6626 +index 0000000..cd6c242
6627 --- /dev/null
6628 +++ b/tools/gcc/latent_entropy_plugin.c
6629 @@ -0,0 +1,321 @@
6630 @@ -101450,7 +101391,7 @@ index 0000000..2ef6fd9
6631 + TREE_THIS_VOLATILE(latent_entropy_decl) = 1;
6632 + DECL_EXTERNAL(latent_entropy_decl) = 1;
6633 + DECL_ARTIFICIAL(latent_entropy_decl) = 1;
6634 -+ DECL_INITIAL(latent_entropy_decl) = NULL;
6635 ++ DECL_INITIAL(latent_entropy_decl) = build_int_cstu(long_long_unsigned_type_node, get_random_const());
6636 + lang_hooks.decls.pushdecl(latent_entropy_decl);
6637 +// DECL_ASSEMBLER_NAME(latent_entropy_decl);
6638 +// varpool_finalize_decl(latent_entropy_decl);
6639
6640 diff --git a/3.11.1/4425_grsec_remove_EI_PAX.patch b/3.11.2/4425_grsec_remove_EI_PAX.patch
6641 similarity index 100%
6642 rename from 3.11.1/4425_grsec_remove_EI_PAX.patch
6643 rename to 3.11.2/4425_grsec_remove_EI_PAX.patch
6644
6645 diff --git a/3.11.1/4427_force_XATTR_PAX_tmpfs.patch b/3.11.2/4427_force_XATTR_PAX_tmpfs.patch
6646 similarity index 100%
6647 rename from 3.11.1/4427_force_XATTR_PAX_tmpfs.patch
6648 rename to 3.11.2/4427_force_XATTR_PAX_tmpfs.patch
6649
6650 diff --git a/3.11.1/4430_grsec-remove-localversion-grsec.patch b/3.11.2/4430_grsec-remove-localversion-grsec.patch
6651 similarity index 100%
6652 rename from 3.11.1/4430_grsec-remove-localversion-grsec.patch
6653 rename to 3.11.2/4430_grsec-remove-localversion-grsec.patch
6654
6655 diff --git a/3.11.1/4435_grsec-mute-warnings.patch b/3.11.2/4435_grsec-mute-warnings.patch
6656 similarity index 100%
6657 rename from 3.11.1/4435_grsec-mute-warnings.patch
6658 rename to 3.11.2/4435_grsec-mute-warnings.patch
6659
6660 diff --git a/3.11.1/4440_grsec-remove-protected-paths.patch b/3.11.2/4440_grsec-remove-protected-paths.patch
6661 similarity index 100%
6662 rename from 3.11.1/4440_grsec-remove-protected-paths.patch
6663 rename to 3.11.2/4440_grsec-remove-protected-paths.patch
6664
6665 diff --git a/3.11.1/4450_grsec-kconfig-default-gids.patch b/3.11.2/4450_grsec-kconfig-default-gids.patch
6666 similarity index 100%
6667 rename from 3.11.1/4450_grsec-kconfig-default-gids.patch
6668 rename to 3.11.2/4450_grsec-kconfig-default-gids.patch
6669
6670 diff --git a/3.11.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.11.2/4465_selinux-avc_audit-log-curr_ip.patch
6671 similarity index 100%
6672 rename from 3.11.1/4465_selinux-avc_audit-log-curr_ip.patch
6673 rename to 3.11.2/4465_selinux-avc_audit-log-curr_ip.patch
6674
6675 diff --git a/3.11.1/4470_disable-compat_vdso.patch b/3.11.2/4470_disable-compat_vdso.patch
6676 similarity index 100%
6677 rename from 3.11.1/4470_disable-compat_vdso.patch
6678 rename to 3.11.2/4470_disable-compat_vdso.patch
6679
6680 diff --git a/3.11.1/4475_emutramp_default_on.patch b/3.11.2/4475_emutramp_default_on.patch
6681 similarity index 100%
6682 rename from 3.11.1/4475_emutramp_default_on.patch
6683 rename to 3.11.2/4475_emutramp_default_on.patch
6684
6685 diff --git a/3.2.51/0000_README b/3.2.51/0000_README
6686 index cf0a0fe..e87b456 100644
6687 --- a/3.2.51/0000_README
6688 +++ b/3.2.51/0000_README
6689 @@ -122,7 +122,7 @@ Patch: 1050_linux-3.2.51.patch
6690 From: http://www.kernel.org
6691 Desc: Linux 3.2.51
6692
6693 -Patch: 4420_grsecurity-2.9.1-3.2.51-201309181906.patch
6694 +Patch: 4420_grsecurity-2.9.1-3.2.51-201309281102.patch
6695 From: http://www.grsecurity.net
6696 Desc: hardened-sources base patch from upstream grsecurity
6697
6698
6699 diff --git a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309181906.patch b/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309281102.patch
6700 similarity index 99%
6701 rename from 3.2.51/4420_grsecurity-2.9.1-3.2.51-201309181906.patch
6702 rename to 3.2.51/4420_grsecurity-2.9.1-3.2.51-201309281102.patch
6703 index 6cc3546..79a6bf4 100644
6704 --- a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309181906.patch
6705 +++ b/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309281102.patch
6706 @@ -30191,7 +30191,7 @@ index af00795..2bb8105 100644
6707 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */
6708 #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */
6709 diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c
6710 -index 58916af..eb9dbcf6 100644
6711 +index 58916af..9b538a6 100644
6712 --- a/block/blk-iopoll.c
6713 +++ b/block/blk-iopoll.c
6714 @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll)
6715 @@ -30199,7 +30199,7 @@ index 58916af..eb9dbcf6 100644
6716 EXPORT_SYMBOL(blk_iopoll_complete);
6717
6718 -static void blk_iopoll_softirq(struct softirq_action *h)
6719 -+static void blk_iopoll_softirq(void)
6720 ++static __latent_entropy void blk_iopoll_softirq(void)
6721 {
6722 struct list_head *list = &__get_cpu_var(blk_cpu_iopoll);
6723 int rearm = 0, budget = blk_iopoll_budget;
6724 @@ -30226,7 +30226,7 @@ index 623e1cd..ca1e109 100644
6725 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
6726 else
6727 diff --git a/block/blk-softirq.c b/block/blk-softirq.c
6728 -index 1366a89..dfb3871 100644
6729 +index 1366a89..88178fe 100644
6730 --- a/block/blk-softirq.c
6731 +++ b/block/blk-softirq.c
6732 @@ -17,7 +17,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done);
6733 @@ -30234,7 +30234,7 @@ index 1366a89..dfb3871 100644
6734 * while passing them to the queue registered handler.
6735 */
6736 -static void blk_done_softirq(struct softirq_action *h)
6737 -+static void blk_done_softirq(void)
6738 ++static __latent_entropy void blk_done_softirq(void)
6739 {
6740 struct list_head *cpu_list, local_list;
6741
6742 @@ -31889,19 +31889,18 @@ index e8d11b6..7b1b36f 100644
6743 }
6744 EXPORT_SYMBOL_GPL(unregister_syscore_ops);
6745 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
6746 -index d3446f6..12de1df 100644
6747 +index d3446f6..61ddf2c 100644
6748 --- a/drivers/block/cciss.c
6749 +++ b/drivers/block/cciss.c
6750 -@@ -1186,6 +1186,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
6751 +@@ -1186,6 +1186,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
6752 int err;
6753 u32 cp;
6754
6755 + memset(&arg64, 0, sizeof(arg64));
6756 -+
6757 err = 0;
6758 err |=
6759 copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
6760 -@@ -3007,7 +3009,7 @@ static void start_io(ctlr_info_t *h)
6761 +@@ -3007,7 +3008,7 @@ static void start_io(ctlr_info_t *h)
6762 while (!list_empty(&h->reqQ)) {
6763 c = list_entry(h->reqQ.next, CommandList_struct, list);
6764 /* can't do anything if fifo is full */
6765 @@ -31910,7 +31909,7 @@ index d3446f6..12de1df 100644
6766 dev_warn(&h->pdev->dev, "fifo full\n");
6767 break;
6768 }
6769 -@@ -3017,7 +3019,7 @@ static void start_io(ctlr_info_t *h)
6770 +@@ -3017,7 +3018,7 @@ static void start_io(ctlr_info_t *h)
6771 h->Qdepth--;
6772
6773 /* Tell the controller execute command */
6774 @@ -31919,7 +31918,7 @@ index d3446f6..12de1df 100644
6775
6776 /* Put job onto the completed Q */
6777 addQ(&h->cmpQ, c);
6778 -@@ -3443,17 +3445,17 @@ startio:
6779 +@@ -3443,17 +3444,17 @@ startio:
6780
6781 static inline unsigned long get_next_completion(ctlr_info_t *h)
6782 {
6783 @@ -31940,7 +31939,7 @@ index d3446f6..12de1df 100644
6784 (h->interrupts_enabled == 0));
6785 }
6786
6787 -@@ -3486,7 +3488,7 @@ static inline u32 next_command(ctlr_info_t *h)
6788 +@@ -3486,7 +3487,7 @@ static inline u32 next_command(ctlr_info_t *h)
6789 u32 a;
6790
6791 if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
6792 @@ -31949,7 +31948,7 @@ index d3446f6..12de1df 100644
6793
6794 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
6795 a = *(h->reply_pool_head); /* Next cmd in ring buffer */
6796 -@@ -4044,7 +4046,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h)
6797 +@@ -4044,7 +4045,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h)
6798 trans_support & CFGTBL_Trans_use_short_tags);
6799
6800 /* Change the access methods to the performant access methods */
6801 @@ -31958,7 +31957,7 @@ index d3446f6..12de1df 100644
6802 h->transMethod = CFGTBL_Trans_Performant;
6803
6804 return;
6805 -@@ -4316,7 +4318,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h)
6806 +@@ -4316,7 +4317,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h)
6807 if (prod_index < 0)
6808 return -ENODEV;
6809 h->product_name = products[prod_index].product_name;
6810 @@ -31967,7 +31966,7 @@ index d3446f6..12de1df 100644
6811
6812 if (cciss_board_disabled(h)) {
6813 dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
6814 -@@ -5041,7 +5043,7 @@ reinit_after_soft_reset:
6815 +@@ -5041,7 +5042,7 @@ reinit_after_soft_reset:
6816 }
6817
6818 /* make sure the board interrupts are off */
6819 @@ -31976,7 +31975,7 @@ index d3446f6..12de1df 100644
6820 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx);
6821 if (rc)
6822 goto clean2;
6823 -@@ -5093,7 +5095,7 @@ reinit_after_soft_reset:
6824 +@@ -5093,7 +5094,7 @@ reinit_after_soft_reset:
6825 * fake ones to scoop up any residual completions.
6826 */
6827 spin_lock_irqsave(&h->lock, flags);
6828 @@ -31985,7 +31984,7 @@ index d3446f6..12de1df 100644
6829 spin_unlock_irqrestore(&h->lock, flags);
6830 free_irq(h->intr[h->intr_mode], h);
6831 rc = cciss_request_irq(h, cciss_msix_discard_completions,
6832 -@@ -5113,9 +5115,9 @@ reinit_after_soft_reset:
6833 +@@ -5113,9 +5114,9 @@ reinit_after_soft_reset:
6834 dev_info(&h->pdev->dev, "Board READY.\n");
6835 dev_info(&h->pdev->dev,
6836 "Waiting for stale completions to drain.\n");
6837 @@ -31997,7 +31996,7 @@ index d3446f6..12de1df 100644
6838
6839 rc = controller_reset_failed(h->cfgtable);
6840 if (rc)
6841 -@@ -5138,7 +5140,7 @@ reinit_after_soft_reset:
6842 +@@ -5138,7 +5139,7 @@ reinit_after_soft_reset:
6843 cciss_scsi_setup(h);
6844
6845 /* Turn the interrupts on so we can service requests */
6846 @@ -32006,7 +32005,7 @@ index d3446f6..12de1df 100644
6847
6848 /* Get the firmware version */
6849 inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
6850 -@@ -5211,7 +5213,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
6851 +@@ -5211,7 +5212,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
6852 kfree(flush_buf);
6853 if (return_code != IO_OK)
6854 dev_warn(&h->pdev->dev, "Error flushing cache\n");
6855 @@ -49227,7 +49226,7 @@ index a6395bd..f1e376a 100644
6856 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
6857 #ifdef __alpha__
6858 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
6859 -index 8dd615c..0d06360 100644
6860 +index 8dd615c..65b7958 100644
6861 --- a/fs/binfmt_elf.c
6862 +++ b/fs/binfmt_elf.c
6863 @@ -32,6 +32,7 @@
6864 @@ -49381,7 +49380,26 @@ index 8dd615c..0d06360 100644
6865 error = -ENOMEM;
6866 goto out_close;
6867 }
6868 -@@ -528,6 +557,315 @@ out:
6869 +@@ -513,11 +542,13 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
6870 + elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
6871 +
6872 + /* Map the last of the bss segment */
6873 +- down_write(&current->mm->mmap_sem);
6874 +- error = do_brk(elf_bss, last_bss - elf_bss);
6875 +- up_write(&current->mm->mmap_sem);
6876 +- if (BAD_ADDR(error))
6877 +- goto out_close;
6878 ++ if (last_bss > elf_bss) {
6879 ++ down_write(&current->mm->mmap_sem);
6880 ++ error = do_brk(elf_bss, last_bss - elf_bss);
6881 ++ up_write(&current->mm->mmap_sem);
6882 ++ if (BAD_ADDR(error))
6883 ++ goto out_close;
6884 ++ }
6885 + }
6886 +
6887 + error = load_addr;
6888 +@@ -528,6 +559,315 @@ out:
6889 return error;
6890 }
6891
6892 @@ -49697,7 +49715,7 @@ index 8dd615c..0d06360 100644
6893 /*
6894 * These are the functions used to load ELF style executables and shared
6895 * libraries. There is no binary dependent code anywhere else.
6896 -@@ -544,6 +882,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
6897 +@@ -544,6 +884,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
6898 {
6899 unsigned int random_variable = 0;
6900
6901 @@ -49709,7 +49727,7 @@ index 8dd615c..0d06360 100644
6902 if ((current->flags & PF_RANDOMIZE) &&
6903 !(current->personality & ADDR_NO_RANDOMIZE)) {
6904 random_variable = get_random_int() & STACK_RND_MASK;
6905 -@@ -562,7 +905,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6906 +@@ -562,7 +907,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6907 unsigned long load_addr = 0, load_bias = 0;
6908 int load_addr_set = 0;
6909 char * elf_interpreter = NULL;
6910 @@ -49718,7 +49736,7 @@ index 8dd615c..0d06360 100644
6911 struct elf_phdr *elf_ppnt, *elf_phdata;
6912 unsigned long elf_bss, elf_brk;
6913 int retval, i;
6914 -@@ -572,11 +915,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6915 +@@ -572,11 +917,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6916 unsigned long start_code, end_code, start_data, end_data;
6917 unsigned long reloc_func_desc __maybe_unused = 0;
6918 int executable_stack = EXSTACK_DEFAULT;
6919 @@ -49731,7 +49749,7 @@ index 8dd615c..0d06360 100644
6920
6921 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
6922 if (!loc) {
6923 -@@ -713,11 +1056,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6924 +@@ -713,11 +1058,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6925
6926 /* OK, This is the point of no return */
6927 current->flags &= ~PF_FORKNOEXEC;
6928 @@ -49814,7 +49832,7 @@ index 8dd615c..0d06360 100644
6929 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
6930 current->personality |= READ_IMPLIES_EXEC;
6931
6932 -@@ -808,6 +1221,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6933 +@@ -808,6 +1223,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6934 #else
6935 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
6936 #endif
6937 @@ -49835,7 +49853,7 @@ index 8dd615c..0d06360 100644
6938 }
6939
6940 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
6941 -@@ -840,9 +1267,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6942 +@@ -840,9 +1269,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6943 * allowed task size. Note that p_filesz must always be
6944 * <= p_memsz so it is only necessary to check p_memsz.
6945 */
6946 @@ -49848,7 +49866,7 @@ index 8dd615c..0d06360 100644
6947 /* set_brk can never work. Avoid overflows. */
6948 send_sig(SIGKILL, current, 0);
6949 retval = -EINVAL;
6950 -@@ -881,17 +1308,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6951 +@@ -881,17 +1310,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
6952 goto out_free_dentry;
6953 }
6954 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
6955 @@ -49899,7 +49917,7 @@ index 8dd615c..0d06360 100644
6956 load_bias);
6957 if (!IS_ERR((void *)elf_entry)) {
6958 /*
6959 -@@ -1098,7 +1552,7 @@ out:
6960 +@@ -1098,7 +1554,7 @@ out:
6961 * Decide what to dump of a segment, part, all or none.
6962 */
6963 static unsigned long vma_dump_size(struct vm_area_struct *vma,
6964 @@ -49908,7 +49926,7 @@ index 8dd615c..0d06360 100644
6965 {
6966 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
6967
6968 -@@ -1132,7 +1586,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
6969 +@@ -1132,7 +1588,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
6970 if (vma->vm_file == NULL)
6971 return 0;
6972
6973 @@ -49917,7 +49935,7 @@ index 8dd615c..0d06360 100644
6974 goto whole;
6975
6976 /*
6977 -@@ -1354,9 +1808,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
6978 +@@ -1354,9 +1810,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
6979 {
6980 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
6981 int i = 0;
6982 @@ -49929,7 +49947,7 @@ index 8dd615c..0d06360 100644
6983 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
6984 }
6985
6986 -@@ -1851,14 +2305,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
6987 +@@ -1851,14 +2307,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
6988 }
6989
6990 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
6991 @@ -49946,7 +49964,7 @@ index 8dd615c..0d06360 100644
6992 return size;
6993 }
6994
6995 -@@ -1952,7 +2406,7 @@ static int elf_core_dump(struct coredump_params *cprm)
6996 +@@ -1952,7 +2408,7 @@ static int elf_core_dump(struct coredump_params *cprm)
6997
6998 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
6999
7000 @@ -49955,7 +49973,7 @@ index 8dd615c..0d06360 100644
7001 offset += elf_core_extra_data_size();
7002 e_shoff = offset;
7003
7004 -@@ -1966,10 +2420,12 @@ static int elf_core_dump(struct coredump_params *cprm)
7005 +@@ -1966,10 +2422,12 @@ static int elf_core_dump(struct coredump_params *cprm)
7006 offset = dataoff;
7007
7008 size += sizeof(*elf);
7009 @@ -49968,7 +49986,7 @@ index 8dd615c..0d06360 100644
7010 if (size > cprm->limit
7011 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
7012 goto end_coredump;
7013 -@@ -1983,7 +2439,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7014 +@@ -1983,7 +2441,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7015 phdr.p_offset = offset;
7016 phdr.p_vaddr = vma->vm_start;
7017 phdr.p_paddr = 0;
7018 @@ -49977,7 +49995,7 @@ index 8dd615c..0d06360 100644
7019 phdr.p_memsz = vma->vm_end - vma->vm_start;
7020 offset += phdr.p_filesz;
7021 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
7022 -@@ -1994,6 +2450,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7023 +@@ -1994,6 +2452,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7024 phdr.p_align = ELF_EXEC_PAGESIZE;
7025
7026 size += sizeof(phdr);
7027 @@ -49985,7 +50003,7 @@ index 8dd615c..0d06360 100644
7028 if (size > cprm->limit
7029 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
7030 goto end_coredump;
7031 -@@ -2018,7 +2475,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7032 +@@ -2018,7 +2477,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7033 unsigned long addr;
7034 unsigned long end;
7035
7036 @@ -49994,7 +50012,7 @@ index 8dd615c..0d06360 100644
7037
7038 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
7039 struct page *page;
7040 -@@ -2027,6 +2484,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7041 +@@ -2027,6 +2486,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7042 page = get_dump_page(addr);
7043 if (page) {
7044 void *kaddr = kmap(page);
7045 @@ -50002,7 +50020,7 @@ index 8dd615c..0d06360 100644
7046 stop = ((size += PAGE_SIZE) > cprm->limit) ||
7047 !dump_write(cprm->file, kaddr,
7048 PAGE_SIZE);
7049 -@@ -2044,6 +2502,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7050 +@@ -2044,6 +2504,7 @@ static int elf_core_dump(struct coredump_params *cprm)
7051
7052 if (e_phnum == PN_XNUM) {
7053 size += sizeof(*shdr4extnum);
7054 @@ -50010,7 +50028,7 @@ index 8dd615c..0d06360 100644
7055 if (size > cprm->limit
7056 || !dump_write(cprm->file, shdr4extnum,
7057 sizeof(*shdr4extnum)))
7058 -@@ -2064,6 +2523,167 @@ out:
7059 +@@ -2064,6 +2525,167 @@ out:
7060
7061 #endif /* CONFIG_ELF_CORE */
7062
7063 @@ -65286,10 +65304,10 @@ index 0000000..b20f6e9
7064 +}
7065 diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
7066 new file mode 100644
7067 -index 0000000..db7cc23
7068 +index 0000000..35f8064
7069 --- /dev/null
7070 +++ b/grsecurity/gracl_ip.c
7071 -@@ -0,0 +1,387 @@
7072 +@@ -0,0 +1,386 @@
7073 +#include <linux/kernel.h>
7074 +#include <asm/uaccess.h>
7075 +#include <asm/errno.h>
7076 @@ -65381,6 +65399,8 @@ index 0000000..db7cc23
7077 + return gr_sockfamilies[family];
7078 +}
7079 +
7080 ++extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
7081 ++
7082 +int
7083 +gr_search_socket(const int domain, const int type, const int protocol)
7084 +{
7085 @@ -65460,10 +65480,7 @@ index 0000000..db7cc23
7086 + if (domain == PF_INET)
7087 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain),
7088 + gr_socktype_to_name(type), gr_proto_to_name(protocol));
7089 -+ else
7090 -+#ifndef CONFIG_IPV6
7091 -+ if (domain != PF_INET6)
7092 -+#endif
7093 ++ else if (rcu_access_pointer(net_families[domain]) != NULL)
7094 + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain),
7095 + gr_socktype_to_name(type), protocol);
7096 +
7097 @@ -71192,7 +71209,7 @@ index 82924bf..1aa58e7 100644
7098 int trace_set_clr_event(const char *system, const char *event, int set);
7099
7100 diff --git a/include/linux/genhd.h b/include/linux/genhd.h
7101 -index 4eec461..84c73cf 100644
7102 +index 4eec461..4ff5db5 100644
7103 --- a/include/linux/genhd.h
7104 +++ b/include/linux/genhd.h
7105 @@ -185,7 +185,7 @@ struct gendisk {
7106 @@ -71204,6 +71221,15 @@ index 4eec461..84c73cf 100644
7107 struct disk_events *ev;
7108 #ifdef CONFIG_BLK_DEV_INTEGRITY
7109 struct blk_integrity *integrity;
7110 +@@ -420,7 +420,7 @@ extern void disk_flush_events(struct gendisk *disk, unsigned int mask);
7111 + extern unsigned int disk_clear_events(struct gendisk *disk, unsigned int mask);
7112 +
7113 + /* drivers/char/random.c */
7114 +-extern void add_disk_randomness(struct gendisk *disk);
7115 ++extern void add_disk_randomness(struct gendisk *disk) __latent_entropy;
7116 + extern void rand_initialize_disk(struct gendisk *disk);
7117 +
7118 + static inline sector_t get_start_sect(struct block_device *bdev)
7119 diff --git a/include/linux/gfp.h b/include/linux/gfp.h
7120 index 3a76faf..c0592c7 100644
7121 --- a/include/linux/gfp.h
7122 @@ -74058,10 +74084,10 @@ index 800f113..12c82ec 100644
7123 }
7124
7125 diff --git a/include/linux/random.h b/include/linux/random.h
7126 -index 29e217a..a2b27bc 100644
7127 +index 29e217a..a76bcd0 100644
7128 --- a/include/linux/random.h
7129 +++ b/include/linux/random.h
7130 -@@ -51,6 +51,16 @@ struct rnd_state {
7131 +@@ -51,9 +51,19 @@ struct rnd_state {
7132 extern void rand_initialize_irq(int irq);
7133
7134 extern void add_device_randomness(const void *, unsigned int);
7135 @@ -74076,8 +74102,13 @@ index 29e217a..a2b27bc 100644
7136 +}
7137 +
7138 extern void add_input_randomness(unsigned int type, unsigned int code,
7139 - unsigned int value);
7140 - extern void add_interrupt_randomness(int irq, int irq_flags);
7141 +- unsigned int value);
7142 +-extern void add_interrupt_randomness(int irq, int irq_flags);
7143 ++ unsigned int value) __latent_entropy;
7144 ++extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy;
7145 +
7146 + extern void get_random_bytes(void *buf, int nbytes);
7147 + extern void get_random_bytes_arch(void *buf, int nbytes);
7148 @@ -71,12 +81,17 @@ void srandom32(u32 seed);
7149
7150 u32 prandom32(struct rnd_state *);
7151 @@ -78651,7 +78682,7 @@ index 9b22d03..6295b62 100644
7152 prev->next = info->next;
7153 else
7154 diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
7155 -index 60f7e32..76ccd96 100644
7156 +index 60f7e32..d703ad4 100644
7157 --- a/kernel/hrtimer.c
7158 +++ b/kernel/hrtimer.c
7159 @@ -1414,7 +1414,7 @@ void hrtimer_peek_ahead_timers(void)
7160 @@ -78659,7 +78690,7 @@ index 60f7e32..76ccd96 100644
7161 }
7162
7163 -static void run_hrtimer_softirq(struct softirq_action *h)
7164 -+static void run_hrtimer_softirq(void)
7165 ++static __latent_entropy void run_hrtimer_softirq(void)
7166 {
7167 struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases);
7168
7169 @@ -80654,7 +80685,7 @@ index 67fedad..32d32a04 100644
7170 }
7171
7172 diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c
7173 -index 636af6d..8af70ab 100644
7174 +index 636af6d..90b936f 100644
7175 --- a/kernel/rcutiny.c
7176 +++ b/kernel/rcutiny.c
7177 @@ -46,7 +46,7 @@
7178 @@ -80671,7 +80702,7 @@ index 636af6d..8af70ab 100644
7179 }
7180
7181 -static void rcu_process_callbacks(struct softirq_action *unused)
7182 -+static void rcu_process_callbacks(void)
7183 ++static __latent_entropy void rcu_process_callbacks(void)
7184 {
7185 __rcu_process_callbacks(&rcu_sched_ctrlblk);
7186 __rcu_process_callbacks(&rcu_bh_ctrlblk);
7187 @@ -80853,7 +80884,7 @@ index 764825c..3aa6ac4 100644
7188 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
7189 per_cpu(rcu_torture_count, cpu)[i] = 0;
7190 diff --git a/kernel/rcutree.c b/kernel/rcutree.c
7191 -index 1aa52af..f2b89e8 100644
7192 +index 1aa52af..d2875ad 100644
7193 --- a/kernel/rcutree.c
7194 +++ b/kernel/rcutree.c
7195 @@ -369,9 +369,9 @@ void rcu_enter_nohz(void)
7196 @@ -80934,7 +80965,7 @@ index 1aa52af..f2b89e8 100644
7197 * Do RCU core processing for the current CPU.
7198 */
7199 -static void rcu_process_callbacks(struct softirq_action *unused)
7200 -+static void rcu_process_callbacks(void)
7201 ++static __latent_entropy void rcu_process_callbacks(void)
7202 {
7203 trace_rcu_utilization("Start RCU core");
7204 __rcu_process_callbacks(&rcu_sched_state,
7205 @@ -81369,7 +81400,7 @@ index f280df1..da1281d 100644
7206 #ifdef CONFIG_RT_GROUP_SCHED
7207 /*
7208 diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c
7209 -index 59474c5..490e67f 100644
7210 +index 59474c5..efcae8d 100644
7211 --- a/kernel/sched_fair.c
7212 +++ b/kernel/sched_fair.c
7213 @@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
7214 @@ -81377,7 +81408,7 @@ index 59474c5..490e67f 100644
7215 * Also triggered for nohz idle balancing (with nohz_balancing_kick set).
7216 */
7217 -static void run_rebalance_domains(struct softirq_action *h)
7218 -+static void run_rebalance_domains(void)
7219 ++static __latent_entropy void run_rebalance_domains(void)
7220 {
7221 int this_cpu = smp_processor_id();
7222 struct rq *this_rq = cpu_rq(this_cpu);
7223 @@ -81549,7 +81580,7 @@ index 9e800b2..1533ba5 100644
7224 raw_spin_unlock_irq(&call_function.lock);
7225 }
7226 diff --git a/kernel/softirq.c b/kernel/softirq.c
7227 -index 2c71d91..f6c64a4 100644
7228 +index 2c71d91..6b690a4 100644
7229 --- a/kernel/softirq.c
7230 +++ b/kernel/softirq.c
7231 @@ -52,11 +52,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
7232 @@ -81589,7 +81620,7 @@ index 2c71d91..f6c64a4 100644
7233 EXPORT_SYMBOL(__tasklet_hi_schedule_first);
7234
7235 -static void tasklet_action(struct softirq_action *a)
7236 -+static void tasklet_action(void)
7237 ++static __latent_entropy void tasklet_action(void)
7238 {
7239 struct tasklet_struct *list;
7240
7241 @@ -81598,7 +81629,7 @@ index 2c71d91..f6c64a4 100644
7242 }
7243
7244 -static void tasklet_hi_action(struct softirq_action *a)
7245 -+static void tasklet_hi_action(void)
7246 ++static __latent_entropy void tasklet_hi_action(void)
7247 {
7248 struct tasklet_struct *list;
7249
7250 @@ -82468,7 +82499,7 @@ index 0b537f2..40d6c20 100644
7251 return -ENOMEM;
7252 return 0;
7253 diff --git a/kernel/timer.c b/kernel/timer.c
7254 -index f8b05a4..9769e5b 100644
7255 +index f8b05a4..ece06b3 100644
7256 --- a/kernel/timer.c
7257 +++ b/kernel/timer.c
7258 @@ -1308,7 +1308,7 @@ void update_process_times(int user_tick)
7259 @@ -82476,7 +82507,7 @@ index f8b05a4..9769e5b 100644
7260 * This function runs timers and the timer-tq in bottom half context.
7261 */
7262 -static void run_timer_softirq(struct softirq_action *h)
7263 -+static void run_timer_softirq(void)
7264 ++static __latent_entropy void run_timer_softirq(void)
7265 {
7266 struct tvec_base *base = __this_cpu_read(tvec_bases);
7267
7268 @@ -85175,7 +85206,7 @@ index 09d6a9d..c514c22 100644
7269 err = -EPERM;
7270 goto out;
7271 diff --git a/mm/mlock.c b/mm/mlock.c
7272 -index 4f4f53b..02d443a 100644
7273 +index 4f4f53b..dbc8aec 100644
7274 --- a/mm/mlock.c
7275 +++ b/mm/mlock.c
7276 @@ -13,6 +13,7 @@
7277 @@ -85225,7 +85256,7 @@ index 4f4f53b..02d443a 100644
7278 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
7279 error = do_mlock(start, len, 1);
7280 up_write(&current->mm->mmap_sem);
7281 -@@ -523,17 +533,22 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
7282 +@@ -523,23 +533,29 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
7283 static int do_mlockall(int flags)
7284 {
7285 struct vm_area_struct * vma, * prev = NULL;
7286 @@ -85251,7 +85282,14 @@ index 4f4f53b..02d443a 100644
7287 newflags = vma->vm_flags | VM_LOCKED;
7288 if (!(flags & MCL_CURRENT))
7289 newflags &= ~VM_LOCKED;
7290 -@@ -566,6 +581,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
7291 +
7292 + /* Ignore errors */
7293 + mlock_fixup(vma, &prev, vma->vm_start, vma->vm_end, newflags);
7294 ++ cond_resched();
7295 + }
7296 + out:
7297 + return 0;
7298 +@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
7299 lock_limit >>= PAGE_SHIFT;
7300
7301 ret = -ENOMEM;
7302 @@ -89880,7 +89918,7 @@ index 68bbf9f..5ef0d12 100644
7303
7304 return err;
7305 diff --git a/net/core/dev.c b/net/core/dev.c
7306 -index 8e455b8..0e05f5f 100644
7307 +index 8e455b8..4ebd90f 100644
7308 --- a/net/core/dev.c
7309 +++ b/net/core/dev.c
7310 @@ -1142,10 +1142,14 @@ void dev_load(struct net *net, const char *name)
7311 @@ -89939,7 +89977,7 @@ index 8e455b8..0e05f5f 100644
7312 EXPORT_SYMBOL(netif_rx_ni);
7313
7314 -static void net_tx_action(struct softirq_action *h)
7315 -+static void net_tx_action(void)
7316 ++static __latent_entropy void net_tx_action(void)
7317 {
7318 struct softnet_data *sd = &__get_cpu_var(softnet_data);
7319
7320 @@ -89957,7 +89995,7 @@ index 8e455b8..0e05f5f 100644
7321 EXPORT_SYMBOL(netif_napi_del);
7322
7323 -static void net_rx_action(struct softirq_action *h)
7324 -+static void net_rx_action(void)
7325 ++static __latent_entropy void net_rx_action(void)
7326 {
7327 struct softnet_data *sd = &__get_cpu_var(softnet_data);
7328 unsigned long time_limit = jiffies + 2;
7329 @@ -92001,7 +92039,7 @@ index 1567fb1..29af910 100644
7330 dst = NULL;
7331 }
7332 diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
7333 -index db60043..33181b7 100644
7334 +index db60043..7f8a2c1 100644
7335 --- a/net/ipv6/ip6_output.c
7336 +++ b/net/ipv6/ip6_output.c
7337 @@ -600,8 +600,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
7338 @@ -92033,6 +92071,92 @@ index db60043..33181b7 100644
7339 }
7340
7341 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
7342 +@@ -1125,6 +1122,8 @@ static inline int ip6_ufo_append_data(struct sock *sk,
7343 + * udp datagram
7344 + */
7345 + if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) {
7346 ++ struct frag_hdr fhdr;
7347 ++
7348 + skb = sock_alloc_send_skb(sk,
7349 + hh_len + fragheaderlen + transhdrlen + 20,
7350 + (flags & MSG_DONTWAIT), &err);
7351 +@@ -1145,12 +1144,6 @@ static inline int ip6_ufo_append_data(struct sock *sk,
7352 +
7353 + skb->ip_summed = CHECKSUM_PARTIAL;
7354 + skb->csum = 0;
7355 +- }
7356 +-
7357 +- err = skb_append_datato_frags(sk,skb, getfrag, from,
7358 +- (length - transhdrlen));
7359 +- if (!err) {
7360 +- struct frag_hdr fhdr;
7361 +
7362 + /* Specify the length of each IPv6 datagram fragment.
7363 + * It has to be a multiple of 8.
7364 +@@ -1161,15 +1154,10 @@ static inline int ip6_ufo_append_data(struct sock *sk,
7365 + ipv6_select_ident(&fhdr, rt);
7366 + skb_shinfo(skb)->ip6_frag_id = fhdr.identification;
7367 + __skb_queue_tail(&sk->sk_write_queue, skb);
7368 +-
7369 +- return 0;
7370 + }
7371 +- /* There is not enough support do UPD LSO,
7372 +- * so follow normal path
7373 +- */
7374 +- kfree_skb(skb);
7375 +
7376 +- return err;
7377 ++ return skb_append_datato_frags(sk, skb, getfrag, from,
7378 ++ (length - transhdrlen));
7379 + }
7380 +
7381 + static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src,
7382 +@@ -1342,27 +1330,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
7383 + * --yoshfuji
7384 + */
7385 +
7386 ++ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP ||
7387 ++ sk->sk_protocol == IPPROTO_RAW)) {
7388 ++ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
7389 ++ return -EMSGSIZE;
7390 ++ }
7391 ++
7392 ++ skb = skb_peek_tail(&sk->sk_write_queue);
7393 + cork->length += length;
7394 +- if (length > mtu) {
7395 +- int proto = sk->sk_protocol;
7396 +- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){
7397 +- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen);
7398 +- return -EMSGSIZE;
7399 +- }
7400 +-
7401 +- if (proto == IPPROTO_UDP &&
7402 +- (rt->dst.dev->features & NETIF_F_UFO)) {
7403 +-
7404 +- err = ip6_ufo_append_data(sk, getfrag, from, length,
7405 +- hh_len, fragheaderlen,
7406 +- transhdrlen, mtu, flags, rt);
7407 +- if (err)
7408 +- goto error;
7409 +- return 0;
7410 +- }
7411 ++ if (((length > mtu) ||
7412 ++ (skb && skb_is_gso(skb))) &&
7413 ++ (sk->sk_protocol == IPPROTO_UDP) &&
7414 ++ (rt->dst.dev->features & NETIF_F_UFO)) {
7415 ++ err = ip6_ufo_append_data(sk, getfrag, from, length,
7416 ++ hh_len, fragheaderlen,
7417 ++ transhdrlen, mtu, flags, rt);
7418 ++ if (err)
7419 ++ goto error;
7420 ++ return 0;
7421 + }
7422 +
7423 +- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL)
7424 ++ if (!skb)
7425 + goto alloc_new_skb;
7426 +
7427 + while (length > 0) {
7428 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
7429 index b204df8..8f274f4 100644
7430 --- a/net/ipv6/ipv6_sockglue.c
7431 @@ -94607,7 +94731,7 @@ index 8da4481..d02565e 100644
7432 + (rtt >> sctp_rto_alpha);
7433 } else {
7434 diff --git a/net/socket.c b/net/socket.c
7435 -index cf546a3..f7c6c75 100644
7436 +index cf546a3..a9b550f 100644
7437 --- a/net/socket.c
7438 +++ b/net/socket.c
7439 @@ -88,6 +88,7 @@
7440 @@ -94627,6 +94751,15 @@ index cf546a3..f7c6c75 100644
7441 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
7442 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
7443 unsigned long nr_segs, loff_t pos);
7444 +@@ -156,7 +159,7 @@ static const struct file_operations socket_file_ops = {
7445 + */
7446 +
7447 + static DEFINE_SPINLOCK(net_family_lock);
7448 +-static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
7449 ++const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
7450 +
7451 + /*
7452 + * Statistics counters of the socket lists
7453 @@ -321,7 +324,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type,
7454 &sockfs_dentry_operations, SOCKFS_MAGIC);
7455 }
7456 @@ -94645,24 +94778,28 @@ index cf546a3..f7c6c75 100644
7457
7458 /* Compatibility.
7459
7460 -@@ -1319,6 +1324,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
7461 - if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
7462 - flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
7463 +@@ -1207,6 +1212,20 @@ int __sock_create(struct net *net, int family, int type, int protocol,
7464 + if (err)
7465 + return err;
7466
7467 -+ if(!gr_search_socket(family, type, protocol)) {
7468 -+ retval = -EACCES;
7469 -+ goto out;
7470 ++ if(!kern && !gr_search_socket(family, type, protocol)) {
7471 ++ if (rcu_access_pointer(net_families[family]) == NULL)
7472 ++ return -EAFNOSUPPORT;
7473 ++ else
7474 ++ return -EACCES;
7475 + }
7476 +
7477 -+ if (gr_handle_sock_all(family, type, protocol)) {
7478 -+ retval = -EACCES;
7479 -+ goto out;
7480 ++ if (!kern && gr_handle_sock_all(family, type, protocol)) {
7481 ++ if (rcu_access_pointer(net_families[family]) == NULL)
7482 ++ return -EAFNOSUPPORT;
7483 ++ else
7484 ++ return -EACCES;
7485 + }
7486 +
7487 - retval = sock_create(family, type, protocol, &sock);
7488 - if (retval < 0)
7489 - goto out;
7490 -@@ -1431,6 +1446,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
7491 + /*
7492 + * Allocate the socket and allow the family to set things up. if
7493 + * the protocol is 0, the family is instructed to select an appropriate
7494 +@@ -1431,6 +1450,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
7495 if (sock) {
7496 err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
7497 if (err >= 0) {
7498 @@ -94677,7 +94814,7 @@ index cf546a3..f7c6c75 100644
7499 err = security_socket_bind(sock,
7500 (struct sockaddr *)&address,
7501 addrlen);
7502 -@@ -1439,6 +1462,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
7503 +@@ -1439,6 +1466,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
7504 (struct sockaddr *)
7505 &address, addrlen);
7506 }
7507 @@ -94685,7 +94822,7 @@ index cf546a3..f7c6c75 100644
7508 fput_light(sock->file, fput_needed);
7509 }
7510 return err;
7511 -@@ -1462,10 +1486,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
7512 +@@ -1462,10 +1490,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
7513 if ((unsigned)backlog > somaxconn)
7514 backlog = somaxconn;
7515
7516 @@ -94706,7 +94843,7 @@ index cf546a3..f7c6c75 100644
7517 fput_light(sock->file, fput_needed);
7518 }
7519 return err;
7520 -@@ -1509,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
7521 +@@ -1509,6 +1547,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
7522 newsock->type = sock->type;
7523 newsock->ops = sock->ops;
7524
7525 @@ -94725,7 +94862,7 @@ index cf546a3..f7c6c75 100644
7526 /*
7527 * We don't need try_module_get here, as the listening socket (sock)
7528 * has the protocol module (sock->ops->owner) held.
7529 -@@ -1547,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
7530 +@@ -1547,6 +1597,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
7531 fd_install(newfd, newfile);
7532 err = newfd;
7533
7534 @@ -94734,7 +94871,7 @@ index cf546a3..f7c6c75 100644
7535 out_put:
7536 fput_light(sock->file, fput_needed);
7537 out:
7538 -@@ -1579,6 +1627,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
7539 +@@ -1579,6 +1631,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
7540 int, addrlen)
7541 {
7542 struct socket *sock;
7543 @@ -94742,7 +94879,7 @@ index cf546a3..f7c6c75 100644
7544 struct sockaddr_storage address;
7545 int err, fput_needed;
7546
7547 -@@ -1589,6 +1638,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
7548 +@@ -1589,6 +1642,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
7549 if (err < 0)
7550 goto out_put;
7551
7552 @@ -94760,7 +94897,7 @@ index cf546a3..f7c6c75 100644
7553 err =
7554 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
7555 if (err)
7556 -@@ -1670,6 +1730,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
7557 +@@ -1670,6 +1734,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
7558 * the protocol.
7559 */
7560
7561 @@ -94769,7 +94906,7 @@ index cf546a3..f7c6c75 100644
7562 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
7563 unsigned, flags, struct sockaddr __user *, addr,
7564 int, addr_len)
7565 -@@ -1736,7 +1798,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
7566 +@@ -1736,7 +1802,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
7567 struct socket *sock;
7568 struct iovec iov;
7569 struct msghdr msg;
7570 @@ -94778,7 +94915,7 @@ index cf546a3..f7c6c75 100644
7571 int err, err2;
7572 int fput_needed;
7573
7574 -@@ -1950,7 +2012,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
7575 +@@ -1950,7 +2016,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
7576 * checking falls down on this.
7577 */
7578 if (copy_from_user(ctl_buf,
7579 @@ -94787,7 +94924,7 @@ index cf546a3..f7c6c75 100644
7580 ctl_len))
7581 goto out_freectl;
7582 msg_sys->msg_control = ctl_buf;
7583 -@@ -2101,7 +2163,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
7584 +@@ -2101,7 +2167,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
7585 int err, iov_size, total_len, len;
7586
7587 /* kernel mode address */
7588 @@ -94796,7 +94933,7 @@ index cf546a3..f7c6c75 100644
7589
7590 /* user mode address pointers */
7591 struct sockaddr __user *uaddr;
7592 -@@ -2131,7 +2193,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
7593 +@@ -2131,7 +2197,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
7594 * kernel msghdr to use the kernel address space)
7595 */
7596
7597 @@ -94805,7 +94942,7 @@ index cf546a3..f7c6c75 100644
7598 uaddr_len = COMPAT_NAMELEN(msg);
7599 if (MSG_CMSG_COMPAT & flags) {
7600 err = verify_compat_iovec(msg_sys, iov,
7601 -@@ -2772,7 +2834,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
7602 +@@ -2772,7 +2838,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
7603 }
7604
7605 ifr = compat_alloc_user_space(buf_size);
7606 @@ -94814,7 +94951,7 @@ index cf546a3..f7c6c75 100644
7607
7608 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
7609 return -EFAULT;
7610 -@@ -2796,12 +2858,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
7611 +@@ -2796,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
7612 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
7613
7614 if (copy_in_user(rxnfc, compat_rxnfc,
7615 @@ -94831,7 +94968,7 @@ index cf546a3..f7c6c75 100644
7616 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
7617 sizeof(rxnfc->rule_cnt)))
7618 return -EFAULT;
7619 -@@ -2813,12 +2875,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
7620 +@@ -2813,12 +2879,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
7621
7622 if (convert_out) {
7623 if (copy_in_user(compat_rxnfc, rxnfc,
7624 @@ -94848,7 +94985,7 @@ index cf546a3..f7c6c75 100644
7625 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
7626 sizeof(rxnfc->rule_cnt)))
7627 return -EFAULT;
7628 -@@ -2888,7 +2950,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
7629 +@@ -2888,7 +2954,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
7630 old_fs = get_fs();
7631 set_fs(KERNEL_DS);
7632 err = dev_ioctl(net, cmd,
7633 @@ -94857,7 +94994,7 @@ index cf546a3..f7c6c75 100644
7634 set_fs(old_fs);
7635
7636 return err;
7637 -@@ -2997,7 +3059,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
7638 +@@ -2997,7 +3063,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
7639
7640 old_fs = get_fs();
7641 set_fs(KERNEL_DS);
7642 @@ -94866,7 +95003,7 @@ index cf546a3..f7c6c75 100644
7643 set_fs(old_fs);
7644
7645 if (cmd == SIOCGIFMAP && !err) {
7646 -@@ -3102,7 +3164,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
7647 +@@ -3102,7 +3168,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
7648 ret |= __get_user(rtdev, &(ur4->rt_dev));
7649 if (rtdev) {
7650 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
7651 @@ -94875,7 +95012,7 @@ index cf546a3..f7c6c75 100644
7652 devname[15] = 0;
7653 } else
7654 r4.rt_dev = NULL;
7655 -@@ -3342,8 +3404,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
7656 +@@ -3342,8 +3408,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
7657 int __user *uoptlen;
7658 int err;
7659
7660 @@ -94886,7 +95023,7 @@ index cf546a3..f7c6c75 100644
7661
7662 set_fs(KERNEL_DS);
7663 if (level == SOL_SOCKET)
7664 -@@ -3363,7 +3425,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
7665 +@@ -3363,7 +3429,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
7666 char __user *uoptval;
7667 int err;
7668
7669 @@ -101206,7 +101343,7 @@ index 0000000..698da67
7670 +}
7671 diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
7672 new file mode 100644
7673 -index 0000000..2ef6fd9
7674 +index 0000000..cd6c242
7675 --- /dev/null
7676 +++ b/tools/gcc/latent_entropy_plugin.c
7677 @@ -0,0 +1,321 @@
7678 @@ -101502,7 +101639,7 @@ index 0000000..2ef6fd9
7679 + TREE_THIS_VOLATILE(latent_entropy_decl) = 1;
7680 + DECL_EXTERNAL(latent_entropy_decl) = 1;
7681 + DECL_ARTIFICIAL(latent_entropy_decl) = 1;
7682 -+ DECL_INITIAL(latent_entropy_decl) = NULL;
7683 ++ DECL_INITIAL(latent_entropy_decl) = build_int_cstu(long_long_unsigned_type_node, get_random_const());
7684 + lang_hooks.decls.pushdecl(latent_entropy_decl);
7685 +// DECL_ASSEMBLER_NAME(latent_entropy_decl);
7686 +// varpool_finalize_decl(latent_entropy_decl);
Report Message
Find on MARC Find on Google Groups