diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-12-02 15:52:16 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-12-02 15:52:16 -0500 |
commit | 5607de60d2a17294b70fc775bd73ba4ec16dc856 (patch) | |
tree | 71dc37628909ffdd50039bc0f5d8eaf5b370a1c0 | |
parent | Grsec/PaX: 3.0-{3.2.52,3.12.1}-201311261522 (diff) | |
download | hardened-patchset-5607de60d2a17294b70fc775bd73ba4ec16dc856.tar.gz hardened-patchset-5607de60d2a17294b70fc775bd73ba4ec16dc856.tar.bz2 hardened-patchset-5607de60d2a17294b70fc775bd73ba4ec16dc856.zip |
Grsec/PaX: 3.0-{3.2.53,3.12.2}-20131201111120131201
-rw-r--r-- | 3.12.2/0000_README (renamed from 3.12.1/0000_README) | 6 | ||||
-rw-r--r-- | 3.12.2/1001_linux-3.12.2.patch | 3790 | ||||
-rw-r--r-- | 3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch (renamed from 3.12.1/4420_grsecurity-3.0-3.12.1-201311261522.patch) | 375 | ||||
-rw-r--r-- | 3.12.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.12.1/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.12.1/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.12.1/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4435_grsec-mute-warnings.patch (renamed from 3.12.1/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4440_grsec-remove-protected-paths.patch (renamed from 3.12.1/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.12.1/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.12.1/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4470_disable-compat_vdso.patch (renamed from 3.12.1/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.12.2/4475_emutramp_default_on.patch (renamed from 3.12.1/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/0000_README (renamed from 3.2.52/0000_README) | 14 | ||||
-rw-r--r-- | 3.2.53/1021_linux-3.2.22.patch (renamed from 3.2.52/1021_linux-3.2.22.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1022_linux-3.2.23.patch (renamed from 3.2.52/1022_linux-3.2.23.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1023_linux-3.2.24.patch (renamed from 3.2.52/1023_linux-3.2.24.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1024_linux-3.2.25.patch (renamed from 3.2.52/1024_linux-3.2.25.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1025_linux-3.2.26.patch (renamed from 3.2.52/1025_linux-3.2.26.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1026_linux-3.2.27.patch (renamed from 3.2.52/1026_linux-3.2.27.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1027_linux-3.2.28.patch (renamed from 3.2.52/1027_linux-3.2.28.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1028_linux-3.2.29.patch (renamed from 3.2.52/1028_linux-3.2.29.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1029_linux-3.2.30.patch (renamed from 3.2.52/1029_linux-3.2.30.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1030_linux-3.2.31.patch (renamed from 3.2.52/1030_linux-3.2.31.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1031_linux-3.2.32.patch (renamed from 3.2.52/1031_linux-3.2.32.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1032_linux-3.2.33.patch (renamed from 3.2.52/1032_linux-3.2.33.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1033_linux-3.2.34.patch (renamed from 3.2.52/1033_linux-3.2.34.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1034_linux-3.2.35.patch (renamed from 3.2.52/1034_linux-3.2.35.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1035_linux-3.2.36.patch (renamed from 3.2.52/1035_linux-3.2.36.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1036_linux-3.2.37.patch (renamed from 3.2.52/1036_linux-3.2.37.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1037_linux-3.2.38.patch (renamed from 3.2.52/1037_linux-3.2.38.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1038_linux-3.2.39.patch (renamed from 3.2.52/1038_linux-3.2.39.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1039_linux-3.2.40.patch (renamed from 3.2.52/1039_linux-3.2.40.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1040_linux-3.2.41.patch (renamed from 3.2.52/1040_linux-3.2.41.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1041_linux-3.2.42.patch (renamed from 3.2.52/1041_linux-3.2.42.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1042_linux-3.2.43.patch (renamed from 3.2.52/1042_linux-3.2.43.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1043_linux-3.2.44.patch (renamed from 3.2.52/1043_linux-3.2.44.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1044_linux-3.2.45.patch (renamed from 3.2.52/1044_linux-3.2.45.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1045_linux-3.2.46.patch (renamed from 3.2.52/1045_linux-3.2.46.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1046_linux-3.2.47.patch (renamed from 3.2.52/1046_linux-3.2.47.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1047_linux-3.2.48.patch (renamed from 3.2.52/1047_linux-3.2.48.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1048_linux-3.2.49.patch (renamed from 3.2.52/1048_linux-3.2.49.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1049_linux-3.2.50.patch (renamed from 3.2.52/1049_linux-3.2.50.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1050_linux-3.2.51.patch (renamed from 3.2.52/1050_linux-3.2.51.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1051_linux-3.2.52.patch (renamed from 3.2.52/1051_linux-3.2.52.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/1052_linux-3.2.53.patch | 3357 | ||||
-rw-r--r-- | 3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch (renamed from 3.2.52/4420_grsecurity-3.0-3.2.52-201311261520.patch) | 848 | ||||
-rw-r--r-- | 3.2.53/4425_grsec_remove_EI_PAX.patch (renamed from 3.2.52/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.2.52/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.52/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4435_grsec-mute-warnings.patch (renamed from 3.2.52/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4440_grsec-remove-protected-paths.patch (renamed from 3.2.52/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.52/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.52/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4470_disable-compat_vdso.patch (renamed from 3.2.52/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.2.53/4475_emutramp_default_on.patch (renamed from 3.2.52/4475_emutramp_default_on.patch) | 0 |
55 files changed, 7399 insertions, 991 deletions
diff --git a/3.12.1/0000_README b/3.12.2/0000_README index 00a2158..21d2546 100644 --- a/3.12.1/0000_README +++ b/3.12.2/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.12.1-201311261522.patch +Patch: 1001_linux-3.12.2.patch +From: http://www.kernel.org +Desc: Linux 3.12.2 + +Patch: 4420_grsecurity-3.0-3.12.2-201312011111.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.12.2/1001_linux-3.12.2.patch b/3.12.2/1001_linux-3.12.2.patch new file mode 100644 index 0000000..8b40733 --- /dev/null +++ b/3.12.2/1001_linux-3.12.2.patch @@ -0,0 +1,3790 @@ +diff --git a/Makefile b/Makefile +index eb29ec7..e6e72b6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 12 +-SUBLEVEL = 1 ++SUBLEVEL = 2 + EXTRAVERSION = + NAME = One Giant Leap for Frogkind + +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c +index b0de86b..cb79a5d 100644 +--- a/arch/arm/kvm/mmu.c ++++ b/arch/arm/kvm/mmu.c +@@ -307,6 +307,17 @@ out: + return err; + } + ++static phys_addr_t kvm_kaddr_to_phys(void *kaddr) ++{ ++ if (!is_vmalloc_addr(kaddr)) { ++ BUG_ON(!virt_addr_valid(kaddr)); ++ return __pa(kaddr); ++ } else { ++ return page_to_phys(vmalloc_to_page(kaddr)) + ++ offset_in_page(kaddr); ++ } ++} ++ + /** + * create_hyp_mappings - duplicate a kernel virtual address range in Hyp mode + * @from: The virtual kernel start address of the range +@@ -318,16 +329,27 @@ out: + */ + int create_hyp_mappings(void *from, void *to) + { +- unsigned long phys_addr = virt_to_phys(from); ++ phys_addr_t phys_addr; ++ unsigned long virt_addr; + unsigned long start = KERN_TO_HYP((unsigned long)from); + unsigned long end = KERN_TO_HYP((unsigned long)to); + +- /* Check for a valid kernel memory mapping */ +- if (!virt_addr_valid(from) || !virt_addr_valid(to - 1)) +- return -EINVAL; ++ start = start & PAGE_MASK; ++ end = PAGE_ALIGN(end); + +- return __create_hyp_mappings(hyp_pgd, start, end, +- __phys_to_pfn(phys_addr), PAGE_HYP); ++ for (virt_addr = start; virt_addr < end; virt_addr += PAGE_SIZE) { ++ int err; ++ ++ phys_addr = kvm_kaddr_to_phys(from + virt_addr - start); ++ err = __create_hyp_mappings(hyp_pgd, virt_addr, ++ virt_addr + PAGE_SIZE, ++ __phys_to_pfn(phys_addr), ++ PAGE_HYP); ++ if (err) ++ return err; ++ } ++ ++ return 0; + } + + /** +diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c +index d9ee0ff..3d5db8c 100644 +--- a/arch/arm/mach-omap2/omap_hwmod.c ++++ b/arch/arm/mach-omap2/omap_hwmod.c +@@ -2361,21 +2361,23 @@ static struct device_node *of_dev_hwmod_lookup(struct device_node *np, + * Cache the virtual address used by the MPU to access this IP block's + * registers. This address is needed early so the OCP registers that + * are part of the device's address space can be ioremapped properly. +- * No return value. ++ * ++ * Returns 0 on success, -EINVAL if an invalid hwmod is passed, and ++ * -ENXIO on absent or invalid register target address space. + */ +-static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) ++static int __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) + { + struct omap_hwmod_addr_space *mem; + void __iomem *va_start = NULL; + struct device_node *np; + + if (!oh) +- return; ++ return -EINVAL; + + _save_mpu_port_index(oh); + + if (oh->_int_flags & _HWMOD_NO_MPU_PORT) +- return; ++ return -ENXIO; + + mem = _find_mpu_rt_addr_space(oh); + if (!mem) { +@@ -2384,7 +2386,7 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) + + /* Extract the IO space from device tree blob */ + if (!of_have_populated_dt()) +- return; ++ return -ENXIO; + + np = of_dev_hwmod_lookup(of_find_node_by_name(NULL, "ocp"), oh); + if (np) +@@ -2395,13 +2397,14 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) + + if (!va_start) { + pr_err("omap_hwmod: %s: Could not ioremap\n", oh->name); +- return; ++ return -ENXIO; + } + + pr_debug("omap_hwmod: %s: MPU register target at va %p\n", + oh->name, va_start); + + oh->_mpu_rt_va = va_start; ++ return 0; + } + + /** +@@ -2414,8 +2417,8 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) + * registered at this point. This is the first of two phases for + * hwmod initialization. Code called here does not touch any hardware + * registers, it simply prepares internal data structures. Returns 0 +- * upon success or if the hwmod isn't registered, or -EINVAL upon +- * failure. ++ * upon success or if the hwmod isn't registered or if the hwmod's ++ * address space is not defined, or -EINVAL upon failure. + */ + static int __init _init(struct omap_hwmod *oh, void *data) + { +@@ -2424,8 +2427,14 @@ static int __init _init(struct omap_hwmod *oh, void *data) + if (oh->_state != _HWMOD_STATE_REGISTERED) + return 0; + +- if (oh->class->sysc) +- _init_mpu_rt_base(oh, NULL); ++ if (oh->class->sysc) { ++ r = _init_mpu_rt_base(oh, NULL); ++ if (r < 0) { ++ WARN(1, "omap_hwmod: %s: doesn't have mpu register target base\n", ++ oh->name); ++ return 0; ++ } ++ } + + r = _init_clocks(oh, NULL); + if (r < 0) { +diff --git a/arch/cris/include/asm/io.h b/arch/cris/include/asm/io.h +index 5d3047e..4353cf2 100644 +--- a/arch/cris/include/asm/io.h ++++ b/arch/cris/include/asm/io.h +@@ -3,6 +3,7 @@ + + #include <asm/page.h> /* for __va, __pa */ + #include <arch/io.h> ++#include <asm-generic/iomap.h> + #include <linux/kernel.h> + + struct cris_io_operations +diff --git a/arch/ia64/include/asm/processor.h b/arch/ia64/include/asm/processor.h +index e0a899a..5a84b3a 100644 +--- a/arch/ia64/include/asm/processor.h ++++ b/arch/ia64/include/asm/processor.h +@@ -319,7 +319,7 @@ struct thread_struct { + regs->loadrs = 0; \ + regs->r8 = get_dumpable(current->mm); /* set "don't zap registers" flag */ \ + regs->r12 = new_sp - 16; /* allocate 16 byte scratch area */ \ +- if (unlikely(!get_dumpable(current->mm))) { \ ++ if (unlikely(get_dumpable(current->mm) != SUID_DUMP_USER)) { \ + /* \ + * Zap scratch regs to avoid leaking bits between processes with different \ + * uid/privileges. \ +diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c +index 55593ee..c766cf5 100644 +--- a/arch/powerpc/kernel/eeh.c ++++ b/arch/powerpc/kernel/eeh.c +@@ -687,6 +687,15 @@ void eeh_save_bars(struct eeh_dev *edev) + + for (i = 0; i < 16; i++) + eeh_ops->read_config(dn, i * 4, 4, &edev->config_space[i]); ++ ++ /* ++ * For PCI bridges including root port, we need enable bus ++ * master explicitly. Otherwise, it can't fetch IODA table ++ * entries correctly. So we cache the bit in advance so that ++ * we can restore it after reset, either PHB range or PE range. ++ */ ++ if (edev->mode & EEH_DEV_BRIDGE) ++ edev->config_space[1] |= PCI_COMMAND_MASTER; + } + + /** +diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c +index bebdf1a..36d49e6 100644 +--- a/arch/powerpc/kernel/signal_32.c ++++ b/arch/powerpc/kernel/signal_32.c +@@ -457,7 +457,15 @@ static int save_user_regs(struct pt_regs *regs, struct mcontext __user *frame, + if (copy_vsx_to_user(&frame->mc_vsregs, current)) + return 1; + msr |= MSR_VSX; +- } ++ } else if (!ctx_has_vsx_region) ++ /* ++ * With a small context structure we can't hold the VSX ++ * registers, hence clear the MSR value to indicate the state ++ * was not saved. ++ */ ++ msr &= ~MSR_VSX; ++ ++ + #endif /* CONFIG_VSX */ + #ifdef CONFIG_SPE + /* save spe registers */ +diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c +index 192b051..b3b1441 100644 +--- a/arch/powerpc/kernel/time.c ++++ b/arch/powerpc/kernel/time.c +@@ -213,8 +213,6 @@ static u64 scan_dispatch_log(u64 stop_tb) + if (i == be64_to_cpu(vpa->dtl_idx)) + return 0; + while (i < be64_to_cpu(vpa->dtl_idx)) { +- if (dtl_consumer) +- dtl_consumer(dtl, i); + dtb = be64_to_cpu(dtl->timebase); + tb_delta = be32_to_cpu(dtl->enqueue_to_dispatch_time) + + be32_to_cpu(dtl->ready_to_enqueue_time); +@@ -227,6 +225,8 @@ static u64 scan_dispatch_log(u64 stop_tb) + } + if (dtb > stop_tb) + break; ++ if (dtl_consumer) ++ dtl_consumer(dtl, i); + stolen += tb_delta; + ++i; + ++dtl; +diff --git a/arch/powerpc/kernel/vio.c b/arch/powerpc/kernel/vio.c +index d38cc08..cb92d82 100644 +--- a/arch/powerpc/kernel/vio.c ++++ b/arch/powerpc/kernel/vio.c +@@ -1531,12 +1531,12 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr, + + dn = dev->of_node; + if (!dn) { +- strcat(buf, "\n"); ++ strcpy(buf, "\n"); + return strlen(buf); + } + cp = of_get_property(dn, "compatible", NULL); + if (!cp) { +- strcat(buf, "\n"); ++ strcpy(buf, "\n"); + return strlen(buf); + } + +diff --git a/arch/powerpc/mm/gup.c b/arch/powerpc/mm/gup.c +index 6936547..c5f734e 100644 +--- a/arch/powerpc/mm/gup.c ++++ b/arch/powerpc/mm/gup.c +@@ -123,6 +123,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, + struct mm_struct *mm = current->mm; + unsigned long addr, len, end; + unsigned long next; ++ unsigned long flags; + pgd_t *pgdp; + int nr = 0; + +@@ -156,7 +157,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, + * So long as we atomically load page table pointers versus teardown, + * we can follow the address down to the the page and take a ref on it. + */ +- local_irq_disable(); ++ local_irq_save(flags); + + pgdp = pgd_offset(mm, addr); + do { +@@ -179,7 +180,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, + break; + } while (pgdp++, addr = next, addr != end); + +- local_irq_enable(); ++ local_irq_restore(flags); + + return nr; + } +diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c +index 3e99c14..7ce9cf3 100644 +--- a/arch/powerpc/mm/slice.c ++++ b/arch/powerpc/mm/slice.c +@@ -258,7 +258,7 @@ static bool slice_scan_available(unsigned long addr, + slice = GET_HIGH_SLICE_INDEX(addr); + *boundary_addr = (slice + end) ? + ((slice + end) << SLICE_HIGH_SHIFT) : SLICE_LOW_TOP; +- return !!(available.high_slices & (1u << slice)); ++ return !!(available.high_slices & (1ul << slice)); + } + } + +diff --git a/arch/powerpc/platforms/512x/mpc512x_shared.c b/arch/powerpc/platforms/512x/mpc512x_shared.c +index a82a41b..1a7b1d0 100644 +--- a/arch/powerpc/platforms/512x/mpc512x_shared.c ++++ b/arch/powerpc/platforms/512x/mpc512x_shared.c +@@ -303,6 +303,9 @@ void __init mpc512x_setup_diu(void) + diu_ops.release_bootmem = mpc512x_release_bootmem; + } + ++#else ++void __init mpc512x_setup_diu(void) { /* EMPTY */ } ++void __init mpc512x_init_diu(void) { /* EMPTY */ } + #endif + + void __init mpc512x_init_IRQ(void) +diff --git a/arch/powerpc/platforms/52xx/Kconfig b/arch/powerpc/platforms/52xx/Kconfig +index 90f4496..af54174 100644 +--- a/arch/powerpc/platforms/52xx/Kconfig ++++ b/arch/powerpc/platforms/52xx/Kconfig +@@ -57,5 +57,5 @@ config PPC_MPC5200_BUGFIX + + config PPC_MPC5200_LPBFIFO + tristate "MPC5200 LocalPlus bus FIFO driver" +- depends on PPC_MPC52xx ++ depends on PPC_MPC52xx && PPC_BESTCOMM + select PPC_BESTCOMM_GEN_BD +diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c +index 74a5a57..930e1fe 100644 +--- a/arch/powerpc/platforms/powernv/pci-ioda.c ++++ b/arch/powerpc/platforms/powernv/pci-ioda.c +@@ -153,13 +153,23 @@ static int pnv_ioda_configure_pe(struct pnv_phb *phb, struct pnv_ioda_pe *pe) + rid_end = pe->rid + 1; + } + +- /* Associate PE in PELT */ ++ /* ++ * Associate PE in PELT. We need add the PE into the ++ * corresponding PELT-V as well. Otherwise, the error ++ * originated from the PE might contribute to other ++ * PEs. ++ */ + rc = opal_pci_set_pe(phb->opal_id, pe->pe_number, pe->rid, + bcomp, dcomp, fcomp, OPAL_MAP_PE); + if (rc) { + pe_err(pe, "OPAL error %ld trying to setup PELT table\n", rc); + return -ENXIO; + } ++ ++ rc = opal_pci_set_peltv(phb->opal_id, pe->pe_number, ++ pe->pe_number, OPAL_ADD_PE_TO_DOMAIN); ++ if (rc) ++ pe_warn(pe, "OPAL error %d adding self to PELTV\n", rc); + opal_pci_eeh_freeze_clear(phb->opal_id, pe->pe_number, + OPAL_EEH_ACTION_CLEAR_FREEZE_ALL); + +diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c +index b4dbade..2e4b5be 100644 +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -35,7 +35,6 @@ static u8 *ctrblk; + static char keylen_flag; + + struct s390_aes_ctx { +- u8 iv[AES_BLOCK_SIZE]; + u8 key[AES_MAX_KEY_SIZE]; + long enc; + long dec; +@@ -441,30 +440,36 @@ static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, + return aes_set_key(tfm, in_key, key_len); + } + +-static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param, ++static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, + struct blkcipher_walk *walk) + { ++ struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); + int ret = blkcipher_walk_virt(desc, walk); + unsigned int nbytes = walk->nbytes; ++ struct { ++ u8 iv[AES_BLOCK_SIZE]; ++ u8 key[AES_MAX_KEY_SIZE]; ++ } param; + + if (!nbytes) + goto out; + +- memcpy(param, walk->iv, AES_BLOCK_SIZE); ++ memcpy(param.iv, walk->iv, AES_BLOCK_SIZE); ++ memcpy(param.key, sctx->key, sctx->key_len); + do { + /* only use complete blocks */ + unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); + u8 *out = walk->dst.virt.addr; + u8 *in = walk->src.virt.addr; + +- ret = crypt_s390_kmc(func, param, out, in, n); ++ ret = crypt_s390_kmc(func, ¶m, out, in, n); + if (ret < 0 || ret != n) + return -EIO; + + nbytes &= AES_BLOCK_SIZE - 1; + ret = blkcipher_walk_done(desc, walk, nbytes); + } while ((nbytes = walk->nbytes)); +- memcpy(walk->iv, param, AES_BLOCK_SIZE); ++ memcpy(walk->iv, param.iv, AES_BLOCK_SIZE); + + out: + return ret; +@@ -481,7 +486,7 @@ static int cbc_aes_encrypt(struct blkcipher_desc *desc, + return fallback_blk_enc(desc, dst, src, nbytes); + + blkcipher_walk_init(&walk, dst, src, nbytes); +- return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk); ++ return cbc_aes_crypt(desc, sctx->enc, &walk); + } + + static int cbc_aes_decrypt(struct blkcipher_desc *desc, +@@ -495,7 +500,7 @@ static int cbc_aes_decrypt(struct blkcipher_desc *desc, + return fallback_blk_dec(desc, dst, src, nbytes); + + blkcipher_walk_init(&walk, dst, src, nbytes); +- return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk); ++ return cbc_aes_crypt(desc, sctx->dec, &walk); + } + + static struct crypto_alg cbc_aes_alg = { +diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h +index 819b94d..8beee1c 100644 +--- a/arch/s390/include/asm/timex.h ++++ b/arch/s390/include/asm/timex.h +@@ -71,9 +71,11 @@ static inline void local_tick_enable(unsigned long long comp) + + typedef unsigned long long cycles_t; + +-static inline void get_tod_clock_ext(char *clk) ++static inline void get_tod_clock_ext(char clk[16]) + { +- asm volatile("stcke %0" : "=Q" (*clk) : : "cc"); ++ typedef struct { char _[sizeof(clk)]; } addrtype; ++ ++ asm volatile("stcke %0" : "=Q" (*(addrtype *) clk) : : "cc"); + } + + static inline unsigned long long get_tod_clock(void) +diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c +index 1a4313a..93439cd 100644 +--- a/arch/s390/kernel/smp.c ++++ b/arch/s390/kernel/smp.c +@@ -929,7 +929,7 @@ static ssize_t show_idle_count(struct device *dev, + idle_count = ACCESS_ONCE(idle->idle_count); + if (ACCESS_ONCE(idle->clock_idle_enter)) + idle_count++; +- } while ((sequence & 1) || (idle->sequence != sequence)); ++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); + return sprintf(buf, "%llu\n", idle_count); + } + static DEVICE_ATTR(idle_count, 0444, show_idle_count, NULL); +@@ -947,7 +947,7 @@ static ssize_t show_idle_time(struct device *dev, + idle_time = ACCESS_ONCE(idle->idle_time); + idle_enter = ACCESS_ONCE(idle->clock_idle_enter); + idle_exit = ACCESS_ONCE(idle->clock_idle_exit); +- } while ((sequence & 1) || (idle->sequence != sequence)); ++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); + idle_time += idle_enter ? ((idle_exit ? : now) - idle_enter) : 0; + return sprintf(buf, "%llu\n", idle_time >> 12); + } +diff --git a/arch/s390/kernel/vtime.c b/arch/s390/kernel/vtime.c +index abcfab5..bb06a76 100644 +--- a/arch/s390/kernel/vtime.c ++++ b/arch/s390/kernel/vtime.c +@@ -191,7 +191,7 @@ cputime64_t s390_get_idle_time(int cpu) + sequence = ACCESS_ONCE(idle->sequence); + idle_enter = ACCESS_ONCE(idle->clock_idle_enter); + idle_exit = ACCESS_ONCE(idle->clock_idle_exit); +- } while ((sequence & 1) || (idle->sequence != sequence)); ++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); + return idle_enter ? ((idle_exit ?: now) - idle_enter) : 0; + } + +diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c +index e0e0841..18677a9 100644 +--- a/arch/x86/kernel/crash.c ++++ b/arch/x86/kernel/crash.c +@@ -127,12 +127,12 @@ void native_machine_crash_shutdown(struct pt_regs *regs) + cpu_emergency_vmxoff(); + cpu_emergency_svm_disable(); + +- lapic_shutdown(); + #ifdef CONFIG_X86_IO_APIC + /* Prevent crash_kexec() from deadlocking on ioapic_lock. */ + ioapic_zap_locks(); + disable_IO_APIC(); + #endif ++ lapic_shutdown(); + #ifdef CONFIG_HPET_TIMER + hpet_disable(); + #endif +diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c +index 42a392a..d4bdd25 100644 +--- a/arch/x86/kernel/ftrace.c ++++ b/arch/x86/kernel/ftrace.c +@@ -248,6 +248,15 @@ int ftrace_update_ftrace_func(ftrace_func_t func) + return ret; + } + ++static int is_ftrace_caller(unsigned long ip) ++{ ++ if (ip == (unsigned long)(&ftrace_call) || ++ ip == (unsigned long)(&ftrace_regs_call)) ++ return 1; ++ ++ return 0; ++} ++ + /* + * A breakpoint was added to the code address we are about to + * modify, and this is the handle that will just skip over it. +@@ -257,10 +266,13 @@ int ftrace_update_ftrace_func(ftrace_func_t func) + */ + int ftrace_int3_handler(struct pt_regs *regs) + { ++ unsigned long ip; ++ + if (WARN_ON_ONCE(!regs)) + return 0; + +- if (!ftrace_location(regs->ip - 1)) ++ ip = regs->ip - 1; ++ if (!ftrace_location(ip) && !is_ftrace_caller(ip)) + return 0; + + regs->ip += MCOUNT_INSN_SIZE - 1; +diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c +index af99f71..c3d4cc9 100644 +--- a/arch/x86/kernel/microcode_amd.c ++++ b/arch/x86/kernel/microcode_amd.c +@@ -431,7 +431,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device, + snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); + + if (request_firmware(&fw, (const char *)fw_name, device)) { +- pr_err("failed to load file %s\n", fw_name); ++ pr_debug("failed to load file %s\n", fw_name); + goto out; + } + +diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c +index c83516b..3fb8d95 100644 +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -391,9 +391,9 @@ static void amd_e400_idle(void) + * The switch back from broadcast mode needs to be + * called with interrupts disabled. + */ +- local_irq_disable(); +- clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu); +- local_irq_enable(); ++ local_irq_disable(); ++ clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu); ++ local_irq_enable(); + } else + default_idle(); + } +diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c +index 7e920bf..618ce26 100644 +--- a/arch/x86/kernel/reboot.c ++++ b/arch/x86/kernel/reboot.c +@@ -550,6 +550,10 @@ static void native_machine_emergency_restart(void) + void native_machine_shutdown(void) + { + /* Stop the cpus and apics */ ++#ifdef CONFIG_X86_IO_APIC ++ disable_IO_APIC(); ++#endif ++ + #ifdef CONFIG_SMP + /* + * Stop all of the others. Also disable the local irq to +@@ -562,10 +566,6 @@ void native_machine_shutdown(void) + + lapic_shutdown(); + +-#ifdef CONFIG_X86_IO_APIC +- disable_IO_APIC(); +-#endif +- + #ifdef CONFIG_HPET_TIMER + hpet_disable(); + #endif +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c +index ddc3f3d..92e6f4a 100644 +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -4040,7 +4040,10 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op, + case OpMem8: + ctxt->memop.bytes = 1; + if (ctxt->memop.type == OP_REG) { +- ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, 1); ++ int highbyte_regs = ctxt->rex_prefix == 0; ++ ++ ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, ++ highbyte_regs); + fetch_register_operand(&ctxt->memop); + } + goto mem_common; +diff --git a/block/blk-core.c b/block/blk-core.c +index 0a00e4e..5e00b5a 100644 +--- a/block/blk-core.c ++++ b/block/blk-core.c +@@ -2227,6 +2227,7 @@ void blk_start_request(struct request *req) + if (unlikely(blk_bidi_rq(req))) + req->next_rq->resid_len = blk_rq_bytes(req->next_rq); + ++ BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags)); + blk_add_timer(req); + } + EXPORT_SYMBOL(blk_start_request); +diff --git a/block/blk-settings.c b/block/blk-settings.c +index c50ecf0..5330933 100644 +--- a/block/blk-settings.c ++++ b/block/blk-settings.c +@@ -144,6 +144,7 @@ void blk_set_stacking_limits(struct queue_limits *lim) + lim->discard_zeroes_data = 1; + lim->max_segments = USHRT_MAX; + lim->max_hw_sectors = UINT_MAX; ++ lim->max_segment_size = UINT_MAX; + lim->max_sectors = UINT_MAX; + lim->max_write_same_sectors = UINT_MAX; + } +diff --git a/block/blk-timeout.c b/block/blk-timeout.c +index 65f1035..655ba90 100644 +--- a/block/blk-timeout.c ++++ b/block/blk-timeout.c +@@ -91,8 +91,8 @@ static void blk_rq_timed_out(struct request *req) + __blk_complete_request(req); + break; + case BLK_EH_RESET_TIMER: +- blk_clear_rq_complete(req); + blk_add_timer(req); ++ blk_clear_rq_complete(req); + break; + case BLK_EH_NOT_HANDLED: + /* +@@ -174,7 +174,6 @@ void blk_add_timer(struct request *req) + return; + + BUG_ON(!list_empty(&req->timeout_list)); +- BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags)); + + /* + * Some LLDs, like scsi, peek at the timeout to prevent a +diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c +index c0bb377..666f196 100644 +--- a/crypto/ansi_cprng.c ++++ b/crypto/ansi_cprng.c +@@ -230,11 +230,11 @@ remainder: + */ + if (byte_count < DEFAULT_BLK_SZ) { + empty_rbuf: +- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ; +- ctx->rand_data_valid++) { ++ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) { + *ptr = ctx->rand_data[ctx->rand_data_valid]; + ptr++; + byte_count--; ++ ctx->rand_data_valid++; + if (byte_count == 0) + goto done; + } +diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c +index a06d983..15986f3 100644 +--- a/drivers/acpi/ec.c ++++ b/drivers/acpi/ec.c +@@ -175,9 +175,10 @@ static void start_transaction(struct acpi_ec *ec) + static void advance_transaction(struct acpi_ec *ec, u8 status) + { + unsigned long flags; +- struct transaction *t = ec->curr; ++ struct transaction *t; + + spin_lock_irqsave(&ec->lock, flags); ++ t = ec->curr; + if (!t) + goto unlock; + if (t->wlen > t->wi) { +diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c +index d3874f4..d7e53ea 100644 +--- a/drivers/acpi/pci_root.c ++++ b/drivers/acpi/pci_root.c +@@ -608,9 +608,12 @@ static void handle_root_bridge_removal(struct acpi_device *device) + ej_event->device = device; + ej_event->event = ACPI_NOTIFY_EJECT_REQUEST; + ++ get_device(&device->dev); + status = acpi_os_hotplug_execute(acpi_bus_hot_remove_device, ej_event); +- if (ACPI_FAILURE(status)) ++ if (ACPI_FAILURE(status)) { ++ put_device(&device->dev); + kfree(ej_event); ++ } + } + + static void _handle_hotplug_event_root(struct work_struct *work) +diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c +index f98dd00..c7414a5 100644 +--- a/drivers/acpi/processor_idle.c ++++ b/drivers/acpi/processor_idle.c +@@ -119,17 +119,10 @@ static struct dmi_system_id processor_power_dmi_table[] = { + */ + static void acpi_safe_halt(void) + { +- current_thread_info()->status &= ~TS_POLLING; +- /* +- * TS_POLLING-cleared state must be visible before we +- * test NEED_RESCHED: +- */ +- smp_mb(); +- if (!need_resched()) { ++ if (!tif_need_resched()) { + safe_halt(); + local_irq_disable(); + } +- current_thread_info()->status |= TS_POLLING; + } + + #ifdef ARCH_APICTIMER_STOPS_ON_C3 +@@ -737,6 +730,11 @@ static int acpi_idle_enter_c1(struct cpuidle_device *dev, + if (unlikely(!pr)) + return -EINVAL; + ++ if (cx->entry_method == ACPI_CSTATE_FFH) { ++ if (current_set_polling_and_test()) ++ return -EINVAL; ++ } ++ + lapic_timer_state_broadcast(pr, cx, 1); + acpi_idle_do_entry(cx); + +@@ -790,18 +788,9 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev, + if (unlikely(!pr)) + return -EINVAL; + +- if (cx->entry_method != ACPI_CSTATE_FFH) { +- current_thread_info()->status &= ~TS_POLLING; +- /* +- * TS_POLLING-cleared state must be visible before we test +- * NEED_RESCHED: +- */ +- smp_mb(); +- +- if (unlikely(need_resched())) { +- current_thread_info()->status |= TS_POLLING; ++ if (cx->entry_method == ACPI_CSTATE_FFH) { ++ if (current_set_polling_and_test()) + return -EINVAL; +- } + } + + /* +@@ -819,9 +808,6 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev, + + sched_clock_idle_wakeup_event(0); + +- if (cx->entry_method != ACPI_CSTATE_FFH) +- current_thread_info()->status |= TS_POLLING; +- + lapic_timer_state_broadcast(pr, cx, 0); + return index; + } +@@ -858,18 +844,9 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev, + } + } + +- if (cx->entry_method != ACPI_CSTATE_FFH) { +- current_thread_info()->status &= ~TS_POLLING; +- /* +- * TS_POLLING-cleared state must be visible before we test +- * NEED_RESCHED: +- */ +- smp_mb(); +- +- if (unlikely(need_resched())) { +- current_thread_info()->status |= TS_POLLING; ++ if (cx->entry_method == ACPI_CSTATE_FFH) { ++ if (current_set_polling_and_test()) + return -EINVAL; +- } + } + + acpi_unlazy_tlb(smp_processor_id()); +@@ -915,9 +892,6 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev, + + sched_clock_idle_wakeup_event(0); + +- if (cx->entry_method != ACPI_CSTATE_FFH) +- current_thread_info()->status |= TS_POLLING; +- + lapic_timer_state_broadcast(pr, cx, 0); + return index; + } +diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c +index fee8a29..3601738 100644 +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -331,8 +331,6 @@ static void acpi_scan_bus_device_check(acpi_handle handle, u32 ost_source) + goto out; + } + } +- acpi_evaluate_hotplug_ost(handle, ost_source, +- ACPI_OST_SC_INSERT_IN_PROGRESS, NULL); + error = acpi_bus_scan(handle); + if (error) { + acpi_handle_warn(handle, "Namespace scan failure\n"); +diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c +index aebcf63..f193285 100644 +--- a/drivers/acpi/video.c ++++ b/drivers/acpi/video.c +@@ -832,7 +832,7 @@ acpi_video_init_brightness(struct acpi_video_device *device) + for (i = 2; i < br->count; i++) + if (level_old == br->levels[i]) + break; +- if (i == br->count) ++ if (i == br->count || !level) + level = max_level; + } + +diff --git a/drivers/block/brd.c b/drivers/block/brd.c +index 9bf4371..d91f1a5 100644 +--- a/drivers/block/brd.c ++++ b/drivers/block/brd.c +@@ -545,7 +545,7 @@ static struct kobject *brd_probe(dev_t dev, int *part, void *data) + + mutex_lock(&brd_devices_mutex); + brd = brd_init_one(MINOR(dev) >> part_shift); +- kobj = brd ? get_disk(brd->brd_disk) : ERR_PTR(-ENOMEM); ++ kobj = brd ? get_disk(brd->brd_disk) : NULL; + mutex_unlock(&brd_devices_mutex); + + *part = 0; +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index 40e7155..2f036ca 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -1741,7 +1741,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data) + if (err < 0) + err = loop_add(&lo, MINOR(dev) >> part_shift); + if (err < 0) +- kobj = ERR_PTR(err); ++ kobj = NULL; + else + kobj = get_disk(lo->lo_disk); + mutex_unlock(&loop_index_mutex); +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index f3dfc0a..d593c99 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -1628,7 +1628,6 @@ static struct usb_driver btusb_driver = { + #ifdef CONFIG_PM + .suspend = btusb_suspend, + .resume = btusb_resume, +- .reset_resume = btusb_resume, + #endif + .id_table = btusb_table, + .supports_autosuspend = 1, +diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c +index e5be3ee..71b4283 100644 +--- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c ++++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c +@@ -587,6 +587,7 @@ nvc1_grctx_init_unk58xx[] = { + { 0x405870, 4, 0x04, 0x00000001 }, + { 0x405a00, 2, 0x04, 0x00000000 }, + { 0x405a18, 1, 0x04, 0x00000000 }, ++ {} + }; + + static struct nvc0_graph_init +@@ -598,6 +599,7 @@ nvc1_grctx_init_rop[] = { + { 0x408904, 1, 0x04, 0x62000001 }, + { 0x408908, 1, 0x04, 0x00c80929 }, + { 0x408980, 1, 0x04, 0x0000011d }, ++ {} + }; + + static struct nvc0_graph_init +@@ -671,6 +673,7 @@ nvc1_grctx_init_gpc_0[] = { + { 0x419000, 1, 0x04, 0x00000780 }, + { 0x419004, 2, 0x04, 0x00000000 }, + { 0x419014, 1, 0x04, 0x00000004 }, ++ {} + }; + + static struct nvc0_graph_init +@@ -717,6 +720,7 @@ nvc1_grctx_init_tpc[] = { + { 0x419e98, 1, 0x04, 0x00000000 }, + { 0x419ee0, 1, 0x04, 0x00011110 }, + { 0x419f30, 11, 0x04, 0x00000000 }, ++ {} + }; + + void +diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c +index 438e784..c4740d5 100644 +--- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c ++++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c +@@ -258,6 +258,7 @@ nvd7_grctx_init_hub[] = { + nvc0_grctx_init_unk78xx, + nvc0_grctx_init_unk80xx, + nvd9_grctx_init_rop, ++ NULL + }; + + struct nvc0_graph_init * +diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c +index 818a475..a1102cb 100644 +--- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c ++++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c +@@ -466,6 +466,7 @@ nvd9_grctx_init_hub[] = { + nvc0_grctx_init_unk78xx, + nvc0_grctx_init_unk80xx, + nvd9_grctx_init_rop, ++ NULL + }; + + struct nvc0_graph_init * +diff --git a/drivers/gpu/drm/shmobile/Kconfig b/drivers/gpu/drm/shmobile/Kconfig +index ca498d1..5240690 100644 +--- a/drivers/gpu/drm/shmobile/Kconfig ++++ b/drivers/gpu/drm/shmobile/Kconfig +@@ -1,6 +1,7 @@ + config DRM_SHMOBILE + tristate "DRM Support for SH Mobile" + depends on DRM && (ARM || SUPERH) ++ select BACKLIGHT_CLASS_DEVICE + select DRM_KMS_HELPER + select DRM_KMS_CMA_HELPER + select DRM_GEM_CMA_HELPER +diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c +index bbff5f2..fa92046 100644 +--- a/drivers/hv/channel_mgmt.c ++++ b/drivers/hv/channel_mgmt.c +@@ -203,7 +203,8 @@ static void vmbus_process_rescind_offer(struct work_struct *work) + struct vmbus_channel *primary_channel; + struct vmbus_channel_relid_released msg; + +- vmbus_device_unregister(channel->device_obj); ++ if (channel->device_obj) ++ vmbus_device_unregister(channel->device_obj); + memset(&msg, 0, sizeof(struct vmbus_channel_relid_released)); + msg.child_relid = channel->offermsg.child_relid; + msg.header.msgtype = CHANNELMSG_RELID_RELEASED; +@@ -216,7 +217,7 @@ static void vmbus_process_rescind_offer(struct work_struct *work) + } else { + primary_channel = channel->primary_channel; + spin_lock_irqsave(&primary_channel->sc_lock, flags); +- list_del(&channel->listentry); ++ list_del(&channel->sc_list); + spin_unlock_irqrestore(&primary_channel->sc_lock, flags); + } + free_channel(channel); +diff --git a/drivers/hwmon/lm90.c b/drivers/hwmon/lm90.c +index cdff742..14e36c1 100644 +--- a/drivers/hwmon/lm90.c ++++ b/drivers/hwmon/lm90.c +@@ -278,7 +278,7 @@ static const struct lm90_params lm90_params[] = { + [max6696] = { + .flags = LM90_HAVE_EMERGENCY + | LM90_HAVE_EMERGENCY_ALARM | LM90_HAVE_TEMP3, +- .alert_alarms = 0x187c, ++ .alert_alarms = 0x1c7c, + .max_convrate = 6, + .reg_local_ext = MAX6657_REG_R_LOCAL_TEMPL, + }, +@@ -1500,19 +1500,22 @@ static void lm90_alert(struct i2c_client *client, unsigned int flag) + if ((alarms & 0x7f) == 0 && (alarms2 & 0xfe) == 0) { + dev_info(&client->dev, "Everything OK\n"); + } else { +- if (alarms & 0x61) ++ if ((alarms & 0x61) || (alarms2 & 0x80)) + dev_warn(&client->dev, + "temp%d out of range, please check!\n", 1); +- if (alarms & 0x1a) ++ if ((alarms & 0x1a) || (alarms2 & 0x20)) + dev_warn(&client->dev, + "temp%d out of range, please check!\n", 2); + if (alarms & 0x04) + dev_warn(&client->dev, + "temp%d diode open, please check!\n", 2); + +- if (alarms2 & 0x18) ++ if (alarms2 & 0x5a) + dev_warn(&client->dev, + "temp%d out of range, please check!\n", 3); ++ if (alarms2 & 0x04) ++ dev_warn(&client->dev, ++ "temp%d diode open, please check!\n", 3); + + /* + * Disable ALERT# output, because these chips don't implement +diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c +index fa6964d..f116d66 100644 +--- a/drivers/idle/intel_idle.c ++++ b/drivers/idle/intel_idle.c +@@ -359,7 +359,7 @@ static int intel_idle(struct cpuidle_device *dev, + if (!(lapic_timer_reliable_states & (1 << (cstate)))) + clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_ENTER, &cpu); + +- if (!need_resched()) { ++ if (!current_set_polling_and_test()) { + + __monitor((void *)¤t_thread_info()->flags, 0, 0); + smp_mb(); +diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c +index 08e7023..9188ef5 100644 +--- a/drivers/memstick/core/ms_block.c ++++ b/drivers/memstick/core/ms_block.c +@@ -401,7 +401,7 @@ again: + sizeof(struct ms_status_register))) + return 0; + +- msb->state = MSB_RP_RECEIVE_OOB_READ; ++ msb->state = MSB_RP_RECIVE_STATUS_REG; + return 0; + + case MSB_RP_RECIVE_STATUS_REG: +diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c +index 2fc0586..9cbd037 100644 +--- a/drivers/misc/lkdtm.c ++++ b/drivers/misc/lkdtm.c +@@ -297,6 +297,14 @@ static void do_nothing(void) + return; + } + ++static noinline void corrupt_stack(void) ++{ ++ /* Use default char array length that triggers stack protection. */ ++ char data[8]; ++ ++ memset((void *)data, 0, 64); ++} ++ + static void execute_location(void *dst) + { + void (*func)(void) = dst; +@@ -327,13 +335,9 @@ static void lkdtm_do_action(enum ctype which) + case CT_OVERFLOW: + (void) recursive_loop(0); + break; +- case CT_CORRUPT_STACK: { +- /* Make sure the compiler creates and uses an 8 char array. */ +- volatile char data[8]; +- +- memset((void *)data, 0, 64); ++ case CT_CORRUPT_STACK: ++ corrupt_stack(); + break; +- } + case CT_UNALIGNED_LOAD_STORE_WRITE: { + static u8 data[5] __attribute__((aligned(4))) = {1, 2, + 3, 4, 5}; +diff --git a/drivers/misc/mei/nfc.c b/drivers/misc/mei/nfc.c +index d0c6907..994ca4a 100644 +--- a/drivers/misc/mei/nfc.c ++++ b/drivers/misc/mei/nfc.c +@@ -485,8 +485,11 @@ int mei_nfc_host_init(struct mei_device *dev) + if (ndev->cl_info) + return 0; + +- cl_info = mei_cl_allocate(dev); +- cl = mei_cl_allocate(dev); ++ ndev->cl_info = mei_cl_allocate(dev); ++ ndev->cl = mei_cl_allocate(dev); ++ ++ cl = ndev->cl; ++ cl_info = ndev->cl_info; + + if (!cl || !cl_info) { + ret = -ENOMEM; +@@ -527,10 +530,9 @@ int mei_nfc_host_init(struct mei_device *dev) + + cl->device_uuid = mei_nfc_guid; + ++ + list_add_tail(&cl->device_link, &dev->device_list); + +- ndev->cl_info = cl_info; +- ndev->cl = cl; + ndev->req_id = 1; + + INIT_WORK(&ndev->init_work, mei_nfc_init); +diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c +index a668cd4..e3fc07c 100644 +--- a/drivers/net/can/c_can/c_can.c ++++ b/drivers/net/can/c_can/c_can.c +@@ -814,9 +814,6 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota) + msg_ctrl_save = priv->read_reg(priv, + C_CAN_IFACE(MSGCTRL_REG, 0)); + +- if (msg_ctrl_save & IF_MCONT_EOB) +- return num_rx_pkts; +- + if (msg_ctrl_save & IF_MCONT_MSGLST) { + c_can_handle_lost_msg_obj(dev, 0, msg_obj); + num_rx_pkts++; +@@ -824,6 +821,9 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota) + continue; + } + ++ if (msg_ctrl_save & IF_MCONT_EOB) ++ return num_rx_pkts; ++ + if (!(msg_ctrl_save & IF_MCONT_NEWDAT)) + continue; + +diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c +index 3b95465..4b2d5ed 100644 +--- a/drivers/net/can/usb/kvaser_usb.c ++++ b/drivers/net/can/usb/kvaser_usb.c +@@ -1544,9 +1544,9 @@ static int kvaser_usb_init_one(struct usb_interface *intf, + return 0; + } + +-static void kvaser_usb_get_endpoints(const struct usb_interface *intf, +- struct usb_endpoint_descriptor **in, +- struct usb_endpoint_descriptor **out) ++static int kvaser_usb_get_endpoints(const struct usb_interface *intf, ++ struct usb_endpoint_descriptor **in, ++ struct usb_endpoint_descriptor **out) + { + const struct usb_host_interface *iface_desc; + struct usb_endpoint_descriptor *endpoint; +@@ -1557,12 +1557,18 @@ static void kvaser_usb_get_endpoints(const struct usb_interface *intf, + for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) { + endpoint = &iface_desc->endpoint[i].desc; + +- if (usb_endpoint_is_bulk_in(endpoint)) ++ if (!*in && usb_endpoint_is_bulk_in(endpoint)) + *in = endpoint; + +- if (usb_endpoint_is_bulk_out(endpoint)) ++ if (!*out && usb_endpoint_is_bulk_out(endpoint)) + *out = endpoint; ++ ++ /* use first bulk endpoint for in and out */ ++ if (*in && *out) ++ return 0; + } ++ ++ return -ENODEV; + } + + static int kvaser_usb_probe(struct usb_interface *intf, +@@ -1576,8 +1582,8 @@ static int kvaser_usb_probe(struct usb_interface *intf, + if (!dev) + return -ENOMEM; + +- kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out); +- if (!dev->bulk_in || !dev->bulk_out) { ++ err = kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out); ++ if (err) { + dev_err(&intf->dev, "Cannot get usb endpoint(s)"); + return err; + } +diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c +index fc95b23..6305a5d 100644 +--- a/drivers/net/ethernet/atheros/alx/main.c ++++ b/drivers/net/ethernet/atheros/alx/main.c +@@ -1389,6 +1389,9 @@ static int alx_resume(struct device *dev) + { + struct pci_dev *pdev = to_pci_dev(dev); + struct alx_priv *alx = pci_get_drvdata(pdev); ++ struct alx_hw *hw = &alx->hw; ++ ++ alx_reset_phy(hw); + + if (!netif_running(alx->dev)) + return 0; +diff --git a/drivers/net/wireless/libertas/debugfs.c b/drivers/net/wireless/libertas/debugfs.c +index 668dd27..cc6a0a5 100644 +--- a/drivers/net/wireless/libertas/debugfs.c ++++ b/drivers/net/wireless/libertas/debugfs.c +@@ -913,7 +913,10 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf, + char *p2; + struct debug_data *d = f->private_data; + +- pdata = kmalloc(cnt, GFP_KERNEL); ++ if (cnt == 0) ++ return 0; ++ ++ pdata = kmalloc(cnt + 1, GFP_KERNEL); + if (pdata == NULL) + return 0; + +@@ -922,6 +925,7 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf, + kfree(pdata); + return 0; + } ++ pdata[cnt] = '\0'; + + p0 = pdata; + for (i = 0; i < num_of_items; i++) { +diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c +index 88ce656..1400787 100644 +--- a/drivers/net/wireless/rt2x00/rt2800lib.c ++++ b/drivers/net/wireless/rt2x00/rt2800lib.c +@@ -4461,10 +4461,13 @@ void rt2800_link_tuner(struct rt2x00_dev *rt2x00dev, struct link_qual *qual, + + vgc = rt2800_get_default_vgc(rt2x00dev); + +- if (rt2x00_rt(rt2x00dev, RT5592) && qual->rssi > -65) +- vgc += 0x20; +- else if (qual->rssi > -80) +- vgc += 0x10; ++ if (rt2x00_rt(rt2x00dev, RT5592)) { ++ if (qual->rssi > -65) ++ vgc += 0x20; ++ } else { ++ if (qual->rssi > -80) ++ vgc += 0x10; ++ } + + rt2800_set_vgc(rt2x00dev, qual, vgc); + } +diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c +index 96961b9..4feb35a 100644 +--- a/drivers/net/wireless/rt2x00/rt2800usb.c ++++ b/drivers/net/wireless/rt2x00/rt2800usb.c +@@ -148,6 +148,8 @@ static bool rt2800usb_txstatus_timeout(struct rt2x00_dev *rt2x00dev) + return false; + } + ++#define TXSTATUS_READ_INTERVAL 1000000 ++ + static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev, + int urb_status, u32 tx_status) + { +@@ -176,8 +178,9 @@ static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev, + queue_work(rt2x00dev->workqueue, &rt2x00dev->txdone_work); + + if (rt2800usb_txstatus_pending(rt2x00dev)) { +- /* Read register after 250 us */ +- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 250000), ++ /* Read register after 1 ms */ ++ hrtimer_start(&rt2x00dev->txstatus_timer, ++ ktime_set(0, TXSTATUS_READ_INTERVAL), + HRTIMER_MODE_REL); + return false; + } +@@ -202,8 +205,9 @@ static void rt2800usb_async_read_tx_status(struct rt2x00_dev *rt2x00dev) + if (test_and_set_bit(TX_STATUS_READING, &rt2x00dev->flags)) + return; + +- /* Read TX_STA_FIFO register after 500 us */ +- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 500000), ++ /* Read TX_STA_FIFO register after 2 ms */ ++ hrtimer_start(&rt2x00dev->txstatus_timer, ++ ktime_set(0, 2*TXSTATUS_READ_INTERVAL), + HRTIMER_MODE_REL); + } + +diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c +index 712eea9..f12e909 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00dev.c ++++ b/drivers/net/wireless/rt2x00/rt2x00dev.c +@@ -181,6 +181,7 @@ static void rt2x00lib_autowakeup(struct work_struct *work) + static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac, + struct ieee80211_vif *vif) + { ++ struct ieee80211_tx_control control = {}; + struct rt2x00_dev *rt2x00dev = data; + struct sk_buff *skb; + +@@ -195,7 +196,7 @@ static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac, + */ + skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); + while (skb) { +- rt2x00mac_tx(rt2x00dev->hw, NULL, skb); ++ rt2x00mac_tx(rt2x00dev->hw, &control, skb); + skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); + } + } +diff --git a/drivers/net/wireless/rt2x00/rt2x00lib.h b/drivers/net/wireless/rt2x00/rt2x00lib.h +index a093598..7f40ab8 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00lib.h ++++ b/drivers/net/wireless/rt2x00/rt2x00lib.h +@@ -146,7 +146,7 @@ void rt2x00queue_remove_l2pad(struct sk_buff *skb, unsigned int header_length); + * @local: frame is not from mac80211 + */ + int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, +- bool local); ++ struct ieee80211_sta *sta, bool local); + + /** + * rt2x00queue_update_beacon - Send new beacon from mac80211 +diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c +index f883802..f8cff1f 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00mac.c ++++ b/drivers/net/wireless/rt2x00/rt2x00mac.c +@@ -90,7 +90,7 @@ static int rt2x00mac_tx_rts_cts(struct rt2x00_dev *rt2x00dev, + frag_skb->data, data_length, tx_info, + (struct ieee80211_rts *)(skb->data)); + +- retval = rt2x00queue_write_tx_frame(queue, skb, true); ++ retval = rt2x00queue_write_tx_frame(queue, skb, NULL, true); + if (retval) { + dev_kfree_skb_any(skb); + rt2x00_warn(rt2x00dev, "Failed to send RTS/CTS frame\n"); +@@ -151,7 +151,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, + goto exit_fail; + } + +- if (unlikely(rt2x00queue_write_tx_frame(queue, skb, false))) ++ if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false))) + goto exit_fail; + + /* +@@ -754,6 +754,9 @@ void rt2x00mac_flush(struct ieee80211_hw *hw, u32 queues, bool drop) + struct rt2x00_dev *rt2x00dev = hw->priv; + struct data_queue *queue; + ++ if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags)) ++ return; ++ + tx_queue_for_each(rt2x00dev, queue) + rt2x00queue_flush_queue(queue, drop); + } +diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c +index 6c8a33b..66a2db8 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00queue.c ++++ b/drivers/net/wireless/rt2x00/rt2x00queue.c +@@ -635,7 +635,7 @@ static void rt2x00queue_bar_check(struct queue_entry *entry) + } + + int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, +- bool local) ++ struct ieee80211_sta *sta, bool local) + { + struct ieee80211_tx_info *tx_info; + struct queue_entry *entry; +@@ -649,7 +649,7 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, + * after that we are free to use the skb->cb array + * for our information. + */ +- rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, NULL); ++ rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, sta); + + /* + * All information is retrieved from the skb->cb array, +diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c +index 03ca6c1..4e86e97 100644 +--- a/drivers/platform/x86/thinkpad_acpi.c ++++ b/drivers/platform/x86/thinkpad_acpi.c +@@ -6420,7 +6420,12 @@ static struct ibm_struct brightness_driver_data = { + #define TPACPI_ALSA_SHRTNAME "ThinkPad Console Audio Control" + #define TPACPI_ALSA_MIXERNAME TPACPI_ALSA_SHRTNAME + +-static int alsa_index = ~((1 << (SNDRV_CARDS - 3)) - 1); /* last three slots */ ++#if SNDRV_CARDS <= 32 ++#define DEFAULT_ALSA_IDX ~((1 << (SNDRV_CARDS - 3)) - 1) ++#else ++#define DEFAULT_ALSA_IDX ~((1 << (32 - 3)) - 1) ++#endif ++static int alsa_index = DEFAULT_ALSA_IDX; /* last three slots */ + static char *alsa_id = "ThinkPadEC"; + static bool alsa_enable = SNDRV_DEFAULT_ENABLE1; + +diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c +index d85ac1a..fbcd48d 100644 +--- a/drivers/scsi/aacraid/commctrl.c ++++ b/drivers/scsi/aacraid/commctrl.c +@@ -511,7 +511,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) + goto cleanup; + } + +- if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) { ++ if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct user_sgentry))) || ++ (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr)))) { + rcode = -EINVAL; + goto cleanup; + } +diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c +index 8e76ddc..5a5e9c9 100644 +--- a/drivers/staging/android/ashmem.c ++++ b/drivers/staging/android/ashmem.c +@@ -706,7 +706,7 @@ static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + .gfp_mask = GFP_KERNEL, + .nr_to_scan = LONG_MAX, + }; +- ++ ret = ashmem_shrink_count(&ashmem_shrinker, &sc); + nodes_setall(sc.nodes_to_scan); + ashmem_shrink_scan(&ashmem_shrinker, &sc); + } +diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c +index 1636c7c..a3af469 100644 +--- a/drivers/staging/comedi/comedi_fops.c ++++ b/drivers/staging/comedi/comedi_fops.c +@@ -543,7 +543,7 @@ void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) + { + s->private = kzalloc(size, GFP_KERNEL); + if (s->private) +- comedi_set_subdevice_runflags(s, ~0, SRF_FREE_SPRIV); ++ s->runflags |= SRF_FREE_SPRIV; + return s->private; + } + EXPORT_SYMBOL_GPL(comedi_alloc_spriv); +@@ -1485,7 +1485,8 @@ static int do_cmd_ioctl(struct comedi_device *dev, + if (async->cmd.flags & TRIG_WAKE_EOS) + async->cb_mask |= COMEDI_CB_EOS; + +- comedi_set_subdevice_runflags(s, ~0, SRF_USER | SRF_RUNNING); ++ comedi_set_subdevice_runflags(s, SRF_USER | SRF_ERROR | SRF_RUNNING, ++ SRF_USER | SRF_RUNNING); + + /* set s->busy _after_ setting SRF_RUNNING flag to avoid race with + * comedi_read() or comedi_write() */ +diff --git a/drivers/staging/rtl8188eu/os_dep/os_intfs.c b/drivers/staging/rtl8188eu/os_dep/os_intfs.c +index 63bc913..8b2b4a8 100644 +--- a/drivers/staging/rtl8188eu/os_dep/os_intfs.c ++++ b/drivers/staging/rtl8188eu/os_dep/os_intfs.c +@@ -707,6 +707,10 @@ int rtw_init_netdev_name(struct net_device *pnetdev, const char *ifname) + return 0; + } + ++static const struct device_type wlan_type = { ++ .name = "wlan", ++}; ++ + struct net_device *rtw_init_netdev(struct adapter *old_padapter) + { + struct adapter *padapter; +@@ -722,6 +726,7 @@ struct net_device *rtw_init_netdev(struct adapter *old_padapter) + if (!pnetdev) + return NULL; + ++ pnetdev->dev.type = &wlan_type; + padapter = rtw_netdev_priv(pnetdev); + padapter->pnetdev = pnetdev; + DBG_88E("register rtw_netdev_ops to netdev_ops\n"); +diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c +index 2c4ed52..012ba15 100644 +--- a/drivers/staging/zram/zram_drv.c ++++ b/drivers/staging/zram/zram_drv.c +@@ -648,6 +648,9 @@ static ssize_t reset_store(struct device *dev, + zram = dev_to_zram(dev); + bdev = bdget_disk(zram->disk, 0); + ++ if (!bdev) ++ return -ENOMEM; ++ + /* Do not reset an active device! */ + if (bdev->bd_holders) + return -EBUSY; +@@ -660,8 +663,7 @@ static ssize_t reset_store(struct device *dev, + return -EINVAL; + + /* Make sure all pending I/O is finished */ +- if (bdev) +- fsync_bdev(bdev); ++ fsync_bdev(bdev); + + zram_reset_device(zram, true); + return len; +diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c +index f7841d4..689433c 100644 +--- a/drivers/usb/core/driver.c ++++ b/drivers/usb/core/driver.c +@@ -1790,6 +1790,9 @@ int usb_set_usb2_hardware_lpm(struct usb_device *udev, int enable) + struct usb_hcd *hcd = bus_to_hcd(udev->bus); + int ret = -EPERM; + ++ if (enable && !udev->usb2_hw_lpm_allowed) ++ return 0; ++ + if (hcd->driver->set_usb2_hw_lpm) { + ret = hcd->driver->set_usb2_hw_lpm(hcd, udev, enable); + if (!ret) +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 879651c..243c672 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -1135,6 +1135,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) + usb_clear_port_feature(hub->hdev, port1, + USB_PORT_FEAT_C_ENABLE); + } ++ if (portchange & USB_PORT_STAT_C_RESET) { ++ need_debounce_delay = true; ++ usb_clear_port_feature(hub->hdev, port1, ++ USB_PORT_FEAT_C_RESET); ++ } + if ((portchange & USB_PORT_STAT_C_BH_RESET) && + hub_is_superspeed(hub->hdev)) { + need_debounce_delay = true; +@@ -3954,6 +3959,32 @@ static int hub_set_address(struct usb_device *udev, int devnum) + return retval; + } + ++/* ++ * There are reports of USB 3.0 devices that say they support USB 2.0 Link PM ++ * when they're plugged into a USB 2.0 port, but they don't work when LPM is ++ * enabled. ++ * ++ * Only enable USB 2.0 Link PM if the port is internal (hardwired), or the ++ * device says it supports the new USB 2.0 Link PM errata by setting the BESL ++ * support bit in the BOS descriptor. ++ */ ++static void hub_set_initial_usb2_lpm_policy(struct usb_device *udev) ++{ ++ int connect_type; ++ ++ if (!udev->usb2_hw_lpm_capable) ++ return; ++ ++ connect_type = usb_get_hub_port_connect_type(udev->parent, ++ udev->portnum); ++ ++ if ((udev->bos->ext_cap->bmAttributes & USB_BESL_SUPPORT) || ++ connect_type == USB_PORT_CONNECT_TYPE_HARD_WIRED) { ++ udev->usb2_hw_lpm_allowed = 1; ++ usb_set_usb2_hardware_lpm(udev, 1); ++ } ++} ++ + /* Reset device, (re)assign address, get device descriptor. + * Device connection must be stable, no more debouncing needed. + * Returns device in USB_STATE_ADDRESS, except on error. +@@ -4247,6 +4278,7 @@ hub_port_init (struct usb_hub *hub, struct usb_device *udev, int port1, + /* notify HCD that we have a device connected and addressed */ + if (hcd->driver->update_device) + hcd->driver->update_device(hcd, udev); ++ hub_set_initial_usb2_lpm_policy(udev); + fail: + if (retval) { + hub_port_disable(hub, port1, 0); +@@ -5091,6 +5123,12 @@ static int usb_reset_and_verify_device(struct usb_device *udev) + } + parent_hub = usb_hub_to_struct_hub(parent_hdev); + ++ /* Disable USB2 hardware LPM. ++ * It will be re-enabled by the enumeration process. ++ */ ++ if (udev->usb2_hw_lpm_enabled == 1) ++ usb_set_usb2_hardware_lpm(udev, 0); ++ + bos = udev->bos; + udev->bos = NULL; + +@@ -5198,6 +5236,7 @@ static int usb_reset_and_verify_device(struct usb_device *udev) + + done: + /* Now that the alt settings are re-installed, enable LTM and LPM. */ ++ usb_set_usb2_hardware_lpm(udev, 1); + usb_unlocked_enable_lpm(udev); + usb_enable_ltm(udev); + usb_release_bos_descriptor(udev); +diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c +index 6d2c8ed..ca516ac 100644 +--- a/drivers/usb/core/sysfs.c ++++ b/drivers/usb/core/sysfs.c +@@ -449,7 +449,7 @@ static ssize_t usb2_hardware_lpm_show(struct device *dev, + struct usb_device *udev = to_usb_device(dev); + const char *p; + +- if (udev->usb2_hw_lpm_enabled == 1) ++ if (udev->usb2_hw_lpm_allowed == 1) + p = "enabled"; + else + p = "disabled"; +@@ -469,8 +469,10 @@ static ssize_t usb2_hardware_lpm_store(struct device *dev, + + ret = strtobool(buf, &value); + +- if (!ret) ++ if (!ret) { ++ udev->usb2_hw_lpm_allowed = value; + ret = usb_set_usb2_hardware_lpm(udev, value); ++ } + + usb_unlock_device(udev); + +diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c +index 83bcd13..49b8bd0 100644 +--- a/drivers/usb/host/xhci-mem.c ++++ b/drivers/usb/host/xhci-mem.c +@@ -1693,9 +1693,7 @@ void xhci_free_command(struct xhci_hcd *xhci, + void xhci_mem_cleanup(struct xhci_hcd *xhci) + { + struct pci_dev *pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller); +- struct dev_info *dev_info, *next; + struct xhci_cd *cur_cd, *next_cd; +- unsigned long flags; + int size; + int i, j, num_ports; + +@@ -1756,13 +1754,6 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci) + + scratchpad_free(xhci); + +- spin_lock_irqsave(&xhci->lock, flags); +- list_for_each_entry_safe(dev_info, next, &xhci->lpm_failed_devs, list) { +- list_del(&dev_info->list); +- kfree(dev_info); +- } +- spin_unlock_irqrestore(&xhci->lock, flags); +- + if (!xhci->rh_bw) + goto no_bw; + +@@ -2231,7 +2222,6 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) + u32 page_size, temp; + int i; + +- INIT_LIST_HEAD(&xhci->lpm_failed_devs); + INIT_LIST_HEAD(&xhci->cancel_cmd_list); + + page_size = xhci_readl(xhci, &xhci->op_regs->page_size); +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c +index 6e0d886..ed6c186 100644 +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -4025,133 +4025,6 @@ static int xhci_calculate_usb2_hw_lpm_params(struct usb_device *udev) + return PORT_BESLD(besld) | PORT_L1_TIMEOUT(l1) | PORT_HIRDM(hirdm); + } + +-static int xhci_usb2_software_lpm_test(struct usb_hcd *hcd, +- struct usb_device *udev) +-{ +- struct xhci_hcd *xhci = hcd_to_xhci(hcd); +- struct dev_info *dev_info; +- __le32 __iomem **port_array; +- __le32 __iomem *addr, *pm_addr; +- u32 temp, dev_id; +- unsigned int port_num; +- unsigned long flags; +- int hird; +- int ret; +- +- if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support || +- !udev->lpm_capable) +- return -EINVAL; +- +- /* we only support lpm for non-hub device connected to root hub yet */ +- if (!udev->parent || udev->parent->parent || +- udev->descriptor.bDeviceClass == USB_CLASS_HUB) +- return -EINVAL; +- +- spin_lock_irqsave(&xhci->lock, flags); +- +- /* Look for devices in lpm_failed_devs list */ +- dev_id = le16_to_cpu(udev->descriptor.idVendor) << 16 | +- le16_to_cpu(udev->descriptor.idProduct); +- list_for_each_entry(dev_info, &xhci->lpm_failed_devs, list) { +- if (dev_info->dev_id == dev_id) { +- ret = -EINVAL; +- goto finish; +- } +- } +- +- port_array = xhci->usb2_ports; +- port_num = udev->portnum - 1; +- +- if (port_num > HCS_MAX_PORTS(xhci->hcs_params1)) { +- xhci_dbg(xhci, "invalid port number %d\n", udev->portnum); +- ret = -EINVAL; +- goto finish; +- } +- +- /* +- * Test USB 2.0 software LPM. +- * FIXME: some xHCI 1.0 hosts may implement a new register to set up +- * hardware-controlled USB 2.0 LPM. See section 5.4.11 and 4.23.5.1.1.1 +- * in the June 2011 errata release. +- */ +- xhci_dbg(xhci, "test port %d software LPM\n", port_num); +- /* +- * Set L1 Device Slot and HIRD/BESL. +- * Check device's USB 2.0 extension descriptor to determine whether +- * HIRD or BESL shoule be used. See USB2.0 LPM errata. +- */ +- pm_addr = port_array[port_num] + PORTPMSC; +- hird = xhci_calculate_hird_besl(xhci, udev); +- temp = PORT_L1DS(udev->slot_id) | PORT_HIRD(hird); +- xhci_writel(xhci, temp, pm_addr); +- +- /* Set port link state to U2(L1) */ +- addr = port_array[port_num]; +- xhci_set_link_state(xhci, port_array, port_num, XDEV_U2); +- +- /* wait for ACK */ +- spin_unlock_irqrestore(&xhci->lock, flags); +- msleep(10); +- spin_lock_irqsave(&xhci->lock, flags); +- +- /* Check L1 Status */ +- ret = xhci_handshake(xhci, pm_addr, +- PORT_L1S_MASK, PORT_L1S_SUCCESS, 125); +- if (ret != -ETIMEDOUT) { +- /* enter L1 successfully */ +- temp = xhci_readl(xhci, addr); +- xhci_dbg(xhci, "port %d entered L1 state, port status 0x%x\n", +- port_num, temp); +- ret = 0; +- } else { +- temp = xhci_readl(xhci, pm_addr); +- xhci_dbg(xhci, "port %d software lpm failed, L1 status %d\n", +- port_num, temp & PORT_L1S_MASK); +- ret = -EINVAL; +- } +- +- /* Resume the port */ +- xhci_set_link_state(xhci, port_array, port_num, XDEV_U0); +- +- spin_unlock_irqrestore(&xhci->lock, flags); +- msleep(10); +- spin_lock_irqsave(&xhci->lock, flags); +- +- /* Clear PLC */ +- xhci_test_and_clear_bit(xhci, port_array, port_num, PORT_PLC); +- +- /* Check PORTSC to make sure the device is in the right state */ +- if (!ret) { +- temp = xhci_readl(xhci, addr); +- xhci_dbg(xhci, "resumed port %d status 0x%x\n", port_num, temp); +- if (!(temp & PORT_CONNECT) || !(temp & PORT_PE) || +- (temp & PORT_PLS_MASK) != XDEV_U0) { +- xhci_dbg(xhci, "port L1 resume fail\n"); +- ret = -EINVAL; +- } +- } +- +- if (ret) { +- /* Insert dev to lpm_failed_devs list */ +- xhci_warn(xhci, "device LPM test failed, may disconnect and " +- "re-enumerate\n"); +- dev_info = kzalloc(sizeof(struct dev_info), GFP_ATOMIC); +- if (!dev_info) { +- ret = -ENOMEM; +- goto finish; +- } +- dev_info->dev_id = dev_id; +- INIT_LIST_HEAD(&dev_info->list); +- list_add(&dev_info->list, &xhci->lpm_failed_devs); +- } else { +- xhci_ring_device(xhci, udev->slot_id); +- } +- +-finish: +- spin_unlock_irqrestore(&xhci->lock, flags); +- return ret; +-} +- + int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd, + struct usb_device *udev, int enable) + { +@@ -4228,7 +4101,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd, + } + + pm_val &= ~PORT_HIRD_MASK; +- pm_val |= PORT_HIRD(hird) | PORT_RWE; ++ pm_val |= PORT_HIRD(hird) | PORT_RWE | PORT_L1DS(udev->slot_id); + xhci_writel(xhci, pm_val, pm_addr); + pm_val = xhci_readl(xhci, pm_addr); + pm_val |= PORT_HLE; +@@ -4236,7 +4109,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd, + /* flush write */ + xhci_readl(xhci, pm_addr); + } else { +- pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK); ++ pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK | PORT_L1DS_MASK); + xhci_writel(xhci, pm_val, pm_addr); + /* flush write */ + xhci_readl(xhci, pm_addr); +@@ -4279,24 +4152,26 @@ static int xhci_check_usb2_port_capability(struct xhci_hcd *xhci, int port, + int xhci_update_device(struct usb_hcd *hcd, struct usb_device *udev) + { + struct xhci_hcd *xhci = hcd_to_xhci(hcd); +- int ret; + int portnum = udev->portnum - 1; + +- ret = xhci_usb2_software_lpm_test(hcd, udev); +- if (!ret) { +- xhci_dbg(xhci, "software LPM test succeed\n"); +- if (xhci->hw_lpm_support == 1 && +- xhci_check_usb2_port_capability(xhci, portnum, XHCI_HLC)) { +- udev->usb2_hw_lpm_capable = 1; +- udev->l1_params.timeout = XHCI_L1_TIMEOUT; +- udev->l1_params.besl = XHCI_DEFAULT_BESL; +- if (xhci_check_usb2_port_capability(xhci, portnum, +- XHCI_BLC)) +- udev->usb2_hw_lpm_besl_capable = 1; +- ret = xhci_set_usb2_hardware_lpm(hcd, udev, 1); +- if (!ret) +- udev->usb2_hw_lpm_enabled = 1; +- } ++ if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support || ++ !udev->lpm_capable) ++ return 0; ++ ++ /* we only support lpm for non-hub device connected to root hub yet */ ++ if (!udev->parent || udev->parent->parent || ++ udev->descriptor.bDeviceClass == USB_CLASS_HUB) ++ return 0; ++ ++ if (xhci->hw_lpm_support == 1 && ++ xhci_check_usb2_port_capability( ++ xhci, portnum, XHCI_HLC)) { ++ udev->usb2_hw_lpm_capable = 1; ++ udev->l1_params.timeout = XHCI_L1_TIMEOUT; ++ udev->l1_params.besl = XHCI_DEFAULT_BESL; ++ if (xhci_check_usb2_port_capability(xhci, portnum, ++ XHCI_BLC)) ++ udev->usb2_hw_lpm_besl_capable = 1; + } + + return 0; +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h +index 941d5f5..ed3a425 100644 +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -383,6 +383,7 @@ struct xhci_op_regs { + #define PORT_RWE (1 << 3) + #define PORT_HIRD(p) (((p) & 0xf) << 4) + #define PORT_HIRD_MASK (0xf << 4) ++#define PORT_L1DS_MASK (0xff << 8) + #define PORT_L1DS(p) (((p) & 0xff) << 8) + #define PORT_HLE (1 << 16) + +diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c +index cd70cc8..0d0d118 100644 +--- a/drivers/usb/musb/musb_core.c ++++ b/drivers/usb/musb/musb_core.c +@@ -1809,6 +1809,7 @@ static void musb_free(struct musb *musb) + disable_irq_wake(musb->nIrq); + free_irq(musb->nIrq, musb); + } ++ cancel_work_sync(&musb->irq_work); + if (musb->dma_controller) + dma_controller_destroy(musb->dma_controller); + +@@ -1946,6 +1947,8 @@ musb_init_controller(struct device *dev, int nIrq, void __iomem *ctrl) + if (status < 0) + goto fail3; + status = musb_gadget_setup(musb); ++ if (status) ++ musb_host_cleanup(musb); + break; + default: + dev_err(dev, "unsupported port mode %d\n", musb->port_mode); +@@ -1972,6 +1975,7 @@ fail5: + + fail4: + musb_gadget_cleanup(musb); ++ musb_host_cleanup(musb); + + fail3: + if (musb->dma_controller) +diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c +index bd4138d..1edee79 100644 +--- a/drivers/usb/musb/musb_dsps.c ++++ b/drivers/usb/musb/musb_dsps.c +@@ -121,6 +121,7 @@ struct dsps_glue { + unsigned long last_timer; /* last timer data for each instance */ + }; + ++static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout); + /** + * dsps_musb_enable - enable interrupts + */ +@@ -143,6 +144,7 @@ static void dsps_musb_enable(struct musb *musb) + /* Force the DRVVBUS IRQ so we can start polling for ID change. */ + dsps_writel(reg_base, wrp->coreintr_set, + (1 << wrp->drvvbus) << wrp->usb_shift); ++ dsps_musb_try_idle(musb, 0); + } + + /** +@@ -171,6 +173,7 @@ static void otg_timer(unsigned long _musb) + const struct dsps_musb_wrapper *wrp = glue->wrp; + u8 devctl; + unsigned long flags; ++ int skip_session = 0; + + /* + * We poll because DSPS IP's won't expose several OTG-critical +@@ -183,10 +186,12 @@ static void otg_timer(unsigned long _musb) + spin_lock_irqsave(&musb->lock, flags); + switch (musb->xceiv->state) { + case OTG_STATE_A_WAIT_BCON: +- devctl &= ~MUSB_DEVCTL_SESSION; +- dsps_writeb(musb->mregs, MUSB_DEVCTL, devctl); ++ dsps_writeb(musb->mregs, MUSB_DEVCTL, 0); ++ skip_session = 1; ++ /* fall */ + +- devctl = dsps_readb(musb->mregs, MUSB_DEVCTL); ++ case OTG_STATE_A_IDLE: ++ case OTG_STATE_B_IDLE: + if (devctl & MUSB_DEVCTL_BDEVICE) { + musb->xceiv->state = OTG_STATE_B_IDLE; + MUSB_DEV_MODE(musb); +@@ -194,20 +199,15 @@ static void otg_timer(unsigned long _musb) + musb->xceiv->state = OTG_STATE_A_IDLE; + MUSB_HST_MODE(musb); + } ++ if (!(devctl & MUSB_DEVCTL_SESSION) && !skip_session) ++ dsps_writeb(mregs, MUSB_DEVCTL, MUSB_DEVCTL_SESSION); ++ mod_timer(&glue->timer, jiffies + wrp->poll_seconds * HZ); + break; + case OTG_STATE_A_WAIT_VFALL: + musb->xceiv->state = OTG_STATE_A_WAIT_VRISE; + dsps_writel(musb->ctrl_base, wrp->coreintr_set, + MUSB_INTR_VBUSERROR << wrp->usb_shift); + break; +- case OTG_STATE_B_IDLE: +- devctl = dsps_readb(mregs, MUSB_DEVCTL); +- if (devctl & MUSB_DEVCTL_BDEVICE) +- mod_timer(&glue->timer, +- jiffies + wrp->poll_seconds * HZ); +- else +- musb->xceiv->state = OTG_STATE_A_IDLE; +- break; + default: + break; + } +@@ -234,6 +234,9 @@ static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout) + if (musb->port_mode == MUSB_PORT_MODE_HOST) + return; + ++ if (!musb->g.dev.driver) ++ return; ++ + if (time_after(glue->last_timer, timeout) && + timer_pending(&glue->timer)) { + dev_dbg(musb->controller, +diff --git a/drivers/usb/musb/musb_virthub.c b/drivers/usb/musb/musb_virthub.c +index d1d6b83..9af6bba 100644 +--- a/drivers/usb/musb/musb_virthub.c ++++ b/drivers/usb/musb/musb_virthub.c +@@ -220,6 +220,23 @@ int musb_hub_status_data(struct usb_hcd *hcd, char *buf) + return retval; + } + ++static int musb_has_gadget(struct musb *musb) ++{ ++ /* ++ * In host-only mode we start a connection right away. In OTG mode ++ * we have to wait until we loaded a gadget. We don't really need a ++ * gadget if we operate as a host but we should not start a session ++ * as a device without a gadget or else we explode. ++ */ ++#ifdef CONFIG_USB_MUSB_HOST ++ return 1; ++#else ++ if (musb->port_mode == MUSB_PORT_MODE_HOST) ++ return 1; ++ return musb->g.dev.driver != NULL; ++#endif ++} ++ + int musb_hub_control( + struct usb_hcd *hcd, + u16 typeReq, +@@ -362,7 +379,7 @@ int musb_hub_control( + * initialization logic, e.g. for OTG, or change any + * logic relating to VBUS power-up. + */ +- if (!hcd->self.is_b_host) ++ if (!hcd->self.is_b_host && musb_has_gadget(musb)) + musb_start(musb); + break; + case USB_PORT_FEAT_RESET: +diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c +index fdf9535..e5bdd98 100644 +--- a/drivers/usb/serial/mos7840.c ++++ b/drivers/usb/serial/mos7840.c +@@ -1532,7 +1532,11 @@ static int mos7840_tiocmget(struct tty_struct *tty) + return -ENODEV; + + status = mos7840_get_uart_reg(port, MODEM_STATUS_REGISTER, &msr); ++ if (status != 1) ++ return -EIO; + status = mos7840_get_uart_reg(port, MODEM_CONTROL_REGISTER, &mcr); ++ if (status != 1) ++ return -EIO; + result = ((mcr & MCR_DTR) ? TIOCM_DTR : 0) + | ((mcr & MCR_RTS) ? TIOCM_RTS : 0) + | ((mcr & MCR_LOOPBACK) ? TIOCM_LOOP : 0) +diff --git a/drivers/usb/wusbcore/wa-rpipe.c b/drivers/usb/wusbcore/wa-rpipe.c +index fd4f1ce..b5e4fc1 100644 +--- a/drivers/usb/wusbcore/wa-rpipe.c ++++ b/drivers/usb/wusbcore/wa-rpipe.c +@@ -333,7 +333,10 @@ static int rpipe_aim(struct wa_rpipe *rpipe, struct wahc *wa, + /* FIXME: compute so seg_size > ep->maxpktsize */ + rpipe->descr.wBlocks = cpu_to_le16(16); /* given */ + /* ep0 maxpktsize is 0x200 (WUSB1.0[4.8.1]) */ +- rpipe->descr.wMaxPacketSize = cpu_to_le16(ep->desc.wMaxPacketSize); ++ if (usb_endpoint_xfer_isoc(&ep->desc)) ++ rpipe->descr.wMaxPacketSize = epcd->wOverTheAirPacketSize; ++ else ++ rpipe->descr.wMaxPacketSize = ep->desc.wMaxPacketSize; + + rpipe->descr.hwa_bMaxBurst = max(min_t(unsigned int, + epcd->bMaxBurst, 16U), 1U); +diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c +index 4a35572..26450d8 100644 +--- a/fs/btrfs/relocation.c ++++ b/fs/btrfs/relocation.c +@@ -4481,6 +4481,7 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len) + struct btrfs_root *root = BTRFS_I(inode)->root; + int ret; + u64 disk_bytenr; ++ u64 new_bytenr; + LIST_HEAD(list); + + ordered = btrfs_lookup_ordered_extent(inode, file_pos); +@@ -4492,13 +4493,24 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len) + if (ret) + goto out; + +- disk_bytenr = ordered->start; + while (!list_empty(&list)) { + sums = list_entry(list.next, struct btrfs_ordered_sum, list); + list_del_init(&sums->list); + +- sums->bytenr = disk_bytenr; +- disk_bytenr += sums->len; ++ /* ++ * We need to offset the new_bytenr based on where the csum is. ++ * We need to do this because we will read in entire prealloc ++ * extents but we may have written to say the middle of the ++ * prealloc extent, so we need to make sure the csum goes with ++ * the right disk offset. ++ * ++ * We can do this because the data reloc inode refers strictly ++ * to the on disk bytes, so we don't have to worry about ++ * disk_len vs real len like with real inodes since it's all ++ * disk length. ++ */ ++ new_bytenr = ordered->start + (sums->bytenr - disk_bytenr); ++ sums->bytenr = new_bytenr; + + btrfs_add_ordered_sum(inode, ordered, sums); + } +diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c +index 277bd1b..511d415 100644 +--- a/fs/configfs/dir.c ++++ b/fs/configfs/dir.c +@@ -56,10 +56,19 @@ static void configfs_d_iput(struct dentry * dentry, + struct configfs_dirent *sd = dentry->d_fsdata; + + if (sd) { +- BUG_ON(sd->s_dentry != dentry); + /* Coordinate with configfs_readdir */ + spin_lock(&configfs_dirent_lock); +- sd->s_dentry = NULL; ++ /* Coordinate with configfs_attach_attr where will increase ++ * sd->s_count and update sd->s_dentry to new allocated one. ++ * Only set sd->dentry to null when this dentry is the only ++ * sd owner. ++ * If not do so, configfs_d_iput may run just after ++ * configfs_attach_attr and set sd->s_dentry to null ++ * even it's still in use. ++ */ ++ if (atomic_read(&sd->s_count) <= 2) ++ sd->s_dentry = NULL; ++ + spin_unlock(&configfs_dirent_lock); + configfs_put(sd); + } +@@ -426,8 +435,11 @@ static int configfs_attach_attr(struct configfs_dirent * sd, struct dentry * den + struct configfs_attribute * attr = sd->s_element; + int error; + ++ spin_lock(&configfs_dirent_lock); + dentry->d_fsdata = configfs_get(sd); + sd->s_dentry = dentry; ++ spin_unlock(&configfs_dirent_lock); ++ + error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG, + configfs_init_file); + if (error) { +diff --git a/fs/dcache.c b/fs/dcache.c +index ae6ebb8..89f9671 100644 +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -2881,9 +2881,9 @@ static int prepend_path(const struct path *path, + const struct path *root, + char **buffer, int *buflen) + { +- struct dentry *dentry = path->dentry; +- struct vfsmount *vfsmnt = path->mnt; +- struct mount *mnt = real_mount(vfsmnt); ++ struct dentry *dentry; ++ struct vfsmount *vfsmnt; ++ struct mount *mnt; + int error = 0; + unsigned seq = 0; + char *bptr; +@@ -2893,6 +2893,9 @@ static int prepend_path(const struct path *path, + restart: + bptr = *buffer; + blen = *buflen; ++ dentry = path->dentry; ++ vfsmnt = path->mnt; ++ mnt = real_mount(vfsmnt); + read_seqbegin_or_lock(&rename_lock, &seq); + while (dentry != root->dentry || vfsmnt != root->mnt) { + struct dentry * parent; +diff --git a/fs/exec.c b/fs/exec.c +index 8875dd1..bb8afc1 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1668,6 +1668,12 @@ int __get_dumpable(unsigned long mm_flags) + return (ret > SUID_DUMP_USER) ? SUID_DUMP_ROOT : ret; + } + ++/* ++ * This returns the actual value of the suid_dumpable flag. For things ++ * that are using this for checking for privilege transitions, it must ++ * test against SUID_DUMP_USER rather than treating it as a boolean ++ * value. ++ */ + int get_dumpable(struct mm_struct *mm) + { + return __get_dumpable(mm->flags); +diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c +index ced3257..968d4c56 100644 +--- a/fs/gfs2/inode.c ++++ b/fs/gfs2/inode.c +@@ -584,17 +584,17 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry, + if (!IS_ERR(inode)) { + d = d_splice_alias(inode, dentry); + error = 0; +- if (file && !IS_ERR(d)) { +- if (d == NULL) +- d = dentry; +- if (S_ISREG(inode->i_mode)) +- error = finish_open(file, d, gfs2_open_common, opened); +- else ++ if (file) { ++ if (S_ISREG(inode->i_mode)) { ++ WARN_ON(d != NULL); ++ error = finish_open(file, dentry, gfs2_open_common, opened); ++ } else { + error = finish_no_open(file, d); ++ } ++ } else { ++ dput(d); + } + gfs2_glock_dq_uninit(ghs); +- if (IS_ERR(d)) +- return PTR_ERR(d); + return error; + } else if (error != -ENOENT) { + goto fail_gunlock; +@@ -781,8 +781,10 @@ static struct dentry *__gfs2_lookup(struct inode *dir, struct dentry *dentry, + error = finish_open(file, dentry, gfs2_open_common, opened); + + gfs2_glock_dq_uninit(&gh); +- if (error) ++ if (error) { ++ dput(d); + return ERR_PTR(error); ++ } + return d; + } + +@@ -1163,14 +1165,16 @@ static int gfs2_atomic_open(struct inode *dir, struct dentry *dentry, + d = __gfs2_lookup(dir, dentry, file, opened); + if (IS_ERR(d)) + return PTR_ERR(d); +- if (d == NULL) +- d = dentry; +- if (d->d_inode) { ++ if (d != NULL) ++ dentry = d; ++ if (dentry->d_inode) { + if (!(*opened & FILE_OPENED)) +- return finish_no_open(file, d); ++ return finish_no_open(file, dentry); ++ dput(d); + return 0; + } + ++ BUG_ON(d != NULL); + if (!(flags & O_CREAT)) + return -ENOENT; + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index d53d678..3b11565 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1318,21 +1318,14 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data) + int ret; + + if (!data->rpc_done) { +- ret = data->rpc_status; +- goto err; ++ if (data->rpc_status) { ++ ret = data->rpc_status; ++ goto err; ++ } ++ /* cached opens have already been processed */ ++ goto update; + } + +- ret = -ESTALE; +- if (!(data->f_attr.valid & NFS_ATTR_FATTR_TYPE) || +- !(data->f_attr.valid & NFS_ATTR_FATTR_FILEID) || +- !(data->f_attr.valid & NFS_ATTR_FATTR_CHANGE)) +- goto err; +- +- ret = -ENOMEM; +- state = nfs4_get_open_state(inode, data->owner); +- if (state == NULL) +- goto err; +- + ret = nfs_refresh_inode(inode, &data->f_attr); + if (ret) + goto err; +@@ -1341,8 +1334,10 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data) + + if (data->o_res.delegation_type != 0) + nfs4_opendata_check_deleg(data, state); ++update: + update_open_stateid(state, &data->o_res.stateid, NULL, + data->o_arg.fmode); ++ atomic_inc(&state->count); + + return state; + err: +@@ -4575,7 +4570,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf, + struct nfs4_label label = {0, 0, buflen, buf}; + + u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL }; +- struct nfs4_getattr_arg args = { ++ struct nfs4_getattr_arg arg = { + .fh = NFS_FH(inode), + .bitmask = bitmask, + }; +@@ -4586,14 +4581,14 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf, + }; + struct rpc_message msg = { + .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETATTR], +- .rpc_argp = &args, ++ .rpc_argp = &arg, + .rpc_resp = &res, + }; + int ret; + + nfs_fattr_init(&fattr); + +- ret = rpc_call_sync(server->client, &msg, 0); ++ ret = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 0); + if (ret) + return ret; + if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL)) +@@ -4630,7 +4625,7 @@ static int _nfs4_do_set_security_label(struct inode *inode, + struct iattr sattr = {0}; + struct nfs_server *server = NFS_SERVER(inode); + const u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL }; +- struct nfs_setattrargs args = { ++ struct nfs_setattrargs arg = { + .fh = NFS_FH(inode), + .iap = &sattr, + .server = server, +@@ -4644,14 +4639,14 @@ static int _nfs4_do_set_security_label(struct inode *inode, + }; + struct rpc_message msg = { + .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_SETATTR], +- .rpc_argp = &args, ++ .rpc_argp = &arg, + .rpc_resp = &res, + }; + int status; + +- nfs4_stateid_copy(&args.stateid, &zero_stateid); ++ nfs4_stateid_copy(&arg.stateid, &zero_stateid); + +- status = rpc_call_sync(server->client, &msg, 0); ++ status = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 1); + if (status) + dprintk("%s failed: %d\n", __func__, status); + +@@ -5106,6 +5101,7 @@ static int _nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock + status = 0; + } + request->fl_ops->fl_release_private(request); ++ request->fl_ops = NULL; + out: + return status; + } +diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c +index cc14cbb..ebced8d 100644 +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1422,7 +1422,7 @@ restart: + if (status >= 0) { + status = nfs4_reclaim_locks(state, ops); + if (status >= 0) { +- if (test_bit(NFS_DELEGATED_STATE, &state->flags) != 0) { ++ if (!test_bit(NFS_DELEGATED_STATE, &state->flags)) { + spin_lock(&state->state_lock); + list_for_each_entry(lock, &state->lock_states, ls_locks) { + if (!test_bit(NFS_LOCK_INITIALIZED, &lock->ls_flags)) +@@ -1881,10 +1881,15 @@ again: + nfs4_root_machine_cred(clp); + goto again; + } +- if (i > 2) ++ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) + break; + case -NFS4ERR_CLID_INUSE: + case -NFS4ERR_WRONGSEC: ++ /* No point in retrying if we already used RPC_AUTH_UNIX */ ++ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) { ++ status = -EPERM; ++ break; ++ } + clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX); + if (IS_ERR(clnt)) { + status = PTR_ERR(clnt); +diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c +index 5f38ea3..af51cf9 100644 +--- a/fs/nfsd/export.c ++++ b/fs/nfsd/export.c +@@ -536,16 +536,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) + if (err) + goto out3; + exp.ex_anon_uid= make_kuid(&init_user_ns, an_int); +- if (!uid_valid(exp.ex_anon_uid)) +- goto out3; + + /* anon gid */ + err = get_int(&mesg, &an_int); + if (err) + goto out3; + exp.ex_anon_gid= make_kgid(&init_user_ns, an_int); +- if (!gid_valid(exp.ex_anon_gid)) +- goto out3; + + /* fsid */ + err = get_int(&mesg, &an_int); +@@ -583,6 +579,17 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) + exp.ex_uuid); + if (err) + goto out4; ++ /* ++ * For some reason exportfs has been passing down an ++ * invalid (-1) uid & gid on the "dummy" export which it ++ * uses to test export support. To make sure exportfs ++ * sees errors from check_export we therefore need to ++ * delay these checks till after check_export: ++ */ ++ if (!uid_valid(exp.ex_anon_uid)) ++ goto out4; ++ if (!gid_valid(exp.ex_anon_gid)) ++ goto out4; + } + + expp = svc_export_lookup(&exp); +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index d9454fe..ecc735e 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -141,8 +141,8 @@ xdr_error: \ + + static void next_decode_page(struct nfsd4_compoundargs *argp) + { +- argp->pagelist++; + argp->p = page_address(argp->pagelist[0]); ++ argp->pagelist++; + if (argp->pagelen < PAGE_SIZE) { + argp->end = argp->p + (argp->pagelen>>2); + argp->pagelen = 0; +@@ -411,6 +411,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, + label->data = kzalloc(dummy32 + 1, GFP_KERNEL); + if (!label->data) + return nfserr_jukebox; ++ label->len = dummy32; + defer_free(argp, kfree, label->data); + memcpy(label->data, buf, dummy32); + } +@@ -1208,6 +1209,7 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write) + len -= pages * PAGE_SIZE; + + argp->p = (__be32 *)page_address(argp->pagelist[0]); ++ argp->pagelist++; + argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE); + } + argp->p += XDR_QUADLEN(len); +diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c +index c827acb..72cb28e 100644 +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -298,41 +298,12 @@ commit_metadata(struct svc_fh *fhp) + } + + /* +- * Set various file attributes. +- * N.B. After this call fhp needs an fh_put ++ * Go over the attributes and take care of the small differences between ++ * NFS semantics and what Linux expects. + */ +-__be32 +-nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, +- int check_guard, time_t guardtime) ++static void ++nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap) + { +- struct dentry *dentry; +- struct inode *inode; +- int accmode = NFSD_MAY_SATTR; +- umode_t ftype = 0; +- __be32 err; +- int host_err; +- int size_change = 0; +- +- if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) +- accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; +- if (iap->ia_valid & ATTR_SIZE) +- ftype = S_IFREG; +- +- /* Get inode */ +- err = fh_verify(rqstp, fhp, ftype, accmode); +- if (err) +- goto out; +- +- dentry = fhp->fh_dentry; +- inode = dentry->d_inode; +- +- /* Ignore any mode updates on symlinks */ +- if (S_ISLNK(inode->i_mode)) +- iap->ia_valid &= ~ATTR_MODE; +- +- if (!iap->ia_valid) +- goto out; +- + /* + * NFSv2 does not differentiate between "set-[ac]time-to-now" + * which only requires access, and "set-[ac]time-to-X" which +@@ -342,8 +313,7 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, + * convert to "set to now" instead of "set to explicit time" + * + * We only call inode_change_ok as the last test as technically +- * it is not an interface that we should be using. It is only +- * valid if the filesystem does not define it's own i_op->setattr. ++ * it is not an interface that we should be using. + */ + #define BOTH_TIME_SET (ATTR_ATIME_SET | ATTR_MTIME_SET) + #define MAX_TOUCH_TIME_ERROR (30*60) +@@ -369,30 +339,6 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, + iap->ia_valid &= ~BOTH_TIME_SET; + } + } +- +- /* +- * The size case is special. +- * It changes the file as well as the attributes. +- */ +- if (iap->ia_valid & ATTR_SIZE) { +- if (iap->ia_size < inode->i_size) { +- err = nfsd_permission(rqstp, fhp->fh_export, dentry, +- NFSD_MAY_TRUNC|NFSD_MAY_OWNER_OVERRIDE); +- if (err) +- goto out; +- } +- +- host_err = get_write_access(inode); +- if (host_err) +- goto out_nfserr; +- +- size_change = 1; +- host_err = locks_verify_truncate(inode, NULL, iap->ia_size); +- if (host_err) { +- put_write_access(inode); +- goto out_nfserr; +- } +- } + + /* sanitize the mode change */ + if (iap->ia_valid & ATTR_MODE) { +@@ -415,32 +361,111 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, + iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID); + } + } ++} + +- /* Change the attributes. */ ++static __be32 ++nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp, ++ struct iattr *iap) ++{ ++ struct inode *inode = fhp->fh_dentry->d_inode; ++ int host_err; + +- iap->ia_valid |= ATTR_CTIME; ++ if (iap->ia_size < inode->i_size) { ++ __be32 err; + +- err = nfserr_notsync; +- if (!check_guard || guardtime == inode->i_ctime.tv_sec) { +- host_err = nfsd_break_lease(inode); +- if (host_err) +- goto out_nfserr; +- fh_lock(fhp); ++ err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, ++ NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); ++ if (err) ++ return err; ++ } + +- host_err = notify_change(dentry, iap); +- err = nfserrno(host_err); +- fh_unlock(fhp); ++ host_err = get_write_access(inode); ++ if (host_err) ++ goto out_nfserrno; ++ ++ host_err = locks_verify_truncate(inode, NULL, iap->ia_size); ++ if (host_err) ++ goto out_put_write_access; ++ return 0; ++ ++out_put_write_access: ++ put_write_access(inode); ++out_nfserrno: ++ return nfserrno(host_err); ++} ++ ++/* ++ * Set various file attributes. After this call fhp needs an fh_put. ++ */ ++__be32 ++nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, ++ int check_guard, time_t guardtime) ++{ ++ struct dentry *dentry; ++ struct inode *inode; ++ int accmode = NFSD_MAY_SATTR; ++ umode_t ftype = 0; ++ __be32 err; ++ int host_err; ++ int size_change = 0; ++ ++ if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) ++ accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; ++ if (iap->ia_valid & ATTR_SIZE) ++ ftype = S_IFREG; ++ ++ /* Get inode */ ++ err = fh_verify(rqstp, fhp, ftype, accmode); ++ if (err) ++ goto out; ++ ++ dentry = fhp->fh_dentry; ++ inode = dentry->d_inode; ++ ++ /* Ignore any mode updates on symlinks */ ++ if (S_ISLNK(inode->i_mode)) ++ iap->ia_valid &= ~ATTR_MODE; ++ ++ if (!iap->ia_valid) ++ goto out; ++ ++ nfsd_sanitize_attrs(inode, iap); ++ ++ /* ++ * The size case is special, it changes the file in addition to the ++ * attributes. ++ */ ++ if (iap->ia_valid & ATTR_SIZE) { ++ err = nfsd_get_write_access(rqstp, fhp, iap); ++ if (err) ++ goto out; ++ size_change = 1; + } ++ ++ iap->ia_valid |= ATTR_CTIME; ++ ++ if (check_guard && guardtime != inode->i_ctime.tv_sec) { ++ err = nfserr_notsync; ++ goto out_put_write_access; ++ } ++ ++ host_err = nfsd_break_lease(inode); ++ if (host_err) ++ goto out_put_write_access_nfserror; ++ ++ fh_lock(fhp); ++ host_err = notify_change(dentry, iap); ++ fh_unlock(fhp); ++ ++out_put_write_access_nfserror: ++ err = nfserrno(host_err); ++out_put_write_access: + if (size_change) + put_write_access(inode); + if (!err) + commit_metadata(fhp); + out: + return err; +- +-out_nfserr: +- err = nfserrno(host_err); +- goto out; + } + + #if defined(CONFIG_NFSD_V2_ACL) || \ +diff --git a/fs/xfs/xfs_sb.c b/fs/xfs/xfs_sb.c +index a5b59d9..0397081 100644 +--- a/fs/xfs/xfs_sb.c ++++ b/fs/xfs/xfs_sb.c +@@ -596,6 +596,11 @@ xfs_sb_verify( + * single bit error could clear the feature bit and unused parts of the + * superblock are supposed to be zero. Hence a non-null crc field indicates that + * we've potentially lost a feature bit and we should check it anyway. ++ * ++ * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the ++ * last field in V4 secondary superblocks. So for secondary superblocks, ++ * we are more forgiving, and ignore CRC failures if the primary doesn't ++ * indicate that the fs version is V5. + */ + static void + xfs_sb_read_verify( +@@ -616,8 +621,12 @@ xfs_sb_read_verify( + + if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize), + offsetof(struct xfs_sb, sb_crc))) { +- error = EFSCORRUPTED; +- goto out_error; ++ /* Only fail bad secondaries on a known V5 filesystem */ ++ if (bp->b_bn != XFS_SB_DADDR && ++ xfs_sb_version_hascrc(&mp->m_sb)) { ++ error = EFSCORRUPTED; ++ goto out_error; ++ } + } + } + error = xfs_sb_verify(bp, true); +diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h +index e8112ae..7554fd4 100644 +--- a/include/linux/binfmts.h ++++ b/include/linux/binfmts.h +@@ -99,9 +99,6 @@ extern void setup_new_exec(struct linux_binprm * bprm); + extern void would_dump(struct linux_binprm *, struct file *); + + extern int suid_dumpable; +-#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ +-#define SUID_DUMP_USER 1 /* Dump as user of process */ +-#define SUID_DUMP_ROOT 2 /* Dump as root */ + + /* Stack area protections */ + #define EXSTACK_DEFAULT 0 /* Whatever the arch defaults to */ +diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h +index e36dee5..3859ddb 100644 +--- a/include/linux/nfs4.h ++++ b/include/linux/nfs4.h +@@ -395,7 +395,7 @@ enum lock_type4 { + #define FATTR4_WORD1_FS_LAYOUT_TYPES (1UL << 30) + #define FATTR4_WORD2_LAYOUT_BLKSIZE (1UL << 1) + #define FATTR4_WORD2_MDSTHRESHOLD (1UL << 4) +-#define FATTR4_WORD2_SECURITY_LABEL (1UL << 17) ++#define FATTR4_WORD2_SECURITY_LABEL (1UL << 16) + + /* MDS threshold bitmap bits */ + #define THRESHOLD_RD (1UL << 0) +diff --git a/include/linux/sched.h b/include/linux/sched.h +index e27baee..b1e963e 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -322,6 +322,10 @@ static inline void arch_pick_mmap_layout(struct mm_struct *mm) {} + extern void set_dumpable(struct mm_struct *mm, int value); + extern int get_dumpable(struct mm_struct *mm); + ++#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ ++#define SUID_DUMP_USER 1 /* Dump as user of process */ ++#define SUID_DUMP_ROOT 2 /* Dump as root */ ++ + /* mm flags */ + /* dumpable bits */ + #define MMF_DUMPABLE 0 /* core dump is permitted */ +@@ -2474,34 +2478,98 @@ static inline int tsk_is_polling(struct task_struct *p) + { + return task_thread_info(p)->status & TS_POLLING; + } +-static inline void current_set_polling(void) ++static inline void __current_set_polling(void) + { + current_thread_info()->status |= TS_POLLING; + } + +-static inline void current_clr_polling(void) ++static inline bool __must_check current_set_polling_and_test(void) ++{ ++ __current_set_polling(); ++ ++ /* ++ * Polling state must be visible before we test NEED_RESCHED, ++ * paired by resched_task() ++ */ ++ smp_mb(); ++ ++ return unlikely(tif_need_resched()); ++} ++ ++static inline void __current_clr_polling(void) + { + current_thread_info()->status &= ~TS_POLLING; +- smp_mb__after_clear_bit(); ++} ++ ++static inline bool __must_check current_clr_polling_and_test(void) ++{ ++ __current_clr_polling(); ++ ++ /* ++ * Polling state must be visible before we test NEED_RESCHED, ++ * paired by resched_task() ++ */ ++ smp_mb(); ++ ++ return unlikely(tif_need_resched()); + } + #elif defined(TIF_POLLING_NRFLAG) + static inline int tsk_is_polling(struct task_struct *p) + { + return test_tsk_thread_flag(p, TIF_POLLING_NRFLAG); + } +-static inline void current_set_polling(void) ++ ++static inline void __current_set_polling(void) + { + set_thread_flag(TIF_POLLING_NRFLAG); + } + +-static inline void current_clr_polling(void) ++static inline bool __must_check current_set_polling_and_test(void) ++{ ++ __current_set_polling(); ++ ++ /* ++ * Polling state must be visible before we test NEED_RESCHED, ++ * paired by resched_task() ++ * ++ * XXX: assumes set/clear bit are identical barrier wise. ++ */ ++ smp_mb__after_clear_bit(); ++ ++ return unlikely(tif_need_resched()); ++} ++ ++static inline void __current_clr_polling(void) + { + clear_thread_flag(TIF_POLLING_NRFLAG); + } ++ ++static inline bool __must_check current_clr_polling_and_test(void) ++{ ++ __current_clr_polling(); ++ ++ /* ++ * Polling state must be visible before we test NEED_RESCHED, ++ * paired by resched_task() ++ */ ++ smp_mb__after_clear_bit(); ++ ++ return unlikely(tif_need_resched()); ++} ++ + #else + static inline int tsk_is_polling(struct task_struct *p) { return 0; } +-static inline void current_set_polling(void) { } +-static inline void current_clr_polling(void) { } ++static inline void __current_set_polling(void) { } ++static inline void __current_clr_polling(void) { } ++ ++static inline bool __must_check current_set_polling_and_test(void) ++{ ++ return unlikely(tif_need_resched()); ++} ++static inline bool __must_check current_clr_polling_and_test(void) ++{ ++ return unlikely(tif_need_resched()); ++} + #endif + + /* +diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h +index e7e0473..4ae6f32 100644 +--- a/include/linux/thread_info.h ++++ b/include/linux/thread_info.h +@@ -107,6 +107,8 @@ static inline int test_ti_thread_flag(struct thread_info *ti, int flag) + #define set_need_resched() set_thread_flag(TIF_NEED_RESCHED) + #define clear_need_resched() clear_thread_flag(TIF_NEED_RESCHED) + ++#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED) ++ + #if defined TIF_RESTORE_SIGMASK && !defined HAVE_SET_RESTORE_SIGMASK + /* + * An arch can define its own version of set_restore_sigmask() to get the +diff --git a/include/linux/usb.h b/include/linux/usb.h +index 001629c..39cfa0a 100644 +--- a/include/linux/usb.h ++++ b/include/linux/usb.h +@@ -475,7 +475,8 @@ struct usb3_lpm_parameters { + * @lpm_capable: device supports LPM + * @usb2_hw_lpm_capable: device can perform USB2 hardware LPM + * @usb2_hw_lpm_besl_capable: device can perform USB2 hardware BESL LPM +- * @usb2_hw_lpm_enabled: USB2 hardware LPM enabled ++ * @usb2_hw_lpm_enabled: USB2 hardware LPM is enabled ++ * @usb2_hw_lpm_allowed: Userspace allows USB 2.0 LPM to be enabled + * @usb3_lpm_enabled: USB3 hardware LPM enabled + * @string_langid: language ID for strings + * @product: iProduct string, if present (static) +@@ -548,6 +549,7 @@ struct usb_device { + unsigned usb2_hw_lpm_capable:1; + unsigned usb2_hw_lpm_besl_capable:1; + unsigned usb2_hw_lpm_enabled:1; ++ unsigned usb2_hw_lpm_allowed:1; + unsigned usb3_lpm_enabled:1; + int string_langid; + +diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h +index 9031a26..ae6c3b8 100644 +--- a/include/sound/compress_driver.h ++++ b/include/sound/compress_driver.h +@@ -171,4 +171,13 @@ static inline void snd_compr_fragment_elapsed(struct snd_compr_stream *stream) + wake_up(&stream->runtime->sleep); + } + ++static inline void snd_compr_drain_notify(struct snd_compr_stream *stream) ++{ ++ if (snd_BUG_ON(!stream)) ++ return; ++ ++ stream->runtime->state = SNDRV_PCM_STATE_SETUP; ++ wake_up(&stream->runtime->sleep); ++} ++ + #endif +diff --git a/ipc/shm.c b/ipc/shm.c +index d697396..7a51443 100644 +--- a/ipc/shm.c ++++ b/ipc/shm.c +@@ -208,15 +208,18 @@ static void shm_open(struct vm_area_struct *vma) + */ + static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp) + { ++ struct file *shm_file; ++ ++ shm_file = shp->shm_file; ++ shp->shm_file = NULL; + ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT; + shm_rmid(ns, shp); + shm_unlock(shp); +- if (!is_file_hugepages(shp->shm_file)) +- shmem_lock(shp->shm_file, 0, shp->mlock_user); ++ if (!is_file_hugepages(shm_file)) ++ shmem_lock(shm_file, 0, shp->mlock_user); + else if (shp->mlock_user) +- user_shm_unlock(file_inode(shp->shm_file)->i_size, +- shp->mlock_user); +- fput (shp->shm_file); ++ user_shm_unlock(file_inode(shm_file)->i_size, shp->mlock_user); ++ fput(shm_file); + ipc_rcu_putref(shp, shm_rcu_free); + } + +@@ -974,15 +977,25 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) + ipc_lock_object(&shp->shm_perm); + if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { + kuid_t euid = current_euid(); +- err = -EPERM; + if (!uid_eq(euid, shp->shm_perm.uid) && +- !uid_eq(euid, shp->shm_perm.cuid)) ++ !uid_eq(euid, shp->shm_perm.cuid)) { ++ err = -EPERM; + goto out_unlock0; +- if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) ++ } ++ if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) { ++ err = -EPERM; + goto out_unlock0; ++ } + } + + shm_file = shp->shm_file; ++ ++ /* check if shm_destroy() is tearing down shp */ ++ if (shm_file == NULL) { ++ err = -EIDRM; ++ goto out_unlock0; ++ } ++ + if (is_file_hugepages(shm_file)) + goto out_unlock0; + +@@ -1101,6 +1114,14 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, + goto out_unlock; + + ipc_lock_object(&shp->shm_perm); ++ ++ /* check if shm_destroy() is tearing down shp */ ++ if (shp->shm_file == NULL) { ++ ipc_unlock_object(&shp->shm_perm); ++ err = -EIDRM; ++ goto out_unlock; ++ } ++ + path = shp->shm_file->f_path; + path_get(&path); + shp->shm_nattch++; +diff --git a/kernel/cpu/idle.c b/kernel/cpu/idle.c +index e695c0a..c261409 100644 +--- a/kernel/cpu/idle.c ++++ b/kernel/cpu/idle.c +@@ -44,7 +44,7 @@ static inline int cpu_idle_poll(void) + rcu_idle_enter(); + trace_cpu_idle_rcuidle(0, smp_processor_id()); + local_irq_enable(); +- while (!need_resched()) ++ while (!tif_need_resched()) + cpu_relax(); + trace_cpu_idle_rcuidle(PWR_EVENT_EXIT, smp_processor_id()); + rcu_idle_exit(); +@@ -92,8 +92,7 @@ static void cpu_idle_loop(void) + if (cpu_idle_force_poll || tick_check_broadcast_expired()) { + cpu_idle_poll(); + } else { +- current_clr_polling(); +- if (!need_resched()) { ++ if (!current_clr_polling_and_test()) { + stop_critical_timings(); + rcu_idle_enter(); + arch_cpu_idle(); +@@ -103,7 +102,7 @@ static void cpu_idle_loop(void) + } else { + local_irq_enable(); + } +- current_set_polling(); ++ __current_set_polling(); + } + arch_cpu_idle_exit(); + } +@@ -129,7 +128,7 @@ void cpu_startup_entry(enum cpuhp_state state) + */ + boot_init_stack_canary(); + #endif +- current_set_polling(); ++ __current_set_polling(); + arch_cpu_idle_prepare(); + cpu_idle_loop(); + } +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index dd562e9..1f4bcb3 100644 +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c +@@ -257,7 +257,8 @@ ok: + if (task->mm) + dumpable = get_dumpable(task->mm); + rcu_read_lock(); +- if (!dumpable && !ptrace_has_cap(__task_cred(task)->user_ns, mode)) { ++ if (dumpable != SUID_DUMP_USER && ++ !ptrace_has_cap(__task_cred(task)->user_ns, mode)) { + rcu_read_unlock(); + return -EPERM; + } +diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c +index 80c36bc..78e27e3 100644 +--- a/kernel/trace/trace_event_perf.c ++++ b/kernel/trace/trace_event_perf.c +@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event, + { + /* The ftrace function trace is allowed only for root. */ + if (ftrace_event_is_function(tp_event) && +- perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) ++ perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + /* No tracing, just counting, so no obvious leak */ +diff --git a/mm/slub.c b/mm/slub.c +index c3eb3d3..96f2169 100644 +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -1217,8 +1217,8 @@ static unsigned long kmem_cache_flags(unsigned long object_size, + /* + * Enable debugging if selected on the kernel commandline. + */ +- if (slub_debug && (!slub_debug_slabs || +- !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs)))) ++ if (slub_debug && (!slub_debug_slabs || (name && ++ !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs))))) + flags |= slub_debug; + + return flags; +diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c +index 0846566..cc24323 100644 +--- a/net/sunrpc/auth_gss/auth_gss.c ++++ b/net/sunrpc/auth_gss/auth_gss.c +@@ -482,6 +482,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, + switch (vers) { + case 0: + gss_encode_v0_msg(gss_msg); ++ break; + default: + gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name); + }; +diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c +index 7747960..941d19f 100644 +--- a/net/sunrpc/clnt.c ++++ b/net/sunrpc/clnt.c +@@ -656,14 +656,16 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client); + /* + * Free an RPC client + */ +-static void ++static struct rpc_clnt * + rpc_free_client(struct rpc_clnt *clnt) + { ++ struct rpc_clnt *parent = NULL; ++ + dprintk_rcu("RPC: destroying %s client for %s\n", + clnt->cl_program->name, + rcu_dereference(clnt->cl_xprt)->servername); + if (clnt->cl_parent != clnt) +- rpc_release_client(clnt->cl_parent); ++ parent = clnt->cl_parent; + rpc_clnt_remove_pipedir(clnt); + rpc_unregister_client(clnt); + rpc_free_iostats(clnt->cl_metrics); +@@ -672,18 +674,17 @@ rpc_free_client(struct rpc_clnt *clnt) + rpciod_down(); + rpc_free_clid(clnt); + kfree(clnt); ++ return parent; + } + + /* + * Free an RPC client + */ +-static void ++static struct rpc_clnt * + rpc_free_auth(struct rpc_clnt *clnt) + { +- if (clnt->cl_auth == NULL) { +- rpc_free_client(clnt); +- return; +- } ++ if (clnt->cl_auth == NULL) ++ return rpc_free_client(clnt); + + /* + * Note: RPCSEC_GSS may need to send NULL RPC calls in order to +@@ -694,7 +695,8 @@ rpc_free_auth(struct rpc_clnt *clnt) + rpcauth_release(clnt->cl_auth); + clnt->cl_auth = NULL; + if (atomic_dec_and_test(&clnt->cl_count)) +- rpc_free_client(clnt); ++ return rpc_free_client(clnt); ++ return NULL; + } + + /* +@@ -705,10 +707,13 @@ rpc_release_client(struct rpc_clnt *clnt) + { + dprintk("RPC: rpc_release_client(%p)\n", clnt); + +- if (list_empty(&clnt->cl_tasks)) +- wake_up(&destroy_wait); +- if (atomic_dec_and_test(&clnt->cl_count)) +- rpc_free_auth(clnt); ++ do { ++ if (list_empty(&clnt->cl_tasks)) ++ wake_up(&destroy_wait); ++ if (!atomic_dec_and_test(&clnt->cl_count)) ++ break; ++ clnt = rpc_free_auth(clnt); ++ } while (clnt != NULL); + } + EXPORT_SYMBOL_GPL(rpc_release_client); + +diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c +index ee03d35..b752e1d 100644 +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -393,8 +393,10 @@ static int xs_send_kvec(struct socket *sock, struct sockaddr *addr, int addrlen, + return kernel_sendmsg(sock, &msg, NULL, 0, 0); + } + +-static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more) ++static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more, bool zerocopy) + { ++ ssize_t (*do_sendpage)(struct socket *sock, struct page *page, ++ int offset, size_t size, int flags); + struct page **ppage; + unsigned int remainder; + int err, sent = 0; +@@ -403,6 +405,9 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i + base += xdr->page_base; + ppage = xdr->pages + (base >> PAGE_SHIFT); + base &= ~PAGE_MASK; ++ do_sendpage = sock->ops->sendpage; ++ if (!zerocopy) ++ do_sendpage = sock_no_sendpage; + for(;;) { + unsigned int len = min_t(unsigned int, PAGE_SIZE - base, remainder); + int flags = XS_SENDMSG_FLAGS; +@@ -410,7 +415,7 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i + remainder -= len; + if (remainder != 0 || more) + flags |= MSG_MORE; +- err = sock->ops->sendpage(sock, *ppage, base, len, flags); ++ err = do_sendpage(sock, *ppage, base, len, flags); + if (remainder == 0 || err != len) + break; + sent += err; +@@ -431,9 +436,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i + * @addrlen: UDP only -- length of destination address + * @xdr: buffer containing this request + * @base: starting position in the buffer ++ * @zerocopy: true if it is safe to use sendpage() + * + */ +-static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base) ++static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base, bool zerocopy) + { + unsigned int remainder = xdr->len - base; + int err, sent = 0; +@@ -461,7 +467,7 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, + if (base < xdr->page_len) { + unsigned int len = xdr->page_len - base; + remainder -= len; +- err = xs_send_pagedata(sock, xdr, base, remainder != 0); ++ err = xs_send_pagedata(sock, xdr, base, remainder != 0, zerocopy); + if (remainder == 0 || err != len) + goto out; + sent += err; +@@ -564,7 +570,7 @@ static int xs_local_send_request(struct rpc_task *task) + req->rq_svec->iov_base, req->rq_svec->iov_len); + + status = xs_sendpages(transport->sock, NULL, 0, +- xdr, req->rq_bytes_sent); ++ xdr, req->rq_bytes_sent, true); + dprintk("RPC: %s(%u) = %d\n", + __func__, xdr->len - req->rq_bytes_sent, status); + if (likely(status >= 0)) { +@@ -620,7 +626,7 @@ static int xs_udp_send_request(struct rpc_task *task) + status = xs_sendpages(transport->sock, + xs_addr(xprt), + xprt->addrlen, xdr, +- req->rq_bytes_sent); ++ req->rq_bytes_sent, true); + + dprintk("RPC: xs_udp_send_request(%u) = %d\n", + xdr->len - req->rq_bytes_sent, status); +@@ -693,6 +699,7 @@ static int xs_tcp_send_request(struct rpc_task *task) + struct rpc_xprt *xprt = req->rq_xprt; + struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); + struct xdr_buf *xdr = &req->rq_snd_buf; ++ bool zerocopy = true; + int status; + + xs_encode_stream_record_marker(&req->rq_snd_buf); +@@ -700,13 +707,20 @@ static int xs_tcp_send_request(struct rpc_task *task) + xs_pktdump("packet data:", + req->rq_svec->iov_base, + req->rq_svec->iov_len); ++ /* Don't use zero copy if this is a resend. If the RPC call ++ * completes while the socket holds a reference to the pages, ++ * then we may end up resending corrupted data. ++ */ ++ if (task->tk_flags & RPC_TASK_SENT) ++ zerocopy = false; + + /* Continue transmitting the packet/record. We must be careful + * to cope with writespace callbacks arriving _after_ we have + * called sendmsg(). */ + while (1) { + status = xs_sendpages(transport->sock, +- NULL, 0, xdr, req->rq_bytes_sent); ++ NULL, 0, xdr, req->rq_bytes_sent, ++ zerocopy); + + dprintk("RPC: xs_tcp_send_request(%u) = %d\n", + xdr->len - req->rq_bytes_sent, status); +diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c +index 399433a..a9c3d3c 100644 +--- a/security/integrity/ima/ima_policy.c ++++ b/security/integrity/ima/ima_policy.c +@@ -73,7 +73,6 @@ static struct ima_rule_entry default_rules[] = { + {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, +- {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, +diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c +index bea523a..d9af638 100644 +--- a/sound/core/compress_offload.c ++++ b/sound/core/compress_offload.c +@@ -680,14 +680,48 @@ static int snd_compr_stop(struct snd_compr_stream *stream) + return -EPERM; + retval = stream->ops->trigger(stream, SNDRV_PCM_TRIGGER_STOP); + if (!retval) { +- stream->runtime->state = SNDRV_PCM_STATE_SETUP; +- wake_up(&stream->runtime->sleep); ++ snd_compr_drain_notify(stream); + stream->runtime->total_bytes_available = 0; + stream->runtime->total_bytes_transferred = 0; + } + return retval; + } + ++static int snd_compress_wait_for_drain(struct snd_compr_stream *stream) ++{ ++ int ret; ++ ++ /* ++ * We are called with lock held. So drop the lock while we wait for ++ * drain complete notfication from the driver ++ * ++ * It is expected that driver will notify the drain completion and then ++ * stream will be moved to SETUP state, even if draining resulted in an ++ * error. We can trigger next track after this. ++ */ ++ stream->runtime->state = SNDRV_PCM_STATE_DRAINING; ++ mutex_unlock(&stream->device->lock); ++ ++ /* we wait for drain to complete here, drain can return when ++ * interruption occurred, wait returned error or success. ++ * For the first two cases we don't do anything different here and ++ * return after waking up ++ */ ++ ++ ret = wait_event_interruptible(stream->runtime->sleep, ++ (stream->runtime->state != SNDRV_PCM_STATE_DRAINING)); ++ if (ret == -ERESTARTSYS) ++ pr_debug("wait aborted by a signal"); ++ else if (ret) ++ pr_debug("wait for drain failed with %d\n", ret); ++ ++ ++ wake_up(&stream->runtime->sleep); ++ mutex_lock(&stream->device->lock); ++ ++ return ret; ++} ++ + static int snd_compr_drain(struct snd_compr_stream *stream) + { + int retval; +@@ -695,12 +729,15 @@ static int snd_compr_drain(struct snd_compr_stream *stream) + if (stream->runtime->state == SNDRV_PCM_STATE_PREPARED || + stream->runtime->state == SNDRV_PCM_STATE_SETUP) + return -EPERM; ++ + retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_DRAIN); +- if (!retval) { +- stream->runtime->state = SNDRV_PCM_STATE_DRAINING; ++ if (retval) { ++ pr_debug("SND_COMPR_TRIGGER_DRAIN failed %d\n", retval); + wake_up(&stream->runtime->sleep); ++ return retval; + } +- return retval; ++ ++ return snd_compress_wait_for_drain(stream); + } + + static int snd_compr_next_track(struct snd_compr_stream *stream) +@@ -736,9 +773,14 @@ static int snd_compr_partial_drain(struct snd_compr_stream *stream) + return -EPERM; + + retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_PARTIAL_DRAIN); ++ if (retval) { ++ pr_debug("Partial drain returned failure\n"); ++ wake_up(&stream->runtime->sleep); ++ return retval; ++ } + + stream->next_track = false; +- return retval; ++ return snd_compress_wait_for_drain(stream); + } + + static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg) +diff --git a/sound/drivers/pcsp/pcsp.c b/sound/drivers/pcsp/pcsp.c +index 1c19cd7..83b8a9a 100644 +--- a/sound/drivers/pcsp/pcsp.c ++++ b/sound/drivers/pcsp/pcsp.c +@@ -187,8 +187,8 @@ static int pcsp_probe(struct platform_device *dev) + static int pcsp_remove(struct platform_device *dev) + { + struct snd_pcsp *chip = platform_get_drvdata(dev); +- alsa_card_pcsp_exit(chip); + pcspkr_input_remove(chip->input_dev); ++ alsa_card_pcsp_exit(chip); + return 0; + } + +diff --git a/sound/isa/msnd/msnd_pinnacle.c b/sound/isa/msnd/msnd_pinnacle.c +index 81aeb93..0a90bd6 100644 +--- a/sound/isa/msnd/msnd_pinnacle.c ++++ b/sound/isa/msnd/msnd_pinnacle.c +@@ -73,9 +73,11 @@ + #ifdef MSND_CLASSIC + # include "msnd_classic.h" + # define LOGNAME "msnd_classic" ++# define DEV_NAME "msnd-classic" + #else + # include "msnd_pinnacle.h" + # define LOGNAME "snd_msnd_pinnacle" ++# define DEV_NAME "msnd-pinnacle" + #endif + + static void set_default_audio_parameters(struct snd_msnd *chip) +@@ -1067,8 +1069,6 @@ static int snd_msnd_isa_remove(struct device *pdev, unsigned int dev) + return 0; + } + +-#define DEV_NAME "msnd-pinnacle" +- + static struct isa_driver snd_msnd_driver = { + .match = snd_msnd_isa_match, + .probe = snd_msnd_isa_probe, +diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c +index 748c6a9..e938a68 100644 +--- a/sound/pci/hda/hda_codec.c ++++ b/sound/pci/hda/hda_codec.c +@@ -2579,9 +2579,6 @@ int snd_hda_codec_reset(struct hda_codec *codec) + cancel_delayed_work_sync(&codec->jackpoll_work); + #ifdef CONFIG_PM + cancel_delayed_work_sync(&codec->power_work); +- codec->power_on = 0; +- codec->power_transition = 0; +- codec->power_jiffies = jiffies; + flush_workqueue(bus->workq); + #endif + snd_hda_ctls_clear(codec); +@@ -3991,6 +3988,10 @@ static void hda_call_codec_resume(struct hda_codec *codec) + * in the resume / power-save sequence + */ + hda_keep_power_on(codec); ++ if (codec->pm_down_notified) { ++ codec->pm_down_notified = 0; ++ hda_call_pm_notify(codec->bus, true); ++ } + hda_set_power_state(codec, AC_PWRST_D0); + restore_shutup_pins(codec); + hda_exec_init_verbs(codec); +diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c +index b7c89df..3067ed4 100644 +--- a/sound/pci/hda/hda_generic.c ++++ b/sound/pci/hda/hda_generic.c +@@ -549,11 +549,15 @@ static hda_nid_t look_for_out_mute_nid(struct hda_codec *codec, + static hda_nid_t look_for_out_vol_nid(struct hda_codec *codec, + struct nid_path *path) + { ++ struct hda_gen_spec *spec = codec->spec; + int i; + + for (i = path->depth - 1; i >= 0; i--) { +- if (nid_has_volume(codec, path->path[i], HDA_OUTPUT)) +- return path->path[i]; ++ hda_nid_t nid = path->path[i]; ++ if ((spec->out_vol_mask >> nid) & 1) ++ continue; ++ if (nid_has_volume(codec, nid, HDA_OUTPUT)) ++ return nid; + } + return 0; + } +@@ -792,10 +796,10 @@ static void set_pin_eapd(struct hda_codec *codec, hda_nid_t pin, bool enable) + if (spec->own_eapd_ctl || + !(snd_hda_query_pin_caps(codec, pin) & AC_PINCAP_EAPD)) + return; +- if (codec->inv_eapd) +- enable = !enable; + if (spec->keep_eapd_on && !enable) + return; ++ if (codec->inv_eapd) ++ enable = !enable; + snd_hda_codec_update_cache(codec, pin, 0, + AC_VERB_SET_EAPD_BTLENABLE, + enable ? 0x02 : 0x00); +diff --git a/sound/pci/hda/hda_generic.h b/sound/pci/hda/hda_generic.h +index 48d4402..7e45cb4 100644 +--- a/sound/pci/hda/hda_generic.h ++++ b/sound/pci/hda/hda_generic.h +@@ -242,6 +242,9 @@ struct hda_gen_spec { + /* additional mute flags (only effective with auto_mute_via_amp=1) */ + u64 mute_bits; + ++ /* bitmask for skipping volume controls */ ++ u64 out_vol_mask; ++ + /* badness tables for output path evaluations */ + const struct badness_table *main_out_badness; + const struct badness_table *extra_out_badness; +diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c +index 6e61a01..a63aff2 100644 +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -612,6 +612,11 @@ enum { + #define AZX_DCAPS_INTEL_PCH \ + (AZX_DCAPS_INTEL_PCH_NOPM | AZX_DCAPS_PM_RUNTIME) + ++#define AZX_DCAPS_INTEL_HASWELL \ ++ (AZX_DCAPS_SCH_SNOOP | AZX_DCAPS_ALIGN_BUFSIZE | \ ++ AZX_DCAPS_COUNT_LPIB_DELAY | AZX_DCAPS_PM_RUNTIME | \ ++ AZX_DCAPS_I915_POWERWELL) ++ + /* quirks for ATI SB / AMD Hudson */ + #define AZX_DCAPS_PRESET_ATI_SB \ + (AZX_DCAPS_ATI_SNOOP | AZX_DCAPS_NO_TCSEL | \ +@@ -3987,14 +3992,11 @@ static DEFINE_PCI_DEVICE_TABLE(azx_ids) = { + .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH }, + /* Haswell */ + { PCI_DEVICE(0x8086, 0x0a0c), +- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH | +- AZX_DCAPS_I915_POWERWELL }, ++ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL }, + { PCI_DEVICE(0x8086, 0x0c0c), +- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH | +- AZX_DCAPS_I915_POWERWELL }, ++ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL }, + { PCI_DEVICE(0x8086, 0x0d0c), +- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH | +- AZX_DCAPS_I915_POWERWELL }, ++ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL }, + /* 5 Series/3400 */ + { PCI_DEVICE(0x8086, 0x3b56), + .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_NOPM }, +diff --git a/sound/pci/hda/patch_analog.c b/sound/pci/hda/patch_analog.c +index 2aa2f57..a52d2a1 100644 +--- a/sound/pci/hda/patch_analog.c ++++ b/sound/pci/hda/patch_analog.c +@@ -219,8 +219,12 @@ static int alloc_ad_spec(struct hda_codec *codec) + static void ad_fixup_inv_jack_detect(struct hda_codec *codec, + const struct hda_fixup *fix, int action) + { +- if (action == HDA_FIXUP_ACT_PRE_PROBE) ++ struct ad198x_spec *spec = codec->spec; ++ ++ if (action == HDA_FIXUP_ACT_PRE_PROBE) { + codec->inv_jack_detect = 1; ++ spec->gen.keep_eapd_on = 1; ++ } + } + + enum { +diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c +index 18d9725..072755c 100644 +--- a/sound/pci/hda/patch_cirrus.c ++++ b/sound/pci/hda/patch_cirrus.c +@@ -597,6 +597,7 @@ static int patch_cs420x(struct hda_codec *codec) + * Its layout is no longer compatible with CS4206/CS4207 + */ + enum { ++ CS4208_MAC_AUTO, + CS4208_MBA6, + CS4208_GPIO0, + }; +@@ -608,7 +609,12 @@ static const struct hda_model_fixup cs4208_models[] = { + }; + + static const struct snd_pci_quirk cs4208_fixup_tbl[] = { +- /* codec SSID */ ++ SND_PCI_QUIRK_VENDOR(0x106b, "Apple", CS4208_MAC_AUTO), ++ {} /* terminator */ ++}; ++ ++/* codec SSID matching */ ++static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = { + SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6), + SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6), + {} /* terminator */ +@@ -626,6 +632,20 @@ static void cs4208_fixup_gpio0(struct hda_codec *codec, + } + } + ++static const struct hda_fixup cs4208_fixups[]; ++ ++/* remap the fixup from codec SSID and apply it */ ++static void cs4208_fixup_mac(struct hda_codec *codec, ++ const struct hda_fixup *fix, int action) ++{ ++ if (action != HDA_FIXUP_ACT_PRE_PROBE) ++ return; ++ snd_hda_pick_fixup(codec, NULL, cs4208_mac_fixup_tbl, cs4208_fixups); ++ if (codec->fixup_id < 0 || codec->fixup_id == CS4208_MAC_AUTO) ++ codec->fixup_id = CS4208_GPIO0; /* default fixup */ ++ snd_hda_apply_fixup(codec, action); ++} ++ + static const struct hda_fixup cs4208_fixups[] = { + [CS4208_MBA6] = { + .type = HDA_FIXUP_PINS, +@@ -637,6 +657,10 @@ static const struct hda_fixup cs4208_fixups[] = { + .type = HDA_FIXUP_FUNC, + .v.func = cs4208_fixup_gpio0, + }, ++ [CS4208_MAC_AUTO] = { ++ .type = HDA_FIXUP_FUNC, ++ .v.func = cs4208_fixup_mac, ++ }, + }; + + /* correct the 0dB offset of input pins */ +@@ -660,6 +684,8 @@ static int patch_cs4208(struct hda_codec *codec) + return -ENOMEM; + + spec->gen.automute_hook = cs_automute; ++ /* exclude NID 0x10 (HP) from output volumes due to different steps */ ++ spec->gen.out_vol_mask = 1ULL << 0x10; + + snd_hda_pick_fixup(codec, cs4208_models, cs4208_fixup_tbl, + cs4208_fixups); +diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c +index ec68eae..96f07ce 100644 +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -3568,6 +3568,8 @@ static const struct hda_codec_preset snd_hda_preset_conexant[] = { + .patch = patch_conexant_auto }, + { .id = 0x14f15115, .name = "CX20757", + .patch = patch_conexant_auto }, ++ { .id = 0x14f151d7, .name = "CX20952", ++ .patch = patch_conexant_auto }, + {} /* terminator */ + }; + +@@ -3594,6 +3596,7 @@ MODULE_ALIAS("snd-hda-codec-id:14f15111"); + MODULE_ALIAS("snd-hda-codec-id:14f15113"); + MODULE_ALIAS("snd-hda-codec-id:14f15114"); + MODULE_ALIAS("snd-hda-codec-id:14f15115"); ++MODULE_ALIAS("snd-hda-codec-id:14f151d7"); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Conexant HD-audio codec"); +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 8ad5543..2f39631 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -1043,6 +1043,7 @@ enum { + ALC880_FIXUP_UNIWILL, + ALC880_FIXUP_UNIWILL_DIG, + ALC880_FIXUP_Z71V, ++ ALC880_FIXUP_ASUS_W5A, + ALC880_FIXUP_3ST_BASE, + ALC880_FIXUP_3ST, + ALC880_FIXUP_3ST_DIG, +@@ -1213,6 +1214,26 @@ static const struct hda_fixup alc880_fixups[] = { + { } + } + }, ++ [ALC880_FIXUP_ASUS_W5A] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ /* set up the whole pins as BIOS is utterly broken */ ++ { 0x14, 0x0121411f }, /* HP */ ++ { 0x15, 0x411111f0 }, /* N/A */ ++ { 0x16, 0x411111f0 }, /* N/A */ ++ { 0x17, 0x411111f0 }, /* N/A */ ++ { 0x18, 0x90a60160 }, /* mic */ ++ { 0x19, 0x411111f0 }, /* N/A */ ++ { 0x1a, 0x411111f0 }, /* N/A */ ++ { 0x1b, 0x411111f0 }, /* N/A */ ++ { 0x1c, 0x411111f0 }, /* N/A */ ++ { 0x1d, 0x411111f0 }, /* N/A */ ++ { 0x1e, 0xb743111e }, /* SPDIF out */ ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC880_FIXUP_GPIO1, ++ }, + [ALC880_FIXUP_3ST_BASE] = { + .type = HDA_FIXUP_PINS, + .v.pins = (const struct hda_pintbl[]) { +@@ -1334,6 +1355,7 @@ static const struct hda_fixup alc880_fixups[] = { + + static const struct snd_pci_quirk alc880_fixup_tbl[] = { + SND_PCI_QUIRK(0x1019, 0x0f69, "Coeus G610P", ALC880_FIXUP_W810), ++ SND_PCI_QUIRK(0x1043, 0x10c3, "ASUS W5A", ALC880_FIXUP_ASUS_W5A), + SND_PCI_QUIRK(0x1043, 0x1964, "ASUS Z71V", ALC880_FIXUP_Z71V), + SND_PCI_QUIRK_VENDOR(0x1043, "ASUS", ALC880_FIXUP_GPIO1), + SND_PCI_QUIRK(0x1558, 0x5401, "Clevo GPIO2", ALC880_FIXUP_GPIO2), +@@ -1479,6 +1501,7 @@ enum { + ALC260_FIXUP_KN1, + ALC260_FIXUP_FSC_S7020, + ALC260_FIXUP_FSC_S7020_JWSE, ++ ALC260_FIXUP_VAIO_PINS, + }; + + static void alc260_gpio1_automute(struct hda_codec *codec) +@@ -1619,6 +1642,24 @@ static const struct hda_fixup alc260_fixups[] = { + .chained = true, + .chain_id = ALC260_FIXUP_FSC_S7020, + }, ++ [ALC260_FIXUP_VAIO_PINS] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ /* Pin configs are missing completely on some VAIOs */ ++ { 0x0f, 0x01211020 }, ++ { 0x10, 0x0001003f }, ++ { 0x11, 0x411111f0 }, ++ { 0x12, 0x01a15930 }, ++ { 0x13, 0x411111f0 }, ++ { 0x14, 0x411111f0 }, ++ { 0x15, 0x411111f0 }, ++ { 0x16, 0x411111f0 }, ++ { 0x17, 0x411111f0 }, ++ { 0x18, 0x411111f0 }, ++ { 0x19, 0x411111f0 }, ++ { } ++ } ++ }, + }; + + static const struct snd_pci_quirk alc260_fixup_tbl[] = { +@@ -1627,6 +1668,8 @@ static const struct snd_pci_quirk alc260_fixup_tbl[] = { + SND_PCI_QUIRK(0x1025, 0x008f, "Acer", ALC260_FIXUP_GPIO1), + SND_PCI_QUIRK(0x103c, 0x280a, "HP dc5750", ALC260_FIXUP_HP_DC5750), + SND_PCI_QUIRK(0x103c, 0x30ba, "HP Presario B1900", ALC260_FIXUP_HP_B1900), ++ SND_PCI_QUIRK(0x104d, 0x81bb, "Sony VAIO", ALC260_FIXUP_VAIO_PINS), ++ SND_PCI_QUIRK(0x104d, 0x81e2, "Sony VAIO TX", ALC260_FIXUP_HP_PIN_0F), + SND_PCI_QUIRK(0x10cf, 0x1326, "FSC LifeBook S7020", ALC260_FIXUP_FSC_S7020), + SND_PCI_QUIRK(0x1509, 0x4540, "Favorit 100XS", ALC260_FIXUP_GPIO1), + SND_PCI_QUIRK(0x152d, 0x0729, "Quanta KN1", ALC260_FIXUP_KN1), +@@ -2388,6 +2431,7 @@ static const struct hda_verb alc268_beep_init_verbs[] = { + enum { + ALC268_FIXUP_INV_DMIC, + ALC268_FIXUP_HP_EAPD, ++ ALC268_FIXUP_SPDIF, + }; + + static const struct hda_fixup alc268_fixups[] = { +@@ -2402,6 +2446,13 @@ static const struct hda_fixup alc268_fixups[] = { + {} + } + }, ++ [ALC268_FIXUP_SPDIF] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x1e, 0x014b1180 }, /* enable SPDIF out */ ++ {} ++ } ++ }, + }; + + static const struct hda_model_fixup alc268_fixup_models[] = { +@@ -2411,6 +2462,7 @@ static const struct hda_model_fixup alc268_fixup_models[] = { + }; + + static const struct snd_pci_quirk alc268_fixup_tbl[] = { ++ SND_PCI_QUIRK(0x1025, 0x0139, "Acer TravelMate 6293", ALC268_FIXUP_SPDIF), + SND_PCI_QUIRK(0x1025, 0x015b, "Acer AOA 150 (ZG5)", ALC268_FIXUP_INV_DMIC), + /* below is codec SSID since multiple Toshiba laptops have the + * same PCI SSID 1179:ff00 +@@ -2540,6 +2592,7 @@ enum { + ALC269_TYPE_ALC283, + ALC269_TYPE_ALC284, + ALC269_TYPE_ALC286, ++ ALC269_TYPE_ALC255, + }; + + /* +@@ -2565,6 +2618,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec) + case ALC269_TYPE_ALC282: + case ALC269_TYPE_ALC283: + case ALC269_TYPE_ALC286: ++ case ALC269_TYPE_ALC255: + ssids = alc269_ssids; + break; + default: +@@ -2944,6 +2998,23 @@ static void alc269_fixup_mic_mute_hook(void *private_data, int enabled) + snd_hda_set_pin_ctl_cache(codec, spec->mute_led_nid, pinval); + } + ++/* Make sure the led works even in runtime suspend */ ++static unsigned int led_power_filter(struct hda_codec *codec, ++ hda_nid_t nid, ++ unsigned int power_state) ++{ ++ struct alc_spec *spec = codec->spec; ++ ++ if (power_state != AC_PWRST_D3 || nid != spec->mute_led_nid) ++ return power_state; ++ ++ /* Set pin ctl again, it might have just been set to 0 */ ++ snd_hda_set_pin_ctl(codec, nid, ++ snd_hda_codec_get_pin_target(codec, nid)); ++ ++ return AC_PWRST_D0; ++} ++ + static void alc269_fixup_hp_mute_led(struct hda_codec *codec, + const struct hda_fixup *fix, int action) + { +@@ -2963,6 +3034,7 @@ static void alc269_fixup_hp_mute_led(struct hda_codec *codec, + spec->mute_led_nid = pin - 0x0a + 0x18; + spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook; + spec->gen.vmaster_mute_enum = 1; ++ codec->power_filter = led_power_filter; + snd_printd("Detected mute LED for %x:%d\n", spec->mute_led_nid, + spec->mute_led_polarity); + break; +@@ -2978,6 +3050,7 @@ static void alc269_fixup_hp_mute_led_mic1(struct hda_codec *codec, + spec->mute_led_nid = 0x18; + spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook; + spec->gen.vmaster_mute_enum = 1; ++ codec->power_filter = led_power_filter; + } + } + +@@ -2990,6 +3063,7 @@ static void alc269_fixup_hp_mute_led_mic2(struct hda_codec *codec, + spec->mute_led_nid = 0x19; + spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook; + spec->gen.vmaster_mute_enum = 1; ++ codec->power_filter = led_power_filter; + } + } + +@@ -3230,8 +3304,10 @@ static void alc_update_headset_mode(struct hda_codec *codec) + else + new_headset_mode = ALC_HEADSET_MODE_HEADPHONE; + +- if (new_headset_mode == spec->current_headset_mode) ++ if (new_headset_mode == spec->current_headset_mode) { ++ snd_hda_gen_update_outputs(codec); + return; ++ } + + switch (new_headset_mode) { + case ALC_HEADSET_MODE_UNPLUGGED: +@@ -3895,6 +3971,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x1028, 0x0608, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x0609, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x0613, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0x1028, 0x0614, "Dell Inspiron 3135", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x0616, "Dell Vostro 5470", ALC290_FIXUP_MONO_SPEAKERS), + SND_PCI_QUIRK(0x1028, 0x15cc, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x15cd, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE), +@@ -4128,6 +4205,9 @@ static int patch_alc269(struct hda_codec *codec) + case 0x10ec0286: + spec->codec_variant = ALC269_TYPE_ALC286; + break; ++ case 0x10ec0255: ++ spec->codec_variant = ALC269_TYPE_ALC255; ++ break; + } + + if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) { +@@ -4842,6 +4922,7 @@ static int patch_alc680(struct hda_codec *codec) + static const struct hda_codec_preset snd_hda_preset_realtek[] = { + { .id = 0x10ec0221, .name = "ALC221", .patch = patch_alc269 }, + { .id = 0x10ec0233, .name = "ALC233", .patch = patch_alc269 }, ++ { .id = 0x10ec0255, .name = "ALC255", .patch = patch_alc269 }, + { .id = 0x10ec0260, .name = "ALC260", .patch = patch_alc260 }, + { .id = 0x10ec0262, .name = "ALC262", .patch = patch_alc262 }, + { .id = 0x10ec0267, .name = "ALC267", .patch = patch_alc268 }, +diff --git a/sound/usb/6fire/chip.c b/sound/usb/6fire/chip.c +index c39c779..66edc4a 100644 +--- a/sound/usb/6fire/chip.c ++++ b/sound/usb/6fire/chip.c +@@ -101,7 +101,7 @@ static int usb6fire_chip_probe(struct usb_interface *intf, + usb_set_intfdata(intf, chips[i]); + mutex_unlock(®ister_mutex); + return 0; +- } else if (regidx < 0) ++ } else if (!devices[i] && regidx < 0) + regidx = i; + } + if (regidx < 0) { +diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c +index 72a130b..c329c8f 100644 +--- a/virt/kvm/iommu.c ++++ b/virt/kvm/iommu.c +@@ -103,6 +103,10 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + while ((gfn << PAGE_SHIFT) & (page_size - 1)) + page_size >>= 1; + ++ /* Make sure hva is aligned to the page size we want to map */ ++ while (__gfn_to_hva_memslot(slot, gfn) & (page_size - 1)) ++ page_size >>= 1; ++ + /* + * Pin all pages we are about to map in memory. This is + * important because we unmap and unpin in 4kb steps later. diff --git a/3.12.1/4420_grsecurity-3.0-3.12.1-201311261522.patch b/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch index 4b0fd79..284b9ed 100644 --- a/3.12.1/4420_grsecurity-3.0-3.12.1-201311261522.patch +++ b/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch @@ -281,7 +281,7 @@ index fcbb736..5508d8c 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index eb29ec7..876409e 100644 +index e6e72b6..570e70a 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3559,7 +3559,7 @@ index 17ca1ae..beba869 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index d9ee0ff..24f224a 100644 +index 3d5db8c..ddfa144 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops { @@ -8120,10 +8120,10 @@ index 9a0d24c..e7fbedf 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index bebdf1a..7a9e095 100644 +index 36d49e6..9147e39d 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -996,7 +996,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -1004,7 +1004,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; @@ -8371,7 +8371,7 @@ index cb8bdbe..d770680 100644 } } diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 3e99c14..f00953c 100644 +index 7ce9cf3..a964087 100644 --- a/arch/powerpc/mm/slice.c +++ b/arch/powerpc/mm/slice.c @@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, @@ -20089,7 +20089,7 @@ index 7d9481c..99c7e4b 100644 .notifier_call = cpuid_class_cpu_callback, }; diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c -index e0e0841..da37e6f 100644 +index 18677a9..f67c45b 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c @@ -58,10 +58,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) @@ -22493,7 +22493,7 @@ index b077f4c..feb26c1 100644 /* * End of kprobes section diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c -index 42a392a..fbbd930 100644 +index d4bdd25..912664c 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c @@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code, @@ -22523,7 +22523,7 @@ index 42a392a..fbbd930 100644 new = ftrace_call_replace(ip, (unsigned long)func); ret = ftrace_modify_code(ip, old, new); } -@@ -279,7 +281,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size) +@@ -291,7 +293,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size) * kernel identity mapping to modify code. */ if (within(ip, (unsigned long)_text, (unsigned long)_etext)) @@ -22532,7 +22532,7 @@ index 42a392a..fbbd930 100644 return probe_kernel_write((void *)ip, val, size); } -@@ -289,7 +291,7 @@ static int add_break(unsigned long ip, const char *old) +@@ -301,7 +303,7 @@ static int add_break(unsigned long ip, const char *old) unsigned char replaced[MCOUNT_INSN_SIZE]; unsigned char brk = BREAKPOINT_INSTRUCTION; @@ -22541,7 +22541,7 @@ index 42a392a..fbbd930 100644 return -EFAULT; /* Make sure it is what we expect it to be */ -@@ -637,7 +639,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code, +@@ -649,7 +651,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code, return ret; fail_update: @@ -22550,7 +22550,7 @@ index 42a392a..fbbd930 100644 goto out; } -@@ -670,6 +672,8 @@ static int ftrace_mod_jmp(unsigned long ip, +@@ -682,6 +684,8 @@ static int ftrace_mod_jmp(unsigned long ip, { unsigned char code[MCOUNT_INSN_SIZE]; @@ -24479,7 +24479,7 @@ index 6c483ba..d10ce2f 100644 static struct dma_map_ops swiotlb_dma_ops = { diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index c83516b..432ad6d 100644 +index 3fb8d95..254dc51 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -36,7 +36,8 @@ @@ -24926,7 +24926,7 @@ index a16bae3..1f65f25 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 7e920bf..cc24446 100644 +index 618ce26..ec7e21c 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -68,6 +68,11 @@ static int __init set_bios_reboot(const struct dmi_system_id *d) @@ -34658,10 +34658,10 @@ index 9515f18..4b149c9 100644 .callback = dmi_disable_osi_vista, .ident = "Fujitsu Siemens", diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index f98dd00..7b69865 100644 +index c7414a5..d5afd71 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c -@@ -992,7 +992,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) +@@ -966,7 +966,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) { int i, count = CPUIDLE_DRIVER_STATE_START; struct acpi_processor_cx *cx; @@ -36406,7 +36406,7 @@ index cc29cd3..d4b058b 100644 static struct asender_cmd asender_tbl[] = { [P_PING] = { 0, got_Ping }, diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 40e7155..df5c79a 100644 +index 2f036ca..68d3f40 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -232,7 +232,7 @@ static int __do_lo_send_write(struct file *file, @@ -44637,7 +44637,7 @@ index fe4c572..99dedfa 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index 6c8a33b..78212fa 100644 +index 66a2db8..70cad04 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c @@ -252,9 +252,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, @@ -45225,7 +45225,7 @@ index 13ec195..6af61af 100644 static ssize_t sony_nc_highspeed_charging_store(struct device *dev, struct device_attribute *attr, diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index 03ca6c1..1ef2ddd 100644 +index 4e86e97..04d50d1 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2091,7 +2091,7 @@ static int hotkey_mask_get(void) @@ -48770,7 +48770,7 @@ index f20a044..d1059aa 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 879651c..87e0131 100644 +index 243c672..8b66fbb 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -48781,7 +48781,7 @@ index 879651c..87e0131 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4435,6 +4436,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4467,6 +4468,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -48824,7 +48824,7 @@ index 82927e1..4993dbf 100644 { struct urb *urb; diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c -index 6d2c8ed..3a794ca 100644 +index ca516ac..6c36ee4 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -236,7 +236,7 @@ static ssize_t urbnum_show(struct device *dev, struct device_attribute *attr, @@ -54804,10 +54804,10 @@ index 5d19acf..9ab093b 100644 return 1; if (a < b) diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c -index 277bd1b..f312c9e 100644 +index 511d415..319d0e5 100644 --- a/fs/configfs/dir.c +++ b/fs/configfs/dir.c -@@ -1546,7 +1546,8 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx) +@@ -1558,7 +1558,8 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx) } for (p = q->next; p != &parent_sd->s_children; p = p->next) { struct configfs_dirent *next; @@ -54817,7 +54817,7 @@ index 277bd1b..f312c9e 100644 int len; struct inode *inode = NULL; -@@ -1555,7 +1556,12 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx) +@@ -1567,7 +1568,12 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx) continue; name = configfs_get_name(next); @@ -54929,34 +54929,18 @@ index 9bdeca1..2247b92 100644 EXPORT_SYMBOL(dump_write); diff --git a/fs/dcache.c b/fs/dcache.c -index ae6ebb8..5977a84 100644 +index 89f9671..5977a84 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -2881,9 +2881,9 @@ static int prepend_path(const struct path *path, - const struct path *root, - char **buffer, int *buflen) - { -- struct dentry *dentry = path->dentry; -- struct vfsmount *vfsmnt = path->mnt; -- struct mount *mnt = real_mount(vfsmnt); -+ struct dentry *dentry; -+ struct vfsmount *vfsmnt; -+ struct mount *mnt; - int error = 0; - unsigned seq = 0; - char *bptr; -@@ -2893,6 +2893,10 @@ static int prepend_path(const struct path *path, +@@ -2893,6 +2893,7 @@ static int prepend_path(const struct path *path, restart: bptr = *buffer; blen = *buflen; + error = 0; -+ dentry = path->dentry; -+ vfsmnt = path->mnt; -+ mnt = real_mount(vfsmnt); - read_seqbegin_or_lock(&rename_lock, &seq); - while (dentry != root->dentry || vfsmnt != root->mnt) { - struct dentry * parent; -@@ -3429,7 +3433,8 @@ void __init vfs_caches_init(unsigned long mempages) + dentry = path->dentry; + vfsmnt = path->mnt; + mnt = real_mount(vfsmnt); +@@ -3432,7 +3433,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -55018,7 +55002,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 8875dd1..c53682a 100644 +index bb8afc1..2f5087e 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,8 +55,20 @@ @@ -55501,7 +55485,7 @@ index 8875dd1..c53682a 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1700,3 +1874,295 @@ asmlinkage long compat_sys_execve(const char __user * filename, +@@ -1706,3 +1880,295 @@ asmlinkage long compat_sys_execve(const char __user * filename, return error; } #endif @@ -57718,10 +57702,10 @@ index b7989f2..1f72ec4 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index ced3257..b5c3b942 100644 +index 968d4c56..54a398d 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1508,7 +1508,7 @@ out: +@@ -1512,7 +1512,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -58644,27 +58628,6 @@ index eda8879..bfc6837 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) -diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c -index cc14cbb..6021bb6 100644 ---- a/fs/nfs/nfs4state.c -+++ b/fs/nfs/nfs4state.c -@@ -1881,10 +1881,15 @@ again: - nfs4_root_machine_cred(clp); - goto again; - } -- if (i > 2) -+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) - break; - case -NFS4ERR_CLID_INUSE: - case -NFS4ERR_WRONGSEC: -+ /* No point in retrying if we already used RPC_AUTH_UNIX */ -+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) { -+ status = -EPERM; -+ break; -+ } - clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX); - if (IS_ERR(clnt)) { - status = PTR_ERR(clnt); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 419572f..5414a23 100644 --- a/fs/nfsd/nfs4proc.c @@ -58679,10 +58642,10 @@ index 419572f..5414a23 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index d9454fe..855c9d1 100644 +index ecc735e..79b2d31 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1498,7 +1498,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1500,7 +1500,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -58691,7 +58654,7 @@ index d9454fe..855c9d1 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1538,7 +1538,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { +@@ -1540,7 +1540,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner, }; @@ -58700,7 +58663,7 @@ index d9454fe..855c9d1 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1600,7 +1600,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { +@@ -1602,7 +1602,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { }; struct nfsd4_minorversion_ops { @@ -58735,10 +58698,10 @@ index 9186c7c..3fdde3e 100644 /* Don't cache excessive amounts of data and XDR failures */ if (!statp || len > (256 >> 2)) { diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index c827acb..b253b77 100644 +index 72cb28e..5b5f87d 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -968,7 +968,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -993,7 +993,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, } else { oldfs = get_fs(); set_fs(KERNEL_DS); @@ -58747,7 +58710,7 @@ index c827acb..b253b77 100644 set_fs(oldfs); } -@@ -1055,7 +1055,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -1080,7 +1080,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, /* Write the data. */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -58756,7 +58719,7 @@ index c827acb..b253b77 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1601,7 +1601,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1626,7 +1626,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -73214,7 +73177,7 @@ index 729a4d1..9b304ae 100644 static inline kuid_t audit_get_loginuid(struct task_struct *tsk) { diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index e8112ae..05b8e7f 100644 +index 7554fd4..0f86379 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -73,8 +73,10 @@ struct linux_binfmt { @@ -77219,7 +77182,7 @@ index 6dacb93..6174423 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index e27baee..aaef421 100644 +index b1e963e..114b8fd 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -62,6 +62,7 @@ struct bio_list; @@ -77259,7 +77222,7 @@ index e27baee..aaef421 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -581,6 +595,17 @@ struct signal_struct { +@@ -585,6 +599,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -77277,7 +77240,7 @@ index e27baee..aaef421 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; unsigned audit_tty_log_passwd; -@@ -661,6 +686,14 @@ struct user_struct { +@@ -665,6 +690,14 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -77292,7 +77255,7 @@ index e27baee..aaef421 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; kuid_t uid; -@@ -1146,8 +1179,8 @@ struct task_struct { +@@ -1150,8 +1183,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -77303,7 +77266,7 @@ index e27baee..aaef421 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1172,11 +1205,6 @@ struct task_struct { +@@ -1176,11 +1209,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -77315,7 +77278,7 @@ index e27baee..aaef421 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1193,6 +1221,10 @@ struct task_struct { +@@ -1197,6 +1225,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -77326,7 +77289,7 @@ index e27baee..aaef421 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1266,6 +1298,10 @@ struct task_struct { +@@ -1270,6 +1302,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -77337,7 +77300,7 @@ index e27baee..aaef421 100644 /* journalling filesystem info */ void *journal_info; -@@ -1304,6 +1340,10 @@ struct task_struct { +@@ -1308,6 +1344,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -77348,7 +77311,7 @@ index e27baee..aaef421 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1407,8 +1447,78 @@ struct task_struct { +@@ -1411,8 +1451,78 @@ struct task_struct { unsigned int sequential_io; unsigned int sequential_io_avg; #endif @@ -77427,7 +77390,7 @@ index e27baee..aaef421 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -1467,7 +1577,7 @@ struct pid_namespace; +@@ -1471,7 +1581,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -77436,7 +77399,7 @@ index e27baee..aaef421 100644 { return tsk->pid; } -@@ -1917,7 +2027,9 @@ void yield(void); +@@ -1921,7 +2031,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -77446,7 +77409,7 @@ index e27baee..aaef421 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -1950,6 +2062,7 @@ extern struct pid_namespace init_pid_ns; +@@ -1954,6 +2066,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -77454,7 +77417,7 @@ index e27baee..aaef421 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2114,7 +2227,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2118,7 +2231,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -77463,7 +77426,7 @@ index e27baee..aaef421 100644 extern int allow_signal(int); extern int disallow_signal(int); -@@ -2305,9 +2418,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2309,9 +2422,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -78076,10 +78039,10 @@ index 7faf933..9b85a0c 100644 #ifdef CONFIG_MAGIC_SYSRQ diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h -index e7e0473..7989295 100644 +index 4ae6f32..425d3e1 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h -@@ -148,6 +148,15 @@ static inline bool test_and_clear_restore_sigmask(void) +@@ -150,6 +150,15 @@ static inline bool test_and_clear_restore_sigmask(void) #error "no set_restore_sigmask() provided and default one won't work" #endif @@ -78259,10 +78222,10 @@ index 99c1b4d..562e6f3 100644 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb.h b/include/linux/usb.h -index 001629c..7c1cc9b 100644 +index 39cfa0a..d45fa38 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -561,7 +561,7 @@ struct usb_device { +@@ -563,7 +563,7 @@ struct usb_device { int maxchild; u32 quirks; @@ -78271,7 +78234,7 @@ index 001629c..7c1cc9b 100644 unsigned long active_duration; -@@ -1635,7 +1635,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, +@@ -1637,7 +1637,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in, extern int usb_control_msg(struct usb_device *dev, unsigned int pipe, __u8 request, __u8 requesttype, __u16 value, __u16 index, @@ -79293,7 +79256,7 @@ index b797e8f..8e2c3aa 100644 /** diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h -index 9031a26..750d592 100644 +index ae6c3b8..fd748ac 100644 --- a/include/sound/compress_driver.h +++ b/include/sound/compress_driver.h @@ -128,7 +128,7 @@ struct snd_compr_ops { @@ -80376,7 +80339,7 @@ index db9d241..bc8427c 100644 sem_params.flg = semflg; sem_params.u.nsems = nsems; diff --git a/ipc/shm.c b/ipc/shm.c -index d697396..5aadb3f 100644 +index 7a51443..3a257d8 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -72,6 +72,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -80394,7 +80357,7 @@ index d697396..5aadb3f 100644 void shm_init_ns(struct ipc_namespace *ns) { ns->shm_ctlmax = SHMMAX; -@@ -551,6 +559,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -554,6 +562,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); @@ -80409,7 +80372,7 @@ index d697396..5aadb3f 100644 shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -604,18 +620,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, +@@ -607,18 +623,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -80434,7 +80397,7 @@ index d697396..5aadb3f 100644 shm_params.key = key; shm_params.flg = shmflg; shm_params.u.size = size; -@@ -1076,6 +1093,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1089,6 +1106,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -80447,7 +80410,7 @@ index d697396..5aadb3f 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1100,10 +1123,23 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1113,6 +1136,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, if (err) goto out_unlock; @@ -80461,7 +80424,9 @@ index d697396..5aadb3f 100644 +#endif + ipc_lock_object(&shp->shm_perm); -+ + + /* check if shm_destroy() is tearing down shp */ +@@ -1125,6 +1157,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, path = shp->shm_file->f_path; path_get(&path); shp->shm_nattch++; @@ -83643,10 +83608,10 @@ index 6631e1e..310c266 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index dd562e9..74fc16d 100644 +index 1f4bcb3..99cf7ab 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -326,7 +326,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -327,7 +327,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; rcu_read_lock(); @@ -83655,7 +83620,7 @@ index dd562e9..74fc16d 100644 flags |= PT_PTRACE_CAP; rcu_read_unlock(); task->ptrace = flags; -@@ -537,7 +537,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -538,7 +538,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -83664,7 +83629,7 @@ index dd562e9..74fc16d 100644 return -EFAULT; copied += retval; src += retval; -@@ -805,7 +805,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -806,7 +806,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -83673,7 +83638,7 @@ index dd562e9..74fc16d 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -1051,14 +1051,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -1052,14 +1052,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -83696,7 +83661,7 @@ index dd562e9..74fc16d 100644 goto out_put_task_struct; } -@@ -1086,7 +1093,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -1087,7 +1094,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -83705,7 +83670,7 @@ index dd562e9..74fc16d 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1180,7 +1187,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, +@@ -1181,7 +1188,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, } asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, @@ -83714,7 +83679,7 @@ index dd562e9..74fc16d 100644 { struct task_struct *child; long ret; -@@ -1196,14 +1203,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1197,14 +1204,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -91107,7 +91072,7 @@ index 4bf8809..98a6914 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index c3eb3d3..022c9fa 100644 +index 96f2169..9111a59 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -207,7 +207,7 @@ struct track { @@ -97002,80 +96967,10 @@ index 09fb638..2e6a5c5 100644 /* make a copy for the caller */ *handle = ctxh; diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 7747960..36d1518 100644 +index 941d19f..c85ff07 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -656,14 +656,16 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client); - /* - * Free an RPC client - */ --static void -+static struct rpc_clnt * - rpc_free_client(struct rpc_clnt *clnt) - { -+ struct rpc_clnt *parent = NULL; -+ - dprintk_rcu("RPC: destroying %s client for %s\n", - clnt->cl_program->name, - rcu_dereference(clnt->cl_xprt)->servername); - if (clnt->cl_parent != clnt) -- rpc_release_client(clnt->cl_parent); -+ parent = clnt->cl_parent; - rpc_clnt_remove_pipedir(clnt); - rpc_unregister_client(clnt); - rpc_free_iostats(clnt->cl_metrics); -@@ -672,18 +674,17 @@ rpc_free_client(struct rpc_clnt *clnt) - rpciod_down(); - rpc_free_clid(clnt); - kfree(clnt); -+ return parent; - } - - /* - * Free an RPC client - */ --static void -+static struct rpc_clnt * - rpc_free_auth(struct rpc_clnt *clnt) - { -- if (clnt->cl_auth == NULL) { -- rpc_free_client(clnt); -- return; -- } -+ if (clnt->cl_auth == NULL) -+ return rpc_free_client(clnt); - - /* - * Note: RPCSEC_GSS may need to send NULL RPC calls in order to -@@ -694,7 +695,8 @@ rpc_free_auth(struct rpc_clnt *clnt) - rpcauth_release(clnt->cl_auth); - clnt->cl_auth = NULL; - if (atomic_dec_and_test(&clnt->cl_count)) -- rpc_free_client(clnt); -+ return rpc_free_client(clnt); -+ return NULL; - } - - /* -@@ -705,10 +707,13 @@ rpc_release_client(struct rpc_clnt *clnt) - { - dprintk("RPC: rpc_release_client(%p)\n", clnt); - -- if (list_empty(&clnt->cl_tasks)) -- wake_up(&destroy_wait); -- if (atomic_dec_and_test(&clnt->cl_count)) -- rpc_free_auth(clnt); -+ do { -+ if (list_empty(&clnt->cl_tasks)) -+ wake_up(&destroy_wait); -+ if (!atomic_dec_and_test(&clnt->cl_count)) -+ break; -+ clnt = rpc_free_auth(clnt); -+ } while (clnt != NULL); - } - EXPORT_SYMBOL_GPL(rpc_release_client); - -@@ -1314,7 +1319,9 @@ call_start(struct rpc_task *task) +@@ -1319,7 +1319,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -97343,110 +97238,6 @@ index 62e4f9b..dd3f2d7 100644 /* See if we can opportunistically reap SQ WR to make room */ sq_cq_reap(xprt); -diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c -index ee03d35..b752e1d 100644 ---- a/net/sunrpc/xprtsock.c -+++ b/net/sunrpc/xprtsock.c -@@ -393,8 +393,10 @@ static int xs_send_kvec(struct socket *sock, struct sockaddr *addr, int addrlen, - return kernel_sendmsg(sock, &msg, NULL, 0, 0); - } - --static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more) -+static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more, bool zerocopy) - { -+ ssize_t (*do_sendpage)(struct socket *sock, struct page *page, -+ int offset, size_t size, int flags); - struct page **ppage; - unsigned int remainder; - int err, sent = 0; -@@ -403,6 +405,9 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i - base += xdr->page_base; - ppage = xdr->pages + (base >> PAGE_SHIFT); - base &= ~PAGE_MASK; -+ do_sendpage = sock->ops->sendpage; -+ if (!zerocopy) -+ do_sendpage = sock_no_sendpage; - for(;;) { - unsigned int len = min_t(unsigned int, PAGE_SIZE - base, remainder); - int flags = XS_SENDMSG_FLAGS; -@@ -410,7 +415,7 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i - remainder -= len; - if (remainder != 0 || more) - flags |= MSG_MORE; -- err = sock->ops->sendpage(sock, *ppage, base, len, flags); -+ err = do_sendpage(sock, *ppage, base, len, flags); - if (remainder == 0 || err != len) - break; - sent += err; -@@ -431,9 +436,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i - * @addrlen: UDP only -- length of destination address - * @xdr: buffer containing this request - * @base: starting position in the buffer -+ * @zerocopy: true if it is safe to use sendpage() - * - */ --static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base) -+static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base, bool zerocopy) - { - unsigned int remainder = xdr->len - base; - int err, sent = 0; -@@ -461,7 +467,7 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, - if (base < xdr->page_len) { - unsigned int len = xdr->page_len - base; - remainder -= len; -- err = xs_send_pagedata(sock, xdr, base, remainder != 0); -+ err = xs_send_pagedata(sock, xdr, base, remainder != 0, zerocopy); - if (remainder == 0 || err != len) - goto out; - sent += err; -@@ -564,7 +570,7 @@ static int xs_local_send_request(struct rpc_task *task) - req->rq_svec->iov_base, req->rq_svec->iov_len); - - status = xs_sendpages(transport->sock, NULL, 0, -- xdr, req->rq_bytes_sent); -+ xdr, req->rq_bytes_sent, true); - dprintk("RPC: %s(%u) = %d\n", - __func__, xdr->len - req->rq_bytes_sent, status); - if (likely(status >= 0)) { -@@ -620,7 +626,7 @@ static int xs_udp_send_request(struct rpc_task *task) - status = xs_sendpages(transport->sock, - xs_addr(xprt), - xprt->addrlen, xdr, -- req->rq_bytes_sent); -+ req->rq_bytes_sent, true); - - dprintk("RPC: xs_udp_send_request(%u) = %d\n", - xdr->len - req->rq_bytes_sent, status); -@@ -693,6 +699,7 @@ static int xs_tcp_send_request(struct rpc_task *task) - struct rpc_xprt *xprt = req->rq_xprt; - struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); - struct xdr_buf *xdr = &req->rq_snd_buf; -+ bool zerocopy = true; - int status; - - xs_encode_stream_record_marker(&req->rq_snd_buf); -@@ -700,13 +707,20 @@ static int xs_tcp_send_request(struct rpc_task *task) - xs_pktdump("packet data:", - req->rq_svec->iov_base, - req->rq_svec->iov_len); -+ /* Don't use zero copy if this is a resend. If the RPC call -+ * completes while the socket holds a reference to the pages, -+ * then we may end up resending corrupted data. -+ */ -+ if (task->tk_flags & RPC_TASK_SENT) -+ zerocopy = false; - - /* Continue transmitting the packet/record. We must be careful - * to cope with writespace callbacks arriving _after_ we have - * called sendmsg(). */ - while (1) { - status = xs_sendpages(transport->sock, -- NULL, 0, xdr, req->rq_bytes_sent); -+ NULL, 0, xdr, req->rq_bytes_sent, -+ zerocopy); - - dprintk("RPC: xs_tcp_send_request(%u) = %d\n", - xdr->len - req->rq_bytes_sent, status); diff --git a/net/sysctl_net.c b/net/sysctl_net.c index e7000be..e3b0ba7 100644 --- a/net/sysctl_net.c @@ -100255,7 +100046,7 @@ index 7d8803a..559f8d0 100644 list_add(&s->list, &cs4297a_devs); diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index 748c6a9..a27725a 100644 +index e938a68..2a728ad 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c @@ -976,14 +976,10 @@ find_codec_preset(struct hda_codec *codec) diff --git a/3.12.1/4425_grsec_remove_EI_PAX.patch b/3.12.2/4425_grsec_remove_EI_PAX.patch index cf65d90..cf65d90 100644 --- a/3.12.1/4425_grsec_remove_EI_PAX.patch +++ b/3.12.2/4425_grsec_remove_EI_PAX.patch diff --git a/3.12.1/4427_force_XATTR_PAX_tmpfs.patch b/3.12.2/4427_force_XATTR_PAX_tmpfs.patch index 23e60cd..23e60cd 100644 --- a/3.12.1/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.12.2/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.12.1/4430_grsec-remove-localversion-grsec.patch b/3.12.2/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.12.1/4430_grsec-remove-localversion-grsec.patch +++ b/3.12.2/4430_grsec-remove-localversion-grsec.patch diff --git a/3.12.1/4435_grsec-mute-warnings.patch b/3.12.2/4435_grsec-mute-warnings.patch index ed941d5..ed941d5 100644 --- a/3.12.1/4435_grsec-mute-warnings.patch +++ b/3.12.2/4435_grsec-mute-warnings.patch diff --git a/3.12.1/4440_grsec-remove-protected-paths.patch b/3.12.2/4440_grsec-remove-protected-paths.patch index 05710b1..05710b1 100644 --- a/3.12.1/4440_grsec-remove-protected-paths.patch +++ b/3.12.2/4440_grsec-remove-protected-paths.patch diff --git a/3.12.1/4450_grsec-kconfig-default-gids.patch b/3.12.2/4450_grsec-kconfig-default-gids.patch index b50114e..b50114e 100644 --- a/3.12.1/4450_grsec-kconfig-default-gids.patch +++ b/3.12.2/4450_grsec-kconfig-default-gids.patch diff --git a/3.12.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch index b26c0b4..b26c0b4 100644 --- a/3.12.1/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.12.1/4470_disable-compat_vdso.patch b/3.12.2/4470_disable-compat_vdso.patch index a9b2b0f..a9b2b0f 100644 --- a/3.12.1/4470_disable-compat_vdso.patch +++ b/3.12.2/4470_disable-compat_vdso.patch diff --git a/3.12.1/4475_emutramp_default_on.patch b/3.12.2/4475_emutramp_default_on.patch index 30f6978..30f6978 100644 --- a/3.12.1/4475_emutramp_default_on.patch +++ b/3.12.2/4475_emutramp_default_on.patch diff --git a/3.2.52/0000_README b/3.2.53/0000_README index 0137c2a..8426af2 100644 --- a/3.2.52/0000_README +++ b/3.2.53/0000_README @@ -62,19 +62,19 @@ Patch: 1035_linux-3.2.36.patch From: http://www.kernel.org Desc: Linux 3.2.36 -Patch: 1036_linux-3.2.37.patch +Patch: 1036_linux-3.2.37.patch From: http://www.kernel.org Desc: Linux 3.2.37 -Patch: 1037_linux-3.2.38.patch +Patch: 1037_linux-3.2.38.patch From: http://www.kernel.org Desc: Linux 3.2.38 -Patch: 1038_linux-3.2.39.patch +Patch: 1038_linux-3.2.39.patch From: http://www.kernel.org Desc: Linux 3.2.39 -Patch: 1039_linux-3.2.40.patch +Patch: 1039_linux-3.2.40.patch From: http://www.kernel.org Desc: Linux 3.2.40 @@ -126,7 +126,11 @@ Patch: 1051_linux-3.2.52.patch From: http://www.kernel.org Desc: Linux 3.2.52 -Patch: 4420_grsecurity-3.0-3.2.52-201311261520.patch +Patch: 1052_linux-3.2.53.patch +From: http://www.kernel.org +Desc: Linux 3.2.53 + +Patch: 4420_grsecurity-3.0-3.2.53-201312011108.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.52/1021_linux-3.2.22.patch b/3.2.53/1021_linux-3.2.22.patch index e6ad93a..e6ad93a 100644 --- a/3.2.52/1021_linux-3.2.22.patch +++ b/3.2.53/1021_linux-3.2.22.patch diff --git a/3.2.52/1022_linux-3.2.23.patch b/3.2.53/1022_linux-3.2.23.patch index 3d796d0..3d796d0 100644 --- a/3.2.52/1022_linux-3.2.23.patch +++ b/3.2.53/1022_linux-3.2.23.patch diff --git a/3.2.52/1023_linux-3.2.24.patch b/3.2.53/1023_linux-3.2.24.patch index 4692eb4..4692eb4 100644 --- a/3.2.52/1023_linux-3.2.24.patch +++ b/3.2.53/1023_linux-3.2.24.patch diff --git a/3.2.52/1024_linux-3.2.25.patch b/3.2.53/1024_linux-3.2.25.patch index e95c213..e95c213 100644 --- a/3.2.52/1024_linux-3.2.25.patch +++ b/3.2.53/1024_linux-3.2.25.patch diff --git a/3.2.52/1025_linux-3.2.26.patch b/3.2.53/1025_linux-3.2.26.patch index 44065b9..44065b9 100644 --- a/3.2.52/1025_linux-3.2.26.patch +++ b/3.2.53/1025_linux-3.2.26.patch diff --git a/3.2.52/1026_linux-3.2.27.patch b/3.2.53/1026_linux-3.2.27.patch index 5878eb4..5878eb4 100644 --- a/3.2.52/1026_linux-3.2.27.patch +++ b/3.2.53/1026_linux-3.2.27.patch diff --git a/3.2.52/1027_linux-3.2.28.patch b/3.2.53/1027_linux-3.2.28.patch index 4dbba4b..4dbba4b 100644 --- a/3.2.52/1027_linux-3.2.28.patch +++ b/3.2.53/1027_linux-3.2.28.patch diff --git a/3.2.52/1028_linux-3.2.29.patch b/3.2.53/1028_linux-3.2.29.patch index 3c65179..3c65179 100644 --- a/3.2.52/1028_linux-3.2.29.patch +++ b/3.2.53/1028_linux-3.2.29.patch diff --git a/3.2.52/1029_linux-3.2.30.patch b/3.2.53/1029_linux-3.2.30.patch index 86aea4b..86aea4b 100644 --- a/3.2.52/1029_linux-3.2.30.patch +++ b/3.2.53/1029_linux-3.2.30.patch diff --git a/3.2.52/1030_linux-3.2.31.patch b/3.2.53/1030_linux-3.2.31.patch index c6accf5..c6accf5 100644 --- a/3.2.52/1030_linux-3.2.31.patch +++ b/3.2.53/1030_linux-3.2.31.patch diff --git a/3.2.52/1031_linux-3.2.32.patch b/3.2.53/1031_linux-3.2.32.patch index 247fc0b..247fc0b 100644 --- a/3.2.52/1031_linux-3.2.32.patch +++ b/3.2.53/1031_linux-3.2.32.patch diff --git a/3.2.52/1032_linux-3.2.33.patch b/3.2.53/1032_linux-3.2.33.patch index c32fb75..c32fb75 100644 --- a/3.2.52/1032_linux-3.2.33.patch +++ b/3.2.53/1032_linux-3.2.33.patch diff --git a/3.2.52/1033_linux-3.2.34.patch b/3.2.53/1033_linux-3.2.34.patch index d647b38..d647b38 100644 --- a/3.2.52/1033_linux-3.2.34.patch +++ b/3.2.53/1033_linux-3.2.34.patch diff --git a/3.2.52/1034_linux-3.2.35.patch b/3.2.53/1034_linux-3.2.35.patch index 76a9c19..76a9c19 100644 --- a/3.2.52/1034_linux-3.2.35.patch +++ b/3.2.53/1034_linux-3.2.35.patch diff --git a/3.2.52/1035_linux-3.2.36.patch b/3.2.53/1035_linux-3.2.36.patch index 5d192a3..5d192a3 100644 --- a/3.2.52/1035_linux-3.2.36.patch +++ b/3.2.53/1035_linux-3.2.36.patch diff --git a/3.2.52/1036_linux-3.2.37.patch b/3.2.53/1036_linux-3.2.37.patch index ad13251..ad13251 100644 --- a/3.2.52/1036_linux-3.2.37.patch +++ b/3.2.53/1036_linux-3.2.37.patch diff --git a/3.2.52/1037_linux-3.2.38.patch b/3.2.53/1037_linux-3.2.38.patch index a3c106f..a3c106f 100644 --- a/3.2.52/1037_linux-3.2.38.patch +++ b/3.2.53/1037_linux-3.2.38.patch diff --git a/3.2.52/1038_linux-3.2.39.patch b/3.2.53/1038_linux-3.2.39.patch index 5639e92..5639e92 100644 --- a/3.2.52/1038_linux-3.2.39.patch +++ b/3.2.53/1038_linux-3.2.39.patch diff --git a/3.2.52/1039_linux-3.2.40.patch b/3.2.53/1039_linux-3.2.40.patch index f26b39c..f26b39c 100644 --- a/3.2.52/1039_linux-3.2.40.patch +++ b/3.2.53/1039_linux-3.2.40.patch diff --git a/3.2.52/1040_linux-3.2.41.patch b/3.2.53/1040_linux-3.2.41.patch index 0d27fcb..0d27fcb 100644 --- a/3.2.52/1040_linux-3.2.41.patch +++ b/3.2.53/1040_linux-3.2.41.patch diff --git a/3.2.52/1041_linux-3.2.42.patch b/3.2.53/1041_linux-3.2.42.patch index 77a08ed..77a08ed 100644 --- a/3.2.52/1041_linux-3.2.42.patch +++ b/3.2.53/1041_linux-3.2.42.patch diff --git a/3.2.52/1042_linux-3.2.43.patch b/3.2.53/1042_linux-3.2.43.patch index a3f878b..a3f878b 100644 --- a/3.2.52/1042_linux-3.2.43.patch +++ b/3.2.53/1042_linux-3.2.43.patch diff --git a/3.2.52/1043_linux-3.2.44.patch b/3.2.53/1043_linux-3.2.44.patch index 3d5e6ff..3d5e6ff 100644 --- a/3.2.52/1043_linux-3.2.44.patch +++ b/3.2.53/1043_linux-3.2.44.patch diff --git a/3.2.52/1044_linux-3.2.45.patch b/3.2.53/1044_linux-3.2.45.patch index 44e1767..44e1767 100644 --- a/3.2.52/1044_linux-3.2.45.patch +++ b/3.2.53/1044_linux-3.2.45.patch diff --git a/3.2.52/1045_linux-3.2.46.patch b/3.2.53/1045_linux-3.2.46.patch index bc10efd..bc10efd 100644 --- a/3.2.52/1045_linux-3.2.46.patch +++ b/3.2.53/1045_linux-3.2.46.patch diff --git a/3.2.52/1046_linux-3.2.47.patch b/3.2.53/1046_linux-3.2.47.patch index b74563c..b74563c 100644 --- a/3.2.52/1046_linux-3.2.47.patch +++ b/3.2.53/1046_linux-3.2.47.patch diff --git a/3.2.52/1047_linux-3.2.48.patch b/3.2.53/1047_linux-3.2.48.patch index 6d55b1f..6d55b1f 100644 --- a/3.2.52/1047_linux-3.2.48.patch +++ b/3.2.53/1047_linux-3.2.48.patch diff --git a/3.2.52/1048_linux-3.2.49.patch b/3.2.53/1048_linux-3.2.49.patch index 2dab0cf..2dab0cf 100644 --- a/3.2.52/1048_linux-3.2.49.patch +++ b/3.2.53/1048_linux-3.2.49.patch diff --git a/3.2.52/1049_linux-3.2.50.patch b/3.2.53/1049_linux-3.2.50.patch index 20b3015..20b3015 100644 --- a/3.2.52/1049_linux-3.2.50.patch +++ b/3.2.53/1049_linux-3.2.50.patch diff --git a/3.2.52/1050_linux-3.2.51.patch b/3.2.53/1050_linux-3.2.51.patch index 5d5832b..5d5832b 100644 --- a/3.2.52/1050_linux-3.2.51.patch +++ b/3.2.53/1050_linux-3.2.51.patch diff --git a/3.2.52/1051_linux-3.2.52.patch b/3.2.53/1051_linux-3.2.52.patch index 94b9359..94b9359 100644 --- a/3.2.52/1051_linux-3.2.52.patch +++ b/3.2.53/1051_linux-3.2.52.patch diff --git a/3.2.53/1052_linux-3.2.53.patch b/3.2.53/1052_linux-3.2.53.patch new file mode 100644 index 0000000..986d714 --- /dev/null +++ b/3.2.53/1052_linux-3.2.53.patch @@ -0,0 +1,3357 @@ +diff --git a/Makefile b/Makefile +index 1dd2c09..90f57dc 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 2 +-SUBLEVEL = 52 ++SUBLEVEL = 53 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/mips/include/asm/jump_label.h b/arch/mips/include/asm/jump_label.h +index 1881b31..b19559c 100644 +--- a/arch/mips/include/asm/jump_label.h ++++ b/arch/mips/include/asm/jump_label.h +@@ -22,7 +22,7 @@ + + static __always_inline bool arch_static_branch(struct jump_label_key *key) + { +- asm goto("1:\tnop\n\t" ++ asm_volatile_goto("1:\tnop\n\t" + "nop\n\t" + ".pushsection __jump_table, \"aw\"\n\t" + WORD_INSN " 1b, %l[l_yes], %0\n\t" +diff --git a/arch/parisc/kernel/head.S b/arch/parisc/kernel/head.S +index 37aabd7..d2d5825 100644 +--- a/arch/parisc/kernel/head.S ++++ b/arch/parisc/kernel/head.S +@@ -195,6 +195,8 @@ common_stext: + ldw MEM_PDC_HI(%r0),%r6 + depd %r6, 31, 32, %r3 /* move to upper word */ + ++ mfctl %cr30,%r6 /* PCX-W2 firmware bug */ ++ + ldo PDC_PSW(%r0),%arg0 /* 21 */ + ldo PDC_PSW_SET_DEFAULTS(%r0),%arg1 /* 2 */ + ldo PDC_PSW_WIDE_BIT(%r0),%arg2 /* 2 */ +@@ -203,6 +205,8 @@ common_stext: + copy %r0,%arg3 + + stext_pdc_ret: ++ mtctl %r6,%cr30 /* restore task thread info */ ++ + /* restore rfi target address*/ + ldd TI_TASK-THREAD_SZ_ALGN(%sp), %r10 + tophys_r1 %r10 +diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c +index f19e660..cd8b02f 100644 +--- a/arch/parisc/kernel/traps.c ++++ b/arch/parisc/kernel/traps.c +@@ -811,14 +811,14 @@ void notrace handle_interruption(int code, struct pt_regs *regs) + else { + + /* +- * The kernel should never fault on its own address space. ++ * The kernel should never fault on its own address space, ++ * unless pagefault_disable() was called before. + */ + +- if (fault_space == 0) ++ if (fault_space == 0 && !in_atomic()) + { + pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC); + parisc_terminate("Kernel Fault", regs, code, fault_address); +- + } + } + +diff --git a/arch/powerpc/include/asm/jump_label.h b/arch/powerpc/include/asm/jump_label.h +index 938986e..ee33888 100644 +--- a/arch/powerpc/include/asm/jump_label.h ++++ b/arch/powerpc/include/asm/jump_label.h +@@ -19,7 +19,7 @@ + + static __always_inline bool arch_static_branch(struct jump_label_key *key) + { +- asm goto("1:\n\t" ++ asm_volatile_goto("1:\n\t" + "nop\n\t" + ".pushsection __jump_table, \"aw\"\n\t" + JUMP_ENTRY_TYPE "1b, %l[l_yes], %c0\n\t" +diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S +index 5e8dc08..e3b3cf9 100644 +--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S ++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S +@@ -922,7 +922,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206) + BEGIN_FTR_SECTION + mfspr r8, SPRN_DSCR + ld r7, HSTATE_DSCR(r13) +- std r8, VCPU_DSCR(r7) ++ std r8, VCPU_DSCR(r9) + mtspr SPRN_DSCR, r7 + END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206) + +diff --git a/arch/s390/include/asm/jump_label.h b/arch/s390/include/asm/jump_label.h +index 95a6cf2..8512d0a 100644 +--- a/arch/s390/include/asm/jump_label.h ++++ b/arch/s390/include/asm/jump_label.h +@@ -15,7 +15,7 @@ + + static __always_inline bool arch_static_branch(struct jump_label_key *key) + { +- asm goto("0: brcl 0,0\n" ++ asm_volatile_goto("0: brcl 0,0\n" + ".pushsection __jump_table, \"aw\"\n" + ASM_ALIGN "\n" + ASM_PTR " 0b, %l[label], %0\n" +diff --git a/arch/sparc/include/asm/jump_label.h b/arch/sparc/include/asm/jump_label.h +index fc73a82..e17b65b 100644 +--- a/arch/sparc/include/asm/jump_label.h ++++ b/arch/sparc/include/asm/jump_label.h +@@ -9,7 +9,7 @@ + + static __always_inline bool arch_static_branch(struct jump_label_key *key) + { +- asm goto("1:\n\t" ++ asm_volatile_goto("1:\n\t" + "nop\n\t" + "nop\n\t" + ".pushsection __jump_table, \"aw\"\n\t" +diff --git a/arch/tile/include/asm/percpu.h b/arch/tile/include/asm/percpu.h +index 63294f5..4f7ae39 100644 +--- a/arch/tile/include/asm/percpu.h ++++ b/arch/tile/include/asm/percpu.h +@@ -15,9 +15,37 @@ + #ifndef _ASM_TILE_PERCPU_H + #define _ASM_TILE_PERCPU_H + +-register unsigned long __my_cpu_offset __asm__("tp"); +-#define __my_cpu_offset __my_cpu_offset +-#define set_my_cpu_offset(tp) (__my_cpu_offset = (tp)) ++register unsigned long my_cpu_offset_reg asm("tp"); ++ ++#ifdef CONFIG_PREEMPT ++/* ++ * For full preemption, we can't just use the register variable ++ * directly, since we need barrier() to hazard against it, causing the ++ * compiler to reload anything computed from a previous "tp" value. ++ * But we also don't want to use volatile asm, since we'd like the ++ * compiler to be able to cache the value across multiple percpu reads. ++ * So we use a fake stack read as a hazard against barrier(). ++ * The 'U' constraint is like 'm' but disallows postincrement. ++ */ ++static inline unsigned long __my_cpu_offset(void) ++{ ++ unsigned long tp; ++ register unsigned long *sp asm("sp"); ++ asm("move %0, tp" : "=r" (tp) : "U" (*sp)); ++ return tp; ++} ++#define __my_cpu_offset __my_cpu_offset() ++#else ++/* ++ * We don't need to hazard against barrier() since "tp" doesn't ever ++ * change with PREEMPT_NONE, and with PREEMPT_VOLUNTARY it only ++ * changes at function call points, at which we are already re-reading ++ * the value of "tp" due to "my_cpu_offset_reg" being a global variable. ++ */ ++#define __my_cpu_offset my_cpu_offset_reg ++#endif ++ ++#define set_my_cpu_offset(tp) (my_cpu_offset_reg = (tp)) + + #include <asm-generic/percpu.h> + +diff --git a/arch/um/kernel/exitcode.c b/arch/um/kernel/exitcode.c +index 829df49..41ebbfe 100644 +--- a/arch/um/kernel/exitcode.c ++++ b/arch/um/kernel/exitcode.c +@@ -40,9 +40,11 @@ static ssize_t exitcode_proc_write(struct file *file, + const char __user *buffer, size_t count, loff_t *pos) + { + char *end, buf[sizeof("nnnnn\0")]; ++ size_t size; + int tmp; + +- if (copy_from_user(buf, buffer, count)) ++ size = min(count, sizeof(buf)); ++ if (copy_from_user(buf, buffer, size)) + return -EFAULT; + + tmp = simple_strtol(buf, &end, 0); +diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h +index 0c3b775..a315f1c 100644 +--- a/arch/x86/include/asm/cpufeature.h ++++ b/arch/x86/include/asm/cpufeature.h +@@ -334,7 +334,7 @@ extern const char * const x86_power_flags[32]; + static __always_inline __pure bool __static_cpu_has(u16 bit) + { + #if __GNUC__ > 4 || __GNUC_MINOR__ >= 5 +- asm goto("1: jmp %l[t_no]\n" ++ asm_volatile_goto("1: jmp %l[t_no]\n" + "2:\n" + ".section .altinstructions,\"a\"\n" + " .long 1b - .\n" +diff --git a/arch/x86/include/asm/jump_label.h b/arch/x86/include/asm/jump_label.h +index a32b18c..e12c1bc 100644 +--- a/arch/x86/include/asm/jump_label.h ++++ b/arch/x86/include/asm/jump_label.h +@@ -13,7 +13,7 @@ + + static __always_inline bool arch_static_branch(struct jump_label_key *key) + { +- asm goto("1:" ++ asm_volatile_goto("1:" + JUMP_LABEL_INITIAL_NOP + ".pushsection __jump_table, \"aw\" \n\t" + _ASM_ALIGN "\n\t" +diff --git a/arch/xtensa/kernel/signal.c b/arch/xtensa/kernel/signal.c +index f2220b5..cf3e9cb 100644 +--- a/arch/xtensa/kernel/signal.c ++++ b/arch/xtensa/kernel/signal.c +@@ -346,7 +346,7 @@ static void setup_frame(int sig, struct k_sigaction *ka, siginfo_t *info, + + sp = regs->areg[1]; + +- if ((ka->sa.sa_flags & SA_ONSTACK) != 0 && ! on_sig_stack(sp)) { ++ if ((ka->sa.sa_flags & SA_ONSTACK) != 0 && sas_ss_flags(sp) == 0) { + sp = current->sas_ss_sp + current->sas_ss_size; + } + +diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c +index aea627e..7d1a478 100644 +--- a/drivers/ata/libata-eh.c ++++ b/drivers/ata/libata-eh.c +@@ -1286,14 +1286,14 @@ void ata_eh_qc_complete(struct ata_queued_cmd *qc) + * should be retried. To be used from EH. + * + * SCSI midlayer limits the number of retries to scmd->allowed. +- * scmd->retries is decremented for commands which get retried ++ * scmd->allowed is incremented for commands which get retried + * due to unrelated failures (qc->err_mask is zero). + */ + void ata_eh_qc_retry(struct ata_queued_cmd *qc) + { + struct scsi_cmnd *scmd = qc->scsicmd; +- if (!qc->err_mask && scmd->retries) +- scmd->retries--; ++ if (!qc->err_mask) ++ scmd->allowed++; + __ata_eh_qc_complete(qc); + } + +diff --git a/drivers/char/random.c b/drivers/char/random.c +index b651733..c244f0e 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -668,7 +668,7 @@ static void set_timer_rand_state(unsigned int irq, + */ + void add_device_randomness(const void *buf, unsigned int size) + { +- unsigned long time = get_cycles() ^ jiffies; ++ unsigned long time = random_get_entropy() ^ jiffies; + + mix_pool_bytes(&input_pool, buf, size, NULL); + mix_pool_bytes(&input_pool, &time, sizeof(time), NULL); +@@ -705,7 +705,7 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num) + goto out; + + sample.jiffies = jiffies; +- sample.cycles = get_cycles(); ++ sample.cycles = random_get_entropy(); + sample.num = num; + mix_pool_bytes(&input_pool, &sample, sizeof(sample), NULL); + +@@ -772,7 +772,7 @@ void add_interrupt_randomness(int irq, int irq_flags) + struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness); + struct pt_regs *regs = get_irq_regs(); + unsigned long now = jiffies; +- __u32 input[4], cycles = get_cycles(); ++ __u32 input[4], cycles = random_get_entropy(); + + input[0] = cycles ^ jiffies; + input[1] = irq; +@@ -1480,12 +1480,11 @@ ctl_table random_table[] = { + + static u32 random_int_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned; + +-static int __init random_int_secret_init(void) ++int random_int_secret_init(void) + { + get_random_bytes(random_int_secret, sizeof(random_int_secret)); + return 0; + } +-late_initcall(random_int_secret_init); + + /* + * Get a random word for internal kernel use only. Similar to urandom but +@@ -1504,7 +1503,7 @@ unsigned int get_random_int(void) + + hash = get_cpu_var(get_random_int_hash); + +- hash[0] += current->pid + jiffies + get_cycles(); ++ hash[0] += current->pid + jiffies + random_get_entropy(); + md5_transform(hash, random_int_secret); + ret = hash[0]; + put_cpu_var(get_random_int_hash); +diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c +index 46bbf43..66d5384 100644 +--- a/drivers/connector/cn_proc.c ++++ b/drivers/connector/cn_proc.c +@@ -64,6 +64,7 @@ void proc_fork_connector(struct task_struct *task) + + msg = (struct cn_msg*)buffer; + ev = (struct proc_event*)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + get_seq(&msg->seq, &ev->cpu); + ktime_get_ts(&ts); /* get high res monotonic timestamp */ + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); +@@ -79,6 +80,7 @@ void proc_fork_connector(struct task_struct *task) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = 0; /* not used */ + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + /* If cn_netlink_send() failed, the data is not sent */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } +@@ -95,6 +97,7 @@ void proc_exec_connector(struct task_struct *task) + + msg = (struct cn_msg*)buffer; + ev = (struct proc_event*)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + get_seq(&msg->seq, &ev->cpu); + ktime_get_ts(&ts); /* get high res monotonic timestamp */ + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); +@@ -105,6 +108,7 @@ void proc_exec_connector(struct task_struct *task) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = 0; /* not used */ + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } + +@@ -121,6 +125,7 @@ void proc_id_connector(struct task_struct *task, int which_id) + + msg = (struct cn_msg*)buffer; + ev = (struct proc_event*)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + ev->what = which_id; + ev->event_data.id.process_pid = task->pid; + ev->event_data.id.process_tgid = task->tgid; +@@ -144,6 +149,7 @@ void proc_id_connector(struct task_struct *task, int which_id) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = 0; /* not used */ + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } + +@@ -159,6 +165,7 @@ void proc_sid_connector(struct task_struct *task) + + msg = (struct cn_msg *)buffer; + ev = (struct proc_event *)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + get_seq(&msg->seq, &ev->cpu); + ktime_get_ts(&ts); /* get high res monotonic timestamp */ + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); +@@ -169,6 +176,7 @@ void proc_sid_connector(struct task_struct *task) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = 0; /* not used */ + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } + +@@ -184,6 +192,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id) + + msg = (struct cn_msg *)buffer; + ev = (struct proc_event *)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + get_seq(&msg->seq, &ev->cpu); + ktime_get_ts(&ts); /* get high res monotonic timestamp */ + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); +@@ -202,6 +211,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = 0; /* not used */ + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } + +@@ -217,6 +227,7 @@ void proc_comm_connector(struct task_struct *task) + + msg = (struct cn_msg *)buffer; + ev = (struct proc_event *)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + get_seq(&msg->seq, &ev->cpu); + ktime_get_ts(&ts); /* get high res monotonic timestamp */ + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); +@@ -228,6 +239,7 @@ void proc_comm_connector(struct task_struct *task) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = 0; /* not used */ + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } + +@@ -243,6 +255,7 @@ void proc_exit_connector(struct task_struct *task) + + msg = (struct cn_msg*)buffer; + ev = (struct proc_event*)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + get_seq(&msg->seq, &ev->cpu); + ktime_get_ts(&ts); /* get high res monotonic timestamp */ + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); +@@ -255,6 +268,7 @@ void proc_exit_connector(struct task_struct *task) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = 0; /* not used */ + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } + +@@ -278,6 +292,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) + + msg = (struct cn_msg*)buffer; + ev = (struct proc_event*)msg->data; ++ memset(&ev->event_data, 0, sizeof(ev->event_data)); + msg->seq = rcvd_seq; + ktime_get_ts(&ts); /* get high res monotonic timestamp */ + put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); +@@ -287,6 +302,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) + memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); + msg->ack = rcvd_ack + 1; + msg->len = sizeof(*ev); ++ msg->flags = 0; /* not used */ + cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); + } + +diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c +index dde6a0f..ea6efe8 100644 +--- a/drivers/connector/connector.c ++++ b/drivers/connector/connector.c +@@ -157,17 +157,18 @@ static int cn_call_callback(struct sk_buff *skb) + static void cn_rx_skb(struct sk_buff *__skb) + { + struct nlmsghdr *nlh; +- int err; + struct sk_buff *skb; ++ int len, err; + + skb = skb_get(__skb); + + if (skb->len >= NLMSG_SPACE(0)) { + nlh = nlmsg_hdr(skb); ++ len = nlmsg_len(nlh); + +- if (nlh->nlmsg_len < sizeof(struct cn_msg) || ++ if (len < (int)sizeof(struct cn_msg) || + skb->len < nlh->nlmsg_len || +- nlh->nlmsg_len > CONNECTOR_MAX_MSG_SIZE) { ++ len > CONNECTOR_MAX_MSG_SIZE) { + kfree_skb(skb); + return; + } +diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c +index 40c187c..acfe567 100644 +--- a/drivers/gpu/drm/drm_drv.c ++++ b/drivers/gpu/drm/drm_drv.c +@@ -408,9 +408,16 @@ long drm_ioctl(struct file *filp, + asize = drv_size; + } + else if ((nr >= DRM_COMMAND_END) || (nr < DRM_COMMAND_BASE)) { ++ u32 drv_size; ++ + ioctl = &drm_ioctls[nr]; +- cmd = ioctl->cmd; ++ ++ drv_size = _IOC_SIZE(ioctl->cmd); + usize = asize = _IOC_SIZE(cmd); ++ if (drv_size > asize) ++ asize = drv_size; ++ ++ cmd = ioctl->cmd; + } else + goto err_i1; + +diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c +index 3171294..475a275 100644 +--- a/drivers/gpu/drm/radeon/atombios_encoders.c ++++ b/drivers/gpu/drm/radeon/atombios_encoders.c +@@ -1390,7 +1390,7 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode) + * does the same thing and more. + */ + if ((rdev->family != CHIP_RV710) && (rdev->family != CHIP_RV730) && +- (rdev->family != CHIP_RS880)) ++ (rdev->family != CHIP_RS780) && (rdev->family != CHIP_RS880)) + atombios_dig_transmitter_setup(encoder, ATOM_TRANSMITTER_ACTION_ENABLE_OUTPUT, 0, 0); + } + if (ENCODER_MODE_IS_DP(atombios_get_encoder_mode(encoder)) && connector) { +diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c +index a68057a..5efba47 100644 +--- a/drivers/gpu/drm/radeon/evergreen.c ++++ b/drivers/gpu/drm/radeon/evergreen.c +@@ -1797,7 +1797,7 @@ static void evergreen_gpu_init(struct radeon_device *rdev) + rdev->config.evergreen.sx_max_export_size = 256; + rdev->config.evergreen.sx_max_export_pos_size = 64; + rdev->config.evergreen.sx_max_export_smx_size = 192; +- rdev->config.evergreen.max_hw_contexts = 8; ++ rdev->config.evergreen.max_hw_contexts = 4; + rdev->config.evergreen.sq_num_cf_insts = 2; + + rdev->config.evergreen.sc_prim_fifo_size = 0x40; +diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c +index 30cac58..0b86d47 100644 +--- a/drivers/hwmon/applesmc.c ++++ b/drivers/hwmon/applesmc.c +@@ -212,6 +212,7 @@ static int send_argument(const char *key) + + static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len) + { ++ u8 status, data = 0; + int i; + + if (send_command(cmd) || send_argument(key)) { +@@ -219,6 +220,7 @@ static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len) + return -EIO; + } + ++ /* This has no effect on newer (2012) SMCs */ + outb(len, APPLESMC_DATA_PORT); + + for (i = 0; i < len; i++) { +@@ -229,6 +231,17 @@ static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len) + buffer[i] = inb(APPLESMC_DATA_PORT); + } + ++ /* Read the data port until bit0 is cleared */ ++ for (i = 0; i < 16; i++) { ++ udelay(APPLESMC_MIN_WAIT); ++ status = inb(APPLESMC_CMD_PORT); ++ if (!(status & 0x01)) ++ break; ++ data = inb(APPLESMC_DATA_PORT); ++ } ++ if (i) ++ pr_warn("flushed %d bytes, last value is: %d\n", i, data); ++ + return 0; + } + +diff --git a/drivers/md/dm-snap-persistent.c b/drivers/md/dm-snap-persistent.c +index 3ac4156..75c182b 100644 +--- a/drivers/md/dm-snap-persistent.c ++++ b/drivers/md/dm-snap-persistent.c +@@ -269,6 +269,14 @@ static chunk_t area_location(struct pstore *ps, chunk_t area) + return NUM_SNAPSHOT_HDR_CHUNKS + ((ps->exceptions_per_area + 1) * area); + } + ++static void skip_metadata(struct pstore *ps) ++{ ++ uint32_t stride = ps->exceptions_per_area + 1; ++ chunk_t next_free = ps->next_free; ++ if (sector_div(next_free, stride) == NUM_SNAPSHOT_HDR_CHUNKS) ++ ps->next_free++; ++} ++ + /* + * Read or write a metadata area. Remembering to skip the first + * chunk which holds the header. +@@ -502,6 +510,8 @@ static int read_exceptions(struct pstore *ps, + + ps->current_area--; + ++ skip_metadata(ps); ++ + return 0; + } + +@@ -616,8 +626,6 @@ static int persistent_prepare_exception(struct dm_exception_store *store, + struct dm_exception *e) + { + struct pstore *ps = get_info(store); +- uint32_t stride; +- chunk_t next_free; + sector_t size = get_dev_size(dm_snap_cow(store->snap)->bdev); + + /* Is there enough room ? */ +@@ -630,10 +638,8 @@ static int persistent_prepare_exception(struct dm_exception_store *store, + * Move onto the next free pending, making sure to take + * into account the location of the metadata chunks. + */ +- stride = (ps->exceptions_per_area + 1); +- next_free = ++ps->next_free; +- if (sector_div(next_free, stride) == 1) +- ps->next_free++; ++ ps->next_free++; ++ skip_metadata(ps); + + atomic_inc(&ps->pending_count); + return 0; +diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c +index a319057..de87f82 100644 +--- a/drivers/net/can/dev.c ++++ b/drivers/net/can/dev.c +@@ -658,14 +658,14 @@ static size_t can_get_size(const struct net_device *dev) + size_t size; + + size = nla_total_size(sizeof(u32)); /* IFLA_CAN_STATE */ +- size += sizeof(struct can_ctrlmode); /* IFLA_CAN_CTRLMODE */ ++ size += nla_total_size(sizeof(struct can_ctrlmode)); /* IFLA_CAN_CTRLMODE */ + size += nla_total_size(sizeof(u32)); /* IFLA_CAN_RESTART_MS */ +- size += sizeof(struct can_bittiming); /* IFLA_CAN_BITTIMING */ +- size += sizeof(struct can_clock); /* IFLA_CAN_CLOCK */ ++ size += nla_total_size(sizeof(struct can_bittiming)); /* IFLA_CAN_BITTIMING */ ++ size += nla_total_size(sizeof(struct can_clock)); /* IFLA_CAN_CLOCK */ + if (priv->do_get_berr_counter) /* IFLA_CAN_BERR_COUNTER */ +- size += sizeof(struct can_berr_counter); ++ size += nla_total_size(sizeof(struct can_berr_counter)); + if (priv->bittiming_const) /* IFLA_CAN_BITTIMING_CONST */ +- size += sizeof(struct can_bittiming_const); ++ size += nla_total_size(sizeof(struct can_bittiming_const)); + + return size; + } +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +index 4c50ac0..bbb6692 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c +@@ -516,6 +516,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp, + if (!bnx2x_fill_frag_skb(bp, fp, queue, skb, cqe, cqe_idx)) { + if (tpa_info->parsing_flags & PARSING_FLAGS_VLAN) + __vlan_hwaccel_put_tag(skb, tpa_info->vlan_tag); ++ skb_record_rx_queue(skb, fp->index); + napi_gro_receive(&fp->napi, skb); + } else { + DP(NETIF_MSG_RX_STATUS, "Failed to allocate new pages" +diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c +index 4236b82..4aa830f 100644 +--- a/drivers/net/ethernet/realtek/8139cp.c ++++ b/drivers/net/ethernet/realtek/8139cp.c +@@ -1234,6 +1234,7 @@ static void cp_tx_timeout(struct net_device *dev) + cp_clean_rings(cp); + rc = cp_init_rings(cp); + cp_start_hw(cp); ++ cp_enable_irq(cp); + + netif_wake_queue(dev); + +diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c +index fd8115e..10668eb 100644 +--- a/drivers/net/ethernet/ti/davinci_emac.c ++++ b/drivers/net/ethernet/ti/davinci_emac.c +@@ -873,8 +873,7 @@ static void emac_dev_mcast_set(struct net_device *ndev) + netdev_mc_count(ndev) > EMAC_DEF_MAX_MULTICAST_ADDRESSES) { + mbp_enable = (mbp_enable | EMAC_MBP_RXMCAST); + emac_add_mcast(priv, EMAC_ALL_MULTI_SET, NULL); +- } +- if (!netdev_mc_empty(ndev)) { ++ } else if (!netdev_mc_empty(ndev)) { + struct netdev_hw_addr *ha; + + mbp_enable = (mbp_enable | EMAC_MBP_RXMCAST); +diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c +index ebb9f24..7a4c491 100644 +--- a/drivers/net/wan/farsync.c ++++ b/drivers/net/wan/farsync.c +@@ -1972,6 +1972,7 @@ fst_get_iface(struct fst_card_info *card, struct fst_port_info *port, + } + + i = port->index; ++ memset(&sync, 0, sizeof(sync)); + sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed); + /* Lucky card and linux use same encoding here */ + sync.clock_type = FST_RDB(card, portConfig[i].internalClock) == +diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c +index 44b7071..c643d77 100644 +--- a/drivers/net/wan/wanxl.c ++++ b/drivers/net/wan/wanxl.c +@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + ifr->ifr_settings.size = size; /* data size wanted */ + return -ENOBUFS; + } ++ memset(&line, 0, sizeof(line)); + line.clock_type = get_status(port)->clocking; + line.clock_rate = 0; + line.loopback = 0; +diff --git a/drivers/net/wireless/iwlwifi/iwl-2000.c b/drivers/net/wireless/iwlwifi/iwl-2000.c +index a97a52a..408477d 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-2000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-2000.c +@@ -270,11 +270,6 @@ struct iwl_cfg iwl2000_2bgn_cfg = { + .ht_params = &iwl2000_ht_params, + }; + +-struct iwl_cfg iwl2000_2bg_cfg = { +- .name = "2000 Series 2x2 BG", +- IWL_DEVICE_2000, +-}; +- + struct iwl_cfg iwl2000_2bgn_d_cfg = { + .name = "2000D Series 2x2 BGN", + IWL_DEVICE_2000, +@@ -304,11 +299,6 @@ struct iwl_cfg iwl2030_2bgn_cfg = { + .ht_params = &iwl2000_ht_params, + }; + +-struct iwl_cfg iwl2030_2bg_cfg = { +- .name = "2000 Series 2x2 BG/BT", +- IWL_DEVICE_2030, +-}; +- + #define IWL_DEVICE_105 \ + .fw_name_pre = IWL105_FW_PRE, \ + .ucode_api_max = IWL105_UCODE_API_MAX, \ +@@ -326,11 +316,6 @@ struct iwl_cfg iwl2030_2bg_cfg = { + .rx_with_siso_diversity = true, \ + .iq_invert = true \ + +-struct iwl_cfg iwl105_bg_cfg = { +- .name = "105 Series 1x1 BG", +- IWL_DEVICE_105, +-}; +- + struct iwl_cfg iwl105_bgn_cfg = { + .name = "105 Series 1x1 BGN", + IWL_DEVICE_105, +@@ -361,11 +346,6 @@ struct iwl_cfg iwl105_bgn_d_cfg = { + .rx_with_siso_diversity = true, \ + .iq_invert = true \ + +-struct iwl_cfg iwl135_bg_cfg = { +- .name = "135 Series 1x1 BG/BT", +- IWL_DEVICE_135, +-}; +- + struct iwl_cfg iwl135_bgn_cfg = { + .name = "135 Series 1x1 BGN/BT", + IWL_DEVICE_135, +diff --git a/drivers/net/wireless/iwlwifi/iwl-6000.c b/drivers/net/wireless/iwlwifi/iwl-6000.c +index 4ac4ef0..e1a43c4 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-6000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-6000.c +@@ -411,6 +411,17 @@ struct iwl_cfg iwl6005_2agn_d_cfg = { + .ht_params = &iwl6000_ht_params, + }; + ++struct iwl_cfg iwl6005_2agn_mow1_cfg = { ++ .name = "Intel(R) Centrino(R) Advanced-N 6206 AGN", ++ IWL_DEVICE_6005, ++ .ht_params = &iwl6000_ht_params, ++}; ++struct iwl_cfg iwl6005_2agn_mow2_cfg = { ++ .name = "Intel(R) Centrino(R) Advanced-N 6207 AGN", ++ IWL_DEVICE_6005, ++ .ht_params = &iwl6000_ht_params, ++}; ++ + #define IWL_DEVICE_6030 \ + .fw_name_pre = IWL6030_FW_PRE, \ + .ucode_api_max = IWL6000G2_UCODE_API_MAX, \ +@@ -469,14 +480,10 @@ struct iwl_cfg iwl6035_2agn_cfg = { + .ht_params = &iwl6000_ht_params, + }; + +-struct iwl_cfg iwl6035_2abg_cfg = { +- .name = "6035 Series 2x2 ABG/BT", +- IWL_DEVICE_6030, +-}; +- +-struct iwl_cfg iwl6035_2bg_cfg = { +- .name = "6035 Series 2x2 BG/BT", +- IWL_DEVICE_6030, ++struct iwl_cfg iwl6035_2agn_sff_cfg = { ++ .name = "Intel(R) Centrino(R) Ultimate-N 6235 AGN", ++ IWL_DEVICE_6035, ++ .ht_params = &iwl6000_ht_params, + }; + + struct iwl_cfg iwl1030_bgn_cfg = { +diff --git a/drivers/net/wireless/iwlwifi/iwl-cfg.h b/drivers/net/wireless/iwlwifi/iwl-cfg.h +index 2a2dc45..e786497 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-cfg.h ++++ b/drivers/net/wireless/iwlwifi/iwl-cfg.h +@@ -80,6 +80,8 @@ extern struct iwl_cfg iwl6005_2abg_cfg; + extern struct iwl_cfg iwl6005_2bg_cfg; + extern struct iwl_cfg iwl6005_2agn_sff_cfg; + extern struct iwl_cfg iwl6005_2agn_d_cfg; ++extern struct iwl_cfg iwl6005_2agn_mow1_cfg; ++extern struct iwl_cfg iwl6005_2agn_mow2_cfg; + extern struct iwl_cfg iwl1030_bgn_cfg; + extern struct iwl_cfg iwl1030_bg_cfg; + extern struct iwl_cfg iwl6030_2agn_cfg; +@@ -101,17 +103,12 @@ extern struct iwl_cfg iwl100_bg_cfg; + extern struct iwl_cfg iwl130_bgn_cfg; + extern struct iwl_cfg iwl130_bg_cfg; + extern struct iwl_cfg iwl2000_2bgn_cfg; +-extern struct iwl_cfg iwl2000_2bg_cfg; + extern struct iwl_cfg iwl2000_2bgn_d_cfg; + extern struct iwl_cfg iwl2030_2bgn_cfg; +-extern struct iwl_cfg iwl2030_2bg_cfg; + extern struct iwl_cfg iwl6035_2agn_cfg; +-extern struct iwl_cfg iwl6035_2abg_cfg; +-extern struct iwl_cfg iwl6035_2bg_cfg; +-extern struct iwl_cfg iwl105_bg_cfg; ++extern struct iwl_cfg iwl6035_2agn_sff_cfg; + extern struct iwl_cfg iwl105_bgn_cfg; + extern struct iwl_cfg iwl105_bgn_d_cfg; +-extern struct iwl_cfg iwl135_bg_cfg; + extern struct iwl_cfg iwl135_bgn_cfg; + + #endif /* __iwl_pci_h__ */ +diff --git a/drivers/net/wireless/iwlwifi/iwl-pci.c b/drivers/net/wireless/iwlwifi/iwl-pci.c +index 346dc9b..62a0f81 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-pci.c ++++ b/drivers/net/wireless/iwlwifi/iwl-pci.c +@@ -236,13 +236,16 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = { + + /* 6x00 Series */ + {IWL_PCI_DEVICE(0x422B, 0x1101, iwl6000_3agn_cfg)}, ++ {IWL_PCI_DEVICE(0x422B, 0x1108, iwl6000_3agn_cfg)}, + {IWL_PCI_DEVICE(0x422B, 0x1121, iwl6000_3agn_cfg)}, ++ {IWL_PCI_DEVICE(0x422B, 0x1128, iwl6000_3agn_cfg)}, + {IWL_PCI_DEVICE(0x422C, 0x1301, iwl6000i_2agn_cfg)}, + {IWL_PCI_DEVICE(0x422C, 0x1306, iwl6000i_2abg_cfg)}, + {IWL_PCI_DEVICE(0x422C, 0x1307, iwl6000i_2bg_cfg)}, + {IWL_PCI_DEVICE(0x422C, 0x1321, iwl6000i_2agn_cfg)}, + {IWL_PCI_DEVICE(0x422C, 0x1326, iwl6000i_2abg_cfg)}, + {IWL_PCI_DEVICE(0x4238, 0x1111, iwl6000_3agn_cfg)}, ++ {IWL_PCI_DEVICE(0x4238, 0x1118, iwl6000_3agn_cfg)}, + {IWL_PCI_DEVICE(0x4239, 0x1311, iwl6000i_2agn_cfg)}, + {IWL_PCI_DEVICE(0x4239, 0x1316, iwl6000i_2abg_cfg)}, + +@@ -250,13 +253,19 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = { + {IWL_PCI_DEVICE(0x0082, 0x1301, iwl6005_2agn_cfg)}, + {IWL_PCI_DEVICE(0x0082, 0x1306, iwl6005_2abg_cfg)}, + {IWL_PCI_DEVICE(0x0082, 0x1307, iwl6005_2bg_cfg)}, ++ {IWL_PCI_DEVICE(0x0082, 0x1308, iwl6005_2agn_cfg)}, + {IWL_PCI_DEVICE(0x0082, 0x1321, iwl6005_2agn_cfg)}, + {IWL_PCI_DEVICE(0x0082, 0x1326, iwl6005_2abg_cfg)}, ++ {IWL_PCI_DEVICE(0x0082, 0x1328, iwl6005_2agn_cfg)}, + {IWL_PCI_DEVICE(0x0085, 0x1311, iwl6005_2agn_cfg)}, ++ {IWL_PCI_DEVICE(0x0085, 0x1318, iwl6005_2agn_cfg)}, + {IWL_PCI_DEVICE(0x0085, 0x1316, iwl6005_2abg_cfg)}, + {IWL_PCI_DEVICE(0x0082, 0xC020, iwl6005_2agn_sff_cfg)}, + {IWL_PCI_DEVICE(0x0085, 0xC220, iwl6005_2agn_sff_cfg)}, +- {IWL_PCI_DEVICE(0x0082, 0x1341, iwl6005_2agn_d_cfg)}, ++ {IWL_PCI_DEVICE(0x0085, 0xC228, iwl6005_2agn_sff_cfg)}, ++ {IWL_PCI_DEVICE(0x0082, 0x4820, iwl6005_2agn_d_cfg)}, ++ {IWL_PCI_DEVICE(0x0082, 0x1304, iwl6005_2agn_mow1_cfg)},/* low 5GHz active */ ++ {IWL_PCI_DEVICE(0x0082, 0x1305, iwl6005_2agn_mow2_cfg)},/* high 5GHz active */ + + /* 6x30 Series */ + {IWL_PCI_DEVICE(0x008A, 0x5305, iwl1030_bgn_cfg)}, +@@ -326,46 +335,33 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = { + {IWL_PCI_DEVICE(0x0890, 0x4022, iwl2000_2bgn_cfg)}, + {IWL_PCI_DEVICE(0x0891, 0x4222, iwl2000_2bgn_cfg)}, + {IWL_PCI_DEVICE(0x0890, 0x4422, iwl2000_2bgn_cfg)}, +- {IWL_PCI_DEVICE(0x0890, 0x4026, iwl2000_2bg_cfg)}, +- {IWL_PCI_DEVICE(0x0891, 0x4226, iwl2000_2bg_cfg)}, +- {IWL_PCI_DEVICE(0x0890, 0x4426, iwl2000_2bg_cfg)}, + {IWL_PCI_DEVICE(0x0890, 0x4822, iwl2000_2bgn_d_cfg)}, + + /* 2x30 Series */ + {IWL_PCI_DEVICE(0x0887, 0x4062, iwl2030_2bgn_cfg)}, + {IWL_PCI_DEVICE(0x0888, 0x4262, iwl2030_2bgn_cfg)}, + {IWL_PCI_DEVICE(0x0887, 0x4462, iwl2030_2bgn_cfg)}, +- {IWL_PCI_DEVICE(0x0887, 0x4066, iwl2030_2bg_cfg)}, +- {IWL_PCI_DEVICE(0x0888, 0x4266, iwl2030_2bg_cfg)}, +- {IWL_PCI_DEVICE(0x0887, 0x4466, iwl2030_2bg_cfg)}, + + /* 6x35 Series */ + {IWL_PCI_DEVICE(0x088E, 0x4060, iwl6035_2agn_cfg)}, ++ {IWL_PCI_DEVICE(0x088E, 0x406A, iwl6035_2agn_sff_cfg)}, + {IWL_PCI_DEVICE(0x088F, 0x4260, iwl6035_2agn_cfg)}, ++ {IWL_PCI_DEVICE(0x088F, 0x426A, iwl6035_2agn_sff_cfg)}, + {IWL_PCI_DEVICE(0x088E, 0x4460, iwl6035_2agn_cfg)}, +- {IWL_PCI_DEVICE(0x088E, 0x4064, iwl6035_2abg_cfg)}, +- {IWL_PCI_DEVICE(0x088F, 0x4264, iwl6035_2abg_cfg)}, +- {IWL_PCI_DEVICE(0x088E, 0x4464, iwl6035_2abg_cfg)}, +- {IWL_PCI_DEVICE(0x088E, 0x4066, iwl6035_2bg_cfg)}, +- {IWL_PCI_DEVICE(0x088F, 0x4266, iwl6035_2bg_cfg)}, +- {IWL_PCI_DEVICE(0x088E, 0x4466, iwl6035_2bg_cfg)}, ++ {IWL_PCI_DEVICE(0x088E, 0x446A, iwl6035_2agn_sff_cfg)}, ++ {IWL_PCI_DEVICE(0x088E, 0x4860, iwl6035_2agn_cfg)}, ++ {IWL_PCI_DEVICE(0x088F, 0x5260, iwl6035_2agn_cfg)}, + + /* 105 Series */ + {IWL_PCI_DEVICE(0x0894, 0x0022, iwl105_bgn_cfg)}, + {IWL_PCI_DEVICE(0x0895, 0x0222, iwl105_bgn_cfg)}, + {IWL_PCI_DEVICE(0x0894, 0x0422, iwl105_bgn_cfg)}, +- {IWL_PCI_DEVICE(0x0894, 0x0026, iwl105_bg_cfg)}, +- {IWL_PCI_DEVICE(0x0895, 0x0226, iwl105_bg_cfg)}, +- {IWL_PCI_DEVICE(0x0894, 0x0426, iwl105_bg_cfg)}, + {IWL_PCI_DEVICE(0x0894, 0x0822, iwl105_bgn_d_cfg)}, + + /* 135 Series */ + {IWL_PCI_DEVICE(0x0892, 0x0062, iwl135_bgn_cfg)}, + {IWL_PCI_DEVICE(0x0893, 0x0262, iwl135_bgn_cfg)}, + {IWL_PCI_DEVICE(0x0892, 0x0462, iwl135_bgn_cfg)}, +- {IWL_PCI_DEVICE(0x0892, 0x0066, iwl135_bg_cfg)}, +- {IWL_PCI_DEVICE(0x0893, 0x0266, iwl135_bg_cfg)}, +- {IWL_PCI_DEVICE(0x0892, 0x0466, iwl135_bg_cfg)}, + + {0} + }; +diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c b/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c +index bc33b14..a7e1a2c 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c ++++ b/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c +@@ -343,7 +343,8 @@ bool rtl92cu_rx_query_desc(struct ieee80211_hw *hw, + (bool)GET_RX_DESC_PAGGR(pdesc)); + rx_status->mactime = GET_RX_DESC_TSFL(pdesc); + if (phystatus) { +- p_drvinfo = (struct rx_fwinfo_92c *)(pdesc + RTL_RX_DESC_SIZE); ++ p_drvinfo = (struct rx_fwinfo_92c *)(skb->data + ++ stats->rx_bufshift); + rtl92c_translate_rx_signal_stuff(hw, skb, stats, pdesc, + p_drvinfo); + } +diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h +index 9d7f172..093bf0a 100644 +--- a/drivers/net/xen-netback/common.h ++++ b/drivers/net/xen-netback/common.h +@@ -88,6 +88,7 @@ struct xenvif { + unsigned long credit_usec; + unsigned long remaining_credit; + struct timer_list credit_timeout; ++ u64 credit_window_start; + + /* Statistics */ + unsigned long rx_gso_checksum_fixup; +diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c +index 8eaf0e2..2cb9c92 100644 +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -272,8 +272,7 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid, + vif->credit_bytes = vif->remaining_credit = ~0UL; + vif->credit_usec = 0UL; + init_timer(&vif->credit_timeout); +- /* Initialize 'expires' now: it's used to track the credit window. */ +- vif->credit_timeout.expires = jiffies; ++ vif->credit_window_start = get_jiffies_64(); + + dev->netdev_ops = &xenvif_netdev_ops; + dev->hw_features = NETIF_F_SG | NETIF_F_IP_CSUM | NETIF_F_TSO; +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index fd2b92d..9a4626c 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -1365,9 +1365,8 @@ out: + + static bool tx_credit_exceeded(struct xenvif *vif, unsigned size) + { +- unsigned long now = jiffies; +- unsigned long next_credit = +- vif->credit_timeout.expires + ++ u64 now = get_jiffies_64(); ++ u64 next_credit = vif->credit_window_start + + msecs_to_jiffies(vif->credit_usec / 1000); + + /* Timer could already be pending in rare cases. */ +@@ -1375,8 +1374,8 @@ static bool tx_credit_exceeded(struct xenvif *vif, unsigned size) + return true; + + /* Passed the point where we can replenish credit? */ +- if (time_after_eq(now, next_credit)) { +- vif->credit_timeout.expires = now; ++ if (time_after_eq64(now, next_credit)) { ++ vif->credit_window_start = now; + tx_add_credit(vif); + } + +@@ -1388,6 +1387,7 @@ static bool tx_credit_exceeded(struct xenvif *vif, unsigned size) + tx_credit_callback; + mod_timer(&vif->credit_timeout, + next_credit); ++ vif->credit_window_start = next_credit; + + return true; + } +diff --git a/drivers/pci/setup-res.c b/drivers/pci/setup-res.c +index 8b25f9c..41f08e5 100644 +--- a/drivers/pci/setup-res.c ++++ b/drivers/pci/setup-res.c +@@ -188,7 +188,8 @@ static int pci_revert_fw_address(struct resource *res, struct pci_dev *dev, + return ret; + } + +-static int _pci_assign_resource(struct pci_dev *dev, int resno, int size, resource_size_t min_align) ++static int _pci_assign_resource(struct pci_dev *dev, int resno, ++ resource_size_t size, resource_size_t min_align) + { + struct resource *res = dev->resource + resno; + struct pci_bus *bus; +diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c +index 705e13e..2e658d2 100644 +--- a/drivers/scsi/aacraid/linit.c ++++ b/drivers/scsi/aacraid/linit.c +@@ -771,6 +771,8 @@ static long aac_compat_do_ioctl(struct aac_dev *dev, unsigned cmd, unsigned long + static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg) + { + struct aac_dev *dev = (struct aac_dev *)sdev->host->hostdata; ++ if (!capable(CAP_SYS_RAWIO)) ++ return -EPERM; + return aac_compat_do_ioctl(dev, cmd, (unsigned long)arg); + } + +diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c +index 2fa658e..391b768 100644 +--- a/drivers/staging/bcm/Bcmchar.c ++++ b/drivers/staging/bcm/Bcmchar.c +@@ -1932,6 +1932,7 @@ cntrlEnd: + + BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Called IOCTL_BCM_GET_DEVICE_DRIVER_INFO\n"); + ++ memset(&DevInfo, 0, sizeof(DevInfo)); + DevInfo.MaxRDMBufferSize = BUFFER_4K; + DevInfo.u32DSDStartOffset = EEPROM_CALPARAM_START; + DevInfo.u32RxAlignmentCorrection = 0; +diff --git a/drivers/staging/wlags49_h2/wl_priv.c b/drivers/staging/wlags49_h2/wl_priv.c +index 260d4f0..b3d2e17 100644 +--- a/drivers/staging/wlags49_h2/wl_priv.c ++++ b/drivers/staging/wlags49_h2/wl_priv.c +@@ -570,6 +570,7 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp ) + ltv_t *pLtv; + bool_t ltvAllocated = FALSE; + ENCSTRCT sEncryption; ++ size_t len; + + #ifdef USE_WDS + hcf_16 hcfPort = HCF_PORT_0; +@@ -686,7 +687,8 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp ) + break; + case CFG_CNF_OWN_NAME: + memset( lp->StationName, 0, sizeof( lp->StationName )); +- memcpy( (void *)lp->StationName, (void *)&pLtv->u.u8[2], (size_t)pLtv->u.u16[0]); ++ len = min_t(size_t, pLtv->u.u16[0], sizeof(lp->StationName)); ++ strlcpy(lp->StationName, &pLtv->u.u8[2], len); + pLtv->u.u16[0] = CNV_INT_TO_LITTLE( pLtv->u.u16[0] ); + break; + case CFG_CNF_LOAD_BALANCING: +@@ -1800,6 +1802,7 @@ int wvlan_set_station_nickname(struct net_device *dev, + { + struct wl_private *lp = wl_priv(dev); + unsigned long flags; ++ size_t len; + int ret = 0; + /*------------------------------------------------------------------------*/ + +@@ -1810,8 +1813,8 @@ int wvlan_set_station_nickname(struct net_device *dev, + wl_lock(lp, &flags); + + memset( lp->StationName, 0, sizeof( lp->StationName )); +- +- memcpy( lp->StationName, extra, wrqu->data.length); ++ len = min_t(size_t, wrqu->data.length, sizeof(lp->StationName)); ++ strlcpy(lp->StationName, extra, len); + + /* Commit the adapter parameters */ + wl_apply( lp ); +diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c +index d197b3e..e1a4994 100644 +--- a/drivers/staging/zram/zram_drv.c ++++ b/drivers/staging/zram/zram_drv.c +@@ -553,7 +553,7 @@ static inline int valid_io_request(struct zram *zram, struct bio *bio) + end = start + (bio->bi_size >> SECTOR_SHIFT); + bound = zram->disksize >> SECTOR_SHIFT; + /* out of range range */ +- if (unlikely(start >= bound || end >= bound || start > end)) ++ if (unlikely(start >= bound || end > bound || start > end)) + return 0; + + /* I/O request is valid */ +diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c +index 5c12137..e813227 100644 +--- a/drivers/target/target_core_pscsi.c ++++ b/drivers/target/target_core_pscsi.c +@@ -129,10 +129,10 @@ static int pscsi_pmode_enable_hba(struct se_hba *hba, unsigned long mode_flag) + * pSCSI Host ID and enable for phba mode + */ + sh = scsi_host_lookup(phv->phv_host_id); +- if (IS_ERR(sh)) { ++ if (!sh) { + pr_err("pSCSI: Unable to locate SCSI Host for" + " phv_host_id: %d\n", phv->phv_host_id); +- return PTR_ERR(sh); ++ return -EINVAL; + } + + phv->phv_lld_host = sh; +@@ -564,10 +564,10 @@ static struct se_device *pscsi_create_virtdevice( + sh = phv->phv_lld_host; + } else { + sh = scsi_host_lookup(pdv->pdv_host_id); +- if (IS_ERR(sh)) { ++ if (!sh) { + pr_err("pSCSI: Unable to locate" + " pdv_host_id: %d\n", pdv->pdv_host_id); +- return ERR_CAST(sh); ++ return ERR_PTR(-EINVAL); + } + } + } else { +diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c +index a783d53..af57648 100644 +--- a/drivers/uio/uio.c ++++ b/drivers/uio/uio.c +@@ -650,16 +650,28 @@ static int uio_mmap_physical(struct vm_area_struct *vma) + { + struct uio_device *idev = vma->vm_private_data; + int mi = uio_find_mem_index(vma); ++ struct uio_mem *mem; + if (mi < 0) + return -EINVAL; ++ mem = idev->info->mem + mi; + +- vma->vm_flags |= VM_IO | VM_RESERVED; ++ if (vma->vm_end - vma->vm_start > mem->size) ++ return -EINVAL; + + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); + ++ /* ++ * We cannot use the vm_iomap_memory() helper here, ++ * because vma->vm_pgoff is the map index we looked ++ * up above in uio_find_mem_index(), rather than an ++ * actual page offset into the mmap. ++ * ++ * So we just do the physical mmap without a page ++ * offset. ++ */ + return remap_pfn_range(vma, + vma->vm_start, +- idev->info->mem[mi].addr >> PAGE_SHIFT, ++ mem->addr >> PAGE_SHIFT, + vma->vm_end - vma->vm_start, + vma->vm_page_prot); + } +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index f52182d..bcde6f6 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -97,6 +97,9 @@ static const struct usb_device_id usb_quirk_list[] = { + /* Alcor Micro Corp. Hub */ + { USB_DEVICE(0x058f, 0x9254), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* MicroTouch Systems touchscreen */ ++ { USB_DEVICE(0x0596, 0x051e), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* appletouch */ + { USB_DEVICE(0x05ac, 0x021a), .driver_info = USB_QUIRK_RESET_RESUME }, + +@@ -130,6 +133,9 @@ static const struct usb_device_id usb_quirk_list[] = { + /* Broadcom BCM92035DGROM BT dongle */ + { USB_DEVICE(0x0a5c, 0x2021), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* MAYA44USB sound device */ ++ { USB_DEVICE(0x0a92, 0x0091), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* Action Semiconductor flash disk */ + { USB_DEVICE(0x10d6, 0x2200), .driver_info = + USB_QUIRK_STRING_FETCH_255 }, +diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c +index 24107a7..107e6b4 100644 +--- a/drivers/usb/host/xhci-hub.c ++++ b/drivers/usb/host/xhci-hub.c +@@ -1007,20 +1007,6 @@ int xhci_bus_suspend(struct usb_hcd *hcd) + t1 = xhci_port_state_to_neutral(t1); + if (t1 != t2) + xhci_writel(xhci, t2, port_array[port_index]); +- +- if (hcd->speed != HCD_USB3) { +- /* enable remote wake up for USB 2.0 */ +- __le32 __iomem *addr; +- u32 tmp; +- +- /* Add one to the port status register address to get +- * the port power control register address. +- */ +- addr = port_array[port_index] + 1; +- tmp = xhci_readl(xhci, addr); +- tmp |= PORT_RWE; +- xhci_writel(xhci, tmp, addr); +- } + } + hcd->state = HC_STATE_SUSPENDED; + bus_state->next_statechange = jiffies + msecs_to_jiffies(10); +@@ -1099,20 +1085,6 @@ int xhci_bus_resume(struct usb_hcd *hcd) + xhci_ring_device(xhci, slot_id); + } else + xhci_writel(xhci, temp, port_array[port_index]); +- +- if (hcd->speed != HCD_USB3) { +- /* disable remote wake up for USB 2.0 */ +- __le32 __iomem *addr; +- u32 tmp; +- +- /* Add one to the port status register address to get +- * the port power control register address. +- */ +- addr = port_array[port_index] + 1; +- tmp = xhci_readl(xhci, addr); +- tmp &= ~PORT_RWE; +- xhci_writel(xhci, tmp, addr); +- } + } + + (void) xhci_readl(xhci, &xhci->op_regs->command); +diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c +index 61b0668..827f933 100644 +--- a/drivers/usb/host/xhci-pci.c ++++ b/drivers/usb/host/xhci-pci.c +@@ -34,6 +34,9 @@ + #define PCI_VENDOR_ID_ETRON 0x1b6f + #define PCI_DEVICE_ID_ASROCK_P67 0x7023 + ++#define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31 ++#define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31 ++ + static const char hcd_name[] = "xhci_hcd"; + + /* called after powerup, by probe or system-pm "wakeup" */ +@@ -67,6 +70,14 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) + xhci_dbg(xhci, "QUIRK: Fresco Logic xHC needs configure" + " endpoint cmd after reset endpoint\n"); + } ++ if (pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_PDK && ++ pdev->revision == 0x4) { ++ xhci->quirks |= XHCI_SLOW_SUSPEND; ++ xhci_dbg(xhci, ++ "QUIRK: Fresco Logic xHC revision %u" ++ "must be suspended extra slowly", ++ pdev->revision); ++ } + /* Fresco Logic confirms: all revisions of this chip do not + * support MSI, even though some of them claim to in their PCI + * capabilities. +@@ -103,6 +114,15 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) + xhci->quirks |= XHCI_SPURIOUS_REBOOT; + xhci->quirks |= XHCI_AVOID_BEI; + } ++ if (pdev->vendor == PCI_VENDOR_ID_INTEL && ++ (pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI || ++ pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI)) { ++ /* Workaround for occasional spurious wakeups from S5 (or ++ * any other sleep) on Haswell machines with LPT and LPT-LP ++ * with the new Intel BIOS ++ */ ++ xhci->quirks |= XHCI_SPURIOUS_WAKEUP; ++ } + if (pdev->vendor == PCI_VENDOR_ID_ETRON && + pdev->device == PCI_DEVICE_ID_ASROCK_P67) { + xhci->quirks |= XHCI_RESET_ON_RESUME; +@@ -202,6 +222,11 @@ static void xhci_pci_remove(struct pci_dev *dev) + usb_put_hcd(xhci->shared_hcd); + } + usb_hcd_pci_remove(dev); ++ ++ /* Workaround for spurious wakeups at shutdown with HSW */ ++ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) ++ pci_set_power_state(dev, PCI_D3hot); ++ + kfree(xhci); + } + +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c +index 629aa74..03c35da 100644 +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -763,12 +763,19 @@ void xhci_shutdown(struct usb_hcd *hcd) + + spin_lock_irq(&xhci->lock); + xhci_halt(xhci); ++ /* Workaround for spurious wakeups at shutdown with HSW */ ++ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) ++ xhci_reset(xhci); + spin_unlock_irq(&xhci->lock); + + xhci_cleanup_msix(xhci); + + xhci_dbg(xhci, "xhci_shutdown completed - status = %x\n", + xhci_readl(xhci, &xhci->op_regs->status)); ++ ++ /* Yet another workaround for spurious wakeups at shutdown with HSW */ ++ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) ++ pci_set_power_state(to_pci_dev(hcd->self.controller), PCI_D3hot); + } + + #ifdef CONFIG_PM +@@ -869,6 +876,7 @@ static void xhci_clear_command_ring(struct xhci_hcd *xhci) + int xhci_suspend(struct xhci_hcd *xhci) + { + int rc = 0; ++ unsigned int delay = XHCI_MAX_HALT_USEC; + struct usb_hcd *hcd = xhci_to_hcd(xhci); + u32 command; + +@@ -887,8 +895,12 @@ int xhci_suspend(struct xhci_hcd *xhci) + command = xhci_readl(xhci, &xhci->op_regs->command); + command &= ~CMD_RUN; + xhci_writel(xhci, command, &xhci->op_regs->command); ++ ++ /* Some chips from Fresco Logic need an extraordinary delay */ ++ delay *= (xhci->quirks & XHCI_SLOW_SUSPEND) ? 10 : 1; ++ + if (handshake(xhci, &xhci->op_regs->status, +- STS_HALT, STS_HALT, XHCI_MAX_HALT_USEC)) { ++ STS_HALT, STS_HALT, delay)) { + xhci_warn(xhci, "WARN: xHC CMD_RUN timeout\n"); + spin_unlock_irq(&xhci->lock); + return -ETIMEDOUT; +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h +index 8b4cce45..cf4fd24 100644 +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -1493,6 +1493,8 @@ struct xhci_hcd { + #define XHCI_SPURIOUS_REBOOT (1 << 13) + #define XHCI_COMP_MODE_QUIRK (1 << 14) + #define XHCI_AVOID_BEI (1 << 15) ++#define XHCI_SLOW_SUSPEND (1 << 17) ++#define XHCI_SPURIOUS_WAKEUP (1 << 18) + unsigned int num_active_eps; + unsigned int limit_active_eps; + /* There are two roothubs to keep track of bus suspend info for */ +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index 536c4ad..d8ace82 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -457,6 +457,10 @@ static void option_instat_callback(struct urb *urb); + #define CHANGHONG_VENDOR_ID 0x2077 + #define CHANGHONG_PRODUCT_CH690 0x7001 + ++/* Inovia */ ++#define INOVIA_VENDOR_ID 0x20a6 ++#define INOVIA_SEW858 0x1105 ++ + /* some devices interfaces need special handling due to a number of reasons */ + enum option_blacklist_reason { + OPTION_BLACKLIST_NONE = 0, +@@ -703,6 +707,222 @@ static const struct usb_device_id option_ids[] = { + { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x02, 0x7A) }, + { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x02, 0x7B) }, + { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x02, 0x7C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x01) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x02) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x03) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x04) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x05) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x06) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x10) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x12) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x13) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x14) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x15) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x17) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x18) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x19) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x1A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x1B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x1C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x31) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x32) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x33) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x34) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x35) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x36) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x48) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x49) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x4A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x4B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x4C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x61) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x62) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x63) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x64) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x65) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x66) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x78) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x79) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x7A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x7B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x7C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x01) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x02) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x03) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x04) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x05) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x06) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x10) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x12) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x13) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x14) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x15) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x17) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x18) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x19) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x1A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x1B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x1C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x31) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x32) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x33) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x34) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x35) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x36) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x48) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x49) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x4A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x4B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x4C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x61) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x62) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x63) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x64) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x65) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x66) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x78) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x79) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x7A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x7B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x7C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x01) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x02) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x03) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x04) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x05) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x06) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x10) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x12) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x13) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x14) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x15) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x17) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x18) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x19) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x1A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x1B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x1C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x31) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x32) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x33) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x34) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x35) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x36) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x48) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x49) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x4A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x4B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x4C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x61) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x62) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x63) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x64) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x65) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x66) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x78) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x79) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x7A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x7B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x7C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x01) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x02) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x03) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x04) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x05) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x06) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x10) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x12) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x13) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x14) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x15) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x17) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x18) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x19) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x1A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x1B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x1C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x31) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x32) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x33) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x34) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x35) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x36) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x48) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x49) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x4A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x4B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x4C) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x61) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x62) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x63) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x64) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x65) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x66) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6D) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6E) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6F) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x78) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x79) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x7A) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x7B) }, ++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x7C) }, + + + { USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V640) }, +@@ -1279,7 +1499,9 @@ static const struct usb_device_id option_ids[] = { + + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) }, + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) }, +- { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200) }, ++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200), ++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist ++ }, + { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */ + { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/ + { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM600) }, +@@ -1367,6 +1589,7 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) }, + { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */ + { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */ ++ { USB_DEVICE(INOVIA_VENDOR_ID, INOVIA_SEW858) }, + { } /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(usb, option_ids); +diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c +index 649cb35..1be8b5d 100644 +--- a/drivers/video/au1100fb.c ++++ b/drivers/video/au1100fb.c +@@ -387,39 +387,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle) + int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma) + { + struct au1100fb_device *fbdev; +- unsigned int len; +- unsigned long start=0, off; + + fbdev = to_au1100fb_device(fbi); + +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) { +- return -EINVAL; +- } +- +- start = fbdev->fb_phys & PAGE_MASK; +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len); +- +- off = vma->vm_pgoff << PAGE_SHIFT; +- +- if ((vma->vm_end - vma->vm_start + off) > len) { +- return -EINVAL; +- } +- +- off += start; +- vma->vm_pgoff = off >> PAGE_SHIFT; +- + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); + pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6 + +- vma->vm_flags |= VM_IO; +- +- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, +- vma->vm_end - vma->vm_start, +- vma->vm_page_prot)) { +- return -EAGAIN; +- } +- +- return 0; ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len); + } + + static struct fb_ops au1100fb_ops = +diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c +index 7200559..5bd7d88 100644 +--- a/drivers/video/au1200fb.c ++++ b/drivers/video/au1200fb.c +@@ -1216,38 +1216,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi) + * method mainly to allow the use of the TLB streaming flag (CCA=6) + */ + static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma) +- + { +- unsigned int len; +- unsigned long start=0, off; + struct au1200fb_device *fbdev = info->par; + +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) { +- return -EINVAL; +- } +- +- start = fbdev->fb_phys & PAGE_MASK; +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len); +- +- off = vma->vm_pgoff << PAGE_SHIFT; +- +- if ((vma->vm_end - vma->vm_start + off) > len) { +- return -EINVAL; +- } +- +- off += start; +- vma->vm_pgoff = off >> PAGE_SHIFT; +- + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); + pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */ + +- vma->vm_flags |= VM_IO; +- +- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, +- vma->vm_end - vma->vm_start, +- vma->vm_page_prot); +- +- return 0; ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len); + } + + static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata) +diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c +index ac1ad48..5ce56e7 100644 +--- a/fs/ecryptfs/keystore.c ++++ b/fs/ecryptfs/keystore.c +@@ -1151,7 +1151,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, + struct ecryptfs_msg_ctx *msg_ctx; + struct ecryptfs_message *msg = NULL; + char *auth_tok_sig; +- char *payload; ++ char *payload = NULL; + size_t payload_len; + int rc; + +@@ -1206,6 +1206,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, + out: + if (msg) + kfree(msg); ++ kfree(payload); + return rc; + } + +diff --git a/fs/ext3/dir.c b/fs/ext3/dir.c +index 34f0a07..3268697 100644 +--- a/fs/ext3/dir.c ++++ b/fs/ext3/dir.c +@@ -25,6 +25,7 @@ + #include <linux/jbd.h> + #include <linux/ext3_fs.h> + #include <linux/buffer_head.h> ++#include <linux/compat.h> + #include <linux/slab.h> + #include <linux/rbtree.h> + +@@ -32,24 +33,8 @@ static unsigned char ext3_filetype_table[] = { + DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK, DT_FIFO, DT_SOCK, DT_LNK + }; + +-static int ext3_readdir(struct file *, void *, filldir_t); + static int ext3_dx_readdir(struct file * filp, + void * dirent, filldir_t filldir); +-static int ext3_release_dir (struct inode * inode, +- struct file * filp); +- +-const struct file_operations ext3_dir_operations = { +- .llseek = generic_file_llseek, +- .read = generic_read_dir, +- .readdir = ext3_readdir, /* we take BKL. needed?*/ +- .unlocked_ioctl = ext3_ioctl, +-#ifdef CONFIG_COMPAT +- .compat_ioctl = ext3_compat_ioctl, +-#endif +- .fsync = ext3_sync_file, /* BKL held */ +- .release = ext3_release_dir, +-}; +- + + static unsigned char get_dtype(struct super_block *sb, int filetype) + { +@@ -60,6 +45,25 @@ static unsigned char get_dtype(struct super_block *sb, int filetype) + return (ext3_filetype_table[filetype]); + } + ++/** ++ * Check if the given dir-inode refers to an htree-indexed directory ++ * (or a directory which chould potentially get coverted to use htree ++ * indexing). ++ * ++ * Return 1 if it is a dx dir, 0 if not ++ */ ++static int is_dx_dir(struct inode *inode) ++{ ++ struct super_block *sb = inode->i_sb; ++ ++ if (EXT3_HAS_COMPAT_FEATURE(inode->i_sb, ++ EXT3_FEATURE_COMPAT_DIR_INDEX) && ++ ((EXT3_I(inode)->i_flags & EXT3_INDEX_FL) || ++ ((inode->i_size >> sb->s_blocksize_bits) == 1))) ++ return 1; ++ ++ return 0; ++} + + int ext3_check_dir_entry (const char * function, struct inode * dir, + struct ext3_dir_entry_2 * de, +@@ -99,18 +103,13 @@ static int ext3_readdir(struct file * filp, + unsigned long offset; + int i, stored; + struct ext3_dir_entry_2 *de; +- struct super_block *sb; + int err; + struct inode *inode = filp->f_path.dentry->d_inode; ++ struct super_block *sb = inode->i_sb; + int ret = 0; + int dir_has_error = 0; + +- sb = inode->i_sb; +- +- if (EXT3_HAS_COMPAT_FEATURE(inode->i_sb, +- EXT3_FEATURE_COMPAT_DIR_INDEX) && +- ((EXT3_I(inode)->i_flags & EXT3_INDEX_FL) || +- ((inode->i_size >> sb->s_blocksize_bits) == 1))) { ++ if (is_dx_dir(inode)) { + err = ext3_dx_readdir(filp, dirent, filldir); + if (err != ERR_BAD_DX_DIR) { + ret = err; +@@ -232,22 +231,87 @@ out: + return ret; + } + ++static inline int is_32bit_api(void) ++{ ++#ifdef CONFIG_COMPAT ++ return is_compat_task(); ++#else ++ return (BITS_PER_LONG == 32); ++#endif ++} ++ + /* + * These functions convert from the major/minor hash to an f_pos +- * value. ++ * value for dx directories + * +- * Currently we only use major hash numer. This is unfortunate, but +- * on 32-bit machines, the same VFS interface is used for lseek and +- * llseek, so if we use the 64 bit offset, then the 32-bit versions of +- * lseek/telldir/seekdir will blow out spectacularly, and from within +- * the ext2 low-level routine, we don't know if we're being called by +- * a 64-bit version of the system call or the 32-bit version of the +- * system call. Worse yet, NFSv2 only allows for a 32-bit readdir +- * cookie. Sigh. ++ * Upper layer (for example NFS) should specify FMODE_32BITHASH or ++ * FMODE_64BITHASH explicitly. On the other hand, we allow ext3 to be mounted ++ * directly on both 32-bit and 64-bit nodes, under such case, neither ++ * FMODE_32BITHASH nor FMODE_64BITHASH is specified. + */ +-#define hash2pos(major, minor) (major >> 1) +-#define pos2maj_hash(pos) ((pos << 1) & 0xffffffff) +-#define pos2min_hash(pos) (0) ++static inline loff_t hash2pos(struct file *filp, __u32 major, __u32 minor) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return major >> 1; ++ else ++ return ((__u64)(major >> 1) << 32) | (__u64)minor; ++} ++ ++static inline __u32 pos2maj_hash(struct file *filp, loff_t pos) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return (pos << 1) & 0xffffffff; ++ else ++ return ((pos >> 32) << 1) & 0xffffffff; ++} ++ ++static inline __u32 pos2min_hash(struct file *filp, loff_t pos) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return 0; ++ else ++ return pos & 0xffffffff; ++} ++ ++/* ++ * Return 32- or 64-bit end-of-file for dx directories ++ */ ++static inline loff_t ext3_get_htree_eof(struct file *filp) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return EXT3_HTREE_EOF_32BIT; ++ else ++ return EXT3_HTREE_EOF_64BIT; ++} ++ ++ ++/* ++ * ext3_dir_llseek() calls generic_file_llseek[_size]() to handle both ++ * non-htree and htree directories, where the "offset" is in terms ++ * of the filename hash value instead of the byte offset. ++ * ++ * Because we may return a 64-bit hash that is well beyond s_maxbytes, ++ * we need to pass the max hash as the maximum allowable offset in ++ * the htree directory case. ++ * ++ * NOTE: offsets obtained *before* ext3_set_inode_flag(dir, EXT3_INODE_INDEX) ++ * will be invalid once the directory was converted into a dx directory ++ */ ++loff_t ext3_dir_llseek(struct file *file, loff_t offset, int origin) ++{ ++ struct inode *inode = file->f_mapping->host; ++ int dx_dir = is_dx_dir(inode); ++ ++ if (likely(dx_dir)) ++ return generic_file_llseek_size(file, offset, origin, ++ ext3_get_htree_eof(file)); ++ else ++ return generic_file_llseek(file, offset, origin); ++} + + /* + * This structure holds the nodes of the red-black tree used to store +@@ -308,15 +372,16 @@ static void free_rb_tree_fname(struct rb_root *root) + } + + +-static struct dir_private_info *ext3_htree_create_dir_info(loff_t pos) ++static struct dir_private_info *ext3_htree_create_dir_info(struct file *filp, ++ loff_t pos) + { + struct dir_private_info *p; + + p = kzalloc(sizeof(struct dir_private_info), GFP_KERNEL); + if (!p) + return NULL; +- p->curr_hash = pos2maj_hash(pos); +- p->curr_minor_hash = pos2min_hash(pos); ++ p->curr_hash = pos2maj_hash(filp, pos); ++ p->curr_minor_hash = pos2min_hash(filp, pos); + return p; + } + +@@ -406,7 +471,7 @@ static int call_filldir(struct file * filp, void * dirent, + printk("call_filldir: called with null fname?!?\n"); + return 0; + } +- curr_pos = hash2pos(fname->hash, fname->minor_hash); ++ curr_pos = hash2pos(filp, fname->hash, fname->minor_hash); + while (fname) { + error = filldir(dirent, fname->name, + fname->name_len, curr_pos, +@@ -431,13 +496,13 @@ static int ext3_dx_readdir(struct file * filp, + int ret; + + if (!info) { +- info = ext3_htree_create_dir_info(filp->f_pos); ++ info = ext3_htree_create_dir_info(filp, filp->f_pos); + if (!info) + return -ENOMEM; + filp->private_data = info; + } + +- if (filp->f_pos == EXT3_HTREE_EOF) ++ if (filp->f_pos == ext3_get_htree_eof(filp)) + return 0; /* EOF */ + + /* Some one has messed with f_pos; reset the world */ +@@ -445,8 +510,8 @@ static int ext3_dx_readdir(struct file * filp, + free_rb_tree_fname(&info->root); + info->curr_node = NULL; + info->extra_fname = NULL; +- info->curr_hash = pos2maj_hash(filp->f_pos); +- info->curr_minor_hash = pos2min_hash(filp->f_pos); ++ info->curr_hash = pos2maj_hash(filp, filp->f_pos); ++ info->curr_minor_hash = pos2min_hash(filp, filp->f_pos); + } + + /* +@@ -478,7 +543,7 @@ static int ext3_dx_readdir(struct file * filp, + if (ret < 0) + return ret; + if (ret == 0) { +- filp->f_pos = EXT3_HTREE_EOF; ++ filp->f_pos = ext3_get_htree_eof(filp); + break; + } + info->curr_node = rb_first(&info->root); +@@ -498,7 +563,7 @@ static int ext3_dx_readdir(struct file * filp, + info->curr_minor_hash = fname->minor_hash; + } else { + if (info->next_hash == ~0) { +- filp->f_pos = EXT3_HTREE_EOF; ++ filp->f_pos = ext3_get_htree_eof(filp); + break; + } + info->curr_hash = info->next_hash; +@@ -517,3 +582,15 @@ static int ext3_release_dir (struct inode * inode, struct file * filp) + + return 0; + } ++ ++const struct file_operations ext3_dir_operations = { ++ .llseek = ext3_dir_llseek, ++ .read = generic_read_dir, ++ .readdir = ext3_readdir, ++ .unlocked_ioctl = ext3_ioctl, ++#ifdef CONFIG_COMPAT ++ .compat_ioctl = ext3_compat_ioctl, ++#endif ++ .fsync = ext3_sync_file, ++ .release = ext3_release_dir, ++}; +diff --git a/fs/ext3/hash.c b/fs/ext3/hash.c +index 7d215b4..d4d3ade 100644 +--- a/fs/ext3/hash.c ++++ b/fs/ext3/hash.c +@@ -200,8 +200,8 @@ int ext3fs_dirhash(const char *name, int len, struct dx_hash_info *hinfo) + return -1; + } + hash = hash & ~1; +- if (hash == (EXT3_HTREE_EOF << 1)) +- hash = (EXT3_HTREE_EOF-1) << 1; ++ if (hash == (EXT3_HTREE_EOF_32BIT << 1)) ++ hash = (EXT3_HTREE_EOF_32BIT - 1) << 1; + hinfo->hash = hash; + hinfo->minor_hash = minor_hash; + return 0; +diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c +index 164c560..689d1b1 100644 +--- a/fs/ext4/dir.c ++++ b/fs/ext4/dir.c +@@ -32,24 +32,8 @@ static unsigned char ext4_filetype_table[] = { + DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK, DT_FIFO, DT_SOCK, DT_LNK + }; + +-static int ext4_readdir(struct file *, void *, filldir_t); + static int ext4_dx_readdir(struct file *filp, + void *dirent, filldir_t filldir); +-static int ext4_release_dir(struct inode *inode, +- struct file *filp); +- +-const struct file_operations ext4_dir_operations = { +- .llseek = ext4_llseek, +- .read = generic_read_dir, +- .readdir = ext4_readdir, /* we take BKL. needed?*/ +- .unlocked_ioctl = ext4_ioctl, +-#ifdef CONFIG_COMPAT +- .compat_ioctl = ext4_compat_ioctl, +-#endif +- .fsync = ext4_sync_file, +- .release = ext4_release_dir, +-}; +- + + static unsigned char get_dtype(struct super_block *sb, int filetype) + { +@@ -60,6 +44,26 @@ static unsigned char get_dtype(struct super_block *sb, int filetype) + return (ext4_filetype_table[filetype]); + } + ++/** ++ * Check if the given dir-inode refers to an htree-indexed directory ++ * (or a directory which chould potentially get coverted to use htree ++ * indexing). ++ * ++ * Return 1 if it is a dx dir, 0 if not ++ */ ++static int is_dx_dir(struct inode *inode) ++{ ++ struct super_block *sb = inode->i_sb; ++ ++ if (EXT4_HAS_COMPAT_FEATURE(inode->i_sb, ++ EXT4_FEATURE_COMPAT_DIR_INDEX) && ++ ((ext4_test_inode_flag(inode, EXT4_INODE_INDEX)) || ++ ((inode->i_size >> sb->s_blocksize_bits) == 1))) ++ return 1; ++ ++ return 0; ++} ++ + /* + * Return 0 if the directory entry is OK, and 1 if there is a problem + * +@@ -115,18 +119,13 @@ static int ext4_readdir(struct file *filp, + unsigned int offset; + int i, stored; + struct ext4_dir_entry_2 *de; +- struct super_block *sb; + int err; + struct inode *inode = filp->f_path.dentry->d_inode; ++ struct super_block *sb = inode->i_sb; + int ret = 0; + int dir_has_error = 0; + +- sb = inode->i_sb; +- +- if (EXT4_HAS_COMPAT_FEATURE(inode->i_sb, +- EXT4_FEATURE_COMPAT_DIR_INDEX) && +- ((ext4_test_inode_flag(inode, EXT4_INODE_INDEX)) || +- ((inode->i_size >> sb->s_blocksize_bits) == 1))) { ++ if (is_dx_dir(inode)) { + err = ext4_dx_readdir(filp, dirent, filldir); + if (err != ERR_BAD_DX_DIR) { + ret = err; +@@ -254,22 +253,134 @@ out: + return ret; + } + ++static inline int is_32bit_api(void) ++{ ++#ifdef CONFIG_COMPAT ++ return is_compat_task(); ++#else ++ return (BITS_PER_LONG == 32); ++#endif ++} ++ + /* + * These functions convert from the major/minor hash to an f_pos +- * value. ++ * value for dx directories ++ * ++ * Upper layer (for example NFS) should specify FMODE_32BITHASH or ++ * FMODE_64BITHASH explicitly. On the other hand, we allow ext4 to be mounted ++ * directly on both 32-bit and 64-bit nodes, under such case, neither ++ * FMODE_32BITHASH nor FMODE_64BITHASH is specified. ++ */ ++static inline loff_t hash2pos(struct file *filp, __u32 major, __u32 minor) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return major >> 1; ++ else ++ return ((__u64)(major >> 1) << 32) | (__u64)minor; ++} ++ ++static inline __u32 pos2maj_hash(struct file *filp, loff_t pos) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return (pos << 1) & 0xffffffff; ++ else ++ return ((pos >> 32) << 1) & 0xffffffff; ++} ++ ++static inline __u32 pos2min_hash(struct file *filp, loff_t pos) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return 0; ++ else ++ return pos & 0xffffffff; ++} ++ ++/* ++ * Return 32- or 64-bit end-of-file for dx directories ++ */ ++static inline loff_t ext4_get_htree_eof(struct file *filp) ++{ ++ if ((filp->f_mode & FMODE_32BITHASH) || ++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api())) ++ return EXT4_HTREE_EOF_32BIT; ++ else ++ return EXT4_HTREE_EOF_64BIT; ++} ++ ++ ++/* ++ * ext4_dir_llseek() based on generic_file_llseek() to handle both ++ * non-htree and htree directories, where the "offset" is in terms ++ * of the filename hash value instead of the byte offset. + * +- * Currently we only use major hash numer. This is unfortunate, but +- * on 32-bit machines, the same VFS interface is used for lseek and +- * llseek, so if we use the 64 bit offset, then the 32-bit versions of +- * lseek/telldir/seekdir will blow out spectacularly, and from within +- * the ext2 low-level routine, we don't know if we're being called by +- * a 64-bit version of the system call or the 32-bit version of the +- * system call. Worse yet, NFSv2 only allows for a 32-bit readdir +- * cookie. Sigh. ++ * NOTE: offsets obtained *before* ext4_set_inode_flag(dir, EXT4_INODE_INDEX) ++ * will be invalid once the directory was converted into a dx directory + */ +-#define hash2pos(major, minor) (major >> 1) +-#define pos2maj_hash(pos) ((pos << 1) & 0xffffffff) +-#define pos2min_hash(pos) (0) ++loff_t ext4_dir_llseek(struct file *file, loff_t offset, int origin) ++{ ++ struct inode *inode = file->f_mapping->host; ++ loff_t ret = -EINVAL; ++ int dx_dir = is_dx_dir(inode); ++ ++ mutex_lock(&inode->i_mutex); ++ ++ /* NOTE: relative offsets with dx directories might not work ++ * as expected, as it is difficult to figure out the ++ * correct offset between dx hashes */ ++ ++ switch (origin) { ++ case SEEK_END: ++ if (unlikely(offset > 0)) ++ goto out_err; /* not supported for directories */ ++ ++ /* so only negative offsets are left, does that have a ++ * meaning for directories at all? */ ++ if (dx_dir) ++ offset += ext4_get_htree_eof(file); ++ else ++ offset += inode->i_size; ++ break; ++ case SEEK_CUR: ++ /* ++ * Here we special-case the lseek(fd, 0, SEEK_CUR) ++ * position-querying operation. Avoid rewriting the "same" ++ * f_pos value back to the file because a concurrent read(), ++ * write() or lseek() might have altered it ++ */ ++ if (offset == 0) { ++ offset = file->f_pos; ++ goto out_ok; ++ } ++ ++ offset += file->f_pos; ++ break; ++ } ++ ++ if (unlikely(offset < 0)) ++ goto out_err; ++ ++ if (!dx_dir) { ++ if (offset > inode->i_sb->s_maxbytes) ++ goto out_err; ++ } else if (offset > ext4_get_htree_eof(file)) ++ goto out_err; ++ ++ /* Special lock needed here? */ ++ if (offset != file->f_pos) { ++ file->f_pos = offset; ++ file->f_version = 0; ++ } ++ ++out_ok: ++ ret = offset; ++out_err: ++ mutex_unlock(&inode->i_mutex); ++ ++ return ret; ++} + + /* + * This structure holds the nodes of the red-black tree used to store +@@ -330,15 +441,16 @@ static void free_rb_tree_fname(struct rb_root *root) + } + + +-static struct dir_private_info *ext4_htree_create_dir_info(loff_t pos) ++static struct dir_private_info *ext4_htree_create_dir_info(struct file *filp, ++ loff_t pos) + { + struct dir_private_info *p; + + p = kzalloc(sizeof(struct dir_private_info), GFP_KERNEL); + if (!p) + return NULL; +- p->curr_hash = pos2maj_hash(pos); +- p->curr_minor_hash = pos2min_hash(pos); ++ p->curr_hash = pos2maj_hash(filp, pos); ++ p->curr_minor_hash = pos2min_hash(filp, pos); + return p; + } + +@@ -429,7 +541,7 @@ static int call_filldir(struct file *filp, void *dirent, + "null fname?!?\n"); + return 0; + } +- curr_pos = hash2pos(fname->hash, fname->minor_hash); ++ curr_pos = hash2pos(filp, fname->hash, fname->minor_hash); + while (fname) { + error = filldir(dirent, fname->name, + fname->name_len, curr_pos, +@@ -454,13 +566,13 @@ static int ext4_dx_readdir(struct file *filp, + int ret; + + if (!info) { +- info = ext4_htree_create_dir_info(filp->f_pos); ++ info = ext4_htree_create_dir_info(filp, filp->f_pos); + if (!info) + return -ENOMEM; + filp->private_data = info; + } + +- if (filp->f_pos == EXT4_HTREE_EOF) ++ if (filp->f_pos == ext4_get_htree_eof(filp)) + return 0; /* EOF */ + + /* Some one has messed with f_pos; reset the world */ +@@ -468,8 +580,8 @@ static int ext4_dx_readdir(struct file *filp, + free_rb_tree_fname(&info->root); + info->curr_node = NULL; + info->extra_fname = NULL; +- info->curr_hash = pos2maj_hash(filp->f_pos); +- info->curr_minor_hash = pos2min_hash(filp->f_pos); ++ info->curr_hash = pos2maj_hash(filp, filp->f_pos); ++ info->curr_minor_hash = pos2min_hash(filp, filp->f_pos); + } + + /* +@@ -501,7 +613,7 @@ static int ext4_dx_readdir(struct file *filp, + if (ret < 0) + return ret; + if (ret == 0) { +- filp->f_pos = EXT4_HTREE_EOF; ++ filp->f_pos = ext4_get_htree_eof(filp); + break; + } + info->curr_node = rb_first(&info->root); +@@ -521,7 +633,7 @@ static int ext4_dx_readdir(struct file *filp, + info->curr_minor_hash = fname->minor_hash; + } else { + if (info->next_hash == ~0) { +- filp->f_pos = EXT4_HTREE_EOF; ++ filp->f_pos = ext4_get_htree_eof(filp); + break; + } + info->curr_hash = info->next_hash; +@@ -540,3 +652,15 @@ static int ext4_release_dir(struct inode *inode, struct file *filp) + + return 0; + } ++ ++const struct file_operations ext4_dir_operations = { ++ .llseek = ext4_dir_llseek, ++ .read = generic_read_dir, ++ .readdir = ext4_readdir, ++ .unlocked_ioctl = ext4_ioctl, ++#ifdef CONFIG_COMPAT ++ .compat_ioctl = ext4_compat_ioctl, ++#endif ++ .fsync = ext4_sync_file, ++ .release = ext4_release_dir, ++}; +diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h +index 60b6ca5..22c71b9 100644 +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -1597,7 +1597,11 @@ struct dx_hash_info + u32 *seed; + }; + +-#define EXT4_HTREE_EOF 0x7fffffff ++ ++/* 32 and 64 bit signed EOF for dx directories */ ++#define EXT4_HTREE_EOF_32BIT ((1UL << (32 - 1)) - 1) ++#define EXT4_HTREE_EOF_64BIT ((1ULL << (64 - 1)) - 1) ++ + + /* + * Control parameters used by ext4_htree_next_block +diff --git a/fs/ext4/hash.c b/fs/ext4/hash.c +index ac8f168..fa8e491 100644 +--- a/fs/ext4/hash.c ++++ b/fs/ext4/hash.c +@@ -200,8 +200,8 @@ int ext4fs_dirhash(const char *name, int len, struct dx_hash_info *hinfo) + return -1; + } + hash = hash & ~1; +- if (hash == (EXT4_HTREE_EOF << 1)) +- hash = (EXT4_HTREE_EOF-1) << 1; ++ if (hash == (EXT4_HTREE_EOF_32BIT << 1)) ++ hash = (EXT4_HTREE_EOF_32BIT - 1) << 1; + hinfo->hash = hash; + hinfo->minor_hash = minor_hash; + return 0; +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c +index d5498b2..b4e9f3f 100644 +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -1269,6 +1269,8 @@ retry: + s_min_extra_isize) { + tried_min_extra_isize++; + new_extra_isize = s_min_extra_isize; ++ kfree(is); is = NULL; ++ kfree(bs); bs = NULL; + goto retry; + } + error = -1; +diff --git a/fs/jfs/jfs_inode.c b/fs/jfs/jfs_inode.c +index c1a3e60..7f464c5 100644 +--- a/fs/jfs/jfs_inode.c ++++ b/fs/jfs/jfs_inode.c +@@ -95,7 +95,7 @@ struct inode *ialloc(struct inode *parent, umode_t mode) + + if (insert_inode_locked(inode) < 0) { + rc = -EINVAL; +- goto fail_unlock; ++ goto fail_put; + } + + inode_init_owner(inode, parent, mode); +@@ -156,7 +156,6 @@ struct inode *ialloc(struct inode *parent, umode_t mode) + fail_drop: + dquot_drop(inode); + inode->i_flags |= S_NOQUOTA; +-fail_unlock: + clear_nlink(inode); + unlock_new_inode(inode); + fail_put: +diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c +index 561a3dc..61b697e 100644 +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -726,12 +726,13 @@ static int nfsd_open_break_lease(struct inode *inode, int access) + + /* + * Open an existing file or directory. +- * The access argument indicates the type of open (read/write/lock) ++ * The may_flags argument indicates the type of open (read/write/lock) ++ * and additional flags. + * N.B. After this call fhp needs an fh_put + */ + __be32 + nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, +- int access, struct file **filp) ++ int may_flags, struct file **filp) + { + struct dentry *dentry; + struct inode *inode; +@@ -746,7 +747,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, + * and (hopefully) checked permission - so allow OWNER_OVERRIDE + * in case a chmod has now revoked permission. + */ +- err = fh_verify(rqstp, fhp, type, access | NFSD_MAY_OWNER_OVERRIDE); ++ err = fh_verify(rqstp, fhp, type, may_flags | NFSD_MAY_OWNER_OVERRIDE); + if (err) + goto out; + +@@ -757,7 +758,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, + * or any access when mandatory locking enabled + */ + err = nfserr_perm; +- if (IS_APPEND(inode) && (access & NFSD_MAY_WRITE)) ++ if (IS_APPEND(inode) && (may_flags & NFSD_MAY_WRITE)) + goto out; + /* + * We must ignore files (but only files) which might have mandatory +@@ -770,12 +771,12 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, + if (!inode->i_fop) + goto out; + +- host_err = nfsd_open_break_lease(inode, access); ++ host_err = nfsd_open_break_lease(inode, may_flags); + if (host_err) /* NOMEM or WOULDBLOCK */ + goto out_nfserr; + +- if (access & NFSD_MAY_WRITE) { +- if (access & NFSD_MAY_READ) ++ if (may_flags & NFSD_MAY_WRITE) { ++ if (may_flags & NFSD_MAY_READ) + flags = O_RDWR|O_LARGEFILE; + else + flags = O_WRONLY|O_LARGEFILE; +@@ -785,8 +786,15 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, + if (IS_ERR(*filp)) { + host_err = PTR_ERR(*filp); + *filp = NULL; +- } else +- host_err = ima_file_check(*filp, access); ++ } else { ++ host_err = ima_file_check(*filp, may_flags); ++ ++ if (may_flags & NFSD_MAY_64BIT_COOKIE) ++ (*filp)->f_mode |= FMODE_64BITHASH; ++ else ++ (*filp)->f_mode |= FMODE_32BITHASH; ++ } ++ + out_nfserr: + err = nfserrno(host_err); + out: +@@ -2016,8 +2024,13 @@ nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp, + __be32 err; + struct file *file; + loff_t offset = *offsetp; ++ int may_flags = NFSD_MAY_READ; ++ ++ /* NFSv2 only supports 32 bit cookies */ ++ if (rqstp->rq_vers > 2) ++ may_flags |= NFSD_MAY_64BIT_COOKIE; + +- err = nfsd_open(rqstp, fhp, S_IFDIR, NFSD_MAY_READ, &file); ++ err = nfsd_open(rqstp, fhp, S_IFDIR, may_flags, &file); + if (err) + goto out; + +diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h +index 3f54ad0..85d4d42 100644 +--- a/fs/nfsd/vfs.h ++++ b/fs/nfsd/vfs.h +@@ -27,6 +27,8 @@ + #define NFSD_MAY_BYPASS_GSS 0x400 + #define NFSD_MAY_READ_IF_EXEC 0x800 + ++#define NFSD_MAY_64BIT_COOKIE 0x1000 /* 64 bit readdir cookies for >= NFSv3 */ ++ + #define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE) + #define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC) + +diff --git a/fs/statfs.c b/fs/statfs.c +index 9cf04a1..a133c3e 100644 +--- a/fs/statfs.c ++++ b/fs/statfs.c +@@ -86,7 +86,7 @@ int user_statfs(const char __user *pathname, struct kstatfs *st) + + int fd_statfs(int fd, struct kstatfs *st) + { +- struct file *file = fget(fd); ++ struct file *file = fget_raw(fd); + int error = -EBADF; + if (file) { + error = vfs_statfs(&file->f_path, st); +diff --git a/include/drm/drm_mode.h b/include/drm/drm_mode.h +index 7639f18..8f4ae68 100644 +--- a/include/drm/drm_mode.h ++++ b/include/drm/drm_mode.h +@@ -184,6 +184,8 @@ struct drm_mode_get_connector { + __u32 connection; + __u32 mm_width, mm_height; /**< HxW in millimeters */ + __u32 subpixel; ++ ++ __u32 pad; + }; + + #define DRM_MODE_PROP_PENDING (1<<0) +diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h +index 3fd17c2..5633053 100644 +--- a/include/linux/compiler-gcc.h ++++ b/include/linux/compiler-gcc.h +@@ -5,6 +5,9 @@ + /* + * Common definitions for all gcc versions go here. + */ ++#define GCC_VERSION (__GNUC__ * 10000 \ ++ + __GNUC_MINOR__ * 100 \ ++ + __GNUC_PATCHLEVEL__) + + + /* Optimization barrier */ +diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h +index dfadc96..643d6c4 100644 +--- a/include/linux/compiler-gcc4.h ++++ b/include/linux/compiler-gcc4.h +@@ -29,6 +29,21 @@ + the kernel context */ + #define __cold __attribute__((__cold__)) + ++/* ++ * GCC 'asm goto' miscompiles certain code sequences: ++ * ++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670 ++ * ++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek. ++ * Fixed in GCC 4.8.2 and later versions. ++ * ++ * (asm goto is automatically volatile - the naming reflects this.) ++ */ ++#if GCC_VERSION <= 40801 ++# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0) ++#else ++# define asm_volatile_goto(x...) do { asm goto(x); } while (0) ++#endif + + #if __GNUC_MINOR__ >= 5 + /* +diff --git a/include/linux/ext3_fs.h b/include/linux/ext3_fs.h +index dec9911..d59ab12 100644 +--- a/include/linux/ext3_fs.h ++++ b/include/linux/ext3_fs.h +@@ -781,7 +781,11 @@ struct dx_hash_info + u32 *seed; + }; + +-#define EXT3_HTREE_EOF 0x7fffffff ++ ++/* 32 and 64 bit signed EOF for dx directories */ ++#define EXT3_HTREE_EOF_32BIT ((1UL << (32 - 1)) - 1) ++#define EXT3_HTREE_EOF_64BIT ((1ULL << (64 - 1)) - 1) ++ + + /* + * Control parameters used by ext3_htree_next_block +diff --git a/include/linux/fs.h b/include/linux/fs.h +index a276817..dd74385 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -92,6 +92,10 @@ struct inodes_stat_t { + /* File is opened using open(.., 3, ..) and is writeable only for ioctls + (specialy hack for floppy.c) */ + #define FMODE_WRITE_IOCTL ((__force fmode_t)0x100) ++/* 32bit hashes as llseek() offset (for directories) */ ++#define FMODE_32BITHASH ((__force fmode_t)0x200) ++/* 64bit hashes as llseek() offset (for directories) */ ++#define FMODE_64BITHASH ((__force fmode_t)0x400) + + /* + * Don't update ctime and mtime. +@@ -907,9 +911,11 @@ static inline loff_t i_size_read(const struct inode *inode) + static inline void i_size_write(struct inode *inode, loff_t i_size) + { + #if BITS_PER_LONG==32 && defined(CONFIG_SMP) ++ preempt_disable(); + write_seqcount_begin(&inode->i_size_seqcount); + inode->i_size = i_size; + write_seqcount_end(&inode->i_size_seqcount); ++ preempt_enable(); + #elif BITS_PER_LONG==32 && defined(CONFIG_PREEMPT) + preempt_disable(); + inode->i_size = i_size; +diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h +index eeb6a29..8d5b91e 100644 +--- a/include/linux/perf_event.h ++++ b/include/linux/perf_event.h +@@ -300,13 +300,15 @@ struct perf_event_mmap_page { + /* + * Control data for the mmap() data buffer. + * +- * User-space reading the @data_head value should issue an rmb(), on +- * SMP capable platforms, after reading this value -- see +- * perf_event_wakeup(). ++ * User-space reading the @data_head value should issue an smp_rmb(), ++ * after reading this value. + * + * When the mapping is PROT_WRITE the @data_tail value should be +- * written by userspace to reflect the last read data. In this case +- * the kernel will not over-write unread data. ++ * written by userspace to reflect the last read data, after issueing ++ * an smp_mb() to separate the data read from the ->data_tail store. ++ * In this case the kernel will not over-write unread data. ++ * ++ * See perf_output_put_handle() for the data ordering. + */ + __u64 data_head; /* head in the data section */ + __u64 data_tail; /* user-space written tail */ +diff --git a/include/linux/random.h b/include/linux/random.h +index 29e217a..7e77cee 100644 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -58,6 +58,7 @@ extern void add_interrupt_randomness(int irq, int irq_flags); + extern void get_random_bytes(void *buf, int nbytes); + extern void get_random_bytes_arch(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); ++extern int random_int_secret_init(void); + + #ifndef MODULE + extern const struct file_operations random_fops, urandom_fops; +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index efe50af..85180bf 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -737,6 +737,16 @@ static inline int skb_cloned(const struct sk_buff *skb) + (atomic_read(&skb_shinfo(skb)->dataref) & SKB_DATAREF_MASK) != 1; + } + ++static inline int skb_unclone(struct sk_buff *skb, gfp_t pri) ++{ ++ might_sleep_if(pri & __GFP_WAIT); ++ ++ if (skb_cloned(skb)) ++ return pskb_expand_head(skb, 0, 0, pri); ++ ++ return 0; ++} ++ + /** + * skb_header_cloned - is the header a clone + * @skb: buffer to check +@@ -1157,6 +1167,11 @@ static inline int skb_pagelen(const struct sk_buff *skb) + return len + skb_headlen(skb); + } + ++static inline bool skb_has_frags(const struct sk_buff *skb) ++{ ++ return skb_shinfo(skb)->nr_frags; ++} ++ + /** + * __skb_fill_page_desc - initialise a paged fragment in an skb + * @skb: buffer containing fragment to be initialised +diff --git a/include/linux/timex.h b/include/linux/timex.h +index 08e90fb..5fee575 100644 +--- a/include/linux/timex.h ++++ b/include/linux/timex.h +@@ -173,6 +173,20 @@ struct timex { + + #include <asm/timex.h> + ++#ifndef random_get_entropy ++/* ++ * The random_get_entropy() function is used by the /dev/random driver ++ * in order to extract entropy via the relative unpredictability of ++ * when an interrupt takes places versus a high speed, fine-grained ++ * timing source or cycle counter. Since it will be occurred on every ++ * single interrupt, it must have a very low cost/overhead. ++ * ++ * By default we use get_cycles() for this purpose, but individual ++ * architectures may override this in their asm/timex.h header file. ++ */ ++#define random_get_entropy() get_cycles() ++#endif ++ + /* + * SHIFT_PLL is used as a dampening factor to define how much we + * adjust the frequency correction for a given offset in PLL mode. +diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h +index a7a683e..a8c2ef6 100644 +--- a/include/net/cipso_ipv4.h ++++ b/include/net/cipso_ipv4.h +@@ -290,6 +290,7 @@ static inline int cipso_v4_validate(const struct sk_buff *skb, + unsigned char err_offset = 0; + u8 opt_len = opt[1]; + u8 opt_iter; ++ u8 tag_len; + + if (opt_len < 8) { + err_offset = 1; +@@ -302,11 +303,12 @@ static inline int cipso_v4_validate(const struct sk_buff *skb, + } + + for (opt_iter = 6; opt_iter < opt_len;) { +- if (opt[opt_iter + 1] > (opt_len - opt_iter)) { ++ tag_len = opt[opt_iter + 1]; ++ if ((tag_len == 0) || (opt[opt_iter + 1] > (opt_len - opt_iter))) { + err_offset = opt_iter + 1; + goto out; + } +- opt_iter += opt[opt_iter + 1]; ++ opt_iter += tag_len; + } + + out: +diff --git a/include/net/dst.h b/include/net/dst.h +index 16010d1..86ef78d 100644 +--- a/include/net/dst.h ++++ b/include/net/dst.h +@@ -459,10 +459,22 @@ static inline struct dst_entry *xfrm_lookup(struct net *net, + { + return dst_orig; + } ++ ++static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst) ++{ ++ return NULL; ++} ++ + #else + extern struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, + const struct flowi *fl, struct sock *sk, + int flags); ++ ++/* skb attached with this dst needs transformation if dst->xfrm is valid */ ++static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst) ++{ ++ return dst->xfrm; ++} + #endif + + #endif /* _NET_DST_H */ +diff --git a/init/main.c b/init/main.c +index 5d0eb1d..7474450 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -68,6 +68,7 @@ + #include <linux/shmem_fs.h> + #include <linux/slab.h> + #include <linux/perf_event.h> ++#include <linux/random.h> + + #include <asm/io.h> + #include <asm/bugs.h> +@@ -732,6 +733,7 @@ static void __init do_basic_setup(void) + do_ctors(); + usermodehelper_enable(); + do_initcalls(); ++ random_int_secret_init(); + } + + static void __init do_pre_smp_initcalls(void) +diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c +index 7f3011c..58c3b51 100644 +--- a/kernel/events/ring_buffer.c ++++ b/kernel/events/ring_buffer.c +@@ -75,10 +75,31 @@ again: + goto out; + + /* +- * Publish the known good head. Rely on the full barrier implied +- * by atomic_dec_and_test() order the rb->head read and this +- * write. ++ * Since the mmap() consumer (userspace) can run on a different CPU: ++ * ++ * kernel user ++ * ++ * READ ->data_tail READ ->data_head ++ * smp_mb() (A) smp_rmb() (C) ++ * WRITE $data READ $data ++ * smp_wmb() (B) smp_mb() (D) ++ * STORE ->data_head WRITE ->data_tail ++ * ++ * Where A pairs with D, and B pairs with C. ++ * ++ * I don't think A needs to be a full barrier because we won't in fact ++ * write data until we see the store from userspace. So we simply don't ++ * issue the data WRITE until we observe it. Be conservative for now. ++ * ++ * OTOH, D needs to be a full barrier since it separates the data READ ++ * from the tail WRITE. ++ * ++ * For B a WMB is sufficient since it separates two WRITEs, and for C ++ * an RMB is sufficient since it separates two READs. ++ * ++ * See perf_output_begin(). + */ ++ smp_wmb(); + rb->user_page->data_head = head; + + /* +@@ -142,9 +163,11 @@ int perf_output_begin(struct perf_output_handle *handle, + * Userspace could choose to issue a mb() before updating the + * tail pointer. So that all reads will be completed before the + * write is issued. ++ * ++ * See perf_output_put_handle(). + */ + tail = ACCESS_ONCE(rb->user_page->data_tail); +- smp_rmb(); ++ smp_mb(); + offset = head = local_read(&rb->head); + head += size; + if (unlikely(!perf_output_space(rb, tail, offset, head))) +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index ce1067f..c5a12a7 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -534,9 +534,12 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf, + if (isspace(ch)) { + parser->buffer[parser->idx] = 0; + parser->cont = false; +- } else { ++ } else if (parser->idx < parser->size - 1) { + parser->cont = true; + parser->buffer[parser->idx++] = ch; ++ } else { ++ ret = -EINVAL; ++ goto out; + } + + *ppos += read; +diff --git a/lib/scatterlist.c b/lib/scatterlist.c +index 4ceb05d..2ffcb3c 100644 +--- a/lib/scatterlist.c ++++ b/lib/scatterlist.c +@@ -419,7 +419,8 @@ void sg_miter_stop(struct sg_mapping_iter *miter) + if (miter->addr) { + miter->__offset += miter->consumed; + +- if (miter->__flags & SG_MITER_TO_SG) ++ if ((miter->__flags & SG_MITER_TO_SG) && ++ !PageSlab(miter->page)) + flush_kernel_dcache_page(miter->page); + + if (miter->__flags & SG_MITER_ATOMIC) { +diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c +index 235c219..c705612 100644 +--- a/net/8021q/vlan_netlink.c ++++ b/net/8021q/vlan_netlink.c +@@ -152,7 +152,7 @@ static size_t vlan_get_size(const struct net_device *dev) + struct vlan_dev_info *vlan = vlan_dev_info(dev); + + return nla_total_size(2) + /* IFLA_VLAN_ID */ +- sizeof(struct ifla_vlan_flags) + /* IFLA_VLAN_FLAGS */ ++ nla_total_size(sizeof(struct ifla_vlan_flags)) + /* IFLA_VLAN_FLAGS */ + vlan_qos_map_size(vlan->nr_ingress_mappings) + + vlan_qos_map_size(vlan->nr_egress_mappings); + } +diff --git a/net/compat.c b/net/compat.c +index 8c979cc..3139ef2 100644 +--- a/net/compat.c ++++ b/net/compat.c +@@ -71,6 +71,8 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) + __get_user(kmsg->msg_controllen, &umsg->msg_controllen) || + __get_user(kmsg->msg_flags, &umsg->msg_flags)) + return -EFAULT; ++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) ++ return -EINVAL; + kmsg->msg_name = compat_ptr(tmp1); + kmsg->msg_iov = compat_ptr(tmp2); + kmsg->msg_control = compat_ptr(tmp3); +diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c +index 984ec65..4afcf31 100644 +--- a/net/ipv4/inet_hashtables.c ++++ b/net/ipv4/inet_hashtables.c +@@ -268,7 +268,7 @@ begintw: + } + if (unlikely(!INET_TW_MATCH(sk, net, hash, acookie, + saddr, daddr, ports, dif))) { +- sock_put(sk); ++ inet_twsk_put(inet_twsk(sk)); + goto begintw; + } + goto out; +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index daf408e..16191f0 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -833,7 +833,7 @@ static int __ip_append_data(struct sock *sk, + csummode = CHECKSUM_PARTIAL; + + cork->length += length; +- if (((length > mtu) || (skb && skb_is_gso(skb))) && ++ if (((length > mtu) || (skb && skb_has_frags(skb))) && + (sk->sk_protocol == IPPROTO_UDP) && + (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) { + err = ip_ufo_append_data(sk, queue, getfrag, from, length, +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index c45a155a3..6768ce2 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -2727,7 +2727,7 @@ static struct rtable *ip_route_output_slow(struct net *net, struct flowi4 *fl4) + RT_SCOPE_LINK); + goto make_route; + } +- if (fl4->saddr) { ++ if (!fl4->saddr) { + if (ipv4_is_multicast(fl4->daddr)) + fl4->saddr = inet_select_addr(dev_out, 0, + fl4->flowi4_scope); +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index 872b41d..c1ed01e 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -1469,7 +1469,10 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb, + tp->lost_cnt_hint -= tcp_skb_pcount(prev); + } + +- TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(prev)->tcp_flags; ++ TCP_SKB_CB(prev)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags; ++ if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) ++ TCP_SKB_CB(prev)->end_seq++; ++ + if (skb == tcp_highest_sack(sk)) + tcp_advance_highest_sack(sk, skb); + +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c +index 3add486..0d5a118 100644 +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -933,6 +933,9 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb) + static void tcp_set_skb_tso_segs(const struct sock *sk, struct sk_buff *skb, + unsigned int mss_now) + { ++ /* Make sure we own this skb before messing gso_size/gso_segs */ ++ WARN_ON_ONCE(skb_cloned(skb)); ++ + if (skb->len <= mss_now || !sk_can_gso(sk) || + skb->ip_summed == CHECKSUM_NONE) { + /* Avoid the costly divide in the normal +@@ -1014,9 +1017,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, + if (nsize < 0) + nsize = 0; + +- if (skb_cloned(skb) && +- skb_is_nonlinear(skb) && +- pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) ++ if (skb_unclone(skb, GFP_ATOMIC)) + return -ENOMEM; + + /* Get a new skb... force flag on. */ +@@ -2129,6 +2130,8 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) + int oldpcount = tcp_skb_pcount(skb); + + if (unlikely(oldpcount > 1)) { ++ if (skb_unclone(skb, GFP_ATOMIC)) ++ return -ENOMEM; + tcp_init_tso_segs(sk, skb, cur_mss); + tcp_adjust_pcount(sk, skb, oldpcount - tcp_skb_pcount(skb)); + } +diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c +index 73f1a00..e38290b 100644 +--- a/net/ipv6/inet6_hashtables.c ++++ b/net/ipv6/inet6_hashtables.c +@@ -110,7 +110,7 @@ begintw: + goto out; + } + if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) { +- sock_put(sk); ++ inet_twsk_put(inet_twsk(sk)); + goto begintw; + } + goto out; +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 91d0711..97675bf 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1342,7 +1342,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + skb = skb_peek_tail(&sk->sk_write_queue); + cork->length += length; + if (((length > mtu) || +- (skb && skb_is_gso(skb))) && ++ (skb && skb_has_frags(skb))) && + (sk->sk_protocol == IPPROTO_UDP) && + (rt->dst.dev->features & NETIF_F_UFO)) { + err = ip6_ufo_append_data(sk, getfrag, from, length, +diff --git a/net/ipv6/route.c b/net/ipv6/route.c +index 18ea73c..bc9103d 100644 +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -791,7 +791,7 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, + } + + static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif, +- struct flowi6 *fl6, int flags) ++ struct flowi6 *fl6, int flags, bool input) + { + struct fib6_node *fn; + struct rt6_info *rt, *nrt; +@@ -799,8 +799,11 @@ static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, + int attempts = 3; + int err; + int reachable = net->ipv6.devconf_all->forwarding ? 0 : RT6_LOOKUP_F_REACHABLE; ++ int local = RTF_NONEXTHOP; + + strict |= flags & RT6_LOOKUP_F_IFACE; ++ if (input) ++ local |= RTF_LOCAL; + + relookup: + read_lock_bh(&table->tb6_lock); +@@ -820,7 +823,7 @@ restart: + read_unlock_bh(&table->tb6_lock); + + if (!dst_get_neighbour_raw(&rt->dst) +- && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL))) ++ && !(rt->rt6i_flags & local)) + nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); + else if (!(rt->dst.flags & DST_HOST)) + nrt = rt6_alloc_clone(rt, &fl6->daddr); +@@ -864,7 +867,7 @@ out2: + static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table, + struct flowi6 *fl6, int flags) + { +- return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags); ++ return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags, true); + } + + void ip6_route_input(struct sk_buff *skb) +@@ -890,7 +893,7 @@ void ip6_route_input(struct sk_buff *skb) + static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table, + struct flowi6 *fl6, int flags) + { +- return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags); ++ return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags, false); + } + + struct dst_entry * ip6_route_output(struct net *net, const struct sock *sk, +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c +index e579006..8570079 100644 +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -357,7 +357,9 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh + goto error_put_sess_tun; + } + ++ local_bh_disable(); + l2tp_xmit_skb(session, skb, session->hdr_len); ++ local_bh_enable(); + + sock_put(ps->tunnel_sock); + sock_put(sk); +@@ -432,7 +434,9 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb) + skb->data[0] = ppph[0]; + skb->data[1] = ppph[1]; + ++ local_bh_disable(); + l2tp_xmit_skb(session, skb, session->hdr_len); ++ local_bh_enable(); + + sock_put(sk_tun); + sock_put(sk); +diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h +index 73495f1..a9cf593 100644 +--- a/net/mac80211/ieee80211_i.h ++++ b/net/mac80211/ieee80211_i.h +@@ -708,6 +708,8 @@ struct tpt_led_trigger { + * that the scan completed. + * @SCAN_ABORTED: Set for our scan work function when the driver reported + * a scan complete for an aborted scan. ++ * @SCAN_HW_CANCELLED: Set for our scan work function when the scan is being ++ * cancelled. + */ + enum { + SCAN_SW_SCANNING, +@@ -715,6 +717,7 @@ enum { + SCAN_OFF_CHANNEL, + SCAN_COMPLETED, + SCAN_ABORTED, ++ SCAN_HW_CANCELLED, + }; + + /** +diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c +index 7d882fc..db01d02 100644 +--- a/net/mac80211/rx.c ++++ b/net/mac80211/rx.c +@@ -2780,6 +2780,9 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx, + case NL80211_IFTYPE_ADHOC: + if (!bssid) + return 0; ++ if (compare_ether_addr(sdata->vif.addr, hdr->addr2) == 0 || ++ compare_ether_addr(sdata->u.ibss.bssid, hdr->addr2) == 0) ++ return 0; + if (ieee80211_is_beacon(hdr->frame_control)) { + return 1; + } +diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c +index 5279300..0aeea49 100644 +--- a/net/mac80211/scan.c ++++ b/net/mac80211/scan.c +@@ -224,6 +224,9 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local) + enum ieee80211_band band; + int i, ielen, n_chans; + ++ if (test_bit(SCAN_HW_CANCELLED, &local->scanning)) ++ return false; ++ + do { + if (local->hw_scan_band == IEEE80211_NUM_BANDS) + return false; +@@ -815,7 +818,23 @@ void ieee80211_scan_cancel(struct ieee80211_local *local) + if (!local->scan_req) + goto out; + ++ /* ++ * We have a scan running and the driver already reported completion, ++ * but the worker hasn't run yet or is stuck on the mutex - mark it as ++ * cancelled. ++ */ ++ if (test_bit(SCAN_HW_SCANNING, &local->scanning) && ++ test_bit(SCAN_COMPLETED, &local->scanning)) { ++ set_bit(SCAN_HW_CANCELLED, &local->scanning); ++ goto out; ++ } ++ + if (test_bit(SCAN_HW_SCANNING, &local->scanning)) { ++ /* ++ * Make sure that __ieee80211_scan_completed doesn't trigger a ++ * scan on another band. ++ */ ++ set_bit(SCAN_HW_CANCELLED, &local->scanning); + if (local->ops->cancel_hw_scan) + drv_cancel_hw_scan(local, local->scan_sdata); + goto out; +diff --git a/net/mac80211/status.c b/net/mac80211/status.c +index 67df50e..1a49354 100644 +--- a/net/mac80211/status.c ++++ b/net/mac80211/status.c +@@ -181,6 +181,9 @@ static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb) + struct ieee80211_local *local = sta->local; + struct ieee80211_sub_if_data *sdata = sta->sdata; + ++ if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) ++ sta->last_rx = jiffies; ++ + if (ieee80211_is_data_qos(mgmt->frame_control)) { + struct ieee80211_hdr *hdr = (void *) skb->data; + u8 *qc = ieee80211_get_qos_ctl(hdr); +diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c +index 93faf6a..4a8c55b 100644 +--- a/net/netfilter/nf_conntrack_sip.c ++++ b/net/netfilter/nf_conntrack_sip.c +@@ -1468,7 +1468,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, + + msglen = origlen = end - dptr; + if (msglen > datalen) +- return NF_DROP; ++ return NF_ACCEPT; + + ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen); + if (ret != NF_ACCEPT) +diff --git a/net/sctp/output.c b/net/sctp/output.c +index 32ba8d0..cf3e22c 100644 +--- a/net/sctp/output.c ++++ b/net/sctp/output.c +@@ -518,7 +518,8 @@ int sctp_packet_transmit(struct sctp_packet *packet) + * by CRC32-C as described in <draft-ietf-tsvwg-sctpcsum-02.txt>. + */ + if (!sctp_checksum_disable) { +- if (!(dst->dev->features & NETIF_F_SCTP_CSUM)) { ++ if (!(dst->dev->features & NETIF_F_SCTP_CSUM) || ++ (dst_xfrm(dst) != NULL) || packet->ipfragok) { + __u32 crc32 = sctp_start_cksum((__u8 *)sh, cksum_buf_len); + + /* 3) Put the resultant value into the checksum field in the +diff --git a/net/socket.c b/net/socket.c +index cf546a3..bf7adaa 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -1876,6 +1876,16 @@ struct used_address { + unsigned int name_len; + }; + ++static int copy_msghdr_from_user(struct msghdr *kmsg, ++ struct msghdr __user *umsg) ++{ ++ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) ++ return -EFAULT; ++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) ++ return -EINVAL; ++ return 0; ++} ++ + static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, + struct msghdr *msg_sys, unsigned flags, + struct used_address *used_address) +@@ -1894,8 +1904,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, + if (MSG_CMSG_COMPAT & flags) { + if (get_compat_msghdr(msg_sys, msg_compat)) + return -EFAULT; +- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) +- return -EFAULT; ++ } else { ++ err = copy_msghdr_from_user(msg_sys, msg); ++ if (err) ++ return err; ++ } + + /* do not move before msg_sys is valid */ + err = -EMSGSIZE; +@@ -2110,8 +2123,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, + if (MSG_CMSG_COMPAT & flags) { + if (get_compat_msghdr(msg_sys, msg_compat)) + return -EFAULT; +- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) +- return -EFAULT; ++ } else { ++ err = copy_msghdr_from_user(msg_sys, msg); ++ if (err) ++ return err; ++ } + + err = -EMSGSIZE; + if (msg_sys->msg_iovlen > UIO_MAXIOV) +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index 5611563..5122b22 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -1236,6 +1236,15 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb) + return 0; + } + ++static void unix_sock_inherit_flags(const struct socket *old, ++ struct socket *new) ++{ ++ if (test_bit(SOCK_PASSCRED, &old->flags)) ++ set_bit(SOCK_PASSCRED, &new->flags); ++ if (test_bit(SOCK_PASSSEC, &old->flags)) ++ set_bit(SOCK_PASSSEC, &new->flags); ++} ++ + static int unix_accept(struct socket *sock, struct socket *newsock, int flags) + { + struct sock *sk = sock->sk; +@@ -1270,6 +1279,7 @@ static int unix_accept(struct socket *sock, struct socket *newsock, int flags) + /* attach accepted sock to socket */ + unix_state_lock(tsk); + newsock->state = SS_CONNECTED; ++ unix_sock_inherit_flags(sock, newsock); + sock_graft(tsk, newsock); + unix_state_unlock(tsk); + return 0; +diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c +index c4ad795..617a310 100644 +--- a/net/wireless/radiotap.c ++++ b/net/wireless/radiotap.c +@@ -95,6 +95,10 @@ int ieee80211_radiotap_iterator_init( + struct ieee80211_radiotap_header *radiotap_header, + int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns) + { ++ /* check the radiotap header can actually be present */ ++ if (max_length < sizeof(struct ieee80211_radiotap_header)) ++ return -EINVAL; ++ + /* Linux only supports version 0 radiotap format */ + if (radiotap_header->it_version) + return -EINVAL; +@@ -129,7 +133,8 @@ int ieee80211_radiotap_iterator_init( + */ + + if ((unsigned long)iterator->_arg - +- (unsigned long)iterator->_rtheader > ++ (unsigned long)iterator->_rtheader + ++ sizeof(uint32_t) > + (unsigned long)iterator->_max_length) + return -EINVAL; + } +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 1b43fde..92c913d 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -5798,6 +5798,8 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = { + SND_PCI_QUIRK(0x1025, 0x031c, "Gateway NV79", ALC662_FIXUP_SKU_IGNORE), + SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE), + SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800), ++ SND_PCI_QUIRK(0x1043, 0x1477, "ASUS N56VZ", ALC662_FIXUP_ASUS_MODE4), ++ SND_PCI_QUIRK(0x1043, 0x1bf3, "ASUS N76VZ", ALC662_FIXUP_ASUS_MODE4), + SND_PCI_QUIRK(0x1043, 0x8469, "ASUS mobo", ALC662_FIXUP_NO_JACK_DETECT), + SND_PCI_QUIRK(0x105b, 0x0cd6, "Foxconn", ALC662_FIXUP_ASUS_MODE2), + SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD), +diff --git a/sound/soc/codecs/wm_hubs.c b/sound/soc/codecs/wm_hubs.c +index 3642e06..e44c0e3 100644 +--- a/sound/soc/codecs/wm_hubs.c ++++ b/sound/soc/codecs/wm_hubs.c +@@ -414,6 +414,7 @@ static int hp_supply_event(struct snd_soc_dapm_widget *w, + hubs->hp_startup_mode); + break; + } ++ break; + + case SND_SOC_DAPM_PRE_PMD: + snd_soc_update_bits(codec, WM8993_CHARGE_PUMP_1, +diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c +index b516488..1d83a40 100644 +--- a/sound/soc/soc-dapm.c ++++ b/sound/soc/soc-dapm.c +@@ -1523,7 +1523,7 @@ static ssize_t dapm_widget_power_read_file(struct file *file, + w->active ? "active" : "inactive"); + + list_for_each_entry(p, &w->sources, list_sink) { +- if (p->connected && !p->connected(w, p->sink)) ++ if (p->connected && !p->connected(w, p->source)) + continue; + + if (p->connect) +diff --git a/sound/usb/usx2y/usbusx2yaudio.c b/sound/usb/usx2y/usbusx2yaudio.c +index d5724d8..1226631 100644 +--- a/sound/usb/usx2y/usbusx2yaudio.c ++++ b/sound/usb/usx2y/usbusx2yaudio.c +@@ -299,19 +299,6 @@ static void usX2Y_error_urb_status(struct usX2Ydev *usX2Y, + usX2Y_clients_stop(usX2Y); + } + +-static void usX2Y_error_sequence(struct usX2Ydev *usX2Y, +- struct snd_usX2Y_substream *subs, struct urb *urb) +-{ +- snd_printk(KERN_ERR +-"Sequence Error!(hcd_frame=%i ep=%i%s;wait=%i,frame=%i).\n" +-"Most propably some urb of usb-frame %i is still missing.\n" +-"Cause could be too long delays in usb-hcd interrupt handling.\n", +- usb_get_current_frame_number(usX2Y->dev), +- subs->endpoint, usb_pipein(urb->pipe) ? "in" : "out", +- usX2Y->wait_iso_frame, urb->start_frame, usX2Y->wait_iso_frame); +- usX2Y_clients_stop(usX2Y); +-} +- + static void i_usX2Y_urb_complete(struct urb *urb) + { + struct snd_usX2Y_substream *subs = urb->context; +@@ -328,12 +315,9 @@ static void i_usX2Y_urb_complete(struct urb *urb) + usX2Y_error_urb_status(usX2Y, subs, urb); + return; + } +- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF))) +- subs->completed_urb = urb; +- else { +- usX2Y_error_sequence(usX2Y, subs, urb); +- return; +- } ++ ++ subs->completed_urb = urb; ++ + { + struct snd_usX2Y_substream *capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE], + *playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK]; +diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c +index a51340f..83a8b8d 100644 +--- a/sound/usb/usx2y/usx2yhwdeppcm.c ++++ b/sound/usb/usx2y/usx2yhwdeppcm.c +@@ -244,13 +244,8 @@ static void i_usX2Y_usbpcm_urb_complete(struct urb *urb) + usX2Y_error_urb_status(usX2Y, subs, urb); + return; + } +- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF))) +- subs->completed_urb = urb; +- else { +- usX2Y_error_sequence(usX2Y, subs, urb); +- return; +- } + ++ subs->completed_urb = urb; + capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE]; + capsubs2 = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE + 2]; + playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK]; +diff --git a/tools/perf/builtin-sched.c b/tools/perf/builtin-sched.c +index 5177964..714fc35 100644 +--- a/tools/perf/builtin-sched.c ++++ b/tools/perf/builtin-sched.c +@@ -14,6 +14,7 @@ + #include "util/debug.h" + + #include <sys/prctl.h> ++#include <sys/resource.h> + + #include <semaphore.h> + #include <pthread.h> diff --git a/3.2.52/4420_grsecurity-3.0-3.2.52-201311261520.patch b/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch index bb4bd2e..15444aa 100644 --- a/3.2.52/4420_grsecurity-3.0-3.2.52-201311261520.patch +++ b/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch @@ -270,7 +270,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index 1dd2c09..6f850c4 100644 +index 90f57dc..1082409 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4742,7 +4742,7 @@ index 7ea75d1..5075226 100644 return addr; } diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c -index f19e660..414fe24 100644 +index cd8b02f..543008b 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c @@ -733,9 +733,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) @@ -9496,23 +9496,6 @@ index 0032f92..cd151e0 100644 #ifdef CONFIG_64BIT #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) -diff --git a/arch/um/kernel/exitcode.c b/arch/um/kernel/exitcode.c -index 829df49..41ebbfe 100644 ---- a/arch/um/kernel/exitcode.c -+++ b/arch/um/kernel/exitcode.c -@@ -40,9 +40,11 @@ static ssize_t exitcode_proc_write(struct file *file, - const char __user *buffer, size_t count, loff_t *pos) - { - char *end, buf[sizeof("nnnnn\0")]; -+ size_t size; - int tmp; - -- if (copy_from_user(buf, buffer, count)) -+ size = min(count, sizeof(buf)); -+ if (copy_from_user(buf, buffer, size)) - return -EFAULT; - - tmp = simple_strtol(buf, &end, 0); diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c index c533835..84db18e 100644 --- a/arch/um/kernel/process.c @@ -12187,7 +12170,7 @@ index 30d737e..9830a9b 100644 static inline void __user *compat_ptr(compat_uptr_t uptr) { diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 0c3b775..8cadbc6 100644 +index a315f1c..540df6a 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -197,8 +197,9 @@ @@ -33707,7 +33690,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index b651733..788c4ba 100644 +index c244f0e..255f226 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -269,8 +269,13 @@ @@ -33984,184 +33967,6 @@ index c68b8ad..ef7a702 100644 } static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, -diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c -index 46bbf43..9954dff 100644 ---- a/drivers/connector/cn_proc.c -+++ b/drivers/connector/cn_proc.c -@@ -62,8 +62,9 @@ void proc_fork_connector(struct task_struct *task) - if (atomic_read(&proc_event_num_listeners) < 1) - return; - -- msg = (struct cn_msg*)buffer; -- ev = (struct proc_event*)msg->data; -+ msg = (struct cn_msg *)buffer; -+ ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - get_seq(&msg->seq, &ev->cpu); - ktime_get_ts(&ts); /* get high res monotonic timestamp */ - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); -@@ -79,6 +80,7 @@ void proc_fork_connector(struct task_struct *task) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = 0; /* not used */ - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - /* If cn_netlink_send() failed, the data is not sent */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } -@@ -93,8 +95,9 @@ void proc_exec_connector(struct task_struct *task) - if (atomic_read(&proc_event_num_listeners) < 1) - return; - -- msg = (struct cn_msg*)buffer; -- ev = (struct proc_event*)msg->data; -+ msg = (struct cn_msg *)buffer; -+ ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - get_seq(&msg->seq, &ev->cpu); - ktime_get_ts(&ts); /* get high res monotonic timestamp */ - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); -@@ -105,6 +108,7 @@ void proc_exec_connector(struct task_struct *task) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = 0; /* not used */ - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } - -@@ -119,8 +123,9 @@ void proc_id_connector(struct task_struct *task, int which_id) - if (atomic_read(&proc_event_num_listeners) < 1) - return; - -- msg = (struct cn_msg*)buffer; -- ev = (struct proc_event*)msg->data; -+ msg = (struct cn_msg *)buffer; -+ ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - ev->what = which_id; - ev->event_data.id.process_pid = task->pid; - ev->event_data.id.process_tgid = task->tgid; -@@ -144,6 +149,7 @@ void proc_id_connector(struct task_struct *task, int which_id) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = 0; /* not used */ - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } - -@@ -159,6 +165,7 @@ void proc_sid_connector(struct task_struct *task) - - msg = (struct cn_msg *)buffer; - ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - get_seq(&msg->seq, &ev->cpu); - ktime_get_ts(&ts); /* get high res monotonic timestamp */ - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); -@@ -169,6 +176,7 @@ void proc_sid_connector(struct task_struct *task) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = 0; /* not used */ - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } - -@@ -184,6 +192,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id) - - msg = (struct cn_msg *)buffer; - ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - get_seq(&msg->seq, &ev->cpu); - ktime_get_ts(&ts); /* get high res monotonic timestamp */ - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); -@@ -202,6 +211,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = 0; /* not used */ - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } - -@@ -217,6 +227,7 @@ void proc_comm_connector(struct task_struct *task) - - msg = (struct cn_msg *)buffer; - ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - get_seq(&msg->seq, &ev->cpu); - ktime_get_ts(&ts); /* get high res monotonic timestamp */ - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); -@@ -228,6 +239,7 @@ void proc_comm_connector(struct task_struct *task) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = 0; /* not used */ - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } - -@@ -241,8 +253,9 @@ void proc_exit_connector(struct task_struct *task) - if (atomic_read(&proc_event_num_listeners) < 1) - return; - -- msg = (struct cn_msg*)buffer; -- ev = (struct proc_event*)msg->data; -+ msg = (struct cn_msg *)buffer; -+ ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - get_seq(&msg->seq, &ev->cpu); - ktime_get_ts(&ts); /* get high res monotonic timestamp */ - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); -@@ -255,6 +268,7 @@ void proc_exit_connector(struct task_struct *task) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = 0; /* not used */ - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } - -@@ -276,8 +290,9 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) - if (atomic_read(&proc_event_num_listeners) < 1) - return; - -- msg = (struct cn_msg*)buffer; -- ev = (struct proc_event*)msg->data; -+ msg = (struct cn_msg *)buffer; -+ ev = (struct proc_event *)msg->data; -+ memset(&ev->event_data, 0, sizeof(ev->event_data)); - msg->seq = rcvd_seq; - ktime_get_ts(&ts); /* get high res monotonic timestamp */ - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns); -@@ -287,6 +302,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id)); - msg->ack = rcvd_ack + 1; - msg->len = sizeof(*ev); -+ msg->flags = 0; /* not used */ - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL); - } - -diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c -index dde6a0f..ea6efe8 100644 ---- a/drivers/connector/connector.c -+++ b/drivers/connector/connector.c -@@ -157,17 +157,18 @@ static int cn_call_callback(struct sk_buff *skb) - static void cn_rx_skb(struct sk_buff *__skb) - { - struct nlmsghdr *nlh; -- int err; - struct sk_buff *skb; -+ int len, err; - - skb = skb_get(__skb); - - if (skb->len >= NLMSG_SPACE(0)) { - nlh = nlmsg_hdr(skb); -+ len = nlmsg_len(nlh); - -- if (nlh->nlmsg_len < sizeof(struct cn_msg) || -+ if (len < (int)sizeof(struct cn_msg) || - skb->len < nlh->nlmsg_len || -- nlh->nlmsg_len > CONNECTOR_MAX_MSG_SIZE) { -+ len > CONNECTOR_MAX_MSG_SIZE) { - kfree_skb(skb); - return; - } diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c index 56c6c6b..99056e6 100644 --- a/drivers/cpufreq/acpi-cpufreq.c @@ -35077,7 +34882,7 @@ index 11788f7..cd469eb 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 40c187c..59da444 100644 +index acfe567..6fd273c1 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -308,7 +308,7 @@ module_exit(drm_core_exit); @@ -36044,7 +35849,7 @@ index a9e33ce..09edd4b 100644 #endif diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c -index a68057a..f3e26dd 100644 +index 5efba47..aaaf339 100644 --- a/drivers/gpu/drm/radeon/evergreen.c +++ b/drivers/gpu/drm/radeon/evergreen.c @@ -3094,7 +3094,9 @@ static int evergreen_startup(struct radeon_device *rdev) @@ -36897,10 +36702,10 @@ index 66f6729..4de8c4a 100644 int res = 0; diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c -index 30cac58..f6406b3 100644 +index 0b86d47..8066c3f 100644 --- a/drivers/hwmon/applesmc.c +++ b/drivers/hwmon/applesmc.c -@@ -1069,7 +1069,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) +@@ -1082,7 +1082,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) { struct applesmc_node_group *grp; struct applesmc_dev_attr *node; @@ -41980,30 +41785,6 @@ index e662cbc..8d4a102 100644 return -EINVAL; } -diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c -index ebb9f24..7a4c491 100644 ---- a/drivers/net/wan/farsync.c -+++ b/drivers/net/wan/farsync.c -@@ -1972,6 +1972,7 @@ fst_get_iface(struct fst_card_info *card, struct fst_port_info *port, - } - - i = port->index; -+ memset(&sync, 0, sizeof(sync)); - sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed); - /* Lucky card and linux use same encoding here */ - sync.clock_type = FST_RDB(card, portConfig[i].internalClock) == -diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c -index 44b7071..c643d77 100644 ---- a/drivers/net/wan/wanxl.c -+++ b/drivers/net/wan/wanxl.c -@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) - ifr->ifr_settings.size = size; /* data size wanted */ - return -ENOBUFS; - } -+ memset(&line, 0, sizeof(line)); - line.clock_type = get_status(port)->clocking; - line.clock_rate = 0; - line.loopback = 0; diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c index ac1176a..79e93d4 100644 --- a/drivers/net/wireless/airo.c @@ -43496,7 +43277,7 @@ index 2836538..30edf9d 100644 ret = sysfs_create_bin_file(&pdev->dev.kobj, &m48t59_nvram_attr); if (ret) { diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c -index 705e13e..46f4afb 100644 +index 2e658d2..46f4afb 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -93,7 +93,7 @@ static DECLARE_PCI_DEVICE_TABLE(aac_pci_tbl) = { @@ -43508,15 +43289,6 @@ index 705e13e..46f4afb 100644 #endif { 0x1028, 0x0001, 0x1028, 0x0001, 0, 0, 0 }, /* PERC 2/Si (Iguana/PERC2Si) */ { 0x1028, 0x0002, 0x1028, 0x0002, 0, 0, 1 }, /* PERC 3/Di (Opal/PERC3Di) */ -@@ -771,6 +771,8 @@ static long aac_compat_do_ioctl(struct aac_dev *dev, unsigned cmd, unsigned long - static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg) - { - struct aac_dev *dev = (struct aac_dev *)sdev->host->hostdata; -+ if (!capable(CAP_SYS_RAWIO)) -+ return -EPERM; - return aac_compat_do_ioctl(dev, cmd, (unsigned long)arg); - } - diff --git a/drivers/scsi/aic7xxx/aic79xx_pci.c b/drivers/scsi/aic7xxx/aic79xx_pci.c index 14b5f8d..cc9bd26 100644 --- a/drivers/scsi/aic7xxx/aic79xx_pci.c @@ -44557,18 +44329,6 @@ index b2ccdea..84cde75 100644 static u8 *buf; -diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c -index 2fa658e..391b768 100644 ---- a/drivers/staging/bcm/Bcmchar.c -+++ b/drivers/staging/bcm/Bcmchar.c -@@ -1932,6 +1932,7 @@ cntrlEnd: - - BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Called IOCTL_BCM_GET_DEVICE_DRIVER_INFO\n"); - -+ memset(&DevInfo, 0, sizeof(DevInfo)); - DevInfo.MaxRDMBufferSize = BUFFER_4K; - DevInfo.u32DSDStartOffset = EEPROM_CALPARAM_START; - DevInfo.u32RxAlignmentCorrection = 0; diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/power.c index 436fe97..4082570 100644 --- a/drivers/staging/gma500/power.c @@ -44931,59 +44691,6 @@ index df8ea25..47dd9c6 100644 pDevice->apdev->netdev_ops = &apdev_netdev_ops; pDevice->apdev->type = ARPHRD_IEEE80211; -diff --git a/drivers/staging/wlags49_h2/wl_priv.c b/drivers/staging/wlags49_h2/wl_priv.c -index 260d4f0..ed836c2 100644 ---- a/drivers/staging/wlags49_h2/wl_priv.c -+++ b/drivers/staging/wlags49_h2/wl_priv.c -@@ -570,6 +570,7 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp ) - ltv_t *pLtv; - bool_t ltvAllocated = FALSE; - ENCSTRCT sEncryption; -+ size_t len; - - #ifdef USE_WDS - hcf_16 hcfPort = HCF_PORT_0; -@@ -685,9 +686,10 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp ) - pLtv->u.u16[0] = CNV_INT_TO_LITTLE( pLtv->u.u16[0] ); - break; - case CFG_CNF_OWN_NAME: -- memset( lp->StationName, 0, sizeof( lp->StationName )); -- memcpy( (void *)lp->StationName, (void *)&pLtv->u.u8[2], (size_t)pLtv->u.u16[0]); -- pLtv->u.u16[0] = CNV_INT_TO_LITTLE( pLtv->u.u16[0] ); -+ memset(lp->StationName, 0, sizeof(lp->StationName)); -+ len = min_t(size_t, pLtv->u.u16[0], sizeof(lp->StationName)); -+ strlcpy(lp->StationName, &pLtv->u.u8[2], len); -+ pLtv->u.u16[0] = CNV_INT_TO_LITTLE(pLtv->u.u16[0]); - break; - case CFG_CNF_LOAD_BALANCING: - lp->loadBalancing = pLtv->u.u16[0]; -@@ -1798,9 +1800,10 @@ int wvlan_set_station_nickname(struct net_device *dev, - union iwreq_data *wrqu, - char *extra) - { -- struct wl_private *lp = wl_priv(dev); -- unsigned long flags; -- int ret = 0; -+ struct wl_private *lp = wl_priv(dev); -+ unsigned long flags; -+ size_t len; -+ int ret = 0; - /*------------------------------------------------------------------------*/ - - -@@ -1809,9 +1812,9 @@ int wvlan_set_station_nickname(struct net_device *dev, - - wl_lock(lp, &flags); - -- memset( lp->StationName, 0, sizeof( lp->StationName )); -- -- memcpy( lp->StationName, extra, wrqu->data.length); -+ memset(lp->StationName, 0, sizeof(lp->StationName)); -+ len = min_t(size_t, wrqu->data.length, sizeof(lp->StationName)); -+ strlcpy(lp->StationName, extra, len); - - /* Commit the adapter parameters */ - wl_apply( lp ); diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c index 1ca66ea..76f1343 100644 --- a/drivers/staging/zcache/tmem.c @@ -45849,7 +45556,7 @@ index 65447c5..0526f0a 100644 ret = -EPERM; goto reterr; diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c -index a783d53..45f96c9 100644 +index af57648..2b62a69 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -25,6 +25,7 @@ @@ -45949,36 +45656,7 @@ index a783d53..45f96c9 100644 } static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -650,16 +655,27 @@ static int uio_mmap_physical(struct vm_area_struct *vma) - { - struct uio_device *idev = vma->vm_private_data; - int mi = uio_find_mem_index(vma); -+ struct uio_mem *mem; - if (mi < 0) - return -EINVAL; -+ mem = idev->info->mem + mi; - - vma->vm_flags |= VM_IO | VM_RESERVED; - - vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); - -+ /* -+ * We cannot use the vm_iomap_memory() helper here, -+ * because vma->vm_pgoff is the map index we looked -+ * up above in uio_find_mem_index(), rather than an -+ * actual page offset into the mmap. -+ * -+ * So we just do the physical mmap without a page -+ * offset. -+ */ - return remap_pfn_range(vma, - vma->vm_start, -- idev->info->mem[mi].addr >> PAGE_SHIFT, -+ mem->addr >> PAGE_SHIFT, - vma->vm_end - vma->vm_start, - vma->vm_page_prot); - } -@@ -821,7 +837,7 @@ int __uio_register_device(struct module *owner, +@@ -833,7 +838,7 @@ int __uio_register_device(struct module *owner, idev->owner = owner; idev->info = info; init_waitqueue_head(&idev->wait); @@ -46490,95 +46168,6 @@ index 46f72ed..107788d 100644 return 0; } -diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c -index 649cb35..1be8b5d 100644 ---- a/drivers/video/au1100fb.c -+++ b/drivers/video/au1100fb.c -@@ -387,39 +387,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle) - int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma) - { - struct au1100fb_device *fbdev; -- unsigned int len; -- unsigned long start=0, off; - - fbdev = to_au1100fb_device(fbi); - -- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) { -- return -EINVAL; -- } -- -- start = fbdev->fb_phys & PAGE_MASK; -- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len); -- -- off = vma->vm_pgoff << PAGE_SHIFT; -- -- if ((vma->vm_end - vma->vm_start + off) > len) { -- return -EINVAL; -- } -- -- off += start; -- vma->vm_pgoff = off >> PAGE_SHIFT; -- - vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); - pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6 - -- vma->vm_flags |= VM_IO; -- -- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, -- vma->vm_end - vma->vm_start, -- vma->vm_page_prot)) { -- return -EAGAIN; -- } -- -- return 0; -+ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len); - } - - static struct fb_ops au1100fb_ops = -diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c -index 7200559..5bd7d88 100644 ---- a/drivers/video/au1200fb.c -+++ b/drivers/video/au1200fb.c -@@ -1216,38 +1216,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi) - * method mainly to allow the use of the TLB streaming flag (CCA=6) - */ - static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma) -- - { -- unsigned int len; -- unsigned long start=0, off; - struct au1200fb_device *fbdev = info->par; - -- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) { -- return -EINVAL; -- } -- -- start = fbdev->fb_phys & PAGE_MASK; -- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len); -- -- off = vma->vm_pgoff << PAGE_SHIFT; -- -- if ((vma->vm_end - vma->vm_start + off) > len) { -- return -EINVAL; -- } -- -- off += start; -- vma->vm_pgoff = off >> PAGE_SHIFT; -- - vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); - pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */ - -- vma->vm_flags |= VM_IO; -- -- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, -- vma->vm_end - vma->vm_start, -- vma->vm_page_prot); -- -- return 0; -+ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len); - } - - static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata) diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c index 7363c1b..b69ad66 100644 --- a/drivers/video/backlight/backlight.c @@ -49625,7 +49214,7 @@ index 28b1c6c..b9939d9 100644 FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA; break; diff --git a/drivers/video/smscufx.c b/drivers/video/smscufx.c -index dd9533a..aff3199 100644 +index dd9533a..aff3199e 100644 --- a/drivers/video/smscufx.c +++ b/drivers/video/smscufx.c @@ -1172,7 +1172,9 @@ static int ufx_ops_release(struct fb_info *info, int user) @@ -52514,31 +52103,28 @@ index a9be90d..3cf866c 100644 /* Free the char* */ kfree(buf); diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c -index ac1ad48..d80e1db 100644 +index 5ce56e7..d80e1db 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c -@@ -1151,8 +1151,8 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, - struct ecryptfs_msg_ctx *msg_ctx; +@@ -1152,7 +1152,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, struct ecryptfs_message *msg = NULL; char *auth_tok_sig; -- char *payload; + char *payload = NULL; - size_t payload_len; -+ char *payload = NULL; + size_t payload_len = 0; int rc; rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok); -@@ -1204,8 +1204,8 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, +@@ -1204,8 +1204,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, crypt_stat->key_size); } out: - if (msg) - kfree(msg); + kfree(msg); -+ kfree(payload); + kfree(payload); return rc; } - diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 94afdfd..bdb8854 100644 --- a/fs/ecryptfs/main.c @@ -53783,7 +53369,7 @@ index 2845a1f..f29de63 100644 if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 60b6ca5..bfa15a7 100644 +index 22c71b9..ba28a7d 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1206,19 +1206,19 @@ struct ext4_sb_info { @@ -54019,7 +53605,7 @@ index 84f84bf..a8770cd 100644 static int __init ext4_init_feat_adverts(void) { diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c -index d5498b2..14a9eca 100644 +index b4e9f3f..14a9eca 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -328,7 +328,7 @@ static int @@ -54043,15 +53629,6 @@ index d5498b2..14a9eca 100644 } static int -@@ -1269,6 +1270,8 @@ retry: - s_min_extra_isize) { - tried_min_extra_isize++; - new_extra_isize = s_min_extra_isize; -+ kfree(is); is = NULL; -+ kfree(bs); bs = NULL; - goto retry; - } - error = -1; diff --git a/fs/fat/namei_msdos.c b/fs/fat/namei_msdos.c index 216b419..350a088 100644 --- a/fs/fat/namei_msdos.c @@ -57061,10 +56638,10 @@ index c45a2ea..1a6bd66 100644 #ifdef CONFIG_PROC_FS static int create_proc_exports_entry(void) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 561a3dc..9c46c5e 100644 +index 61b697e..eb6503c 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -915,7 +915,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -923,7 +923,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, } else { oldfs = get_fs(); set_fs(KERNEL_DS); @@ -57073,7 +56650,7 @@ index 561a3dc..9c46c5e 100644 set_fs(oldfs); } -@@ -1019,7 +1019,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -1027,7 +1027,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, /* Write the data. */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -57082,7 +56659,7 @@ index 561a3dc..9c46c5e 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1560,7 +1560,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1568,7 +1568,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -72260,11 +71837,11 @@ index d42bd48..554dcd5 100644 /* * epoll (fs/eventpoll.c) compat bits follow ... diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index dfadc96..23c5182 100644 +index 643d6c4..3e46a17 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -31,6 +31,21 @@ - +@@ -46,6 +46,21 @@ + #endif #if __GNUC_MINOR__ >= 5 + @@ -72285,7 +71862,7 @@ index dfadc96..23c5182 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -46,6 +61,11 @@ +@@ -61,6 +76,11 @@ #define __noclone __attribute__((__noclone__)) #endif @@ -72901,10 +72478,10 @@ index 8eeb205..13d571c 100644 #endif /* __KERNEL__ */ diff --git a/include/linux/fs.h b/include/linux/fs.h -index a276817..ba31358 100644 +index dd74385..c745e49 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1618,7 +1618,8 @@ struct file_operations { +@@ -1624,7 +1624,8 @@ struct file_operations { int (*setlease)(struct file *, long, struct file_lock **); long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); @@ -72914,7 +72491,7 @@ index a276817..ba31358 100644 struct inode_operations { struct dentry * (*lookup) (struct inode *,struct dentry *, struct nameidata *); -@@ -1885,6 +1886,8 @@ struct file_system_type { +@@ -1891,6 +1892,8 @@ struct file_system_type { struct lock_class_key i_mutex_dir_key; }; @@ -72923,7 +72500,7 @@ index a276817..ba31358 100644 extern struct dentry *mount_ns(struct file_system_type *fs_type, int flags, void *data, int (*fill_super)(struct super_block *, void *, int)); extern struct dentry *mount_bdev(struct file_system_type *fs_type, -@@ -2716,5 +2719,15 @@ static inline void inode_has_no_xattr(struct inode *inode) +@@ -2722,5 +2725,15 @@ static inline void inode_has_no_xattr(struct inode *inode) inode->i_flags |= S_NOSEC; } @@ -75703,10 +75280,10 @@ index 45fc162..01a4068 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index eeb6a29..6eb2b52 100644 +index 8d5b91e..9209ea4 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -748,8 +748,8 @@ struct perf_event { +@@ -750,8 +750,8 @@ struct perf_event { enum perf_event_active_state state; unsigned int attach_state; @@ -75717,7 +75294,7 @@ index eeb6a29..6eb2b52 100644 /* * These are the total time in nanoseconds that the event -@@ -800,8 +800,8 @@ struct perf_event { +@@ -802,8 +802,8 @@ struct perf_event { * These accumulate total time (in nanoseconds) that children * events have been enabled and running, respectively. */ @@ -75728,7 +75305,7 @@ index eeb6a29..6eb2b52 100644 /* * Protect attach/detach and child_list: -@@ -1100,7 +1100,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 +@@ -1102,7 +1102,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 entry->ip[entry->nr++] = ip; } @@ -75737,7 +75314,7 @@ index eeb6a29..6eb2b52 100644 extern int sysctl_perf_event_mlock; extern int sysctl_perf_event_sample_rate; -@@ -1108,19 +1108,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -1110,19 +1110,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); @@ -75765,7 +75342,7 @@ index eeb6a29..6eb2b52 100644 } extern void perf_event_init(void); -@@ -1198,7 +1203,7 @@ static inline void perf_restore_debug_store(void) { } +@@ -1200,7 +1205,7 @@ static inline void perf_restore_debug_store(void) { } */ #define perf_cpu_notifier(fn) \ do { \ @@ -75998,7 +75575,7 @@ index 800f113..13b3715 100644 } diff --git a/include/linux/random.h b/include/linux/random.h -index 29e217a..a76bcd0 100644 +index 7e77cee..207b34e 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -51,9 +51,19 @@ struct rnd_state { @@ -76023,7 +75600,7 @@ index 29e217a..a76bcd0 100644 extern void get_random_bytes(void *buf, int nbytes); extern void get_random_bytes_arch(void *buf, int nbytes); -@@ -71,12 +81,17 @@ void srandom32(u32 seed); +@@ -72,12 +82,17 @@ void srandom32(u32 seed); u32 prandom32(struct rnd_state *); @@ -76781,7 +76358,7 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index efe50af..9a039e5 100644 +index 85180bf..cc75886 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb); @@ -76820,19 +76397,7 @@ index efe50af..9a039e5 100644 } /** -@@ -1157,6 +1157,11 @@ static inline int skb_pagelen(const struct sk_buff *skb) - return len + skb_headlen(skb); - } - -+static inline bool skb_has_frags(const struct sk_buff *skb) -+{ -+ return skb_shinfo(skb)->nr_frags; -+} -+ - /** - * __skb_fill_page_desc - initialise a paged fragment in an skb - * @skb: buffer containing fragment to be initialised -@@ -1546,7 +1551,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1561,7 +1561,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -76841,7 +76406,7 @@ index efe50af..9a039e5 100644 #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2085,7 +2090,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, +@@ -2100,7 +2100,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); extern unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -76850,7 +76415,7 @@ index efe50af..9a039e5 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, -@@ -2365,6 +2370,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2380,6 +2380,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -79065,10 +78630,10 @@ index 2531811..4f036c4 100644 #ifdef CONFIG_BLK_DEV_RAM int fd; diff --git a/init/main.c b/init/main.c -index 5d0eb1d..83506bb 100644 +index 7474450..caef7e7 100644 --- a/init/main.c +++ b/init/main.c -@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } +@@ -97,6 +97,8 @@ static inline void mark_rodata_ro(void) { } extern void tc_init(void); #endif @@ -79077,7 +78642,7 @@ index 5d0eb1d..83506bb 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -149,6 +151,64 @@ static int __init set_reset_devices(char *str) +@@ -150,6 +152,64 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -79142,7 +78707,7 @@ index 5d0eb1d..83506bb 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -678,6 +738,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -679,6 +739,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -79150,7 +78715,7 @@ index 5d0eb1d..83506bb 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -690,17 +751,18 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -691,17 +752,18 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -79173,7 +78738,7 @@ index 5d0eb1d..83506bb 100644 return ret; } -@@ -748,6 +810,10 @@ static void run_init_process(const char *init_filename) +@@ -750,6 +812,10 @@ static void run_init_process(const char *init_filename) kernel_execve(init_filename, argv_init, envp_init); } @@ -79184,7 +78749,7 @@ index 5d0eb1d..83506bb 100644 /* This is a non __init function. Force it to be noinline otherwise gcc * makes it inline to init() and it becomes part of init.text section */ -@@ -769,6 +835,11 @@ static noinline int init_post(void) +@@ -771,6 +837,11 @@ static noinline int init_post(void) ramdisk_execute_command); } @@ -79196,7 +78761,7 @@ index 5d0eb1d..83506bb 100644 /* * We try each of these until one succeeds. * -@@ -821,7 +892,7 @@ static int __init kernel_init(void * unused) +@@ -823,7 +894,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -79205,7 +78770,7 @@ index 5d0eb1d..83506bb 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -834,11 +905,13 @@ static int __init kernel_init(void * unused) +@@ -836,11 +907,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -85746,10 +85311,10 @@ index 6fdc629..55739fe 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index ce1067f..d823ee9 100644 +index c5a12a7..4d94416 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -2653,7 +2653,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -2656,7 +2656,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } @@ -85758,7 +85323,7 @@ index ce1067f..d823ee9 100644 { /* do nothing if flag is already set */ if (!!(trace_flags & mask) == !!enabled) -@@ -4245,10 +4245,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4248,10 +4248,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -85770,7 +85335,7 @@ index ce1067f..d823ee9 100644 static int once; if (d_tracer) -@@ -4268,10 +4267,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4271,10 +4270,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -86605,20 +86170,6 @@ index d9df745..e73c2fe 100644 static inline void *ptr_to_indirect(void *ptr) { -diff --git a/lib/scatterlist.c b/lib/scatterlist.c -index 4ceb05d..2ffcb3c 100644 ---- a/lib/scatterlist.c -+++ b/lib/scatterlist.c -@@ -419,7 +419,8 @@ void sg_miter_stop(struct sg_mapping_iter *miter) - if (miter->addr) { - miter->__offset += miter->consumed; - -- if (miter->__flags & SG_MITER_TO_SG) -+ if ((miter->__flags & SG_MITER_TO_SG) && -+ !PageSlab(miter->page)) - flush_kernel_dcache_page(miter->page); - - if (miter->__flags & SG_MITER_ATOMIC) { diff --git a/lib/vsprintf.c b/lib/vsprintf.c index d74c317..1170419 100644 --- a/lib/vsprintf.c @@ -90350,6 +89901,19 @@ index 70e814a..38e1f43 100644 for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) { rc = process_vm_rw_single_vec( (unsigned long)rvec[i].iov_base, rvec[i].iov_len, +diff --git a/mm/readahead.c b/mm/readahead.c +index cbcbb02..dfdc1de 100644 +--- a/mm/readahead.c ++++ b/mm/readahead.c +@@ -342,7 +342,7 @@ static unsigned long get_next_ra_size(struct file_ra_state *ra, + * - length of the sequential read sequence, or + * - thrashing threshold in memory tight systems + */ +-static pgoff_t count_history_pages(struct address_space *mapping, ++static pgoff_t __intentional_overflow(-1) count_history_pages(struct address_space *mapping, + struct file_ra_state *ra, + pgoff_t offset, unsigned long max) + { diff --git a/mm/rmap.c b/mm/rmap.c index 8685697..e047d10 100644 --- a/mm/rmap.c @@ -92688,25 +92252,23 @@ index f78f898..d7aa843 100644 if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { diff --git a/net/compat.c b/net/compat.c -index 8c979cc..453a165 100644 +index 3139ef2..453a165 100644 --- a/net/compat.c +++ b/net/compat.c -@@ -71,9 +71,11 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) - __get_user(kmsg->msg_controllen, &umsg->msg_controllen) || - __get_user(kmsg->msg_flags, &umsg->msg_flags)) +@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) return -EFAULT; + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) + return -EINVAL; - kmsg->msg_name = compat_ptr(tmp1); - kmsg->msg_iov = compat_ptr(tmp2); - kmsg->msg_control = compat_ptr(tmp3); -+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) -+ return -EINVAL; + kmsg->msg_name = (void __force_kernel *)compat_ptr(tmp1); + kmsg->msg_iov = (void __force_kernel *)compat_ptr(tmp2); + kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3); return 0; } -@@ -85,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -87,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, if (kern_msg->msg_namelen) { if (mode == VERIFY_READ) { @@ -92715,7 +92277,7 @@ index 8c979cc..453a165 100644 kern_msg->msg_namelen, kern_address); if (err < 0) -@@ -96,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -98,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, kern_msg->msg_name = NULL; tot_len = iov_from_user_compat_to_kern(kern_iov, @@ -92724,7 +92286,7 @@ index 8c979cc..453a165 100644 kern_msg->msg_iovlen); if (tot_len >= 0) kern_msg->msg_iov = kern_iov; -@@ -116,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -118,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, #define CMSG_COMPAT_FIRSTHDR(msg) \ (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \ @@ -92748,7 +92310,7 @@ index 8c979cc..453a165 100644 msg->msg_controllen) return NULL; return (struct compat_cmsghdr __user *)ptr; -@@ -221,7 +223,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat +@@ -223,7 +223,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat { struct compat_timeval ctv; struct compat_timespec cts[3]; @@ -92757,7 +92319,7 @@ index 8c979cc..453a165 100644 struct compat_cmsghdr cmhdr; int cmlen; -@@ -273,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat +@@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) { @@ -92766,7 +92328,7 @@ index 8c979cc..453a165 100644 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int); int fdnum = scm->fp->count; struct file **fp = scm->fp->fp; -@@ -326,14 +328,6 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) +@@ -328,14 +328,6 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) __scm_destroy(scm); } @@ -92781,7 +92343,7 @@ index 8c979cc..453a165 100644 static int do_set_attach_filter(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen) { -@@ -370,7 +364,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, +@@ -372,7 +364,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, return -EFAULT; old_fs = get_fs(); set_fs(KERNEL_DS); @@ -92790,7 +92352,7 @@ index 8c979cc..453a165 100644 set_fs(old_fs); return err; -@@ -431,7 +425,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, +@@ -433,7 +425,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, len = sizeof(ktime); old_fs = get_fs(); set_fs(KERNEL_DS); @@ -92799,7 +92361,7 @@ index 8c979cc..453a165 100644 set_fs(old_fs); if (!err) { -@@ -566,7 +560,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -568,7 +560,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { @@ -92808,7 +92370,7 @@ index 8c979cc..453a165 100644 struct group_req __user *kgr = compat_alloc_user_space(sizeof(struct group_req)); u32 interface; -@@ -587,7 +581,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -589,7 +581,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { @@ -92817,7 +92379,7 @@ index 8c979cc..453a165 100644 struct group_source_req __user *kgsr = compat_alloc_user_space( sizeof(struct group_source_req)); u32 interface; -@@ -608,7 +602,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -610,7 +602,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, } case MCAST_MSFILTER: { @@ -92826,7 +92388,7 @@ index 8c979cc..453a165 100644 struct group_filter __user *kgf; u32 interface, fmode, numsrc; -@@ -646,7 +640,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, +@@ -648,7 +640,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, char __user *optval, int __user *optlen, int (*getsockopt)(struct sock *, int, int, char __user *, int __user *)) { @@ -92835,7 +92397,7 @@ index 8c979cc..453a165 100644 struct group_filter __user *kgf; int __user *koptlen; u32 interface, fmode, numsrc; -@@ -799,7 +793,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) +@@ -801,7 +793,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) if (call < SYS_SOCKET || call > SYS_SENDMMSG) return -EINVAL; @@ -93883,7 +93445,7 @@ index ccee270..db23c3c 100644 tmo = req->expires - jiffies; if (tmo < 0) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index 984ec65..392d206 100644 +index 4afcf31..392d206 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -18,12 +18,15 @@ @@ -93902,15 +93464,6 @@ index 984ec65..392d206 100644 /* * Allocate and initialize a new local port bind bucket. * The bindhash mutex for snum's hash chain must be held here. -@@ -268,7 +271,7 @@ begintw: - } - if (unlikely(!INET_TW_MATCH(sk, net, hash, acookie, - saddr, daddr, ports, dif))) { -- sock_put(sk); -+ inet_twsk_put(inet_twsk(sk)); - goto begintw; - } - goto out; @@ -530,6 +533,8 @@ ok: twrefcnt += inet_twsk_bind_unhash(tw, hinfo); spin_unlock(&head->lock); @@ -94016,19 +93569,6 @@ index 5f28fab..ebd7a97 100644 .kind = "gretap", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, -diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c -index daf408e..16191f0 100644 ---- a/net/ipv4/ip_output.c -+++ b/net/ipv4/ip_output.c -@@ -833,7 +833,7 @@ static int __ip_append_data(struct sock *sk, - csummode = CHECKSUM_PARTIAL; - - cork->length += length; -- if (((length > mtu) || (skb && skb_is_gso(skb))) && -+ if (((length > mtu) || (skb && skb_has_frags(skb))) && - (sk->sk_protocol == IPPROTO_UDP) && - (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) { - err = ip_ufo_append_data(sk, queue, getfrag, from, length, diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 3b36002..27e6634 100644 --- a/net/ipv4/ip_sockglue.c @@ -94328,7 +93868,7 @@ index 2815014..1d39ae6 100644 .exit = raw_exit_net, }; diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index c45a155a3..dadea8d 100644 +index 6768ce2..c682a62 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, @@ -94556,22 +94096,10 @@ index 739b073..7ac6591 100644 hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 872b41d..bb914c3 100644 +index c1ed01e..bb914c3 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -1469,7 +1469,10 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb, - tp->lost_cnt_hint -= tcp_skb_pcount(prev); - } - -- TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(prev)->tcp_flags; -+ TCP_SKB_CB(prev)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags; -+ if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) -+ TCP_SKB_CB(prev)->end_seq++; -+ - if (skb == tcp_highest_sack(sk)) - tcp_advance_highest_sack(sk, skb); - -@@ -4736,7 +4739,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4739,7 +4739,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -94580,7 +94108,7 @@ index 872b41d..bb914c3 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5551,6 +5554,9 @@ slow_path: +@@ -5554,6 +5554,9 @@ slow_path: if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) goto csum_error; @@ -94590,7 +94118,7 @@ index 872b41d..bb914c3 100644 /* * Standard slow path. */ -@@ -5559,8 +5565,7 @@ slow_path: +@@ -5562,8 +5565,7 @@ slow_path: return 0; step5: @@ -94600,7 +94128,7 @@ index 872b41d..bb914c3 100644 goto discard; tcp_rcv_rtt_measure_ts(sk, skb); -@@ -5791,6 +5796,7 @@ discard: +@@ -5794,6 +5796,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -94608,7 +94136,7 @@ index 872b41d..bb914c3 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5839,6 +5845,7 @@ discard: +@@ -5842,6 +5845,7 @@ discard: goto discard; #endif } @@ -94616,7 +94144,7 @@ index 872b41d..bb914c3 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5882,7 +5889,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5885,7 +5889,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -94625,7 +94153,7 @@ index 872b41d..bb914c3 100644 goto discard; if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; -@@ -5921,11 +5928,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5924,11 +5928,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, return 0; } @@ -94641,7 +94169,7 @@ index 872b41d..bb914c3 100644 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) > 0; -@@ -6031,8 +6041,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -6034,8 +6041,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, } break; } @@ -94786,10 +94314,10 @@ index 66363b6..b0654a3 100644 req->rsk_ops->send_reset(sk, skb); diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c -index 3add486..a5df757 100644 +index 0d5a118..5f6f0e6 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c -@@ -1318,7 +1318,7 @@ static void tcp_cwnd_validate(struct sock *sk) +@@ -1319,7 +1319,7 @@ static void tcp_cwnd_validate(struct sock *sk) * modulo only when the receiver window alone is the limiting factor or * when we would be allowed to send the split-due-to-Nagle skb fully. */ @@ -95056,21 +94584,8 @@ index 1567fb1..29af910 100644 __sk_dst_reset(sk); dst = NULL; } -diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c -index 73f1a00..e38290b 100644 ---- a/net/ipv6/inet6_hashtables.c -+++ b/net/ipv6/inet6_hashtables.c -@@ -110,7 +110,7 @@ begintw: - goto out; - } - if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) { -- sock_put(sk); -+ inet_twsk_put(inet_twsk(sk)); - goto begintw; - } - goto out; diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 91d0711..7dc5e62 100644 +index 97675bf..7dc5e62 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -600,8 +600,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) @@ -95102,15 +94617,6 @@ index 91d0711..7dc5e62 100644 } int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) -@@ -1342,7 +1339,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, - skb = skb_peek_tail(&sk->sk_write_queue); - cork->length += length; - if (((length > mtu) || -- (skb && skb_is_gso(skb))) && -+ (skb && skb_has_frags(skb))) && - (sk->sk_protocol == IPPROTO_UDP) && - (rt->dst.dev->features & NETIF_F_UFO)) { - err = ip6_ufo_append_data(sk, getfrag, from, length, diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index b204df8..8f274f4 100644 --- a/net/ipv6/ipv6_sockglue.c @@ -95314,10 +94820,10 @@ index eba5deb..61e026f 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 18ea73c..b0b7be2 100644 +index bc9103d..48a383f 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -2806,7 +2806,7 @@ ctl_table ipv6_route_table_template[] = { +@@ -2809,7 +2809,7 @@ ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -95802,7 +95308,7 @@ index 93a41a0..d4b4edb 100644 NLA_PUT_U32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id); NLA_PUT_U32(skb, L2TP_ATTR_SESSION_ID, session->session_id); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 73495f1..ad51356 100644 +index a9cf593..b04a2d5 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -27,6 +27,7 @@ @@ -95813,7 +95319,7 @@ index 73495f1..ad51356 100644 #include "key.h" #include "sta_info.h" -@@ -764,7 +765,7 @@ struct ieee80211_local { +@@ -767,7 +768,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -97605,7 +97111,7 @@ index 8da4481..d02565e 100644 + (rtt >> sctp_rto_alpha); } else { diff --git a/net/socket.c b/net/socket.c -index cf546a3..3cb0fca 100644 +index bf7adaa..3cb0fca 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -97789,38 +97295,7 @@ index cf546a3..3cb0fca 100644 int err, err2; int fput_needed; -@@ -1876,6 +1942,16 @@ struct used_address { - unsigned int name_len; - }; - -+static int copy_msghdr_from_user(struct msghdr *kmsg, -+ struct msghdr __user *umsg) -+{ -+ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) -+ return -EFAULT; -+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) -+ return -EINVAL; -+ return 0; -+} -+ - static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, - struct msghdr *msg_sys, unsigned flags, - struct used_address *used_address) -@@ -1894,8 +1970,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, - if (MSG_CMSG_COMPAT & flags) { - if (get_compat_msghdr(msg_sys, msg_compat)) - return -EFAULT; -- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) -- return -EFAULT; -+ } else { -+ err = copy_msghdr_from_user(msg_sys, msg); -+ if (err) -+ return err; -+ } - - /* do not move before msg_sys is valid */ - err = -EMSGSIZE; -@@ -1950,7 +2029,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1963,7 +2029,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -97829,7 +97304,7 @@ index cf546a3..3cb0fca 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2101,7 +2180,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2114,7 +2180,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, iov_size, total_len, len; /* kernel mode address */ @@ -97838,21 +97313,7 @@ index cf546a3..3cb0fca 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2110,8 +2189,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, - if (MSG_CMSG_COMPAT & flags) { - if (get_compat_msghdr(msg_sys, msg_compat)) - return -EFAULT; -- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) -- return -EFAULT; -+ } else { -+ err = copy_msghdr_from_user(msg_sys, msg); -+ if (err) -+ return err; -+ } - - err = -EMSGSIZE; - if (msg_sys->msg_iovlen > UIO_MAXIOV) -@@ -2131,7 +2213,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2147,7 +2213,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -97861,7 +97322,7 @@ index cf546a3..3cb0fca 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, -@@ -2772,7 +2854,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2788,7 +2854,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -97870,7 +97331,7 @@ index cf546a3..3cb0fca 100644 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2796,12 +2878,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2812,12 +2878,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -97887,7 +97348,7 @@ index cf546a3..3cb0fca 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2813,12 +2895,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2829,12 +2895,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -97904,7 +97365,7 @@ index cf546a3..3cb0fca 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2888,7 +2970,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2904,7 +2970,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -97913,7 +97374,7 @@ index cf546a3..3cb0fca 100644 set_fs(old_fs); return err; -@@ -2997,7 +3079,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3013,7 +3079,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -97922,7 +97383,7 @@ index cf546a3..3cb0fca 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3102,7 +3184,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3118,7 +3184,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -97931,7 +97392,7 @@ index cf546a3..3cb0fca 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3342,8 +3424,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3358,8 +3424,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -97942,7 +97403,7 @@ index cf546a3..3cb0fca 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3363,7 +3445,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3379,7 +3445,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -98757,7 +98218,7 @@ index 1983717..4d6102c 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 5611563..911c6c1 100644 +index 5122b22..25b11eb 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -766,6 +766,12 @@ static struct sock *unix_find_other(struct net *net, @@ -98806,7 +98267,7 @@ index 5611563..911c6c1 100644 mutex_unlock(&path.dentry->d_inode->i_mutex); dput(path.dentry); path.dentry = dentry; -@@ -2260,9 +2280,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2270,9 +2290,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -98821,7 +98282,7 @@ index 5611563..911c6c1 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2289,8 +2313,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2299,8 +2323,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -104752,10 +104213,10 @@ index 0000000..679b9ef +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..05e26dd +index 0000000..0634465 --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,5989 @@ +@@ -0,0 +1,5990 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -105379,8 +104840,8 @@ index 0000000..05e26dd +send_mpa_reject_7135 send_mpa_reject 3 7135 NULL +ipv6_recv_rxpmtu_7142 ipv6_recv_rxpmtu 3 7142 NULL +ocfs2_get_left_path_7159 ocfs2_get_left_path 0 7159 NULL -+__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL nohasharray -+utf16_strsize_7203 utf16_strsize 0 7203 &__alloc_objio_seg_7203 ++utf16_strsize_7203 utf16_strsize 0 7203 NULL nohasharray ++__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 &utf16_strsize_7203 +sys32_ipc_7238 sys32_ipc 3 7238 NULL +hdlc_loop_7255 hdlc_loop 0 7255 NULL +snd_mask_refine_7267 snd_mask_refine 0 7267 NULL @@ -105546,8 +105007,8 @@ index 0000000..05e26dd +usb_allocate_stream_buffers_8964 usb_allocate_stream_buffers 3 8964 NULL +qib_qsfp_dump_8966 qib_qsfp_dump 0-3 8966 NULL +venus_mkdir_8967 venus_mkdir 4 8967 NULL -+vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray -+seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968 ++seq_open_net_8968 seq_open_net 4 8968 NULL nohasharray ++vol_cdev_read_8968 vol_cdev_read 3 8968 &seq_open_net_8968 +bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL +btrfs_alloc_free_block_8986 btrfs_alloc_free_block 8 8986 NULL +get_pipes_9008 get_pipes 0 9008 NULL @@ -105699,8 +105160,8 @@ index 0000000..05e26dd +do_compat_pselect_10398 do_compat_pselect 1 10398 NULL +event_phy_transmit_error_read_10471 event_phy_transmit_error_read 3 10471 NULL +qib_alloc_fast_reg_page_list_10507 qib_alloc_fast_reg_page_list 2 10507 NULL -+sel_write_disable_10511 sel_write_disable 3 10511 NULL nohasharray -+rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 &sel_write_disable_10511 ++rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 NULL nohasharray ++sel_write_disable_10511 sel_write_disable 3 10511 &rbd_get_segment_10511 +osd_req_write_sg_kern_10514 osd_req_write_sg_kern 5 10514 NULL +rds_message_alloc_10517 rds_message_alloc 1 10517 NULL +snd_pcm_hw_params_user_10520 snd_pcm_hw_params_user 0 10520 NULL @@ -106095,8 +105556,8 @@ index 0000000..05e26dd +cmd_complete_14502 cmd_complete 5 14502 NULL +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL +prepare_data_14536 prepare_data 3 14536 NULL nohasharray -+ep0_write_14536 ep0_write 3 14536 &prepare_data_14536 nohasharray -+dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &ep0_write_14536 ++dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &prepare_data_14536 nohasharray ++ep0_write_14536 ep0_write 3 14536 &dataflash_read_user_otp_14536 +register_trace_sched_switch_14545 register_trace_sched_switch 0 14545 NULL +l2cap_send_cmd_14548 l2cap_send_cmd 4 14548 NULL +picolcd_debug_eeprom_read_14549 picolcd_debug_eeprom_read 3 14549 NULL @@ -106121,8 +105582,8 @@ index 0000000..05e26dd +cp_tm1217_read_14792 cp_tm1217_read 3 14792 &keys_proc_write_14792 +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL +__kfifo_in_14797 __kfifo_in 3-0 14797 NULL -+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 NULL nohasharray -+hpet_readl_14801 hpet_readl 0 14801 &snd_als300_gcr_read_14801 ++hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray ++snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 +__i2400ms_rx_get_size_14826 __i2400ms_rx_get_size 0 14826 NULL +do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL +__mutex_fastpath_lock_retval_14844 __mutex_fastpath_lock_retval 0 14844 NULL @@ -106896,8 +106357,8 @@ index 0000000..05e26dd +pipe_iov_copy_from_user_23102 pipe_iov_copy_from_user 3 23102 NULL +dgram_recvmsg_23104 dgram_recvmsg 4 23104 NULL +ip_recv_error_23109 ip_recv_error 3 23109 NULL -+msix_setup_entries_23110 msix_setup_entries 0 23110 NULL nohasharray -+mwl8k_cmd_set_beacon_23110 mwl8k_cmd_set_beacon 4 23110 &msix_setup_entries_23110 ++mwl8k_cmd_set_beacon_23110 mwl8k_cmd_set_beacon 4 23110 NULL nohasharray ++msix_setup_entries_23110 msix_setup_entries 0 23110 &mwl8k_cmd_set_beacon_23110 +nl80211_send_rx_auth_23111 nl80211_send_rx_auth 4 23111 NULL +__clear_user_23118 __clear_user 0-2 23118 NULL +iwl_legacy_dbgfs_interrupt_write_23122 iwl_legacy_dbgfs_interrupt_write 3 23122 NULL nohasharray @@ -107314,9 +106775,9 @@ index 0000000..05e26dd +cxio_hal_pblpool_alloc_27714 cxio_hal_pblpool_alloc 2 27714 NULL +evm_write_key_27715 evm_write_key 3 27715 NULL +ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol_27722 ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol 3 27722 NULL -+pstore_write_27724 pstore_write 3 27724 NULL nohasharray -+iwl_dbgfs_traffic_log_write_27724 iwl_dbgfs_traffic_log_write 3 27724 &pstore_write_27724 nohasharray -+reg_w_buf_27724 reg_w_buf 3 27724 &iwl_dbgfs_traffic_log_write_27724 ++reg_w_buf_27724 reg_w_buf 3 27724 NULL nohasharray ++pstore_write_27724 pstore_write 3 27724 ®_w_buf_27724 nohasharray ++iwl_dbgfs_traffic_log_write_27724 iwl_dbgfs_traffic_log_write 3 27724 &pstore_write_27724 +xfs_dir2_block_sfsize_27727 xfs_dir2_block_sfsize 0 27727 NULL +kcalloc_27770 kcalloc 2-1 27770 NULL +ttm_object_file_init_27804 ttm_object_file_init 2 27804 NULL @@ -107432,8 +106893,8 @@ index 0000000..05e26dd +hci_sock_setsockopt_28993 hci_sock_setsockopt 5 28993 NULL +bin_uuid_28999 bin_uuid 3 28999 NULL +sys_fcntl64_29031 sys_fcntl64 3 29031 NULL -+rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 NULL nohasharray -+ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 &rxrpc_sendmsg_29049 ++ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 NULL nohasharray ++rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 &ProcessGetHostMibs_29049 +tso_fragment_29050 tso_fragment 3 29050 NULL +split_bvec_29058 split_bvec 5 29058 NULL +iso_packets_buffer_init_29061 iso_packets_buffer_init 3-4 29061 NULL @@ -108246,8 +107707,8 @@ index 0000000..05e26dd +snd_pcm_playback_rewind_38249 snd_pcm_playback_rewind 0-2 38249 NULL +ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 3-4 38268 &ieee80211_if_read_auto_open_plinks_38268 -+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray -+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275 ++xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 NULL nohasharray ++xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 &xfs_bmdr_to_bmbt_38275 +zd_mac_rx_38296 zd_mac_rx 3 38296 NULL +isr_rx_headers_read_38325 isr_rx_headers_read 3 38325 NULL +ida_simple_get_38326 ida_simple_get 2 38326 NULL @@ -108741,8 +108202,8 @@ index 0000000..05e26dd +msi_capability_init_43423 msi_capability_init 0 43423 &__alloc_bootmem_low_43423 +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL +ocfs2_rotate_tree_left_43442 ocfs2_rotate_tree_left 0 43442 NULL -+usb_string_43443 usb_string 0 43443 NULL nohasharray -+usemap_size_43443 usemap_size 0-2-1 43443 &usb_string_43443 ++usemap_size_43443 usemap_size 0-2-1 43443 NULL nohasharray ++usb_string_43443 usb_string 0 43443 &usemap_size_43443 +__data_list_add_eb_43472 __data_list_add_eb 0 43472 NULL +alloc_new_reservation_43480 alloc_new_reservation 4-0-2 43480 NULL +nf_nat_ftp_fmt_cmd_43495 nf_nat_ftp_fmt_cmd 0 43495 NULL @@ -109146,8 +108607,8 @@ index 0000000..05e26dd +iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray +mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983 +pnpacpi_parse_allocated_irqresource_47986 pnpacpi_parse_allocated_irqresource 2 47986 NULL -+mgmt_pending_add_47990 mgmt_pending_add 5 47990 NULL nohasharray -+dbg_port_buf_47990 dbg_port_buf 2 47990 &mgmt_pending_add_47990 ++dbg_port_buf_47990 dbg_port_buf 2 47990 NULL nohasharray ++mgmt_pending_add_47990 mgmt_pending_add 5 47990 &dbg_port_buf_47990 +ib_umad_write_47993 ib_umad_write 3 47993 NULL +ocfs2_find_refcount_split_pos_48001 ocfs2_find_refcount_split_pos 0 48001 NULL +ffs_epfile_write_48014 ffs_epfile_write 3 48014 NULL @@ -109192,8 +108653,8 @@ index 0000000..05e26dd +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL +send_control_msg_48498 send_control_msg 6 48498 NULL +mlx4_en_create_tx_ring_48501 mlx4_en_create_tx_ring 4 48501 NULL -+diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL nohasharray -+iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 &diva_os_copy_to_user_48508 ++iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 NULL nohasharray ++diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 &iwl_legacy_dbgfs_status_read_48508 +phantom_get_free_48514 phantom_get_free 0 48514 NULL +ubi_dbg_check_write_48525 ubi_dbg_check_write 0 48525 NULL +wiimote_hid_send_48528 wiimote_hid_send 3 48528 NULL @@ -109753,8 +109214,8 @@ index 0000000..05e26dd +pn_raw_send_54330 pn_raw_send 2 54330 NULL +br_fdb_fillbuf_54339 br_fdb_fillbuf 0 54339 NULL +__alloc_dev_table_54343 __alloc_dev_table 2 54343 NULL -+_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 NULL nohasharray -+__get_free_pages_54352 __get_free_pages 0 54352 &_osd_realloc_seg_54352 ++__get_free_pages_54352 __get_free_pages 0 54352 NULL nohasharray ++_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 &__get_free_pages_54352 +tcf_hash_create_54360 tcf_hash_create 4 54360 NULL +read_file_credit_dist_stats_54367 read_file_credit_dist_stats 3 54367 NULL +vfs_readlink_54368 vfs_readlink 3 54368 NULL @@ -109982,8 +109443,8 @@ index 0000000..05e26dd +pvr2_debugifc_print_status_56890 pvr2_debugifc_print_status 3 56890 NULL +__bitmap_clear_bits_56912 __bitmap_clear_bits 3 56912 NULL +__kfifo_out_56927 __kfifo_out 0-3 56927 NULL -+journal_init_revoke_56933 journal_init_revoke 2 56933 NULL nohasharray -+CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 &journal_init_revoke_56933 ++CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 NULL nohasharray ++journal_init_revoke_56933 journal_init_revoke 2 56933 &CopyBufferToControlPacket_56933 +diva_get_driver_info_56967 diva_get_driver_info 0 56967 NULL +vlsi_alloc_ring_57003 vlsi_alloc_ring 3-4 57003 NULL +btrfs_super_csum_size_57004 btrfs_super_csum_size 0 57004 NULL @@ -110077,8 +109538,8 @@ index 0000000..05e26dd +tt_response_fill_table_57902 tt_response_fill_table 1 57902 NULL +xt_alloc_table_info_57903 xt_alloc_table_info 1 57903 NULL +emi26_writememory_57908 emi26_writememory 4 57908 NULL -+atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 NULL nohasharray -+iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 &atomic_add_return_unchecked_57910 ++iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 NULL nohasharray ++atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 &iio_read_first_n_kfifo_57910 +__snd_gf1_look16_57925 __snd_gf1_look16 0 57925 NULL +sel_read_handle_unknown_57933 sel_read_handle_unknown 3 57933 NULL +xfs_mru_cache_create_57943 xfs_mru_cache_create 3 57943 NULL @@ -110271,8 +109732,8 @@ index 0000000..05e26dd +sys_sched_getaffinity_60033 sys_sched_getaffinity 2 60033 NULL +bio_integrity_hw_sectors_60039 bio_integrity_hw_sectors 0-2 60039 NULL +do_ip6t_set_ctl_60040 do_ip6t_set_ctl 4 60040 NULL -+vcs_size_60050 vcs_size 0 60050 NULL nohasharray -+pin_2_irq_60050 pin_2_irq 0-3 60050 &vcs_size_60050 ++pin_2_irq_60050 pin_2_irq 0-3 60050 NULL nohasharray ++vcs_size_60050 vcs_size 0 60050 &pin_2_irq_60050 +load_module_60056 load_module 2 60056 NULL nohasharray +gru_alloc_gts_60056 gru_alloc_gts 3-2 60056 &load_module_60056 +compat_writev_60063 compat_writev 3 60063 NULL @@ -110293,6 +109754,7 @@ index 0000000..05e26dd +printer_write_60276 printer_write 3 60276 NULL +__pskb_pull_tail_60287 __pskb_pull_tail 2 60287 NULL +do_xip_mapping_read_60297 do_xip_mapping_read 5 60297 NULL ++ext3_dir_llseek_60298 ext3_dir_llseek 2 60298 NULL +getDataLength_60301 getDataLength 0 60301 NULL +usb_alphatrack_write_60341 usb_alphatrack_write 3 60341 NULL +__kfifo_from_user_r_60345 __kfifo_from_user_r 5-3 60345 NULL diff --git a/3.2.52/4425_grsec_remove_EI_PAX.patch b/3.2.53/4425_grsec_remove_EI_PAX.patch index 415fda5..415fda5 100644 --- a/3.2.52/4425_grsec_remove_EI_PAX.patch +++ b/3.2.53/4425_grsec_remove_EI_PAX.patch diff --git a/3.2.52/4427_force_XATTR_PAX_tmpfs.patch b/3.2.53/4427_force_XATTR_PAX_tmpfs.patch index 8c7a533..8c7a533 100644 --- a/3.2.52/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.2.53/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.2.52/4430_grsec-remove-localversion-grsec.patch b/3.2.53/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.52/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.53/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.52/4435_grsec-mute-warnings.patch b/3.2.53/4435_grsec-mute-warnings.patch index f099757..f099757 100644 --- a/3.2.52/4435_grsec-mute-warnings.patch +++ b/3.2.53/4435_grsec-mute-warnings.patch diff --git a/3.2.52/4440_grsec-remove-protected-paths.patch b/3.2.53/4440_grsec-remove-protected-paths.patch index 05710b1..05710b1 100644 --- a/3.2.52/4440_grsec-remove-protected-paths.patch +++ b/3.2.53/4440_grsec-remove-protected-paths.patch diff --git a/3.2.52/4450_grsec-kconfig-default-gids.patch b/3.2.53/4450_grsec-kconfig-default-gids.patch index 8c7b0b2..8c7b0b2 100644 --- a/3.2.52/4450_grsec-kconfig-default-gids.patch +++ b/3.2.53/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.52/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.53/4465_selinux-avc_audit-log-curr_ip.patch index 687ae4c..687ae4c 100644 --- a/3.2.52/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.53/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.52/4470_disable-compat_vdso.patch b/3.2.53/4470_disable-compat_vdso.patch index 6905571..6905571 100644 --- a/3.2.52/4470_disable-compat_vdso.patch +++ b/3.2.53/4470_disable-compat_vdso.patch diff --git a/3.2.52/4475_emutramp_default_on.patch b/3.2.53/4475_emutramp_default_on.patch index cfde6f8..cfde6f8 100644 --- a/3.2.52/4475_emutramp_default_on.patch +++ b/3.2.53/4475_emutramp_default_on.patch |