diff options
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch) | 88 | ||||
| -rw-r--r-- | 2.6.32/4440_grsec-remove-protected-paths.patch | 2 | ||||
| -rw-r--r-- | 2.6.32/4450_grsec-kconfig-default-gids.patch | 12 | ||||
| -rw-r--r-- | 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 3.11.2/0000_README (renamed from 3.11.1/0000_README) | 6 | ||||
| -rw-r--r-- | 3.11.2/1001_linux-3.11.2.patch | 4419 | ||||
| -rw-r--r-- | 3.11.2/4420_grsecurity-2.9.1-3.11.2-201309281103.patch (renamed from 3.11.1/4420_grsecurity-2.9.1-3.11.1-201309221838.patch) | 757 | ||||
| -rw-r--r-- | 3.11.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.11.1/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.11.1/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.11.1/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4435_grsec-mute-warnings.patch (renamed from 3.11.1/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4440_grsec-remove-protected-paths.patch (renamed from 3.11.1/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.11.1/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.11.1/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4470_disable-compat_vdso.patch (renamed from 3.11.1/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.11.2/4475_emutramp_default_on.patch (renamed from 3.11.1/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.51/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.51/4420_grsecurity-2.9.1-3.2.51-201309281102.patch (renamed from 3.2.51/4420_grsecurity-2.9.1-3.2.51-201309181906.patch) | 347 |
19 files changed, 5079 insertions, 558 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index c481225..381f8d3 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch From: http://www.kernel.org Desc: Linux 2.6.32.61 -Patch: 4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch index 41ba8b2..80f4104 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309052115.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201309281101.patch @@ -45625,7 +45625,7 @@ index 3beb26d..6ce9c4a 100644 INIT_LIST_HEAD(&rdev->fence_drv.emited); INIT_LIST_HEAD(&rdev->fence_drv.signaled); diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c -index a1bf11d..4a123c0 100644 +index a1bf11de..4a123c0 100644 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c +++ b/drivers/gpu/drm/radeon/radeon_ioc32.c @@ -368,7 +368,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd, @@ -91904,10 +91904,10 @@ index 0000000..5a3ac97 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..b6b5239 +index 0000000..462a28e --- /dev/null +++ b/grsecurity/gracl_ip.c -@@ -0,0 +1,388 @@ +@@ -0,0 +1,387 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -92000,6 +92000,8 @@ index 0000000..b6b5239 + return gr_sockfamilies[family]; +} + ++extern const struct net_proto_family *net_families[NPROTO] __read_mostly; ++ +int +gr_search_socket(const int domain, const int type, const int protocol) +{ @@ -92079,10 +92081,7 @@ index 0000000..b6b5239 + if (domain == PF_INET) + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), gr_proto_to_name(protocol)); -+ else -+#ifndef CONFIG_IPV6 -+ if (domain != PF_INET6) -+#endif ++ else if (net_families[domain] != NULL) + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), protocol); + @@ -95482,7 +95481,7 @@ index 0000000..7512ea9 +} diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c new file mode 100644 -index 0000000..5a6d4bc +index 0000000..5a6d4bc1 --- /dev/null +++ b/grsecurity/grsec_sysctl.c @@ -0,0 +1,527 @@ @@ -111522,7 +111521,7 @@ index aaca868..2ebecdc 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index 2d846cf..ca1e492 100644 +index 2d846cf..1183f13 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -111625,7 +111624,15 @@ index 2d846cf..ca1e492 100644 newflags = vma->vm_flags | VM_LOCKED; if (!(flags & MCL_CURRENT)) -@@ -570,6 +572,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) +@@ -545,6 +547,7 @@ static int do_mlockall(int flags) + + /* Ignore errors */ + mlock_fixup(vma, &prev, vma->vm_start, vma->vm_end, newflags); ++ cond_resched(); + } + out: + return 0; +@@ -570,6 +573,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -118962,7 +118969,7 @@ index e04c9f8..51bc18e 100644 + (rtt >> sctp_rto_alpha); } else { diff --git a/net/socket.c b/net/socket.c -index bf9fc68..0ea7e39 100644 +index bf9fc68..27b436e 100644 --- a/net/socket.c +++ b/net/socket.c @@ -87,6 +87,7 @@ @@ -118995,6 +119002,15 @@ index bf9fc68..0ea7e39 100644 static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); +@@ -148,7 +164,7 @@ static const struct file_operations socket_file_ops = { + */ + + static DEFINE_SPINLOCK(net_family_lock); +-static const struct net_proto_family *net_families[NPROTO] __read_mostly; ++const struct net_proto_family *net_families[NPROTO] __read_mostly; + + /* + * Statistics counters of the socket lists @@ -298,7 +314,7 @@ static int sockfs_get_sb(struct file_system_type *fs_type, mnt); } @@ -119013,24 +119029,28 @@ index bf9fc68..0ea7e39 100644 /* Compatibility. -@@ -1283,6 +1301,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) - if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) - flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; +@@ -1174,6 +1192,20 @@ static int __sock_create(struct net *net, int family, int type, int protocol, + if (err) + return err; -+ if(!gr_search_socket(family, type, protocol)) { -+ retval = -EACCES; -+ goto out; ++ if(!kern && !gr_search_socket(family, type, protocol)) { ++ if (net_families[family] == NULL) ++ return -EAFNOSUPPORT; ++ else ++ return -EACCES; + } + -+ if (gr_handle_sock_all(family, type, protocol)) { -+ retval = -EACCES; -+ goto out; ++ if (!kern && gr_handle_sock_all(family, type, protocol)) { ++ if (net_families[family] == NULL) ++ return -EAFNOSUPPORT; ++ else ++ return -EACCES; + } + - retval = sock_create(family, type, protocol, &sock); - if (retval < 0) - goto out; -@@ -1415,6 +1443,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) + /* + * Allocate the socket and allow the family to set things up. if + * the protocol is 0, the family is instructed to select an appropriate +@@ -1415,6 +1447,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address); if (err >= 0) { @@ -119045,7 +119065,7 @@ index bf9fc68..0ea7e39 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1423,6 +1459,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1423,6 +1463,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -119053,7 +119073,7 @@ index bf9fc68..0ea7e39 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1446,10 +1483,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1446,10 +1487,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned)backlog > somaxconn) backlog = somaxconn; @@ -119074,7 +119094,7 @@ index bf9fc68..0ea7e39 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1492,6 +1539,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1492,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -119093,7 +119113,7 @@ index bf9fc68..0ea7e39 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1534,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1534,6 +1597,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -119102,7 +119122,7 @@ index bf9fc68..0ea7e39 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1571,6 +1632,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1571,6 +1636,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -119110,7 +119130,7 @@ index bf9fc68..0ea7e39 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1581,6 +1643,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1581,6 +1647,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -119128,7 +119148,7 @@ index bf9fc68..0ea7e39 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1728,7 +1801,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1728,7 +1805,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -119137,7 +119157,7 @@ index bf9fc68..0ea7e39 100644 int err, err2; int fput_needed; -@@ -1882,6 +1955,8 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) +@@ -1882,6 +1959,8 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) int err, ctl_len, iov_size, total_len; int fput_needed; @@ -119146,7 +119166,7 @@ index bf9fc68..0ea7e39 100644 err = -EFAULT; if (MSG_CMSG_COMPAT & flags) { if (get_compat_msghdr(&msg_sys, msg_compat)) -@@ -1987,7 +2062,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, +@@ -1987,7 +2066,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, int fput_needed; /* kernel mode address */ @@ -119155,7 +119175,7 @@ index bf9fc68..0ea7e39 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2022,7 +2097,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, +@@ -2022,7 +2101,7 @@ SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, * kernel msghdr to use the kernel address space) */ diff --git a/2.6.32/4440_grsec-remove-protected-paths.patch b/2.6.32/4440_grsec-remove-protected-paths.patch index 339cc6e..38d465e 100644 --- a/2.6.32/4440_grsec-remove-protected-paths.patch +++ b/2.6.32/4440_grsec-remove-protected-paths.patch @@ -6,7 +6,7 @@ the filesystem. diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile --- a/grsecurity/Makefile 2011-10-19 19:48:21.000000000 -0400 +++ b/grsecurity/Makefile 2011-10-19 19:50:44.000000000 -0400 -@@ -29,10 +29,4 @@ +@@ -34,10 +34,4 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y := grsec_hidesym.o $(obj)/grsec_hidesym.o: diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch index 87aa8e4..3dfdc8f 100644 --- a/2.6.32/4450_grsec-kconfig-default-gids.patch +++ b/2.6.32/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -570,7 +570,7 @@ +@@ -572,7 +572,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -790,7 +790,7 @@ +@@ -792,7 +792,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -799,7 +799,7 @@ +@@ -801,7 +801,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -892,7 +892,7 @@ +@@ -894,7 +894,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -913,7 +913,7 @@ +@@ -915,7 +915,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -931,7 +931,7 @@ +@@ -933,7 +933,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch index 19027c3..418ae16 100644 --- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -990,6 +990,27 @@ +@@ -1027,6 +1027,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.11.1/0000_README b/3.11.2/0000_README index da0f1cd..b666b59 100644 --- a/3.11.1/0000_README +++ b/3.11.2/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.11.1-201309221838.patch +Patch: 1001_linux-3.11.2.patch +From: http://www.kernel.org +Desc: Linux 3.11.2 + +Patch: 4420_grsecurity-2.9.1-3.11.2-201309281103.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.11.2/1001_linux-3.11.2.patch b/3.11.2/1001_linux-3.11.2.patch new file mode 100644 index 0000000..5d8bdf1 --- /dev/null +++ b/3.11.2/1001_linux-3.11.2.patch @@ -0,0 +1,4419 @@ +diff --git a/Makefile b/Makefile +index efd2396..aede319 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 11 +-SUBLEVEL = 1 ++SUBLEVEL = 2 + EXTRAVERSION = + NAME = Linux for Workgroups + +diff --git a/arch/arc/include/asm/sections.h b/arch/arc/include/asm/sections.h +index 6fc1159..764f1e3 100644 +--- a/arch/arc/include/asm/sections.h ++++ b/arch/arc/include/asm/sections.h +@@ -11,7 +11,6 @@ + + #include <asm-generic/sections.h> + +-extern char _int_vec_base_lds[]; + extern char __arc_dccm_base[]; + extern char __dtb_start[]; + +diff --git a/arch/arc/kernel/head.S b/arch/arc/kernel/head.S +index 2a913f8..0f944f0 100644 +--- a/arch/arc/kernel/head.S ++++ b/arch/arc/kernel/head.S +@@ -34,6 +34,9 @@ stext: + ; IDENTITY Reg [ 3 2 1 0 ] + ; (cpu-id) ^^^ => Zero for UP ARC700 + ; => #Core-ID if SMP (Master 0) ++ ; Note that non-boot CPUs might not land here if halt-on-reset and ++ ; instead breath life from @first_lines_of_secondary, but we still ++ ; need to make sure only boot cpu takes this path. + GET_CPU_ID r5 + cmp r5, 0 + jnz arc_platform_smp_wait_to_boot +@@ -98,6 +101,8 @@ stext: + + first_lines_of_secondary: + ++ sr @_int_vec_base_lds, [AUX_INTR_VEC_BASE] ++ + ; setup per-cpu idle task as "current" on this CPU + ld r0, [@secondary_idle_tsk] + SET_CURR_TASK_ON_CPU r0, r1 +diff --git a/arch/arc/kernel/irq.c b/arch/arc/kernel/irq.c +index 305b3f8..5fc9245 100644 +--- a/arch/arc/kernel/irq.c ++++ b/arch/arc/kernel/irq.c +@@ -24,7 +24,6 @@ + * -Needed for each CPU (hence not foldable into init_IRQ) + * + * what it does ? +- * -setup Vector Table Base Reg - in case Linux not linked at 0x8000_0000 + * -Disable all IRQs (on CPU side) + * -Optionally, setup the High priority Interrupts as Level 2 IRQs + */ +diff --git a/arch/arc/kernel/setup.c b/arch/arc/kernel/setup.c +index 6b08345..e818563 100644 +--- a/arch/arc/kernel/setup.c ++++ b/arch/arc/kernel/setup.c +@@ -47,10 +47,7 @@ void read_arc_build_cfg_regs(void) + READ_BCR(AUX_IDENTITY, cpu->core); + + cpu->timers = read_aux_reg(ARC_REG_TIMERS_BCR); +- + cpu->vec_base = read_aux_reg(AUX_INTR_VEC_BASE); +- if (cpu->vec_base == 0) +- cpu->vec_base = (unsigned int)_int_vec_base_lds; + + READ_BCR(ARC_REG_D_UNCACH_BCR, uncached_space); + cpu->uncached_base = uncached_space.start << 24; +diff --git a/arch/arm/mach-versatile/include/mach/platform.h b/arch/arm/mach-versatile/include/mach/platform.h +index ec08740..6f938cc 100644 +--- a/arch/arm/mach-versatile/include/mach/platform.h ++++ b/arch/arm/mach-versatile/include/mach/platform.h +@@ -231,12 +231,14 @@ + /* PCI space */ + #define VERSATILE_PCI_BASE 0x41000000 /* PCI Interface */ + #define VERSATILE_PCI_CFG_BASE 0x42000000 ++#define VERSATILE_PCI_IO_BASE 0x43000000 + #define VERSATILE_PCI_MEM_BASE0 0x44000000 + #define VERSATILE_PCI_MEM_BASE1 0x50000000 + #define VERSATILE_PCI_MEM_BASE2 0x60000000 + /* Sizes of above maps */ + #define VERSATILE_PCI_BASE_SIZE 0x01000000 + #define VERSATILE_PCI_CFG_BASE_SIZE 0x02000000 ++#define VERSATILE_PCI_IO_BASE_SIZE 0x01000000 + #define VERSATILE_PCI_MEM_BASE0_SIZE 0x0c000000 /* 32Mb */ + #define VERSATILE_PCI_MEM_BASE1_SIZE 0x10000000 /* 256Mb */ + #define VERSATILE_PCI_MEM_BASE2_SIZE 0x10000000 /* 256Mb */ +diff --git a/arch/arm/mach-versatile/pci.c b/arch/arm/mach-versatile/pci.c +index e92e5e0..c97be4e 100644 +--- a/arch/arm/mach-versatile/pci.c ++++ b/arch/arm/mach-versatile/pci.c +@@ -43,9 +43,9 @@ + #define PCI_IMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x0) + #define PCI_IMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x4) + #define PCI_IMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x8) +-#define PCI_SMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x10) +-#define PCI_SMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x14) +-#define PCI_SMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x18) ++#define PCI_SMAP0 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x14) ++#define PCI_SMAP1 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x18) ++#define PCI_SMAP2 __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0x1c) + #define PCI_SELFID __IO_ADDRESS(VERSATILE_PCI_CORE_BASE+0xc) + + #define DEVICE_ID_OFFSET 0x00 +@@ -170,8 +170,8 @@ static struct pci_ops pci_versatile_ops = { + .write = versatile_write_config, + }; + +-static struct resource io_mem = { +- .name = "PCI I/O space", ++static struct resource unused_mem = { ++ .name = "PCI unused", + .start = VERSATILE_PCI_MEM_BASE0, + .end = VERSATILE_PCI_MEM_BASE0+VERSATILE_PCI_MEM_BASE0_SIZE-1, + .flags = IORESOURCE_MEM, +@@ -195,9 +195,9 @@ static int __init pci_versatile_setup_resources(struct pci_sys_data *sys) + { + int ret = 0; + +- ret = request_resource(&iomem_resource, &io_mem); ++ ret = request_resource(&iomem_resource, &unused_mem); + if (ret) { +- printk(KERN_ERR "PCI: unable to allocate I/O " ++ printk(KERN_ERR "PCI: unable to allocate unused " + "memory region (%d)\n", ret); + goto out; + } +@@ -205,7 +205,7 @@ static int __init pci_versatile_setup_resources(struct pci_sys_data *sys) + if (ret) { + printk(KERN_ERR "PCI: unable to allocate non-prefetchable " + "memory region (%d)\n", ret); +- goto release_io_mem; ++ goto release_unused_mem; + } + ret = request_resource(&iomem_resource, &pre_mem); + if (ret) { +@@ -225,8 +225,8 @@ static int __init pci_versatile_setup_resources(struct pci_sys_data *sys) + + release_non_mem: + release_resource(&non_mem); +- release_io_mem: +- release_resource(&io_mem); ++ release_unused_mem: ++ release_resource(&unused_mem); + out: + return ret; + } +@@ -246,7 +246,7 @@ int __init pci_versatile_setup(int nr, struct pci_sys_data *sys) + goto out; + } + +- ret = pci_ioremap_io(0, VERSATILE_PCI_MEM_BASE0); ++ ret = pci_ioremap_io(0, VERSATILE_PCI_IO_BASE); + if (ret) + goto out; + +@@ -295,6 +295,19 @@ int __init pci_versatile_setup(int nr, struct pci_sys_data *sys) + __raw_writel(PHYS_OFFSET, local_pci_cfg_base + PCI_BASE_ADDRESS_2); + + /* ++ * For many years the kernel and QEMU were symbiotically buggy ++ * in that they both assumed the same broken IRQ mapping. ++ * QEMU therefore attempts to auto-detect old broken kernels ++ * so that they still work on newer QEMU as they did on old ++ * QEMU. Since we now use the correct (ie matching-hardware) ++ * IRQ mapping we write a definitely different value to a ++ * PCI_INTERRUPT_LINE register to tell QEMU that we expect ++ * real hardware behaviour and it need not be backwards ++ * compatible for us. This write is harmless on real hardware. ++ */ ++ __raw_writel(0, VERSATILE_PCI_VIRT_BASE+PCI_INTERRUPT_LINE); ++ ++ /* + * Do not to map Versatile FPGA PCI device into memory space + */ + pci_slot_ignore |= (1 << myslot); +@@ -327,13 +340,13 @@ static int __init versatile_map_irq(const struct pci_dev *dev, u8 slot, u8 pin) + { + int irq; + +- /* slot, pin, irq +- * 24 1 IRQ_SIC_PCI0 +- * 25 1 IRQ_SIC_PCI1 +- * 26 1 IRQ_SIC_PCI2 +- * 27 1 IRQ_SIC_PCI3 ++ /* ++ * Slot INTA INTB INTC INTD ++ * 31 PCI1 PCI2 PCI3 PCI0 ++ * 30 PCI0 PCI1 PCI2 PCI3 ++ * 29 PCI3 PCI0 PCI1 PCI2 + */ +- irq = IRQ_SIC_PCI0 + ((slot - 24 + pin - 1) & 3); ++ irq = IRQ_SIC_PCI0 + ((slot + 2 + pin - 1) & 3); + + return irq; + } +diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c +index 8a6295c..7071fca 100644 +--- a/arch/arm/xen/enlighten.c ++++ b/arch/arm/xen/enlighten.c +@@ -273,12 +273,15 @@ core_initcall(xen_guest_init); + + static int __init xen_pm_init(void) + { ++ if (!xen_domain()) ++ return -ENODEV; ++ + pm_power_off = xen_power_off; + arm_pm_restart = xen_restart; + + return 0; + } +-subsys_initcall(xen_pm_init); ++late_initcall(xen_pm_init); + + static irqreturn_t xen_arm_callback(int irq, void *arg) + { +diff --git a/arch/arm64/kernel/perf_event.c b/arch/arm64/kernel/perf_event.c +index 12e6ccb..cea1594 100644 +--- a/arch/arm64/kernel/perf_event.c ++++ b/arch/arm64/kernel/perf_event.c +@@ -325,7 +325,10 @@ validate_event(struct pmu_hw_events *hw_events, + if (is_software_event(event)) + return 1; + +- if (event->pmu != leader_pmu || event->state <= PERF_EVENT_STATE_OFF) ++ if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF) ++ return 1; ++ ++ if (event->state == PERF_EVENT_STATE_OFF && !event->attr.enable_on_exec) + return 1; + + return armpmu->get_event_idx(hw_events, &fake_event) >= 0; +@@ -781,7 +784,7 @@ static const unsigned armv8_pmuv3_perf_cache_map[PERF_COUNT_HW_CACHE_MAX] + /* + * PMXEVTYPER: Event selection reg + */ +-#define ARMV8_EVTYPE_MASK 0xc00000ff /* Mask for writable bits */ ++#define ARMV8_EVTYPE_MASK 0xc80000ff /* Mask for writable bits */ + #define ARMV8_EVTYPE_EVENT 0xff /* Mask for EVENT bits */ + + /* +diff --git a/arch/mips/ath79/clock.c b/arch/mips/ath79/clock.c +index 765ef30..733017b 100644 +--- a/arch/mips/ath79/clock.c ++++ b/arch/mips/ath79/clock.c +@@ -164,7 +164,7 @@ static void __init ar933x_clocks_init(void) + ath79_ahb_clk.rate = freq / t; + } + +- ath79_wdt_clk.rate = ath79_ref_clk.rate; ++ ath79_wdt_clk.rate = ath79_ahb_clk.rate; + ath79_uart_clk.rate = ath79_ref_clk.rate; + } + +diff --git a/arch/powerpc/kernel/align.c b/arch/powerpc/kernel/align.c +index ee5b690..52e5758 100644 +--- a/arch/powerpc/kernel/align.c ++++ b/arch/powerpc/kernel/align.c +@@ -764,6 +764,16 @@ int fix_alignment(struct pt_regs *regs) + nb = aligninfo[instr].len; + flags = aligninfo[instr].flags; + ++ /* ldbrx/stdbrx overlap lfs/stfs in the DSISR unfortunately */ ++ if (IS_XFORM(instruction) && ((instruction >> 1) & 0x3ff) == 532) { ++ nb = 8; ++ flags = LD+SW; ++ } else if (IS_XFORM(instruction) && ++ ((instruction >> 1) & 0x3ff) == 660) { ++ nb = 8; ++ flags = ST+SW; ++ } ++ + /* Byteswap little endian loads and stores */ + swiz = 0; + if (regs->msr & MSR_LE) { +diff --git a/arch/powerpc/kvm/book3s_xics.c b/arch/powerpc/kvm/book3s_xics.c +index 94c1dd4..a3a5cb8 100644 +--- a/arch/powerpc/kvm/book3s_xics.c ++++ b/arch/powerpc/kvm/book3s_xics.c +@@ -19,6 +19,7 @@ + #include <asm/hvcall.h> + #include <asm/xics.h> + #include <asm/debug.h> ++#include <asm/time.h> + + #include <linux/debugfs.h> + #include <linux/seq_file.h> +diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c +index c11c823..54b998f 100644 +--- a/arch/powerpc/platforms/pseries/setup.c ++++ b/arch/powerpc/platforms/pseries/setup.c +@@ -354,7 +354,7 @@ static int alloc_dispatch_log_kmem_cache(void) + } + early_initcall(alloc_dispatch_log_kmem_cache); + +-static void pSeries_idle(void) ++static void pseries_lpar_idle(void) + { + /* This would call on the cpuidle framework, and the back-end pseries + * driver to go to idle states +@@ -362,10 +362,22 @@ static void pSeries_idle(void) + if (cpuidle_idle_call()) { + /* On error, execute default handler + * to go into low thread priority and possibly +- * low power mode. ++ * low power mode by cedeing processor to hypervisor + */ +- HMT_low(); +- HMT_very_low(); ++ ++ /* Indicate to hypervisor that we are idle. */ ++ get_lppaca()->idle = 1; ++ ++ /* ++ * Yield the processor to the hypervisor. We return if ++ * an external interrupt occurs (which are driven prior ++ * to returning here) or if a prod occurs from another ++ * processor. When returning here, external interrupts ++ * are enabled. ++ */ ++ cede_processor(); ++ ++ get_lppaca()->idle = 0; + } + } + +@@ -456,15 +468,14 @@ static void __init pSeries_setup_arch(void) + + pSeries_nvram_init(); + +- if (firmware_has_feature(FW_FEATURE_SPLPAR)) { ++ if (firmware_has_feature(FW_FEATURE_LPAR)) { + vpa_init(boot_cpuid); +- ppc_md.power_save = pSeries_idle; +- } +- +- if (firmware_has_feature(FW_FEATURE_LPAR)) ++ ppc_md.power_save = pseries_lpar_idle; + ppc_md.enable_pmcs = pseries_lpar_enable_pmcs; +- else ++ } else { ++ /* No special idle routine */ + ppc_md.enable_pmcs = power4_enable_pmcs; ++ } + + ppc_md.pcibios_root_bridge_prepare = pseries_root_bridge_prepare; + +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c +index d5f10a4..7092392 100644 +--- a/arch/s390/net/bpf_jit_comp.c ++++ b/arch/s390/net/bpf_jit_comp.c +@@ -805,7 +805,7 @@ static struct bpf_binary_header *bpf_alloc_binary(unsigned int bpfsize, + return NULL; + memset(header, 0, sz); + header->pages = sz / PAGE_SIZE; +- hole = sz - bpfsize + sizeof(*header); ++ hole = sz - (bpfsize + sizeof(*header)); + /* Insert random number of illegal instructions before BPF code + * and make sure the first instruction starts at an even address. + */ +diff --git a/arch/um/include/shared/os.h b/arch/um/include/shared/os.h +index 95feaa4..c70a234 100644 +--- a/arch/um/include/shared/os.h ++++ b/arch/um/include/shared/os.h +@@ -200,6 +200,7 @@ extern int os_unmap_memory(void *addr, int len); + extern int os_drop_memory(void *addr, int length); + extern int can_drop_memory(void); + extern void os_flush_stdout(void); ++extern int os_mincore(void *addr, unsigned long len); + + /* execvp.c */ + extern int execvp_noalloc(char *buf, const char *file, char *const argv[]); +diff --git a/arch/um/kernel/Makefile b/arch/um/kernel/Makefile +index babe218..d8b78a0 100644 +--- a/arch/um/kernel/Makefile ++++ b/arch/um/kernel/Makefile +@@ -13,7 +13,7 @@ clean-files := + obj-y = config.o exec.o exitcode.o irq.o ksyms.o mem.o \ + physmem.o process.o ptrace.o reboot.o sigio.o \ + signal.o smp.o syscall.o sysrq.o time.o tlb.o trap.o \ +- um_arch.o umid.o skas/ ++ um_arch.o umid.o maccess.o skas/ + + obj-$(CONFIG_BLK_DEV_INITRD) += initrd.o + obj-$(CONFIG_GPROF) += gprof_syms.o +diff --git a/arch/um/kernel/maccess.c b/arch/um/kernel/maccess.c +new file mode 100644 +index 0000000..1f3d5c4 +--- /dev/null ++++ b/arch/um/kernel/maccess.c +@@ -0,0 +1,24 @@ ++/* ++ * Copyright (C) 2013 Richard Weinberger <richrd@nod.at> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 as ++ * published by the Free Software Foundation. ++ */ ++ ++#include <linux/uaccess.h> ++#include <linux/kernel.h> ++#include <os.h> ++ ++long probe_kernel_read(void *dst, const void *src, size_t size) ++{ ++ void *psrc = (void *)rounddown((unsigned long)src, PAGE_SIZE); ++ ++ if ((unsigned long)src < PAGE_SIZE || size <= 0) ++ return -EFAULT; ++ ++ if (os_mincore(psrc, size + src - psrc) <= 0) ++ return -EFAULT; ++ ++ return __probe_kernel_read(dst, src, size); ++} +diff --git a/arch/um/os-Linux/process.c b/arch/um/os-Linux/process.c +index b8f34c9..67b9c8f 100644 +--- a/arch/um/os-Linux/process.c ++++ b/arch/um/os-Linux/process.c +@@ -4,6 +4,7 @@ + */ + + #include <stdio.h> ++#include <stdlib.h> + #include <unistd.h> + #include <errno.h> + #include <signal.h> +@@ -232,6 +233,57 @@ out: + return ok; + } + ++static int os_page_mincore(void *addr) ++{ ++ char vec[2]; ++ int ret; ++ ++ ret = mincore(addr, UM_KERN_PAGE_SIZE, vec); ++ if (ret < 0) { ++ if (errno == ENOMEM || errno == EINVAL) ++ return 0; ++ else ++ return -errno; ++ } ++ ++ return vec[0] & 1; ++} ++ ++int os_mincore(void *addr, unsigned long len) ++{ ++ char *vec; ++ int ret, i; ++ ++ if (len <= UM_KERN_PAGE_SIZE) ++ return os_page_mincore(addr); ++ ++ vec = calloc(1, (len + UM_KERN_PAGE_SIZE - 1) / UM_KERN_PAGE_SIZE); ++ if (!vec) ++ return -ENOMEM; ++ ++ ret = mincore(addr, UM_KERN_PAGE_SIZE, vec); ++ if (ret < 0) { ++ if (errno == ENOMEM || errno == EINVAL) ++ ret = 0; ++ else ++ ret = -errno; ++ ++ goto out; ++ } ++ ++ for (i = 0; i < ((len + UM_KERN_PAGE_SIZE - 1) / UM_KERN_PAGE_SIZE); i++) { ++ if (!(vec[i] & 1)) { ++ ret = 0; ++ goto out; ++ } ++ } ++ ++ ret = 1; ++out: ++ free(vec); ++ return ret; ++} ++ + void init_new_thread_signals(void) + { + set_handler(SIGSEGV); +diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c +index bccfca6..665a730 100644 +--- a/arch/x86/ia32/ia32_signal.c ++++ b/arch/x86/ia32/ia32_signal.c +@@ -457,7 +457,7 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, + else + put_user_ex(0, &frame->uc.uc_flags); + put_user_ex(0, &frame->uc.uc_link); +- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp); ++ compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp); + + if (ksig->ka.sa.sa_flags & SA_RESTORER) + restorer = ksig->ka.sa.sa_restorer; +diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h +index 46fc474..f50de69 100644 +--- a/arch/x86/include/asm/checksum_32.h ++++ b/arch/x86/include/asm/checksum_32.h +@@ -49,9 +49,15 @@ static inline __wsum csum_partial_copy_from_user(const void __user *src, + int len, __wsum sum, + int *err_ptr) + { ++ __wsum ret; ++ + might_sleep(); +- return csum_partial_copy_generic((__force void *)src, dst, +- len, sum, err_ptr, NULL); ++ stac(); ++ ret = csum_partial_copy_generic((__force void *)src, dst, ++ len, sum, err_ptr, NULL); ++ clac(); ++ ++ return ret; + } + + /* +@@ -176,10 +182,16 @@ static inline __wsum csum_and_copy_to_user(const void *src, + int len, __wsum sum, + int *err_ptr) + { ++ __wsum ret; ++ + might_sleep(); +- if (access_ok(VERIFY_WRITE, dst, len)) +- return csum_partial_copy_generic(src, (__force void *)dst, +- len, sum, NULL, err_ptr); ++ if (access_ok(VERIFY_WRITE, dst, len)) { ++ stac(); ++ ret = csum_partial_copy_generic(src, (__force void *)dst, ++ len, sum, NULL, err_ptr); ++ clac(); ++ return ret; ++ } + + if (len) + *err_ptr = -EFAULT; +diff --git a/arch/x86/include/asm/mce.h b/arch/x86/include/asm/mce.h +index 29e3093..aa97342 100644 +--- a/arch/x86/include/asm/mce.h ++++ b/arch/x86/include/asm/mce.h +@@ -32,11 +32,20 @@ + #define MCI_STATUS_PCC (1ULL<<57) /* processor context corrupt */ + #define MCI_STATUS_S (1ULL<<56) /* Signaled machine check */ + #define MCI_STATUS_AR (1ULL<<55) /* Action required */ +-#define MCACOD 0xffff /* MCA Error Code */ ++ ++/* ++ * Note that the full MCACOD field of IA32_MCi_STATUS MSR is ++ * bits 15:0. But bit 12 is the 'F' bit, defined for corrected ++ * errors to indicate that errors are being filtered by hardware. ++ * We should mask out bit 12 when looking for specific signatures ++ * of uncorrected errors - so the F bit is deliberately skipped ++ * in this #define. ++ */ ++#define MCACOD 0xefff /* MCA Error Code */ + + /* Architecturally defined codes from SDM Vol. 3B Chapter 15 */ + #define MCACOD_SCRUB 0x00C0 /* 0xC0-0xCF Memory Scrubbing */ +-#define MCACOD_SCRUBMSK 0xfff0 ++#define MCACOD_SCRUBMSK 0xeff0 /* Skip bit 12 ('F' bit) */ + #define MCACOD_L3WB 0x017A /* L3 Explicit Writeback */ + #define MCACOD_DATA 0x0134 /* Data Load */ + #define MCACOD_INSTR 0x0150 /* Instruction Fetch */ +diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h +index cdbf367..be12c53 100644 +--- a/arch/x86/include/asm/mmu_context.h ++++ b/arch/x86/include/asm/mmu_context.h +@@ -45,22 +45,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, + /* Re-load page tables */ + load_cr3(next->pgd); + +- /* stop flush ipis for the previous mm */ ++ /* Stop flush ipis for the previous mm */ + cpumask_clear_cpu(cpu, mm_cpumask(prev)); + +- /* +- * load the LDT, if the LDT is different: +- */ ++ /* Load the LDT, if the LDT is different: */ + if (unlikely(prev->context.ldt != next->context.ldt)) + load_LDT_nolock(&next->context); + } + #ifdef CONFIG_SMP +- else { ++ else { + this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); + BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); + +- if (!cpumask_test_and_set_cpu(cpu, mm_cpumask(next))) { +- /* We were in lazy tlb mode and leave_mm disabled ++ if (!cpumask_test_cpu(cpu, mm_cpumask(next))) { ++ /* ++ * On established mms, the mm_cpumask is only changed ++ * from irq context, from ptep_clear_flush() while in ++ * lazy tlb mode, and here. Irqs are blocked during ++ * schedule, protecting us from simultaneous changes. ++ */ ++ cpumask_set_cpu(cpu, mm_cpumask(next)); ++ /* ++ * We were in lazy tlb mode and leave_mm disabled + * tlb flush IPI delivery. We must reload CR3 + * to make sure to use no freed page tables. + */ +diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c +index 3048ded..59554dc 100644 +--- a/arch/x86/kernel/amd_nb.c ++++ b/arch/x86/kernel/amd_nb.c +@@ -20,6 +20,7 @@ const struct pci_device_id amd_nb_misc_ids[] = { + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_10H_NB_MISC) }, + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F3) }, + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M10H_F3) }, ++ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M30H_NB_F3) }, + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F3) }, + {} + }; +@@ -27,6 +28,7 @@ EXPORT_SYMBOL(amd_nb_misc_ids); + + static const struct pci_device_id amd_nb_link_ids[] = { + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_NB_F4) }, ++ { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_15H_M30H_NB_F4) }, + { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_16H_NB_F4) }, + {} + }; +@@ -81,13 +83,20 @@ int amd_cache_northbridges(void) + next_northbridge(misc, amd_nb_misc_ids); + node_to_amd_nb(i)->link = link = + next_northbridge(link, amd_nb_link_ids); +- } ++ } + ++ /* GART present only on Fam15h upto model 0fh */ + if (boot_cpu_data.x86 == 0xf || boot_cpu_data.x86 == 0x10 || +- boot_cpu_data.x86 == 0x15) ++ (boot_cpu_data.x86 == 0x15 && boot_cpu_data.x86_model < 0x10)) + amd_northbridges.flags |= AMD_NB_GART; + + /* ++ * Check for L3 cache presence. ++ */ ++ if (!cpuid_edx(0x80000006)) ++ return 0; ++ ++ /* + * Some CPU families support L3 Cache Index Disable. There are some + * limitations because of E382 and E388 on family 0x10. + */ +diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c +index cf91358..d859eea 100644 +--- a/arch/x86/kernel/signal.c ++++ b/arch/x86/kernel/signal.c +@@ -358,7 +358,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, + else + put_user_ex(0, &frame->uc.uc_flags); + put_user_ex(0, &frame->uc.uc_link); +- err |= __save_altstack(&frame->uc.uc_stack, regs->sp); ++ save_altstack_ex(&frame->uc.uc_stack, regs->sp); + + /* Set up to return from userspace. */ + restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); +@@ -423,7 +423,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, + else + put_user_ex(0, &frame->uc.uc_flags); + put_user_ex(0, &frame->uc.uc_link); +- err |= __save_altstack(&frame->uc.uc_stack, regs->sp); ++ save_altstack_ex(&frame->uc.uc_stack, regs->sp); + + /* Set up to return from userspace. If provided, use a stub + already in userspace. */ +@@ -490,7 +490,7 @@ static int x32_setup_rt_frame(struct ksignal *ksig, + else + put_user_ex(0, &frame->uc.uc_flags); + put_user_ex(0, &frame->uc.uc_link); +- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp); ++ compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp); + put_user_ex(0, &frame->uc.uc__pad0); + + if (ksig->ka.sa.sa_flags & SA_RESTORER) { +diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c +index 25b7ae8..7609e0e 100644 +--- a/arch/x86/lib/csum-wrappers_64.c ++++ b/arch/x86/lib/csum-wrappers_64.c +@@ -6,6 +6,7 @@ + */ + #include <asm/checksum.h> + #include <linux/module.h> ++#include <asm/smap.h> + + /** + * csum_partial_copy_from_user - Copy and checksum from user space. +@@ -52,8 +53,10 @@ csum_partial_copy_from_user(const void __user *src, void *dst, + len -= 2; + } + } ++ stac(); + isum = csum_partial_copy_generic((__force const void *)src, + dst, len, isum, errp, NULL); ++ clac(); + if (unlikely(*errp)) + goto out_err; + +@@ -82,6 +85,8 @@ __wsum + csum_partial_copy_to_user(const void *src, void __user *dst, + int len, __wsum isum, int *errp) + { ++ __wsum ret; ++ + might_sleep(); + + if (unlikely(!access_ok(VERIFY_WRITE, dst, len))) { +@@ -105,8 +110,11 @@ csum_partial_copy_to_user(const void *src, void __user *dst, + } + + *errp = 0; +- return csum_partial_copy_generic(src, (void __force *)dst, +- len, isum, NULL, errp); ++ stac(); ++ ret = csum_partial_copy_generic(src, (void __force *)dst, ++ len, isum, NULL, errp); ++ clac(); ++ return ret; + } + EXPORT_SYMBOL(csum_partial_copy_to_user); + +diff --git a/arch/xtensa/kernel/xtensa_ksyms.c b/arch/xtensa/kernel/xtensa_ksyms.c +index d8507f8..74a60c7 100644 +--- a/arch/xtensa/kernel/xtensa_ksyms.c ++++ b/arch/xtensa/kernel/xtensa_ksyms.c +@@ -25,6 +25,7 @@ + #include <asm/io.h> + #include <asm/page.h> + #include <asm/pgalloc.h> ++#include <asm/ftrace.h> + #ifdef CONFIG_BLK_DEV_FD + #include <asm/floppy.h> + #endif +diff --git a/crypto/api.c b/crypto/api.c +index 3b61803..37c4c72 100644 +--- a/crypto/api.c ++++ b/crypto/api.c +@@ -34,6 +34,8 @@ EXPORT_SYMBOL_GPL(crypto_alg_sem); + BLOCKING_NOTIFIER_HEAD(crypto_chain); + EXPORT_SYMBOL_GPL(crypto_chain); + ++static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg); ++ + struct crypto_alg *crypto_mod_get(struct crypto_alg *alg) + { + return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL; +@@ -144,8 +146,11 @@ static struct crypto_alg *crypto_larval_add(const char *name, u32 type, + } + up_write(&crypto_alg_sem); + +- if (alg != &larval->alg) ++ if (alg != &larval->alg) { + kfree(larval); ++ if (crypto_is_larval(alg)) ++ alg = crypto_larval_wait(alg); ++ } + + return alg; + } +diff --git a/drivers/acpi/acpi_lpss.c b/drivers/acpi/acpi_lpss.c +index 6a38218..fb78bb9 100644 +--- a/drivers/acpi/acpi_lpss.c ++++ b/drivers/acpi/acpi_lpss.c +@@ -257,12 +257,13 @@ static int acpi_lpss_create_device(struct acpi_device *adev, + pdata->mmio_size = resource_size(&rentry->res); + pdata->mmio_base = ioremap(rentry->res.start, + pdata->mmio_size); +- pdata->dev_desc = dev_desc; + break; + } + + acpi_dev_free_resource_list(&resource_list); + ++ pdata->dev_desc = dev_desc; ++ + if (dev_desc->clk_required) { + ret = register_device_clock(adev, pdata); + if (ret) { +diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c +index 5917839..a67853e 100644 +--- a/drivers/acpi/pci_root.c ++++ b/drivers/acpi/pci_root.c +@@ -378,6 +378,7 @@ static int acpi_pci_root_add(struct acpi_device *device, + struct acpi_pci_root *root; + u32 flags, base_flags; + acpi_handle handle = device->handle; ++ bool no_aspm = false, clear_aspm = false; + + root = kzalloc(sizeof(struct acpi_pci_root), GFP_KERNEL); + if (!root) +@@ -437,27 +438,6 @@ static int acpi_pci_root_add(struct acpi_device *device, + flags = base_flags = OSC_PCI_SEGMENT_GROUPS_SUPPORT; + acpi_pci_osc_support(root, flags); + +- /* +- * TBD: Need PCI interface for enumeration/configuration of roots. +- */ +- +- /* +- * Scan the Root Bridge +- * -------------------- +- * Must do this prior to any attempt to bind the root device, as the +- * PCI namespace does not get created until this call is made (and +- * thus the root bridge's pci_dev does not exist). +- */ +- root->bus = pci_acpi_scan_root(root); +- if (!root->bus) { +- dev_err(&device->dev, +- "Bus %04x:%02x not present in PCI namespace\n", +- root->segment, (unsigned int)root->secondary.start); +- result = -ENODEV; +- goto end; +- } +- +- /* Indicate support for various _OSC capabilities. */ + if (pci_ext_cfg_avail()) + flags |= OSC_EXT_PCI_CONFIG_SUPPORT; + if (pcie_aspm_support_enabled()) { +@@ -471,7 +451,7 @@ static int acpi_pci_root_add(struct acpi_device *device, + if (ACPI_FAILURE(status)) { + dev_info(&device->dev, "ACPI _OSC support " + "notification failed, disabling PCIe ASPM\n"); +- pcie_no_aspm(); ++ no_aspm = true; + flags = base_flags; + } + } +@@ -503,7 +483,7 @@ static int acpi_pci_root_add(struct acpi_device *device, + * We have ASPM control, but the FADT indicates + * that it's unsupported. Clear it. + */ +- pcie_clear_aspm(root->bus); ++ clear_aspm = true; + } + } else { + dev_info(&device->dev, +@@ -512,7 +492,14 @@ static int acpi_pci_root_add(struct acpi_device *device, + acpi_format_exception(status), flags); + dev_info(&device->dev, + "ACPI _OSC control for PCIe not granted, disabling ASPM\n"); +- pcie_no_aspm(); ++ /* ++ * We want to disable ASPM here, but aspm_disabled ++ * needs to remain in its state from boot so that we ++ * properly handle PCIe 1.1 devices. So we set this ++ * flag here, to defer the action until after the ACPI ++ * root scan. ++ */ ++ no_aspm = true; + } + } else { + dev_info(&device->dev, +@@ -520,6 +507,33 @@ static int acpi_pci_root_add(struct acpi_device *device, + "(_OSC support mask: 0x%02x)\n", flags); + } + ++ /* ++ * TBD: Need PCI interface for enumeration/configuration of roots. ++ */ ++ ++ /* ++ * Scan the Root Bridge ++ * -------------------- ++ * Must do this prior to any attempt to bind the root device, as the ++ * PCI namespace does not get created until this call is made (and ++ * thus the root bridge's pci_dev does not exist). ++ */ ++ root->bus = pci_acpi_scan_root(root); ++ if (!root->bus) { ++ dev_err(&device->dev, ++ "Bus %04x:%02x not present in PCI namespace\n", ++ root->segment, (unsigned int)root->secondary.start); ++ result = -ENODEV; ++ goto end; ++ } ++ ++ if (clear_aspm) { ++ dev_info(&device->dev, "Disabling ASPM (FADT indicates it is unsupported)\n"); ++ pcie_clear_aspm(root->bus); ++ } ++ if (no_aspm) ++ pcie_no_aspm(); ++ + pci_acpi_add_bus_pm_notifier(device, root->bus); + if (device->wakeup.flags.run_wake) + device_set_run_wake(root->bus->bridge, true); +diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c +index a439602..c8dac74 100644 +--- a/drivers/base/firmware_class.c ++++ b/drivers/base/firmware_class.c +@@ -868,8 +868,15 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, + goto err_del_dev; + } + ++ mutex_lock(&fw_lock); ++ list_add(&buf->pending_list, &pending_fw_head); ++ mutex_unlock(&fw_lock); ++ + retval = device_create_file(f_dev, &dev_attr_loading); + if (retval) { ++ mutex_lock(&fw_lock); ++ list_del_init(&buf->pending_list); ++ mutex_unlock(&fw_lock); + dev_err(f_dev, "%s: device_create_file failed\n", __func__); + goto err_del_bin_attr; + } +@@ -884,10 +891,6 @@ static int _request_firmware_load(struct firmware_priv *fw_priv, bool uevent, + kobject_uevent(&fw_priv->dev.kobj, KOBJ_ADD); + } + +- mutex_lock(&fw_lock); +- list_add(&buf->pending_list, &pending_fw_head); +- mutex_unlock(&fw_lock); +- + wait_for_completion(&buf->completion); + + cancel_delayed_work_sync(&fw_priv->timeout_work); +diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c +index 5349575..6c2652a 100644 +--- a/drivers/base/regmap/regmap-debugfs.c ++++ b/drivers/base/regmap/regmap-debugfs.c +@@ -85,8 +85,8 @@ static unsigned int regmap_debugfs_get_dump_start(struct regmap *map, + unsigned int reg_offset; + + /* Suppress the cache if we're using a subrange */ +- if (from) +- return from; ++ if (base) ++ return base; + + /* + * If we don't have a cache build one so we don't have to do a +diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c +index 4ad2ad9..45aa20a 100644 +--- a/drivers/block/rbd.c ++++ b/drivers/block/rbd.c +@@ -1557,11 +1557,12 @@ rbd_img_obj_request_read_callback(struct rbd_obj_request *obj_request) + obj_request, obj_request->img_request, obj_request->result, + xferred, length); + /* +- * ENOENT means a hole in the image. We zero-fill the +- * entire length of the request. A short read also implies +- * zero-fill to the end of the request. Either way we +- * update the xferred count to indicate the whole request +- * was satisfied. ++ * ENOENT means a hole in the image. We zero-fill the entire ++ * length of the request. A short read also implies zero-fill ++ * to the end of the request. An error requires the whole ++ * length of the request to be reported finished with an error ++ * to the block layer. In each case we update the xferred ++ * count to indicate the whole request was satisfied. + */ + rbd_assert(obj_request->type != OBJ_REQUEST_NODATA); + if (obj_request->result == -ENOENT) { +@@ -1570,14 +1571,13 @@ rbd_img_obj_request_read_callback(struct rbd_obj_request *obj_request) + else + zero_pages(obj_request->pages, 0, length); + obj_request->result = 0; +- obj_request->xferred = length; + } else if (xferred < length && !obj_request->result) { + if (obj_request->type == OBJ_REQUEST_BIO) + zero_bio_chain(obj_request->bio_list, xferred); + else + zero_pages(obj_request->pages, xferred, length); +- obj_request->xferred = length; + } ++ obj_request->xferred = length; + obj_request_done_set(obj_request); + } + +diff --git a/drivers/clk/clk-wm831x.c b/drivers/clk/clk-wm831x.c +index 1b3f8c9..1d5af3f 100644 +--- a/drivers/clk/clk-wm831x.c ++++ b/drivers/clk/clk-wm831x.c +@@ -360,6 +360,8 @@ static int wm831x_clk_probe(struct platform_device *pdev) + if (!clkdata) + return -ENOMEM; + ++ clkdata->wm831x = wm831x; ++ + /* XTAL_ENA can only be set via OTP/InstantConfig so just read once */ + ret = wm831x_reg_read(wm831x, WM831X_CLOCK_CONTROL_2); + if (ret < 0) { +diff --git a/drivers/cpuidle/coupled.c b/drivers/cpuidle/coupled.c +index 2a297f8..fe853903 100644 +--- a/drivers/cpuidle/coupled.c ++++ b/drivers/cpuidle/coupled.c +@@ -106,6 +106,7 @@ struct cpuidle_coupled { + cpumask_t coupled_cpus; + int requested_state[NR_CPUS]; + atomic_t ready_waiting_counts; ++ atomic_t abort_barrier; + int online_count; + int refcnt; + int prevent; +@@ -122,12 +123,19 @@ static DEFINE_MUTEX(cpuidle_coupled_lock); + static DEFINE_PER_CPU(struct call_single_data, cpuidle_coupled_poke_cb); + + /* +- * The cpuidle_coupled_poked_mask mask is used to avoid calling ++ * The cpuidle_coupled_poke_pending mask is used to avoid calling + * __smp_call_function_single with the per cpu call_single_data struct already + * in use. This prevents a deadlock where two cpus are waiting for each others + * call_single_data struct to be available + */ +-static cpumask_t cpuidle_coupled_poked_mask; ++static cpumask_t cpuidle_coupled_poke_pending; ++ ++/* ++ * The cpuidle_coupled_poked mask is used to ensure that each cpu has been poked ++ * once to minimize entering the ready loop with a poke pending, which would ++ * require aborting and retrying. ++ */ ++static cpumask_t cpuidle_coupled_poked; + + /** + * cpuidle_coupled_parallel_barrier - synchronize all online coupled cpus +@@ -291,10 +299,11 @@ static inline int cpuidle_coupled_get_state(struct cpuidle_device *dev, + return state; + } + +-static void cpuidle_coupled_poked(void *info) ++static void cpuidle_coupled_handle_poke(void *info) + { + int cpu = (unsigned long)info; +- cpumask_clear_cpu(cpu, &cpuidle_coupled_poked_mask); ++ cpumask_set_cpu(cpu, &cpuidle_coupled_poked); ++ cpumask_clear_cpu(cpu, &cpuidle_coupled_poke_pending); + } + + /** +@@ -313,7 +322,7 @@ static void cpuidle_coupled_poke(int cpu) + { + struct call_single_data *csd = &per_cpu(cpuidle_coupled_poke_cb, cpu); + +- if (!cpumask_test_and_set_cpu(cpu, &cpuidle_coupled_poked_mask)) ++ if (!cpumask_test_and_set_cpu(cpu, &cpuidle_coupled_poke_pending)) + __smp_call_function_single(cpu, csd, 0); + } + +@@ -340,30 +349,19 @@ static void cpuidle_coupled_poke_others(int this_cpu, + * @coupled: the struct coupled that contains the current cpu + * @next_state: the index in drv->states of the requested state for this cpu + * +- * Updates the requested idle state for the specified cpuidle device, +- * poking all coupled cpus out of idle if necessary to let them see the new +- * state. ++ * Updates the requested idle state for the specified cpuidle device. ++ * Returns the number of waiting cpus. + */ +-static void cpuidle_coupled_set_waiting(int cpu, ++static int cpuidle_coupled_set_waiting(int cpu, + struct cpuidle_coupled *coupled, int next_state) + { +- int w; +- + coupled->requested_state[cpu] = next_state; + + /* +- * If this is the last cpu to enter the waiting state, poke +- * all the other cpus out of their waiting state so they can +- * enter a deeper state. This can race with one of the cpus +- * exiting the waiting state due to an interrupt and +- * decrementing waiting_count, see comment below. +- * + * The atomic_inc_return provides a write barrier to order the write + * to requested_state with the later write that increments ready_count. + */ +- w = atomic_inc_return(&coupled->ready_waiting_counts) & WAITING_MASK; +- if (w == coupled->online_count) +- cpuidle_coupled_poke_others(cpu, coupled); ++ return atomic_inc_return(&coupled->ready_waiting_counts) & WAITING_MASK; + } + + /** +@@ -410,19 +408,33 @@ static void cpuidle_coupled_set_done(int cpu, struct cpuidle_coupled *coupled) + * been processed and the poke bit has been cleared. + * + * Other interrupts may also be processed while interrupts are enabled, so +- * need_resched() must be tested after turning interrupts off again to make sure ++ * need_resched() must be tested after this function returns to make sure + * the interrupt didn't schedule work that should take the cpu out of idle. + * +- * Returns 0 if need_resched was false, -EINTR if need_resched was true. ++ * Returns 0 if no poke was pending, 1 if a poke was cleared. + */ + static int cpuidle_coupled_clear_pokes(int cpu) + { ++ if (!cpumask_test_cpu(cpu, &cpuidle_coupled_poke_pending)) ++ return 0; ++ + local_irq_enable(); +- while (cpumask_test_cpu(cpu, &cpuidle_coupled_poked_mask)) ++ while (cpumask_test_cpu(cpu, &cpuidle_coupled_poke_pending)) + cpu_relax(); + local_irq_disable(); + +- return need_resched() ? -EINTR : 0; ++ return 1; ++} ++ ++static bool cpuidle_coupled_any_pokes_pending(struct cpuidle_coupled *coupled) ++{ ++ cpumask_t cpus; ++ int ret; ++ ++ cpumask_and(&cpus, cpu_online_mask, &coupled->coupled_cpus); ++ ret = cpumask_and(&cpus, &cpuidle_coupled_poke_pending, &cpus); ++ ++ return ret; + } + + /** +@@ -449,12 +461,14 @@ int cpuidle_enter_state_coupled(struct cpuidle_device *dev, + { + int entered_state = -1; + struct cpuidle_coupled *coupled = dev->coupled; ++ int w; + + if (!coupled) + return -EINVAL; + + while (coupled->prevent) { +- if (cpuidle_coupled_clear_pokes(dev->cpu)) { ++ cpuidle_coupled_clear_pokes(dev->cpu); ++ if (need_resched()) { + local_irq_enable(); + return entered_state; + } +@@ -465,15 +479,37 @@ int cpuidle_enter_state_coupled(struct cpuidle_device *dev, + /* Read barrier ensures online_count is read after prevent is cleared */ + smp_rmb(); + +- cpuidle_coupled_set_waiting(dev->cpu, coupled, next_state); ++reset: ++ cpumask_clear_cpu(dev->cpu, &cpuidle_coupled_poked); ++ ++ w = cpuidle_coupled_set_waiting(dev->cpu, coupled, next_state); ++ /* ++ * If this is the last cpu to enter the waiting state, poke ++ * all the other cpus out of their waiting state so they can ++ * enter a deeper state. This can race with one of the cpus ++ * exiting the waiting state due to an interrupt and ++ * decrementing waiting_count, see comment below. ++ */ ++ if (w == coupled->online_count) { ++ cpumask_set_cpu(dev->cpu, &cpuidle_coupled_poked); ++ cpuidle_coupled_poke_others(dev->cpu, coupled); ++ } + + retry: + /* + * Wait for all coupled cpus to be idle, using the deepest state +- * allowed for a single cpu. ++ * allowed for a single cpu. If this was not the poking cpu, wait ++ * for at least one poke before leaving to avoid a race where ++ * two cpus could arrive at the waiting loop at the same time, ++ * but the first of the two to arrive could skip the loop without ++ * processing the pokes from the last to arrive. + */ +- while (!cpuidle_coupled_cpus_waiting(coupled)) { +- if (cpuidle_coupled_clear_pokes(dev->cpu)) { ++ while (!cpuidle_coupled_cpus_waiting(coupled) || ++ !cpumask_test_cpu(dev->cpu, &cpuidle_coupled_poked)) { ++ if (cpuidle_coupled_clear_pokes(dev->cpu)) ++ continue; ++ ++ if (need_resched()) { + cpuidle_coupled_set_not_waiting(dev->cpu, coupled); + goto out; + } +@@ -487,12 +523,19 @@ retry: + dev->safe_state_index); + } + +- if (cpuidle_coupled_clear_pokes(dev->cpu)) { ++ cpuidle_coupled_clear_pokes(dev->cpu); ++ if (need_resched()) { + cpuidle_coupled_set_not_waiting(dev->cpu, coupled); + goto out; + } + + /* ++ * Make sure final poke status for this cpu is visible before setting ++ * cpu as ready. ++ */ ++ smp_wmb(); ++ ++ /* + * All coupled cpus are probably idle. There is a small chance that + * one of the other cpus just became active. Increment the ready count, + * and spin until all coupled cpus have incremented the counter. Once a +@@ -511,6 +554,28 @@ retry: + cpu_relax(); + } + ++ /* ++ * Make sure read of all cpus ready is done before reading pending pokes ++ */ ++ smp_rmb(); ++ ++ /* ++ * There is a small chance that a cpu left and reentered idle after this ++ * cpu saw that all cpus were waiting. The cpu that reentered idle will ++ * have sent this cpu a poke, which will still be pending after the ++ * ready loop. The pending interrupt may be lost by the interrupt ++ * controller when entering the deep idle state. It's not possible to ++ * clear a pending interrupt without turning interrupts on and handling ++ * it, and it's too late to turn on interrupts here, so reset the ++ * coupled idle state of all cpus and retry. ++ */ ++ if (cpuidle_coupled_any_pokes_pending(coupled)) { ++ cpuidle_coupled_set_done(dev->cpu, coupled); ++ /* Wait for all cpus to see the pending pokes */ ++ cpuidle_coupled_parallel_barrier(dev, &coupled->abort_barrier); ++ goto reset; ++ } ++ + /* all cpus have acked the coupled state */ + next_state = cpuidle_coupled_get_state(dev, coupled); + +@@ -596,7 +661,7 @@ have_coupled: + coupled->refcnt++; + + csd = &per_cpu(cpuidle_coupled_poke_cb, dev->cpu); +- csd->func = cpuidle_coupled_poked; ++ csd->func = cpuidle_coupled_handle_poke; + csd->info = (void *)(unsigned long)dev->cpu; + + return 0; +diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c +index 8b6a034..8b3d901 100644 +--- a/drivers/edac/amd64_edac.c ++++ b/drivers/edac/amd64_edac.c +@@ -2470,8 +2470,15 @@ static int amd64_init_one_instance(struct pci_dev *F2) + layers[0].size = pvt->csels[0].b_cnt; + layers[0].is_virt_csrow = true; + layers[1].type = EDAC_MC_LAYER_CHANNEL; +- layers[1].size = pvt->channel_count; ++ ++ /* ++ * Always allocate two channels since we can have setups with DIMMs on ++ * only one channel. Also, this simplifies handling later for the price ++ * of a couple of KBs tops. ++ */ ++ layers[1].size = 2; + layers[1].is_virt_csrow = false; ++ + mci = edac_mc_alloc(nid, ARRAY_SIZE(layers), layers, 0); + if (!mci) + goto err_siblings; +diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c +index 95d6f4b..70fc133 100644 +--- a/drivers/gpu/drm/drm_edid.c ++++ b/drivers/gpu/drm/drm_edid.c +@@ -125,6 +125,9 @@ static struct edid_quirk { + + /* ViewSonic VA2026w */ + { "VSC", 5020, EDID_QUIRK_FORCE_REDUCED_BLANKING }, ++ ++ /* Medion MD 30217 PG */ ++ { "MED", 0x7b8, EDID_QUIRK_PREFER_LARGE_75 }, + }; + + /* +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c +index be79f47..ca40d1b 100644 +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -7809,6 +7809,19 @@ intel_modeset_pipe_config(struct drm_crtc *crtc, + pipe_config->cpu_transcoder = to_intel_crtc(crtc)->pipe; + pipe_config->shared_dpll = DPLL_ID_PRIVATE; + ++ /* ++ * Sanitize sync polarity flags based on requested ones. If neither ++ * positive or negative polarity is requested, treat this as meaning ++ * negative polarity. ++ */ ++ if (!(pipe_config->adjusted_mode.flags & ++ (DRM_MODE_FLAG_PHSYNC | DRM_MODE_FLAG_NHSYNC))) ++ pipe_config->adjusted_mode.flags |= DRM_MODE_FLAG_NHSYNC; ++ ++ if (!(pipe_config->adjusted_mode.flags & ++ (DRM_MODE_FLAG_PVSYNC | DRM_MODE_FLAG_NVSYNC))) ++ pipe_config->adjusted_mode.flags |= DRM_MODE_FLAG_NVSYNC; ++ + /* Compute a starting value for pipe_config->pipe_bpp taking the source + * plane pixel format and any sink constraints into account. Returns the + * source plane bpp so that dithering can be selected on mismatches +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c +index 36668d1..5956445 100644 +--- a/drivers/hid/hid-core.c ++++ b/drivers/hid/hid-core.c +@@ -63,6 +63,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, + struct hid_report_enum *report_enum = device->report_enum + type; + struct hid_report *report; + ++ if (id >= HID_MAX_IDS) ++ return NULL; + if (report_enum->report_id_hash[id]) + return report_enum->report_id_hash[id]; + +@@ -404,8 +406,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item) + + case HID_GLOBAL_ITEM_TAG_REPORT_ID: + parser->global.report_id = item_udata(item); +- if (parser->global.report_id == 0) { +- hid_err(parser->device, "report_id 0 is invalid\n"); ++ if (parser->global.report_id == 0 || ++ parser->global.report_id >= HID_MAX_IDS) { ++ hid_err(parser->device, "report_id %u is invalid\n", ++ parser->global.report_id); + return -1; + } + return 0; +@@ -575,7 +579,7 @@ static void hid_close_report(struct hid_device *device) + for (i = 0; i < HID_REPORT_TYPES; i++) { + struct hid_report_enum *report_enum = device->report_enum + i; + +- for (j = 0; j < 256; j++) { ++ for (j = 0; j < HID_MAX_IDS; j++) { + struct hid_report *report = report_enum->report_id_hash[j]; + if (report) + hid_free_report(report); +@@ -1152,7 +1156,12 @@ EXPORT_SYMBOL_GPL(hid_output_report); + + int hid_set_field(struct hid_field *field, unsigned offset, __s32 value) + { +- unsigned size = field->report_size; ++ unsigned size; ++ ++ if (!field) ++ return -1; ++ ++ size = field->report_size; + + hid_dump_input(field->report->device, field->usage + offset, value); + +@@ -1597,6 +1606,7 @@ static const struct hid_device_id hid_have_special_driver[] = { + { HID_USB_DEVICE(USB_VENDOR_ID_KENSINGTON, USB_DEVICE_ID_KS_SLIMBLADE) }, + { HID_USB_DEVICE(USB_VENDOR_ID_KEYTOUCH, USB_DEVICE_ID_KEYTOUCH_IEC) }, + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_GENIUS_GX_IMPERATOR) }, + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_ERGO_525V) }, + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_EASYPEN_I405X) }, + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_MOUSEPEN_I608X) }, +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index ffe4c7a..22134d4 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -135,9 +135,9 @@ + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_JIS 0x023b + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ANSI 0x0255 + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ISO 0x0256 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0291 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0292 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0293 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0290 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0291 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0292 + #define USB_DEVICE_ID_APPLE_FOUNTAIN_TP_ONLY 0x030a + #define USB_DEVICE_ID_APPLE_GEYSER1_TP_ONLY 0x030b + #define USB_DEVICE_ID_APPLE_IRCONTROL 0x8240 +@@ -482,6 +482,7 @@ + #define USB_VENDOR_ID_KYE 0x0458 + #define USB_DEVICE_ID_KYE_ERGO_525V 0x0087 + #define USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE 0x0138 ++#define USB_DEVICE_ID_GENIUS_GX_IMPERATOR 0x4018 + #define USB_DEVICE_ID_KYE_GPEN_560 0x5003 + #define USB_DEVICE_ID_KYE_EASYPEN_I405X 0x5010 + #define USB_DEVICE_ID_KYE_MOUSEPEN_I608X 0x5011 +@@ -658,6 +659,7 @@ + #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_16 0x0012 + #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_17 0x0013 + #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_18 0x0014 ++#define USB_DEVICE_ID_NTRIG_DUOSENSE 0x1500 + + #define USB_VENDOR_ID_ONTRAK 0x0a07 + #define USB_DEVICE_ID_ONTRAK_ADU100 0x0064 +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c +index 7480799..3fc4034 100644 +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -340,7 +340,7 @@ static int hidinput_get_battery_property(struct power_supply *psy, + { + struct hid_device *dev = container_of(psy, struct hid_device, battery); + int ret = 0; +- __u8 buf[2] = {}; ++ __u8 *buf; + + switch (prop) { + case POWER_SUPPLY_PROP_PRESENT: +@@ -349,12 +349,19 @@ static int hidinput_get_battery_property(struct power_supply *psy, + break; + + case POWER_SUPPLY_PROP_CAPACITY: ++ ++ buf = kmalloc(2 * sizeof(__u8), GFP_KERNEL); ++ if (!buf) { ++ ret = -ENOMEM; ++ break; ++ } + ret = dev->hid_get_raw_report(dev, dev->battery_report_id, +- buf, sizeof(buf), ++ buf, 2, + dev->battery_report_type); + + if (ret != 2) { + ret = -ENODATA; ++ kfree(buf); + break; + } + ret = 0; +@@ -364,6 +371,7 @@ static int hidinput_get_battery_property(struct power_supply *psy, + buf[1] <= dev->battery_max) + val->intval = (100 * (buf[1] - dev->battery_min)) / + (dev->battery_max - dev->battery_min); ++ kfree(buf); + break; + + case POWER_SUPPLY_PROP_MODEL_NAME: +diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c +index 1e2ee2aa..7384512 100644 +--- a/drivers/hid/hid-kye.c ++++ b/drivers/hid/hid-kye.c +@@ -268,6 +268,26 @@ static __u8 easypen_m610x_rdesc_fixed[] = { + 0xC0 /* End Collection */ + }; + ++static __u8 *kye_consumer_control_fixup(struct hid_device *hdev, __u8 *rdesc, ++ unsigned int *rsize, int offset, const char *device_name) { ++ /* ++ * the fixup that need to be done: ++ * - change Usage Maximum in the Comsumer Control ++ * (report ID 3) to a reasonable value ++ */ ++ if (*rsize >= offset + 31 && ++ /* Usage Page (Consumer Devices) */ ++ rdesc[offset] == 0x05 && rdesc[offset + 1] == 0x0c && ++ /* Usage (Consumer Control) */ ++ rdesc[offset + 2] == 0x09 && rdesc[offset + 3] == 0x01 && ++ /* Usage Maximum > 12287 */ ++ rdesc[offset + 10] == 0x2a && rdesc[offset + 12] > 0x2f) { ++ hid_info(hdev, "fixing up %s report descriptor\n", device_name); ++ rdesc[offset + 12] = 0x2f; ++ } ++ return rdesc; ++} ++ + static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc, + unsigned int *rsize) + { +@@ -315,23 +335,12 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc, + } + break; + case USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE: +- /* +- * the fixup that need to be done: +- * - change Usage Maximum in the Comsumer Control +- * (report ID 3) to a reasonable value +- */ +- if (*rsize >= 135 && +- /* Usage Page (Consumer Devices) */ +- rdesc[104] == 0x05 && rdesc[105] == 0x0c && +- /* Usage (Consumer Control) */ +- rdesc[106] == 0x09 && rdesc[107] == 0x01 && +- /* Usage Maximum > 12287 */ +- rdesc[114] == 0x2a && rdesc[116] > 0x2f) { +- hid_info(hdev, +- "fixing up Genius Gila Gaming Mouse " +- "report descriptor\n"); +- rdesc[116] = 0x2f; +- } ++ rdesc = kye_consumer_control_fixup(hdev, rdesc, rsize, 104, ++ "Genius Gila Gaming Mouse"); ++ break; ++ case USB_DEVICE_ID_GENIUS_GX_IMPERATOR: ++ rdesc = kye_consumer_control_fixup(hdev, rdesc, rsize, 83, ++ "Genius Gx Imperator Keyboard"); + break; + } + return rdesc; +@@ -428,6 +437,8 @@ static const struct hid_device_id kye_devices[] = { + USB_DEVICE_ID_KYE_EASYPEN_M610X) }, + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, + USB_DEVICE_ID_GENIUS_GILA_GAMING_MOUSE) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_KYE, ++ USB_DEVICE_ID_GENIUS_GX_IMPERATOR) }, + { } + }; + MODULE_DEVICE_TABLE(hid, kye_devices); +diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c +index ef95102..5482156 100644 +--- a/drivers/hid/hid-ntrig.c ++++ b/drivers/hid/hid-ntrig.c +@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev) + struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT]. + report_id_hash[0x0d]; + +- if (!report) ++ if (!report || report->maxfield < 1 || ++ report->field[0]->report_count < 1) + return -EINVAL; + + hid_hw_request(hdev, report, HID_REQ_GET_REPORT); +diff --git a/drivers/hid/hid-picolcd_cir.c b/drivers/hid/hid-picolcd_cir.c +index e346038..59d5eb1 100644 +--- a/drivers/hid/hid-picolcd_cir.c ++++ b/drivers/hid/hid-picolcd_cir.c +@@ -145,6 +145,7 @@ void picolcd_exit_cir(struct picolcd_data *data) + struct rc_dev *rdev = data->rc_dev; + + data->rc_dev = NULL; +- rc_unregister_device(rdev); ++ if (rdev) ++ rc_unregister_device(rdev); + } + +diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c +index b48092d..acbb0210 100644 +--- a/drivers/hid/hid-picolcd_core.c ++++ b/drivers/hid/hid-picolcd_core.c +@@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev, + buf += 10; + cnt -= 10; + } +- if (!report) ++ if (!report || report->maxfield != 1) + return -EINVAL; + + while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r')) +diff --git a/drivers/hid/hid-picolcd_fb.c b/drivers/hid/hid-picolcd_fb.c +index 591f6b2..c930ab8 100644 +--- a/drivers/hid/hid-picolcd_fb.c ++++ b/drivers/hid/hid-picolcd_fb.c +@@ -593,10 +593,14 @@ err_nomem: + void picolcd_exit_framebuffer(struct picolcd_data *data) + { + struct fb_info *info = data->fb_info; +- struct picolcd_fb_data *fbdata = info->par; ++ struct picolcd_fb_data *fbdata; + unsigned long flags; + ++ if (!info) ++ return; ++ + device_remove_file(&data->hdev->dev, &dev_attr_fb_update_rate); ++ fbdata = info->par; + + /* disconnect framebuffer from HID dev */ + spin_lock_irqsave(&fbdata->lock, flags); +diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c +index d29112f..2dcd7d9 100644 +--- a/drivers/hid/hid-pl.c ++++ b/drivers/hid/hid-pl.c +@@ -132,8 +132,14 @@ static int plff_init(struct hid_device *hid) + strong = &report->field[0]->value[2]; + weak = &report->field[0]->value[3]; + debug("detected single-field device"); +- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 && +- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) { ++ } else if (report->field[0]->maxusage == 1 && ++ report->field[0]->usage[0].hid == ++ (HID_UP_LED | 0x43) && ++ report->maxfield >= 4 && ++ report->field[0]->report_count >= 1 && ++ report->field[1]->report_count >= 1 && ++ report->field[2]->report_count >= 1 && ++ report->field[3]->report_count >= 1) { + report->field[0]->value[0] = 0x00; + report->field[1]->value[0] = 0x00; + strong = &report->field[2]->value[0]; +diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c +index ca749810..aa34755 100644 +--- a/drivers/hid/hid-sensor-hub.c ++++ b/drivers/hid/hid-sensor-hub.c +@@ -221,7 +221,8 @@ int sensor_hub_get_feature(struct hid_sensor_hub_device *hsdev, u32 report_id, + + mutex_lock(&data->mutex); + report = sensor_hub_report(report_id, hsdev->hdev, HID_FEATURE_REPORT); +- if (!report || (field_index >= report->maxfield)) { ++ if (!report || (field_index >= report->maxfield) || ++ report->field[field_index]->report_count < 1) { + ret = -EINVAL; + goto done_proc; + } +diff --git a/drivers/hid/hid-speedlink.c b/drivers/hid/hid-speedlink.c +index a2f587d..7112f3e 100644 +--- a/drivers/hid/hid-speedlink.c ++++ b/drivers/hid/hid-speedlink.c +@@ -3,7 +3,7 @@ + * Fixes "jumpy" cursor and removes nonexistent keyboard LEDS from + * the HID descriptor. + * +- * Copyright (c) 2011 Stefan Kriwanek <mail@stefankriwanek.de> ++ * Copyright (c) 2011, 2013 Stefan Kriwanek <dev@stefankriwanek.de> + */ + + /* +@@ -46,8 +46,13 @@ static int speedlink_event(struct hid_device *hdev, struct hid_field *field, + struct hid_usage *usage, __s32 value) + { + /* No other conditions due to usage_table. */ +- /* Fix "jumpy" cursor (invalid events sent by device). */ +- if (value == 256) ++ ++ /* This fixes the "jumpy" cursor occuring due to invalid events sent ++ * by the device. Some devices only send them with value==+256, others ++ * don't. However, catching abs(value)>=256 is restrictive enough not ++ * to interfere with devices that were bug-free (has been tested). ++ */ ++ if (abs(value) >= 256) + return 1; + /* Drop useless distance 0 events (on button clicks etc.) as well */ + if (value == 0) +diff --git a/drivers/hid/hid-wiimote-core.c b/drivers/hid/hid-wiimote-core.c +index 0c06054..6602098 100644 +--- a/drivers/hid/hid-wiimote-core.c ++++ b/drivers/hid/hid-wiimote-core.c +@@ -212,10 +212,12 @@ static __u8 select_drm(struct wiimote_data *wdata) + + if (ir == WIIPROTO_FLAG_IR_BASIC) { + if (wdata->state.flags & WIIPROTO_FLAG_ACCEL) { +- if (ext) +- return WIIPROTO_REQ_DRM_KAIE; +- else +- return WIIPROTO_REQ_DRM_KAI; ++ /* GEN10 and ealier devices bind IR formats to DRMs. ++ * Hence, we cannot use DRM_KAI here as it might be ++ * bound to IR_EXT. Use DRM_KAIE unconditionally so we ++ * work with all devices and our parsers can use the ++ * fixed formats, too. */ ++ return WIIPROTO_REQ_DRM_KAIE; + } else { + return WIIPROTO_REQ_DRM_KIE; + } +diff --git a/drivers/hid/hidraw.c b/drivers/hid/hidraw.c +index 6f1feb2..dbfe300 100644 +--- a/drivers/hid/hidraw.c ++++ b/drivers/hid/hidraw.c +@@ -113,7 +113,7 @@ static ssize_t hidraw_send_report(struct file *file, const char __user *buffer, + __u8 *buf; + int ret = 0; + +- if (!hidraw_table[minor]) { ++ if (!hidraw_table[minor] || !hidraw_table[minor]->exist) { + ret = -ENODEV; + goto out; + } +@@ -261,7 +261,7 @@ static int hidraw_open(struct inode *inode, struct file *file) + } + + mutex_lock(&minors_lock); +- if (!hidraw_table[minor]) { ++ if (!hidraw_table[minor] || !hidraw_table[minor]->exist) { + err = -ENODEV; + goto out_unlock; + } +@@ -302,39 +302,38 @@ static int hidraw_fasync(int fd, struct file *file, int on) + return fasync_helper(fd, file, on, &list->fasync); + } + ++static void drop_ref(struct hidraw *hidraw, int exists_bit) ++{ ++ if (exists_bit) { ++ hid_hw_close(hidraw->hid); ++ hidraw->exist = 0; ++ if (hidraw->open) ++ wake_up_interruptible(&hidraw->wait); ++ } else { ++ --hidraw->open; ++ } ++ ++ if (!hidraw->open && !hidraw->exist) { ++ device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); ++ hidraw_table[hidraw->minor] = NULL; ++ kfree(hidraw); ++ } ++} ++ + static int hidraw_release(struct inode * inode, struct file * file) + { + unsigned int minor = iminor(inode); +- struct hidraw *dev; + struct hidraw_list *list = file->private_data; +- int ret; +- int i; + + mutex_lock(&minors_lock); +- if (!hidraw_table[minor]) { +- ret = -ENODEV; +- goto unlock; +- } + + list_del(&list->node); +- dev = hidraw_table[minor]; +- if (!--dev->open) { +- if (list->hidraw->exist) { +- hid_hw_power(dev->hid, PM_HINT_NORMAL); +- hid_hw_close(dev->hid); +- } else { +- kfree(list->hidraw); +- } +- } +- +- for (i = 0; i < HIDRAW_BUFFER_SIZE; ++i) +- kfree(list->buffer[i].value); + kfree(list); +- ret = 0; +-unlock: +- mutex_unlock(&minors_lock); + +- return ret; ++ drop_ref(hidraw_table[minor], 0); ++ ++ mutex_unlock(&minors_lock); ++ return 0; + } + + static long hidraw_ioctl(struct file *file, unsigned int cmd, +@@ -539,18 +538,9 @@ void hidraw_disconnect(struct hid_device *hid) + struct hidraw *hidraw = hid->hidraw; + + mutex_lock(&minors_lock); +- hidraw->exist = 0; +- +- device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); + +- hidraw_table[hidraw->minor] = NULL; ++ drop_ref(hidraw, 1); + +- if (hidraw->open) { +- hid_hw_close(hid); +- wake_up_interruptible(&hidraw->wait); +- } else { +- kfree(hidraw); +- } + mutex_unlock(&minors_lock); + } + EXPORT_SYMBOL_GPL(hidraw_disconnect); +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c +index 19b8360..0734552 100644 +--- a/drivers/hid/usbhid/hid-quirks.c ++++ b/drivers/hid/usbhid/hid-quirks.c +@@ -109,6 +109,8 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_SIGMA_MICRO, USB_DEVICE_ID_SIGMA_MICRO_KEYBOARD, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_MOUSEPEN_I608X, HID_QUIRK_MULTI_INPUT }, + { USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_EASYPEN_M610X, HID_QUIRK_MULTI_INPUT }, ++ { USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_DUOSENSE, HID_QUIRK_NO_INIT_REPORTS }, ++ + { 0, 0 } + }; + +diff --git a/drivers/input/mouse/bcm5974.c b/drivers/input/mouse/bcm5974.c +index 4ef4d5e..a73f961 100644 +--- a/drivers/input/mouse/bcm5974.c ++++ b/drivers/input/mouse/bcm5974.c +@@ -89,9 +89,9 @@ + #define USB_DEVICE_ID_APPLE_WELLSPRING7A_ISO 0x025a + #define USB_DEVICE_ID_APPLE_WELLSPRING7A_JIS 0x025b + /* MacbookAir6,2 (unibody, June 2013) */ +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0291 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0292 +-#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0293 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ANSI 0x0290 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_ISO 0x0291 ++#define USB_DEVICE_ID_APPLE_WELLSPRING8_JIS 0x0292 + + #define BCM5974_DEVICE(prod) { \ + .match_flags = (USB_DEVICE_ID_MATCH_DEVICE | \ +diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c +index eec0d3e..15e9b57 100644 +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -890,56 +890,54 @@ static int dma_pte_clear_range(struct dmar_domain *domain, + return order; + } + ++static void dma_pte_free_level(struct dmar_domain *domain, int level, ++ struct dma_pte *pte, unsigned long pfn, ++ unsigned long start_pfn, unsigned long last_pfn) ++{ ++ pfn = max(start_pfn, pfn); ++ pte = &pte[pfn_level_offset(pfn, level)]; ++ ++ do { ++ unsigned long level_pfn; ++ struct dma_pte *level_pte; ++ ++ if (!dma_pte_present(pte) || dma_pte_superpage(pte)) ++ goto next; ++ ++ level_pfn = pfn & level_mask(level - 1); ++ level_pte = phys_to_virt(dma_pte_addr(pte)); ++ ++ if (level > 2) ++ dma_pte_free_level(domain, level - 1, level_pte, ++ level_pfn, start_pfn, last_pfn); ++ ++ /* If range covers entire pagetable, free it */ ++ if (!(start_pfn > level_pfn || ++ last_pfn < level_pfn + level_size(level))) { ++ dma_clear_pte(pte); ++ domain_flush_cache(domain, pte, sizeof(*pte)); ++ free_pgtable_page(level_pte); ++ } ++next: ++ pfn += level_size(level); ++ } while (!first_pte_in_page(++pte) && pfn <= last_pfn); ++} ++ + /* free page table pages. last level pte should already be cleared */ + static void dma_pte_free_pagetable(struct dmar_domain *domain, + unsigned long start_pfn, + unsigned long last_pfn) + { + int addr_width = agaw_to_width(domain->agaw) - VTD_PAGE_SHIFT; +- struct dma_pte *first_pte, *pte; +- int total = agaw_to_level(domain->agaw); +- int level; +- unsigned long tmp; +- int large_page = 2; + + BUG_ON(addr_width < BITS_PER_LONG && start_pfn >> addr_width); + BUG_ON(addr_width < BITS_PER_LONG && last_pfn >> addr_width); + BUG_ON(start_pfn > last_pfn); + + /* We don't need lock here; nobody else touches the iova range */ +- level = 2; +- while (level <= total) { +- tmp = align_to_level(start_pfn, level); +- +- /* If we can't even clear one PTE at this level, we're done */ +- if (tmp + level_size(level) - 1 > last_pfn) +- return; +- +- do { +- large_page = level; +- first_pte = pte = dma_pfn_level_pte(domain, tmp, level, &large_page); +- if (large_page > level) +- level = large_page + 1; +- if (!pte) { +- tmp = align_to_level(tmp + 1, level + 1); +- continue; +- } +- do { +- if (dma_pte_present(pte)) { +- free_pgtable_page(phys_to_virt(dma_pte_addr(pte))); +- dma_clear_pte(pte); +- } +- pte++; +- tmp += level_size(level); +- } while (!first_pte_in_page(pte) && +- tmp + level_size(level) - 1 <= last_pfn); ++ dma_pte_free_level(domain, agaw_to_level(domain->agaw), ++ domain->pgd, 0, start_pfn, last_pfn); + +- domain_flush_cache(domain, first_pte, +- (void *)pte - (void *)first_pte); +- +- } while (tmp && tmp + level_size(level) - 1 <= last_pfn); +- level++; +- } + /* free pgd */ + if (start_pfn == 0 && last_pfn == DOMAIN_MAX_PFN(domain->gaw)) { + free_pgtable_page(domain->pgd); +diff --git a/drivers/leds/leds-wm831x-status.c b/drivers/leds/leds-wm831x-status.c +index 120815a..5a19abd 100644 +--- a/drivers/leds/leds-wm831x-status.c ++++ b/drivers/leds/leds-wm831x-status.c +@@ -230,9 +230,9 @@ static int wm831x_status_probe(struct platform_device *pdev) + int id = pdev->id % ARRAY_SIZE(chip_pdata->status); + int ret; + +- res = platform_get_resource(pdev, IORESOURCE_IO, 0); ++ res = platform_get_resource(pdev, IORESOURCE_REG, 0); + if (res == NULL) { +- dev_err(&pdev->dev, "No I/O resource\n"); ++ dev_err(&pdev->dev, "No register resource\n"); + ret = -EINVAL; + goto err; + } +diff --git a/drivers/media/common/siano/smsdvb-main.c b/drivers/media/common/siano/smsdvb-main.c +index 0862622..63676a8 100644 +--- a/drivers/media/common/siano/smsdvb-main.c ++++ b/drivers/media/common/siano/smsdvb-main.c +@@ -276,7 +276,8 @@ static void smsdvb_update_per_slices(struct smsdvb_client_t *client, + + /* Legacy PER/BER */ + tmp = p->ets_packets * 65535; +- do_div(tmp, p->ts_packets + p->ets_packets); ++ if (p->ts_packets + p->ets_packets) ++ do_div(tmp, p->ts_packets + p->ets_packets); + client->legacy_per = tmp; + } + +diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c +index 856374b..2c7217f 100644 +--- a/drivers/media/dvb-frontends/mb86a20s.c ++++ b/drivers/media/dvb-frontends/mb86a20s.c +@@ -157,7 +157,6 @@ static struct regdata mb86a20s_init2[] = { + { 0x45, 0x04 }, /* CN symbol 4 */ + { 0x48, 0x04 }, /* CN manual mode */ + +- { 0x50, 0xd5 }, { 0x51, 0x01 }, /* Serial */ + { 0x50, 0xd6 }, { 0x51, 0x1f }, + { 0x50, 0xd2 }, { 0x51, 0x03 }, + { 0x50, 0xd7 }, { 0x51, 0xbf }, +@@ -1860,16 +1859,15 @@ static int mb86a20s_initfe(struct dvb_frontend *fe) + dev_dbg(&state->i2c->dev, "%s: IF=%d, IF reg=0x%06llx\n", + __func__, state->if_freq, (long long)pll); + +- if (!state->config->is_serial) { ++ if (!state->config->is_serial) + regD5 &= ~1; + +- rc = mb86a20s_writereg(state, 0x50, 0xd5); +- if (rc < 0) +- goto err; +- rc = mb86a20s_writereg(state, 0x51, regD5); +- if (rc < 0) +- goto err; +- } ++ rc = mb86a20s_writereg(state, 0x50, 0xd5); ++ if (rc < 0) ++ goto err; ++ rc = mb86a20s_writereg(state, 0x51, regD5); ++ if (rc < 0) ++ goto err; + + rc = mb86a20s_writeregdata(state, mb86a20s_init2); + if (rc < 0) +diff --git a/drivers/media/pci/cx88/cx88.h b/drivers/media/pci/cx88/cx88.h +index afe0eae..28893a6 100644 +--- a/drivers/media/pci/cx88/cx88.h ++++ b/drivers/media/pci/cx88/cx88.h +@@ -259,7 +259,7 @@ struct cx88_input { + }; + + enum cx88_audio_chip { +- CX88_AUDIO_WM8775, ++ CX88_AUDIO_WM8775 = 1, + CX88_AUDIO_TVAUDIO, + }; + +diff --git a/drivers/media/platform/exynos-gsc/gsc-core.c b/drivers/media/platform/exynos-gsc/gsc-core.c +index 559fab2..1ec60264 100644 +--- a/drivers/media/platform/exynos-gsc/gsc-core.c ++++ b/drivers/media/platform/exynos-gsc/gsc-core.c +@@ -1122,10 +1122,14 @@ static int gsc_probe(struct platform_device *pdev) + goto err_clk; + } + +- ret = gsc_register_m2m_device(gsc); ++ ret = v4l2_device_register(dev, &gsc->v4l2_dev); + if (ret) + goto err_clk; + ++ ret = gsc_register_m2m_device(gsc); ++ if (ret) ++ goto err_v4l2; ++ + platform_set_drvdata(pdev, gsc); + pm_runtime_enable(dev); + ret = pm_runtime_get_sync(&pdev->dev); +@@ -1147,6 +1151,8 @@ err_pm: + pm_runtime_put(dev); + err_m2m: + gsc_unregister_m2m_device(gsc); ++err_v4l2: ++ v4l2_device_unregister(&gsc->v4l2_dev); + err_clk: + gsc_clk_put(gsc); + return ret; +@@ -1157,6 +1163,7 @@ static int gsc_remove(struct platform_device *pdev) + struct gsc_dev *gsc = platform_get_drvdata(pdev); + + gsc_unregister_m2m_device(gsc); ++ v4l2_device_unregister(&gsc->v4l2_dev); + + vb2_dma_contig_cleanup_ctx(gsc->alloc_ctx); + pm_runtime_disable(&pdev->dev); +diff --git a/drivers/media/platform/exynos-gsc/gsc-core.h b/drivers/media/platform/exynos-gsc/gsc-core.h +index cc19bba..76435d3 100644 +--- a/drivers/media/platform/exynos-gsc/gsc-core.h ++++ b/drivers/media/platform/exynos-gsc/gsc-core.h +@@ -343,6 +343,7 @@ struct gsc_dev { + unsigned long state; + struct vb2_alloc_ctx *alloc_ctx; + struct video_device vdev; ++ struct v4l2_device v4l2_dev; + }; + + /** +diff --git a/drivers/media/platform/exynos-gsc/gsc-m2m.c b/drivers/media/platform/exynos-gsc/gsc-m2m.c +index 40a73f7..e576ff2 100644 +--- a/drivers/media/platform/exynos-gsc/gsc-m2m.c ++++ b/drivers/media/platform/exynos-gsc/gsc-m2m.c +@@ -751,6 +751,7 @@ int gsc_register_m2m_device(struct gsc_dev *gsc) + gsc->vdev.release = video_device_release_empty; + gsc->vdev.lock = &gsc->lock; + gsc->vdev.vfl_dir = VFL_DIR_M2M; ++ gsc->vdev.v4l2_dev = &gsc->v4l2_dev; + snprintf(gsc->vdev.name, sizeof(gsc->vdev.name), "%s.%d:m2m", + GSC_MODULE_NAME, gsc->id); + +diff --git a/drivers/media/platform/exynos4-is/fimc-lite.c b/drivers/media/platform/exynos4-is/fimc-lite.c +index 08fbfed..e85dc4f 100644 +--- a/drivers/media/platform/exynos4-is/fimc-lite.c ++++ b/drivers/media/platform/exynos4-is/fimc-lite.c +@@ -90,7 +90,7 @@ static const struct fimc_fmt fimc_lite_formats[] = { + .name = "RAW10 (GRBG)", + .fourcc = V4L2_PIX_FMT_SGRBG10, + .colorspace = V4L2_COLORSPACE_SRGB, +- .depth = { 10 }, ++ .depth = { 16 }, + .color = FIMC_FMT_RAW10, + .memplanes = 1, + .mbus_code = V4L2_MBUS_FMT_SGRBG10_1X10, +@@ -99,7 +99,7 @@ static const struct fimc_fmt fimc_lite_formats[] = { + .name = "RAW12 (GRBG)", + .fourcc = V4L2_PIX_FMT_SGRBG12, + .colorspace = V4L2_COLORSPACE_SRGB, +- .depth = { 12 }, ++ .depth = { 16 }, + .color = FIMC_FMT_RAW12, + .memplanes = 1, + .mbus_code = V4L2_MBUS_FMT_SGRBG12_1X12, +diff --git a/drivers/media/platform/exynos4-is/media-dev.c b/drivers/media/platform/exynos4-is/media-dev.c +index 19f556c..91f21e2 100644 +--- a/drivers/media/platform/exynos4-is/media-dev.c ++++ b/drivers/media/platform/exynos4-is/media-dev.c +@@ -1530,9 +1530,9 @@ static int fimc_md_probe(struct platform_device *pdev) + err_unlock: + mutex_unlock(&fmd->media_dev.graph_mutex); + err_clk: +- media_device_unregister(&fmd->media_dev); + fimc_md_put_clocks(fmd); + fimc_md_unregister_entities(fmd); ++ media_device_unregister(&fmd->media_dev); + err_md: + v4l2_device_unregister(&fmd->v4l2_dev); + return ret; +diff --git a/drivers/mmc/host/tmio_mmc_dma.c b/drivers/mmc/host/tmio_mmc_dma.c +index 47bdb8f..65edb4a 100644 +--- a/drivers/mmc/host/tmio_mmc_dma.c ++++ b/drivers/mmc/host/tmio_mmc_dma.c +@@ -104,6 +104,7 @@ static void tmio_mmc_start_dma_rx(struct tmio_mmc_host *host) + pio: + if (!desc) { + /* DMA failed, fall back to PIO */ ++ tmio_mmc_enable_dma(host, false); + if (ret >= 0) + ret = -EIO; + host->chan_rx = NULL; +@@ -116,7 +117,6 @@ pio: + } + dev_warn(&host->pdev->dev, + "DMA failed: %d, falling back to PIO\n", ret); +- tmio_mmc_enable_dma(host, false); + } + + dev_dbg(&host->pdev->dev, "%s(): desc %p, cookie %d, sg[%d]\n", __func__, +@@ -185,6 +185,7 @@ static void tmio_mmc_start_dma_tx(struct tmio_mmc_host *host) + pio: + if (!desc) { + /* DMA failed, fall back to PIO */ ++ tmio_mmc_enable_dma(host, false); + if (ret >= 0) + ret = -EIO; + host->chan_tx = NULL; +@@ -197,7 +198,6 @@ pio: + } + dev_warn(&host->pdev->dev, + "DMA failed: %d, falling back to PIO\n", ret); +- tmio_mmc_enable_dma(host, false); + } + + dev_dbg(&host->pdev->dev, "%s(): desc %p, cookie %d\n", __func__, +diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c +index dfcd0a5..fb8c4de 100644 +--- a/drivers/mtd/nand/nand_base.c ++++ b/drivers/mtd/nand/nand_base.c +@@ -2793,7 +2793,9 @@ static void nand_set_defaults(struct nand_chip *chip, int busw) + + if (!chip->select_chip) + chip->select_chip = nand_select_chip; +- if (!chip->read_byte) ++ ++ /* If called twice, pointers that depend on busw may need to be reset */ ++ if (!chip->read_byte || chip->read_byte == nand_read_byte) + chip->read_byte = busw ? nand_read_byte16 : nand_read_byte; + if (!chip->read_word) + chip->read_word = nand_read_word; +@@ -2801,9 +2803,9 @@ static void nand_set_defaults(struct nand_chip *chip, int busw) + chip->block_bad = nand_block_bad; + if (!chip->block_markbad) + chip->block_markbad = nand_default_block_markbad; +- if (!chip->write_buf) ++ if (!chip->write_buf || chip->write_buf == nand_write_buf) + chip->write_buf = busw ? nand_write_buf16 : nand_write_buf; +- if (!chip->read_buf) ++ if (!chip->read_buf || chip->read_buf == nand_read_buf) + chip->read_buf = busw ? nand_read_buf16 : nand_read_buf; + if (!chip->scan_bbt) + chip->scan_bbt = nand_default_bbt; +diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c +index 5df49d3..c95bfb1 100644 +--- a/drivers/mtd/ubi/wl.c ++++ b/drivers/mtd/ubi/wl.c +@@ -1069,6 +1069,9 @@ static int wear_leveling_worker(struct ubi_device *ubi, struct ubi_work *wrk, + if (!(e2->ec - e1->ec >= UBI_WL_THRESHOLD)) { + dbg_wl("no WL needed: min used EC %d, max free EC %d", + e1->ec, e2->ec); ++ ++ /* Give the unused PEB back */ ++ wl_tree_add(e2, &ubi->free); + goto out_cancel; + } + self_check_in_wl_tree(ubi, e1, &ubi->used); +diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c +index b017818..90ab292 100644 +--- a/drivers/net/ethernet/marvell/mvneta.c ++++ b/drivers/net/ethernet/marvell/mvneta.c +@@ -138,7 +138,9 @@ + #define MVNETA_GMAC_FORCE_LINK_PASS BIT(1) + #define MVNETA_GMAC_CONFIG_MII_SPEED BIT(5) + #define MVNETA_GMAC_CONFIG_GMII_SPEED BIT(6) ++#define MVNETA_GMAC_AN_SPEED_EN BIT(7) + #define MVNETA_GMAC_CONFIG_FULL_DUPLEX BIT(12) ++#define MVNETA_GMAC_AN_DUPLEX_EN BIT(13) + #define MVNETA_MIB_COUNTERS_BASE 0x3080 + #define MVNETA_MIB_LATE_COLLISION 0x7c + #define MVNETA_DA_FILT_SPEC_MCAST 0x3400 +@@ -915,6 +917,13 @@ static void mvneta_defaults_set(struct mvneta_port *pp) + /* Assign port SDMA configuration */ + mvreg_write(pp, MVNETA_SDMA_CONFIG, val); + ++ /* Disable PHY polling in hardware, since we're using the ++ * kernel phylib to do this. ++ */ ++ val = mvreg_read(pp, MVNETA_UNIT_CONTROL); ++ val &= ~MVNETA_PHY_POLLING_ENABLE; ++ mvreg_write(pp, MVNETA_UNIT_CONTROL, val); ++ + mvneta_set_ucast_table(pp, -1); + mvneta_set_special_mcast_table(pp, -1); + mvneta_set_other_mcast_table(pp, -1); +@@ -2307,7 +2316,9 @@ static void mvneta_adjust_link(struct net_device *ndev) + val = mvreg_read(pp, MVNETA_GMAC_AUTONEG_CONFIG); + val &= ~(MVNETA_GMAC_CONFIG_MII_SPEED | + MVNETA_GMAC_CONFIG_GMII_SPEED | +- MVNETA_GMAC_CONFIG_FULL_DUPLEX); ++ MVNETA_GMAC_CONFIG_FULL_DUPLEX | ++ MVNETA_GMAC_AN_SPEED_EN | ++ MVNETA_GMAC_AN_DUPLEX_EN); + + if (phydev->duplex) + val |= MVNETA_GMAC_CONFIG_FULL_DUPLEX; +diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.c b/drivers/net/wireless/ath/ath9k/ar9003_phy.c +index 1f694ab..77d3a70 100644 +--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c +@@ -1173,6 +1173,10 @@ skip_ws_det: + * is_on == 0 means MRC CCK is OFF (more noise imm) + */ + bool is_on = param ? 1 : 0; ++ ++ if (ah->caps.rx_chainmask == 1) ++ break; ++ + REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL, + AR_PHY_MRC_CCK_ENABLE, is_on); + REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL, +diff --git a/drivers/net/wireless/ath/ath9k/ath9k.h b/drivers/net/wireless/ath/ath9k/ath9k.h +index c1224b5..020b9b3 100644 +--- a/drivers/net/wireless/ath/ath9k/ath9k.h ++++ b/drivers/net/wireless/ath/ath9k/ath9k.h +@@ -79,10 +79,6 @@ struct ath_config { + sizeof(struct ath_buf_state)); \ + } while (0) + +-#define ATH_RXBUF_RESET(_bf) do { \ +- (_bf)->bf_stale = false; \ +- } while (0) +- + /** + * enum buffer_type - Buffer type flags + * +@@ -317,6 +313,7 @@ struct ath_rx { + struct ath_descdma rxdma; + struct ath_rx_edma rx_edma[ATH9K_RX_QUEUE_MAX]; + ++ struct ath_buf *buf_hold; + struct sk_buff *frag; + + u32 ampdu_ref; +diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c +index 865e043..b4902b3 100644 +--- a/drivers/net/wireless/ath/ath9k/recv.c ++++ b/drivers/net/wireless/ath/ath9k/recv.c +@@ -42,8 +42,6 @@ static void ath_rx_buf_link(struct ath_softc *sc, struct ath_buf *bf) + struct ath_desc *ds; + struct sk_buff *skb; + +- ATH_RXBUF_RESET(bf); +- + ds = bf->bf_desc; + ds->ds_link = 0; /* link to null */ + ds->ds_data = bf->bf_buf_addr; +@@ -70,6 +68,14 @@ static void ath_rx_buf_link(struct ath_softc *sc, struct ath_buf *bf) + sc->rx.rxlink = &ds->ds_link; + } + ++static void ath_rx_buf_relink(struct ath_softc *sc, struct ath_buf *bf) ++{ ++ if (sc->rx.buf_hold) ++ ath_rx_buf_link(sc, sc->rx.buf_hold); ++ ++ sc->rx.buf_hold = bf; ++} ++ + static void ath_setdefantenna(struct ath_softc *sc, u32 antenna) + { + /* XXX block beacon interrupts */ +@@ -117,7 +123,6 @@ static bool ath_rx_edma_buf_link(struct ath_softc *sc, + + skb = bf->bf_mpdu; + +- ATH_RXBUF_RESET(bf); + memset(skb->data, 0, ah->caps.rx_status_len); + dma_sync_single_for_device(sc->dev, bf->bf_buf_addr, + ah->caps.rx_status_len, DMA_TO_DEVICE); +@@ -432,6 +437,7 @@ int ath_startrecv(struct ath_softc *sc) + if (list_empty(&sc->rx.rxbuf)) + goto start_recv; + ++ sc->rx.buf_hold = NULL; + sc->rx.rxlink = NULL; + list_for_each_entry_safe(bf, tbf, &sc->rx.rxbuf, list) { + ath_rx_buf_link(sc, bf); +@@ -677,6 +683,9 @@ static struct ath_buf *ath_get_next_rx_buf(struct ath_softc *sc, + } + + bf = list_first_entry(&sc->rx.rxbuf, struct ath_buf, list); ++ if (bf == sc->rx.buf_hold) ++ return NULL; ++ + ds = bf->bf_desc; + + /* +@@ -1375,7 +1384,7 @@ requeue: + if (edma) { + ath_rx_edma_buf_link(sc, qtype); + } else { +- ath_rx_buf_link(sc, bf); ++ ath_rx_buf_relink(sc, bf); + ath9k_hw_rxena(ah); + } + } while (1); +diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c +index 9279927..ab64683 100644 +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -2602,6 +2602,7 @@ void ath_tx_node_init(struct ath_softc *sc, struct ath_node *an) + for (acno = 0, ac = &an->ac[acno]; + acno < IEEE80211_NUM_ACS; acno++, ac++) { + ac->sched = false; ++ ac->clear_ps_filter = true; + ac->txq = sc->tx.txq_map[acno]; + INIT_LIST_HEAD(&ac->tid_q); + } +diff --git a/drivers/net/wireless/brcm80211/brcmsmac/dma.c b/drivers/net/wireless/brcm80211/brcmsmac/dma.c +index 1860c57..4fb9635 100644 +--- a/drivers/net/wireless/brcm80211/brcmsmac/dma.c ++++ b/drivers/net/wireless/brcm80211/brcmsmac/dma.c +@@ -1015,9 +1015,10 @@ static bool dma64_txidle(struct dma_info *di) + + /* + * post receive buffers +- * return false is refill failed completely and ring is empty this will stall +- * the rx dma and user might want to call rxfill again asap. This unlikely +- * happens on memory-rich NIC, but often on memory-constrained dongle ++ * Return false if refill failed completely or dma mapping failed. The ring ++ * is empty, which will stall the rx dma and user might want to call rxfill ++ * again asap. This is unlikely to happen on a memory-rich NIC, but often on ++ * memory-constrained dongle. + */ + bool dma_rxfill(struct dma_pub *pub) + { +@@ -1078,6 +1079,8 @@ bool dma_rxfill(struct dma_pub *pub) + + pa = dma_map_single(di->dmadev, p->data, di->rxbufsize, + DMA_FROM_DEVICE); ++ if (dma_mapping_error(di->dmadev, pa)) ++ return false; + + /* save the free packet pointer */ + di->rxp[rxout] = p; +@@ -1284,7 +1287,11 @@ static void dma_txenq(struct dma_info *di, struct sk_buff *p) + + /* get physical address of buffer start */ + pa = dma_map_single(di->dmadev, data, len, DMA_TO_DEVICE); +- ++ /* if mapping failed, free skb */ ++ if (dma_mapping_error(di->dmadev, pa)) { ++ brcmu_pkt_buf_free_skb(p); ++ return; ++ } + /* With a DMA segment list, Descriptor table is filled + * using the segment list instead of looping over + * buffers in multi-chain DMA. Therefore, EOF for SGLIST +diff --git a/drivers/of/base.c b/drivers/of/base.c +index 5c54279..bf8432f 100644 +--- a/drivers/of/base.c ++++ b/drivers/of/base.c +@@ -1629,6 +1629,7 @@ void of_alias_scan(void * (*dt_alloc)(u64 size, u64 align)) + ap = dt_alloc(sizeof(*ap) + len + 1, 4); + if (!ap) + continue; ++ memset(ap, 0, sizeof(*ap) + len + 1); + ap->alias = start; + of_alias_add(ap, np, id, start, len); + } +diff --git a/drivers/pinctrl/pinctrl-at91.c b/drivers/pinctrl/pinctrl-at91.c +index b90a3a0..19afb9a 100644 +--- a/drivers/pinctrl/pinctrl-at91.c ++++ b/drivers/pinctrl/pinctrl-at91.c +@@ -325,7 +325,7 @@ static void at91_mux_disable_interrupt(void __iomem *pio, unsigned mask) + + static unsigned at91_mux_get_pullup(void __iomem *pio, unsigned pin) + { +- return (readl_relaxed(pio + PIO_PUSR) >> pin) & 0x1; ++ return !((readl_relaxed(pio + PIO_PUSR) >> pin) & 0x1); + } + + static void at91_mux_set_pullup(void __iomem *pio, unsigned mask, bool on) +@@ -445,7 +445,7 @@ static void at91_mux_pio3_set_debounce(void __iomem *pio, unsigned mask, + + static bool at91_mux_pio3_get_pulldown(void __iomem *pio, unsigned pin) + { +- return (__raw_readl(pio + PIO_PPDSR) >> pin) & 0x1; ++ return !((__raw_readl(pio + PIO_PPDSR) >> pin) & 0x1); + } + + static void at91_mux_pio3_set_pulldown(void __iomem *pio, unsigned mask, bool is_on) +diff --git a/drivers/scsi/mpt3sas/Makefile b/drivers/scsi/mpt3sas/Makefile +index 4c1d2e7..efb0c4c 100644 +--- a/drivers/scsi/mpt3sas/Makefile ++++ b/drivers/scsi/mpt3sas/Makefile +@@ -1,5 +1,5 @@ + # mpt3sas makefile +-obj-m += mpt3sas.o ++obj-$(CONFIG_SCSI_MPT3SAS) += mpt3sas.o + mpt3sas-y += mpt3sas_base.o \ + mpt3sas_config.o \ + mpt3sas_scsih.o \ +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c +index 86fcf2c..2783dd7 100644 +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -2419,14 +2419,9 @@ sd_read_cache_type(struct scsi_disk *sdkp, unsigned char *buffer) + } + } + +- if (modepage == 0x3F) { +- sd_printk(KERN_ERR, sdkp, "No Caching mode page " +- "present\n"); +- goto defaults; +- } else if ((buffer[offset] & 0x3f) != modepage) { +- sd_printk(KERN_ERR, sdkp, "Got wrong page\n"); +- goto defaults; +- } ++ sd_printk(KERN_ERR, sdkp, "No Caching mode page found\n"); ++ goto defaults; ++ + Page_found: + if (modepage == 8) { + sdkp->WCE = ((buffer[offset + 2] & 0x04) != 0); +diff --git a/drivers/staging/comedi/drivers/dt282x.c b/drivers/staging/comedi/drivers/dt282x.c +index c1950e3..674b236 100644 +--- a/drivers/staging/comedi/drivers/dt282x.c ++++ b/drivers/staging/comedi/drivers/dt282x.c +@@ -264,8 +264,9 @@ struct dt282x_private { + } \ + udelay(5); \ + } \ +- if (_i) \ ++ if (_i) { \ + b \ ++ } \ + } while (0) + + static int prep_ai_dma(struct comedi_device *dev, int chan, int size); +diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c +index e77fb6e..8f54c50 100644 +--- a/drivers/staging/zram/zram_drv.c ++++ b/drivers/staging/zram/zram_drv.c +@@ -445,6 +445,14 @@ static int zram_bvec_write(struct zram *zram, struct bio_vec *bvec, u32 index, + goto out; + } + ++ /* ++ * zram_slot_free_notify could miss free so that let's ++ * double check. ++ */ ++ if (unlikely(meta->table[index].handle || ++ zram_test_flag(meta, index, ZRAM_ZERO))) ++ zram_free_page(zram, index); ++ + ret = lzo1x_1_compress(uncmem, PAGE_SIZE, src, &clen, + meta->compress_workmem); + +@@ -504,6 +512,20 @@ out: + return ret; + } + ++static void handle_pending_slot_free(struct zram *zram) ++{ ++ struct zram_slot_free *free_rq; ++ ++ spin_lock(&zram->slot_free_lock); ++ while (zram->slot_free_rq) { ++ free_rq = zram->slot_free_rq; ++ zram->slot_free_rq = free_rq->next; ++ zram_free_page(zram, free_rq->index); ++ kfree(free_rq); ++ } ++ spin_unlock(&zram->slot_free_lock); ++} ++ + static int zram_bvec_rw(struct zram *zram, struct bio_vec *bvec, u32 index, + int offset, struct bio *bio, int rw) + { +@@ -511,10 +533,12 @@ static int zram_bvec_rw(struct zram *zram, struct bio_vec *bvec, u32 index, + + if (rw == READ) { + down_read(&zram->lock); ++ handle_pending_slot_free(zram); + ret = zram_bvec_read(zram, bvec, index, offset, bio); + up_read(&zram->lock); + } else { + down_write(&zram->lock); ++ handle_pending_slot_free(zram); + ret = zram_bvec_write(zram, bvec, index, offset); + up_write(&zram->lock); + } +@@ -522,11 +546,13 @@ static int zram_bvec_rw(struct zram *zram, struct bio_vec *bvec, u32 index, + return ret; + } + +-static void zram_reset_device(struct zram *zram) ++static void zram_reset_device(struct zram *zram, bool reset_capacity) + { + size_t index; + struct zram_meta *meta; + ++ flush_work(&zram->free_work); ++ + down_write(&zram->init_lock); + if (!zram->init_done) { + up_write(&zram->init_lock); +@@ -551,7 +577,8 @@ static void zram_reset_device(struct zram *zram) + memset(&zram->stats, 0, sizeof(zram->stats)); + + zram->disksize = 0; +- set_capacity(zram->disk, 0); ++ if (reset_capacity) ++ set_capacity(zram->disk, 0); + up_write(&zram->init_lock); + } + +@@ -635,7 +662,7 @@ static ssize_t reset_store(struct device *dev, + if (bdev) + fsync_bdev(bdev); + +- zram_reset_device(zram); ++ zram_reset_device(zram, true); + return len; + } + +@@ -720,16 +747,40 @@ error: + bio_io_error(bio); + } + ++static void zram_slot_free(struct work_struct *work) ++{ ++ struct zram *zram; ++ ++ zram = container_of(work, struct zram, free_work); ++ down_write(&zram->lock); ++ handle_pending_slot_free(zram); ++ up_write(&zram->lock); ++} ++ ++static void add_slot_free(struct zram *zram, struct zram_slot_free *free_rq) ++{ ++ spin_lock(&zram->slot_free_lock); ++ free_rq->next = zram->slot_free_rq; ++ zram->slot_free_rq = free_rq; ++ spin_unlock(&zram->slot_free_lock); ++} ++ + static void zram_slot_free_notify(struct block_device *bdev, + unsigned long index) + { + struct zram *zram; ++ struct zram_slot_free *free_rq; + + zram = bdev->bd_disk->private_data; +- down_write(&zram->lock); +- zram_free_page(zram, index); +- up_write(&zram->lock); + atomic64_inc(&zram->stats.notify_free); ++ ++ free_rq = kmalloc(sizeof(struct zram_slot_free), GFP_ATOMIC); ++ if (!free_rq) ++ return; ++ ++ free_rq->index = index; ++ add_slot_free(zram, free_rq); ++ schedule_work(&zram->free_work); + } + + static const struct block_device_operations zram_devops = { +@@ -776,6 +827,10 @@ static int create_device(struct zram *zram, int device_id) + init_rwsem(&zram->lock); + init_rwsem(&zram->init_lock); + ++ INIT_WORK(&zram->free_work, zram_slot_free); ++ spin_lock_init(&zram->slot_free_lock); ++ zram->slot_free_rq = NULL; ++ + zram->queue = blk_alloc_queue(GFP_KERNEL); + if (!zram->queue) { + pr_err("Error allocating disk queue for device %d\n", +@@ -902,10 +957,12 @@ static void __exit zram_exit(void) + for (i = 0; i < num_devices; i++) { + zram = &zram_devices[i]; + +- get_disk(zram->disk); + destroy_device(zram); +- zram_reset_device(zram); +- put_disk(zram->disk); ++ /* ++ * Shouldn't access zram->disk after destroy_device ++ * because destroy_device already released zram->disk. ++ */ ++ zram_reset_device(zram, false); + } + + unregister_blkdev(zram_major, "zram"); +diff --git a/drivers/staging/zram/zram_drv.h b/drivers/staging/zram/zram_drv.h +index 9e57bfb..97a3acf 100644 +--- a/drivers/staging/zram/zram_drv.h ++++ b/drivers/staging/zram/zram_drv.h +@@ -94,11 +94,20 @@ struct zram_meta { + struct zs_pool *mem_pool; + }; + ++struct zram_slot_free { ++ unsigned long index; ++ struct zram_slot_free *next; ++}; ++ + struct zram { + struct zram_meta *meta; + struct rw_semaphore lock; /* protect compression buffers, table, + * 32bit stat counters against concurrent + * notifications, reads and writes */ ++ ++ struct work_struct free_work; /* handle pending free request */ ++ struct zram_slot_free *slot_free_rq; /* list head of free request */ ++ + struct request_queue *queue; + struct gendisk *disk; + int init_done; +@@ -109,6 +118,7 @@ struct zram { + * we can store in a disk. + */ + u64 disksize; /* bytes */ ++ spinlock_t slot_free_lock; + + struct zram_stats stats; + }; +diff --git a/drivers/target/target_core_alua.c b/drivers/target/target_core_alua.c +index cbe48ab..f608fbc 100644 +--- a/drivers/target/target_core_alua.c ++++ b/drivers/target/target_core_alua.c +@@ -730,7 +730,7 @@ static int core_alua_write_tpg_metadata( + if (ret < 0) + pr_err("Error writing ALUA metadata file: %s\n", path); + fput(file); +- return ret ? -EIO : 0; ++ return (ret < 0) ? -EIO : 0; + } + + /* +diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c +index bd78faf..adec5a8 100644 +--- a/drivers/target/target_core_pr.c ++++ b/drivers/target/target_core_pr.c +@@ -1949,7 +1949,7 @@ static int __core_scsi3_write_aptpl_to_file( + pr_debug("Error writing APTPL metadata file: %s\n", path); + fput(file); + +- return ret ? -EIO : 0; ++ return (ret < 0) ? -EIO : 0; + } + + /* +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c +index 366af83..20689b9 100644 +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -850,7 +850,8 @@ void disassociate_ctty(int on_exit) + struct pid *tty_pgrp = tty_get_pgrp(tty); + if (tty_pgrp) { + kill_pgrp(tty_pgrp, SIGHUP, on_exit); +- kill_pgrp(tty_pgrp, SIGCONT, on_exit); ++ if (!on_exit) ++ kill_pgrp(tty_pgrp, SIGCONT, on_exit); + put_pid(tty_pgrp); + } + } +diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c +index 8a230f0..d3318a0 100644 +--- a/drivers/usb/class/cdc-wdm.c ++++ b/drivers/usb/class/cdc-wdm.c +@@ -209,6 +209,7 @@ skip_error: + static void wdm_int_callback(struct urb *urb) + { + int rv = 0; ++ int responding; + int status = urb->status; + struct wdm_device *desc; + struct usb_cdc_notification *dr; +@@ -262,8 +263,8 @@ static void wdm_int_callback(struct urb *urb) + + spin_lock(&desc->iuspin); + clear_bit(WDM_READ, &desc->flags); +- set_bit(WDM_RESPONDING, &desc->flags); +- if (!test_bit(WDM_DISCONNECTING, &desc->flags) ++ responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); ++ if (!responding && !test_bit(WDM_DISCONNECTING, &desc->flags) + && !test_bit(WDM_SUSPENDING, &desc->flags)) { + rv = usb_submit_urb(desc->response, GFP_ATOMIC); + dev_dbg(&desc->intf->dev, "%s: usb_submit_urb %d", +@@ -685,16 +686,20 @@ static void wdm_rxwork(struct work_struct *work) + { + struct wdm_device *desc = container_of(work, struct wdm_device, rxwork); + unsigned long flags; +- int rv; ++ int rv = 0; ++ int responding; + + spin_lock_irqsave(&desc->iuspin, flags); + if (test_bit(WDM_DISCONNECTING, &desc->flags)) { + spin_unlock_irqrestore(&desc->iuspin, flags); + } else { ++ responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); + spin_unlock_irqrestore(&desc->iuspin, flags); +- rv = usb_submit_urb(desc->response, GFP_KERNEL); ++ if (!responding) ++ rv = usb_submit_urb(desc->response, GFP_KERNEL); + if (rv < 0 && rv != -EPERM) { + spin_lock_irqsave(&desc->iuspin, flags); ++ clear_bit(WDM_RESPONDING, &desc->flags); + if (!test_bit(WDM_DISCONNECTING, &desc->flags)) + schedule_work(&desc->rxwork); + spin_unlock_irqrestore(&desc->iuspin, flags); +diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c +index 7199adc..a6b2cab 100644 +--- a/drivers/usb/core/config.c ++++ b/drivers/usb/core/config.c +@@ -424,7 +424,8 @@ static int usb_parse_configuration(struct usb_device *dev, int cfgidx, + + memcpy(&config->desc, buffer, USB_DT_CONFIG_SIZE); + if (config->desc.bDescriptorType != USB_DT_CONFIG || +- config->desc.bLength < USB_DT_CONFIG_SIZE) { ++ config->desc.bLength < USB_DT_CONFIG_SIZE || ++ config->desc.bLength > size) { + dev_err(ddev, "invalid descriptor for config index %d: " + "type = 0x%X, length = %d\n", cfgidx, + config->desc.bDescriptorType, config->desc.bLength); +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 558313d..17c3785 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -2918,7 +2918,6 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) + { + struct usb_hub *hub = usb_hub_to_struct_hub(udev->parent); + struct usb_port *port_dev = hub->ports[udev->portnum - 1]; +- enum pm_qos_flags_status pm_qos_stat; + int port1 = udev->portnum; + int status; + bool really_suspend = true; +@@ -2956,7 +2955,7 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) + status); + /* bail if autosuspend is requested */ + if (PMSG_IS_AUTO(msg)) +- return status; ++ goto err_wakeup; + } + } + +@@ -2965,14 +2964,16 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) + usb_set_usb2_hardware_lpm(udev, 0); + + if (usb_disable_ltm(udev)) { +- dev_err(&udev->dev, "%s Failed to disable LTM before suspend\n.", +- __func__); +- return -ENOMEM; ++ dev_err(&udev->dev, "Failed to disable LTM before suspend\n."); ++ status = -ENOMEM; ++ if (PMSG_IS_AUTO(msg)) ++ goto err_ltm; + } + if (usb_unlocked_disable_lpm(udev)) { +- dev_err(&udev->dev, "%s Failed to disable LPM before suspend\n.", +- __func__); +- return -ENOMEM; ++ dev_err(&udev->dev, "Failed to disable LPM before suspend\n."); ++ status = -ENOMEM; ++ if (PMSG_IS_AUTO(msg)) ++ goto err_lpm3; + } + + /* see 7.1.7.6 */ +@@ -3000,28 +3001,31 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) + if (status) { + dev_dbg(hub->intfdev, "can't suspend port %d, status %d\n", + port1, status); +- /* paranoia: "should not happen" */ +- if (udev->do_remote_wakeup) { +- if (!hub_is_superspeed(hub->hdev)) { +- (void) usb_control_msg(udev, +- usb_sndctrlpipe(udev, 0), +- USB_REQ_CLEAR_FEATURE, +- USB_RECIP_DEVICE, +- USB_DEVICE_REMOTE_WAKEUP, 0, +- NULL, 0, +- USB_CTRL_SET_TIMEOUT); +- } else +- (void) usb_disable_function_remotewakeup(udev); +- +- } + ++ /* Try to enable USB3 LPM and LTM again */ ++ usb_unlocked_enable_lpm(udev); ++ err_lpm3: ++ usb_enable_ltm(udev); ++ err_ltm: + /* Try to enable USB2 hardware LPM again */ + if (udev->usb2_hw_lpm_capable == 1) + usb_set_usb2_hardware_lpm(udev, 1); + +- /* Try to enable USB3 LTM and LPM again */ +- usb_enable_ltm(udev); +- usb_unlocked_enable_lpm(udev); ++ if (udev->do_remote_wakeup) { ++ if (udev->speed < USB_SPEED_SUPER) ++ usb_control_msg(udev, usb_sndctrlpipe(udev, 0), ++ USB_REQ_CLEAR_FEATURE, ++ USB_RECIP_DEVICE, ++ USB_DEVICE_REMOTE_WAKEUP, 0, ++ NULL, 0, USB_CTRL_SET_TIMEOUT); ++ else ++ usb_control_msg(udev, usb_sndctrlpipe(udev, 0), ++ USB_REQ_CLEAR_FEATURE, ++ USB_RECIP_INTERFACE, ++ USB_INTRF_FUNC_SUSPEND, 0, ++ NULL, 0, USB_CTRL_SET_TIMEOUT); ++ } ++ err_wakeup: + + /* System sleep transitions should never fail */ + if (!PMSG_IS_AUTO(msg)) +@@ -3039,16 +3043,7 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) + usb_set_device_state(udev, USB_STATE_SUSPENDED); + } + +- /* +- * Check whether current status meets the requirement of +- * usb port power off mechanism +- */ +- pm_qos_stat = dev_pm_qos_flags(&port_dev->dev, +- PM_QOS_FLAG_NO_POWER_OFF); +- if (!udev->do_remote_wakeup +- && pm_qos_stat != PM_QOS_FLAGS_ALL +- && udev->persist_enabled +- && !status) { ++ if (status == 0 && !udev->do_remote_wakeup && udev->persist_enabled) { + pm_runtime_put_sync(&port_dev->dev); + port_dev->did_runtime_put = true; + } +diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c +index d6b0fad..9909911 100644 +--- a/drivers/usb/core/port.c ++++ b/drivers/usb/core/port.c +@@ -89,22 +89,19 @@ static int usb_port_runtime_resume(struct device *dev) + retval = usb_hub_set_port_power(hdev, hub, port1, true); + if (port_dev->child && !retval) { + /* +- * Wait for usb hub port to be reconnected in order to make +- * the resume procedure successful. ++ * Attempt to wait for usb hub port to be reconnected in order ++ * to make the resume procedure successful. The device may have ++ * disconnected while the port was powered off, so ignore the ++ * return status. + */ + retval = hub_port_debounce_be_connected(hub, port1); +- if (retval < 0) { ++ if (retval < 0) + dev_dbg(&port_dev->dev, "can't get reconnection after setting port power on, status %d\n", + retval); +- goto out; +- } + usb_clear_port_feature(hdev, port1, USB_PORT_FEAT_C_ENABLE); +- +- /* Set return value to 0 if debounce successful */ + retval = 0; + } + +-out: + clear_bit(port1, hub->busy_bits); + usb_autopm_put_interface(intf); + return retval; +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c +index f77083f..14d28d6 100644 +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -1508,6 +1508,15 @@ static int dwc3_gadget_start(struct usb_gadget *g, + int irq; + u32 reg; + ++ irq = platform_get_irq(to_platform_device(dwc->dev), 0); ++ ret = request_threaded_irq(irq, dwc3_interrupt, dwc3_thread_interrupt, ++ IRQF_SHARED | IRQF_ONESHOT, "dwc3", dwc); ++ if (ret) { ++ dev_err(dwc->dev, "failed to request irq #%d --> %d\n", ++ irq, ret); ++ goto err0; ++ } ++ + spin_lock_irqsave(&dwc->lock, flags); + + if (dwc->gadget_driver) { +@@ -1515,7 +1524,7 @@ static int dwc3_gadget_start(struct usb_gadget *g, + dwc->gadget.name, + dwc->gadget_driver->driver.name); + ret = -EBUSY; +- goto err0; ++ goto err1; + } + + dwc->gadget_driver = driver; +@@ -1551,42 +1560,38 @@ static int dwc3_gadget_start(struct usb_gadget *g, + ret = __dwc3_gadget_ep_enable(dep, &dwc3_gadget_ep0_desc, NULL, false); + if (ret) { + dev_err(dwc->dev, "failed to enable %s\n", dep->name); +- goto err0; ++ goto err2; + } + + dep = dwc->eps[1]; + ret = __dwc3_gadget_ep_enable(dep, &dwc3_gadget_ep0_desc, NULL, false); + if (ret) { + dev_err(dwc->dev, "failed to enable %s\n", dep->name); +- goto err1; ++ goto err3; + } + + /* begin to receive SETUP packets */ + dwc->ep0state = EP0_SETUP_PHASE; + dwc3_ep0_out_start(dwc); + +- irq = platform_get_irq(to_platform_device(dwc->dev), 0); +- ret = request_threaded_irq(irq, dwc3_interrupt, dwc3_thread_interrupt, +- IRQF_SHARED | IRQF_ONESHOT, "dwc3", dwc); +- if (ret) { +- dev_err(dwc->dev, "failed to request irq #%d --> %d\n", +- irq, ret); +- goto err1; +- } +- + dwc3_gadget_enable_irq(dwc); + + spin_unlock_irqrestore(&dwc->lock, flags); + + return 0; + +-err1: ++err3: + __dwc3_gadget_ep_disable(dwc->eps[0]); + +-err0: ++err2: + dwc->gadget_driver = NULL; ++ ++err1: + spin_unlock_irqrestore(&dwc->lock, flags); + ++ free_irq(irq, dwc); ++ ++err0: + return ret; + } + +@@ -1600,9 +1605,6 @@ static int dwc3_gadget_stop(struct usb_gadget *g, + spin_lock_irqsave(&dwc->lock, flags); + + dwc3_gadget_disable_irq(dwc); +- irq = platform_get_irq(to_platform_device(dwc->dev), 0); +- free_irq(irq, dwc); +- + __dwc3_gadget_ep_disable(dwc->eps[0]); + __dwc3_gadget_ep_disable(dwc->eps[1]); + +@@ -1610,6 +1612,9 @@ static int dwc3_gadget_stop(struct usb_gadget *g, + + spin_unlock_irqrestore(&dwc->lock, flags); + ++ irq = platform_get_irq(to_platform_device(dwc->dev), 0); ++ free_irq(irq, dwc); ++ + return 0; + } + +diff --git a/drivers/usb/gadget/uvc_queue.c b/drivers/usb/gadget/uvc_queue.c +index e617047..0bb5d50 100644 +--- a/drivers/usb/gadget/uvc_queue.c ++++ b/drivers/usb/gadget/uvc_queue.c +@@ -193,12 +193,16 @@ static int uvc_queue_buffer(struct uvc_video_queue *queue, + + mutex_lock(&queue->mutex); + ret = vb2_qbuf(&queue->queue, buf); ++ if (ret < 0) ++ goto done; ++ + spin_lock_irqsave(&queue->irqlock, flags); + ret = (queue->flags & UVC_QUEUE_PAUSED) != 0; + queue->flags &= ~UVC_QUEUE_PAUSED; + spin_unlock_irqrestore(&queue->irqlock, flags); +- mutex_unlock(&queue->mutex); + ++done: ++ mutex_unlock(&queue->mutex); + return ret; + } + +diff --git a/drivers/usb/host/ehci-mxc.c b/drivers/usb/host/ehci-mxc.c +index e4c34ac..4c166e1 100644 +--- a/drivers/usb/host/ehci-mxc.c ++++ b/drivers/usb/host/ehci-mxc.c +@@ -184,7 +184,7 @@ static int ehci_mxc_drv_remove(struct platform_device *pdev) + if (pdata && pdata->exit) + pdata->exit(pdev); + +- if (pdata->otg) ++ if (pdata && pdata->otg) + usb_phy_shutdown(pdata->otg); + + clk_disable_unprepare(priv->usbclk); +diff --git a/drivers/usb/host/ohci-pci.c b/drivers/usb/host/ohci-pci.c +index 279b049..ec337c2 100644 +--- a/drivers/usb/host/ohci-pci.c ++++ b/drivers/usb/host/ohci-pci.c +@@ -289,7 +289,7 @@ static struct pci_driver ohci_pci_driver = { + .remove = usb_hcd_pci_remove, + .shutdown = usb_hcd_pci_shutdown, + +-#ifdef CONFIG_PM_SLEEP ++#ifdef CONFIG_PM + .driver = { + .pm = &usb_hcd_pci_pm_ops + }, +diff --git a/drivers/usb/host/xhci-ext-caps.h b/drivers/usb/host/xhci-ext-caps.h +index 8d7a132..9fe3225 100644 +--- a/drivers/usb/host/xhci-ext-caps.h ++++ b/drivers/usb/host/xhci-ext-caps.h +@@ -71,7 +71,7 @@ + + /* USB 2.0 xHCI 1.0 hardware LMP capability - section 7.2.2.1.3.2 */ + #define XHCI_HLC (1 << 19) +-#define XHCI_BLC (1 << 19) ++#define XHCI_BLC (1 << 20) + + /* command register values to disable interrupts and halt the HC */ + /* start/stop HC execution - do not write unless HC is halted*/ +diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c +index 51e22bf..6eca5a5 100644 +--- a/drivers/usb/host/xhci-plat.c ++++ b/drivers/usb/host/xhci-plat.c +@@ -24,7 +24,7 @@ static void xhci_plat_quirks(struct device *dev, struct xhci_hcd *xhci) + * here that the generic code does not try to make a pci_dev from our + * dev struct in order to setup MSI + */ +- xhci->quirks |= XHCI_BROKEN_MSI; ++ xhci->quirks |= XHCI_PLAT; + } + + /* called during probe() after chip reset completes */ +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c +index 9478caa..b3c4162 100644 +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -343,9 +343,14 @@ static void __maybe_unused xhci_msix_sync_irqs(struct xhci_hcd *xhci) + static int xhci_try_enable_msi(struct usb_hcd *hcd) + { + struct xhci_hcd *xhci = hcd_to_xhci(hcd); +- struct pci_dev *pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller); ++ struct pci_dev *pdev; + int ret; + ++ /* The xhci platform device has set up IRQs through usb_add_hcd. */ ++ if (xhci->quirks & XHCI_PLAT) ++ return 0; ++ ++ pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller); + /* + * Some Fresco Logic host controllers advertise MSI, but fail to + * generate interrupts. Don't even try to enable MSI. +@@ -3581,10 +3586,21 @@ void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) + { + struct xhci_hcd *xhci = hcd_to_xhci(hcd); + struct xhci_virt_device *virt_dev; ++ struct device *dev = hcd->self.controller; + unsigned long flags; + u32 state; + int i, ret; + ++#ifndef CONFIG_USB_DEFAULT_PERSIST ++ /* ++ * We called pm_runtime_get_noresume when the device was attached. ++ * Decrement the counter here to allow controller to runtime suspend ++ * if no devices remain. ++ */ ++ if (xhci->quirks & XHCI_RESET_ON_RESUME) ++ pm_runtime_put_noidle(dev); ++#endif ++ + ret = xhci_check_args(hcd, udev, NULL, 0, true, __func__); + /* If the host is halted due to driver unload, we still need to free the + * device. +@@ -3656,6 +3672,7 @@ static int xhci_reserve_host_control_ep_resources(struct xhci_hcd *xhci) + int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) + { + struct xhci_hcd *xhci = hcd_to_xhci(hcd); ++ struct device *dev = hcd->self.controller; + unsigned long flags; + int timeleft; + int ret; +@@ -3708,6 +3725,16 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev) + goto disable_slot; + } + udev->slot_id = xhci->slot_id; ++ ++#ifndef CONFIG_USB_DEFAULT_PERSIST ++ /* ++ * If resetting upon resume, we can't put the controller into runtime ++ * suspend if there is a device attached. ++ */ ++ if (xhci->quirks & XHCI_RESET_ON_RESUME) ++ pm_runtime_get_noresume(dev); ++#endif ++ + /* Is this a LS or FS device under a HS hub? */ + /* Hub or peripherial? */ + return 1; +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h +index c338741..6ab1e60 100644 +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -1542,6 +1542,7 @@ struct xhci_hcd { + #define XHCI_SPURIOUS_REBOOT (1 << 13) + #define XHCI_COMP_MODE_QUIRK (1 << 14) + #define XHCI_AVOID_BEI (1 << 15) ++#define XHCI_PLAT (1 << 16) + unsigned int num_active_eps; + unsigned int limit_active_eps; + /* There are two roothubs to keep track of bus suspend info for */ +diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c +index b013001..84657e0 100644 +--- a/drivers/usb/serial/mos7720.c ++++ b/drivers/usb/serial/mos7720.c +@@ -374,7 +374,7 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport, + kfree(urbtrack); + return -ENOMEM; + } +- urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_KERNEL); ++ urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_ATOMIC); + if (!urbtrack->setup) { + usb_free_urb(urbtrack->urb); + kfree(urbtrack); +@@ -382,8 +382,8 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport, + } + urbtrack->setup->bRequestType = (__u8)0x40; + urbtrack->setup->bRequest = (__u8)0x0e; +- urbtrack->setup->wValue = get_reg_value(reg, dummy); +- urbtrack->setup->wIndex = get_reg_index(reg); ++ urbtrack->setup->wValue = cpu_to_le16(get_reg_value(reg, dummy)); ++ urbtrack->setup->wIndex = cpu_to_le16(get_reg_index(reg)); + urbtrack->setup->wLength = 0; + usb_fill_control_urb(urbtrack->urb, usbdev, + usb_sndctrlpipe(usbdev, 0), +diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c +index 04cdeb8..c4d2298 100644 +--- a/drivers/xen/grant-table.c ++++ b/drivers/xen/grant-table.c +@@ -730,9 +730,18 @@ void gnttab_request_free_callback(struct gnttab_free_callback *callback, + void (*fn)(void *), void *arg, u16 count) + { + unsigned long flags; ++ struct gnttab_free_callback *cb; ++ + spin_lock_irqsave(&gnttab_list_lock, flags); +- if (callback->next) +- goto out; ++ ++ /* Check if the callback is already on the list */ ++ cb = gnttab_free_callback_list; ++ while (cb) { ++ if (cb == callback) ++ goto out; ++ cb = cb->next; ++ } ++ + callback->fn = fn; + callback->arg = arg; + callback->count = count; +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c +index 238a055..9877a2a 100644 +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -3312,6 +3312,9 @@ static long btrfs_ioctl_dev_replace(struct btrfs_root *root, void __user *arg) + + switch (p->cmd) { + case BTRFS_IOCTL_DEV_REPLACE_CMD_START: ++ if (root->fs_info->sb->s_flags & MS_RDONLY) ++ return -EROFS; ++ + if (atomic_xchg( + &root->fs_info->mutually_exclusive_operation_running, + 1)) { +diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c +index e0b4ef3..a5ce62e 100644 +--- a/fs/ceph/ioctl.c ++++ b/fs/ceph/ioctl.c +@@ -196,8 +196,10 @@ static long ceph_ioctl_get_dataloc(struct file *file, void __user *arg) + r = ceph_calc_file_object_mapping(&ci->i_layout, dl.file_offset, len, + &dl.object_no, &dl.object_offset, + &olen); +- if (r < 0) ++ if (r < 0) { ++ up_read(&osdc->map_sem); + return -EIO; ++ } + dl.file_offset -= dl.object_offset; + dl.object_size = ceph_file_layout_object_size(ci->i_layout); + dl.block_size = ceph_file_layout_su(ci->i_layout); +diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c +index d67c550..37950c6 100644 +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -379,6 +379,7 @@ cifs_reconnect(struct TCP_Server_Info *server) + try_to_freeze(); + + /* we should try only the port we connected to before */ ++ mutex_lock(&server->srv_mutex); + rc = generic_ip_connect(server); + if (rc) { + cifs_dbg(FYI, "reconnect error %d\n", rc); +@@ -390,6 +391,7 @@ cifs_reconnect(struct TCP_Server_Info *server) + server->tcpStatus = CifsNeedNegotiate; + spin_unlock(&GlobalMid_Lock); + } ++ mutex_unlock(&server->srv_mutex); + } while (server->tcpStatus == CifsNeedReconnect); + + return rc; +diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c +index b0c4334..f851d03 100644 +--- a/fs/cifs/smb2misc.c ++++ b/fs/cifs/smb2misc.c +@@ -417,96 +417,108 @@ cifs_ses_oplock_break(struct work_struct *work) + } + + static bool +-smb2_is_valid_lease_break(char *buffer, struct TCP_Server_Info *server) ++smb2_tcon_has_lease(struct cifs_tcon *tcon, struct smb2_lease_break *rsp, ++ struct smb2_lease_break_work *lw) + { +- struct smb2_lease_break *rsp = (struct smb2_lease_break *)buffer; +- struct list_head *tmp, *tmp1, *tmp2; +- struct cifs_ses *ses; +- struct cifs_tcon *tcon; +- struct cifsInodeInfo *cinode; ++ bool found; ++ __u8 lease_state; ++ struct list_head *tmp; + struct cifsFileInfo *cfile; + struct cifs_pending_open *open; +- struct smb2_lease_break_work *lw; +- bool found; ++ struct cifsInodeInfo *cinode; + int ack_req = le32_to_cpu(rsp->Flags & + SMB2_NOTIFY_BREAK_LEASE_FLAG_ACK_REQUIRED); + +- lw = kmalloc(sizeof(struct smb2_lease_break_work), GFP_KERNEL); +- if (!lw) +- return false; ++ lease_state = smb2_map_lease_to_oplock(rsp->NewLeaseState); + +- INIT_WORK(&lw->lease_break, cifs_ses_oplock_break); +- lw->lease_state = rsp->NewLeaseState; ++ list_for_each(tmp, &tcon->openFileList) { ++ cfile = list_entry(tmp, struct cifsFileInfo, tlist); ++ cinode = CIFS_I(cfile->dentry->d_inode); + +- cifs_dbg(FYI, "Checking for lease break\n"); ++ if (memcmp(cinode->lease_key, rsp->LeaseKey, ++ SMB2_LEASE_KEY_SIZE)) ++ continue; + +- /* look up tcon based on tid & uid */ +- spin_lock(&cifs_tcp_ses_lock); +- list_for_each(tmp, &server->smb_ses_list) { +- ses = list_entry(tmp, struct cifs_ses, smb_ses_list); ++ cifs_dbg(FYI, "found in the open list\n"); ++ cifs_dbg(FYI, "lease key match, lease break 0x%d\n", ++ le32_to_cpu(rsp->NewLeaseState)); + +- spin_lock(&cifs_file_list_lock); +- list_for_each(tmp1, &ses->tcon_list) { +- tcon = list_entry(tmp1, struct cifs_tcon, tcon_list); ++ smb2_set_oplock_level(cinode, lease_state); + +- cifs_stats_inc(&tcon->stats.cifs_stats.num_oplock_brks); +- list_for_each(tmp2, &tcon->openFileList) { +- cfile = list_entry(tmp2, struct cifsFileInfo, +- tlist); +- cinode = CIFS_I(cfile->dentry->d_inode); ++ if (ack_req) ++ cfile->oplock_break_cancelled = false; ++ else ++ cfile->oplock_break_cancelled = true; + +- if (memcmp(cinode->lease_key, rsp->LeaseKey, +- SMB2_LEASE_KEY_SIZE)) +- continue; ++ queue_work(cifsiod_wq, &cfile->oplock_break); ++ kfree(lw); ++ return true; ++ } + +- cifs_dbg(FYI, "found in the open list\n"); +- cifs_dbg(FYI, "lease key match, lease break 0x%d\n", +- le32_to_cpu(rsp->NewLeaseState)); ++ found = false; ++ list_for_each_entry(open, &tcon->pending_opens, olist) { ++ if (memcmp(open->lease_key, rsp->LeaseKey, ++ SMB2_LEASE_KEY_SIZE)) ++ continue; ++ ++ if (!found && ack_req) { ++ found = true; ++ memcpy(lw->lease_key, open->lease_key, ++ SMB2_LEASE_KEY_SIZE); ++ lw->tlink = cifs_get_tlink(open->tlink); ++ queue_work(cifsiod_wq, &lw->lease_break); ++ } + +- smb2_set_oplock_level(cinode, +- smb2_map_lease_to_oplock(rsp->NewLeaseState)); ++ cifs_dbg(FYI, "found in the pending open list\n"); ++ cifs_dbg(FYI, "lease key match, lease break 0x%d\n", ++ le32_to_cpu(rsp->NewLeaseState)); + +- if (ack_req) +- cfile->oplock_break_cancelled = false; +- else +- cfile->oplock_break_cancelled = true; ++ open->oplock = lease_state; ++ } ++ return found; ++} + +- queue_work(cifsiod_wq, &cfile->oplock_break); ++static bool ++smb2_is_valid_lease_break(char *buffer) ++{ ++ struct smb2_lease_break *rsp = (struct smb2_lease_break *)buffer; ++ struct list_head *tmp, *tmp1, *tmp2; ++ struct TCP_Server_Info *server; ++ struct cifs_ses *ses; ++ struct cifs_tcon *tcon; ++ struct smb2_lease_break_work *lw; + +- spin_unlock(&cifs_file_list_lock); +- spin_unlock(&cifs_tcp_ses_lock); +- return true; +- } ++ lw = kmalloc(sizeof(struct smb2_lease_break_work), GFP_KERNEL); ++ if (!lw) ++ return false; + +- found = false; +- list_for_each_entry(open, &tcon->pending_opens, olist) { +- if (memcmp(open->lease_key, rsp->LeaseKey, +- SMB2_LEASE_KEY_SIZE)) +- continue; ++ INIT_WORK(&lw->lease_break, cifs_ses_oplock_break); ++ lw->lease_state = rsp->NewLeaseState; + +- if (!found && ack_req) { +- found = true; +- memcpy(lw->lease_key, open->lease_key, +- SMB2_LEASE_KEY_SIZE); +- lw->tlink = cifs_get_tlink(open->tlink); +- queue_work(cifsiod_wq, +- &lw->lease_break); +- } ++ cifs_dbg(FYI, "Checking for lease break\n"); ++ ++ /* look up tcon based on tid & uid */ ++ spin_lock(&cifs_tcp_ses_lock); ++ list_for_each(tmp, &cifs_tcp_ses_list) { ++ server = list_entry(tmp, struct TCP_Server_Info, tcp_ses_list); + +- cifs_dbg(FYI, "found in the pending open list\n"); +- cifs_dbg(FYI, "lease key match, lease break 0x%d\n", +- le32_to_cpu(rsp->NewLeaseState)); ++ list_for_each(tmp1, &server->smb_ses_list) { ++ ses = list_entry(tmp1, struct cifs_ses, smb_ses_list); + +- open->oplock = +- smb2_map_lease_to_oplock(rsp->NewLeaseState); +- } +- if (found) { +- spin_unlock(&cifs_file_list_lock); +- spin_unlock(&cifs_tcp_ses_lock); +- return true; ++ spin_lock(&cifs_file_list_lock); ++ list_for_each(tmp2, &ses->tcon_list) { ++ tcon = list_entry(tmp2, struct cifs_tcon, ++ tcon_list); ++ cifs_stats_inc( ++ &tcon->stats.cifs_stats.num_oplock_brks); ++ if (smb2_tcon_has_lease(tcon, rsp, lw)) { ++ spin_unlock(&cifs_file_list_lock); ++ spin_unlock(&cifs_tcp_ses_lock); ++ return true; ++ } + } ++ spin_unlock(&cifs_file_list_lock); + } +- spin_unlock(&cifs_file_list_lock); + } + spin_unlock(&cifs_tcp_ses_lock); + kfree(lw); +@@ -532,7 +544,7 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server) + if (rsp->StructureSize != + smb2_rsp_struct_sizes[SMB2_OPLOCK_BREAK_HE]) { + if (le16_to_cpu(rsp->StructureSize) == 44) +- return smb2_is_valid_lease_break(buffer, server); ++ return smb2_is_valid_lease_break(buffer); + else + return false; + } +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index c2ca04e..ea4d188 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -1890,6 +1890,26 @@ static int ext4_writepage(struct page *page, + return ret; + } + ++static int mpage_submit_page(struct mpage_da_data *mpd, struct page *page) ++{ ++ int len; ++ loff_t size = i_size_read(mpd->inode); ++ int err; ++ ++ BUG_ON(page->index != mpd->first_page); ++ if (page->index == size >> PAGE_CACHE_SHIFT) ++ len = size & ~PAGE_CACHE_MASK; ++ else ++ len = PAGE_CACHE_SIZE; ++ clear_page_dirty_for_io(page); ++ err = ext4_bio_write_page(&mpd->io_submit, page, len, mpd->wbc); ++ if (!err) ++ mpd->wbc->nr_to_write--; ++ mpd->first_page++; ++ ++ return err; ++} ++ + #define BH_FLAGS ((1 << BH_Unwritten) | (1 << BH_Delay)) + + /* +@@ -1904,82 +1924,94 @@ static int ext4_writepage(struct page *page, + * + * @mpd - extent of blocks + * @lblk - logical number of the block in the file +- * @b_state - b_state of the buffer head added ++ * @bh - buffer head we want to add to the extent + * +- * the function is used to collect contig. blocks in same state ++ * The function is used to collect contig. blocks in the same state. If the ++ * buffer doesn't require mapping for writeback and we haven't started the ++ * extent of buffers to map yet, the function returns 'true' immediately - the ++ * caller can write the buffer right away. Otherwise the function returns true ++ * if the block has been added to the extent, false if the block couldn't be ++ * added. + */ +-static int mpage_add_bh_to_extent(struct mpage_da_data *mpd, ext4_lblk_t lblk, +- unsigned long b_state) ++static bool mpage_add_bh_to_extent(struct mpage_da_data *mpd, ext4_lblk_t lblk, ++ struct buffer_head *bh) + { + struct ext4_map_blocks *map = &mpd->map; + +- /* Don't go larger than mballoc is willing to allocate */ +- if (map->m_len >= MAX_WRITEPAGES_EXTENT_LEN) +- return 0; ++ /* Buffer that doesn't need mapping for writeback? */ ++ if (!buffer_dirty(bh) || !buffer_mapped(bh) || ++ (!buffer_delay(bh) && !buffer_unwritten(bh))) { ++ /* So far no extent to map => we write the buffer right away */ ++ if (map->m_len == 0) ++ return true; ++ return false; ++ } + + /* First block in the extent? */ + if (map->m_len == 0) { + map->m_lblk = lblk; + map->m_len = 1; +- map->m_flags = b_state & BH_FLAGS; +- return 1; ++ map->m_flags = bh->b_state & BH_FLAGS; ++ return true; + } + ++ /* Don't go larger than mballoc is willing to allocate */ ++ if (map->m_len >= MAX_WRITEPAGES_EXTENT_LEN) ++ return false; ++ + /* Can we merge the block to our big extent? */ + if (lblk == map->m_lblk + map->m_len && +- (b_state & BH_FLAGS) == map->m_flags) { ++ (bh->b_state & BH_FLAGS) == map->m_flags) { + map->m_len++; +- return 1; ++ return true; + } +- return 0; ++ return false; + } + +-static bool add_page_bufs_to_extent(struct mpage_da_data *mpd, +- struct buffer_head *head, +- struct buffer_head *bh, +- ext4_lblk_t lblk) ++/* ++ * mpage_process_page_bufs - submit page buffers for IO or add them to extent ++ * ++ * @mpd - extent of blocks for mapping ++ * @head - the first buffer in the page ++ * @bh - buffer we should start processing from ++ * @lblk - logical number of the block in the file corresponding to @bh ++ * ++ * Walk through page buffers from @bh upto @head (exclusive) and either submit ++ * the page for IO if all buffers in this page were mapped and there's no ++ * accumulated extent of buffers to map or add buffers in the page to the ++ * extent of buffers to map. The function returns 1 if the caller can continue ++ * by processing the next page, 0 if it should stop adding buffers to the ++ * extent to map because we cannot extend it anymore. It can also return value ++ * < 0 in case of error during IO submission. ++ */ ++static int mpage_process_page_bufs(struct mpage_da_data *mpd, ++ struct buffer_head *head, ++ struct buffer_head *bh, ++ ext4_lblk_t lblk) + { + struct inode *inode = mpd->inode; ++ int err; + ext4_lblk_t blocks = (i_size_read(inode) + (1 << inode->i_blkbits) - 1) + >> inode->i_blkbits; + + do { + BUG_ON(buffer_locked(bh)); + +- if (!buffer_dirty(bh) || !buffer_mapped(bh) || +- (!buffer_delay(bh) && !buffer_unwritten(bh)) || +- lblk >= blocks) { ++ if (lblk >= blocks || !mpage_add_bh_to_extent(mpd, lblk, bh)) { + /* Found extent to map? */ + if (mpd->map.m_len) +- return false; +- if (lblk >= blocks) +- return true; +- continue; ++ return 0; ++ /* Everything mapped so far and we hit EOF */ ++ break; + } +- if (!mpage_add_bh_to_extent(mpd, lblk, bh->b_state)) +- return false; + } while (lblk++, (bh = bh->b_this_page) != head); +- return true; +-} +- +-static int mpage_submit_page(struct mpage_da_data *mpd, struct page *page) +-{ +- int len; +- loff_t size = i_size_read(mpd->inode); +- int err; +- +- BUG_ON(page->index != mpd->first_page); +- if (page->index == size >> PAGE_CACHE_SHIFT) +- len = size & ~PAGE_CACHE_MASK; +- else +- len = PAGE_CACHE_SIZE; +- clear_page_dirty_for_io(page); +- err = ext4_bio_write_page(&mpd->io_submit, page, len, mpd->wbc); +- if (!err) +- mpd->wbc->nr_to_write--; +- mpd->first_page++; +- +- return err; ++ /* So far everything mapped? Submit the page for IO. */ ++ if (mpd->map.m_len == 0) { ++ err = mpage_submit_page(mpd, head->b_page); ++ if (err < 0) ++ return err; ++ } ++ return lblk < blocks; + } + + /* +@@ -2003,8 +2035,6 @@ static int mpage_map_and_submit_buffers(struct mpage_da_data *mpd) + struct inode *inode = mpd->inode; + struct buffer_head *head, *bh; + int bpp_bits = PAGE_CACHE_SHIFT - inode->i_blkbits; +- ext4_lblk_t blocks = (i_size_read(inode) + (1 << inode->i_blkbits) - 1) +- >> inode->i_blkbits; + pgoff_t start, end; + ext4_lblk_t lblk; + sector_t pblock; +@@ -2039,18 +2069,26 @@ static int mpage_map_and_submit_buffers(struct mpage_da_data *mpd) + */ + mpd->map.m_len = 0; + mpd->map.m_flags = 0; +- add_page_bufs_to_extent(mpd, head, bh, +- lblk); ++ /* ++ * FIXME: If dioread_nolock supports ++ * blocksize < pagesize, we need to make ++ * sure we add size mapped so far to ++ * io_end->size as the following call ++ * can submit the page for IO. ++ */ ++ err = mpage_process_page_bufs(mpd, head, ++ bh, lblk); + pagevec_release(&pvec); +- return 0; ++ if (err > 0) ++ err = 0; ++ return err; + } + if (buffer_delay(bh)) { + clear_buffer_delay(bh); + bh->b_blocknr = pblock++; + } + clear_buffer_unwritten(bh); +- } while (++lblk < blocks && +- (bh = bh->b_this_page) != head); ++ } while (lblk++, (bh = bh->b_this_page) != head); + + /* + * FIXME: This is going to break if dioread_nolock +@@ -2319,14 +2357,10 @@ static int mpage_prepare_extent_to_map(struct mpage_da_data *mpd) + lblk = ((ext4_lblk_t)page->index) << + (PAGE_CACHE_SHIFT - blkbits); + head = page_buffers(page); +- if (!add_page_bufs_to_extent(mpd, head, head, lblk)) ++ err = mpage_process_page_bufs(mpd, head, head, lblk); ++ if (err <= 0) + goto out; +- /* So far everything mapped? Submit the page for IO. */ +- if (mpd->map.m_len == 0) { +- err = mpage_submit_page(mpd, page); +- if (err < 0) +- goto out; +- } ++ err = 0; + + /* + * Accumulated enough dirty pages? This doesn't apply +@@ -4566,7 +4600,9 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr) + ext4_journal_stop(handle); + } + +- if (attr->ia_valid & ATTR_SIZE) { ++ if (attr->ia_valid & ATTR_SIZE && attr->ia_size != inode->i_size) { ++ handle_t *handle; ++ loff_t oldsize = inode->i_size; + + if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) { + struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); +@@ -4574,73 +4610,60 @@ int ext4_setattr(struct dentry *dentry, struct iattr *attr) + if (attr->ia_size > sbi->s_bitmap_maxbytes) + return -EFBIG; + } +- } +- +- if (S_ISREG(inode->i_mode) && +- attr->ia_valid & ATTR_SIZE && +- (attr->ia_size < inode->i_size)) { +- handle_t *handle; +- +- handle = ext4_journal_start(inode, EXT4_HT_INODE, 3); +- if (IS_ERR(handle)) { +- error = PTR_ERR(handle); +- goto err_out; +- } +- if (ext4_handle_valid(handle)) { +- error = ext4_orphan_add(handle, inode); +- orphan = 1; +- } +- EXT4_I(inode)->i_disksize = attr->ia_size; +- rc = ext4_mark_inode_dirty(handle, inode); +- if (!error) +- error = rc; +- ext4_journal_stop(handle); +- +- if (ext4_should_order_data(inode)) { +- error = ext4_begin_ordered_truncate(inode, ++ if (S_ISREG(inode->i_mode) && ++ (attr->ia_size < inode->i_size)) { ++ if (ext4_should_order_data(inode)) { ++ error = ext4_begin_ordered_truncate(inode, + attr->ia_size); +- if (error) { +- /* Do as much error cleanup as possible */ +- handle = ext4_journal_start(inode, +- EXT4_HT_INODE, 3); +- if (IS_ERR(handle)) { +- ext4_orphan_del(NULL, inode); ++ if (error) + goto err_out; +- } +- ext4_orphan_del(handle, inode); +- orphan = 0; +- ext4_journal_stop(handle); ++ } ++ handle = ext4_journal_start(inode, EXT4_HT_INODE, 3); ++ if (IS_ERR(handle)) { ++ error = PTR_ERR(handle); ++ goto err_out; ++ } ++ if (ext4_handle_valid(handle)) { ++ error = ext4_orphan_add(handle, inode); ++ orphan = 1; ++ } ++ EXT4_I(inode)->i_disksize = attr->ia_size; ++ rc = ext4_mark_inode_dirty(handle, inode); ++ if (!error) ++ error = rc; ++ ext4_journal_stop(handle); ++ if (error) { ++ ext4_orphan_del(NULL, inode); + goto err_out; + } + } +- } +- +- if (attr->ia_valid & ATTR_SIZE) { +- if (attr->ia_size != inode->i_size) { +- loff_t oldsize = inode->i_size; + +- i_size_write(inode, attr->ia_size); +- /* +- * Blocks are going to be removed from the inode. Wait +- * for dio in flight. Temporarily disable +- * dioread_nolock to prevent livelock. +- */ +- if (orphan) { +- if (!ext4_should_journal_data(inode)) { +- ext4_inode_block_unlocked_dio(inode); +- inode_dio_wait(inode); +- ext4_inode_resume_unlocked_dio(inode); +- } else +- ext4_wait_for_tail_page_commit(inode); +- } +- /* +- * Truncate pagecache after we've waited for commit +- * in data=journal mode to make pages freeable. +- */ +- truncate_pagecache(inode, oldsize, inode->i_size); ++ i_size_write(inode, attr->ia_size); ++ /* ++ * Blocks are going to be removed from the inode. Wait ++ * for dio in flight. Temporarily disable ++ * dioread_nolock to prevent livelock. ++ */ ++ if (orphan) { ++ if (!ext4_should_journal_data(inode)) { ++ ext4_inode_block_unlocked_dio(inode); ++ inode_dio_wait(inode); ++ ext4_inode_resume_unlocked_dio(inode); ++ } else ++ ext4_wait_for_tail_page_commit(inode); + } +- ext4_truncate(inode); ++ /* ++ * Truncate pagecache after we've waited for commit ++ * in data=journal mode to make pages freeable. ++ */ ++ truncate_pagecache(inode, oldsize, inode->i_size); + } ++ /* ++ * We want to call ext4_truncate() even if attr->ia_size == ++ * inode->i_size for cases like truncation of fallocated space ++ */ ++ if (attr->ia_valid & ATTR_SIZE) ++ ext4_truncate(inode); + + if (!rc) { + setattr_copy(inode, attr); +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c +index 72a5d5b..8fec28f 100644 +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -1174,6 +1174,8 @@ static int parse_dirfile(char *buf, size_t nbytes, struct file *file, + return -EIO; + if (reclen > nbytes) + break; ++ if (memchr(dirent->name, '/', dirent->namelen) != NULL) ++ return -EIO; + + if (!dir_emit(ctx, dirent->name, dirent->namelen, + dirent->ino, dirent->type)) +@@ -1320,6 +1322,8 @@ static int parse_dirplusfile(char *buf, size_t nbytes, struct file *file, + return -EIO; + if (reclen > nbytes) + break; ++ if (memchr(dirent->name, '/', dirent->namelen) != NULL) ++ return -EIO; + + if (!over) { + /* We fill entries into dstbuf only as much as +@@ -1590,6 +1594,7 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr, + struct file *file) + { + struct fuse_conn *fc = get_fuse_conn(inode); ++ struct fuse_inode *fi = get_fuse_inode(inode); + struct fuse_req *req; + struct fuse_setattr_in inarg; + struct fuse_attr_out outarg; +@@ -1617,8 +1622,10 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr, + if (IS_ERR(req)) + return PTR_ERR(req); + +- if (is_truncate) ++ if (is_truncate) { + fuse_set_nowrite(inode); ++ set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); ++ } + + memset(&inarg, 0, sizeof(inarg)); + memset(&outarg, 0, sizeof(outarg)); +@@ -1680,12 +1687,14 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr, + invalidate_inode_pages2(inode->i_mapping); + } + ++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); + return 0; + + error: + if (is_truncate) + fuse_release_nowrite(inode); + ++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); + return err; + } + +@@ -1749,6 +1758,8 @@ static int fuse_setxattr(struct dentry *entry, const char *name, + fc->no_setxattr = 1; + err = -EOPNOTSUPP; + } ++ if (!err) ++ fuse_invalidate_attr(inode); + return err; + } + +@@ -1878,6 +1889,8 @@ static int fuse_removexattr(struct dentry *entry, const char *name) + fc->no_removexattr = 1; + err = -EOPNOTSUPP; + } ++ if (!err) ++ fuse_invalidate_attr(inode); + return err; + } + +diff --git a/fs/fuse/file.c b/fs/fuse/file.c +index 5c121fe..d409dea 100644 +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -629,7 +629,8 @@ static void fuse_read_update_size(struct inode *inode, loff_t size, + struct fuse_inode *fi = get_fuse_inode(inode); + + spin_lock(&fc->lock); +- if (attr_ver == fi->attr_version && size < inode->i_size) { ++ if (attr_ver == fi->attr_version && size < inode->i_size && ++ !test_bit(FUSE_I_SIZE_UNSTABLE, &fi->state)) { + fi->attr_version = ++fc->attr_version; + i_size_write(inode, size); + } +@@ -1032,12 +1033,16 @@ static ssize_t fuse_perform_write(struct file *file, + { + struct inode *inode = mapping->host; + struct fuse_conn *fc = get_fuse_conn(inode); ++ struct fuse_inode *fi = get_fuse_inode(inode); + int err = 0; + ssize_t res = 0; + + if (is_bad_inode(inode)) + return -EIO; + ++ if (inode->i_size < pos + iov_iter_count(ii)) ++ set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); ++ + do { + struct fuse_req *req; + ssize_t count; +@@ -1073,6 +1078,7 @@ static ssize_t fuse_perform_write(struct file *file, + if (res > 0) + fuse_write_update_size(inode, pos); + ++ clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); + fuse_invalidate_attr(inode); + + return res > 0 ? res : err; +@@ -1529,7 +1535,6 @@ static int fuse_writepage_locked(struct page *page) + + inc_bdi_stat(mapping->backing_dev_info, BDI_WRITEBACK); + inc_zone_page_state(tmp_page, NR_WRITEBACK_TEMP); +- end_page_writeback(page); + + spin_lock(&fc->lock); + list_add(&req->writepages_entry, &fi->writepages); +@@ -1537,6 +1542,8 @@ static int fuse_writepage_locked(struct page *page) + fuse_flush_writepages(inode); + spin_unlock(&fc->lock); + ++ end_page_writeback(page); ++ + return 0; + + err_free: +diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h +index fde7249..5ced199 100644 +--- a/fs/fuse/fuse_i.h ++++ b/fs/fuse/fuse_i.h +@@ -115,6 +115,8 @@ struct fuse_inode { + enum { + /** Advise readdirplus */ + FUSE_I_ADVISE_RDPLUS, ++ /** An operation changing file size is in progress */ ++ FUSE_I_SIZE_UNSTABLE, + }; + + struct fuse_conn; +diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c +index 0b57859..e0fe703 100644 +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -201,7 +201,8 @@ void fuse_change_attributes(struct inode *inode, struct fuse_attr *attr, + struct timespec old_mtime; + + spin_lock(&fc->lock); +- if (attr_version != 0 && fi->attr_version > attr_version) { ++ if ((attr_version != 0 && fi->attr_version > attr_version) || ++ test_bit(FUSE_I_SIZE_UNSTABLE, &fi->state)) { + spin_unlock(&fc->lock); + return; + } +diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c +index c348d6d..e5d408a 100644 +--- a/fs/isofs/inode.c ++++ b/fs/isofs/inode.c +@@ -117,8 +117,8 @@ static void destroy_inodecache(void) + + static int isofs_remount(struct super_block *sb, int *flags, char *data) + { +- /* we probably want a lot more here */ +- *flags |= MS_RDONLY; ++ if (!(*flags & MS_RDONLY)) ++ return -EROFS; + return 0; + } + +@@ -763,15 +763,6 @@ root_found: + */ + s->s_maxbytes = 0x80000000000LL; + +- /* +- * The CDROM is read-only, has no nodes (devices) on it, and since +- * all of the files appear to be owned by root, we really do not want +- * to allow suid. (suid or devices will not show up unless we have +- * Rock Ridge extensions) +- */ +- +- s->s_flags |= MS_RDONLY /* | MS_NODEV | MS_NOSUID */; +- + /* Set this for reference. Its not currently used except on write + which we don't have .. */ + +@@ -1530,6 +1521,9 @@ struct inode *isofs_iget(struct super_block *sb, + static struct dentry *isofs_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) + { ++ /* We don't support read-write mounts */ ++ if (!(flags & MS_RDONLY)) ++ return ERR_PTR(-EACCES); + return mount_bdev(fs_type, flags, dev_name, data, isofs_fill_super); + } + +diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c +index 2487116..8460647 100644 +--- a/fs/ocfs2/extent_map.c ++++ b/fs/ocfs2/extent_map.c +@@ -781,7 +781,6 @@ int ocfs2_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, + cpos = map_start >> osb->s_clustersize_bits; + mapping_end = ocfs2_clusters_for_bytes(inode->i_sb, + map_start + map_len); +- mapping_end -= cpos; + is_last = 0; + while (cpos < mapping_end && !is_last) { + u32 fe_flags; +diff --git a/fs/proc/root.c b/fs/proc/root.c +index e0a790d..0e0e83c 100644 +--- a/fs/proc/root.c ++++ b/fs/proc/root.c +@@ -110,7 +110,8 @@ static struct dentry *proc_mount(struct file_system_type *fs_type, + ns = task_active_pid_ns(current); + options = data; + +- if (!current_user_ns()->may_mount_proc) ++ if (!current_user_ns()->may_mount_proc || ++ !ns_capable(ns->user_ns, CAP_SYS_ADMIN)) + return ERR_PTR(-EPERM); + } + +diff --git a/include/linux/compat.h b/include/linux/compat.h +index 7f0c1dd..ec1aee4 100644 +--- a/include/linux/compat.h ++++ b/include/linux/compat.h +@@ -669,6 +669,13 @@ asmlinkage long compat_sys_sigaltstack(const compat_stack_t __user *uss_ptr, + + int compat_restore_altstack(const compat_stack_t __user *uss); + int __compat_save_altstack(compat_stack_t __user *, unsigned long); ++#define compat_save_altstack_ex(uss, sp) do { \ ++ compat_stack_t __user *__uss = uss; \ ++ struct task_struct *t = current; \ ++ put_user_ex(ptr_to_compat((void __user *)t->sas_ss_sp), &__uss->ss_sp); \ ++ put_user_ex(sas_ss_flags(sp), &__uss->ss_flags); \ ++ put_user_ex(t->sas_ss_size, &__uss->ss_size); \ ++} while (0); + + asmlinkage long compat_sys_sched_rr_get_interval(compat_pid_t pid, + struct compat_timespec __user *interval); +diff --git a/include/linux/hid.h b/include/linux/hid.h +index 0c48991..ff545cc 100644 +--- a/include/linux/hid.h ++++ b/include/linux/hid.h +@@ -393,10 +393,12 @@ struct hid_report { + struct hid_device *device; /* associated device */ + }; + ++#define HID_MAX_IDS 256 ++ + struct hid_report_enum { + unsigned numbered; + struct list_head report_list; +- struct hid_report *report_id_hash[256]; ++ struct hid_report *report_id_hash[HID_MAX_IDS]; + }; + + #define HID_REPORT_TYPES 3 +diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h +index 3bed2e8..d1fe5d0 100644 +--- a/include/linux/pci_ids.h ++++ b/include/linux/pci_ids.h +@@ -518,6 +518,8 @@ + #define PCI_DEVICE_ID_AMD_11H_NB_MISC 0x1303 + #define PCI_DEVICE_ID_AMD_11H_NB_LINK 0x1304 + #define PCI_DEVICE_ID_AMD_15H_M10H_F3 0x1403 ++#define PCI_DEVICE_ID_AMD_15H_M30H_NB_F3 0x141d ++#define PCI_DEVICE_ID_AMD_15H_M30H_NB_F4 0x141e + #define PCI_DEVICE_ID_AMD_15H_NB_F0 0x1600 + #define PCI_DEVICE_ID_AMD_15H_NB_F1 0x1601 + #define PCI_DEVICE_ID_AMD_15H_NB_F2 0x1602 +diff --git a/include/linux/rculist.h b/include/linux/rculist.h +index f4b1001..4106721 100644 +--- a/include/linux/rculist.h ++++ b/include/linux/rculist.h +@@ -267,8 +267,9 @@ static inline void list_splice_init_rcu(struct list_head *list, + */ + #define list_first_or_null_rcu(ptr, type, member) \ + ({struct list_head *__ptr = (ptr); \ +- struct list_head __rcu *__next = list_next_rcu(__ptr); \ +- likely(__ptr != __next) ? container_of(__next, type, member) : NULL; \ ++ struct list_head *__next = ACCESS_ONCE(__ptr->next); \ ++ likely(__ptr != __next) ? \ ++ list_entry_rcu(__next, type, member) : NULL; \ + }) + + /** +diff --git a/include/linux/signal.h b/include/linux/signal.h +index d897484..2ac423b 100644 +--- a/include/linux/signal.h ++++ b/include/linux/signal.h +@@ -434,6 +434,14 @@ void signals_init(void); + int restore_altstack(const stack_t __user *); + int __save_altstack(stack_t __user *, unsigned long); + ++#define save_altstack_ex(uss, sp) do { \ ++ stack_t __user *__uss = uss; \ ++ struct task_struct *t = current; \ ++ put_user_ex((void __user *)t->sas_ss_sp, &__uss->ss_sp); \ ++ put_user_ex(sas_ss_flags(sp), &__uss->ss_flags); \ ++ put_user_ex(t->sas_ss_size, &__uss->ss_size); \ ++} while (0); ++ + #ifdef CONFIG_PROC_FS + struct seq_file; + extern void render_sigset_t(struct seq_file *, const char *, sigset_t *); +diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h +index 1e88377..3e541e6 100644 +--- a/include/linux/usb/hcd.h ++++ b/include/linux/usb/hcd.h +@@ -411,7 +411,7 @@ extern int usb_hcd_pci_probe(struct pci_dev *dev, + extern void usb_hcd_pci_remove(struct pci_dev *dev); + extern void usb_hcd_pci_shutdown(struct pci_dev *dev); + +-#ifdef CONFIG_PM_SLEEP ++#ifdef CONFIG_PM + extern const struct dev_pm_ops usb_hcd_pci_pm_ops; + #endif + #endif /* CONFIG_PCI */ +diff --git a/ipc/msg.c b/ipc/msg.c +index 9f29d9e..b65fdf1 100644 +--- a/ipc/msg.c ++++ b/ipc/msg.c +@@ -680,16 +680,18 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext, + goto out_unlock1; + } + ++ ipc_lock_object(&msq->q_perm); ++ + for (;;) { + struct msg_sender s; + + err = -EACCES; + if (ipcperms(ns, &msq->q_perm, S_IWUGO)) +- goto out_unlock1; ++ goto out_unlock0; + + err = security_msg_queue_msgsnd(msq, msg, msgflg); + if (err) +- goto out_unlock1; ++ goto out_unlock0; + + if (msgsz + msq->q_cbytes <= msq->q_qbytes && + 1 + msq->q_qnum <= msq->q_qbytes) { +@@ -699,10 +701,9 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext, + /* queue full, wait: */ + if (msgflg & IPC_NOWAIT) { + err = -EAGAIN; +- goto out_unlock1; ++ goto out_unlock0; + } + +- ipc_lock_object(&msq->q_perm); + ss_add(msq, &s); + + if (!ipc_rcu_getref(msq)) { +@@ -730,10 +731,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext, + goto out_unlock0; + } + +- ipc_unlock_object(&msq->q_perm); + } +- +- ipc_lock_object(&msq->q_perm); + msq->q_lspid = task_tgid_vnr(current); + msq->q_stime = get_seconds(); + +diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c +index f356974..ad8e1bd 100644 +--- a/kernel/events/uprobes.c ++++ b/kernel/events/uprobes.c +@@ -1682,12 +1682,10 @@ static bool handle_trampoline(struct pt_regs *regs) + tmp = ri; + ri = ri->next; + kfree(tmp); ++ utask->depth--; + + if (!chained) + break; +- +- utask->depth--; +- + BUG_ON(!ri); + } + +diff --git a/kernel/fork.c b/kernel/fork.c +index bf46287..200a7a2 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -1173,10 +1173,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, + return ERR_PTR(-EINVAL); + + /* +- * If the new process will be in a different pid namespace +- * don't allow the creation of threads. ++ * If the new process will be in a different pid namespace don't ++ * allow it to share a thread group or signal handlers with the ++ * forking task. + */ +- if ((clone_flags & (CLONE_VM|CLONE_NEWPID)) && ++ if ((clone_flags & (CLONE_SIGHAND | CLONE_NEWPID)) && + (task_active_pid_ns(current) != + current->nsproxy->pid_ns_for_children)) + return ERR_PTR(-EINVAL); +diff --git a/kernel/pid.c b/kernel/pid.c +index 66505c1..ebe5e80 100644 +--- a/kernel/pid.c ++++ b/kernel/pid.c +@@ -265,6 +265,7 @@ void free_pid(struct pid *pid) + struct pid_namespace *ns = upid->ns; + hlist_del_rcu(&upid->pid_chain); + switch(--ns->nr_hashed) { ++ case 2: + case 1: + /* When all that is left in the pid namespace + * is the reaper wake up the reaper. The reaper +diff --git a/mm/huge_memory.c b/mm/huge_memory.c +index a92012a..f2820fb 100644 +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -2296,6 +2296,8 @@ static void collapse_huge_page(struct mm_struct *mm, + goto out; + + vma = find_vma(mm, address); ++ if (!vma) ++ goto out; + hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; + hend = vma->vm_end & HPAGE_PMD_MASK; + if (address < hstart || address + HPAGE_PMD_SIZE > hend) +diff --git a/mm/memcontrol.c b/mm/memcontrol.c +index 0878ff7..aa44621 100644 +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -5616,7 +5616,13 @@ static int compare_thresholds(const void *a, const void *b) + const struct mem_cgroup_threshold *_a = a; + const struct mem_cgroup_threshold *_b = b; + +- return _a->threshold - _b->threshold; ++ if (_a->threshold > _b->threshold) ++ return 1; ++ ++ if (_a->threshold < _b->threshold) ++ return -1; ++ ++ return 0; + } + + static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg) +diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c +index dd47889..dbc0a73 100644 +--- a/net/ceph/osd_client.c ++++ b/net/ceph/osd_client.c +@@ -2129,6 +2129,8 @@ int ceph_osdc_start_request(struct ceph_osd_client *osdc, + dout("osdc_start_request failed map, " + " will retry %lld\n", req->r_tid); + rc = 0; ++ } else { ++ __unregister_request(osdc, req); + } + goto out_unlock; + } +diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c +index 603ddd9..dbd9a47 100644 +--- a/net/ceph/osdmap.c ++++ b/net/ceph/osdmap.c +@@ -1129,7 +1129,7 @@ static int *calc_pg_raw(struct ceph_osdmap *osdmap, struct ceph_pg pgid, + + /* pg_temp? */ + pgid.seed = ceph_stable_mod(pgid.seed, pool->pg_num, +- pool->pgp_num_mask); ++ pool->pg_num_mask); + pg = __lookup_pg_mapping(&osdmap->pg_temp, pgid); + if (pg) { + *num = pg->len; +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c +index cc9e02d..7a98d52 100644 +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -2851,14 +2851,6 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, + ieee80211_rx_bss_put(local, bss); + sdata->vif.bss_conf.beacon_rate = bss->beacon_rate; + } +- +- if (!sdata->u.mgd.associated || +- !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) +- return; +- +- ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, +- elems, true); +- + } + + +@@ -3147,6 +3139,9 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, + + ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); + ++ ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, ++ &elems, true); ++ + if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, + elems.wmm_param_len)) + changed |= BSS_CHANGED_QOS; +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c +index 8860dd5..9552da2 100644 +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -3376,6 +3376,7 @@ static struct snd_pci_quirk msi_black_list[] = { + SND_PCI_QUIRK(0x1043, 0x81f2, "ASUS", 0), /* Athlon64 X2 + nvidia */ + SND_PCI_QUIRK(0x1043, 0x81f6, "ASUS", 0), /* nvidia */ + SND_PCI_QUIRK(0x1043, 0x822d, "ASUS", 0), /* Athlon64 X2 + nvidia MCP55 */ ++ SND_PCI_QUIRK(0x1179, 0xfb44, "Toshiba Satellite C870", 0), /* AMD Hudson */ + SND_PCI_QUIRK(0x1849, 0x0888, "ASRock", 0), /* Athlon64 X2 + nvidia */ + SND_PCI_QUIRK(0xa0a0, 0x0575, "Aopen MZ915-M", 0), /* ICH6 */ + {} +diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c +index 9f35862..45850f6 100644 +--- a/sound/pci/hda/patch_hdmi.c ++++ b/sound/pci/hda/patch_hdmi.c +@@ -67,6 +67,8 @@ struct hdmi_spec_per_pin { + struct delayed_work work; + struct snd_kcontrol *eld_ctl; + int repoll_count; ++ bool setup; /* the stream has been set up by prepare callback */ ++ int channels; /* current number of channels */ + bool non_pcm; + bool chmap_set; /* channel-map override by ALSA API? */ + unsigned char chmap[8]; /* ALSA API channel-map */ +@@ -551,6 +553,17 @@ static int hdmi_channel_allocation(struct hdmi_eld *eld, int channels) + } + } + ++ if (!ca) { ++ /* if there was no match, select the regular ALSA channel ++ * allocation with the matching number of channels */ ++ for (i = 0; i < ARRAY_SIZE(channel_allocations); i++) { ++ if (channels == channel_allocations[i].channels) { ++ ca = channel_allocations[i].ca_index; ++ break; ++ } ++ } ++ } ++ + snd_print_channel_allocation(eld->info.spk_alloc, buf, sizeof(buf)); + snd_printdd("HDMI: select CA 0x%x for %d-channel allocation: %s\n", + ca, channels, buf); +@@ -868,18 +881,19 @@ static bool hdmi_infoframe_uptodate(struct hda_codec *codec, hda_nid_t pin_nid, + return true; + } + +-static void hdmi_setup_audio_infoframe(struct hda_codec *codec, int pin_idx, +- bool non_pcm, +- struct snd_pcm_substream *substream) ++static void hdmi_setup_audio_infoframe(struct hda_codec *codec, ++ struct hdmi_spec_per_pin *per_pin, ++ bool non_pcm) + { +- struct hdmi_spec *spec = codec->spec; +- struct hdmi_spec_per_pin *per_pin = get_pin(spec, pin_idx); + hda_nid_t pin_nid = per_pin->pin_nid; +- int channels = substream->runtime->channels; ++ int channels = per_pin->channels; + struct hdmi_eld *eld; + int ca; + union audio_infoframe ai; + ++ if (!channels) ++ return; ++ + eld = &per_pin->sink_eld; + if (!eld->monitor_present) + return; +@@ -1329,6 +1343,7 @@ static void hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll) + eld_changed = true; + } + if (update_eld) { ++ bool old_eld_valid = pin_eld->eld_valid; + pin_eld->eld_valid = eld->eld_valid; + eld_changed = pin_eld->eld_size != eld->eld_size || + memcmp(pin_eld->eld_buffer, eld->eld_buffer, +@@ -1338,6 +1353,18 @@ static void hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll) + eld->eld_size); + pin_eld->eld_size = eld->eld_size; + pin_eld->info = eld->info; ++ ++ /* Haswell-specific workaround: re-setup when the transcoder is ++ * changed during the stream playback ++ */ ++ if (codec->vendor_id == 0x80862807 && ++ eld->eld_valid && !old_eld_valid && per_pin->setup) { ++ snd_hda_codec_write(codec, pin_nid, 0, ++ AC_VERB_SET_AMP_GAIN_MUTE, ++ AMP_OUT_UNMUTE); ++ hdmi_setup_audio_infoframe(codec, per_pin, ++ per_pin->non_pcm); ++ } + } + mutex_unlock(&pin_eld->lock); + +@@ -1510,14 +1537,17 @@ static int generic_hdmi_playback_pcm_prepare(struct hda_pcm_stream *hinfo, + hda_nid_t cvt_nid = hinfo->nid; + struct hdmi_spec *spec = codec->spec; + int pin_idx = hinfo_to_pin_index(spec, hinfo); +- hda_nid_t pin_nid = get_pin(spec, pin_idx)->pin_nid; ++ struct hdmi_spec_per_pin *per_pin = get_pin(spec, pin_idx); ++ hda_nid_t pin_nid = per_pin->pin_nid; + bool non_pcm; + + non_pcm = check_non_pcm_per_cvt(codec, cvt_nid); ++ per_pin->channels = substream->runtime->channels; ++ per_pin->setup = true; + + hdmi_set_channel_count(codec, cvt_nid, substream->runtime->channels); + +- hdmi_setup_audio_infoframe(codec, pin_idx, non_pcm, substream); ++ hdmi_setup_audio_infoframe(codec, per_pin, non_pcm); + + return hdmi_setup_stream(codec, cvt_nid, pin_nid, stream_tag, format); + } +@@ -1557,6 +1587,9 @@ static int hdmi_pcm_close(struct hda_pcm_stream *hinfo, + snd_hda_spdif_ctls_unassign(codec, pin_idx); + per_pin->chmap_set = false; + memset(per_pin->chmap, 0, sizeof(per_pin->chmap)); ++ ++ per_pin->setup = false; ++ per_pin->channels = 0; + } + + return 0; +@@ -1692,8 +1725,7 @@ static int hdmi_chmap_ctl_put(struct snd_kcontrol *kcontrol, + per_pin->chmap_set = true; + memcpy(per_pin->chmap, chmap, sizeof(chmap)); + if (prepared) +- hdmi_setup_audio_infoframe(codec, pin_idx, per_pin->non_pcm, +- substream); ++ hdmi_setup_audio_infoframe(codec, per_pin, per_pin->non_pcm); + + return 0; + } +diff --git a/sound/soc/codecs/mc13783.c b/sound/soc/codecs/mc13783.c +index 5402dfb..8a8d936 100644 +--- a/sound/soc/codecs/mc13783.c ++++ b/sound/soc/codecs/mc13783.c +@@ -126,6 +126,10 @@ static int mc13783_write(struct snd_soc_codec *codec, + + ret = mc13xxx_reg_write(priv->mc13xxx, reg, value); + ++ /* include errata fix for spi audio problems */ ++ if (reg == MC13783_AUDIO_CODEC || reg == MC13783_AUDIO_DAC) ++ ret = mc13xxx_reg_write(priv->mc13xxx, reg, value); ++ + mc13xxx_unlock(priv->mc13xxx); + + return ret; +diff --git a/sound/soc/codecs/wm8960.c b/sound/soc/codecs/wm8960.c +index 0a4ffdd..5e5af89 100644 +--- a/sound/soc/codecs/wm8960.c ++++ b/sound/soc/codecs/wm8960.c +@@ -857,9 +857,9 @@ static int wm8960_set_dai_pll(struct snd_soc_dai *codec_dai, int pll_id, + if (pll_div.k) { + reg |= 0x20; + +- snd_soc_write(codec, WM8960_PLL2, (pll_div.k >> 18) & 0x3f); +- snd_soc_write(codec, WM8960_PLL3, (pll_div.k >> 9) & 0x1ff); +- snd_soc_write(codec, WM8960_PLL4, pll_div.k & 0x1ff); ++ snd_soc_write(codec, WM8960_PLL2, (pll_div.k >> 16) & 0xff); ++ snd_soc_write(codec, WM8960_PLL3, (pll_div.k >> 8) & 0xff); ++ snd_soc_write(codec, WM8960_PLL4, pll_div.k & 0xff); + } + snd_soc_write(codec, WM8960_PLL1, reg); + diff --git a/3.11.1/4420_grsecurity-2.9.1-3.11.1-201309221838.patch b/3.11.2/4420_grsecurity-2.9.1-3.11.2-201309281103.patch index f7acb39..3abf324 100644 --- a/3.11.1/4420_grsecurity-2.9.1-3.11.1-201309221838.patch +++ b/3.11.2/4420_grsecurity-2.9.1-3.11.2-201309281103.patch @@ -281,7 +281,7 @@ index 7f9d4f5..6d1afd6 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index efd2396..682975d 100644 +index aede319..6bf55a4 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -2745,10 +2745,10 @@ index 2c7cc1e..ab2e911 100644 mcr p15, 0, r4, c2, c0, 0 @ load page table pointer #endif diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c -index 85c3fb6..b3068b1 100644 +index 85c3fb6..054c2dc 100644 --- a/arch/arm/kernel/module.c +++ b/arch/arm/kernel/module.c -@@ -37,12 +37,37 @@ +@@ -37,12 +37,39 @@ #endif #ifdef CONFIG_MMU @@ -2779,11 +2779,13 @@ index 85c3fb6..b3068b1 100644 +{ + module_free(mod, module_region); +} ++EXPORT_SYMBOL(module_free_exec); + +void *module_alloc_exec(unsigned long size) +{ + return __module_alloc(size, PAGE_KERNEL_EXEC); +} ++EXPORT_SYMBOL(module_alloc_exec); +#endif #endif @@ -3128,7 +3130,7 @@ index ab517fc..9adf2fa 100644 /* * on V7-M there is no need to copy the vector table to a dedicated diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S -index 7bcee5c..64c9c5f 100644 +index 7bcee5c..e2f3249 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,11 @@ @@ -3144,6 +3146,15 @@ index 7bcee5c..64c9c5f 100644 #define PROC_INFO \ . = ALIGN(4); \ VMLINUX_SYMBOL(__proc_info_begin) = .; \ +@@ -34,7 +38,7 @@ + #endif + + #if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \ +- defined(CONFIG_GENERIC_BUG) ++ defined(CONFIG_GENERIC_BUG) || defined(CONFIG_PAX_REFCOUNT) + #define ARM_EXIT_KEEP(x) x + #define ARM_EXIT_DISCARD(x) + #else @@ -90,6 +94,11 @@ SECTIONS _text = .; HEAD_TEXT @@ -13233,7 +13244,7 @@ index bae3aba..c1788c1 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index bccfca6..a312009 100644 +index 665a730..8e7a67a 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c @@ -338,7 +338,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, @@ -13263,12 +13274,7 @@ index bccfca6..a312009 100644 }; frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate); -@@ -457,20 +457,22 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, - else - put_user_ex(0, &frame->uc.uc_flags); - put_user_ex(0, &frame->uc.uc_link); -- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp); -+ __compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp); +@@ -461,16 +461,18 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, if (ksig->ka.sa.sa_flags & SA_RESTORER) restorer = ksig->ka.sa.sa_restorer; @@ -14738,7 +14744,7 @@ index 9863ee3..4a1f8e1 100644 return _PAGE_CACHE_WC; else if (pg_flags == _PGMT_UC_MINUS) diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h -index 46fc474..b02b0f9 100644 +index f50de69..2b0a458 100644 --- a/arch/x86/include/asm/checksum_32.h +++ b/arch/x86/include/asm/checksum_32.h @@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_generic(const void *src, void *dst, @@ -14756,24 +14762,24 @@ index 46fc474..b02b0f9 100644 /* * Note: when you get a NULL pointer exception here this means someone * passed in an incorrect kernel address to one of these functions. -@@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_from_user(const void __user *src, - int *err_ptr) - { - might_sleep(); -- return csum_partial_copy_generic((__force void *)src, dst, -+ return csum_partial_copy_generic_from_user((__force void *)src, dst, - len, sum, err_ptr, NULL); - } +@@ -53,7 +61,7 @@ static inline __wsum csum_partial_copy_from_user(const void __user *src, -@@ -178,7 +186,7 @@ static inline __wsum csum_and_copy_to_user(const void *src, - { might_sleep(); - if (access_ok(VERIFY_WRITE, dst, len)) -- return csum_partial_copy_generic(src, (__force void *)dst, -+ return csum_partial_copy_generic_to_user(src, (__force void *)dst, - len, sum, NULL, err_ptr); + stac(); +- ret = csum_partial_copy_generic((__force void *)src, dst, ++ ret = csum_partial_copy_generic_from_user((__force void *)src, dst, + len, sum, err_ptr, NULL); + clac(); - if (len) +@@ -187,7 +195,7 @@ static inline __wsum csum_and_copy_to_user(const void *src, + might_sleep(); + if (access_ok(VERIFY_WRITE, dst, len)) { + stac(); +- ret = csum_partial_copy_generic(src, (__force void *)dst, ++ ret = csum_partial_copy_generic_to_user(src, (__force void *)dst, + len, sum, NULL, err_ptr); + clac(); + return ret; diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h index d47786a..ce1b05d 100644 --- a/arch/x86/include/asm/cmpxchg.h @@ -15760,7 +15766,7 @@ index 5f55e69..e20bfb1 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index cdbf367..ce8f82b 100644 +index be12c53..2124e35 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm); @@ -15838,13 +15844,12 @@ index cdbf367..ce8f82b 100644 load_cr3(next->pgd); +#endif - /* stop flush ipis for the previous mm */ + /* Stop flush ipis for the previous mm */ cpumask_clear_cpu(cpu, mm_cpumask(prev)); -@@ -53,9 +106,63 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, - */ +@@ -51,9 +104,63 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, + /* Load the LDT, if the LDT is different: */ if (unlikely(prev->context.ldt != next->context.ldt)) load_LDT_nolock(&next->context); -- } + +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) + if (!(__supported_pte_mask & _PAGE_NX)) { @@ -15859,14 +15864,14 @@ index cdbf367..ce8f82b 100644 + if (unlikely(prev->context.user_cs_base != next->context.user_cs_base || + prev->context.user_cs_limit != next->context.user_cs_limit)) + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu); - #ifdef CONFIG_SMP ++#ifdef CONFIG_SMP + else if (unlikely(tlbstate != TLBSTATE_OK)) + set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu); +#endif +#endif + -+ } - else { + } ++ else { + +#ifdef CONFIG_PAX_PER_CPU_PGD + pax_open_kernel(); @@ -15901,11 +15906,12 @@ index cdbf367..ce8f82b 100644 + load_cr3(get_cpu_pgd(cpu, kernel)); +#endif + -+#ifdef CONFIG_SMP + #ifdef CONFIG_SMP +- else { this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); -@@ -64,11 +171,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -70,11 +177,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, * tlb flush IPI delivery. We must reload CR3 * to make sure to use no freed page tables. */ @@ -25235,7 +25241,7 @@ index 5cdff03..80fa283 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index cf91358..a7081ea 100644 +index d859eea..44e17c4 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -25268,12 +25274,8 @@ index cf91358..a7081ea 100644 if (err) return -EFAULT; -@@ -358,10 +358,13 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, - else - put_user_ex(0, &frame->uc.uc_flags); - put_user_ex(0, &frame->uc.uc_link); -- err |= __save_altstack(&frame->uc.uc_stack, regs->sp); -+ __save_altstack_ex(&frame->uc.uc_stack, regs->sp); +@@ -361,7 +361,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, + save_altstack_ex(&frame->uc.uc_stack, regs->sp); /* Set up to return from userspace. */ - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); @@ -25293,15 +25295,6 @@ index cf91358..a7081ea 100644 } put_user_catch(err); err |= copy_siginfo_to_user(&frame->info, &ksig->info); -@@ -423,7 +426,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, - else - put_user_ex(0, &frame->uc.uc_flags); - put_user_ex(0, &frame->uc.uc_link); -- err |= __save_altstack(&frame->uc.uc_stack, regs->sp); -+ __save_altstack_ex(&frame->uc.uc_stack, regs->sp); - - /* Set up to return from userspace. If provided, use a stub - already in userspace. */ @@ -609,7 +612,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) { int usig = signr_convert(ksig->sig); @@ -27941,38 +27934,37 @@ index 2419d5f..953ee51 100644 CFI_RESTORE_STATE diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c -index 25b7ae8..c40113e 100644 +index 7609e0e..b449b98 100644 --- a/arch/x86/lib/csum-wrappers_64.c +++ b/arch/x86/lib/csum-wrappers_64.c -@@ -52,8 +52,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst, +@@ -53,10 +53,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst, len -= 2; } } -- isum = csum_partial_copy_generic((__force const void *)src, + pax_open_userland(); -+ stac(); + stac(); +- isum = csum_partial_copy_generic((__force const void *)src, + isum = csum_partial_copy_generic((const void __force_kernel *)____m(src), dst, len, isum, errp, NULL); -+ clac(); + clac(); + pax_close_userland(); if (unlikely(*errp)) goto out_err; -@@ -105,8 +109,13 @@ csum_partial_copy_to_user(const void *src, void __user *dst, +@@ -110,10 +112,12 @@ csum_partial_copy_to_user(const void *src, void __user *dst, } *errp = 0; -- return csum_partial_copy_generic(src, (void __force *)dst, + pax_open_userland(); -+ stac(); -+ isum = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst), - len, isum, NULL, errp); -+ clac(); + stac(); +- ret = csum_partial_copy_generic(src, (void __force *)dst, ++ ret = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst), + len, isum, NULL, errp); + clac(); + pax_close_userland(); -+ return isum; + return ret; } EXPORT_SYMBOL(csum_partial_copy_to_user); - diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S index a451235..1daa956 100644 --- a/arch/x86/lib/getuser.S @@ -34319,7 +34311,7 @@ index 290792a..416f287 100644 spin_lock_init(&blkcg->lock); INIT_RADIX_TREE(&blkcg->blkg_tree, GFP_ATOMIC); diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 4b8d9b54..ff76220 100644 +index 4b8d9b54..a7178c0 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -34327,7 +34319,7 @@ index 4b8d9b54..ff76220 100644 EXPORT_SYMBOL(blk_iopoll_complete); -static void blk_iopoll_softirq(struct softirq_action *h) -+static void blk_iopoll_softirq(void) ++static __latent_entropy void blk_iopoll_softirq(void) { struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; @@ -34345,7 +34337,7 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index ec9e606..2244d4e 100644 +index ec9e606..3f38839 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c @@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); @@ -34353,7 +34345,7 @@ index ec9e606..2244d4e 100644 * while passing them to the queue registered handler. */ -static void blk_done_softirq(struct softirq_action *h) -+static void blk_done_softirq(void) ++static __latent_entropy void blk_done_softirq(void) { struct list_head *cpu_list, local_list; @@ -34513,32 +34505,6 @@ index a5ffcc9..3cedc9c 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/api.c b/crypto/api.c -index 3b61803..37c4c72 100644 ---- a/crypto/api.c -+++ b/crypto/api.c -@@ -34,6 +34,8 @@ EXPORT_SYMBOL_GPL(crypto_alg_sem); - BLOCKING_NOTIFIER_HEAD(crypto_chain); - EXPORT_SYMBOL_GPL(crypto_chain); - -+static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg); -+ - struct crypto_alg *crypto_mod_get(struct crypto_alg *alg) - { - return try_module_get(alg->cra_module) ? crypto_alg_get(alg) : NULL; -@@ -144,8 +146,11 @@ static struct crypto_alg *crypto_larval_add(const char *name, u32 type, - } - up_write(&crypto_alg_sem); - -- if (alg != &larval->alg) -+ if (alg != &larval->alg) { - kfree(larval); -+ if (crypto_is_larval(alg)) -+ alg = crypto_larval_wait(alg); -+ } - - return alg; - } diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -35969,19 +35935,18 @@ index e8d11b6..7b1b36f 100644 } EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index 62b6c2c..4a11354 100644 +index 62b6c2c..002d10f 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1189,6 +1189,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1189,6 +1189,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; + memset(&arg64, 0, sizeof(arg64)); -+ err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -3010,7 +3012,7 @@ static void start_io(ctlr_info_t *h) +@@ -3010,7 +3011,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -35990,7 +35955,7 @@ index 62b6c2c..4a11354 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3020,7 +3022,7 @@ static void start_io(ctlr_info_t *h) +@@ -3020,7 +3021,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -35999,7 +35964,7 @@ index 62b6c2c..4a11354 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3446,17 +3448,17 @@ startio: +@@ -3446,17 +3447,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -36020,7 +35985,7 @@ index 62b6c2c..4a11354 100644 (h->interrupts_enabled == 0)); } -@@ -3489,7 +3491,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3489,7 +3490,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -36029,7 +35994,7 @@ index 62b6c2c..4a11354 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4046,7 +4048,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4046,7 +4047,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -36038,7 +36003,7 @@ index 62b6c2c..4a11354 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4319,7 +4321,7 @@ static int cciss_pci_init(ctlr_info_t *h) +@@ -4319,7 +4320,7 @@ static int cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -36047,7 +36012,7 @@ index 62b6c2c..4a11354 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5051,7 +5053,7 @@ reinit_after_soft_reset: +@@ -5051,7 +5052,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -36056,7 +36021,7 @@ index 62b6c2c..4a11354 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5101,7 +5103,7 @@ reinit_after_soft_reset: +@@ -5101,7 +5102,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -36065,7 +36030,7 @@ index 62b6c2c..4a11354 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5121,9 +5123,9 @@ reinit_after_soft_reset: +@@ -5121,9 +5122,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36077,7 +36042,7 @@ index 62b6c2c..4a11354 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5146,7 +5148,7 @@ reinit_after_soft_reset: +@@ -5146,7 +5147,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -36086,7 +36051,7 @@ index 62b6c2c..4a11354 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5218,7 +5220,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5218,7 +5219,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -38551,10 +38516,10 @@ index 3d92a7c..9a9cfd7 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index be79f47..95e150b 100644 +index ca40d1b..6baacfd 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -9418,13 +9418,13 @@ struct intel_quirk { +@@ -9431,13 +9431,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -38570,7 +38535,7 @@ index be79f47..95e150b 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -9432,18 +9432,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -9445,18 +9445,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -39427,41 +39392,10 @@ index 5360e5a..c2c0d26 100644 err = drm_debugfs_create_files(dc->debugfs_files, ARRAY_SIZE(debugfs_files), diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 36668d1..9f4ccb0 100644 +index 5956445..1d30d7e 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -63,6 +63,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, - struct hid_report_enum *report_enum = device->report_enum + type; - struct hid_report *report; - -+ if (id >= HID_MAX_IDS) -+ return NULL; - if (report_enum->report_id_hash[id]) - return report_enum->report_id_hash[id]; - -@@ -404,8 +406,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item) - - case HID_GLOBAL_ITEM_TAG_REPORT_ID: - parser->global.report_id = item_udata(item); -- if (parser->global.report_id == 0) { -- hid_err(parser->device, "report_id 0 is invalid\n"); -+ if (parser->global.report_id == 0 || -+ parser->global.report_id >= HID_MAX_IDS) { -+ hid_err(parser->device, "report_id %u is invalid\n", -+ parser->global.report_id); - return -1; - } - return 0; -@@ -575,7 +579,7 @@ static void hid_close_report(struct hid_device *device) - for (i = 0; i < HID_REPORT_TYPES; i++) { - struct hid_report_enum *report_enum = device->report_enum + i; - -- for (j = 0; j < 256; j++) { -+ for (j = 0; j < HID_MAX_IDS; j++) { - struct hid_report *report = report_enum->report_id_hash[j]; - if (report) - hid_free_report(report); -@@ -755,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size) +@@ -759,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size) } EXPORT_SYMBOL_GPL(hid_parse_report); @@ -39518,21 +39452,7 @@ index 36668d1..9f4ccb0 100644 /** * hid_open_report - open a driver-specific device report * -@@ -1152,7 +1206,12 @@ EXPORT_SYMBOL_GPL(hid_output_report); - - int hid_set_field(struct hid_field *field, unsigned offset, __s32 value) - { -- unsigned size = field->report_size; -+ unsigned size; -+ -+ if (!field) -+ return -1; -+ -+ size = field->report_size; - - hid_dump_input(field->report->device, field->usage + offset, value); - -@@ -2285,7 +2344,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2295,7 +2345,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -39541,7 +39461,7 @@ index 36668d1..9f4ccb0 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2319,7 +2378,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2329,7 +2379,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -39815,68 +39735,6 @@ index cb0e361..2aa275e 100644 } for (r = 0; r < report->maxfield; r++) { -diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c -index ef95102..5482156 100644 ---- a/drivers/hid/hid-ntrig.c -+++ b/drivers/hid/hid-ntrig.c -@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev) - struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT]. - report_id_hash[0x0d]; - -- if (!report) -+ if (!report || report->maxfield < 1 || -+ report->field[0]->report_count < 1) - return -EINVAL; - - hid_hw_request(hdev, report, HID_REQ_GET_REPORT); -diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c -index b48092d..72bba1e 100644 ---- a/drivers/hid/hid-picolcd_core.c -+++ b/drivers/hid/hid-picolcd_core.c -@@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev, - buf += 10; - cnt -= 10; - } -- if (!report) -+ if (!report || report->maxfield < 1) - return -EINVAL; - - while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r')) -diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c -index d29112f..2dcd7d9 100644 ---- a/drivers/hid/hid-pl.c -+++ b/drivers/hid/hid-pl.c -@@ -132,8 +132,14 @@ static int plff_init(struct hid_device *hid) - strong = &report->field[0]->value[2]; - weak = &report->field[0]->value[3]; - debug("detected single-field device"); -- } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 && -- report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) { -+ } else if (report->field[0]->maxusage == 1 && -+ report->field[0]->usage[0].hid == -+ (HID_UP_LED | 0x43) && -+ report->maxfield >= 4 && -+ report->field[0]->report_count >= 1 && -+ report->field[1]->report_count >= 1 && -+ report->field[2]->report_count >= 1 && -+ report->field[3]->report_count >= 1) { - report->field[0]->value[0] = 0x00; - report->field[1]->value[0] = 0x00; - strong = &report->field[2]->value[0]; -diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c -index ca749810..aa34755 100644 ---- a/drivers/hid/hid-sensor-hub.c -+++ b/drivers/hid/hid-sensor-hub.c -@@ -221,7 +221,8 @@ int sensor_hub_get_feature(struct hid_sensor_hub_device *hsdev, u32 report_id, - - mutex_lock(&data->mutex); - report = sensor_hub_report(report_id, hsdev->hdev, HID_FEATURE_REPORT); -- if (!report || (field_index >= report->maxfield)) { -+ if (!report || (field_index >= report->maxfield) || -+ report->field[field_index]->report_count < 1) { - ret = -EINVAL; - goto done_proc; - } diff --git a/drivers/hid/hid-steelseries.c b/drivers/hid/hid-steelseries.c index d164911..ef42e86 100644 --- a/drivers/hid/hid-steelseries.c @@ -47364,10 +47222,10 @@ index f379c7f..e8fc69c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 86fcf2c..26d8594 100644 +index 2783dd7..d20395b 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2938,7 +2938,7 @@ static int sd_probe(struct device *dev) +@@ -2933,7 +2933,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -48853,10 +48711,10 @@ index d5cc3ac..3263411 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 366af83..6db51c3 100644 +index 20689b9..7fd3a31 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3467,7 +3467,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3468,7 +3468,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -49287,7 +49145,7 @@ index 014dc99..4d25fd7 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 558313d..8cadfa5 100644 +index 17c3785..deffb11 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -49298,7 +49156,7 @@ index 558313d..8cadfa5 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4426,6 +4427,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4421,6 +4422,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -49349,7 +49207,7 @@ index 7dad603..350f7a9 100644 INIT_LIST_HEAD(&dev->ep0.urb_list); dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c -index f77083f..f3e2e34 100644 +index 14d28d6..5f511ac 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -550,8 +550,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, @@ -52541,7 +52399,7 @@ index 89dec7f..361b0d75 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 100edcc..ed95731 100644 +index 100edcc..244db37 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -52695,7 +52553,22 @@ index 100edcc..ed95731 100644 error = -ENOMEM; goto out_close; } -@@ -538,6 +567,315 @@ out: +@@ -525,9 +554,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, + elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); + + /* Map the last of the bss segment */ +- error = vm_brk(elf_bss, last_bss - elf_bss); +- if (BAD_ADDR(error)) +- goto out_close; ++ if (last_bss > elf_bss) { ++ error = vm_brk(elf_bss, last_bss - elf_bss); ++ if (BAD_ADDR(error)) ++ goto out_close; ++ } + } + + error = load_addr; +@@ -538,6 +569,315 @@ out: return error; } @@ -53011,7 +52884,7 @@ index 100edcc..ed95731 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -554,6 +892,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -554,6 +894,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -53023,7 +52896,7 @@ index 100edcc..ed95731 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -572,7 +915,7 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -572,7 +917,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -53032,7 +52905,7 @@ index 100edcc..ed95731 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -582,12 +925,12 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -582,12 +927,12 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -53046,7 +52919,7 @@ index 100edcc..ed95731 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -723,11 +1066,81 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -723,11 +1068,81 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* OK, This is the point of no return */ @@ -53129,7 +53002,7 @@ index 100edcc..ed95731 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -817,6 +1230,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -817,6 +1232,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -53150,7 +53023,7 @@ index 100edcc..ed95731 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -849,9 +1276,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -849,9 +1278,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -53163,7 +53036,7 @@ index 100edcc..ed95731 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -890,17 +1317,45 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -890,17 +1319,45 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -53215,7 +53088,7 @@ index 100edcc..ed95731 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1122,7 +1577,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1122,7 +1579,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -53224,7 +53097,7 @@ index 100edcc..ed95731 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1160,7 +1615,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1160,7 +1617,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -53233,7 +53106,7 @@ index 100edcc..ed95731 100644 goto whole; /* -@@ -1385,9 +1840,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1385,9 +1842,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -53245,7 +53118,7 @@ index 100edcc..ed95731 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1396,7 +1851,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1396,7 +1853,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -53254,7 +53127,7 @@ index 100edcc..ed95731 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -2017,14 +2472,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2017,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -53271,7 +53144,7 @@ index 100edcc..ed95731 100644 return size; } -@@ -2117,7 +2572,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2117,7 +2574,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -53280,7 +53153,7 @@ index 100edcc..ed95731 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2131,10 +2586,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2131,10 +2588,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -53293,7 +53166,7 @@ index 100edcc..ed95731 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2148,7 +2605,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2148,7 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -53302,7 +53175,7 @@ index 100edcc..ed95731 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2159,6 +2616,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2159,6 +2618,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -53310,7 +53183,7 @@ index 100edcc..ed95731 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2183,7 +2641,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2183,7 +2643,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -53319,7 +53192,7 @@ index 100edcc..ed95731 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2192,6 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2192,6 +2652,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -53327,7 +53200,7 @@ index 100edcc..ed95731 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2209,6 +2668,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2209,6 +2670,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -53335,7 +53208,7 @@ index 100edcc..ed95731 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2229,6 +2689,167 @@ out: +@@ -2229,6 +2691,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -53657,7 +53530,7 @@ index a4b38f9..f86a509 100644 spin_lock_init(&delayed_root->lock); init_waitqueue_head(&delayed_root->wait); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index 238a055..1e33cd5 100644 +index 9877a2a..7ebf9ab 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -3097,9 +3097,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) @@ -57333,10 +57206,10 @@ index 1d55f94..088da65 100644 } diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 72a5d5b..c991011 100644 +index 8fec28f..cd40dba 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1433,7 +1433,7 @@ static char *read_link(struct dentry *dentry) +@@ -1437,7 +1437,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -60028,10 +59901,10 @@ index 7129046..f2779c6 100644 kfree(ctl_table_arg); goto out; diff --git a/fs/proc/root.c b/fs/proc/root.c -index e0a790d..21e095e 100644 +index 0e0e83c..005ba6a 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -182,7 +182,15 @@ void __init proc_root_init(void) +@@ -183,7 +183,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -67426,10 +67299,10 @@ index 0000000..a340c17 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..8132048 +index 0000000..f056b81 --- /dev/null +++ b/grsecurity/gracl_ip.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,386 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -67521,6 +67394,8 @@ index 0000000..8132048 + return gr_sockfamilies[family]; +} + ++extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly; ++ +int +gr_search_socket(const int domain, const int type, const int protocol) +{ @@ -67600,10 +67475,7 @@ index 0000000..8132048 + if (domain == PF_INET) + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), gr_proto_to_name(protocol)); -+ else -+#ifndef CONFIG_IPV6 -+ if (domain != PF_INET6) -+#endif ++ else if (rcu_access_pointer(net_families[domain]) != NULL) + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), protocol); + @@ -72535,7 +72407,7 @@ index 1ec14a7..d0654a2 100644 /** * struct clk_init_data - holds init data that's common to all clocks and is diff --git a/include/linux/compat.h b/include/linux/compat.h -index 7f0c1dd..206ac34 100644 +index ec1aee4..1077986 100644 --- a/include/linux/compat.h +++ b/include/linux/compat.h @@ -312,7 +312,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, @@ -72556,14 +72428,6 @@ index 7f0c1dd..206ac34 100644 asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, size_t); /* -@@ -669,6 +669,7 @@ asmlinkage long compat_sys_sigaltstack(const compat_stack_t __user *uss_ptr, - - int compat_restore_altstack(const compat_stack_t __user *uss); - int __compat_save_altstack(compat_stack_t __user *, unsigned long); -+void __compat_save_altstack_ex(compat_stack_t __user *, unsigned long); - - asmlinkage long compat_sys_sched_rr_get_interval(compat_pid_t pid, - struct compat_timespec __user *interval); diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h index 842de22..7f3a41f 100644 --- a/include/linux/compiler-gcc4.h @@ -73242,7 +73106,7 @@ index 1c804b0..1432c2b 100644 /* diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index 9f3c275..911b591 100644 +index 9f3c275..8bdff5d 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -194,7 +194,7 @@ struct gendisk { @@ -73254,6 +73118,15 @@ index 9f3c275..911b591 100644 struct disk_events *ev; #ifdef CONFIG_BLK_DEV_INTEGRITY struct blk_integrity *integrity; +@@ -435,7 +435,7 @@ extern void disk_flush_events(struct gendisk *disk, unsigned int mask); + extern unsigned int disk_clear_events(struct gendisk *disk, unsigned int mask); + + /* drivers/char/random.c */ +-extern void add_disk_randomness(struct gendisk *disk); ++extern void add_disk_randomness(struct gendisk *disk) __latent_entropy; + extern void rand_initialize_disk(struct gendisk *disk); + + static inline sector_t get_start_sect(struct block_device *bdev) diff --git a/include/linux/genl_magic_func.h b/include/linux/genl_magic_func.h index 023bc34..b02b46a 100644 --- a/include/linux/genl_magic_func.h @@ -74589,24 +74462,10 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/hid.h b/include/linux/hid.h -index 0c48991..76e41d8 100644 +index ff545cc..76e41d8 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h -@@ -393,10 +393,12 @@ struct hid_report { - struct hid_device *device; /* associated device */ - }; - -+#define HID_MAX_IDS 256 -+ - struct hid_report_enum { - unsigned numbered; - struct list_head report_list; -- struct hid_report *report_id_hash[256]; -+ struct hid_report *report_id_hash[HID_MAX_IDS]; - }; - - #define HID_REPORT_TYPES 3 -@@ -747,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data); +@@ -749,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data); struct hid_device *hid_allocate_device(void); struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id); int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size); @@ -76143,10 +76002,10 @@ index 34a1e10..03a6d03 100644 struct proc_ns { void *ns; diff --git a/include/linux/random.h b/include/linux/random.h -index 3b9377d..943ad4a 100644 +index 3b9377d..e418336 100644 --- a/include/linux/random.h +++ b/include/linux/random.h -@@ -10,6 +10,16 @@ +@@ -10,9 +10,19 @@ extern void add_device_randomness(const void *, unsigned int); @@ -76161,8 +76020,13 @@ index 3b9377d..943ad4a 100644 +} + extern void add_input_randomness(unsigned int type, unsigned int code, - unsigned int value); - extern void add_interrupt_randomness(int irq, int irq_flags); +- unsigned int value); +-extern void add_interrupt_randomness(int irq, int irq_flags); ++ unsigned int value) __latent_entropy; ++extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy; + + extern void get_random_bytes(void *buf, int nbytes); + extern void get_random_bytes_arch(void *buf, int nbytes); @@ -32,6 +42,11 @@ void prandom_seed(u32 seed); u32 prandom_u32_state(struct rnd_state *); void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes); @@ -76176,7 +76040,7 @@ index 3b9377d..943ad4a 100644 * Handle minimum values for seeds */ diff --git a/include/linux/rculist.h b/include/linux/rculist.h -index f4b1001..8ddb2b6 100644 +index 4106721..132d42c 100644 --- a/include/linux/rculist.h +++ b/include/linux/rculist.h @@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new, @@ -76642,18 +76506,6 @@ index 429c199..4d42e38 100644 }; /* shm_mode upper byte flags */ -diff --git a/include/linux/signal.h b/include/linux/signal.h -index d897484..323ba98 100644 ---- a/include/linux/signal.h -+++ b/include/linux/signal.h -@@ -433,6 +433,7 @@ void signals_init(void); - - int restore_altstack(const stack_t __user *); - int __save_altstack(stack_t __user *, unsigned long); -+void __save_altstack_ex(stack_t __user *, unsigned long); - - #ifdef CONFIG_PROC_FS - struct seq_file; diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 3b71a4e..5c9f309 100644 --- a/include/linux/skbuff.h @@ -79442,7 +79294,7 @@ index ae1996d..a35f2cc 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index 9f29d9e..8f284e0 100644 +index b65fdf1..89ec2b1 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -291,18 +291,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) @@ -80358,7 +80210,7 @@ index ca65997..60df03d 100644 /* Callchain handling */ extern struct perf_callchain_entry * diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c -index f356974..cb8c570 100644 +index ad8e1bd..fed7ba9 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -1556,7 +1556,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) @@ -80431,7 +80283,7 @@ index a949819..a5f127d 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index bf46287..2af185d 100644 +index 200a7a2..43e52da 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -80680,7 +80532,7 @@ index bf46287..2af185d 100644 unsigned long stack_start, unsigned long stack_size, int __user *child_tidptr, -@@ -1200,6 +1250,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1201,6 +1251,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -80690,7 +80542,7 @@ index bf46287..2af185d 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && -@@ -1449,6 +1502,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1450,6 +1503,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -80702,7 +80554,7 @@ index bf46287..2af185d 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1534,6 +1592,8 @@ bad_fork_cleanup_count: +@@ -1535,6 +1593,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -80711,7 +80563,7 @@ index bf46287..2af185d 100644 return ERR_PTR(retval); } -@@ -1604,6 +1664,7 @@ long do_fork(unsigned long clone_flags, +@@ -1605,6 +1665,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -80719,7 +80571,7 @@ index bf46287..2af185d 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1618,6 +1679,8 @@ long do_fork(unsigned long clone_flags, +@@ -1619,6 +1680,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -80728,7 +80580,7 @@ index bf46287..2af185d 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1734,7 +1797,7 @@ void __init proc_caches_init(void) +@@ -1735,7 +1798,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -80737,7 +80589,7 @@ index bf46287..2af185d 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1774,7 +1837,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1775,7 +1838,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -80746,7 +80598,7 @@ index bf46287..2af185d 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1886,7 +1949,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1887,7 +1950,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -80848,7 +80700,7 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 383319b..cd2b391 100644 +index 383319b..56ebb13 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -1438,7 +1438,7 @@ void hrtimer_peek_ahead_timers(void) @@ -80856,7 +80708,7 @@ index 383319b..cd2b391 100644 } -static void run_hrtimer_softirq(struct softirq_action *h) -+static void run_hrtimer_softirq(void) ++static __latent_entropy void run_hrtimer_softirq(void) { hrtimer_peek_ahead_timers(); } @@ -82351,7 +82203,7 @@ index 8018646..b6a5b4f 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index 66505c1..87af12c 100644 +index ebe5e80..5d6d634 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -82371,7 +82223,7 @@ index 66505c1..87af12c 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -439,10 +440,18 @@ EXPORT_SYMBOL(pid_task); +@@ -440,10 +441,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { @@ -82391,7 +82243,7 @@ index 66505c1..87af12c 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -450,6 +459,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -451,6 +460,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, task_active_pid_ns(current)); } @@ -82789,7 +82641,7 @@ index cce6ba8..7c758b1f 100644 } return till_stall_check * HZ + RCU_STALL_DELAY_DELTA; diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c -index aa34411..78e5ccb 100644 +index aa34411..4832cd4 100644 --- a/kernel/rcutiny.c +++ b/kernel/rcutiny.c @@ -45,7 +45,7 @@ @@ -82806,7 +82658,7 @@ index aa34411..78e5ccb 100644 } -static void rcu_process_callbacks(struct softirq_action *unused) -+static void rcu_process_callbacks(void) ++static __latent_entropy void rcu_process_callbacks(void) { __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); @@ -82978,7 +82830,7 @@ index f4871e5..8ef5741 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 068de3a..df7da65 100644 +index 068de3a..5e7db2f 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c @@ -358,9 +358,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, @@ -83107,7 +82959,7 @@ index 068de3a..df7da65 100644 * Do RCU core processing for the current CPU. */ -static void rcu_process_callbacks(struct softirq_action *unused) -+static void rcu_process_callbacks(void) ++static __latent_entropy void rcu_process_callbacks(void) { struct rcu_state *rsp; @@ -83724,7 +83576,7 @@ index 05c39f0..442e6fe 100644 #else static void register_sched_domain_sysctl(void) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 68f1609..640ba13 100644 +index 68f1609..2a9fe8a 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated) @@ -83741,7 +83593,7 @@ index 68f1609..640ba13 100644 * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ -static void run_rebalance_domains(struct softirq_action *h) -+static void run_rebalance_domains(void) ++static __latent_entropy void run_rebalance_domains(void) { int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); @@ -83759,7 +83611,7 @@ index ef0a7b2..1b728c1 100644 #define sched_class_highest (&stop_sched_class) #define for_each_class(class) \ diff --git a/kernel/signal.c b/kernel/signal.c -index 50e4107..08bcb94 100644 +index 50e4107..9409983 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -51,12 +51,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -83885,24 +83737,7 @@ index 50e4107..08bcb94 100644 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); /* -@@ -3219,6 +3250,16 @@ int __save_altstack(stack_t __user *uss, unsigned long sp) - __put_user(t->sas_ss_size, &uss->ss_size); - } - -+#ifdef CONFIG_X86 -+void __save_altstack_ex(stack_t __user *uss, unsigned long sp) -+{ -+ struct task_struct *t = current; -+ put_user_ex((void __user *)t->sas_ss_sp, &uss->ss_sp); -+ put_user_ex(sas_ss_flags(sp), &uss->ss_flags); -+ put_user_ex(t->sas_ss_size, &uss->ss_size); -+} -+#endif -+ - #ifdef CONFIG_COMPAT - COMPAT_SYSCALL_DEFINE2(sigaltstack, - const compat_stack_t __user *, uss_ptr, -@@ -3240,8 +3281,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, +@@ -3240,8 +3271,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, } seg = get_fs(); set_fs(KERNEL_DS); @@ -83913,23 +83748,6 @@ index 50e4107..08bcb94 100644 compat_user_stack_pointer()); set_fs(seg); if (ret >= 0 && uoss_ptr) { -@@ -3268,6 +3309,16 @@ int __compat_save_altstack(compat_stack_t __user *uss, unsigned long sp) - __put_user(sas_ss_flags(sp), &uss->ss_flags) | - __put_user(t->sas_ss_size, &uss->ss_size); - } -+ -+#ifdef CONFIG_X86 -+void __compat_save_altstack_ex(compat_stack_t __user *uss, unsigned long sp) -+{ -+ struct task_struct *t = current; -+ put_user_ex(ptr_to_compat((void __user *)t->sas_ss_sp), &uss->ss_sp); -+ put_user_ex(sas_ss_flags(sp), &uss->ss_flags); -+ put_user_ex(t->sas_ss_size, &uss->ss_size); -+} -+#endif - #endif - - #ifdef __ARCH_WANT_SYS_SIGPENDING diff --git a/kernel/smpboot.c b/kernel/smpboot.c index eb89e18..a4e6792 100644 --- a/kernel/smpboot.c @@ -83953,7 +83771,7 @@ index eb89e18..a4e6792 100644 mutex_unlock(&smpboot_threads_lock); put_online_cpus(); diff --git a/kernel/softirq.c b/kernel/softirq.c -index be3d351..9e4d5f2 100644 +index be3d351..e57af82 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -83993,7 +83811,7 @@ index be3d351..9e4d5f2 100644 EXPORT_SYMBOL(__tasklet_hi_schedule_first); -static void tasklet_action(struct softirq_action *a) -+static void tasklet_action(void) ++static __latent_entropy void tasklet_action(void) { struct tasklet_struct *list; @@ -84002,7 +83820,7 @@ index be3d351..9e4d5f2 100644 } -static void tasklet_hi_action(struct softirq_action *a) -+static void tasklet_hi_action(void) ++static __latent_entropy void tasklet_hi_action(void) { struct tasklet_struct *list; @@ -84652,7 +84470,7 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 4296d13..8998609 100644 +index 4296d13..0164b04 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1366,7 +1366,7 @@ void update_process_times(int user_tick) @@ -84660,7 +84478,7 @@ index 4296d13..8998609 100644 * This function runs timers and the timer-tq in bottom half context. */ -static void run_timer_softirq(struct softirq_action *h) -+static void run_timer_softirq(void) ++static __latent_entropy void run_timer_softirq(void) { struct tvec_base *base = __this_cpu_read(tvec_bases); @@ -85763,6 +85581,19 @@ index c24c2f7..06e070b 100644 + pax_close_kernel(); +} +EXPORT_SYMBOL(pax_list_del_rcu); +diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c +index 7deeb62..144eb47 100644 +--- a/lib/percpu-refcount.c ++++ b/lib/percpu-refcount.c +@@ -29,7 +29,7 @@ + * can't hit 0 before we've added up all the percpu refs. + */ + +-#define PCPU_COUNT_BIAS (1U << 31) ++#define PCPU_COUNT_BIAS (1U << 30) + + /** + * percpu_ref_init - initialize a percpu refcount diff --git a/lib/radix-tree.c b/lib/radix-tree.c index e796429..6e38f9f 100644 --- a/lib/radix-tree.c @@ -87290,7 +87121,7 @@ index 6f0c244..6d1ae32 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index 79b7cf7..9944291 100644 +index 79b7cf7..37472bf 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -87340,7 +87171,7 @@ index 79b7cf7..9944291 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -500,6 +510,11 @@ static int do_mlockall(int flags) +@@ -500,12 +510,18 @@ static int do_mlockall(int flags) for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { vm_flags_t newflags; @@ -87352,7 +87183,14 @@ index 79b7cf7..9944291 100644 newflags = vma->vm_flags & ~VM_LOCKED; if (flags & MCL_CURRENT) newflags |= VM_LOCKED; -@@ -532,6 +547,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) + + /* Ignore errors */ + mlock_fixup(vma, &prev, vma->vm_start, vma->vm_end, newflags); ++ cond_resched(); + } + out: + return 0; +@@ -532,6 +548,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -91477,7 +91315,7 @@ index 8ab48cd..57b1a80 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 26755dd..5020ced 100644 +index 26755dd..2a232de 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1680,14 +1680,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -91520,7 +91358,7 @@ index 26755dd..5020ced 100644 EXPORT_SYMBOL(netif_rx_ni); -static void net_tx_action(struct softirq_action *h) -+static void net_tx_action(void) ++static __latent_entropy void net_tx_action(void) { struct softnet_data *sd = &__get_cpu_var(softnet_data); @@ -91538,7 +91376,7 @@ index 26755dd..5020ced 100644 EXPORT_SYMBOL(netif_napi_del); -static void net_rx_action(struct softirq_action *h) -+static void net_rx_action(void) ++static __latent_entropy void net_rx_action(void) { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; @@ -93358,6 +93196,96 @@ index 90747f1..505320d 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index e7ceb6c..44df1c9 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1040,6 +1040,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, + * udp datagram + */ + if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { ++ struct frag_hdr fhdr; ++ + skb = sock_alloc_send_skb(sk, + hh_len + fragheaderlen + transhdrlen + 20, + (flags & MSG_DONTWAIT), &err); +@@ -1061,12 +1063,6 @@ static inline int ip6_ufo_append_data(struct sock *sk, + skb->protocol = htons(ETH_P_IPV6); + skb->ip_summed = CHECKSUM_PARTIAL; + skb->csum = 0; +- } +- +- err = skb_append_datato_frags(sk,skb, getfrag, from, +- (length - transhdrlen)); +- if (!err) { +- struct frag_hdr fhdr; + + /* Specify the length of each IPv6 datagram fragment. + * It has to be a multiple of 8. +@@ -1077,15 +1073,10 @@ static inline int ip6_ufo_append_data(struct sock *sk, + ipv6_select_ident(&fhdr, rt); + skb_shinfo(skb)->ip6_frag_id = fhdr.identification; + __skb_queue_tail(&sk->sk_write_queue, skb); +- +- return 0; + } +- /* There is not enough support do UPD LSO, +- * so follow normal path +- */ +- kfree_skb(skb); + +- return err; ++ return skb_append_datato_frags(sk, skb, getfrag, from, ++ (length - transhdrlen)); + } + + static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, +@@ -1252,27 +1243,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + * --yoshfuji + */ + ++ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP || ++ sk->sk_protocol == IPPROTO_RAW)) { ++ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); ++ return -EMSGSIZE; ++ } ++ ++ skb = skb_peek_tail(&sk->sk_write_queue); + cork->length += length; +- if (length > mtu) { +- int proto = sk->sk_protocol; +- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ +- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); +- return -EMSGSIZE; +- } +- +- if (proto == IPPROTO_UDP && +- (rt->dst.dev->features & NETIF_F_UFO)) { +- +- err = ip6_ufo_append_data(sk, getfrag, from, length, +- hh_len, fragheaderlen, +- transhdrlen, mtu, flags, rt); +- if (err) +- goto error; +- return 0; +- } ++ if (((length > mtu) || ++ (skb && skb_is_gso(skb))) && ++ (sk->sk_protocol == IPPROTO_UDP) && ++ (rt->dst.dev->features & NETIF_F_UFO)) { ++ err = ip6_ufo_append_data(sk, getfrag, from, length, ++ hh_len, fragheaderlen, ++ transhdrlen, mtu, flags, rt); ++ if (err) ++ goto error; ++ return 0; + } + +- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) ++ if (!skb) + goto alloc_new_skb; + + while (length > 0) { diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 46ba243..576f50e 100644 --- a/net/ipv6/ip6_tunnel.c @@ -95749,7 +95677,7 @@ index 9a5c4c9..46e4b29 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index b2d7c62..04f19ea 100644 +index b2d7c62..441a7ef 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -95769,6 +95697,15 @@ index b2d7c62..04f19ea 100644 static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); +@@ -162,7 +165,7 @@ static const struct file_operations socket_file_ops = { + */ + + static DEFINE_SPINLOCK(net_family_lock); +-static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly; ++const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly; + + /* + * Statistics counters of the socket lists @@ -327,7 +330,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, &sockfs_dentry_operations, SOCKFS_MAGIC); } @@ -95787,24 +95724,28 @@ index b2d7c62..04f19ea 100644 /* Compatibility. -@@ -1394,6 +1399,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) - if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) - flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; +@@ -1283,6 +1288,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, + if (err) + return err; -+ if(!gr_search_socket(family, type, protocol)) { -+ retval = -EACCES; -+ goto out; ++ if(!kern && !gr_search_socket(family, type, protocol)) { ++ if (rcu_access_pointer(net_families[family]) == NULL) ++ return -EAFNOSUPPORT; ++ else ++ return -EACCES; + } + -+ if (gr_handle_sock_all(family, type, protocol)) { -+ retval = -EACCES; -+ goto out; ++ if (!kern && gr_handle_sock_all(family, type, protocol)) { ++ if (rcu_access_pointer(net_families[family]) == NULL) ++ return -EAFNOSUPPORT; ++ else ++ return -EACCES; + } + - retval = sock_create(family, type, protocol, &sock); - if (retval < 0) - goto out; -@@ -1521,6 +1536,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) + /* + * Allocate the socket and allow the family to set things up. if + * the protocol is 0, the family is instructed to select an appropriate +@@ -1521,6 +1540,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -95819,7 +95760,7 @@ index b2d7c62..04f19ea 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1529,6 +1552,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1529,6 +1556,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -95827,7 +95768,7 @@ index b2d7c62..04f19ea 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1552,10 +1576,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1552,10 +1580,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -95848,7 +95789,7 @@ index b2d7c62..04f19ea 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1599,6 +1633,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1599,6 +1637,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -95867,7 +95808,7 @@ index b2d7c62..04f19ea 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1644,6 +1690,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1644,6 +1694,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -95876,7 +95817,7 @@ index b2d7c62..04f19ea 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1676,6 +1724,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1676,6 +1728,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -95884,7 +95825,7 @@ index b2d7c62..04f19ea 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1686,6 +1735,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1686,6 +1739,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -95902,7 +95843,7 @@ index b2d7c62..04f19ea 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1767,6 +1827,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, +@@ -1767,6 +1831,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, * the protocol. */ @@ -95911,7 +95852,7 @@ index b2d7c62..04f19ea 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1833,7 +1895,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1833,7 +1899,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -95920,7 +95861,7 @@ index b2d7c62..04f19ea 100644 int err, err2; int fput_needed; -@@ -2040,7 +2102,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2040,7 +2106,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -95929,7 +95870,7 @@ index b2d7c62..04f19ea 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2191,7 +2253,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2191,7 +2257,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -95938,7 +95879,7 @@ index b2d7c62..04f19ea 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2219,7 +2281,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2219,7 +2285,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -95947,7 +95888,7 @@ index b2d7c62..04f19ea 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2974,7 +3036,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2974,7 +3040,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -95956,7 +95897,7 @@ index b2d7c62..04f19ea 100644 set_fs(old_fs); return err; -@@ -3083,7 +3145,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3083,7 +3149,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -95965,7 +95906,7 @@ index b2d7c62..04f19ea 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3188,7 +3250,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3188,7 +3254,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -95974,7 +95915,7 @@ index b2d7c62..04f19ea 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3414,8 +3476,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3414,8 +3480,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -95985,7 +95926,7 @@ index b2d7c62..04f19ea 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3435,7 +3497,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3435,7 +3501,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -101154,7 +101095,7 @@ index 0000000..698da67 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..2ef6fd9 +index 0000000..cd6c242 --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c @@ -0,0 +1,321 @@ @@ -101450,7 +101391,7 @@ index 0000000..2ef6fd9 + TREE_THIS_VOLATILE(latent_entropy_decl) = 1; + DECL_EXTERNAL(latent_entropy_decl) = 1; + DECL_ARTIFICIAL(latent_entropy_decl) = 1; -+ DECL_INITIAL(latent_entropy_decl) = NULL; ++ DECL_INITIAL(latent_entropy_decl) = build_int_cstu(long_long_unsigned_type_node, get_random_const()); + lang_hooks.decls.pushdecl(latent_entropy_decl); +// DECL_ASSEMBLER_NAME(latent_entropy_decl); +// varpool_finalize_decl(latent_entropy_decl); diff --git a/3.11.1/4425_grsec_remove_EI_PAX.patch b/3.11.2/4425_grsec_remove_EI_PAX.patch index 415fda5..415fda5 100644 --- a/3.11.1/4425_grsec_remove_EI_PAX.patch +++ b/3.11.2/4425_grsec_remove_EI_PAX.patch diff --git a/3.11.1/4427_force_XATTR_PAX_tmpfs.patch b/3.11.2/4427_force_XATTR_PAX_tmpfs.patch index 23e60cd..23e60cd 100644 --- a/3.11.1/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.11.2/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.11.1/4430_grsec-remove-localversion-grsec.patch b/3.11.2/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.11.1/4430_grsec-remove-localversion-grsec.patch +++ b/3.11.2/4430_grsec-remove-localversion-grsec.patch diff --git a/3.11.1/4435_grsec-mute-warnings.patch b/3.11.2/4435_grsec-mute-warnings.patch index ed941d5..ed941d5 100644 --- a/3.11.1/4435_grsec-mute-warnings.patch +++ b/3.11.2/4435_grsec-mute-warnings.patch diff --git a/3.11.1/4440_grsec-remove-protected-paths.patch b/3.11.2/4440_grsec-remove-protected-paths.patch index 05710b1..05710b1 100644 --- a/3.11.1/4440_grsec-remove-protected-paths.patch +++ b/3.11.2/4440_grsec-remove-protected-paths.patch diff --git a/3.11.1/4450_grsec-kconfig-default-gids.patch b/3.11.2/4450_grsec-kconfig-default-gids.patch index 8c7b0b2..8c7b0b2 100644 --- a/3.11.1/4450_grsec-kconfig-default-gids.patch +++ b/3.11.2/4450_grsec-kconfig-default-gids.patch diff --git a/3.11.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.11.2/4465_selinux-avc_audit-log-curr_ip.patch index fea3943..fea3943 100644 --- a/3.11.1/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.11.2/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.11.1/4470_disable-compat_vdso.patch b/3.11.2/4470_disable-compat_vdso.patch index 4572f4f..4572f4f 100644 --- a/3.11.1/4470_disable-compat_vdso.patch +++ b/3.11.2/4470_disable-compat_vdso.patch diff --git a/3.11.1/4475_emutramp_default_on.patch b/3.11.2/4475_emutramp_default_on.patch index cfde6f8..cfde6f8 100644 --- a/3.11.1/4475_emutramp_default_on.patch +++ b/3.11.2/4475_emutramp_default_on.patch diff --git a/3.2.51/0000_README b/3.2.51/0000_README index cf0a0fe..e87b456 100644 --- a/3.2.51/0000_README +++ b/3.2.51/0000_README @@ -122,7 +122,7 @@ Patch: 1050_linux-3.2.51.patch From: http://www.kernel.org Desc: Linux 3.2.51 -Patch: 4420_grsecurity-2.9.1-3.2.51-201309181906.patch +Patch: 4420_grsecurity-2.9.1-3.2.51-201309281102.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309181906.patch b/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309281102.patch index 6cc3546..79a6bf4 100644 --- a/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309181906.patch +++ b/3.2.51/4420_grsecurity-2.9.1-3.2.51-201309281102.patch @@ -30191,7 +30191,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 58916af..eb9dbcf6 100644 +index 58916af..9b538a6 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -30199,7 +30199,7 @@ index 58916af..eb9dbcf6 100644 EXPORT_SYMBOL(blk_iopoll_complete); -static void blk_iopoll_softirq(struct softirq_action *h) -+static void blk_iopoll_softirq(void) ++static __latent_entropy void blk_iopoll_softirq(void) { struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; @@ -30226,7 +30226,7 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 1366a89..dfb3871 100644 +index 1366a89..88178fe 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c @@ -17,7 +17,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); @@ -30234,7 +30234,7 @@ index 1366a89..dfb3871 100644 * while passing them to the queue registered handler. */ -static void blk_done_softirq(struct softirq_action *h) -+static void blk_done_softirq(void) ++static __latent_entropy void blk_done_softirq(void) { struct list_head *cpu_list, local_list; @@ -31889,19 +31889,18 @@ index e8d11b6..7b1b36f 100644 } EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index d3446f6..12de1df 100644 +index d3446f6..61ddf2c 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1186,6 +1186,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1186,6 +1186,7 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; + memset(&arg64, 0, sizeof(arg64)); -+ err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -3007,7 +3009,7 @@ static void start_io(ctlr_info_t *h) +@@ -3007,7 +3008,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -31910,7 +31909,7 @@ index d3446f6..12de1df 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3017,7 +3019,7 @@ static void start_io(ctlr_info_t *h) +@@ -3017,7 +3018,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -31919,7 +31918,7 @@ index d3446f6..12de1df 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3443,17 +3445,17 @@ startio: +@@ -3443,17 +3444,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -31940,7 +31939,7 @@ index d3446f6..12de1df 100644 (h->interrupts_enabled == 0)); } -@@ -3486,7 +3488,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3486,7 +3487,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -31949,7 +31948,7 @@ index d3446f6..12de1df 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4044,7 +4046,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4044,7 +4045,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -31958,7 +31957,7 @@ index d3446f6..12de1df 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4316,7 +4318,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) +@@ -4316,7 +4317,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -31967,7 +31966,7 @@ index d3446f6..12de1df 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5041,7 +5043,7 @@ reinit_after_soft_reset: +@@ -5041,7 +5042,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -31976,7 +31975,7 @@ index d3446f6..12de1df 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5093,7 +5095,7 @@ reinit_after_soft_reset: +@@ -5093,7 +5094,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -31985,7 +31984,7 @@ index d3446f6..12de1df 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5113,9 +5115,9 @@ reinit_after_soft_reset: +@@ -5113,9 +5114,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -31997,7 +31996,7 @@ index d3446f6..12de1df 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5138,7 +5140,7 @@ reinit_after_soft_reset: +@@ -5138,7 +5139,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -32006,7 +32005,7 @@ index d3446f6..12de1df 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5211,7 +5213,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5211,7 +5212,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -49227,7 +49226,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 8dd615c..0d06360 100644 +index 8dd615c..65b7958 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -49381,7 +49380,26 @@ index 8dd615c..0d06360 100644 error = -ENOMEM; goto out_close; } -@@ -528,6 +557,315 @@ out: +@@ -513,11 +542,13 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, + elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); + + /* Map the last of the bss segment */ +- down_write(¤t->mm->mmap_sem); +- error = do_brk(elf_bss, last_bss - elf_bss); +- up_write(¤t->mm->mmap_sem); +- if (BAD_ADDR(error)) +- goto out_close; ++ if (last_bss > elf_bss) { ++ down_write(¤t->mm->mmap_sem); ++ error = do_brk(elf_bss, last_bss - elf_bss); ++ up_write(¤t->mm->mmap_sem); ++ if (BAD_ADDR(error)) ++ goto out_close; ++ } + } + + error = load_addr; +@@ -528,6 +559,315 @@ out: return error; } @@ -49697,7 +49715,7 @@ index 8dd615c..0d06360 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -544,6 +882,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -544,6 +884,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -49709,7 +49727,7 @@ index 8dd615c..0d06360 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -562,7 +905,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -562,7 +907,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -49718,7 +49736,7 @@ index 8dd615c..0d06360 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -572,11 +915,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -572,11 +917,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -49731,7 +49749,7 @@ index 8dd615c..0d06360 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -713,11 +1056,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -713,11 +1058,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) /* OK, This is the point of no return */ current->flags &= ~PF_FORKNOEXEC; @@ -49814,7 +49832,7 @@ index 8dd615c..0d06360 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -808,6 +1221,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -808,6 +1223,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -49835,7 +49853,7 @@ index 8dd615c..0d06360 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -840,9 +1267,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -840,9 +1269,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -49848,7 +49866,7 @@ index 8dd615c..0d06360 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,17 +1308,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,17 +1310,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -49899,7 +49917,7 @@ index 8dd615c..0d06360 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1098,7 +1552,7 @@ out: +@@ -1098,7 +1554,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -49908,7 +49926,7 @@ index 8dd615c..0d06360 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1586,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1588,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -49917,7 +49935,7 @@ index 8dd615c..0d06360 100644 goto whole; /* -@@ -1354,9 +1808,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1810,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -49929,7 +49947,7 @@ index 8dd615c..0d06360 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1851,14 +2305,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1851,14 +2307,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -49946,7 +49964,7 @@ index 8dd615c..0d06360 100644 return size; } -@@ -1952,7 +2406,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1952,7 +2408,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -49955,7 +49973,7 @@ index 8dd615c..0d06360 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1966,10 +2420,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1966,10 +2422,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -49968,7 +49986,7 @@ index 8dd615c..0d06360 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1983,7 +2439,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1983,7 +2441,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -49977,7 +49995,7 @@ index 8dd615c..0d06360 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -1994,6 +2450,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,6 +2452,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -49985,7 +50003,7 @@ index 8dd615c..0d06360 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2018,7 +2475,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2018,7 +2477,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -49994,7 +50012,7 @@ index 8dd615c..0d06360 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2027,6 +2484,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2027,6 +2486,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -50002,7 +50020,7 @@ index 8dd615c..0d06360 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2044,6 +2502,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2044,6 +2504,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -50010,7 +50028,7 @@ index 8dd615c..0d06360 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2064,6 +2523,167 @@ out: +@@ -2064,6 +2525,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -65286,10 +65304,10 @@ index 0000000..b20f6e9 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..db7cc23 +index 0000000..35f8064 --- /dev/null +++ b/grsecurity/gracl_ip.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,386 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -65381,6 +65399,8 @@ index 0000000..db7cc23 + return gr_sockfamilies[family]; +} + ++extern const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly; ++ +int +gr_search_socket(const int domain, const int type, const int protocol) +{ @@ -65460,10 +65480,7 @@ index 0000000..db7cc23 + if (domain == PF_INET) + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), gr_proto_to_name(protocol)); -+ else -+#ifndef CONFIG_IPV6 -+ if (domain != PF_INET6) -+#endif ++ else if (rcu_access_pointer(net_families[domain]) != NULL) + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), protocol); + @@ -71192,7 +71209,7 @@ index 82924bf..1aa58e7 100644 int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index 4eec461..84c73cf 100644 +index 4eec461..4ff5db5 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -185,7 +185,7 @@ struct gendisk { @@ -71204,6 +71221,15 @@ index 4eec461..84c73cf 100644 struct disk_events *ev; #ifdef CONFIG_BLK_DEV_INTEGRITY struct blk_integrity *integrity; +@@ -420,7 +420,7 @@ extern void disk_flush_events(struct gendisk *disk, unsigned int mask); + extern unsigned int disk_clear_events(struct gendisk *disk, unsigned int mask); + + /* drivers/char/random.c */ +-extern void add_disk_randomness(struct gendisk *disk); ++extern void add_disk_randomness(struct gendisk *disk) __latent_entropy; + extern void rand_initialize_disk(struct gendisk *disk); + + static inline sector_t get_start_sect(struct block_device *bdev) diff --git a/include/linux/gfp.h b/include/linux/gfp.h index 3a76faf..c0592c7 100644 --- a/include/linux/gfp.h @@ -74058,10 +74084,10 @@ index 800f113..12c82ec 100644 } diff --git a/include/linux/random.h b/include/linux/random.h -index 29e217a..a2b27bc 100644 +index 29e217a..a76bcd0 100644 --- a/include/linux/random.h +++ b/include/linux/random.h -@@ -51,6 +51,16 @@ struct rnd_state { +@@ -51,9 +51,19 @@ struct rnd_state { extern void rand_initialize_irq(int irq); extern void add_device_randomness(const void *, unsigned int); @@ -74076,8 +74102,13 @@ index 29e217a..a2b27bc 100644 +} + extern void add_input_randomness(unsigned int type, unsigned int code, - unsigned int value); - extern void add_interrupt_randomness(int irq, int irq_flags); +- unsigned int value); +-extern void add_interrupt_randomness(int irq, int irq_flags); ++ unsigned int value) __latent_entropy; ++extern void add_interrupt_randomness(int irq, int irq_flags) __latent_entropy; + + extern void get_random_bytes(void *buf, int nbytes); + extern void get_random_bytes_arch(void *buf, int nbytes); @@ -71,12 +81,17 @@ void srandom32(u32 seed); u32 prandom32(struct rnd_state *); @@ -78651,7 +78682,7 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 60f7e32..76ccd96 100644 +index 60f7e32..d703ad4 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -1414,7 +1414,7 @@ void hrtimer_peek_ahead_timers(void) @@ -78659,7 +78690,7 @@ index 60f7e32..76ccd96 100644 } -static void run_hrtimer_softirq(struct softirq_action *h) -+static void run_hrtimer_softirq(void) ++static __latent_entropy void run_hrtimer_softirq(void) { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); @@ -80654,7 +80685,7 @@ index 67fedad..32d32a04 100644 } diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c -index 636af6d..8af70ab 100644 +index 636af6d..90b936f 100644 --- a/kernel/rcutiny.c +++ b/kernel/rcutiny.c @@ -46,7 +46,7 @@ @@ -80671,7 +80702,7 @@ index 636af6d..8af70ab 100644 } -static void rcu_process_callbacks(struct softirq_action *unused) -+static void rcu_process_callbacks(void) ++static __latent_entropy void rcu_process_callbacks(void) { __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); @@ -80853,7 +80884,7 @@ index 764825c..3aa6ac4 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 1aa52af..f2b89e8 100644 +index 1aa52af..d2875ad 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c @@ -369,9 +369,9 @@ void rcu_enter_nohz(void) @@ -80934,7 +80965,7 @@ index 1aa52af..f2b89e8 100644 * Do RCU core processing for the current CPU. */ -static void rcu_process_callbacks(struct softirq_action *unused) -+static void rcu_process_callbacks(void) ++static __latent_entropy void rcu_process_callbacks(void) { trace_rcu_utilization("Start RCU core"); __rcu_process_callbacks(&rcu_sched_state, @@ -81369,7 +81400,7 @@ index f280df1..da1281d 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c -index 59474c5..490e67f 100644 +index 59474c5..efcae8d 100644 --- a/kernel/sched_fair.c +++ b/kernel/sched_fair.c @@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } @@ -81377,7 +81408,7 @@ index 59474c5..490e67f 100644 * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ -static void run_rebalance_domains(struct softirq_action *h) -+static void run_rebalance_domains(void) ++static __latent_entropy void run_rebalance_domains(void) { int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); @@ -81549,7 +81580,7 @@ index 9e800b2..1533ba5 100644 raw_spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index 2c71d91..f6c64a4 100644 +index 2c71d91..6b690a4 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -52,11 +52,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -81589,7 +81620,7 @@ index 2c71d91..f6c64a4 100644 EXPORT_SYMBOL(__tasklet_hi_schedule_first); -static void tasklet_action(struct softirq_action *a) -+static void tasklet_action(void) ++static __latent_entropy void tasklet_action(void) { struct tasklet_struct *list; @@ -81598,7 +81629,7 @@ index 2c71d91..f6c64a4 100644 } -static void tasklet_hi_action(struct softirq_action *a) -+static void tasklet_hi_action(void) ++static __latent_entropy void tasklet_hi_action(void) { struct tasklet_struct *list; @@ -82468,7 +82499,7 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index f8b05a4..9769e5b 100644 +index f8b05a4..ece06b3 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1308,7 +1308,7 @@ void update_process_times(int user_tick) @@ -82476,7 +82507,7 @@ index f8b05a4..9769e5b 100644 * This function runs timers and the timer-tq in bottom half context. */ -static void run_timer_softirq(struct softirq_action *h) -+static void run_timer_softirq(void) ++static __latent_entropy void run_timer_softirq(void) { struct tvec_base *base = __this_cpu_read(tvec_bases); @@ -85175,7 +85206,7 @@ index 09d6a9d..c514c22 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index 4f4f53b..02d443a 100644 +index 4f4f53b..dbc8aec 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -85225,7 +85256,7 @@ index 4f4f53b..02d443a 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -523,17 +533,22 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) +@@ -523,23 +533,29 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) static int do_mlockall(int flags) { struct vm_area_struct * vma, * prev = NULL; @@ -85251,7 +85282,14 @@ index 4f4f53b..02d443a 100644 newflags = vma->vm_flags | VM_LOCKED; if (!(flags & MCL_CURRENT)) newflags &= ~VM_LOCKED; -@@ -566,6 +581,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) + + /* Ignore errors */ + mlock_fixup(vma, &prev, vma->vm_start, vma->vm_end, newflags); ++ cond_resched(); + } + out: + return 0; +@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -89880,7 +89918,7 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 8e455b8..0e05f5f 100644 +index 8e455b8..4ebd90f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1142,10 +1142,14 @@ void dev_load(struct net *net, const char *name) @@ -89939,7 +89977,7 @@ index 8e455b8..0e05f5f 100644 EXPORT_SYMBOL(netif_rx_ni); -static void net_tx_action(struct softirq_action *h) -+static void net_tx_action(void) ++static __latent_entropy void net_tx_action(void) { struct softnet_data *sd = &__get_cpu_var(softnet_data); @@ -89957,7 +89995,7 @@ index 8e455b8..0e05f5f 100644 EXPORT_SYMBOL(netif_napi_del); -static void net_rx_action(struct softirq_action *h) -+static void net_rx_action(void) ++static __latent_entropy void net_rx_action(void) { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; @@ -92001,7 +92039,7 @@ index 1567fb1..29af910 100644 dst = NULL; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index db60043..33181b7 100644 +index db60043..7f8a2c1 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -600,8 +600,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) @@ -92033,6 +92071,92 @@ index db60043..33181b7 100644 } int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) +@@ -1125,6 +1122,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, + * udp datagram + */ + if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { ++ struct frag_hdr fhdr; ++ + skb = sock_alloc_send_skb(sk, + hh_len + fragheaderlen + transhdrlen + 20, + (flags & MSG_DONTWAIT), &err); +@@ -1145,12 +1144,6 @@ static inline int ip6_ufo_append_data(struct sock *sk, + + skb->ip_summed = CHECKSUM_PARTIAL; + skb->csum = 0; +- } +- +- err = skb_append_datato_frags(sk,skb, getfrag, from, +- (length - transhdrlen)); +- if (!err) { +- struct frag_hdr fhdr; + + /* Specify the length of each IPv6 datagram fragment. + * It has to be a multiple of 8. +@@ -1161,15 +1154,10 @@ static inline int ip6_ufo_append_data(struct sock *sk, + ipv6_select_ident(&fhdr, rt); + skb_shinfo(skb)->ip6_frag_id = fhdr.identification; + __skb_queue_tail(&sk->sk_write_queue, skb); +- +- return 0; + } +- /* There is not enough support do UPD LSO, +- * so follow normal path +- */ +- kfree_skb(skb); + +- return err; ++ return skb_append_datato_frags(sk, skb, getfrag, from, ++ (length - transhdrlen)); + } + + static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, +@@ -1342,27 +1330,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + * --yoshfuji + */ + ++ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP || ++ sk->sk_protocol == IPPROTO_RAW)) { ++ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); ++ return -EMSGSIZE; ++ } ++ ++ skb = skb_peek_tail(&sk->sk_write_queue); + cork->length += length; +- if (length > mtu) { +- int proto = sk->sk_protocol; +- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ +- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); +- return -EMSGSIZE; +- } +- +- if (proto == IPPROTO_UDP && +- (rt->dst.dev->features & NETIF_F_UFO)) { +- +- err = ip6_ufo_append_data(sk, getfrag, from, length, +- hh_len, fragheaderlen, +- transhdrlen, mtu, flags, rt); +- if (err) +- goto error; +- return 0; +- } ++ if (((length > mtu) || ++ (skb && skb_is_gso(skb))) && ++ (sk->sk_protocol == IPPROTO_UDP) && ++ (rt->dst.dev->features & NETIF_F_UFO)) { ++ err = ip6_ufo_append_data(sk, getfrag, from, length, ++ hh_len, fragheaderlen, ++ transhdrlen, mtu, flags, rt); ++ if (err) ++ goto error; ++ return 0; + } + +- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) ++ if (!skb) + goto alloc_new_skb; + + while (length > 0) { diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index b204df8..8f274f4 100644 --- a/net/ipv6/ipv6_sockglue.c @@ -94607,7 +94731,7 @@ index 8da4481..d02565e 100644 + (rtt >> sctp_rto_alpha); } else { diff --git a/net/socket.c b/net/socket.c -index cf546a3..f7c6c75 100644 +index cf546a3..a9b550f 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -94627,6 +94751,15 @@ index cf546a3..f7c6c75 100644 static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); +@@ -156,7 +159,7 @@ static const struct file_operations socket_file_ops = { + */ + + static DEFINE_SPINLOCK(net_family_lock); +-static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly; ++const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly; + + /* + * Statistics counters of the socket lists @@ -321,7 +324,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, &sockfs_dentry_operations, SOCKFS_MAGIC); } @@ -94645,24 +94778,28 @@ index cf546a3..f7c6c75 100644 /* Compatibility. -@@ -1319,6 +1324,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) - if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) - flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; +@@ -1207,6 +1212,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, + if (err) + return err; -+ if(!gr_search_socket(family, type, protocol)) { -+ retval = -EACCES; -+ goto out; ++ if(!kern && !gr_search_socket(family, type, protocol)) { ++ if (rcu_access_pointer(net_families[family]) == NULL) ++ return -EAFNOSUPPORT; ++ else ++ return -EACCES; + } + -+ if (gr_handle_sock_all(family, type, protocol)) { -+ retval = -EACCES; -+ goto out; ++ if (!kern && gr_handle_sock_all(family, type, protocol)) { ++ if (rcu_access_pointer(net_families[family]) == NULL) ++ return -EAFNOSUPPORT; ++ else ++ return -EACCES; + } + - retval = sock_create(family, type, protocol, &sock); - if (retval < 0) - goto out; -@@ -1431,6 +1446,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) + /* + * Allocate the socket and allow the family to set things up. if + * the protocol is 0, the family is instructed to select an appropriate +@@ -1431,6 +1450,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address); if (err >= 0) { @@ -94677,7 +94814,7 @@ index cf546a3..f7c6c75 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1439,6 +1462,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1439,6 +1466,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -94685,7 +94822,7 @@ index cf546a3..f7c6c75 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1462,10 +1486,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1462,10 +1490,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned)backlog > somaxconn) backlog = somaxconn; @@ -94706,7 +94843,7 @@ index cf546a3..f7c6c75 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1509,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1509,6 +1547,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -94725,7 +94862,7 @@ index cf546a3..f7c6c75 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1547,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1547,6 +1597,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -94734,7 +94871,7 @@ index cf546a3..f7c6c75 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1579,6 +1627,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1579,6 +1631,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -94742,7 +94879,7 @@ index cf546a3..f7c6c75 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1589,6 +1638,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1589,6 +1642,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -94760,7 +94897,7 @@ index cf546a3..f7c6c75 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1670,6 +1730,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, +@@ -1670,6 +1734,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, * the protocol. */ @@ -94769,7 +94906,7 @@ index cf546a3..f7c6c75 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1736,7 +1798,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1736,7 +1802,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -94778,7 +94915,7 @@ index cf546a3..f7c6c75 100644 int err, err2; int fput_needed; -@@ -1950,7 +2012,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1950,7 +2016,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -94787,7 +94924,7 @@ index cf546a3..f7c6c75 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2101,7 +2163,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2101,7 +2167,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, iov_size, total_len, len; /* kernel mode address */ @@ -94796,7 +94933,7 @@ index cf546a3..f7c6c75 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2131,7 +2193,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2131,7 +2197,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -94805,7 +94942,7 @@ index cf546a3..f7c6c75 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, -@@ -2772,7 +2834,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2772,7 +2838,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -94814,7 +94951,7 @@ index cf546a3..f7c6c75 100644 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2796,12 +2858,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2796,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -94831,7 +94968,7 @@ index cf546a3..f7c6c75 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2813,12 +2875,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2813,12 +2879,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -94848,7 +94985,7 @@ index cf546a3..f7c6c75 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2888,7 +2950,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2888,7 +2954,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -94857,7 +94994,7 @@ index cf546a3..f7c6c75 100644 set_fs(old_fs); return err; -@@ -2997,7 +3059,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -2997,7 +3063,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -94866,7 +95003,7 @@ index cf546a3..f7c6c75 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3102,7 +3164,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3102,7 +3168,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -94875,7 +95012,7 @@ index cf546a3..f7c6c75 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3342,8 +3404,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3342,8 +3408,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -94886,7 +95023,7 @@ index cf546a3..f7c6c75 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3363,7 +3425,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3363,7 +3429,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -101206,7 +101343,7 @@ index 0000000..698da67 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..2ef6fd9 +index 0000000..cd6c242 --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c @@ -0,0 +1,321 @@ @@ -101502,7 +101639,7 @@ index 0000000..2ef6fd9 + TREE_THIS_VOLATILE(latent_entropy_decl) = 1; + DECL_EXTERNAL(latent_entropy_decl) = 1; + DECL_ARTIFICIAL(latent_entropy_decl) = 1; -+ DECL_INITIAL(latent_entropy_decl) = NULL; ++ DECL_INITIAL(latent_entropy_decl) = build_int_cstu(long_long_unsigned_type_node, get_random_const()); + lang_hooks.decls.pushdecl(latent_entropy_decl); +// DECL_ASSEMBLER_NAME(latent_entropy_decl); +// varpool_finalize_decl(latent_entropy_decl); |