summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2013-12-02 15:52:16 -0500
committerAnthony G. Basile <blueness@gentoo.org>2013-12-02 15:52:16 -0500
commit5607de60d2a17294b70fc775bd73ba4ec16dc856 (patch)
tree71dc37628909ffdd50039bc0f5d8eaf5b370a1c0
parentGrsec/PaX: 3.0-{3.2.52,3.12.1}-201311261522 (diff)
downloadhardened-patchset-5607de60d2a17294b70fc775bd73ba4ec16dc856.tar.gz
hardened-patchset-5607de60d2a17294b70fc775bd73ba4ec16dc856.tar.bz2
hardened-patchset-5607de60d2a17294b70fc775bd73ba4ec16dc856.zip
Grsec/PaX: 3.0-{3.2.53,3.12.2}-20131201111120131201
-rw-r--r--3.12.2/0000_README (renamed from 3.12.1/0000_README)6
-rw-r--r--3.12.2/1001_linux-3.12.2.patch3790
-rw-r--r--3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch (renamed from 3.12.1/4420_grsecurity-3.0-3.12.1-201311261522.patch)375
-rw-r--r--3.12.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.12.1/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.12.2/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.12.1/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.12.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.12.1/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.12.2/4435_grsec-mute-warnings.patch (renamed from 3.12.1/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.12.2/4440_grsec-remove-protected-paths.patch (renamed from 3.12.1/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.12.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.12.1/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.12.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.12.1/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.12.2/4470_disable-compat_vdso.patch (renamed from 3.12.1/4470_disable-compat_vdso.patch)0
-rw-r--r--3.12.2/4475_emutramp_default_on.patch (renamed from 3.12.1/4475_emutramp_default_on.patch)0
-rw-r--r--3.2.53/0000_README (renamed from 3.2.52/0000_README)14
-rw-r--r--3.2.53/1021_linux-3.2.22.patch (renamed from 3.2.52/1021_linux-3.2.22.patch)0
-rw-r--r--3.2.53/1022_linux-3.2.23.patch (renamed from 3.2.52/1022_linux-3.2.23.patch)0
-rw-r--r--3.2.53/1023_linux-3.2.24.patch (renamed from 3.2.52/1023_linux-3.2.24.patch)0
-rw-r--r--3.2.53/1024_linux-3.2.25.patch (renamed from 3.2.52/1024_linux-3.2.25.patch)0
-rw-r--r--3.2.53/1025_linux-3.2.26.patch (renamed from 3.2.52/1025_linux-3.2.26.patch)0
-rw-r--r--3.2.53/1026_linux-3.2.27.patch (renamed from 3.2.52/1026_linux-3.2.27.patch)0
-rw-r--r--3.2.53/1027_linux-3.2.28.patch (renamed from 3.2.52/1027_linux-3.2.28.patch)0
-rw-r--r--3.2.53/1028_linux-3.2.29.patch (renamed from 3.2.52/1028_linux-3.2.29.patch)0
-rw-r--r--3.2.53/1029_linux-3.2.30.patch (renamed from 3.2.52/1029_linux-3.2.30.patch)0
-rw-r--r--3.2.53/1030_linux-3.2.31.patch (renamed from 3.2.52/1030_linux-3.2.31.patch)0
-rw-r--r--3.2.53/1031_linux-3.2.32.patch (renamed from 3.2.52/1031_linux-3.2.32.patch)0
-rw-r--r--3.2.53/1032_linux-3.2.33.patch (renamed from 3.2.52/1032_linux-3.2.33.patch)0
-rw-r--r--3.2.53/1033_linux-3.2.34.patch (renamed from 3.2.52/1033_linux-3.2.34.patch)0
-rw-r--r--3.2.53/1034_linux-3.2.35.patch (renamed from 3.2.52/1034_linux-3.2.35.patch)0
-rw-r--r--3.2.53/1035_linux-3.2.36.patch (renamed from 3.2.52/1035_linux-3.2.36.patch)0
-rw-r--r--3.2.53/1036_linux-3.2.37.patch (renamed from 3.2.52/1036_linux-3.2.37.patch)0
-rw-r--r--3.2.53/1037_linux-3.2.38.patch (renamed from 3.2.52/1037_linux-3.2.38.patch)0
-rw-r--r--3.2.53/1038_linux-3.2.39.patch (renamed from 3.2.52/1038_linux-3.2.39.patch)0
-rw-r--r--3.2.53/1039_linux-3.2.40.patch (renamed from 3.2.52/1039_linux-3.2.40.patch)0
-rw-r--r--3.2.53/1040_linux-3.2.41.patch (renamed from 3.2.52/1040_linux-3.2.41.patch)0
-rw-r--r--3.2.53/1041_linux-3.2.42.patch (renamed from 3.2.52/1041_linux-3.2.42.patch)0
-rw-r--r--3.2.53/1042_linux-3.2.43.patch (renamed from 3.2.52/1042_linux-3.2.43.patch)0
-rw-r--r--3.2.53/1043_linux-3.2.44.patch (renamed from 3.2.52/1043_linux-3.2.44.patch)0
-rw-r--r--3.2.53/1044_linux-3.2.45.patch (renamed from 3.2.52/1044_linux-3.2.45.patch)0
-rw-r--r--3.2.53/1045_linux-3.2.46.patch (renamed from 3.2.52/1045_linux-3.2.46.patch)0
-rw-r--r--3.2.53/1046_linux-3.2.47.patch (renamed from 3.2.52/1046_linux-3.2.47.patch)0
-rw-r--r--3.2.53/1047_linux-3.2.48.patch (renamed from 3.2.52/1047_linux-3.2.48.patch)0
-rw-r--r--3.2.53/1048_linux-3.2.49.patch (renamed from 3.2.52/1048_linux-3.2.49.patch)0
-rw-r--r--3.2.53/1049_linux-3.2.50.patch (renamed from 3.2.52/1049_linux-3.2.50.patch)0
-rw-r--r--3.2.53/1050_linux-3.2.51.patch (renamed from 3.2.52/1050_linux-3.2.51.patch)0
-rw-r--r--3.2.53/1051_linux-3.2.52.patch (renamed from 3.2.52/1051_linux-3.2.52.patch)0
-rw-r--r--3.2.53/1052_linux-3.2.53.patch3357
-rw-r--r--3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch (renamed from 3.2.52/4420_grsecurity-3.0-3.2.52-201311261520.patch)848
-rw-r--r--3.2.53/4425_grsec_remove_EI_PAX.patch (renamed from 3.2.52/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.2.53/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.2.52/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.2.53/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.52/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.2.53/4435_grsec-mute-warnings.patch (renamed from 3.2.52/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.2.53/4440_grsec-remove-protected-paths.patch (renamed from 3.2.52/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.2.53/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.52/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.2.53/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.52/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.2.53/4470_disable-compat_vdso.patch (renamed from 3.2.52/4470_disable-compat_vdso.patch)0
-rw-r--r--3.2.53/4475_emutramp_default_on.patch (renamed from 3.2.52/4475_emutramp_default_on.patch)0
55 files changed, 7399 insertions, 991 deletions
diff --git a/3.12.1/0000_README b/3.12.2/0000_README
index 00a2158..21d2546 100644
--- a/3.12.1/0000_README
+++ b/3.12.2/0000_README
@@ -2,7 +2,11 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.12.1-201311261522.patch
+Patch: 1001_linux-3.12.2.patch
+From: http://www.kernel.org
+Desc: Linux 3.12.2
+
+Patch: 4420_grsecurity-3.0-3.12.2-201312011111.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.12.2/1001_linux-3.12.2.patch b/3.12.2/1001_linux-3.12.2.patch
new file mode 100644
index 0000000..8b40733
--- /dev/null
+++ b/3.12.2/1001_linux-3.12.2.patch
@@ -0,0 +1,3790 @@
+diff --git a/Makefile b/Makefile
+index eb29ec7..e6e72b6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 12
+-SUBLEVEL = 1
++SUBLEVEL = 2
+ EXTRAVERSION =
+ NAME = One Giant Leap for Frogkind
+
+diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
+index b0de86b..cb79a5d 100644
+--- a/arch/arm/kvm/mmu.c
++++ b/arch/arm/kvm/mmu.c
+@@ -307,6 +307,17 @@ out:
+ return err;
+ }
+
++static phys_addr_t kvm_kaddr_to_phys(void *kaddr)
++{
++ if (!is_vmalloc_addr(kaddr)) {
++ BUG_ON(!virt_addr_valid(kaddr));
++ return __pa(kaddr);
++ } else {
++ return page_to_phys(vmalloc_to_page(kaddr)) +
++ offset_in_page(kaddr);
++ }
++}
++
+ /**
+ * create_hyp_mappings - duplicate a kernel virtual address range in Hyp mode
+ * @from: The virtual kernel start address of the range
+@@ -318,16 +329,27 @@ out:
+ */
+ int create_hyp_mappings(void *from, void *to)
+ {
+- unsigned long phys_addr = virt_to_phys(from);
++ phys_addr_t phys_addr;
++ unsigned long virt_addr;
+ unsigned long start = KERN_TO_HYP((unsigned long)from);
+ unsigned long end = KERN_TO_HYP((unsigned long)to);
+
+- /* Check for a valid kernel memory mapping */
+- if (!virt_addr_valid(from) || !virt_addr_valid(to - 1))
+- return -EINVAL;
++ start = start & PAGE_MASK;
++ end = PAGE_ALIGN(end);
+
+- return __create_hyp_mappings(hyp_pgd, start, end,
+- __phys_to_pfn(phys_addr), PAGE_HYP);
++ for (virt_addr = start; virt_addr < end; virt_addr += PAGE_SIZE) {
++ int err;
++
++ phys_addr = kvm_kaddr_to_phys(from + virt_addr - start);
++ err = __create_hyp_mappings(hyp_pgd, virt_addr,
++ virt_addr + PAGE_SIZE,
++ __phys_to_pfn(phys_addr),
++ PAGE_HYP);
++ if (err)
++ return err;
++ }
++
++ return 0;
+ }
+
+ /**
+diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
+index d9ee0ff..3d5db8c 100644
+--- a/arch/arm/mach-omap2/omap_hwmod.c
++++ b/arch/arm/mach-omap2/omap_hwmod.c
+@@ -2361,21 +2361,23 @@ static struct device_node *of_dev_hwmod_lookup(struct device_node *np,
+ * Cache the virtual address used by the MPU to access this IP block's
+ * registers. This address is needed early so the OCP registers that
+ * are part of the device's address space can be ioremapped properly.
+- * No return value.
++ *
++ * Returns 0 on success, -EINVAL if an invalid hwmod is passed, and
++ * -ENXIO on absent or invalid register target address space.
+ */
+-static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
++static int __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
+ {
+ struct omap_hwmod_addr_space *mem;
+ void __iomem *va_start = NULL;
+ struct device_node *np;
+
+ if (!oh)
+- return;
++ return -EINVAL;
+
+ _save_mpu_port_index(oh);
+
+ if (oh->_int_flags & _HWMOD_NO_MPU_PORT)
+- return;
++ return -ENXIO;
+
+ mem = _find_mpu_rt_addr_space(oh);
+ if (!mem) {
+@@ -2384,7 +2386,7 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
+
+ /* Extract the IO space from device tree blob */
+ if (!of_have_populated_dt())
+- return;
++ return -ENXIO;
+
+ np = of_dev_hwmod_lookup(of_find_node_by_name(NULL, "ocp"), oh);
+ if (np)
+@@ -2395,13 +2397,14 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
+
+ if (!va_start) {
+ pr_err("omap_hwmod: %s: Could not ioremap\n", oh->name);
+- return;
++ return -ENXIO;
+ }
+
+ pr_debug("omap_hwmod: %s: MPU register target at va %p\n",
+ oh->name, va_start);
+
+ oh->_mpu_rt_va = va_start;
++ return 0;
+ }
+
+ /**
+@@ -2414,8 +2417,8 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data)
+ * registered at this point. This is the first of two phases for
+ * hwmod initialization. Code called here does not touch any hardware
+ * registers, it simply prepares internal data structures. Returns 0
+- * upon success or if the hwmod isn't registered, or -EINVAL upon
+- * failure.
++ * upon success or if the hwmod isn't registered or if the hwmod's
++ * address space is not defined, or -EINVAL upon failure.
+ */
+ static int __init _init(struct omap_hwmod *oh, void *data)
+ {
+@@ -2424,8 +2427,14 @@ static int __init _init(struct omap_hwmod *oh, void *data)
+ if (oh->_state != _HWMOD_STATE_REGISTERED)
+ return 0;
+
+- if (oh->class->sysc)
+- _init_mpu_rt_base(oh, NULL);
++ if (oh->class->sysc) {
++ r = _init_mpu_rt_base(oh, NULL);
++ if (r < 0) {
++ WARN(1, "omap_hwmod: %s: doesn't have mpu register target base\n",
++ oh->name);
++ return 0;
++ }
++ }
+
+ r = _init_clocks(oh, NULL);
+ if (r < 0) {
+diff --git a/arch/cris/include/asm/io.h b/arch/cris/include/asm/io.h
+index 5d3047e..4353cf2 100644
+--- a/arch/cris/include/asm/io.h
++++ b/arch/cris/include/asm/io.h
+@@ -3,6 +3,7 @@
+
+ #include <asm/page.h> /* for __va, __pa */
+ #include <arch/io.h>
++#include <asm-generic/iomap.h>
+ #include <linux/kernel.h>
+
+ struct cris_io_operations
+diff --git a/arch/ia64/include/asm/processor.h b/arch/ia64/include/asm/processor.h
+index e0a899a..5a84b3a 100644
+--- a/arch/ia64/include/asm/processor.h
++++ b/arch/ia64/include/asm/processor.h
+@@ -319,7 +319,7 @@ struct thread_struct {
+ regs->loadrs = 0; \
+ regs->r8 = get_dumpable(current->mm); /* set "don't zap registers" flag */ \
+ regs->r12 = new_sp - 16; /* allocate 16 byte scratch area */ \
+- if (unlikely(!get_dumpable(current->mm))) { \
++ if (unlikely(get_dumpable(current->mm) != SUID_DUMP_USER)) { \
+ /* \
+ * Zap scratch regs to avoid leaking bits between processes with different \
+ * uid/privileges. \
+diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c
+index 55593ee..c766cf5 100644
+--- a/arch/powerpc/kernel/eeh.c
++++ b/arch/powerpc/kernel/eeh.c
+@@ -687,6 +687,15 @@ void eeh_save_bars(struct eeh_dev *edev)
+
+ for (i = 0; i < 16; i++)
+ eeh_ops->read_config(dn, i * 4, 4, &edev->config_space[i]);
++
++ /*
++ * For PCI bridges including root port, we need enable bus
++ * master explicitly. Otherwise, it can't fetch IODA table
++ * entries correctly. So we cache the bit in advance so that
++ * we can restore it after reset, either PHB range or PE range.
++ */
++ if (edev->mode & EEH_DEV_BRIDGE)
++ edev->config_space[1] |= PCI_COMMAND_MASTER;
+ }
+
+ /**
+diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
+index bebdf1a..36d49e6 100644
+--- a/arch/powerpc/kernel/signal_32.c
++++ b/arch/powerpc/kernel/signal_32.c
+@@ -457,7 +457,15 @@ static int save_user_regs(struct pt_regs *regs, struct mcontext __user *frame,
+ if (copy_vsx_to_user(&frame->mc_vsregs, current))
+ return 1;
+ msr |= MSR_VSX;
+- }
++ } else if (!ctx_has_vsx_region)
++ /*
++ * With a small context structure we can't hold the VSX
++ * registers, hence clear the MSR value to indicate the state
++ * was not saved.
++ */
++ msr &= ~MSR_VSX;
++
++
+ #endif /* CONFIG_VSX */
+ #ifdef CONFIG_SPE
+ /* save spe registers */
+diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c
+index 192b051..b3b1441 100644
+--- a/arch/powerpc/kernel/time.c
++++ b/arch/powerpc/kernel/time.c
+@@ -213,8 +213,6 @@ static u64 scan_dispatch_log(u64 stop_tb)
+ if (i == be64_to_cpu(vpa->dtl_idx))
+ return 0;
+ while (i < be64_to_cpu(vpa->dtl_idx)) {
+- if (dtl_consumer)
+- dtl_consumer(dtl, i);
+ dtb = be64_to_cpu(dtl->timebase);
+ tb_delta = be32_to_cpu(dtl->enqueue_to_dispatch_time) +
+ be32_to_cpu(dtl->ready_to_enqueue_time);
+@@ -227,6 +225,8 @@ static u64 scan_dispatch_log(u64 stop_tb)
+ }
+ if (dtb > stop_tb)
+ break;
++ if (dtl_consumer)
++ dtl_consumer(dtl, i);
+ stolen += tb_delta;
+ ++i;
+ ++dtl;
+diff --git a/arch/powerpc/kernel/vio.c b/arch/powerpc/kernel/vio.c
+index d38cc08..cb92d82 100644
+--- a/arch/powerpc/kernel/vio.c
++++ b/arch/powerpc/kernel/vio.c
+@@ -1531,12 +1531,12 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr,
+
+ dn = dev->of_node;
+ if (!dn) {
+- strcat(buf, "\n");
++ strcpy(buf, "\n");
+ return strlen(buf);
+ }
+ cp = of_get_property(dn, "compatible", NULL);
+ if (!cp) {
+- strcat(buf, "\n");
++ strcpy(buf, "\n");
+ return strlen(buf);
+ }
+
+diff --git a/arch/powerpc/mm/gup.c b/arch/powerpc/mm/gup.c
+index 6936547..c5f734e 100644
+--- a/arch/powerpc/mm/gup.c
++++ b/arch/powerpc/mm/gup.c
+@@ -123,6 +123,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
+ struct mm_struct *mm = current->mm;
+ unsigned long addr, len, end;
+ unsigned long next;
++ unsigned long flags;
+ pgd_t *pgdp;
+ int nr = 0;
+
+@@ -156,7 +157,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
+ * So long as we atomically load page table pointers versus teardown,
+ * we can follow the address down to the the page and take a ref on it.
+ */
+- local_irq_disable();
++ local_irq_save(flags);
+
+ pgdp = pgd_offset(mm, addr);
+ do {
+@@ -179,7 +180,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
+ break;
+ } while (pgdp++, addr = next, addr != end);
+
+- local_irq_enable();
++ local_irq_restore(flags);
+
+ return nr;
+ }
+diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
+index 3e99c14..7ce9cf3 100644
+--- a/arch/powerpc/mm/slice.c
++++ b/arch/powerpc/mm/slice.c
+@@ -258,7 +258,7 @@ static bool slice_scan_available(unsigned long addr,
+ slice = GET_HIGH_SLICE_INDEX(addr);
+ *boundary_addr = (slice + end) ?
+ ((slice + end) << SLICE_HIGH_SHIFT) : SLICE_LOW_TOP;
+- return !!(available.high_slices & (1u << slice));
++ return !!(available.high_slices & (1ul << slice));
+ }
+ }
+
+diff --git a/arch/powerpc/platforms/512x/mpc512x_shared.c b/arch/powerpc/platforms/512x/mpc512x_shared.c
+index a82a41b..1a7b1d0 100644
+--- a/arch/powerpc/platforms/512x/mpc512x_shared.c
++++ b/arch/powerpc/platforms/512x/mpc512x_shared.c
+@@ -303,6 +303,9 @@ void __init mpc512x_setup_diu(void)
+ diu_ops.release_bootmem = mpc512x_release_bootmem;
+ }
+
++#else
++void __init mpc512x_setup_diu(void) { /* EMPTY */ }
++void __init mpc512x_init_diu(void) { /* EMPTY */ }
+ #endif
+
+ void __init mpc512x_init_IRQ(void)
+diff --git a/arch/powerpc/platforms/52xx/Kconfig b/arch/powerpc/platforms/52xx/Kconfig
+index 90f4496..af54174 100644
+--- a/arch/powerpc/platforms/52xx/Kconfig
++++ b/arch/powerpc/platforms/52xx/Kconfig
+@@ -57,5 +57,5 @@ config PPC_MPC5200_BUGFIX
+
+ config PPC_MPC5200_LPBFIFO
+ tristate "MPC5200 LocalPlus bus FIFO driver"
+- depends on PPC_MPC52xx
++ depends on PPC_MPC52xx && PPC_BESTCOMM
+ select PPC_BESTCOMM_GEN_BD
+diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c
+index 74a5a57..930e1fe 100644
+--- a/arch/powerpc/platforms/powernv/pci-ioda.c
++++ b/arch/powerpc/platforms/powernv/pci-ioda.c
+@@ -153,13 +153,23 @@ static int pnv_ioda_configure_pe(struct pnv_phb *phb, struct pnv_ioda_pe *pe)
+ rid_end = pe->rid + 1;
+ }
+
+- /* Associate PE in PELT */
++ /*
++ * Associate PE in PELT. We need add the PE into the
++ * corresponding PELT-V as well. Otherwise, the error
++ * originated from the PE might contribute to other
++ * PEs.
++ */
+ rc = opal_pci_set_pe(phb->opal_id, pe->pe_number, pe->rid,
+ bcomp, dcomp, fcomp, OPAL_MAP_PE);
+ if (rc) {
+ pe_err(pe, "OPAL error %ld trying to setup PELT table\n", rc);
+ return -ENXIO;
+ }
++
++ rc = opal_pci_set_peltv(phb->opal_id, pe->pe_number,
++ pe->pe_number, OPAL_ADD_PE_TO_DOMAIN);
++ if (rc)
++ pe_warn(pe, "OPAL error %d adding self to PELTV\n", rc);
+ opal_pci_eeh_freeze_clear(phb->opal_id, pe->pe_number,
+ OPAL_EEH_ACTION_CLEAR_FREEZE_ALL);
+
+diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
+index b4dbade..2e4b5be 100644
+--- a/arch/s390/crypto/aes_s390.c
++++ b/arch/s390/crypto/aes_s390.c
+@@ -35,7 +35,6 @@ static u8 *ctrblk;
+ static char keylen_flag;
+
+ struct s390_aes_ctx {
+- u8 iv[AES_BLOCK_SIZE];
+ u8 key[AES_MAX_KEY_SIZE];
+ long enc;
+ long dec;
+@@ -441,30 +440,36 @@ static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+ return aes_set_key(tfm, in_key, key_len);
+ }
+
+-static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param,
++static int cbc_aes_crypt(struct blkcipher_desc *desc, long func,
+ struct blkcipher_walk *walk)
+ {
++ struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm);
+ int ret = blkcipher_walk_virt(desc, walk);
+ unsigned int nbytes = walk->nbytes;
++ struct {
++ u8 iv[AES_BLOCK_SIZE];
++ u8 key[AES_MAX_KEY_SIZE];
++ } param;
+
+ if (!nbytes)
+ goto out;
+
+- memcpy(param, walk->iv, AES_BLOCK_SIZE);
++ memcpy(param.iv, walk->iv, AES_BLOCK_SIZE);
++ memcpy(param.key, sctx->key, sctx->key_len);
+ do {
+ /* only use complete blocks */
+ unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1);
+ u8 *out = walk->dst.virt.addr;
+ u8 *in = walk->src.virt.addr;
+
+- ret = crypt_s390_kmc(func, param, out, in, n);
++ ret = crypt_s390_kmc(func, &param, out, in, n);
+ if (ret < 0 || ret != n)
+ return -EIO;
+
+ nbytes &= AES_BLOCK_SIZE - 1;
+ ret = blkcipher_walk_done(desc, walk, nbytes);
+ } while ((nbytes = walk->nbytes));
+- memcpy(walk->iv, param, AES_BLOCK_SIZE);
++ memcpy(walk->iv, param.iv, AES_BLOCK_SIZE);
+
+ out:
+ return ret;
+@@ -481,7 +486,7 @@ static int cbc_aes_encrypt(struct blkcipher_desc *desc,
+ return fallback_blk_enc(desc, dst, src, nbytes);
+
+ blkcipher_walk_init(&walk, dst, src, nbytes);
+- return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk);
++ return cbc_aes_crypt(desc, sctx->enc, &walk);
+ }
+
+ static int cbc_aes_decrypt(struct blkcipher_desc *desc,
+@@ -495,7 +500,7 @@ static int cbc_aes_decrypt(struct blkcipher_desc *desc,
+ return fallback_blk_dec(desc, dst, src, nbytes);
+
+ blkcipher_walk_init(&walk, dst, src, nbytes);
+- return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk);
++ return cbc_aes_crypt(desc, sctx->dec, &walk);
+ }
+
+ static struct crypto_alg cbc_aes_alg = {
+diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h
+index 819b94d..8beee1c 100644
+--- a/arch/s390/include/asm/timex.h
++++ b/arch/s390/include/asm/timex.h
+@@ -71,9 +71,11 @@ static inline void local_tick_enable(unsigned long long comp)
+
+ typedef unsigned long long cycles_t;
+
+-static inline void get_tod_clock_ext(char *clk)
++static inline void get_tod_clock_ext(char clk[16])
+ {
+- asm volatile("stcke %0" : "=Q" (*clk) : : "cc");
++ typedef struct { char _[sizeof(clk)]; } addrtype;
++
++ asm volatile("stcke %0" : "=Q" (*(addrtype *) clk) : : "cc");
+ }
+
+ static inline unsigned long long get_tod_clock(void)
+diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c
+index 1a4313a..93439cd 100644
+--- a/arch/s390/kernel/smp.c
++++ b/arch/s390/kernel/smp.c
+@@ -929,7 +929,7 @@ static ssize_t show_idle_count(struct device *dev,
+ idle_count = ACCESS_ONCE(idle->idle_count);
+ if (ACCESS_ONCE(idle->clock_idle_enter))
+ idle_count++;
+- } while ((sequence & 1) || (idle->sequence != sequence));
++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
+ return sprintf(buf, "%llu\n", idle_count);
+ }
+ static DEVICE_ATTR(idle_count, 0444, show_idle_count, NULL);
+@@ -947,7 +947,7 @@ static ssize_t show_idle_time(struct device *dev,
+ idle_time = ACCESS_ONCE(idle->idle_time);
+ idle_enter = ACCESS_ONCE(idle->clock_idle_enter);
+ idle_exit = ACCESS_ONCE(idle->clock_idle_exit);
+- } while ((sequence & 1) || (idle->sequence != sequence));
++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
+ idle_time += idle_enter ? ((idle_exit ? : now) - idle_enter) : 0;
+ return sprintf(buf, "%llu\n", idle_time >> 12);
+ }
+diff --git a/arch/s390/kernel/vtime.c b/arch/s390/kernel/vtime.c
+index abcfab5..bb06a76 100644
+--- a/arch/s390/kernel/vtime.c
++++ b/arch/s390/kernel/vtime.c
+@@ -191,7 +191,7 @@ cputime64_t s390_get_idle_time(int cpu)
+ sequence = ACCESS_ONCE(idle->sequence);
+ idle_enter = ACCESS_ONCE(idle->clock_idle_enter);
+ idle_exit = ACCESS_ONCE(idle->clock_idle_exit);
+- } while ((sequence & 1) || (idle->sequence != sequence));
++ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence));
+ return idle_enter ? ((idle_exit ?: now) - idle_enter) : 0;
+ }
+
+diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
+index e0e0841..18677a9 100644
+--- a/arch/x86/kernel/crash.c
++++ b/arch/x86/kernel/crash.c
+@@ -127,12 +127,12 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
+ cpu_emergency_vmxoff();
+ cpu_emergency_svm_disable();
+
+- lapic_shutdown();
+ #ifdef CONFIG_X86_IO_APIC
+ /* Prevent crash_kexec() from deadlocking on ioapic_lock. */
+ ioapic_zap_locks();
+ disable_IO_APIC();
+ #endif
++ lapic_shutdown();
+ #ifdef CONFIG_HPET_TIMER
+ hpet_disable();
+ #endif
+diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
+index 42a392a..d4bdd25 100644
+--- a/arch/x86/kernel/ftrace.c
++++ b/arch/x86/kernel/ftrace.c
+@@ -248,6 +248,15 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
+ return ret;
+ }
+
++static int is_ftrace_caller(unsigned long ip)
++{
++ if (ip == (unsigned long)(&ftrace_call) ||
++ ip == (unsigned long)(&ftrace_regs_call))
++ return 1;
++
++ return 0;
++}
++
+ /*
+ * A breakpoint was added to the code address we are about to
+ * modify, and this is the handle that will just skip over it.
+@@ -257,10 +266,13 @@ int ftrace_update_ftrace_func(ftrace_func_t func)
+ */
+ int ftrace_int3_handler(struct pt_regs *regs)
+ {
++ unsigned long ip;
++
+ if (WARN_ON_ONCE(!regs))
+ return 0;
+
+- if (!ftrace_location(regs->ip - 1))
++ ip = regs->ip - 1;
++ if (!ftrace_location(ip) && !is_ftrace_caller(ip))
+ return 0;
+
+ regs->ip += MCOUNT_INSN_SIZE - 1;
+diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c
+index af99f71..c3d4cc9 100644
+--- a/arch/x86/kernel/microcode_amd.c
++++ b/arch/x86/kernel/microcode_amd.c
+@@ -431,7 +431,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device,
+ snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86);
+
+ if (request_firmware(&fw, (const char *)fw_name, device)) {
+- pr_err("failed to load file %s\n", fw_name);
++ pr_debug("failed to load file %s\n", fw_name);
+ goto out;
+ }
+
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
+index c83516b..3fb8d95 100644
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -391,9 +391,9 @@ static void amd_e400_idle(void)
+ * The switch back from broadcast mode needs to be
+ * called with interrupts disabled.
+ */
+- local_irq_disable();
+- clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu);
+- local_irq_enable();
++ local_irq_disable();
++ clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu);
++ local_irq_enable();
+ } else
+ default_idle();
+ }
+diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
+index 7e920bf..618ce26 100644
+--- a/arch/x86/kernel/reboot.c
++++ b/arch/x86/kernel/reboot.c
+@@ -550,6 +550,10 @@ static void native_machine_emergency_restart(void)
+ void native_machine_shutdown(void)
+ {
+ /* Stop the cpus and apics */
++#ifdef CONFIG_X86_IO_APIC
++ disable_IO_APIC();
++#endif
++
+ #ifdef CONFIG_SMP
+ /*
+ * Stop all of the others. Also disable the local irq to
+@@ -562,10 +566,6 @@ void native_machine_shutdown(void)
+
+ lapic_shutdown();
+
+-#ifdef CONFIG_X86_IO_APIC
+- disable_IO_APIC();
+-#endif
+-
+ #ifdef CONFIG_HPET_TIMER
+ hpet_disable();
+ #endif
+diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
+index ddc3f3d..92e6f4a 100644
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -4040,7 +4040,10 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op,
+ case OpMem8:
+ ctxt->memop.bytes = 1;
+ if (ctxt->memop.type == OP_REG) {
+- ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, 1);
++ int highbyte_regs = ctxt->rex_prefix == 0;
++
++ ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm,
++ highbyte_regs);
+ fetch_register_operand(&ctxt->memop);
+ }
+ goto mem_common;
+diff --git a/block/blk-core.c b/block/blk-core.c
+index 0a00e4e..5e00b5a 100644
+--- a/block/blk-core.c
++++ b/block/blk-core.c
+@@ -2227,6 +2227,7 @@ void blk_start_request(struct request *req)
+ if (unlikely(blk_bidi_rq(req)))
+ req->next_rq->resid_len = blk_rq_bytes(req->next_rq);
+
++ BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags));
+ blk_add_timer(req);
+ }
+ EXPORT_SYMBOL(blk_start_request);
+diff --git a/block/blk-settings.c b/block/blk-settings.c
+index c50ecf0..5330933 100644
+--- a/block/blk-settings.c
++++ b/block/blk-settings.c
+@@ -144,6 +144,7 @@ void blk_set_stacking_limits(struct queue_limits *lim)
+ lim->discard_zeroes_data = 1;
+ lim->max_segments = USHRT_MAX;
+ lim->max_hw_sectors = UINT_MAX;
++ lim->max_segment_size = UINT_MAX;
+ lim->max_sectors = UINT_MAX;
+ lim->max_write_same_sectors = UINT_MAX;
+ }
+diff --git a/block/blk-timeout.c b/block/blk-timeout.c
+index 65f1035..655ba90 100644
+--- a/block/blk-timeout.c
++++ b/block/blk-timeout.c
+@@ -91,8 +91,8 @@ static void blk_rq_timed_out(struct request *req)
+ __blk_complete_request(req);
+ break;
+ case BLK_EH_RESET_TIMER:
+- blk_clear_rq_complete(req);
+ blk_add_timer(req);
++ blk_clear_rq_complete(req);
+ break;
+ case BLK_EH_NOT_HANDLED:
+ /*
+@@ -174,7 +174,6 @@ void blk_add_timer(struct request *req)
+ return;
+
+ BUG_ON(!list_empty(&req->timeout_list));
+- BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags));
+
+ /*
+ * Some LLDs, like scsi, peek at the timeout to prevent a
+diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
+index c0bb377..666f196 100644
+--- a/crypto/ansi_cprng.c
++++ b/crypto/ansi_cprng.c
+@@ -230,11 +230,11 @@ remainder:
+ */
+ if (byte_count < DEFAULT_BLK_SZ) {
+ empty_rbuf:
+- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
+- ctx->rand_data_valid++) {
++ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
+ *ptr = ctx->rand_data[ctx->rand_data_valid];
+ ptr++;
+ byte_count--;
++ ctx->rand_data_valid++;
+ if (byte_count == 0)
+ goto done;
+ }
+diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
+index a06d983..15986f3 100644
+--- a/drivers/acpi/ec.c
++++ b/drivers/acpi/ec.c
+@@ -175,9 +175,10 @@ static void start_transaction(struct acpi_ec *ec)
+ static void advance_transaction(struct acpi_ec *ec, u8 status)
+ {
+ unsigned long flags;
+- struct transaction *t = ec->curr;
++ struct transaction *t;
+
+ spin_lock_irqsave(&ec->lock, flags);
++ t = ec->curr;
+ if (!t)
+ goto unlock;
+ if (t->wlen > t->wi) {
+diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
+index d3874f4..d7e53ea 100644
+--- a/drivers/acpi/pci_root.c
++++ b/drivers/acpi/pci_root.c
+@@ -608,9 +608,12 @@ static void handle_root_bridge_removal(struct acpi_device *device)
+ ej_event->device = device;
+ ej_event->event = ACPI_NOTIFY_EJECT_REQUEST;
+
++ get_device(&device->dev);
+ status = acpi_os_hotplug_execute(acpi_bus_hot_remove_device, ej_event);
+- if (ACPI_FAILURE(status))
++ if (ACPI_FAILURE(status)) {
++ put_device(&device->dev);
+ kfree(ej_event);
++ }
+ }
+
+ static void _handle_hotplug_event_root(struct work_struct *work)
+diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
+index f98dd00..c7414a5 100644
+--- a/drivers/acpi/processor_idle.c
++++ b/drivers/acpi/processor_idle.c
+@@ -119,17 +119,10 @@ static struct dmi_system_id processor_power_dmi_table[] = {
+ */
+ static void acpi_safe_halt(void)
+ {
+- current_thread_info()->status &= ~TS_POLLING;
+- /*
+- * TS_POLLING-cleared state must be visible before we
+- * test NEED_RESCHED:
+- */
+- smp_mb();
+- if (!need_resched()) {
++ if (!tif_need_resched()) {
+ safe_halt();
+ local_irq_disable();
+ }
+- current_thread_info()->status |= TS_POLLING;
+ }
+
+ #ifdef ARCH_APICTIMER_STOPS_ON_C3
+@@ -737,6 +730,11 @@ static int acpi_idle_enter_c1(struct cpuidle_device *dev,
+ if (unlikely(!pr))
+ return -EINVAL;
+
++ if (cx->entry_method == ACPI_CSTATE_FFH) {
++ if (current_set_polling_and_test())
++ return -EINVAL;
++ }
++
+ lapic_timer_state_broadcast(pr, cx, 1);
+ acpi_idle_do_entry(cx);
+
+@@ -790,18 +788,9 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev,
+ if (unlikely(!pr))
+ return -EINVAL;
+
+- if (cx->entry_method != ACPI_CSTATE_FFH) {
+- current_thread_info()->status &= ~TS_POLLING;
+- /*
+- * TS_POLLING-cleared state must be visible before we test
+- * NEED_RESCHED:
+- */
+- smp_mb();
+-
+- if (unlikely(need_resched())) {
+- current_thread_info()->status |= TS_POLLING;
++ if (cx->entry_method == ACPI_CSTATE_FFH) {
++ if (current_set_polling_and_test())
+ return -EINVAL;
+- }
+ }
+
+ /*
+@@ -819,9 +808,6 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev,
+
+ sched_clock_idle_wakeup_event(0);
+
+- if (cx->entry_method != ACPI_CSTATE_FFH)
+- current_thread_info()->status |= TS_POLLING;
+-
+ lapic_timer_state_broadcast(pr, cx, 0);
+ return index;
+ }
+@@ -858,18 +844,9 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev,
+ }
+ }
+
+- if (cx->entry_method != ACPI_CSTATE_FFH) {
+- current_thread_info()->status &= ~TS_POLLING;
+- /*
+- * TS_POLLING-cleared state must be visible before we test
+- * NEED_RESCHED:
+- */
+- smp_mb();
+-
+- if (unlikely(need_resched())) {
+- current_thread_info()->status |= TS_POLLING;
++ if (cx->entry_method == ACPI_CSTATE_FFH) {
++ if (current_set_polling_and_test())
+ return -EINVAL;
+- }
+ }
+
+ acpi_unlazy_tlb(smp_processor_id());
+@@ -915,9 +892,6 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev,
+
+ sched_clock_idle_wakeup_event(0);
+
+- if (cx->entry_method != ACPI_CSTATE_FFH)
+- current_thread_info()->status |= TS_POLLING;
+-
+ lapic_timer_state_broadcast(pr, cx, 0);
+ return index;
+ }
+diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
+index fee8a29..3601738 100644
+--- a/drivers/acpi/scan.c
++++ b/drivers/acpi/scan.c
+@@ -331,8 +331,6 @@ static void acpi_scan_bus_device_check(acpi_handle handle, u32 ost_source)
+ goto out;
+ }
+ }
+- acpi_evaluate_hotplug_ost(handle, ost_source,
+- ACPI_OST_SC_INSERT_IN_PROGRESS, NULL);
+ error = acpi_bus_scan(handle);
+ if (error) {
+ acpi_handle_warn(handle, "Namespace scan failure\n");
+diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
+index aebcf63..f193285 100644
+--- a/drivers/acpi/video.c
++++ b/drivers/acpi/video.c
+@@ -832,7 +832,7 @@ acpi_video_init_brightness(struct acpi_video_device *device)
+ for (i = 2; i < br->count; i++)
+ if (level_old == br->levels[i])
+ break;
+- if (i == br->count)
++ if (i == br->count || !level)
+ level = max_level;
+ }
+
+diff --git a/drivers/block/brd.c b/drivers/block/brd.c
+index 9bf4371..d91f1a5 100644
+--- a/drivers/block/brd.c
++++ b/drivers/block/brd.c
+@@ -545,7 +545,7 @@ static struct kobject *brd_probe(dev_t dev, int *part, void *data)
+
+ mutex_lock(&brd_devices_mutex);
+ brd = brd_init_one(MINOR(dev) >> part_shift);
+- kobj = brd ? get_disk(brd->brd_disk) : ERR_PTR(-ENOMEM);
++ kobj = brd ? get_disk(brd->brd_disk) : NULL;
+ mutex_unlock(&brd_devices_mutex);
+
+ *part = 0;
+diff --git a/drivers/block/loop.c b/drivers/block/loop.c
+index 40e7155..2f036ca 100644
+--- a/drivers/block/loop.c
++++ b/drivers/block/loop.c
+@@ -1741,7 +1741,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data)
+ if (err < 0)
+ err = loop_add(&lo, MINOR(dev) >> part_shift);
+ if (err < 0)
+- kobj = ERR_PTR(err);
++ kobj = NULL;
+ else
+ kobj = get_disk(lo->lo_disk);
+ mutex_unlock(&loop_index_mutex);
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
+index f3dfc0a..d593c99 100644
+--- a/drivers/bluetooth/btusb.c
++++ b/drivers/bluetooth/btusb.c
+@@ -1628,7 +1628,6 @@ static struct usb_driver btusb_driver = {
+ #ifdef CONFIG_PM
+ .suspend = btusb_suspend,
+ .resume = btusb_resume,
+- .reset_resume = btusb_resume,
+ #endif
+ .id_table = btusb_table,
+ .supports_autosuspend = 1,
+diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c
+index e5be3ee..71b4283 100644
+--- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c
++++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c
+@@ -587,6 +587,7 @@ nvc1_grctx_init_unk58xx[] = {
+ { 0x405870, 4, 0x04, 0x00000001 },
+ { 0x405a00, 2, 0x04, 0x00000000 },
+ { 0x405a18, 1, 0x04, 0x00000000 },
++ {}
+ };
+
+ static struct nvc0_graph_init
+@@ -598,6 +599,7 @@ nvc1_grctx_init_rop[] = {
+ { 0x408904, 1, 0x04, 0x62000001 },
+ { 0x408908, 1, 0x04, 0x00c80929 },
+ { 0x408980, 1, 0x04, 0x0000011d },
++ {}
+ };
+
+ static struct nvc0_graph_init
+@@ -671,6 +673,7 @@ nvc1_grctx_init_gpc_0[] = {
+ { 0x419000, 1, 0x04, 0x00000780 },
+ { 0x419004, 2, 0x04, 0x00000000 },
+ { 0x419014, 1, 0x04, 0x00000004 },
++ {}
+ };
+
+ static struct nvc0_graph_init
+@@ -717,6 +720,7 @@ nvc1_grctx_init_tpc[] = {
+ { 0x419e98, 1, 0x04, 0x00000000 },
+ { 0x419ee0, 1, 0x04, 0x00011110 },
+ { 0x419f30, 11, 0x04, 0x00000000 },
++ {}
+ };
+
+ void
+diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c
+index 438e784..c4740d5 100644
+--- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c
++++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c
+@@ -258,6 +258,7 @@ nvd7_grctx_init_hub[] = {
+ nvc0_grctx_init_unk78xx,
+ nvc0_grctx_init_unk80xx,
+ nvd9_grctx_init_rop,
++ NULL
+ };
+
+ struct nvc0_graph_init *
+diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c
+index 818a475..a1102cb 100644
+--- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c
++++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c
+@@ -466,6 +466,7 @@ nvd9_grctx_init_hub[] = {
+ nvc0_grctx_init_unk78xx,
+ nvc0_grctx_init_unk80xx,
+ nvd9_grctx_init_rop,
++ NULL
+ };
+
+ struct nvc0_graph_init *
+diff --git a/drivers/gpu/drm/shmobile/Kconfig b/drivers/gpu/drm/shmobile/Kconfig
+index ca498d1..5240690 100644
+--- a/drivers/gpu/drm/shmobile/Kconfig
++++ b/drivers/gpu/drm/shmobile/Kconfig
+@@ -1,6 +1,7 @@
+ config DRM_SHMOBILE
+ tristate "DRM Support for SH Mobile"
+ depends on DRM && (ARM || SUPERH)
++ select BACKLIGHT_CLASS_DEVICE
+ select DRM_KMS_HELPER
+ select DRM_KMS_CMA_HELPER
+ select DRM_GEM_CMA_HELPER
+diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
+index bbff5f2..fa92046 100644
+--- a/drivers/hv/channel_mgmt.c
++++ b/drivers/hv/channel_mgmt.c
+@@ -203,7 +203,8 @@ static void vmbus_process_rescind_offer(struct work_struct *work)
+ struct vmbus_channel *primary_channel;
+ struct vmbus_channel_relid_released msg;
+
+- vmbus_device_unregister(channel->device_obj);
++ if (channel->device_obj)
++ vmbus_device_unregister(channel->device_obj);
+ memset(&msg, 0, sizeof(struct vmbus_channel_relid_released));
+ msg.child_relid = channel->offermsg.child_relid;
+ msg.header.msgtype = CHANNELMSG_RELID_RELEASED;
+@@ -216,7 +217,7 @@ static void vmbus_process_rescind_offer(struct work_struct *work)
+ } else {
+ primary_channel = channel->primary_channel;
+ spin_lock_irqsave(&primary_channel->sc_lock, flags);
+- list_del(&channel->listentry);
++ list_del(&channel->sc_list);
+ spin_unlock_irqrestore(&primary_channel->sc_lock, flags);
+ }
+ free_channel(channel);
+diff --git a/drivers/hwmon/lm90.c b/drivers/hwmon/lm90.c
+index cdff742..14e36c1 100644
+--- a/drivers/hwmon/lm90.c
++++ b/drivers/hwmon/lm90.c
+@@ -278,7 +278,7 @@ static const struct lm90_params lm90_params[] = {
+ [max6696] = {
+ .flags = LM90_HAVE_EMERGENCY
+ | LM90_HAVE_EMERGENCY_ALARM | LM90_HAVE_TEMP3,
+- .alert_alarms = 0x187c,
++ .alert_alarms = 0x1c7c,
+ .max_convrate = 6,
+ .reg_local_ext = MAX6657_REG_R_LOCAL_TEMPL,
+ },
+@@ -1500,19 +1500,22 @@ static void lm90_alert(struct i2c_client *client, unsigned int flag)
+ if ((alarms & 0x7f) == 0 && (alarms2 & 0xfe) == 0) {
+ dev_info(&client->dev, "Everything OK\n");
+ } else {
+- if (alarms & 0x61)
++ if ((alarms & 0x61) || (alarms2 & 0x80))
+ dev_warn(&client->dev,
+ "temp%d out of range, please check!\n", 1);
+- if (alarms & 0x1a)
++ if ((alarms & 0x1a) || (alarms2 & 0x20))
+ dev_warn(&client->dev,
+ "temp%d out of range, please check!\n", 2);
+ if (alarms & 0x04)
+ dev_warn(&client->dev,
+ "temp%d diode open, please check!\n", 2);
+
+- if (alarms2 & 0x18)
++ if (alarms2 & 0x5a)
+ dev_warn(&client->dev,
+ "temp%d out of range, please check!\n", 3);
++ if (alarms2 & 0x04)
++ dev_warn(&client->dev,
++ "temp%d diode open, please check!\n", 3);
+
+ /*
+ * Disable ALERT# output, because these chips don't implement
+diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
+index fa6964d..f116d66 100644
+--- a/drivers/idle/intel_idle.c
++++ b/drivers/idle/intel_idle.c
+@@ -359,7 +359,7 @@ static int intel_idle(struct cpuidle_device *dev,
+ if (!(lapic_timer_reliable_states & (1 << (cstate))))
+ clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_ENTER, &cpu);
+
+- if (!need_resched()) {
++ if (!current_set_polling_and_test()) {
+
+ __monitor((void *)&current_thread_info()->flags, 0, 0);
+ smp_mb();
+diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c
+index 08e7023..9188ef5 100644
+--- a/drivers/memstick/core/ms_block.c
++++ b/drivers/memstick/core/ms_block.c
+@@ -401,7 +401,7 @@ again:
+ sizeof(struct ms_status_register)))
+ return 0;
+
+- msb->state = MSB_RP_RECEIVE_OOB_READ;
++ msb->state = MSB_RP_RECIVE_STATUS_REG;
+ return 0;
+
+ case MSB_RP_RECIVE_STATUS_REG:
+diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
+index 2fc0586..9cbd037 100644
+--- a/drivers/misc/lkdtm.c
++++ b/drivers/misc/lkdtm.c
+@@ -297,6 +297,14 @@ static void do_nothing(void)
+ return;
+ }
+
++static noinline void corrupt_stack(void)
++{
++ /* Use default char array length that triggers stack protection. */
++ char data[8];
++
++ memset((void *)data, 0, 64);
++}
++
+ static void execute_location(void *dst)
+ {
+ void (*func)(void) = dst;
+@@ -327,13 +335,9 @@ static void lkdtm_do_action(enum ctype which)
+ case CT_OVERFLOW:
+ (void) recursive_loop(0);
+ break;
+- case CT_CORRUPT_STACK: {
+- /* Make sure the compiler creates and uses an 8 char array. */
+- volatile char data[8];
+-
+- memset((void *)data, 0, 64);
++ case CT_CORRUPT_STACK:
++ corrupt_stack();
+ break;
+- }
+ case CT_UNALIGNED_LOAD_STORE_WRITE: {
+ static u8 data[5] __attribute__((aligned(4))) = {1, 2,
+ 3, 4, 5};
+diff --git a/drivers/misc/mei/nfc.c b/drivers/misc/mei/nfc.c
+index d0c6907..994ca4a 100644
+--- a/drivers/misc/mei/nfc.c
++++ b/drivers/misc/mei/nfc.c
+@@ -485,8 +485,11 @@ int mei_nfc_host_init(struct mei_device *dev)
+ if (ndev->cl_info)
+ return 0;
+
+- cl_info = mei_cl_allocate(dev);
+- cl = mei_cl_allocate(dev);
++ ndev->cl_info = mei_cl_allocate(dev);
++ ndev->cl = mei_cl_allocate(dev);
++
++ cl = ndev->cl;
++ cl_info = ndev->cl_info;
+
+ if (!cl || !cl_info) {
+ ret = -ENOMEM;
+@@ -527,10 +530,9 @@ int mei_nfc_host_init(struct mei_device *dev)
+
+ cl->device_uuid = mei_nfc_guid;
+
++
+ list_add_tail(&cl->device_link, &dev->device_list);
+
+- ndev->cl_info = cl_info;
+- ndev->cl = cl;
+ ndev->req_id = 1;
+
+ INIT_WORK(&ndev->init_work, mei_nfc_init);
+diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c
+index a668cd4..e3fc07c 100644
+--- a/drivers/net/can/c_can/c_can.c
++++ b/drivers/net/can/c_can/c_can.c
+@@ -814,9 +814,6 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota)
+ msg_ctrl_save = priv->read_reg(priv,
+ C_CAN_IFACE(MSGCTRL_REG, 0));
+
+- if (msg_ctrl_save & IF_MCONT_EOB)
+- return num_rx_pkts;
+-
+ if (msg_ctrl_save & IF_MCONT_MSGLST) {
+ c_can_handle_lost_msg_obj(dev, 0, msg_obj);
+ num_rx_pkts++;
+@@ -824,6 +821,9 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota)
+ continue;
+ }
+
++ if (msg_ctrl_save & IF_MCONT_EOB)
++ return num_rx_pkts;
++
+ if (!(msg_ctrl_save & IF_MCONT_NEWDAT))
+ continue;
+
+diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c
+index 3b95465..4b2d5ed 100644
+--- a/drivers/net/can/usb/kvaser_usb.c
++++ b/drivers/net/can/usb/kvaser_usb.c
+@@ -1544,9 +1544,9 @@ static int kvaser_usb_init_one(struct usb_interface *intf,
+ return 0;
+ }
+
+-static void kvaser_usb_get_endpoints(const struct usb_interface *intf,
+- struct usb_endpoint_descriptor **in,
+- struct usb_endpoint_descriptor **out)
++static int kvaser_usb_get_endpoints(const struct usb_interface *intf,
++ struct usb_endpoint_descriptor **in,
++ struct usb_endpoint_descriptor **out)
+ {
+ const struct usb_host_interface *iface_desc;
+ struct usb_endpoint_descriptor *endpoint;
+@@ -1557,12 +1557,18 @@ static void kvaser_usb_get_endpoints(const struct usb_interface *intf,
+ for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
+ endpoint = &iface_desc->endpoint[i].desc;
+
+- if (usb_endpoint_is_bulk_in(endpoint))
++ if (!*in && usb_endpoint_is_bulk_in(endpoint))
+ *in = endpoint;
+
+- if (usb_endpoint_is_bulk_out(endpoint))
++ if (!*out && usb_endpoint_is_bulk_out(endpoint))
+ *out = endpoint;
++
++ /* use first bulk endpoint for in and out */
++ if (*in && *out)
++ return 0;
+ }
++
++ return -ENODEV;
+ }
+
+ static int kvaser_usb_probe(struct usb_interface *intf,
+@@ -1576,8 +1582,8 @@ static int kvaser_usb_probe(struct usb_interface *intf,
+ if (!dev)
+ return -ENOMEM;
+
+- kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out);
+- if (!dev->bulk_in || !dev->bulk_out) {
++ err = kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out);
++ if (err) {
+ dev_err(&intf->dev, "Cannot get usb endpoint(s)");
+ return err;
+ }
+diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
+index fc95b23..6305a5d 100644
+--- a/drivers/net/ethernet/atheros/alx/main.c
++++ b/drivers/net/ethernet/atheros/alx/main.c
+@@ -1389,6 +1389,9 @@ static int alx_resume(struct device *dev)
+ {
+ struct pci_dev *pdev = to_pci_dev(dev);
+ struct alx_priv *alx = pci_get_drvdata(pdev);
++ struct alx_hw *hw = &alx->hw;
++
++ alx_reset_phy(hw);
+
+ if (!netif_running(alx->dev))
+ return 0;
+diff --git a/drivers/net/wireless/libertas/debugfs.c b/drivers/net/wireless/libertas/debugfs.c
+index 668dd27..cc6a0a5 100644
+--- a/drivers/net/wireless/libertas/debugfs.c
++++ b/drivers/net/wireless/libertas/debugfs.c
+@@ -913,7 +913,10 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf,
+ char *p2;
+ struct debug_data *d = f->private_data;
+
+- pdata = kmalloc(cnt, GFP_KERNEL);
++ if (cnt == 0)
++ return 0;
++
++ pdata = kmalloc(cnt + 1, GFP_KERNEL);
+ if (pdata == NULL)
+ return 0;
+
+@@ -922,6 +925,7 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf,
+ kfree(pdata);
+ return 0;
+ }
++ pdata[cnt] = '\0';
+
+ p0 = pdata;
+ for (i = 0; i < num_of_items; i++) {
+diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c
+index 88ce656..1400787 100644
+--- a/drivers/net/wireless/rt2x00/rt2800lib.c
++++ b/drivers/net/wireless/rt2x00/rt2800lib.c
+@@ -4461,10 +4461,13 @@ void rt2800_link_tuner(struct rt2x00_dev *rt2x00dev, struct link_qual *qual,
+
+ vgc = rt2800_get_default_vgc(rt2x00dev);
+
+- if (rt2x00_rt(rt2x00dev, RT5592) && qual->rssi > -65)
+- vgc += 0x20;
+- else if (qual->rssi > -80)
+- vgc += 0x10;
++ if (rt2x00_rt(rt2x00dev, RT5592)) {
++ if (qual->rssi > -65)
++ vgc += 0x20;
++ } else {
++ if (qual->rssi > -80)
++ vgc += 0x10;
++ }
+
+ rt2800_set_vgc(rt2x00dev, qual, vgc);
+ }
+diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c
+index 96961b9..4feb35a 100644
+--- a/drivers/net/wireless/rt2x00/rt2800usb.c
++++ b/drivers/net/wireless/rt2x00/rt2800usb.c
+@@ -148,6 +148,8 @@ static bool rt2800usb_txstatus_timeout(struct rt2x00_dev *rt2x00dev)
+ return false;
+ }
+
++#define TXSTATUS_READ_INTERVAL 1000000
++
+ static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev,
+ int urb_status, u32 tx_status)
+ {
+@@ -176,8 +178,9 @@ static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev,
+ queue_work(rt2x00dev->workqueue, &rt2x00dev->txdone_work);
+
+ if (rt2800usb_txstatus_pending(rt2x00dev)) {
+- /* Read register after 250 us */
+- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 250000),
++ /* Read register after 1 ms */
++ hrtimer_start(&rt2x00dev->txstatus_timer,
++ ktime_set(0, TXSTATUS_READ_INTERVAL),
+ HRTIMER_MODE_REL);
+ return false;
+ }
+@@ -202,8 +205,9 @@ static void rt2800usb_async_read_tx_status(struct rt2x00_dev *rt2x00dev)
+ if (test_and_set_bit(TX_STATUS_READING, &rt2x00dev->flags))
+ return;
+
+- /* Read TX_STA_FIFO register after 500 us */
+- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 500000),
++ /* Read TX_STA_FIFO register after 2 ms */
++ hrtimer_start(&rt2x00dev->txstatus_timer,
++ ktime_set(0, 2*TXSTATUS_READ_INTERVAL),
+ HRTIMER_MODE_REL);
+ }
+
+diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c
+index 712eea9..f12e909 100644
+--- a/drivers/net/wireless/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/rt2x00/rt2x00dev.c
+@@ -181,6 +181,7 @@ static void rt2x00lib_autowakeup(struct work_struct *work)
+ static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
+ struct ieee80211_vif *vif)
+ {
++ struct ieee80211_tx_control control = {};
+ struct rt2x00_dev *rt2x00dev = data;
+ struct sk_buff *skb;
+
+@@ -195,7 +196,7 @@ static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac,
+ */
+ skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
+ while (skb) {
+- rt2x00mac_tx(rt2x00dev->hw, NULL, skb);
++ rt2x00mac_tx(rt2x00dev->hw, &control, skb);
+ skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif);
+ }
+ }
+diff --git a/drivers/net/wireless/rt2x00/rt2x00lib.h b/drivers/net/wireless/rt2x00/rt2x00lib.h
+index a093598..7f40ab8 100644
+--- a/drivers/net/wireless/rt2x00/rt2x00lib.h
++++ b/drivers/net/wireless/rt2x00/rt2x00lib.h
+@@ -146,7 +146,7 @@ void rt2x00queue_remove_l2pad(struct sk_buff *skb, unsigned int header_length);
+ * @local: frame is not from mac80211
+ */
+ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
+- bool local);
++ struct ieee80211_sta *sta, bool local);
+
+ /**
+ * rt2x00queue_update_beacon - Send new beacon from mac80211
+diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c
+index f883802..f8cff1f 100644
+--- a/drivers/net/wireless/rt2x00/rt2x00mac.c
++++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
+@@ -90,7 +90,7 @@ static int rt2x00mac_tx_rts_cts(struct rt2x00_dev *rt2x00dev,
+ frag_skb->data, data_length, tx_info,
+ (struct ieee80211_rts *)(skb->data));
+
+- retval = rt2x00queue_write_tx_frame(queue, skb, true);
++ retval = rt2x00queue_write_tx_frame(queue, skb, NULL, true);
+ if (retval) {
+ dev_kfree_skb_any(skb);
+ rt2x00_warn(rt2x00dev, "Failed to send RTS/CTS frame\n");
+@@ -151,7 +151,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw,
+ goto exit_fail;
+ }
+
+- if (unlikely(rt2x00queue_write_tx_frame(queue, skb, false)))
++ if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false)))
+ goto exit_fail;
+
+ /*
+@@ -754,6 +754,9 @@ void rt2x00mac_flush(struct ieee80211_hw *hw, u32 queues, bool drop)
+ struct rt2x00_dev *rt2x00dev = hw->priv;
+ struct data_queue *queue;
+
++ if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags))
++ return;
++
+ tx_queue_for_each(rt2x00dev, queue)
+ rt2x00queue_flush_queue(queue, drop);
+ }
+diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c
+index 6c8a33b..66a2db8 100644
+--- a/drivers/net/wireless/rt2x00/rt2x00queue.c
++++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
+@@ -635,7 +635,7 @@ static void rt2x00queue_bar_check(struct queue_entry *entry)
+ }
+
+ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
+- bool local)
++ struct ieee80211_sta *sta, bool local)
+ {
+ struct ieee80211_tx_info *tx_info;
+ struct queue_entry *entry;
+@@ -649,7 +649,7 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb,
+ * after that we are free to use the skb->cb array
+ * for our information.
+ */
+- rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, NULL);
++ rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, sta);
+
+ /*
+ * All information is retrieved from the skb->cb array,
+diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
+index 03ca6c1..4e86e97 100644
+--- a/drivers/platform/x86/thinkpad_acpi.c
++++ b/drivers/platform/x86/thinkpad_acpi.c
+@@ -6420,7 +6420,12 @@ static struct ibm_struct brightness_driver_data = {
+ #define TPACPI_ALSA_SHRTNAME "ThinkPad Console Audio Control"
+ #define TPACPI_ALSA_MIXERNAME TPACPI_ALSA_SHRTNAME
+
+-static int alsa_index = ~((1 << (SNDRV_CARDS - 3)) - 1); /* last three slots */
++#if SNDRV_CARDS <= 32
++#define DEFAULT_ALSA_IDX ~((1 << (SNDRV_CARDS - 3)) - 1)
++#else
++#define DEFAULT_ALSA_IDX ~((1 << (32 - 3)) - 1)
++#endif
++static int alsa_index = DEFAULT_ALSA_IDX; /* last three slots */
+ static char *alsa_id = "ThinkPadEC";
+ static bool alsa_enable = SNDRV_DEFAULT_ENABLE1;
+
+diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
+index d85ac1a..fbcd48d 100644
+--- a/drivers/scsi/aacraid/commctrl.c
++++ b/drivers/scsi/aacraid/commctrl.c
+@@ -511,7 +511,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
+ goto cleanup;
+ }
+
+- if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) {
++ if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct user_sgentry))) ||
++ (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr)))) {
+ rcode = -EINVAL;
+ goto cleanup;
+ }
+diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
+index 8e76ddc..5a5e9c9 100644
+--- a/drivers/staging/android/ashmem.c
++++ b/drivers/staging/android/ashmem.c
+@@ -706,7 +706,7 @@ static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+ .gfp_mask = GFP_KERNEL,
+ .nr_to_scan = LONG_MAX,
+ };
+-
++ ret = ashmem_shrink_count(&ashmem_shrinker, &sc);
+ nodes_setall(sc.nodes_to_scan);
+ ashmem_shrink_scan(&ashmem_shrinker, &sc);
+ }
+diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
+index 1636c7c..a3af469 100644
+--- a/drivers/staging/comedi/comedi_fops.c
++++ b/drivers/staging/comedi/comedi_fops.c
+@@ -543,7 +543,7 @@ void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size)
+ {
+ s->private = kzalloc(size, GFP_KERNEL);
+ if (s->private)
+- comedi_set_subdevice_runflags(s, ~0, SRF_FREE_SPRIV);
++ s->runflags |= SRF_FREE_SPRIV;
+ return s->private;
+ }
+ EXPORT_SYMBOL_GPL(comedi_alloc_spriv);
+@@ -1485,7 +1485,8 @@ static int do_cmd_ioctl(struct comedi_device *dev,
+ if (async->cmd.flags & TRIG_WAKE_EOS)
+ async->cb_mask |= COMEDI_CB_EOS;
+
+- comedi_set_subdevice_runflags(s, ~0, SRF_USER | SRF_RUNNING);
++ comedi_set_subdevice_runflags(s, SRF_USER | SRF_ERROR | SRF_RUNNING,
++ SRF_USER | SRF_RUNNING);
+
+ /* set s->busy _after_ setting SRF_RUNNING flag to avoid race with
+ * comedi_read() or comedi_write() */
+diff --git a/drivers/staging/rtl8188eu/os_dep/os_intfs.c b/drivers/staging/rtl8188eu/os_dep/os_intfs.c
+index 63bc913..8b2b4a8 100644
+--- a/drivers/staging/rtl8188eu/os_dep/os_intfs.c
++++ b/drivers/staging/rtl8188eu/os_dep/os_intfs.c
+@@ -707,6 +707,10 @@ int rtw_init_netdev_name(struct net_device *pnetdev, const char *ifname)
+ return 0;
+ }
+
++static const struct device_type wlan_type = {
++ .name = "wlan",
++};
++
+ struct net_device *rtw_init_netdev(struct adapter *old_padapter)
+ {
+ struct adapter *padapter;
+@@ -722,6 +726,7 @@ struct net_device *rtw_init_netdev(struct adapter *old_padapter)
+ if (!pnetdev)
+ return NULL;
+
++ pnetdev->dev.type = &wlan_type;
+ padapter = rtw_netdev_priv(pnetdev);
+ padapter->pnetdev = pnetdev;
+ DBG_88E("register rtw_netdev_ops to netdev_ops\n");
+diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
+index 2c4ed52..012ba15 100644
+--- a/drivers/staging/zram/zram_drv.c
++++ b/drivers/staging/zram/zram_drv.c
+@@ -648,6 +648,9 @@ static ssize_t reset_store(struct device *dev,
+ zram = dev_to_zram(dev);
+ bdev = bdget_disk(zram->disk, 0);
+
++ if (!bdev)
++ return -ENOMEM;
++
+ /* Do not reset an active device! */
+ if (bdev->bd_holders)
+ return -EBUSY;
+@@ -660,8 +663,7 @@ static ssize_t reset_store(struct device *dev,
+ return -EINVAL;
+
+ /* Make sure all pending I/O is finished */
+- if (bdev)
+- fsync_bdev(bdev);
++ fsync_bdev(bdev);
+
+ zram_reset_device(zram, true);
+ return len;
+diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
+index f7841d4..689433c 100644
+--- a/drivers/usb/core/driver.c
++++ b/drivers/usb/core/driver.c
+@@ -1790,6 +1790,9 @@ int usb_set_usb2_hardware_lpm(struct usb_device *udev, int enable)
+ struct usb_hcd *hcd = bus_to_hcd(udev->bus);
+ int ret = -EPERM;
+
++ if (enable && !udev->usb2_hw_lpm_allowed)
++ return 0;
++
+ if (hcd->driver->set_usb2_hw_lpm) {
+ ret = hcd->driver->set_usb2_hw_lpm(hcd, udev, enable);
+ if (!ret)
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
+index 879651c..243c672 100644
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
+@@ -1135,6 +1135,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
+ usb_clear_port_feature(hub->hdev, port1,
+ USB_PORT_FEAT_C_ENABLE);
+ }
++ if (portchange & USB_PORT_STAT_C_RESET) {
++ need_debounce_delay = true;
++ usb_clear_port_feature(hub->hdev, port1,
++ USB_PORT_FEAT_C_RESET);
++ }
+ if ((portchange & USB_PORT_STAT_C_BH_RESET) &&
+ hub_is_superspeed(hub->hdev)) {
+ need_debounce_delay = true;
+@@ -3954,6 +3959,32 @@ static int hub_set_address(struct usb_device *udev, int devnum)
+ return retval;
+ }
+
++/*
++ * There are reports of USB 3.0 devices that say they support USB 2.0 Link PM
++ * when they're plugged into a USB 2.0 port, but they don't work when LPM is
++ * enabled.
++ *
++ * Only enable USB 2.0 Link PM if the port is internal (hardwired), or the
++ * device says it supports the new USB 2.0 Link PM errata by setting the BESL
++ * support bit in the BOS descriptor.
++ */
++static void hub_set_initial_usb2_lpm_policy(struct usb_device *udev)
++{
++ int connect_type;
++
++ if (!udev->usb2_hw_lpm_capable)
++ return;
++
++ connect_type = usb_get_hub_port_connect_type(udev->parent,
++ udev->portnum);
++
++ if ((udev->bos->ext_cap->bmAttributes & USB_BESL_SUPPORT) ||
++ connect_type == USB_PORT_CONNECT_TYPE_HARD_WIRED) {
++ udev->usb2_hw_lpm_allowed = 1;
++ usb_set_usb2_hardware_lpm(udev, 1);
++ }
++}
++
+ /* Reset device, (re)assign address, get device descriptor.
+ * Device connection must be stable, no more debouncing needed.
+ * Returns device in USB_STATE_ADDRESS, except on error.
+@@ -4247,6 +4278,7 @@ hub_port_init (struct usb_hub *hub, struct usb_device *udev, int port1,
+ /* notify HCD that we have a device connected and addressed */
+ if (hcd->driver->update_device)
+ hcd->driver->update_device(hcd, udev);
++ hub_set_initial_usb2_lpm_policy(udev);
+ fail:
+ if (retval) {
+ hub_port_disable(hub, port1, 0);
+@@ -5091,6 +5123,12 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
+ }
+ parent_hub = usb_hub_to_struct_hub(parent_hdev);
+
++ /* Disable USB2 hardware LPM.
++ * It will be re-enabled by the enumeration process.
++ */
++ if (udev->usb2_hw_lpm_enabled == 1)
++ usb_set_usb2_hardware_lpm(udev, 0);
++
+ bos = udev->bos;
+ udev->bos = NULL;
+
+@@ -5198,6 +5236,7 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
+
+ done:
+ /* Now that the alt settings are re-installed, enable LTM and LPM. */
++ usb_set_usb2_hardware_lpm(udev, 1);
+ usb_unlocked_enable_lpm(udev);
+ usb_enable_ltm(udev);
+ usb_release_bos_descriptor(udev);
+diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
+index 6d2c8ed..ca516ac 100644
+--- a/drivers/usb/core/sysfs.c
++++ b/drivers/usb/core/sysfs.c
+@@ -449,7 +449,7 @@ static ssize_t usb2_hardware_lpm_show(struct device *dev,
+ struct usb_device *udev = to_usb_device(dev);
+ const char *p;
+
+- if (udev->usb2_hw_lpm_enabled == 1)
++ if (udev->usb2_hw_lpm_allowed == 1)
+ p = "enabled";
+ else
+ p = "disabled";
+@@ -469,8 +469,10 @@ static ssize_t usb2_hardware_lpm_store(struct device *dev,
+
+ ret = strtobool(buf, &value);
+
+- if (!ret)
++ if (!ret) {
++ udev->usb2_hw_lpm_allowed = value;
+ ret = usb_set_usb2_hardware_lpm(udev, value);
++ }
+
+ usb_unlock_device(udev);
+
+diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
+index 83bcd13..49b8bd0 100644
+--- a/drivers/usb/host/xhci-mem.c
++++ b/drivers/usb/host/xhci-mem.c
+@@ -1693,9 +1693,7 @@ void xhci_free_command(struct xhci_hcd *xhci,
+ void xhci_mem_cleanup(struct xhci_hcd *xhci)
+ {
+ struct pci_dev *pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller);
+- struct dev_info *dev_info, *next;
+ struct xhci_cd *cur_cd, *next_cd;
+- unsigned long flags;
+ int size;
+ int i, j, num_ports;
+
+@@ -1756,13 +1754,6 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci)
+
+ scratchpad_free(xhci);
+
+- spin_lock_irqsave(&xhci->lock, flags);
+- list_for_each_entry_safe(dev_info, next, &xhci->lpm_failed_devs, list) {
+- list_del(&dev_info->list);
+- kfree(dev_info);
+- }
+- spin_unlock_irqrestore(&xhci->lock, flags);
+-
+ if (!xhci->rh_bw)
+ goto no_bw;
+
+@@ -2231,7 +2222,6 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags)
+ u32 page_size, temp;
+ int i;
+
+- INIT_LIST_HEAD(&xhci->lpm_failed_devs);
+ INIT_LIST_HEAD(&xhci->cancel_cmd_list);
+
+ page_size = xhci_readl(xhci, &xhci->op_regs->page_size);
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index 6e0d886..ed6c186 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -4025,133 +4025,6 @@ static int xhci_calculate_usb2_hw_lpm_params(struct usb_device *udev)
+ return PORT_BESLD(besld) | PORT_L1_TIMEOUT(l1) | PORT_HIRDM(hirdm);
+ }
+
+-static int xhci_usb2_software_lpm_test(struct usb_hcd *hcd,
+- struct usb_device *udev)
+-{
+- struct xhci_hcd *xhci = hcd_to_xhci(hcd);
+- struct dev_info *dev_info;
+- __le32 __iomem **port_array;
+- __le32 __iomem *addr, *pm_addr;
+- u32 temp, dev_id;
+- unsigned int port_num;
+- unsigned long flags;
+- int hird;
+- int ret;
+-
+- if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support ||
+- !udev->lpm_capable)
+- return -EINVAL;
+-
+- /* we only support lpm for non-hub device connected to root hub yet */
+- if (!udev->parent || udev->parent->parent ||
+- udev->descriptor.bDeviceClass == USB_CLASS_HUB)
+- return -EINVAL;
+-
+- spin_lock_irqsave(&xhci->lock, flags);
+-
+- /* Look for devices in lpm_failed_devs list */
+- dev_id = le16_to_cpu(udev->descriptor.idVendor) << 16 |
+- le16_to_cpu(udev->descriptor.idProduct);
+- list_for_each_entry(dev_info, &xhci->lpm_failed_devs, list) {
+- if (dev_info->dev_id == dev_id) {
+- ret = -EINVAL;
+- goto finish;
+- }
+- }
+-
+- port_array = xhci->usb2_ports;
+- port_num = udev->portnum - 1;
+-
+- if (port_num > HCS_MAX_PORTS(xhci->hcs_params1)) {
+- xhci_dbg(xhci, "invalid port number %d\n", udev->portnum);
+- ret = -EINVAL;
+- goto finish;
+- }
+-
+- /*
+- * Test USB 2.0 software LPM.
+- * FIXME: some xHCI 1.0 hosts may implement a new register to set up
+- * hardware-controlled USB 2.0 LPM. See section 5.4.11 and 4.23.5.1.1.1
+- * in the June 2011 errata release.
+- */
+- xhci_dbg(xhci, "test port %d software LPM\n", port_num);
+- /*
+- * Set L1 Device Slot and HIRD/BESL.
+- * Check device's USB 2.0 extension descriptor to determine whether
+- * HIRD or BESL shoule be used. See USB2.0 LPM errata.
+- */
+- pm_addr = port_array[port_num] + PORTPMSC;
+- hird = xhci_calculate_hird_besl(xhci, udev);
+- temp = PORT_L1DS(udev->slot_id) | PORT_HIRD(hird);
+- xhci_writel(xhci, temp, pm_addr);
+-
+- /* Set port link state to U2(L1) */
+- addr = port_array[port_num];
+- xhci_set_link_state(xhci, port_array, port_num, XDEV_U2);
+-
+- /* wait for ACK */
+- spin_unlock_irqrestore(&xhci->lock, flags);
+- msleep(10);
+- spin_lock_irqsave(&xhci->lock, flags);
+-
+- /* Check L1 Status */
+- ret = xhci_handshake(xhci, pm_addr,
+- PORT_L1S_MASK, PORT_L1S_SUCCESS, 125);
+- if (ret != -ETIMEDOUT) {
+- /* enter L1 successfully */
+- temp = xhci_readl(xhci, addr);
+- xhci_dbg(xhci, "port %d entered L1 state, port status 0x%x\n",
+- port_num, temp);
+- ret = 0;
+- } else {
+- temp = xhci_readl(xhci, pm_addr);
+- xhci_dbg(xhci, "port %d software lpm failed, L1 status %d\n",
+- port_num, temp & PORT_L1S_MASK);
+- ret = -EINVAL;
+- }
+-
+- /* Resume the port */
+- xhci_set_link_state(xhci, port_array, port_num, XDEV_U0);
+-
+- spin_unlock_irqrestore(&xhci->lock, flags);
+- msleep(10);
+- spin_lock_irqsave(&xhci->lock, flags);
+-
+- /* Clear PLC */
+- xhci_test_and_clear_bit(xhci, port_array, port_num, PORT_PLC);
+-
+- /* Check PORTSC to make sure the device is in the right state */
+- if (!ret) {
+- temp = xhci_readl(xhci, addr);
+- xhci_dbg(xhci, "resumed port %d status 0x%x\n", port_num, temp);
+- if (!(temp & PORT_CONNECT) || !(temp & PORT_PE) ||
+- (temp & PORT_PLS_MASK) != XDEV_U0) {
+- xhci_dbg(xhci, "port L1 resume fail\n");
+- ret = -EINVAL;
+- }
+- }
+-
+- if (ret) {
+- /* Insert dev to lpm_failed_devs list */
+- xhci_warn(xhci, "device LPM test failed, may disconnect and "
+- "re-enumerate\n");
+- dev_info = kzalloc(sizeof(struct dev_info), GFP_ATOMIC);
+- if (!dev_info) {
+- ret = -ENOMEM;
+- goto finish;
+- }
+- dev_info->dev_id = dev_id;
+- INIT_LIST_HEAD(&dev_info->list);
+- list_add(&dev_info->list, &xhci->lpm_failed_devs);
+- } else {
+- xhci_ring_device(xhci, udev->slot_id);
+- }
+-
+-finish:
+- spin_unlock_irqrestore(&xhci->lock, flags);
+- return ret;
+-}
+-
+ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd,
+ struct usb_device *udev, int enable)
+ {
+@@ -4228,7 +4101,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd,
+ }
+
+ pm_val &= ~PORT_HIRD_MASK;
+- pm_val |= PORT_HIRD(hird) | PORT_RWE;
++ pm_val |= PORT_HIRD(hird) | PORT_RWE | PORT_L1DS(udev->slot_id);
+ xhci_writel(xhci, pm_val, pm_addr);
+ pm_val = xhci_readl(xhci, pm_addr);
+ pm_val |= PORT_HLE;
+@@ -4236,7 +4109,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd,
+ /* flush write */
+ xhci_readl(xhci, pm_addr);
+ } else {
+- pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK);
++ pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK | PORT_L1DS_MASK);
+ xhci_writel(xhci, pm_val, pm_addr);
+ /* flush write */
+ xhci_readl(xhci, pm_addr);
+@@ -4279,24 +4152,26 @@ static int xhci_check_usb2_port_capability(struct xhci_hcd *xhci, int port,
+ int xhci_update_device(struct usb_hcd *hcd, struct usb_device *udev)
+ {
+ struct xhci_hcd *xhci = hcd_to_xhci(hcd);
+- int ret;
+ int portnum = udev->portnum - 1;
+
+- ret = xhci_usb2_software_lpm_test(hcd, udev);
+- if (!ret) {
+- xhci_dbg(xhci, "software LPM test succeed\n");
+- if (xhci->hw_lpm_support == 1 &&
+- xhci_check_usb2_port_capability(xhci, portnum, XHCI_HLC)) {
+- udev->usb2_hw_lpm_capable = 1;
+- udev->l1_params.timeout = XHCI_L1_TIMEOUT;
+- udev->l1_params.besl = XHCI_DEFAULT_BESL;
+- if (xhci_check_usb2_port_capability(xhci, portnum,
+- XHCI_BLC))
+- udev->usb2_hw_lpm_besl_capable = 1;
+- ret = xhci_set_usb2_hardware_lpm(hcd, udev, 1);
+- if (!ret)
+- udev->usb2_hw_lpm_enabled = 1;
+- }
++ if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support ||
++ !udev->lpm_capable)
++ return 0;
++
++ /* we only support lpm for non-hub device connected to root hub yet */
++ if (!udev->parent || udev->parent->parent ||
++ udev->descriptor.bDeviceClass == USB_CLASS_HUB)
++ return 0;
++
++ if (xhci->hw_lpm_support == 1 &&
++ xhci_check_usb2_port_capability(
++ xhci, portnum, XHCI_HLC)) {
++ udev->usb2_hw_lpm_capable = 1;
++ udev->l1_params.timeout = XHCI_L1_TIMEOUT;
++ udev->l1_params.besl = XHCI_DEFAULT_BESL;
++ if (xhci_check_usb2_port_capability(xhci, portnum,
++ XHCI_BLC))
++ udev->usb2_hw_lpm_besl_capable = 1;
+ }
+
+ return 0;
+diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
+index 941d5f5..ed3a425 100644
+--- a/drivers/usb/host/xhci.h
++++ b/drivers/usb/host/xhci.h
+@@ -383,6 +383,7 @@ struct xhci_op_regs {
+ #define PORT_RWE (1 << 3)
+ #define PORT_HIRD(p) (((p) & 0xf) << 4)
+ #define PORT_HIRD_MASK (0xf << 4)
++#define PORT_L1DS_MASK (0xff << 8)
+ #define PORT_L1DS(p) (((p) & 0xff) << 8)
+ #define PORT_HLE (1 << 16)
+
+diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c
+index cd70cc8..0d0d118 100644
+--- a/drivers/usb/musb/musb_core.c
++++ b/drivers/usb/musb/musb_core.c
+@@ -1809,6 +1809,7 @@ static void musb_free(struct musb *musb)
+ disable_irq_wake(musb->nIrq);
+ free_irq(musb->nIrq, musb);
+ }
++ cancel_work_sync(&musb->irq_work);
+ if (musb->dma_controller)
+ dma_controller_destroy(musb->dma_controller);
+
+@@ -1946,6 +1947,8 @@ musb_init_controller(struct device *dev, int nIrq, void __iomem *ctrl)
+ if (status < 0)
+ goto fail3;
+ status = musb_gadget_setup(musb);
++ if (status)
++ musb_host_cleanup(musb);
+ break;
+ default:
+ dev_err(dev, "unsupported port mode %d\n", musb->port_mode);
+@@ -1972,6 +1975,7 @@ fail5:
+
+ fail4:
+ musb_gadget_cleanup(musb);
++ musb_host_cleanup(musb);
+
+ fail3:
+ if (musb->dma_controller)
+diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
+index bd4138d..1edee79 100644
+--- a/drivers/usb/musb/musb_dsps.c
++++ b/drivers/usb/musb/musb_dsps.c
+@@ -121,6 +121,7 @@ struct dsps_glue {
+ unsigned long last_timer; /* last timer data for each instance */
+ };
+
++static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout);
+ /**
+ * dsps_musb_enable - enable interrupts
+ */
+@@ -143,6 +144,7 @@ static void dsps_musb_enable(struct musb *musb)
+ /* Force the DRVVBUS IRQ so we can start polling for ID change. */
+ dsps_writel(reg_base, wrp->coreintr_set,
+ (1 << wrp->drvvbus) << wrp->usb_shift);
++ dsps_musb_try_idle(musb, 0);
+ }
+
+ /**
+@@ -171,6 +173,7 @@ static void otg_timer(unsigned long _musb)
+ const struct dsps_musb_wrapper *wrp = glue->wrp;
+ u8 devctl;
+ unsigned long flags;
++ int skip_session = 0;
+
+ /*
+ * We poll because DSPS IP's won't expose several OTG-critical
+@@ -183,10 +186,12 @@ static void otg_timer(unsigned long _musb)
+ spin_lock_irqsave(&musb->lock, flags);
+ switch (musb->xceiv->state) {
+ case OTG_STATE_A_WAIT_BCON:
+- devctl &= ~MUSB_DEVCTL_SESSION;
+- dsps_writeb(musb->mregs, MUSB_DEVCTL, devctl);
++ dsps_writeb(musb->mregs, MUSB_DEVCTL, 0);
++ skip_session = 1;
++ /* fall */
+
+- devctl = dsps_readb(musb->mregs, MUSB_DEVCTL);
++ case OTG_STATE_A_IDLE:
++ case OTG_STATE_B_IDLE:
+ if (devctl & MUSB_DEVCTL_BDEVICE) {
+ musb->xceiv->state = OTG_STATE_B_IDLE;
+ MUSB_DEV_MODE(musb);
+@@ -194,20 +199,15 @@ static void otg_timer(unsigned long _musb)
+ musb->xceiv->state = OTG_STATE_A_IDLE;
+ MUSB_HST_MODE(musb);
+ }
++ if (!(devctl & MUSB_DEVCTL_SESSION) && !skip_session)
++ dsps_writeb(mregs, MUSB_DEVCTL, MUSB_DEVCTL_SESSION);
++ mod_timer(&glue->timer, jiffies + wrp->poll_seconds * HZ);
+ break;
+ case OTG_STATE_A_WAIT_VFALL:
+ musb->xceiv->state = OTG_STATE_A_WAIT_VRISE;
+ dsps_writel(musb->ctrl_base, wrp->coreintr_set,
+ MUSB_INTR_VBUSERROR << wrp->usb_shift);
+ break;
+- case OTG_STATE_B_IDLE:
+- devctl = dsps_readb(mregs, MUSB_DEVCTL);
+- if (devctl & MUSB_DEVCTL_BDEVICE)
+- mod_timer(&glue->timer,
+- jiffies + wrp->poll_seconds * HZ);
+- else
+- musb->xceiv->state = OTG_STATE_A_IDLE;
+- break;
+ default:
+ break;
+ }
+@@ -234,6 +234,9 @@ static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout)
+ if (musb->port_mode == MUSB_PORT_MODE_HOST)
+ return;
+
++ if (!musb->g.dev.driver)
++ return;
++
+ if (time_after(glue->last_timer, timeout) &&
+ timer_pending(&glue->timer)) {
+ dev_dbg(musb->controller,
+diff --git a/drivers/usb/musb/musb_virthub.c b/drivers/usb/musb/musb_virthub.c
+index d1d6b83..9af6bba 100644
+--- a/drivers/usb/musb/musb_virthub.c
++++ b/drivers/usb/musb/musb_virthub.c
+@@ -220,6 +220,23 @@ int musb_hub_status_data(struct usb_hcd *hcd, char *buf)
+ return retval;
+ }
+
++static int musb_has_gadget(struct musb *musb)
++{
++ /*
++ * In host-only mode we start a connection right away. In OTG mode
++ * we have to wait until we loaded a gadget. We don't really need a
++ * gadget if we operate as a host but we should not start a session
++ * as a device without a gadget or else we explode.
++ */
++#ifdef CONFIG_USB_MUSB_HOST
++ return 1;
++#else
++ if (musb->port_mode == MUSB_PORT_MODE_HOST)
++ return 1;
++ return musb->g.dev.driver != NULL;
++#endif
++}
++
+ int musb_hub_control(
+ struct usb_hcd *hcd,
+ u16 typeReq,
+@@ -362,7 +379,7 @@ int musb_hub_control(
+ * initialization logic, e.g. for OTG, or change any
+ * logic relating to VBUS power-up.
+ */
+- if (!hcd->self.is_b_host)
++ if (!hcd->self.is_b_host && musb_has_gadget(musb))
+ musb_start(musb);
+ break;
+ case USB_PORT_FEAT_RESET:
+diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
+index fdf9535..e5bdd98 100644
+--- a/drivers/usb/serial/mos7840.c
++++ b/drivers/usb/serial/mos7840.c
+@@ -1532,7 +1532,11 @@ static int mos7840_tiocmget(struct tty_struct *tty)
+ return -ENODEV;
+
+ status = mos7840_get_uart_reg(port, MODEM_STATUS_REGISTER, &msr);
++ if (status != 1)
++ return -EIO;
+ status = mos7840_get_uart_reg(port, MODEM_CONTROL_REGISTER, &mcr);
++ if (status != 1)
++ return -EIO;
+ result = ((mcr & MCR_DTR) ? TIOCM_DTR : 0)
+ | ((mcr & MCR_RTS) ? TIOCM_RTS : 0)
+ | ((mcr & MCR_LOOPBACK) ? TIOCM_LOOP : 0)
+diff --git a/drivers/usb/wusbcore/wa-rpipe.c b/drivers/usb/wusbcore/wa-rpipe.c
+index fd4f1ce..b5e4fc1 100644
+--- a/drivers/usb/wusbcore/wa-rpipe.c
++++ b/drivers/usb/wusbcore/wa-rpipe.c
+@@ -333,7 +333,10 @@ static int rpipe_aim(struct wa_rpipe *rpipe, struct wahc *wa,
+ /* FIXME: compute so seg_size > ep->maxpktsize */
+ rpipe->descr.wBlocks = cpu_to_le16(16); /* given */
+ /* ep0 maxpktsize is 0x200 (WUSB1.0[4.8.1]) */
+- rpipe->descr.wMaxPacketSize = cpu_to_le16(ep->desc.wMaxPacketSize);
++ if (usb_endpoint_xfer_isoc(&ep->desc))
++ rpipe->descr.wMaxPacketSize = epcd->wOverTheAirPacketSize;
++ else
++ rpipe->descr.wMaxPacketSize = ep->desc.wMaxPacketSize;
+
+ rpipe->descr.hwa_bMaxBurst = max(min_t(unsigned int,
+ epcd->bMaxBurst, 16U), 1U);
+diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
+index 4a35572..26450d8 100644
+--- a/fs/btrfs/relocation.c
++++ b/fs/btrfs/relocation.c
+@@ -4481,6 +4481,7 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len)
+ struct btrfs_root *root = BTRFS_I(inode)->root;
+ int ret;
+ u64 disk_bytenr;
++ u64 new_bytenr;
+ LIST_HEAD(list);
+
+ ordered = btrfs_lookup_ordered_extent(inode, file_pos);
+@@ -4492,13 +4493,24 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len)
+ if (ret)
+ goto out;
+
+- disk_bytenr = ordered->start;
+ while (!list_empty(&list)) {
+ sums = list_entry(list.next, struct btrfs_ordered_sum, list);
+ list_del_init(&sums->list);
+
+- sums->bytenr = disk_bytenr;
+- disk_bytenr += sums->len;
++ /*
++ * We need to offset the new_bytenr based on where the csum is.
++ * We need to do this because we will read in entire prealloc
++ * extents but we may have written to say the middle of the
++ * prealloc extent, so we need to make sure the csum goes with
++ * the right disk offset.
++ *
++ * We can do this because the data reloc inode refers strictly
++ * to the on disk bytes, so we don't have to worry about
++ * disk_len vs real len like with real inodes since it's all
++ * disk length.
++ */
++ new_bytenr = ordered->start + (sums->bytenr - disk_bytenr);
++ sums->bytenr = new_bytenr;
+
+ btrfs_add_ordered_sum(inode, ordered, sums);
+ }
+diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
+index 277bd1b..511d415 100644
+--- a/fs/configfs/dir.c
++++ b/fs/configfs/dir.c
+@@ -56,10 +56,19 @@ static void configfs_d_iput(struct dentry * dentry,
+ struct configfs_dirent *sd = dentry->d_fsdata;
+
+ if (sd) {
+- BUG_ON(sd->s_dentry != dentry);
+ /* Coordinate with configfs_readdir */
+ spin_lock(&configfs_dirent_lock);
+- sd->s_dentry = NULL;
++ /* Coordinate with configfs_attach_attr where will increase
++ * sd->s_count and update sd->s_dentry to new allocated one.
++ * Only set sd->dentry to null when this dentry is the only
++ * sd owner.
++ * If not do so, configfs_d_iput may run just after
++ * configfs_attach_attr and set sd->s_dentry to null
++ * even it's still in use.
++ */
++ if (atomic_read(&sd->s_count) <= 2)
++ sd->s_dentry = NULL;
++
+ spin_unlock(&configfs_dirent_lock);
+ configfs_put(sd);
+ }
+@@ -426,8 +435,11 @@ static int configfs_attach_attr(struct configfs_dirent * sd, struct dentry * den
+ struct configfs_attribute * attr = sd->s_element;
+ int error;
+
++ spin_lock(&configfs_dirent_lock);
+ dentry->d_fsdata = configfs_get(sd);
+ sd->s_dentry = dentry;
++ spin_unlock(&configfs_dirent_lock);
++
+ error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG,
+ configfs_init_file);
+ if (error) {
+diff --git a/fs/dcache.c b/fs/dcache.c
+index ae6ebb8..89f9671 100644
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -2881,9 +2881,9 @@ static int prepend_path(const struct path *path,
+ const struct path *root,
+ char **buffer, int *buflen)
+ {
+- struct dentry *dentry = path->dentry;
+- struct vfsmount *vfsmnt = path->mnt;
+- struct mount *mnt = real_mount(vfsmnt);
++ struct dentry *dentry;
++ struct vfsmount *vfsmnt;
++ struct mount *mnt;
+ int error = 0;
+ unsigned seq = 0;
+ char *bptr;
+@@ -2893,6 +2893,9 @@ static int prepend_path(const struct path *path,
+ restart:
+ bptr = *buffer;
+ blen = *buflen;
++ dentry = path->dentry;
++ vfsmnt = path->mnt;
++ mnt = real_mount(vfsmnt);
+ read_seqbegin_or_lock(&rename_lock, &seq);
+ while (dentry != root->dentry || vfsmnt != root->mnt) {
+ struct dentry * parent;
+diff --git a/fs/exec.c b/fs/exec.c
+index 8875dd1..bb8afc1 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1668,6 +1668,12 @@ int __get_dumpable(unsigned long mm_flags)
+ return (ret > SUID_DUMP_USER) ? SUID_DUMP_ROOT : ret;
+ }
+
++/*
++ * This returns the actual value of the suid_dumpable flag. For things
++ * that are using this for checking for privilege transitions, it must
++ * test against SUID_DUMP_USER rather than treating it as a boolean
++ * value.
++ */
+ int get_dumpable(struct mm_struct *mm)
+ {
+ return __get_dumpable(mm->flags);
+diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
+index ced3257..968d4c56 100644
+--- a/fs/gfs2/inode.c
++++ b/fs/gfs2/inode.c
+@@ -584,17 +584,17 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry,
+ if (!IS_ERR(inode)) {
+ d = d_splice_alias(inode, dentry);
+ error = 0;
+- if (file && !IS_ERR(d)) {
+- if (d == NULL)
+- d = dentry;
+- if (S_ISREG(inode->i_mode))
+- error = finish_open(file, d, gfs2_open_common, opened);
+- else
++ if (file) {
++ if (S_ISREG(inode->i_mode)) {
++ WARN_ON(d != NULL);
++ error = finish_open(file, dentry, gfs2_open_common, opened);
++ } else {
+ error = finish_no_open(file, d);
++ }
++ } else {
++ dput(d);
+ }
+ gfs2_glock_dq_uninit(ghs);
+- if (IS_ERR(d))
+- return PTR_ERR(d);
+ return error;
+ } else if (error != -ENOENT) {
+ goto fail_gunlock;
+@@ -781,8 +781,10 @@ static struct dentry *__gfs2_lookup(struct inode *dir, struct dentry *dentry,
+ error = finish_open(file, dentry, gfs2_open_common, opened);
+
+ gfs2_glock_dq_uninit(&gh);
+- if (error)
++ if (error) {
++ dput(d);
+ return ERR_PTR(error);
++ }
+ return d;
+ }
+
+@@ -1163,14 +1165,16 @@ static int gfs2_atomic_open(struct inode *dir, struct dentry *dentry,
+ d = __gfs2_lookup(dir, dentry, file, opened);
+ if (IS_ERR(d))
+ return PTR_ERR(d);
+- if (d == NULL)
+- d = dentry;
+- if (d->d_inode) {
++ if (d != NULL)
++ dentry = d;
++ if (dentry->d_inode) {
+ if (!(*opened & FILE_OPENED))
+- return finish_no_open(file, d);
++ return finish_no_open(file, dentry);
++ dput(d);
+ return 0;
+ }
+
++ BUG_ON(d != NULL);
+ if (!(flags & O_CREAT))
+ return -ENOENT;
+
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index d53d678..3b11565 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -1318,21 +1318,14 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data)
+ int ret;
+
+ if (!data->rpc_done) {
+- ret = data->rpc_status;
+- goto err;
++ if (data->rpc_status) {
++ ret = data->rpc_status;
++ goto err;
++ }
++ /* cached opens have already been processed */
++ goto update;
+ }
+
+- ret = -ESTALE;
+- if (!(data->f_attr.valid & NFS_ATTR_FATTR_TYPE) ||
+- !(data->f_attr.valid & NFS_ATTR_FATTR_FILEID) ||
+- !(data->f_attr.valid & NFS_ATTR_FATTR_CHANGE))
+- goto err;
+-
+- ret = -ENOMEM;
+- state = nfs4_get_open_state(inode, data->owner);
+- if (state == NULL)
+- goto err;
+-
+ ret = nfs_refresh_inode(inode, &data->f_attr);
+ if (ret)
+ goto err;
+@@ -1341,8 +1334,10 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data)
+
+ if (data->o_res.delegation_type != 0)
+ nfs4_opendata_check_deleg(data, state);
++update:
+ update_open_stateid(state, &data->o_res.stateid, NULL,
+ data->o_arg.fmode);
++ atomic_inc(&state->count);
+
+ return state;
+ err:
+@@ -4575,7 +4570,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
+ struct nfs4_label label = {0, 0, buflen, buf};
+
+ u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL };
+- struct nfs4_getattr_arg args = {
++ struct nfs4_getattr_arg arg = {
+ .fh = NFS_FH(inode),
+ .bitmask = bitmask,
+ };
+@@ -4586,14 +4581,14 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
+ };
+ struct rpc_message msg = {
+ .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETATTR],
+- .rpc_argp = &args,
++ .rpc_argp = &arg,
+ .rpc_resp = &res,
+ };
+ int ret;
+
+ nfs_fattr_init(&fattr);
+
+- ret = rpc_call_sync(server->client, &msg, 0);
++ ret = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 0);
+ if (ret)
+ return ret;
+ if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL))
+@@ -4630,7 +4625,7 @@ static int _nfs4_do_set_security_label(struct inode *inode,
+ struct iattr sattr = {0};
+ struct nfs_server *server = NFS_SERVER(inode);
+ const u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL };
+- struct nfs_setattrargs args = {
++ struct nfs_setattrargs arg = {
+ .fh = NFS_FH(inode),
+ .iap = &sattr,
+ .server = server,
+@@ -4644,14 +4639,14 @@ static int _nfs4_do_set_security_label(struct inode *inode,
+ };
+ struct rpc_message msg = {
+ .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_SETATTR],
+- .rpc_argp = &args,
++ .rpc_argp = &arg,
+ .rpc_resp = &res,
+ };
+ int status;
+
+- nfs4_stateid_copy(&args.stateid, &zero_stateid);
++ nfs4_stateid_copy(&arg.stateid, &zero_stateid);
+
+- status = rpc_call_sync(server->client, &msg, 0);
++ status = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 1);
+ if (status)
+ dprintk("%s failed: %d\n", __func__, status);
+
+@@ -5106,6 +5101,7 @@ static int _nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock
+ status = 0;
+ }
+ request->fl_ops->fl_release_private(request);
++ request->fl_ops = NULL;
+ out:
+ return status;
+ }
+diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
+index cc14cbb..ebced8d 100644
+--- a/fs/nfs/nfs4state.c
++++ b/fs/nfs/nfs4state.c
+@@ -1422,7 +1422,7 @@ restart:
+ if (status >= 0) {
+ status = nfs4_reclaim_locks(state, ops);
+ if (status >= 0) {
+- if (test_bit(NFS_DELEGATED_STATE, &state->flags) != 0) {
++ if (!test_bit(NFS_DELEGATED_STATE, &state->flags)) {
+ spin_lock(&state->state_lock);
+ list_for_each_entry(lock, &state->lock_states, ls_locks) {
+ if (!test_bit(NFS_LOCK_INITIALIZED, &lock->ls_flags))
+@@ -1881,10 +1881,15 @@ again:
+ nfs4_root_machine_cred(clp);
+ goto again;
+ }
+- if (i > 2)
++ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX)
+ break;
+ case -NFS4ERR_CLID_INUSE:
+ case -NFS4ERR_WRONGSEC:
++ /* No point in retrying if we already used RPC_AUTH_UNIX */
++ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) {
++ status = -EPERM;
++ break;
++ }
+ clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX);
+ if (IS_ERR(clnt)) {
+ status = PTR_ERR(clnt);
+diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
+index 5f38ea3..af51cf9 100644
+--- a/fs/nfsd/export.c
++++ b/fs/nfsd/export.c
+@@ -536,16 +536,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
+ if (err)
+ goto out3;
+ exp.ex_anon_uid= make_kuid(&init_user_ns, an_int);
+- if (!uid_valid(exp.ex_anon_uid))
+- goto out3;
+
+ /* anon gid */
+ err = get_int(&mesg, &an_int);
+ if (err)
+ goto out3;
+ exp.ex_anon_gid= make_kgid(&init_user_ns, an_int);
+- if (!gid_valid(exp.ex_anon_gid))
+- goto out3;
+
+ /* fsid */
+ err = get_int(&mesg, &an_int);
+@@ -583,6 +579,17 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen)
+ exp.ex_uuid);
+ if (err)
+ goto out4;
++ /*
++ * For some reason exportfs has been passing down an
++ * invalid (-1) uid & gid on the "dummy" export which it
++ * uses to test export support. To make sure exportfs
++ * sees errors from check_export we therefore need to
++ * delay these checks till after check_export:
++ */
++ if (!uid_valid(exp.ex_anon_uid))
++ goto out4;
++ if (!gid_valid(exp.ex_anon_gid))
++ goto out4;
+ }
+
+ expp = svc_export_lookup(&exp);
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
+index d9454fe..ecc735e 100644
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -141,8 +141,8 @@ xdr_error: \
+
+ static void next_decode_page(struct nfsd4_compoundargs *argp)
+ {
+- argp->pagelist++;
+ argp->p = page_address(argp->pagelist[0]);
++ argp->pagelist++;
+ if (argp->pagelen < PAGE_SIZE) {
+ argp->end = argp->p + (argp->pagelen>>2);
+ argp->pagelen = 0;
+@@ -411,6 +411,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
+ label->data = kzalloc(dummy32 + 1, GFP_KERNEL);
+ if (!label->data)
+ return nfserr_jukebox;
++ label->len = dummy32;
+ defer_free(argp, kfree, label->data);
+ memcpy(label->data, buf, dummy32);
+ }
+@@ -1208,6 +1209,7 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write)
+ len -= pages * PAGE_SIZE;
+
+ argp->p = (__be32 *)page_address(argp->pagelist[0]);
++ argp->pagelist++;
+ argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE);
+ }
+ argp->p += XDR_QUADLEN(len);
+diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
+index c827acb..72cb28e 100644
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -298,41 +298,12 @@ commit_metadata(struct svc_fh *fhp)
+ }
+
+ /*
+- * Set various file attributes.
+- * N.B. After this call fhp needs an fh_put
++ * Go over the attributes and take care of the small differences between
++ * NFS semantics and what Linux expects.
+ */
+-__be32
+-nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
+- int check_guard, time_t guardtime)
++static void
++nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap)
+ {
+- struct dentry *dentry;
+- struct inode *inode;
+- int accmode = NFSD_MAY_SATTR;
+- umode_t ftype = 0;
+- __be32 err;
+- int host_err;
+- int size_change = 0;
+-
+- if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE))
+- accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
+- if (iap->ia_valid & ATTR_SIZE)
+- ftype = S_IFREG;
+-
+- /* Get inode */
+- err = fh_verify(rqstp, fhp, ftype, accmode);
+- if (err)
+- goto out;
+-
+- dentry = fhp->fh_dentry;
+- inode = dentry->d_inode;
+-
+- /* Ignore any mode updates on symlinks */
+- if (S_ISLNK(inode->i_mode))
+- iap->ia_valid &= ~ATTR_MODE;
+-
+- if (!iap->ia_valid)
+- goto out;
+-
+ /*
+ * NFSv2 does not differentiate between "set-[ac]time-to-now"
+ * which only requires access, and "set-[ac]time-to-X" which
+@@ -342,8 +313,7 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
+ * convert to "set to now" instead of "set to explicit time"
+ *
+ * We only call inode_change_ok as the last test as technically
+- * it is not an interface that we should be using. It is only
+- * valid if the filesystem does not define it's own i_op->setattr.
++ * it is not an interface that we should be using.
+ */
+ #define BOTH_TIME_SET (ATTR_ATIME_SET | ATTR_MTIME_SET)
+ #define MAX_TOUCH_TIME_ERROR (30*60)
+@@ -369,30 +339,6 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
+ iap->ia_valid &= ~BOTH_TIME_SET;
+ }
+ }
+-
+- /*
+- * The size case is special.
+- * It changes the file as well as the attributes.
+- */
+- if (iap->ia_valid & ATTR_SIZE) {
+- if (iap->ia_size < inode->i_size) {
+- err = nfsd_permission(rqstp, fhp->fh_export, dentry,
+- NFSD_MAY_TRUNC|NFSD_MAY_OWNER_OVERRIDE);
+- if (err)
+- goto out;
+- }
+-
+- host_err = get_write_access(inode);
+- if (host_err)
+- goto out_nfserr;
+-
+- size_change = 1;
+- host_err = locks_verify_truncate(inode, NULL, iap->ia_size);
+- if (host_err) {
+- put_write_access(inode);
+- goto out_nfserr;
+- }
+- }
+
+ /* sanitize the mode change */
+ if (iap->ia_valid & ATTR_MODE) {
+@@ -415,32 +361,111 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
+ iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID);
+ }
+ }
++}
+
+- /* Change the attributes. */
++static __be32
++nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp,
++ struct iattr *iap)
++{
++ struct inode *inode = fhp->fh_dentry->d_inode;
++ int host_err;
+
+- iap->ia_valid |= ATTR_CTIME;
++ if (iap->ia_size < inode->i_size) {
++ __be32 err;
+
+- err = nfserr_notsync;
+- if (!check_guard || guardtime == inode->i_ctime.tv_sec) {
+- host_err = nfsd_break_lease(inode);
+- if (host_err)
+- goto out_nfserr;
+- fh_lock(fhp);
++ err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry,
++ NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE);
++ if (err)
++ return err;
++ }
+
+- host_err = notify_change(dentry, iap);
+- err = nfserrno(host_err);
+- fh_unlock(fhp);
++ host_err = get_write_access(inode);
++ if (host_err)
++ goto out_nfserrno;
++
++ host_err = locks_verify_truncate(inode, NULL, iap->ia_size);
++ if (host_err)
++ goto out_put_write_access;
++ return 0;
++
++out_put_write_access:
++ put_write_access(inode);
++out_nfserrno:
++ return nfserrno(host_err);
++}
++
++/*
++ * Set various file attributes. After this call fhp needs an fh_put.
++ */
++__be32
++nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap,
++ int check_guard, time_t guardtime)
++{
++ struct dentry *dentry;
++ struct inode *inode;
++ int accmode = NFSD_MAY_SATTR;
++ umode_t ftype = 0;
++ __be32 err;
++ int host_err;
++ int size_change = 0;
++
++ if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE))
++ accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE;
++ if (iap->ia_valid & ATTR_SIZE)
++ ftype = S_IFREG;
++
++ /* Get inode */
++ err = fh_verify(rqstp, fhp, ftype, accmode);
++ if (err)
++ goto out;
++
++ dentry = fhp->fh_dentry;
++ inode = dentry->d_inode;
++
++ /* Ignore any mode updates on symlinks */
++ if (S_ISLNK(inode->i_mode))
++ iap->ia_valid &= ~ATTR_MODE;
++
++ if (!iap->ia_valid)
++ goto out;
++
++ nfsd_sanitize_attrs(inode, iap);
++
++ /*
++ * The size case is special, it changes the file in addition to the
++ * attributes.
++ */
++ if (iap->ia_valid & ATTR_SIZE) {
++ err = nfsd_get_write_access(rqstp, fhp, iap);
++ if (err)
++ goto out;
++ size_change = 1;
+ }
++
++ iap->ia_valid |= ATTR_CTIME;
++
++ if (check_guard && guardtime != inode->i_ctime.tv_sec) {
++ err = nfserr_notsync;
++ goto out_put_write_access;
++ }
++
++ host_err = nfsd_break_lease(inode);
++ if (host_err)
++ goto out_put_write_access_nfserror;
++
++ fh_lock(fhp);
++ host_err = notify_change(dentry, iap);
++ fh_unlock(fhp);
++
++out_put_write_access_nfserror:
++ err = nfserrno(host_err);
++out_put_write_access:
+ if (size_change)
+ put_write_access(inode);
+ if (!err)
+ commit_metadata(fhp);
+ out:
+ return err;
+-
+-out_nfserr:
+- err = nfserrno(host_err);
+- goto out;
+ }
+
+ #if defined(CONFIG_NFSD_V2_ACL) || \
+diff --git a/fs/xfs/xfs_sb.c b/fs/xfs/xfs_sb.c
+index a5b59d9..0397081 100644
+--- a/fs/xfs/xfs_sb.c
++++ b/fs/xfs/xfs_sb.c
+@@ -596,6 +596,11 @@ xfs_sb_verify(
+ * single bit error could clear the feature bit and unused parts of the
+ * superblock are supposed to be zero. Hence a non-null crc field indicates that
+ * we've potentially lost a feature bit and we should check it anyway.
++ *
++ * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the
++ * last field in V4 secondary superblocks. So for secondary superblocks,
++ * we are more forgiving, and ignore CRC failures if the primary doesn't
++ * indicate that the fs version is V5.
+ */
+ static void
+ xfs_sb_read_verify(
+@@ -616,8 +621,12 @@ xfs_sb_read_verify(
+
+ if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize),
+ offsetof(struct xfs_sb, sb_crc))) {
+- error = EFSCORRUPTED;
+- goto out_error;
++ /* Only fail bad secondaries on a known V5 filesystem */
++ if (bp->b_bn != XFS_SB_DADDR &&
++ xfs_sb_version_hascrc(&mp->m_sb)) {
++ error = EFSCORRUPTED;
++ goto out_error;
++ }
+ }
+ }
+ error = xfs_sb_verify(bp, true);
+diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
+index e8112ae..7554fd4 100644
+--- a/include/linux/binfmts.h
++++ b/include/linux/binfmts.h
+@@ -99,9 +99,6 @@ extern void setup_new_exec(struct linux_binprm * bprm);
+ extern void would_dump(struct linux_binprm *, struct file *);
+
+ extern int suid_dumpable;
+-#define SUID_DUMP_DISABLE 0 /* No setuid dumping */
+-#define SUID_DUMP_USER 1 /* Dump as user of process */
+-#define SUID_DUMP_ROOT 2 /* Dump as root */
+
+ /* Stack area protections */
+ #define EXSTACK_DEFAULT 0 /* Whatever the arch defaults to */
+diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h
+index e36dee5..3859ddb 100644
+--- a/include/linux/nfs4.h
++++ b/include/linux/nfs4.h
+@@ -395,7 +395,7 @@ enum lock_type4 {
+ #define FATTR4_WORD1_FS_LAYOUT_TYPES (1UL << 30)
+ #define FATTR4_WORD2_LAYOUT_BLKSIZE (1UL << 1)
+ #define FATTR4_WORD2_MDSTHRESHOLD (1UL << 4)
+-#define FATTR4_WORD2_SECURITY_LABEL (1UL << 17)
++#define FATTR4_WORD2_SECURITY_LABEL (1UL << 16)
+
+ /* MDS threshold bitmap bits */
+ #define THRESHOLD_RD (1UL << 0)
+diff --git a/include/linux/sched.h b/include/linux/sched.h
+index e27baee..b1e963e 100644
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -322,6 +322,10 @@ static inline void arch_pick_mmap_layout(struct mm_struct *mm) {}
+ extern void set_dumpable(struct mm_struct *mm, int value);
+ extern int get_dumpable(struct mm_struct *mm);
+
++#define SUID_DUMP_DISABLE 0 /* No setuid dumping */
++#define SUID_DUMP_USER 1 /* Dump as user of process */
++#define SUID_DUMP_ROOT 2 /* Dump as root */
++
+ /* mm flags */
+ /* dumpable bits */
+ #define MMF_DUMPABLE 0 /* core dump is permitted */
+@@ -2474,34 +2478,98 @@ static inline int tsk_is_polling(struct task_struct *p)
+ {
+ return task_thread_info(p)->status & TS_POLLING;
+ }
+-static inline void current_set_polling(void)
++static inline void __current_set_polling(void)
+ {
+ current_thread_info()->status |= TS_POLLING;
+ }
+
+-static inline void current_clr_polling(void)
++static inline bool __must_check current_set_polling_and_test(void)
++{
++ __current_set_polling();
++
++ /*
++ * Polling state must be visible before we test NEED_RESCHED,
++ * paired by resched_task()
++ */
++ smp_mb();
++
++ return unlikely(tif_need_resched());
++}
++
++static inline void __current_clr_polling(void)
+ {
+ current_thread_info()->status &= ~TS_POLLING;
+- smp_mb__after_clear_bit();
++}
++
++static inline bool __must_check current_clr_polling_and_test(void)
++{
++ __current_clr_polling();
++
++ /*
++ * Polling state must be visible before we test NEED_RESCHED,
++ * paired by resched_task()
++ */
++ smp_mb();
++
++ return unlikely(tif_need_resched());
+ }
+ #elif defined(TIF_POLLING_NRFLAG)
+ static inline int tsk_is_polling(struct task_struct *p)
+ {
+ return test_tsk_thread_flag(p, TIF_POLLING_NRFLAG);
+ }
+-static inline void current_set_polling(void)
++
++static inline void __current_set_polling(void)
+ {
+ set_thread_flag(TIF_POLLING_NRFLAG);
+ }
+
+-static inline void current_clr_polling(void)
++static inline bool __must_check current_set_polling_and_test(void)
++{
++ __current_set_polling();
++
++ /*
++ * Polling state must be visible before we test NEED_RESCHED,
++ * paired by resched_task()
++ *
++ * XXX: assumes set/clear bit are identical barrier wise.
++ */
++ smp_mb__after_clear_bit();
++
++ return unlikely(tif_need_resched());
++}
++
++static inline void __current_clr_polling(void)
+ {
+ clear_thread_flag(TIF_POLLING_NRFLAG);
+ }
++
++static inline bool __must_check current_clr_polling_and_test(void)
++{
++ __current_clr_polling();
++
++ /*
++ * Polling state must be visible before we test NEED_RESCHED,
++ * paired by resched_task()
++ */
++ smp_mb__after_clear_bit();
++
++ return unlikely(tif_need_resched());
++}
++
+ #else
+ static inline int tsk_is_polling(struct task_struct *p) { return 0; }
+-static inline void current_set_polling(void) { }
+-static inline void current_clr_polling(void) { }
++static inline void __current_set_polling(void) { }
++static inline void __current_clr_polling(void) { }
++
++static inline bool __must_check current_set_polling_and_test(void)
++{
++ return unlikely(tif_need_resched());
++}
++static inline bool __must_check current_clr_polling_and_test(void)
++{
++ return unlikely(tif_need_resched());
++}
+ #endif
+
+ /*
+diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
+index e7e0473..4ae6f32 100644
+--- a/include/linux/thread_info.h
++++ b/include/linux/thread_info.h
+@@ -107,6 +107,8 @@ static inline int test_ti_thread_flag(struct thread_info *ti, int flag)
+ #define set_need_resched() set_thread_flag(TIF_NEED_RESCHED)
+ #define clear_need_resched() clear_thread_flag(TIF_NEED_RESCHED)
+
++#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED)
++
+ #if defined TIF_RESTORE_SIGMASK && !defined HAVE_SET_RESTORE_SIGMASK
+ /*
+ * An arch can define its own version of set_restore_sigmask() to get the
+diff --git a/include/linux/usb.h b/include/linux/usb.h
+index 001629c..39cfa0a 100644
+--- a/include/linux/usb.h
++++ b/include/linux/usb.h
+@@ -475,7 +475,8 @@ struct usb3_lpm_parameters {
+ * @lpm_capable: device supports LPM
+ * @usb2_hw_lpm_capable: device can perform USB2 hardware LPM
+ * @usb2_hw_lpm_besl_capable: device can perform USB2 hardware BESL LPM
+- * @usb2_hw_lpm_enabled: USB2 hardware LPM enabled
++ * @usb2_hw_lpm_enabled: USB2 hardware LPM is enabled
++ * @usb2_hw_lpm_allowed: Userspace allows USB 2.0 LPM to be enabled
+ * @usb3_lpm_enabled: USB3 hardware LPM enabled
+ * @string_langid: language ID for strings
+ * @product: iProduct string, if present (static)
+@@ -548,6 +549,7 @@ struct usb_device {
+ unsigned usb2_hw_lpm_capable:1;
+ unsigned usb2_hw_lpm_besl_capable:1;
+ unsigned usb2_hw_lpm_enabled:1;
++ unsigned usb2_hw_lpm_allowed:1;
+ unsigned usb3_lpm_enabled:1;
+ int string_langid;
+
+diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h
+index 9031a26..ae6c3b8 100644
+--- a/include/sound/compress_driver.h
++++ b/include/sound/compress_driver.h
+@@ -171,4 +171,13 @@ static inline void snd_compr_fragment_elapsed(struct snd_compr_stream *stream)
+ wake_up(&stream->runtime->sleep);
+ }
+
++static inline void snd_compr_drain_notify(struct snd_compr_stream *stream)
++{
++ if (snd_BUG_ON(!stream))
++ return;
++
++ stream->runtime->state = SNDRV_PCM_STATE_SETUP;
++ wake_up(&stream->runtime->sleep);
++}
++
+ #endif
+diff --git a/ipc/shm.c b/ipc/shm.c
+index d697396..7a51443 100644
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -208,15 +208,18 @@ static void shm_open(struct vm_area_struct *vma)
+ */
+ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp)
+ {
++ struct file *shm_file;
++
++ shm_file = shp->shm_file;
++ shp->shm_file = NULL;
+ ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ shm_rmid(ns, shp);
+ shm_unlock(shp);
+- if (!is_file_hugepages(shp->shm_file))
+- shmem_lock(shp->shm_file, 0, shp->mlock_user);
++ if (!is_file_hugepages(shm_file))
++ shmem_lock(shm_file, 0, shp->mlock_user);
+ else if (shp->mlock_user)
+- user_shm_unlock(file_inode(shp->shm_file)->i_size,
+- shp->mlock_user);
+- fput (shp->shm_file);
++ user_shm_unlock(file_inode(shm_file)->i_size, shp->mlock_user);
++ fput(shm_file);
+ ipc_rcu_putref(shp, shm_rcu_free);
+ }
+
+@@ -974,15 +977,25 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
+ ipc_lock_object(&shp->shm_perm);
+ if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) {
+ kuid_t euid = current_euid();
+- err = -EPERM;
+ if (!uid_eq(euid, shp->shm_perm.uid) &&
+- !uid_eq(euid, shp->shm_perm.cuid))
++ !uid_eq(euid, shp->shm_perm.cuid)) {
++ err = -EPERM;
+ goto out_unlock0;
+- if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK))
++ }
++ if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) {
++ err = -EPERM;
+ goto out_unlock0;
++ }
+ }
+
+ shm_file = shp->shm_file;
++
++ /* check if shm_destroy() is tearing down shp */
++ if (shm_file == NULL) {
++ err = -EIDRM;
++ goto out_unlock0;
++ }
++
+ if (is_file_hugepages(shm_file))
+ goto out_unlock0;
+
+@@ -1101,6 +1114,14 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+ goto out_unlock;
+
+ ipc_lock_object(&shp->shm_perm);
++
++ /* check if shm_destroy() is tearing down shp */
++ if (shp->shm_file == NULL) {
++ ipc_unlock_object(&shp->shm_perm);
++ err = -EIDRM;
++ goto out_unlock;
++ }
++
+ path = shp->shm_file->f_path;
+ path_get(&path);
+ shp->shm_nattch++;
+diff --git a/kernel/cpu/idle.c b/kernel/cpu/idle.c
+index e695c0a..c261409 100644
+--- a/kernel/cpu/idle.c
++++ b/kernel/cpu/idle.c
+@@ -44,7 +44,7 @@ static inline int cpu_idle_poll(void)
+ rcu_idle_enter();
+ trace_cpu_idle_rcuidle(0, smp_processor_id());
+ local_irq_enable();
+- while (!need_resched())
++ while (!tif_need_resched())
+ cpu_relax();
+ trace_cpu_idle_rcuidle(PWR_EVENT_EXIT, smp_processor_id());
+ rcu_idle_exit();
+@@ -92,8 +92,7 @@ static void cpu_idle_loop(void)
+ if (cpu_idle_force_poll || tick_check_broadcast_expired()) {
+ cpu_idle_poll();
+ } else {
+- current_clr_polling();
+- if (!need_resched()) {
++ if (!current_clr_polling_and_test()) {
+ stop_critical_timings();
+ rcu_idle_enter();
+ arch_cpu_idle();
+@@ -103,7 +102,7 @@ static void cpu_idle_loop(void)
+ } else {
+ local_irq_enable();
+ }
+- current_set_polling();
++ __current_set_polling();
+ }
+ arch_cpu_idle_exit();
+ }
+@@ -129,7 +128,7 @@ void cpu_startup_entry(enum cpuhp_state state)
+ */
+ boot_init_stack_canary();
+ #endif
+- current_set_polling();
++ __current_set_polling();
+ arch_cpu_idle_prepare();
+ cpu_idle_loop();
+ }
+diff --git a/kernel/ptrace.c b/kernel/ptrace.c
+index dd562e9..1f4bcb3 100644
+--- a/kernel/ptrace.c
++++ b/kernel/ptrace.c
+@@ -257,7 +257,8 @@ ok:
+ if (task->mm)
+ dumpable = get_dumpable(task->mm);
+ rcu_read_lock();
+- if (!dumpable && !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
++ if (dumpable != SUID_DUMP_USER &&
++ !ptrace_has_cap(__task_cred(task)->user_ns, mode)) {
+ rcu_read_unlock();
+ return -EPERM;
+ }
+diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c
+index 80c36bc..78e27e3 100644
+--- a/kernel/trace/trace_event_perf.c
++++ b/kernel/trace/trace_event_perf.c
+@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event,
+ {
+ /* The ftrace function trace is allowed only for root. */
+ if (ftrace_event_is_function(tp_event) &&
+- perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
++ perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+ /* No tracing, just counting, so no obvious leak */
+diff --git a/mm/slub.c b/mm/slub.c
+index c3eb3d3..96f2169 100644
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -1217,8 +1217,8 @@ static unsigned long kmem_cache_flags(unsigned long object_size,
+ /*
+ * Enable debugging if selected on the kernel commandline.
+ */
+- if (slub_debug && (!slub_debug_slabs ||
+- !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs))))
++ if (slub_debug && (!slub_debug_slabs || (name &&
++ !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs)))))
+ flags |= slub_debug;
+
+ return flags;
+diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
+index 0846566..cc24323 100644
+--- a/net/sunrpc/auth_gss/auth_gss.c
++++ b/net/sunrpc/auth_gss/auth_gss.c
+@@ -482,6 +482,7 @@ gss_alloc_msg(struct gss_auth *gss_auth,
+ switch (vers) {
+ case 0:
+ gss_encode_v0_msg(gss_msg);
++ break;
+ default:
+ gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name);
+ };
+diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
+index 7747960..941d19f 100644
+--- a/net/sunrpc/clnt.c
++++ b/net/sunrpc/clnt.c
+@@ -656,14 +656,16 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client);
+ /*
+ * Free an RPC client
+ */
+-static void
++static struct rpc_clnt *
+ rpc_free_client(struct rpc_clnt *clnt)
+ {
++ struct rpc_clnt *parent = NULL;
++
+ dprintk_rcu("RPC: destroying %s client for %s\n",
+ clnt->cl_program->name,
+ rcu_dereference(clnt->cl_xprt)->servername);
+ if (clnt->cl_parent != clnt)
+- rpc_release_client(clnt->cl_parent);
++ parent = clnt->cl_parent;
+ rpc_clnt_remove_pipedir(clnt);
+ rpc_unregister_client(clnt);
+ rpc_free_iostats(clnt->cl_metrics);
+@@ -672,18 +674,17 @@ rpc_free_client(struct rpc_clnt *clnt)
+ rpciod_down();
+ rpc_free_clid(clnt);
+ kfree(clnt);
++ return parent;
+ }
+
+ /*
+ * Free an RPC client
+ */
+-static void
++static struct rpc_clnt *
+ rpc_free_auth(struct rpc_clnt *clnt)
+ {
+- if (clnt->cl_auth == NULL) {
+- rpc_free_client(clnt);
+- return;
+- }
++ if (clnt->cl_auth == NULL)
++ return rpc_free_client(clnt);
+
+ /*
+ * Note: RPCSEC_GSS may need to send NULL RPC calls in order to
+@@ -694,7 +695,8 @@ rpc_free_auth(struct rpc_clnt *clnt)
+ rpcauth_release(clnt->cl_auth);
+ clnt->cl_auth = NULL;
+ if (atomic_dec_and_test(&clnt->cl_count))
+- rpc_free_client(clnt);
++ return rpc_free_client(clnt);
++ return NULL;
+ }
+
+ /*
+@@ -705,10 +707,13 @@ rpc_release_client(struct rpc_clnt *clnt)
+ {
+ dprintk("RPC: rpc_release_client(%p)\n", clnt);
+
+- if (list_empty(&clnt->cl_tasks))
+- wake_up(&destroy_wait);
+- if (atomic_dec_and_test(&clnt->cl_count))
+- rpc_free_auth(clnt);
++ do {
++ if (list_empty(&clnt->cl_tasks))
++ wake_up(&destroy_wait);
++ if (!atomic_dec_and_test(&clnt->cl_count))
++ break;
++ clnt = rpc_free_auth(clnt);
++ } while (clnt != NULL);
+ }
+ EXPORT_SYMBOL_GPL(rpc_release_client);
+
+diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
+index ee03d35..b752e1d 100644
+--- a/net/sunrpc/xprtsock.c
++++ b/net/sunrpc/xprtsock.c
+@@ -393,8 +393,10 @@ static int xs_send_kvec(struct socket *sock, struct sockaddr *addr, int addrlen,
+ return kernel_sendmsg(sock, &msg, NULL, 0, 0);
+ }
+
+-static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more)
++static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more, bool zerocopy)
+ {
++ ssize_t (*do_sendpage)(struct socket *sock, struct page *page,
++ int offset, size_t size, int flags);
+ struct page **ppage;
+ unsigned int remainder;
+ int err, sent = 0;
+@@ -403,6 +405,9 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
+ base += xdr->page_base;
+ ppage = xdr->pages + (base >> PAGE_SHIFT);
+ base &= ~PAGE_MASK;
++ do_sendpage = sock->ops->sendpage;
++ if (!zerocopy)
++ do_sendpage = sock_no_sendpage;
+ for(;;) {
+ unsigned int len = min_t(unsigned int, PAGE_SIZE - base, remainder);
+ int flags = XS_SENDMSG_FLAGS;
+@@ -410,7 +415,7 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
+ remainder -= len;
+ if (remainder != 0 || more)
+ flags |= MSG_MORE;
+- err = sock->ops->sendpage(sock, *ppage, base, len, flags);
++ err = do_sendpage(sock, *ppage, base, len, flags);
+ if (remainder == 0 || err != len)
+ break;
+ sent += err;
+@@ -431,9 +436,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
+ * @addrlen: UDP only -- length of destination address
+ * @xdr: buffer containing this request
+ * @base: starting position in the buffer
++ * @zerocopy: true if it is safe to use sendpage()
+ *
+ */
+-static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base)
++static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base, bool zerocopy)
+ {
+ unsigned int remainder = xdr->len - base;
+ int err, sent = 0;
+@@ -461,7 +467,7 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
+ if (base < xdr->page_len) {
+ unsigned int len = xdr->page_len - base;
+ remainder -= len;
+- err = xs_send_pagedata(sock, xdr, base, remainder != 0);
++ err = xs_send_pagedata(sock, xdr, base, remainder != 0, zerocopy);
+ if (remainder == 0 || err != len)
+ goto out;
+ sent += err;
+@@ -564,7 +570,7 @@ static int xs_local_send_request(struct rpc_task *task)
+ req->rq_svec->iov_base, req->rq_svec->iov_len);
+
+ status = xs_sendpages(transport->sock, NULL, 0,
+- xdr, req->rq_bytes_sent);
++ xdr, req->rq_bytes_sent, true);
+ dprintk("RPC: %s(%u) = %d\n",
+ __func__, xdr->len - req->rq_bytes_sent, status);
+ if (likely(status >= 0)) {
+@@ -620,7 +626,7 @@ static int xs_udp_send_request(struct rpc_task *task)
+ status = xs_sendpages(transport->sock,
+ xs_addr(xprt),
+ xprt->addrlen, xdr,
+- req->rq_bytes_sent);
++ req->rq_bytes_sent, true);
+
+ dprintk("RPC: xs_udp_send_request(%u) = %d\n",
+ xdr->len - req->rq_bytes_sent, status);
+@@ -693,6 +699,7 @@ static int xs_tcp_send_request(struct rpc_task *task)
+ struct rpc_xprt *xprt = req->rq_xprt;
+ struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
+ struct xdr_buf *xdr = &req->rq_snd_buf;
++ bool zerocopy = true;
+ int status;
+
+ xs_encode_stream_record_marker(&req->rq_snd_buf);
+@@ -700,13 +707,20 @@ static int xs_tcp_send_request(struct rpc_task *task)
+ xs_pktdump("packet data:",
+ req->rq_svec->iov_base,
+ req->rq_svec->iov_len);
++ /* Don't use zero copy if this is a resend. If the RPC call
++ * completes while the socket holds a reference to the pages,
++ * then we may end up resending corrupted data.
++ */
++ if (task->tk_flags & RPC_TASK_SENT)
++ zerocopy = false;
+
+ /* Continue transmitting the packet/record. We must be careful
+ * to cope with writespace callbacks arriving _after_ we have
+ * called sendmsg(). */
+ while (1) {
+ status = xs_sendpages(transport->sock,
+- NULL, 0, xdr, req->rq_bytes_sent);
++ NULL, 0, xdr, req->rq_bytes_sent,
++ zerocopy);
+
+ dprintk("RPC: xs_tcp_send_request(%u) = %d\n",
+ xdr->len - req->rq_bytes_sent, status);
+diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
+index 399433a..a9c3d3c 100644
+--- a/security/integrity/ima/ima_policy.c
++++ b/security/integrity/ima/ima_policy.c
+@@ -73,7 +73,6 @@ static struct ima_rule_entry default_rules[] = {
+ {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
+- {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
+ {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
+diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
+index bea523a..d9af638 100644
+--- a/sound/core/compress_offload.c
++++ b/sound/core/compress_offload.c
+@@ -680,14 +680,48 @@ static int snd_compr_stop(struct snd_compr_stream *stream)
+ return -EPERM;
+ retval = stream->ops->trigger(stream, SNDRV_PCM_TRIGGER_STOP);
+ if (!retval) {
+- stream->runtime->state = SNDRV_PCM_STATE_SETUP;
+- wake_up(&stream->runtime->sleep);
++ snd_compr_drain_notify(stream);
+ stream->runtime->total_bytes_available = 0;
+ stream->runtime->total_bytes_transferred = 0;
+ }
+ return retval;
+ }
+
++static int snd_compress_wait_for_drain(struct snd_compr_stream *stream)
++{
++ int ret;
++
++ /*
++ * We are called with lock held. So drop the lock while we wait for
++ * drain complete notfication from the driver
++ *
++ * It is expected that driver will notify the drain completion and then
++ * stream will be moved to SETUP state, even if draining resulted in an
++ * error. We can trigger next track after this.
++ */
++ stream->runtime->state = SNDRV_PCM_STATE_DRAINING;
++ mutex_unlock(&stream->device->lock);
++
++ /* we wait for drain to complete here, drain can return when
++ * interruption occurred, wait returned error or success.
++ * For the first two cases we don't do anything different here and
++ * return after waking up
++ */
++
++ ret = wait_event_interruptible(stream->runtime->sleep,
++ (stream->runtime->state != SNDRV_PCM_STATE_DRAINING));
++ if (ret == -ERESTARTSYS)
++ pr_debug("wait aborted by a signal");
++ else if (ret)
++ pr_debug("wait for drain failed with %d\n", ret);
++
++
++ wake_up(&stream->runtime->sleep);
++ mutex_lock(&stream->device->lock);
++
++ return ret;
++}
++
+ static int snd_compr_drain(struct snd_compr_stream *stream)
+ {
+ int retval;
+@@ -695,12 +729,15 @@ static int snd_compr_drain(struct snd_compr_stream *stream)
+ if (stream->runtime->state == SNDRV_PCM_STATE_PREPARED ||
+ stream->runtime->state == SNDRV_PCM_STATE_SETUP)
+ return -EPERM;
++
+ retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_DRAIN);
+- if (!retval) {
+- stream->runtime->state = SNDRV_PCM_STATE_DRAINING;
++ if (retval) {
++ pr_debug("SND_COMPR_TRIGGER_DRAIN failed %d\n", retval);
+ wake_up(&stream->runtime->sleep);
++ return retval;
+ }
+- return retval;
++
++ return snd_compress_wait_for_drain(stream);
+ }
+
+ static int snd_compr_next_track(struct snd_compr_stream *stream)
+@@ -736,9 +773,14 @@ static int snd_compr_partial_drain(struct snd_compr_stream *stream)
+ return -EPERM;
+
+ retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_PARTIAL_DRAIN);
++ if (retval) {
++ pr_debug("Partial drain returned failure\n");
++ wake_up(&stream->runtime->sleep);
++ return retval;
++ }
+
+ stream->next_track = false;
+- return retval;
++ return snd_compress_wait_for_drain(stream);
+ }
+
+ static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
+diff --git a/sound/drivers/pcsp/pcsp.c b/sound/drivers/pcsp/pcsp.c
+index 1c19cd7..83b8a9a 100644
+--- a/sound/drivers/pcsp/pcsp.c
++++ b/sound/drivers/pcsp/pcsp.c
+@@ -187,8 +187,8 @@ static int pcsp_probe(struct platform_device *dev)
+ static int pcsp_remove(struct platform_device *dev)
+ {
+ struct snd_pcsp *chip = platform_get_drvdata(dev);
+- alsa_card_pcsp_exit(chip);
+ pcspkr_input_remove(chip->input_dev);
++ alsa_card_pcsp_exit(chip);
+ return 0;
+ }
+
+diff --git a/sound/isa/msnd/msnd_pinnacle.c b/sound/isa/msnd/msnd_pinnacle.c
+index 81aeb93..0a90bd6 100644
+--- a/sound/isa/msnd/msnd_pinnacle.c
++++ b/sound/isa/msnd/msnd_pinnacle.c
+@@ -73,9 +73,11 @@
+ #ifdef MSND_CLASSIC
+ # include "msnd_classic.h"
+ # define LOGNAME "msnd_classic"
++# define DEV_NAME "msnd-classic"
+ #else
+ # include "msnd_pinnacle.h"
+ # define LOGNAME "snd_msnd_pinnacle"
++# define DEV_NAME "msnd-pinnacle"
+ #endif
+
+ static void set_default_audio_parameters(struct snd_msnd *chip)
+@@ -1067,8 +1069,6 @@ static int snd_msnd_isa_remove(struct device *pdev, unsigned int dev)
+ return 0;
+ }
+
+-#define DEV_NAME "msnd-pinnacle"
+-
+ static struct isa_driver snd_msnd_driver = {
+ .match = snd_msnd_isa_match,
+ .probe = snd_msnd_isa_probe,
+diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
+index 748c6a9..e938a68 100644
+--- a/sound/pci/hda/hda_codec.c
++++ b/sound/pci/hda/hda_codec.c
+@@ -2579,9 +2579,6 @@ int snd_hda_codec_reset(struct hda_codec *codec)
+ cancel_delayed_work_sync(&codec->jackpoll_work);
+ #ifdef CONFIG_PM
+ cancel_delayed_work_sync(&codec->power_work);
+- codec->power_on = 0;
+- codec->power_transition = 0;
+- codec->power_jiffies = jiffies;
+ flush_workqueue(bus->workq);
+ #endif
+ snd_hda_ctls_clear(codec);
+@@ -3991,6 +3988,10 @@ static void hda_call_codec_resume(struct hda_codec *codec)
+ * in the resume / power-save sequence
+ */
+ hda_keep_power_on(codec);
++ if (codec->pm_down_notified) {
++ codec->pm_down_notified = 0;
++ hda_call_pm_notify(codec->bus, true);
++ }
+ hda_set_power_state(codec, AC_PWRST_D0);
+ restore_shutup_pins(codec);
+ hda_exec_init_verbs(codec);
+diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
+index b7c89df..3067ed4 100644
+--- a/sound/pci/hda/hda_generic.c
++++ b/sound/pci/hda/hda_generic.c
+@@ -549,11 +549,15 @@ static hda_nid_t look_for_out_mute_nid(struct hda_codec *codec,
+ static hda_nid_t look_for_out_vol_nid(struct hda_codec *codec,
+ struct nid_path *path)
+ {
++ struct hda_gen_spec *spec = codec->spec;
+ int i;
+
+ for (i = path->depth - 1; i >= 0; i--) {
+- if (nid_has_volume(codec, path->path[i], HDA_OUTPUT))
+- return path->path[i];
++ hda_nid_t nid = path->path[i];
++ if ((spec->out_vol_mask >> nid) & 1)
++ continue;
++ if (nid_has_volume(codec, nid, HDA_OUTPUT))
++ return nid;
+ }
+ return 0;
+ }
+@@ -792,10 +796,10 @@ static void set_pin_eapd(struct hda_codec *codec, hda_nid_t pin, bool enable)
+ if (spec->own_eapd_ctl ||
+ !(snd_hda_query_pin_caps(codec, pin) & AC_PINCAP_EAPD))
+ return;
+- if (codec->inv_eapd)
+- enable = !enable;
+ if (spec->keep_eapd_on && !enable)
+ return;
++ if (codec->inv_eapd)
++ enable = !enable;
+ snd_hda_codec_update_cache(codec, pin, 0,
+ AC_VERB_SET_EAPD_BTLENABLE,
+ enable ? 0x02 : 0x00);
+diff --git a/sound/pci/hda/hda_generic.h b/sound/pci/hda/hda_generic.h
+index 48d4402..7e45cb4 100644
+--- a/sound/pci/hda/hda_generic.h
++++ b/sound/pci/hda/hda_generic.h
+@@ -242,6 +242,9 @@ struct hda_gen_spec {
+ /* additional mute flags (only effective with auto_mute_via_amp=1) */
+ u64 mute_bits;
+
++ /* bitmask for skipping volume controls */
++ u64 out_vol_mask;
++
+ /* badness tables for output path evaluations */
+ const struct badness_table *main_out_badness;
+ const struct badness_table *extra_out_badness;
+diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
+index 6e61a01..a63aff2 100644
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -612,6 +612,11 @@ enum {
+ #define AZX_DCAPS_INTEL_PCH \
+ (AZX_DCAPS_INTEL_PCH_NOPM | AZX_DCAPS_PM_RUNTIME)
+
++#define AZX_DCAPS_INTEL_HASWELL \
++ (AZX_DCAPS_SCH_SNOOP | AZX_DCAPS_ALIGN_BUFSIZE | \
++ AZX_DCAPS_COUNT_LPIB_DELAY | AZX_DCAPS_PM_RUNTIME | \
++ AZX_DCAPS_I915_POWERWELL)
++
+ /* quirks for ATI SB / AMD Hudson */
+ #define AZX_DCAPS_PRESET_ATI_SB \
+ (AZX_DCAPS_ATI_SNOOP | AZX_DCAPS_NO_TCSEL | \
+@@ -3987,14 +3992,11 @@ static DEFINE_PCI_DEVICE_TABLE(azx_ids) = {
+ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH },
+ /* Haswell */
+ { PCI_DEVICE(0x8086, 0x0a0c),
+- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH |
+- AZX_DCAPS_I915_POWERWELL },
++ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL },
+ { PCI_DEVICE(0x8086, 0x0c0c),
+- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH |
+- AZX_DCAPS_I915_POWERWELL },
++ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL },
+ { PCI_DEVICE(0x8086, 0x0d0c),
+- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH |
+- AZX_DCAPS_I915_POWERWELL },
++ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL },
+ /* 5 Series/3400 */
+ { PCI_DEVICE(0x8086, 0x3b56),
+ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_NOPM },
+diff --git a/sound/pci/hda/patch_analog.c b/sound/pci/hda/patch_analog.c
+index 2aa2f57..a52d2a1 100644
+--- a/sound/pci/hda/patch_analog.c
++++ b/sound/pci/hda/patch_analog.c
+@@ -219,8 +219,12 @@ static int alloc_ad_spec(struct hda_codec *codec)
+ static void ad_fixup_inv_jack_detect(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+ {
+- if (action == HDA_FIXUP_ACT_PRE_PROBE)
++ struct ad198x_spec *spec = codec->spec;
++
++ if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ codec->inv_jack_detect = 1;
++ spec->gen.keep_eapd_on = 1;
++ }
+ }
+
+ enum {
+diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
+index 18d9725..072755c 100644
+--- a/sound/pci/hda/patch_cirrus.c
++++ b/sound/pci/hda/patch_cirrus.c
+@@ -597,6 +597,7 @@ static int patch_cs420x(struct hda_codec *codec)
+ * Its layout is no longer compatible with CS4206/CS4207
+ */
+ enum {
++ CS4208_MAC_AUTO,
+ CS4208_MBA6,
+ CS4208_GPIO0,
+ };
+@@ -608,7 +609,12 @@ static const struct hda_model_fixup cs4208_models[] = {
+ };
+
+ static const struct snd_pci_quirk cs4208_fixup_tbl[] = {
+- /* codec SSID */
++ SND_PCI_QUIRK_VENDOR(0x106b, "Apple", CS4208_MAC_AUTO),
++ {} /* terminator */
++};
++
++/* codec SSID matching */
++static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6),
+ SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6),
+ {} /* terminator */
+@@ -626,6 +632,20 @@ static void cs4208_fixup_gpio0(struct hda_codec *codec,
+ }
+ }
+
++static const struct hda_fixup cs4208_fixups[];
++
++/* remap the fixup from codec SSID and apply it */
++static void cs4208_fixup_mac(struct hda_codec *codec,
++ const struct hda_fixup *fix, int action)
++{
++ if (action != HDA_FIXUP_ACT_PRE_PROBE)
++ return;
++ snd_hda_pick_fixup(codec, NULL, cs4208_mac_fixup_tbl, cs4208_fixups);
++ if (codec->fixup_id < 0 || codec->fixup_id == CS4208_MAC_AUTO)
++ codec->fixup_id = CS4208_GPIO0; /* default fixup */
++ snd_hda_apply_fixup(codec, action);
++}
++
+ static const struct hda_fixup cs4208_fixups[] = {
+ [CS4208_MBA6] = {
+ .type = HDA_FIXUP_PINS,
+@@ -637,6 +657,10 @@ static const struct hda_fixup cs4208_fixups[] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = cs4208_fixup_gpio0,
+ },
++ [CS4208_MAC_AUTO] = {
++ .type = HDA_FIXUP_FUNC,
++ .v.func = cs4208_fixup_mac,
++ },
+ };
+
+ /* correct the 0dB offset of input pins */
+@@ -660,6 +684,8 @@ static int patch_cs4208(struct hda_codec *codec)
+ return -ENOMEM;
+
+ spec->gen.automute_hook = cs_automute;
++ /* exclude NID 0x10 (HP) from output volumes due to different steps */
++ spec->gen.out_vol_mask = 1ULL << 0x10;
+
+ snd_hda_pick_fixup(codec, cs4208_models, cs4208_fixup_tbl,
+ cs4208_fixups);
+diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c
+index ec68eae..96f07ce 100644
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -3568,6 +3568,8 @@ static const struct hda_codec_preset snd_hda_preset_conexant[] = {
+ .patch = patch_conexant_auto },
+ { .id = 0x14f15115, .name = "CX20757",
+ .patch = patch_conexant_auto },
++ { .id = 0x14f151d7, .name = "CX20952",
++ .patch = patch_conexant_auto },
+ {} /* terminator */
+ };
+
+@@ -3594,6 +3596,7 @@ MODULE_ALIAS("snd-hda-codec-id:14f15111");
+ MODULE_ALIAS("snd-hda-codec-id:14f15113");
+ MODULE_ALIAS("snd-hda-codec-id:14f15114");
+ MODULE_ALIAS("snd-hda-codec-id:14f15115");
++MODULE_ALIAS("snd-hda-codec-id:14f151d7");
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Conexant HD-audio codec");
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
+index 8ad5543..2f39631 100644
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -1043,6 +1043,7 @@ enum {
+ ALC880_FIXUP_UNIWILL,
+ ALC880_FIXUP_UNIWILL_DIG,
+ ALC880_FIXUP_Z71V,
++ ALC880_FIXUP_ASUS_W5A,
+ ALC880_FIXUP_3ST_BASE,
+ ALC880_FIXUP_3ST,
+ ALC880_FIXUP_3ST_DIG,
+@@ -1213,6 +1214,26 @@ static const struct hda_fixup alc880_fixups[] = {
+ { }
+ }
+ },
++ [ALC880_FIXUP_ASUS_W5A] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ /* set up the whole pins as BIOS is utterly broken */
++ { 0x14, 0x0121411f }, /* HP */
++ { 0x15, 0x411111f0 }, /* N/A */
++ { 0x16, 0x411111f0 }, /* N/A */
++ { 0x17, 0x411111f0 }, /* N/A */
++ { 0x18, 0x90a60160 }, /* mic */
++ { 0x19, 0x411111f0 }, /* N/A */
++ { 0x1a, 0x411111f0 }, /* N/A */
++ { 0x1b, 0x411111f0 }, /* N/A */
++ { 0x1c, 0x411111f0 }, /* N/A */
++ { 0x1d, 0x411111f0 }, /* N/A */
++ { 0x1e, 0xb743111e }, /* SPDIF out */
++ { }
++ },
++ .chained = true,
++ .chain_id = ALC880_FIXUP_GPIO1,
++ },
+ [ALC880_FIXUP_3ST_BASE] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+@@ -1334,6 +1355,7 @@ static const struct hda_fixup alc880_fixups[] = {
+
+ static const struct snd_pci_quirk alc880_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x1019, 0x0f69, "Coeus G610P", ALC880_FIXUP_W810),
++ SND_PCI_QUIRK(0x1043, 0x10c3, "ASUS W5A", ALC880_FIXUP_ASUS_W5A),
+ SND_PCI_QUIRK(0x1043, 0x1964, "ASUS Z71V", ALC880_FIXUP_Z71V),
+ SND_PCI_QUIRK_VENDOR(0x1043, "ASUS", ALC880_FIXUP_GPIO1),
+ SND_PCI_QUIRK(0x1558, 0x5401, "Clevo GPIO2", ALC880_FIXUP_GPIO2),
+@@ -1479,6 +1501,7 @@ enum {
+ ALC260_FIXUP_KN1,
+ ALC260_FIXUP_FSC_S7020,
+ ALC260_FIXUP_FSC_S7020_JWSE,
++ ALC260_FIXUP_VAIO_PINS,
+ };
+
+ static void alc260_gpio1_automute(struct hda_codec *codec)
+@@ -1619,6 +1642,24 @@ static const struct hda_fixup alc260_fixups[] = {
+ .chained = true,
+ .chain_id = ALC260_FIXUP_FSC_S7020,
+ },
++ [ALC260_FIXUP_VAIO_PINS] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ /* Pin configs are missing completely on some VAIOs */
++ { 0x0f, 0x01211020 },
++ { 0x10, 0x0001003f },
++ { 0x11, 0x411111f0 },
++ { 0x12, 0x01a15930 },
++ { 0x13, 0x411111f0 },
++ { 0x14, 0x411111f0 },
++ { 0x15, 0x411111f0 },
++ { 0x16, 0x411111f0 },
++ { 0x17, 0x411111f0 },
++ { 0x18, 0x411111f0 },
++ { 0x19, 0x411111f0 },
++ { }
++ }
++ },
+ };
+
+ static const struct snd_pci_quirk alc260_fixup_tbl[] = {
+@@ -1627,6 +1668,8 @@ static const struct snd_pci_quirk alc260_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x1025, 0x008f, "Acer", ALC260_FIXUP_GPIO1),
+ SND_PCI_QUIRK(0x103c, 0x280a, "HP dc5750", ALC260_FIXUP_HP_DC5750),
+ SND_PCI_QUIRK(0x103c, 0x30ba, "HP Presario B1900", ALC260_FIXUP_HP_B1900),
++ SND_PCI_QUIRK(0x104d, 0x81bb, "Sony VAIO", ALC260_FIXUP_VAIO_PINS),
++ SND_PCI_QUIRK(0x104d, 0x81e2, "Sony VAIO TX", ALC260_FIXUP_HP_PIN_0F),
+ SND_PCI_QUIRK(0x10cf, 0x1326, "FSC LifeBook S7020", ALC260_FIXUP_FSC_S7020),
+ SND_PCI_QUIRK(0x1509, 0x4540, "Favorit 100XS", ALC260_FIXUP_GPIO1),
+ SND_PCI_QUIRK(0x152d, 0x0729, "Quanta KN1", ALC260_FIXUP_KN1),
+@@ -2388,6 +2431,7 @@ static const struct hda_verb alc268_beep_init_verbs[] = {
+ enum {
+ ALC268_FIXUP_INV_DMIC,
+ ALC268_FIXUP_HP_EAPD,
++ ALC268_FIXUP_SPDIF,
+ };
+
+ static const struct hda_fixup alc268_fixups[] = {
+@@ -2402,6 +2446,13 @@ static const struct hda_fixup alc268_fixups[] = {
+ {}
+ }
+ },
++ [ALC268_FIXUP_SPDIF] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ { 0x1e, 0x014b1180 }, /* enable SPDIF out */
++ {}
++ }
++ },
+ };
+
+ static const struct hda_model_fixup alc268_fixup_models[] = {
+@@ -2411,6 +2462,7 @@ static const struct hda_model_fixup alc268_fixup_models[] = {
+ };
+
+ static const struct snd_pci_quirk alc268_fixup_tbl[] = {
++ SND_PCI_QUIRK(0x1025, 0x0139, "Acer TravelMate 6293", ALC268_FIXUP_SPDIF),
+ SND_PCI_QUIRK(0x1025, 0x015b, "Acer AOA 150 (ZG5)", ALC268_FIXUP_INV_DMIC),
+ /* below is codec SSID since multiple Toshiba laptops have the
+ * same PCI SSID 1179:ff00
+@@ -2540,6 +2592,7 @@ enum {
+ ALC269_TYPE_ALC283,
+ ALC269_TYPE_ALC284,
+ ALC269_TYPE_ALC286,
++ ALC269_TYPE_ALC255,
+ };
+
+ /*
+@@ -2565,6 +2618,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec)
+ case ALC269_TYPE_ALC282:
+ case ALC269_TYPE_ALC283:
+ case ALC269_TYPE_ALC286:
++ case ALC269_TYPE_ALC255:
+ ssids = alc269_ssids;
+ break;
+ default:
+@@ -2944,6 +2998,23 @@ static void alc269_fixup_mic_mute_hook(void *private_data, int enabled)
+ snd_hda_set_pin_ctl_cache(codec, spec->mute_led_nid, pinval);
+ }
+
++/* Make sure the led works even in runtime suspend */
++static unsigned int led_power_filter(struct hda_codec *codec,
++ hda_nid_t nid,
++ unsigned int power_state)
++{
++ struct alc_spec *spec = codec->spec;
++
++ if (power_state != AC_PWRST_D3 || nid != spec->mute_led_nid)
++ return power_state;
++
++ /* Set pin ctl again, it might have just been set to 0 */
++ snd_hda_set_pin_ctl(codec, nid,
++ snd_hda_codec_get_pin_target(codec, nid));
++
++ return AC_PWRST_D0;
++}
++
+ static void alc269_fixup_hp_mute_led(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action)
+ {
+@@ -2963,6 +3034,7 @@ static void alc269_fixup_hp_mute_led(struct hda_codec *codec,
+ spec->mute_led_nid = pin - 0x0a + 0x18;
+ spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook;
+ spec->gen.vmaster_mute_enum = 1;
++ codec->power_filter = led_power_filter;
+ snd_printd("Detected mute LED for %x:%d\n", spec->mute_led_nid,
+ spec->mute_led_polarity);
+ break;
+@@ -2978,6 +3050,7 @@ static void alc269_fixup_hp_mute_led_mic1(struct hda_codec *codec,
+ spec->mute_led_nid = 0x18;
+ spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook;
+ spec->gen.vmaster_mute_enum = 1;
++ codec->power_filter = led_power_filter;
+ }
+ }
+
+@@ -2990,6 +3063,7 @@ static void alc269_fixup_hp_mute_led_mic2(struct hda_codec *codec,
+ spec->mute_led_nid = 0x19;
+ spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook;
+ spec->gen.vmaster_mute_enum = 1;
++ codec->power_filter = led_power_filter;
+ }
+ }
+
+@@ -3230,8 +3304,10 @@ static void alc_update_headset_mode(struct hda_codec *codec)
+ else
+ new_headset_mode = ALC_HEADSET_MODE_HEADPHONE;
+
+- if (new_headset_mode == spec->current_headset_mode)
++ if (new_headset_mode == spec->current_headset_mode) {
++ snd_hda_gen_update_outputs(codec);
+ return;
++ }
+
+ switch (new_headset_mode) {
+ case ALC_HEADSET_MODE_UNPLUGGED:
+@@ -3895,6 +3971,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x1028, 0x0608, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x0609, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x0613, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
++ SND_PCI_QUIRK(0x1028, 0x0614, "Dell Inspiron 3135", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x0616, "Dell Vostro 5470", ALC290_FIXUP_MONO_SPEAKERS),
+ SND_PCI_QUIRK(0x1028, 0x15cc, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x15cd, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE),
+@@ -4128,6 +4205,9 @@ static int patch_alc269(struct hda_codec *codec)
+ case 0x10ec0286:
+ spec->codec_variant = ALC269_TYPE_ALC286;
+ break;
++ case 0x10ec0255:
++ spec->codec_variant = ALC269_TYPE_ALC255;
++ break;
+ }
+
+ if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) {
+@@ -4842,6 +4922,7 @@ static int patch_alc680(struct hda_codec *codec)
+ static const struct hda_codec_preset snd_hda_preset_realtek[] = {
+ { .id = 0x10ec0221, .name = "ALC221", .patch = patch_alc269 },
+ { .id = 0x10ec0233, .name = "ALC233", .patch = patch_alc269 },
++ { .id = 0x10ec0255, .name = "ALC255", .patch = patch_alc269 },
+ { .id = 0x10ec0260, .name = "ALC260", .patch = patch_alc260 },
+ { .id = 0x10ec0262, .name = "ALC262", .patch = patch_alc262 },
+ { .id = 0x10ec0267, .name = "ALC267", .patch = patch_alc268 },
+diff --git a/sound/usb/6fire/chip.c b/sound/usb/6fire/chip.c
+index c39c779..66edc4a 100644
+--- a/sound/usb/6fire/chip.c
++++ b/sound/usb/6fire/chip.c
+@@ -101,7 +101,7 @@ static int usb6fire_chip_probe(struct usb_interface *intf,
+ usb_set_intfdata(intf, chips[i]);
+ mutex_unlock(&register_mutex);
+ return 0;
+- } else if (regidx < 0)
++ } else if (!devices[i] && regidx < 0)
+ regidx = i;
+ }
+ if (regidx < 0) {
+diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
+index 72a130b..c329c8f 100644
+--- a/virt/kvm/iommu.c
++++ b/virt/kvm/iommu.c
+@@ -103,6 +103,10 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+ while ((gfn << PAGE_SHIFT) & (page_size - 1))
+ page_size >>= 1;
+
++ /* Make sure hva is aligned to the page size we want to map */
++ while (__gfn_to_hva_memslot(slot, gfn) & (page_size - 1))
++ page_size >>= 1;
++
+ /*
+ * Pin all pages we are about to map in memory. This is
+ * important because we unmap and unpin in 4kb steps later.
diff --git a/3.12.1/4420_grsecurity-3.0-3.12.1-201311261522.patch b/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch
index 4b0fd79..284b9ed 100644
--- a/3.12.1/4420_grsecurity-3.0-3.12.1-201311261522.patch
+++ b/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch
@@ -281,7 +281,7 @@ index fcbb736..5508d8c 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index eb29ec7..876409e 100644
+index e6e72b6..570e70a 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3559,7 +3559,7 @@ index 17ca1ae..beba869 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index d9ee0ff..24f224a 100644
+index 3d5db8c..ddfa144 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops {
@@ -8120,10 +8120,10 @@ index 9a0d24c..e7fbedf 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
-index bebdf1a..7a9e095 100644
+index 36d49e6..9147e39d 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
-@@ -996,7 +996,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
+@@ -1004,7 +1004,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
/* Save user registers on the stack */
frame = &rt_sf->uc.uc_mcontext;
addr = frame;
@@ -8371,7 +8371,7 @@ index cb8bdbe..d770680 100644
}
}
diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
-index 3e99c14..f00953c 100644
+index 7ce9cf3..a964087 100644
--- a/arch/powerpc/mm/slice.c
+++ b/arch/powerpc/mm/slice.c
@@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr,
@@ -20089,7 +20089,7 @@ index 7d9481c..99c7e4b 100644
.notifier_call = cpuid_class_cpu_callback,
};
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
-index e0e0841..da37e6f 100644
+index 18677a9..f67c45b 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -58,10 +58,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
@@ -22493,7 +22493,7 @@ index b077f4c..feb26c1 100644
/*
* End of kprobes section
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index 42a392a..fbbd930 100644
+index d4bdd25..912664c 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
@@ -22523,7 +22523,7 @@ index 42a392a..fbbd930 100644
new = ftrace_call_replace(ip, (unsigned long)func);
ret = ftrace_modify_code(ip, old, new);
}
-@@ -279,7 +281,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size)
+@@ -291,7 +293,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size)
* kernel identity mapping to modify code.
*/
if (within(ip, (unsigned long)_text, (unsigned long)_etext))
@@ -22532,7 +22532,7 @@ index 42a392a..fbbd930 100644
return probe_kernel_write((void *)ip, val, size);
}
-@@ -289,7 +291,7 @@ static int add_break(unsigned long ip, const char *old)
+@@ -301,7 +303,7 @@ static int add_break(unsigned long ip, const char *old)
unsigned char replaced[MCOUNT_INSN_SIZE];
unsigned char brk = BREAKPOINT_INSTRUCTION;
@@ -22541,7 +22541,7 @@ index 42a392a..fbbd930 100644
return -EFAULT;
/* Make sure it is what we expect it to be */
-@@ -637,7 +639,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
+@@ -649,7 +651,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code,
return ret;
fail_update:
@@ -22550,7 +22550,7 @@ index 42a392a..fbbd930 100644
goto out;
}
-@@ -670,6 +672,8 @@ static int ftrace_mod_jmp(unsigned long ip,
+@@ -682,6 +684,8 @@ static int ftrace_mod_jmp(unsigned long ip,
{
unsigned char code[MCOUNT_INSN_SIZE];
@@ -24479,7 +24479,7 @@ index 6c483ba..d10ce2f 100644
static struct dma_map_ops swiotlb_dma_ops = {
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index c83516b..432ad6d 100644
+index 3fb8d95..254dc51 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -36,7 +36,8 @@
@@ -24926,7 +24926,7 @@ index a16bae3..1f65f25 100644
return ret;
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
-index 7e920bf..cc24446 100644
+index 618ce26..ec7e21c 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -68,6 +68,11 @@ static int __init set_bios_reboot(const struct dmi_system_id *d)
@@ -34658,10 +34658,10 @@ index 9515f18..4b149c9 100644
.callback = dmi_disable_osi_vista,
.ident = "Fujitsu Siemens",
diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
-index f98dd00..7b69865 100644
+index c7414a5..d5afd71 100644
--- a/drivers/acpi/processor_idle.c
+++ b/drivers/acpi/processor_idle.c
-@@ -992,7 +992,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
+@@ -966,7 +966,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
{
int i, count = CPUIDLE_DRIVER_STATE_START;
struct acpi_processor_cx *cx;
@@ -36406,7 +36406,7 @@ index cc29cd3..d4b058b 100644
static struct asender_cmd asender_tbl[] = {
[P_PING] = { 0, got_Ping },
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index 40e7155..df5c79a 100644
+index 2f036ca..68d3f40 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -232,7 +232,7 @@ static int __do_lo_send_write(struct file *file,
@@ -44637,7 +44637,7 @@ index fe4c572..99dedfa 100644
static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c
-index 6c8a33b..78212fa 100644
+index 66a2db8..70cad04 100644
--- a/drivers/net/wireless/rt2x00/rt2x00queue.c
+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
@@ -252,9 +252,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
@@ -45225,7 +45225,7 @@ index 13ec195..6af61af 100644
static ssize_t sony_nc_highspeed_charging_store(struct device *dev,
struct device_attribute *attr,
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
-index 03ca6c1..1ef2ddd 100644
+index 4e86e97..04d50d1 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -2091,7 +2091,7 @@ static int hotkey_mask_get(void)
@@ -48770,7 +48770,7 @@ index f20a044..d1059aa 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 879651c..87e0131 100644
+index 243c672..8b66fbb 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
@@ -48781,7 +48781,7 @@ index 879651c..87e0131 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -4435,6 +4436,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -4467,6 +4468,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
goto done;
return;
}
@@ -48824,7 +48824,7 @@ index 82927e1..4993dbf 100644
{
struct urb *urb;
diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
-index 6d2c8ed..3a794ca 100644
+index ca516ac..6c36ee4 100644
--- a/drivers/usb/core/sysfs.c
+++ b/drivers/usb/core/sysfs.c
@@ -236,7 +236,7 @@ static ssize_t urbnum_show(struct device *dev, struct device_attribute *attr,
@@ -54804,10 +54804,10 @@ index 5d19acf..9ab093b 100644
return 1;
if (a < b)
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
-index 277bd1b..f312c9e 100644
+index 511d415..319d0e5 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
-@@ -1546,7 +1546,8 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx)
+@@ -1558,7 +1558,8 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx)
}
for (p = q->next; p != &parent_sd->s_children; p = p->next) {
struct configfs_dirent *next;
@@ -54817,7 +54817,7 @@ index 277bd1b..f312c9e 100644
int len;
struct inode *inode = NULL;
-@@ -1555,7 +1556,12 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx)
+@@ -1567,7 +1568,12 @@ static int configfs_readdir(struct file *file, struct dir_context *ctx)
continue;
name = configfs_get_name(next);
@@ -54929,34 +54929,18 @@ index 9bdeca1..2247b92 100644
EXPORT_SYMBOL(dump_write);
diff --git a/fs/dcache.c b/fs/dcache.c
-index ae6ebb8..5977a84 100644
+index 89f9671..5977a84 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -2881,9 +2881,9 @@ static int prepend_path(const struct path *path,
- const struct path *root,
- char **buffer, int *buflen)
- {
-- struct dentry *dentry = path->dentry;
-- struct vfsmount *vfsmnt = path->mnt;
-- struct mount *mnt = real_mount(vfsmnt);
-+ struct dentry *dentry;
-+ struct vfsmount *vfsmnt;
-+ struct mount *mnt;
- int error = 0;
- unsigned seq = 0;
- char *bptr;
-@@ -2893,6 +2893,10 @@ static int prepend_path(const struct path *path,
+@@ -2893,6 +2893,7 @@ static int prepend_path(const struct path *path,
restart:
bptr = *buffer;
blen = *buflen;
+ error = 0;
-+ dentry = path->dentry;
-+ vfsmnt = path->mnt;
-+ mnt = real_mount(vfsmnt);
- read_seqbegin_or_lock(&rename_lock, &seq);
- while (dentry != root->dentry || vfsmnt != root->mnt) {
- struct dentry * parent;
-@@ -3429,7 +3433,8 @@ void __init vfs_caches_init(unsigned long mempages)
+ dentry = path->dentry;
+ vfsmnt = path->mnt;
+ mnt = real_mount(vfsmnt);
+@@ -3432,7 +3433,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -55018,7 +55002,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 8875dd1..c53682a 100644
+index bb8afc1..2f5087e 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,8 +55,20 @@
@@ -55501,7 +55485,7 @@ index 8875dd1..c53682a 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1700,3 +1874,295 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+@@ -1706,3 +1880,295 @@ asmlinkage long compat_sys_execve(const char __user * filename,
return error;
}
#endif
@@ -57718,10 +57702,10 @@ index b7989f2..1f72ec4 100644
if (!IS_ERR(link))
free_page((unsigned long) link);
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
-index ced3257..b5c3b942 100644
+index 968d4c56..54a398d 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
-@@ -1508,7 +1508,7 @@ out:
+@@ -1512,7 +1512,7 @@ out:
static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
@@ -58644,27 +58628,6 @@ index eda8879..bfc6837 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
-diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
-index cc14cbb..6021bb6 100644
---- a/fs/nfs/nfs4state.c
-+++ b/fs/nfs/nfs4state.c
-@@ -1881,10 +1881,15 @@ again:
- nfs4_root_machine_cred(clp);
- goto again;
- }
-- if (i > 2)
-+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX)
- break;
- case -NFS4ERR_CLID_INUSE:
- case -NFS4ERR_WRONGSEC:
-+ /* No point in retrying if we already used RPC_AUTH_UNIX */
-+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) {
-+ status = -EPERM;
-+ break;
-+ }
- clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX);
- if (IS_ERR(clnt)) {
- status = PTR_ERR(clnt);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 419572f..5414a23 100644
--- a/fs/nfsd/nfs4proc.c
@@ -58679,10 +58642,10 @@ index 419572f..5414a23 100644
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index d9454fe..855c9d1 100644
+index ecc735e..79b2d31 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
-@@ -1498,7 +1498,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
+@@ -1500,7 +1500,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
@@ -58691,7 +58654,7 @@ index d9454fe..855c9d1 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1538,7 +1538,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
+@@ -1540,7 +1540,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
[OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
};
@@ -58700,7 +58663,7 @@ index d9454fe..855c9d1 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1600,7 +1600,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
+@@ -1602,7 +1602,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
};
struct nfsd4_minorversion_ops {
@@ -58735,10 +58698,10 @@ index 9186c7c..3fdde3e 100644
/* Don't cache excessive amounts of data and XDR failures */
if (!statp || len > (256 >> 2)) {
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index c827acb..b253b77 100644
+index 72cb28e..5b5f87d 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
-@@ -968,7 +968,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -993,7 +993,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
@@ -58747,7 +58710,7 @@ index c827acb..b253b77 100644
set_fs(oldfs);
}
-@@ -1055,7 +1055,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -1080,7 +1080,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -58756,7 +58719,7 @@ index c827acb..b253b77 100644
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
-@@ -1601,7 +1601,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
+@@ -1626,7 +1626,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
*/
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -73214,7 +73177,7 @@ index 729a4d1..9b304ae 100644
static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
{
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index e8112ae..05b8e7f 100644
+index 7554fd4..0f86379 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -73,8 +73,10 @@ struct linux_binfmt {
@@ -77219,7 +77182,7 @@ index 6dacb93..6174423 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index e27baee..aaef421 100644
+index b1e963e..114b8fd 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -62,6 +62,7 @@ struct bio_list;
@@ -77259,7 +77222,7 @@ index e27baee..aaef421 100644
extern void arch_pick_mmap_layout(struct mm_struct *mm);
extern unsigned long
arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -581,6 +595,17 @@ struct signal_struct {
+@@ -585,6 +599,17 @@ struct signal_struct {
#ifdef CONFIG_TASKSTATS
struct taskstats *stats;
#endif
@@ -77277,7 +77240,7 @@ index e27baee..aaef421 100644
#ifdef CONFIG_AUDIT
unsigned audit_tty;
unsigned audit_tty_log_passwd;
-@@ -661,6 +686,14 @@ struct user_struct {
+@@ -665,6 +690,14 @@ struct user_struct {
struct key *session_keyring; /* UID's default session keyring */
#endif
@@ -77292,7 +77255,7 @@ index e27baee..aaef421 100644
/* Hash table maintenance information */
struct hlist_node uidhash_node;
kuid_t uid;
-@@ -1146,8 +1179,8 @@ struct task_struct {
+@@ -1150,8 +1183,8 @@ struct task_struct {
struct list_head thread_group;
struct completion *vfork_done; /* for vfork() */
@@ -77303,7 +77266,7 @@ index e27baee..aaef421 100644
cputime_t utime, stime, utimescaled, stimescaled;
cputime_t gtime;
-@@ -1172,11 +1205,6 @@ struct task_struct {
+@@ -1176,11 +1209,6 @@ struct task_struct {
struct task_cputime cputime_expires;
struct list_head cpu_timers[3];
@@ -77315,7 +77278,7 @@ index e27baee..aaef421 100644
char comm[TASK_COMM_LEN]; /* executable name excluding path
- access with [gs]et_task_comm (which lock
it with task_lock())
-@@ -1193,6 +1221,10 @@ struct task_struct {
+@@ -1197,6 +1225,10 @@ struct task_struct {
#endif
/* CPU-specific state of this task */
struct thread_struct thread;
@@ -77326,7 +77289,7 @@ index e27baee..aaef421 100644
/* filesystem information */
struct fs_struct *fs;
/* open file information */
-@@ -1266,6 +1298,10 @@ struct task_struct {
+@@ -1270,6 +1302,10 @@ struct task_struct {
gfp_t lockdep_reclaim_gfp;
#endif
@@ -77337,7 +77300,7 @@ index e27baee..aaef421 100644
/* journalling filesystem info */
void *journal_info;
-@@ -1304,6 +1340,10 @@ struct task_struct {
+@@ -1308,6 +1344,10 @@ struct task_struct {
/* cg_list protected by css_set_lock and tsk->alloc_lock */
struct list_head cg_list;
#endif
@@ -77348,7 +77311,7 @@ index e27baee..aaef421 100644
#ifdef CONFIG_FUTEX
struct robust_list_head __user *robust_list;
#ifdef CONFIG_COMPAT
-@@ -1407,8 +1447,78 @@ struct task_struct {
+@@ -1411,8 +1451,78 @@ struct task_struct {
unsigned int sequential_io;
unsigned int sequential_io_avg;
#endif
@@ -77427,7 +77390,7 @@ index e27baee..aaef421 100644
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -1467,7 +1577,7 @@ struct pid_namespace;
+@@ -1471,7 +1581,7 @@ struct pid_namespace;
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
struct pid_namespace *ns);
@@ -77436,7 +77399,7 @@ index e27baee..aaef421 100644
{
return tsk->pid;
}
-@@ -1917,7 +2027,9 @@ void yield(void);
+@@ -1921,7 +2031,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -77446,7 +77409,7 @@ index e27baee..aaef421 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -1950,6 +2062,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -1954,6 +2066,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -77454,7 +77417,7 @@ index e27baee..aaef421 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2114,7 +2227,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2118,7 +2231,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -77463,7 +77426,7 @@ index e27baee..aaef421 100644
extern int allow_signal(int);
extern int disallow_signal(int);
-@@ -2305,9 +2418,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2309,9 +2422,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -78076,10 +78039,10 @@ index 7faf933..9b85a0c 100644
#ifdef CONFIG_MAGIC_SYSRQ
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
-index e7e0473..7989295 100644
+index 4ae6f32..425d3e1 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
-@@ -148,6 +148,15 @@ static inline bool test_and_clear_restore_sigmask(void)
+@@ -150,6 +150,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
@@ -78259,10 +78222,10 @@ index 99c1b4d..562e6f3 100644
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 001629c..7c1cc9b 100644
+index 39cfa0a..d45fa38 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
-@@ -561,7 +561,7 @@ struct usb_device {
+@@ -563,7 +563,7 @@ struct usb_device {
int maxchild;
u32 quirks;
@@ -78271,7 +78234,7 @@ index 001629c..7c1cc9b 100644
unsigned long active_duration;
-@@ -1635,7 +1635,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
+@@ -1637,7 +1637,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
extern int usb_control_msg(struct usb_device *dev, unsigned int pipe,
__u8 request, __u8 requesttype, __u16 value, __u16 index,
@@ -79293,7 +79256,7 @@ index b797e8f..8e2c3aa 100644
/**
diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h
-index 9031a26..750d592 100644
+index ae6c3b8..fd748ac 100644
--- a/include/sound/compress_driver.h
+++ b/include/sound/compress_driver.h
@@ -128,7 +128,7 @@ struct snd_compr_ops {
@@ -80376,7 +80339,7 @@ index db9d241..bc8427c 100644
sem_params.flg = semflg;
sem_params.u.nsems = nsems;
diff --git a/ipc/shm.c b/ipc/shm.c
-index d697396..5aadb3f 100644
+index 7a51443..3a257d8 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -72,6 +72,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
@@ -80394,7 +80357,7 @@ index d697396..5aadb3f 100644
void shm_init_ns(struct ipc_namespace *ns)
{
ns->shm_ctlmax = SHMMAX;
-@@ -551,6 +559,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+@@ -554,6 +562,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
shp->shm_ctim = get_seconds();
@@ -80409,7 +80372,7 @@ index d697396..5aadb3f 100644
shp->shm_segsz = size;
shp->shm_nattch = 0;
shp->shm_file = file;
-@@ -604,18 +620,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
+@@ -607,18 +623,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
@@ -80434,7 +80397,7 @@ index d697396..5aadb3f 100644
shm_params.key = key;
shm_params.flg = shmflg;
shm_params.u.size = size;
-@@ -1076,6 +1093,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1089,6 +1106,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
f_mode = FMODE_READ | FMODE_WRITE;
}
if (shmflg & SHM_EXEC) {
@@ -80447,7 +80410,7 @@ index d697396..5aadb3f 100644
prot |= PROT_EXEC;
acc_mode |= S_IXUGO;
}
-@@ -1100,10 +1123,23 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1113,6 +1136,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
if (err)
goto out_unlock;
@@ -80461,7 +80424,9 @@ index d697396..5aadb3f 100644
+#endif
+
ipc_lock_object(&shp->shm_perm);
-+
+
+ /* check if shm_destroy() is tearing down shp */
+@@ -1125,6 +1157,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
path = shp->shm_file->f_path;
path_get(&path);
shp->shm_nattch++;
@@ -83643,10 +83608,10 @@ index 6631e1e..310c266 100644
}
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index dd562e9..74fc16d 100644
+index 1f4bcb3..99cf7ab 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -326,7 +326,7 @@ static int ptrace_attach(struct task_struct *task, long request,
+@@ -327,7 +327,7 @@ static int ptrace_attach(struct task_struct *task, long request,
if (seize)
flags |= PT_SEIZED;
rcu_read_lock();
@@ -83655,7 +83620,7 @@ index dd562e9..74fc16d 100644
flags |= PT_PTRACE_CAP;
rcu_read_unlock();
task->ptrace = flags;
-@@ -537,7 +537,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
+@@ -538,7 +538,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
break;
return -EIO;
}
@@ -83664,7 +83629,7 @@ index dd562e9..74fc16d 100644
return -EFAULT;
copied += retval;
src += retval;
-@@ -805,7 +805,7 @@ int ptrace_request(struct task_struct *child, long request,
+@@ -806,7 +806,7 @@ int ptrace_request(struct task_struct *child, long request,
bool seized = child->ptrace & PT_SEIZED;
int ret = -EIO;
siginfo_t siginfo, *si;
@@ -83673,7 +83638,7 @@ index dd562e9..74fc16d 100644
unsigned long __user *datalp = datavp;
unsigned long flags;
-@@ -1051,14 +1051,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
+@@ -1052,14 +1052,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
goto out;
}
@@ -83696,7 +83661,7 @@ index dd562e9..74fc16d 100644
goto out_put_task_struct;
}
-@@ -1086,7 +1093,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
+@@ -1087,7 +1094,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
if (copied != sizeof(tmp))
return -EIO;
@@ -83705,7 +83670,7 @@ index dd562e9..74fc16d 100644
}
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
-@@ -1180,7 +1187,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
+@@ -1181,7 +1188,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
}
asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
@@ -83714,7 +83679,7 @@ index dd562e9..74fc16d 100644
{
struct task_struct *child;
long ret;
-@@ -1196,14 +1203,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
+@@ -1197,14 +1204,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
goto out;
}
@@ -91107,7 +91072,7 @@ index 4bf8809..98a6914 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index c3eb3d3..022c9fa 100644
+index 96f2169..9111a59 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -207,7 +207,7 @@ struct track {
@@ -97002,80 +96967,10 @@ index 09fb638..2e6a5c5 100644
/* make a copy for the caller */
*handle = ctxh;
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 7747960..36d1518 100644
+index 941d19f..c85ff07 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
-@@ -656,14 +656,16 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client);
- /*
- * Free an RPC client
- */
--static void
-+static struct rpc_clnt *
- rpc_free_client(struct rpc_clnt *clnt)
- {
-+ struct rpc_clnt *parent = NULL;
-+
- dprintk_rcu("RPC: destroying %s client for %s\n",
- clnt->cl_program->name,
- rcu_dereference(clnt->cl_xprt)->servername);
- if (clnt->cl_parent != clnt)
-- rpc_release_client(clnt->cl_parent);
-+ parent = clnt->cl_parent;
- rpc_clnt_remove_pipedir(clnt);
- rpc_unregister_client(clnt);
- rpc_free_iostats(clnt->cl_metrics);
-@@ -672,18 +674,17 @@ rpc_free_client(struct rpc_clnt *clnt)
- rpciod_down();
- rpc_free_clid(clnt);
- kfree(clnt);
-+ return parent;
- }
-
- /*
- * Free an RPC client
- */
--static void
-+static struct rpc_clnt *
- rpc_free_auth(struct rpc_clnt *clnt)
- {
-- if (clnt->cl_auth == NULL) {
-- rpc_free_client(clnt);
-- return;
-- }
-+ if (clnt->cl_auth == NULL)
-+ return rpc_free_client(clnt);
-
- /*
- * Note: RPCSEC_GSS may need to send NULL RPC calls in order to
-@@ -694,7 +695,8 @@ rpc_free_auth(struct rpc_clnt *clnt)
- rpcauth_release(clnt->cl_auth);
- clnt->cl_auth = NULL;
- if (atomic_dec_and_test(&clnt->cl_count))
-- rpc_free_client(clnt);
-+ return rpc_free_client(clnt);
-+ return NULL;
- }
-
- /*
-@@ -705,10 +707,13 @@ rpc_release_client(struct rpc_clnt *clnt)
- {
- dprintk("RPC: rpc_release_client(%p)\n", clnt);
-
-- if (list_empty(&clnt->cl_tasks))
-- wake_up(&destroy_wait);
-- if (atomic_dec_and_test(&clnt->cl_count))
-- rpc_free_auth(clnt);
-+ do {
-+ if (list_empty(&clnt->cl_tasks))
-+ wake_up(&destroy_wait);
-+ if (!atomic_dec_and_test(&clnt->cl_count))
-+ break;
-+ clnt = rpc_free_auth(clnt);
-+ } while (clnt != NULL);
- }
- EXPORT_SYMBOL_GPL(rpc_release_client);
-
-@@ -1314,7 +1319,9 @@ call_start(struct rpc_task *task)
+@@ -1319,7 +1319,9 @@ call_start(struct rpc_task *task)
(RPC_IS_ASYNC(task) ? "async" : "sync"));
/* Increment call count */
@@ -97343,110 +97238,6 @@ index 62e4f9b..dd3f2d7 100644
/* See if we can opportunistically reap SQ WR to make room */
sq_cq_reap(xprt);
-diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
-index ee03d35..b752e1d 100644
---- a/net/sunrpc/xprtsock.c
-+++ b/net/sunrpc/xprtsock.c
-@@ -393,8 +393,10 @@ static int xs_send_kvec(struct socket *sock, struct sockaddr *addr, int addrlen,
- return kernel_sendmsg(sock, &msg, NULL, 0, 0);
- }
-
--static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more)
-+static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more, bool zerocopy)
- {
-+ ssize_t (*do_sendpage)(struct socket *sock, struct page *page,
-+ int offset, size_t size, int flags);
- struct page **ppage;
- unsigned int remainder;
- int err, sent = 0;
-@@ -403,6 +405,9 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
- base += xdr->page_base;
- ppage = xdr->pages + (base >> PAGE_SHIFT);
- base &= ~PAGE_MASK;
-+ do_sendpage = sock->ops->sendpage;
-+ if (!zerocopy)
-+ do_sendpage = sock_no_sendpage;
- for(;;) {
- unsigned int len = min_t(unsigned int, PAGE_SIZE - base, remainder);
- int flags = XS_SENDMSG_FLAGS;
-@@ -410,7 +415,7 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
- remainder -= len;
- if (remainder != 0 || more)
- flags |= MSG_MORE;
-- err = sock->ops->sendpage(sock, *ppage, base, len, flags);
-+ err = do_sendpage(sock, *ppage, base, len, flags);
- if (remainder == 0 || err != len)
- break;
- sent += err;
-@@ -431,9 +436,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i
- * @addrlen: UDP only -- length of destination address
- * @xdr: buffer containing this request
- * @base: starting position in the buffer
-+ * @zerocopy: true if it is safe to use sendpage()
- *
- */
--static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base)
-+static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base, bool zerocopy)
- {
- unsigned int remainder = xdr->len - base;
- int err, sent = 0;
-@@ -461,7 +467,7 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen,
- if (base < xdr->page_len) {
- unsigned int len = xdr->page_len - base;
- remainder -= len;
-- err = xs_send_pagedata(sock, xdr, base, remainder != 0);
-+ err = xs_send_pagedata(sock, xdr, base, remainder != 0, zerocopy);
- if (remainder == 0 || err != len)
- goto out;
- sent += err;
-@@ -564,7 +570,7 @@ static int xs_local_send_request(struct rpc_task *task)
- req->rq_svec->iov_base, req->rq_svec->iov_len);
-
- status = xs_sendpages(transport->sock, NULL, 0,
-- xdr, req->rq_bytes_sent);
-+ xdr, req->rq_bytes_sent, true);
- dprintk("RPC: %s(%u) = %d\n",
- __func__, xdr->len - req->rq_bytes_sent, status);
- if (likely(status >= 0)) {
-@@ -620,7 +626,7 @@ static int xs_udp_send_request(struct rpc_task *task)
- status = xs_sendpages(transport->sock,
- xs_addr(xprt),
- xprt->addrlen, xdr,
-- req->rq_bytes_sent);
-+ req->rq_bytes_sent, true);
-
- dprintk("RPC: xs_udp_send_request(%u) = %d\n",
- xdr->len - req->rq_bytes_sent, status);
-@@ -693,6 +699,7 @@ static int xs_tcp_send_request(struct rpc_task *task)
- struct rpc_xprt *xprt = req->rq_xprt;
- struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
- struct xdr_buf *xdr = &req->rq_snd_buf;
-+ bool zerocopy = true;
- int status;
-
- xs_encode_stream_record_marker(&req->rq_snd_buf);
-@@ -700,13 +707,20 @@ static int xs_tcp_send_request(struct rpc_task *task)
- xs_pktdump("packet data:",
- req->rq_svec->iov_base,
- req->rq_svec->iov_len);
-+ /* Don't use zero copy if this is a resend. If the RPC call
-+ * completes while the socket holds a reference to the pages,
-+ * then we may end up resending corrupted data.
-+ */
-+ if (task->tk_flags & RPC_TASK_SENT)
-+ zerocopy = false;
-
- /* Continue transmitting the packet/record. We must be careful
- * to cope with writespace callbacks arriving _after_ we have
- * called sendmsg(). */
- while (1) {
- status = xs_sendpages(transport->sock,
-- NULL, 0, xdr, req->rq_bytes_sent);
-+ NULL, 0, xdr, req->rq_bytes_sent,
-+ zerocopy);
-
- dprintk("RPC: xs_tcp_send_request(%u) = %d\n",
- xdr->len - req->rq_bytes_sent, status);
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index e7000be..e3b0ba7 100644
--- a/net/sysctl_net.c
@@ -100255,7 +100046,7 @@ index 7d8803a..559f8d0 100644
list_add(&s->list, &cs4297a_devs);
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
-index 748c6a9..a27725a 100644
+index e938a68..2a728ad 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -976,14 +976,10 @@ find_codec_preset(struct hda_codec *codec)
diff --git a/3.12.1/4425_grsec_remove_EI_PAX.patch b/3.12.2/4425_grsec_remove_EI_PAX.patch
index cf65d90..cf65d90 100644
--- a/3.12.1/4425_grsec_remove_EI_PAX.patch
+++ b/3.12.2/4425_grsec_remove_EI_PAX.patch
diff --git a/3.12.1/4427_force_XATTR_PAX_tmpfs.patch b/3.12.2/4427_force_XATTR_PAX_tmpfs.patch
index 23e60cd..23e60cd 100644
--- a/3.12.1/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.12.2/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.12.1/4430_grsec-remove-localversion-grsec.patch b/3.12.2/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.12.1/4430_grsec-remove-localversion-grsec.patch
+++ b/3.12.2/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.12.1/4435_grsec-mute-warnings.patch b/3.12.2/4435_grsec-mute-warnings.patch
index ed941d5..ed941d5 100644
--- a/3.12.1/4435_grsec-mute-warnings.patch
+++ b/3.12.2/4435_grsec-mute-warnings.patch
diff --git a/3.12.1/4440_grsec-remove-protected-paths.patch b/3.12.2/4440_grsec-remove-protected-paths.patch
index 05710b1..05710b1 100644
--- a/3.12.1/4440_grsec-remove-protected-paths.patch
+++ b/3.12.2/4440_grsec-remove-protected-paths.patch
diff --git a/3.12.1/4450_grsec-kconfig-default-gids.patch b/3.12.2/4450_grsec-kconfig-default-gids.patch
index b50114e..b50114e 100644
--- a/3.12.1/4450_grsec-kconfig-default-gids.patch
+++ b/3.12.2/4450_grsec-kconfig-default-gids.patch
diff --git a/3.12.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch
index b26c0b4..b26c0b4 100644
--- a/3.12.1/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.12.1/4470_disable-compat_vdso.patch b/3.12.2/4470_disable-compat_vdso.patch
index a9b2b0f..a9b2b0f 100644
--- a/3.12.1/4470_disable-compat_vdso.patch
+++ b/3.12.2/4470_disable-compat_vdso.patch
diff --git a/3.12.1/4475_emutramp_default_on.patch b/3.12.2/4475_emutramp_default_on.patch
index 30f6978..30f6978 100644
--- a/3.12.1/4475_emutramp_default_on.patch
+++ b/3.12.2/4475_emutramp_default_on.patch
diff --git a/3.2.52/0000_README b/3.2.53/0000_README
index 0137c2a..8426af2 100644
--- a/3.2.52/0000_README
+++ b/3.2.53/0000_README
@@ -62,19 +62,19 @@ Patch: 1035_linux-3.2.36.patch
From: http://www.kernel.org
Desc: Linux 3.2.36
-Patch: 1036_linux-3.2.37.patch
+Patch: 1036_linux-3.2.37.patch
From: http://www.kernel.org
Desc: Linux 3.2.37
-Patch: 1037_linux-3.2.38.patch
+Patch: 1037_linux-3.2.38.patch
From: http://www.kernel.org
Desc: Linux 3.2.38
-Patch: 1038_linux-3.2.39.patch
+Patch: 1038_linux-3.2.39.patch
From: http://www.kernel.org
Desc: Linux 3.2.39
-Patch: 1039_linux-3.2.40.patch
+Patch: 1039_linux-3.2.40.patch
From: http://www.kernel.org
Desc: Linux 3.2.40
@@ -126,7 +126,11 @@ Patch: 1051_linux-3.2.52.patch
From: http://www.kernel.org
Desc: Linux 3.2.52
-Patch: 4420_grsecurity-3.0-3.2.52-201311261520.patch
+Patch: 1052_linux-3.2.53.patch
+From: http://www.kernel.org
+Desc: Linux 3.2.53
+
+Patch: 4420_grsecurity-3.0-3.2.53-201312011108.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.52/1021_linux-3.2.22.patch b/3.2.53/1021_linux-3.2.22.patch
index e6ad93a..e6ad93a 100644
--- a/3.2.52/1021_linux-3.2.22.patch
+++ b/3.2.53/1021_linux-3.2.22.patch
diff --git a/3.2.52/1022_linux-3.2.23.patch b/3.2.53/1022_linux-3.2.23.patch
index 3d796d0..3d796d0 100644
--- a/3.2.52/1022_linux-3.2.23.patch
+++ b/3.2.53/1022_linux-3.2.23.patch
diff --git a/3.2.52/1023_linux-3.2.24.patch b/3.2.53/1023_linux-3.2.24.patch
index 4692eb4..4692eb4 100644
--- a/3.2.52/1023_linux-3.2.24.patch
+++ b/3.2.53/1023_linux-3.2.24.patch
diff --git a/3.2.52/1024_linux-3.2.25.patch b/3.2.53/1024_linux-3.2.25.patch
index e95c213..e95c213 100644
--- a/3.2.52/1024_linux-3.2.25.patch
+++ b/3.2.53/1024_linux-3.2.25.patch
diff --git a/3.2.52/1025_linux-3.2.26.patch b/3.2.53/1025_linux-3.2.26.patch
index 44065b9..44065b9 100644
--- a/3.2.52/1025_linux-3.2.26.patch
+++ b/3.2.53/1025_linux-3.2.26.patch
diff --git a/3.2.52/1026_linux-3.2.27.patch b/3.2.53/1026_linux-3.2.27.patch
index 5878eb4..5878eb4 100644
--- a/3.2.52/1026_linux-3.2.27.patch
+++ b/3.2.53/1026_linux-3.2.27.patch
diff --git a/3.2.52/1027_linux-3.2.28.patch b/3.2.53/1027_linux-3.2.28.patch
index 4dbba4b..4dbba4b 100644
--- a/3.2.52/1027_linux-3.2.28.patch
+++ b/3.2.53/1027_linux-3.2.28.patch
diff --git a/3.2.52/1028_linux-3.2.29.patch b/3.2.53/1028_linux-3.2.29.patch
index 3c65179..3c65179 100644
--- a/3.2.52/1028_linux-3.2.29.patch
+++ b/3.2.53/1028_linux-3.2.29.patch
diff --git a/3.2.52/1029_linux-3.2.30.patch b/3.2.53/1029_linux-3.2.30.patch
index 86aea4b..86aea4b 100644
--- a/3.2.52/1029_linux-3.2.30.patch
+++ b/3.2.53/1029_linux-3.2.30.patch
diff --git a/3.2.52/1030_linux-3.2.31.patch b/3.2.53/1030_linux-3.2.31.patch
index c6accf5..c6accf5 100644
--- a/3.2.52/1030_linux-3.2.31.patch
+++ b/3.2.53/1030_linux-3.2.31.patch
diff --git a/3.2.52/1031_linux-3.2.32.patch b/3.2.53/1031_linux-3.2.32.patch
index 247fc0b..247fc0b 100644
--- a/3.2.52/1031_linux-3.2.32.patch
+++ b/3.2.53/1031_linux-3.2.32.patch
diff --git a/3.2.52/1032_linux-3.2.33.patch b/3.2.53/1032_linux-3.2.33.patch
index c32fb75..c32fb75 100644
--- a/3.2.52/1032_linux-3.2.33.patch
+++ b/3.2.53/1032_linux-3.2.33.patch
diff --git a/3.2.52/1033_linux-3.2.34.patch b/3.2.53/1033_linux-3.2.34.patch
index d647b38..d647b38 100644
--- a/3.2.52/1033_linux-3.2.34.patch
+++ b/3.2.53/1033_linux-3.2.34.patch
diff --git a/3.2.52/1034_linux-3.2.35.patch b/3.2.53/1034_linux-3.2.35.patch
index 76a9c19..76a9c19 100644
--- a/3.2.52/1034_linux-3.2.35.patch
+++ b/3.2.53/1034_linux-3.2.35.patch
diff --git a/3.2.52/1035_linux-3.2.36.patch b/3.2.53/1035_linux-3.2.36.patch
index 5d192a3..5d192a3 100644
--- a/3.2.52/1035_linux-3.2.36.patch
+++ b/3.2.53/1035_linux-3.2.36.patch
diff --git a/3.2.52/1036_linux-3.2.37.patch b/3.2.53/1036_linux-3.2.37.patch
index ad13251..ad13251 100644
--- a/3.2.52/1036_linux-3.2.37.patch
+++ b/3.2.53/1036_linux-3.2.37.patch
diff --git a/3.2.52/1037_linux-3.2.38.patch b/3.2.53/1037_linux-3.2.38.patch
index a3c106f..a3c106f 100644
--- a/3.2.52/1037_linux-3.2.38.patch
+++ b/3.2.53/1037_linux-3.2.38.patch
diff --git a/3.2.52/1038_linux-3.2.39.patch b/3.2.53/1038_linux-3.2.39.patch
index 5639e92..5639e92 100644
--- a/3.2.52/1038_linux-3.2.39.patch
+++ b/3.2.53/1038_linux-3.2.39.patch
diff --git a/3.2.52/1039_linux-3.2.40.patch b/3.2.53/1039_linux-3.2.40.patch
index f26b39c..f26b39c 100644
--- a/3.2.52/1039_linux-3.2.40.patch
+++ b/3.2.53/1039_linux-3.2.40.patch
diff --git a/3.2.52/1040_linux-3.2.41.patch b/3.2.53/1040_linux-3.2.41.patch
index 0d27fcb..0d27fcb 100644
--- a/3.2.52/1040_linux-3.2.41.patch
+++ b/3.2.53/1040_linux-3.2.41.patch
diff --git a/3.2.52/1041_linux-3.2.42.patch b/3.2.53/1041_linux-3.2.42.patch
index 77a08ed..77a08ed 100644
--- a/3.2.52/1041_linux-3.2.42.patch
+++ b/3.2.53/1041_linux-3.2.42.patch
diff --git a/3.2.52/1042_linux-3.2.43.patch b/3.2.53/1042_linux-3.2.43.patch
index a3f878b..a3f878b 100644
--- a/3.2.52/1042_linux-3.2.43.patch
+++ b/3.2.53/1042_linux-3.2.43.patch
diff --git a/3.2.52/1043_linux-3.2.44.patch b/3.2.53/1043_linux-3.2.44.patch
index 3d5e6ff..3d5e6ff 100644
--- a/3.2.52/1043_linux-3.2.44.patch
+++ b/3.2.53/1043_linux-3.2.44.patch
diff --git a/3.2.52/1044_linux-3.2.45.patch b/3.2.53/1044_linux-3.2.45.patch
index 44e1767..44e1767 100644
--- a/3.2.52/1044_linux-3.2.45.patch
+++ b/3.2.53/1044_linux-3.2.45.patch
diff --git a/3.2.52/1045_linux-3.2.46.patch b/3.2.53/1045_linux-3.2.46.patch
index bc10efd..bc10efd 100644
--- a/3.2.52/1045_linux-3.2.46.patch
+++ b/3.2.53/1045_linux-3.2.46.patch
diff --git a/3.2.52/1046_linux-3.2.47.patch b/3.2.53/1046_linux-3.2.47.patch
index b74563c..b74563c 100644
--- a/3.2.52/1046_linux-3.2.47.patch
+++ b/3.2.53/1046_linux-3.2.47.patch
diff --git a/3.2.52/1047_linux-3.2.48.patch b/3.2.53/1047_linux-3.2.48.patch
index 6d55b1f..6d55b1f 100644
--- a/3.2.52/1047_linux-3.2.48.patch
+++ b/3.2.53/1047_linux-3.2.48.patch
diff --git a/3.2.52/1048_linux-3.2.49.patch b/3.2.53/1048_linux-3.2.49.patch
index 2dab0cf..2dab0cf 100644
--- a/3.2.52/1048_linux-3.2.49.patch
+++ b/3.2.53/1048_linux-3.2.49.patch
diff --git a/3.2.52/1049_linux-3.2.50.patch b/3.2.53/1049_linux-3.2.50.patch
index 20b3015..20b3015 100644
--- a/3.2.52/1049_linux-3.2.50.patch
+++ b/3.2.53/1049_linux-3.2.50.patch
diff --git a/3.2.52/1050_linux-3.2.51.patch b/3.2.53/1050_linux-3.2.51.patch
index 5d5832b..5d5832b 100644
--- a/3.2.52/1050_linux-3.2.51.patch
+++ b/3.2.53/1050_linux-3.2.51.patch
diff --git a/3.2.52/1051_linux-3.2.52.patch b/3.2.53/1051_linux-3.2.52.patch
index 94b9359..94b9359 100644
--- a/3.2.52/1051_linux-3.2.52.patch
+++ b/3.2.53/1051_linux-3.2.52.patch
diff --git a/3.2.53/1052_linux-3.2.53.patch b/3.2.53/1052_linux-3.2.53.patch
new file mode 100644
index 0000000..986d714
--- /dev/null
+++ b/3.2.53/1052_linux-3.2.53.patch
@@ -0,0 +1,3357 @@
+diff --git a/Makefile b/Makefile
+index 1dd2c09..90f57dc 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 2
+-SUBLEVEL = 52
++SUBLEVEL = 53
+ EXTRAVERSION =
+ NAME = Saber-toothed Squirrel
+
+diff --git a/arch/mips/include/asm/jump_label.h b/arch/mips/include/asm/jump_label.h
+index 1881b31..b19559c 100644
+--- a/arch/mips/include/asm/jump_label.h
++++ b/arch/mips/include/asm/jump_label.h
+@@ -22,7 +22,7 @@
+
+ static __always_inline bool arch_static_branch(struct jump_label_key *key)
+ {
+- asm goto("1:\tnop\n\t"
++ asm_volatile_goto("1:\tnop\n\t"
+ "nop\n\t"
+ ".pushsection __jump_table, \"aw\"\n\t"
+ WORD_INSN " 1b, %l[l_yes], %0\n\t"
+diff --git a/arch/parisc/kernel/head.S b/arch/parisc/kernel/head.S
+index 37aabd7..d2d5825 100644
+--- a/arch/parisc/kernel/head.S
++++ b/arch/parisc/kernel/head.S
+@@ -195,6 +195,8 @@ common_stext:
+ ldw MEM_PDC_HI(%r0),%r6
+ depd %r6, 31, 32, %r3 /* move to upper word */
+
++ mfctl %cr30,%r6 /* PCX-W2 firmware bug */
++
+ ldo PDC_PSW(%r0),%arg0 /* 21 */
+ ldo PDC_PSW_SET_DEFAULTS(%r0),%arg1 /* 2 */
+ ldo PDC_PSW_WIDE_BIT(%r0),%arg2 /* 2 */
+@@ -203,6 +205,8 @@ common_stext:
+ copy %r0,%arg3
+
+ stext_pdc_ret:
++ mtctl %r6,%cr30 /* restore task thread info */
++
+ /* restore rfi target address*/
+ ldd TI_TASK-THREAD_SZ_ALGN(%sp), %r10
+ tophys_r1 %r10
+diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
+index f19e660..cd8b02f 100644
+--- a/arch/parisc/kernel/traps.c
++++ b/arch/parisc/kernel/traps.c
+@@ -811,14 +811,14 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
+ else {
+
+ /*
+- * The kernel should never fault on its own address space.
++ * The kernel should never fault on its own address space,
++ * unless pagefault_disable() was called before.
+ */
+
+- if (fault_space == 0)
++ if (fault_space == 0 && !in_atomic())
+ {
+ pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
+ parisc_terminate("Kernel Fault", regs, code, fault_address);
+-
+ }
+ }
+
+diff --git a/arch/powerpc/include/asm/jump_label.h b/arch/powerpc/include/asm/jump_label.h
+index 938986e..ee33888 100644
+--- a/arch/powerpc/include/asm/jump_label.h
++++ b/arch/powerpc/include/asm/jump_label.h
+@@ -19,7 +19,7 @@
+
+ static __always_inline bool arch_static_branch(struct jump_label_key *key)
+ {
+- asm goto("1:\n\t"
++ asm_volatile_goto("1:\n\t"
+ "nop\n\t"
+ ".pushsection __jump_table, \"aw\"\n\t"
+ JUMP_ENTRY_TYPE "1b, %l[l_yes], %c0\n\t"
+diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+index 5e8dc08..e3b3cf9 100644
+--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+@@ -922,7 +922,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206)
+ BEGIN_FTR_SECTION
+ mfspr r8, SPRN_DSCR
+ ld r7, HSTATE_DSCR(r13)
+- std r8, VCPU_DSCR(r7)
++ std r8, VCPU_DSCR(r9)
+ mtspr SPRN_DSCR, r7
+ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_206)
+
+diff --git a/arch/s390/include/asm/jump_label.h b/arch/s390/include/asm/jump_label.h
+index 95a6cf2..8512d0a 100644
+--- a/arch/s390/include/asm/jump_label.h
++++ b/arch/s390/include/asm/jump_label.h
+@@ -15,7 +15,7 @@
+
+ static __always_inline bool arch_static_branch(struct jump_label_key *key)
+ {
+- asm goto("0: brcl 0,0\n"
++ asm_volatile_goto("0: brcl 0,0\n"
+ ".pushsection __jump_table, \"aw\"\n"
+ ASM_ALIGN "\n"
+ ASM_PTR " 0b, %l[label], %0\n"
+diff --git a/arch/sparc/include/asm/jump_label.h b/arch/sparc/include/asm/jump_label.h
+index fc73a82..e17b65b 100644
+--- a/arch/sparc/include/asm/jump_label.h
++++ b/arch/sparc/include/asm/jump_label.h
+@@ -9,7 +9,7 @@
+
+ static __always_inline bool arch_static_branch(struct jump_label_key *key)
+ {
+- asm goto("1:\n\t"
++ asm_volatile_goto("1:\n\t"
+ "nop\n\t"
+ "nop\n\t"
+ ".pushsection __jump_table, \"aw\"\n\t"
+diff --git a/arch/tile/include/asm/percpu.h b/arch/tile/include/asm/percpu.h
+index 63294f5..4f7ae39 100644
+--- a/arch/tile/include/asm/percpu.h
++++ b/arch/tile/include/asm/percpu.h
+@@ -15,9 +15,37 @@
+ #ifndef _ASM_TILE_PERCPU_H
+ #define _ASM_TILE_PERCPU_H
+
+-register unsigned long __my_cpu_offset __asm__("tp");
+-#define __my_cpu_offset __my_cpu_offset
+-#define set_my_cpu_offset(tp) (__my_cpu_offset = (tp))
++register unsigned long my_cpu_offset_reg asm("tp");
++
++#ifdef CONFIG_PREEMPT
++/*
++ * For full preemption, we can't just use the register variable
++ * directly, since we need barrier() to hazard against it, causing the
++ * compiler to reload anything computed from a previous "tp" value.
++ * But we also don't want to use volatile asm, since we'd like the
++ * compiler to be able to cache the value across multiple percpu reads.
++ * So we use a fake stack read as a hazard against barrier().
++ * The 'U' constraint is like 'm' but disallows postincrement.
++ */
++static inline unsigned long __my_cpu_offset(void)
++{
++ unsigned long tp;
++ register unsigned long *sp asm("sp");
++ asm("move %0, tp" : "=r" (tp) : "U" (*sp));
++ return tp;
++}
++#define __my_cpu_offset __my_cpu_offset()
++#else
++/*
++ * We don't need to hazard against barrier() since "tp" doesn't ever
++ * change with PREEMPT_NONE, and with PREEMPT_VOLUNTARY it only
++ * changes at function call points, at which we are already re-reading
++ * the value of "tp" due to "my_cpu_offset_reg" being a global variable.
++ */
++#define __my_cpu_offset my_cpu_offset_reg
++#endif
++
++#define set_my_cpu_offset(tp) (my_cpu_offset_reg = (tp))
+
+ #include <asm-generic/percpu.h>
+
+diff --git a/arch/um/kernel/exitcode.c b/arch/um/kernel/exitcode.c
+index 829df49..41ebbfe 100644
+--- a/arch/um/kernel/exitcode.c
++++ b/arch/um/kernel/exitcode.c
+@@ -40,9 +40,11 @@ static ssize_t exitcode_proc_write(struct file *file,
+ const char __user *buffer, size_t count, loff_t *pos)
+ {
+ char *end, buf[sizeof("nnnnn\0")];
++ size_t size;
+ int tmp;
+
+- if (copy_from_user(buf, buffer, count))
++ size = min(count, sizeof(buf));
++ if (copy_from_user(buf, buffer, size))
+ return -EFAULT;
+
+ tmp = simple_strtol(buf, &end, 0);
+diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
+index 0c3b775..a315f1c 100644
+--- a/arch/x86/include/asm/cpufeature.h
++++ b/arch/x86/include/asm/cpufeature.h
+@@ -334,7 +334,7 @@ extern const char * const x86_power_flags[32];
+ static __always_inline __pure bool __static_cpu_has(u16 bit)
+ {
+ #if __GNUC__ > 4 || __GNUC_MINOR__ >= 5
+- asm goto("1: jmp %l[t_no]\n"
++ asm_volatile_goto("1: jmp %l[t_no]\n"
+ "2:\n"
+ ".section .altinstructions,\"a\"\n"
+ " .long 1b - .\n"
+diff --git a/arch/x86/include/asm/jump_label.h b/arch/x86/include/asm/jump_label.h
+index a32b18c..e12c1bc 100644
+--- a/arch/x86/include/asm/jump_label.h
++++ b/arch/x86/include/asm/jump_label.h
+@@ -13,7 +13,7 @@
+
+ static __always_inline bool arch_static_branch(struct jump_label_key *key)
+ {
+- asm goto("1:"
++ asm_volatile_goto("1:"
+ JUMP_LABEL_INITIAL_NOP
+ ".pushsection __jump_table, \"aw\" \n\t"
+ _ASM_ALIGN "\n\t"
+diff --git a/arch/xtensa/kernel/signal.c b/arch/xtensa/kernel/signal.c
+index f2220b5..cf3e9cb 100644
+--- a/arch/xtensa/kernel/signal.c
++++ b/arch/xtensa/kernel/signal.c
+@@ -346,7 +346,7 @@ static void setup_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+
+ sp = regs->areg[1];
+
+- if ((ka->sa.sa_flags & SA_ONSTACK) != 0 && ! on_sig_stack(sp)) {
++ if ((ka->sa.sa_flags & SA_ONSTACK) != 0 && sas_ss_flags(sp) == 0) {
+ sp = current->sas_ss_sp + current->sas_ss_size;
+ }
+
+diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
+index aea627e..7d1a478 100644
+--- a/drivers/ata/libata-eh.c
++++ b/drivers/ata/libata-eh.c
+@@ -1286,14 +1286,14 @@ void ata_eh_qc_complete(struct ata_queued_cmd *qc)
+ * should be retried. To be used from EH.
+ *
+ * SCSI midlayer limits the number of retries to scmd->allowed.
+- * scmd->retries is decremented for commands which get retried
++ * scmd->allowed is incremented for commands which get retried
+ * due to unrelated failures (qc->err_mask is zero).
+ */
+ void ata_eh_qc_retry(struct ata_queued_cmd *qc)
+ {
+ struct scsi_cmnd *scmd = qc->scsicmd;
+- if (!qc->err_mask && scmd->retries)
+- scmd->retries--;
++ if (!qc->err_mask)
++ scmd->allowed++;
+ __ata_eh_qc_complete(qc);
+ }
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index b651733..c244f0e 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -668,7 +668,7 @@ static void set_timer_rand_state(unsigned int irq,
+ */
+ void add_device_randomness(const void *buf, unsigned int size)
+ {
+- unsigned long time = get_cycles() ^ jiffies;
++ unsigned long time = random_get_entropy() ^ jiffies;
+
+ mix_pool_bytes(&input_pool, buf, size, NULL);
+ mix_pool_bytes(&input_pool, &time, sizeof(time), NULL);
+@@ -705,7 +705,7 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
+ goto out;
+
+ sample.jiffies = jiffies;
+- sample.cycles = get_cycles();
++ sample.cycles = random_get_entropy();
+ sample.num = num;
+ mix_pool_bytes(&input_pool, &sample, sizeof(sample), NULL);
+
+@@ -772,7 +772,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
+ struct fast_pool *fast_pool = &__get_cpu_var(irq_randomness);
+ struct pt_regs *regs = get_irq_regs();
+ unsigned long now = jiffies;
+- __u32 input[4], cycles = get_cycles();
++ __u32 input[4], cycles = random_get_entropy();
+
+ input[0] = cycles ^ jiffies;
+ input[1] = irq;
+@@ -1480,12 +1480,11 @@ ctl_table random_table[] = {
+
+ static u32 random_int_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned;
+
+-static int __init random_int_secret_init(void)
++int random_int_secret_init(void)
+ {
+ get_random_bytes(random_int_secret, sizeof(random_int_secret));
+ return 0;
+ }
+-late_initcall(random_int_secret_init);
+
+ /*
+ * Get a random word for internal kernel use only. Similar to urandom but
+@@ -1504,7 +1503,7 @@ unsigned int get_random_int(void)
+
+ hash = get_cpu_var(get_random_int_hash);
+
+- hash[0] += current->pid + jiffies + get_cycles();
++ hash[0] += current->pid + jiffies + random_get_entropy();
+ md5_transform(hash, random_int_secret);
+ ret = hash[0];
+ put_cpu_var(get_random_int_hash);
+diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
+index 46bbf43..66d5384 100644
+--- a/drivers/connector/cn_proc.c
++++ b/drivers/connector/cn_proc.c
+@@ -64,6 +64,7 @@ void proc_fork_connector(struct task_struct *task)
+
+ msg = (struct cn_msg*)buffer;
+ ev = (struct proc_event*)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ get_seq(&msg->seq, &ev->cpu);
+ ktime_get_ts(&ts); /* get high res monotonic timestamp */
+ put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
+@@ -79,6 +80,7 @@ void proc_fork_connector(struct task_struct *task)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ /* If cn_netlink_send() failed, the data is not sent */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+@@ -95,6 +97,7 @@ void proc_exec_connector(struct task_struct *task)
+
+ msg = (struct cn_msg*)buffer;
+ ev = (struct proc_event*)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ get_seq(&msg->seq, &ev->cpu);
+ ktime_get_ts(&ts); /* get high res monotonic timestamp */
+ put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
+@@ -105,6 +108,7 @@ void proc_exec_connector(struct task_struct *task)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+
+@@ -121,6 +125,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
+
+ msg = (struct cn_msg*)buffer;
+ ev = (struct proc_event*)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ ev->what = which_id;
+ ev->event_data.id.process_pid = task->pid;
+ ev->event_data.id.process_tgid = task->tgid;
+@@ -144,6 +149,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+
+@@ -159,6 +165,7 @@ void proc_sid_connector(struct task_struct *task)
+
+ msg = (struct cn_msg *)buffer;
+ ev = (struct proc_event *)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ get_seq(&msg->seq, &ev->cpu);
+ ktime_get_ts(&ts); /* get high res monotonic timestamp */
+ put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
+@@ -169,6 +176,7 @@ void proc_sid_connector(struct task_struct *task)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+
+@@ -184,6 +192,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
+
+ msg = (struct cn_msg *)buffer;
+ ev = (struct proc_event *)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ get_seq(&msg->seq, &ev->cpu);
+ ktime_get_ts(&ts); /* get high res monotonic timestamp */
+ put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
+@@ -202,6 +211,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+
+@@ -217,6 +227,7 @@ void proc_comm_connector(struct task_struct *task)
+
+ msg = (struct cn_msg *)buffer;
+ ev = (struct proc_event *)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ get_seq(&msg->seq, &ev->cpu);
+ ktime_get_ts(&ts); /* get high res monotonic timestamp */
+ put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
+@@ -228,6 +239,7 @@ void proc_comm_connector(struct task_struct *task)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+
+@@ -243,6 +255,7 @@ void proc_exit_connector(struct task_struct *task)
+
+ msg = (struct cn_msg*)buffer;
+ ev = (struct proc_event*)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ get_seq(&msg->seq, &ev->cpu);
+ ktime_get_ts(&ts); /* get high res monotonic timestamp */
+ put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
+@@ -255,6 +268,7 @@ void proc_exit_connector(struct task_struct *task)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = 0; /* not used */
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+
+@@ -278,6 +292,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
+
+ msg = (struct cn_msg*)buffer;
+ ev = (struct proc_event*)msg->data;
++ memset(&ev->event_data, 0, sizeof(ev->event_data));
+ msg->seq = rcvd_seq;
+ ktime_get_ts(&ts); /* get high res monotonic timestamp */
+ put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
+@@ -287,6 +302,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
+ memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
+ msg->ack = rcvd_ack + 1;
+ msg->len = sizeof(*ev);
++ msg->flags = 0; /* not used */
+ cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
+ }
+
+diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
+index dde6a0f..ea6efe8 100644
+--- a/drivers/connector/connector.c
++++ b/drivers/connector/connector.c
+@@ -157,17 +157,18 @@ static int cn_call_callback(struct sk_buff *skb)
+ static void cn_rx_skb(struct sk_buff *__skb)
+ {
+ struct nlmsghdr *nlh;
+- int err;
+ struct sk_buff *skb;
++ int len, err;
+
+ skb = skb_get(__skb);
+
+ if (skb->len >= NLMSG_SPACE(0)) {
+ nlh = nlmsg_hdr(skb);
++ len = nlmsg_len(nlh);
+
+- if (nlh->nlmsg_len < sizeof(struct cn_msg) ||
++ if (len < (int)sizeof(struct cn_msg) ||
+ skb->len < nlh->nlmsg_len ||
+- nlh->nlmsg_len > CONNECTOR_MAX_MSG_SIZE) {
++ len > CONNECTOR_MAX_MSG_SIZE) {
+ kfree_skb(skb);
+ return;
+ }
+diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
+index 40c187c..acfe567 100644
+--- a/drivers/gpu/drm/drm_drv.c
++++ b/drivers/gpu/drm/drm_drv.c
+@@ -408,9 +408,16 @@ long drm_ioctl(struct file *filp,
+ asize = drv_size;
+ }
+ else if ((nr >= DRM_COMMAND_END) || (nr < DRM_COMMAND_BASE)) {
++ u32 drv_size;
++
+ ioctl = &drm_ioctls[nr];
+- cmd = ioctl->cmd;
++
++ drv_size = _IOC_SIZE(ioctl->cmd);
+ usize = asize = _IOC_SIZE(cmd);
++ if (drv_size > asize)
++ asize = drv_size;
++
++ cmd = ioctl->cmd;
+ } else
+ goto err_i1;
+
+diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c
+index 3171294..475a275 100644
+--- a/drivers/gpu/drm/radeon/atombios_encoders.c
++++ b/drivers/gpu/drm/radeon/atombios_encoders.c
+@@ -1390,7 +1390,7 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode)
+ * does the same thing and more.
+ */
+ if ((rdev->family != CHIP_RV710) && (rdev->family != CHIP_RV730) &&
+- (rdev->family != CHIP_RS880))
++ (rdev->family != CHIP_RS780) && (rdev->family != CHIP_RS880))
+ atombios_dig_transmitter_setup(encoder, ATOM_TRANSMITTER_ACTION_ENABLE_OUTPUT, 0, 0);
+ }
+ if (ENCODER_MODE_IS_DP(atombios_get_encoder_mode(encoder)) && connector) {
+diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
+index a68057a..5efba47 100644
+--- a/drivers/gpu/drm/radeon/evergreen.c
++++ b/drivers/gpu/drm/radeon/evergreen.c
+@@ -1797,7 +1797,7 @@ static void evergreen_gpu_init(struct radeon_device *rdev)
+ rdev->config.evergreen.sx_max_export_size = 256;
+ rdev->config.evergreen.sx_max_export_pos_size = 64;
+ rdev->config.evergreen.sx_max_export_smx_size = 192;
+- rdev->config.evergreen.max_hw_contexts = 8;
++ rdev->config.evergreen.max_hw_contexts = 4;
+ rdev->config.evergreen.sq_num_cf_insts = 2;
+
+ rdev->config.evergreen.sc_prim_fifo_size = 0x40;
+diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
+index 30cac58..0b86d47 100644
+--- a/drivers/hwmon/applesmc.c
++++ b/drivers/hwmon/applesmc.c
+@@ -212,6 +212,7 @@ static int send_argument(const char *key)
+
+ static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len)
+ {
++ u8 status, data = 0;
+ int i;
+
+ if (send_command(cmd) || send_argument(key)) {
+@@ -219,6 +220,7 @@ static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len)
+ return -EIO;
+ }
+
++ /* This has no effect on newer (2012) SMCs */
+ outb(len, APPLESMC_DATA_PORT);
+
+ for (i = 0; i < len; i++) {
+@@ -229,6 +231,17 @@ static int read_smc(u8 cmd, const char *key, u8 *buffer, u8 len)
+ buffer[i] = inb(APPLESMC_DATA_PORT);
+ }
+
++ /* Read the data port until bit0 is cleared */
++ for (i = 0; i < 16; i++) {
++ udelay(APPLESMC_MIN_WAIT);
++ status = inb(APPLESMC_CMD_PORT);
++ if (!(status & 0x01))
++ break;
++ data = inb(APPLESMC_DATA_PORT);
++ }
++ if (i)
++ pr_warn("flushed %d bytes, last value is: %d\n", i, data);
++
+ return 0;
+ }
+
+diff --git a/drivers/md/dm-snap-persistent.c b/drivers/md/dm-snap-persistent.c
+index 3ac4156..75c182b 100644
+--- a/drivers/md/dm-snap-persistent.c
++++ b/drivers/md/dm-snap-persistent.c
+@@ -269,6 +269,14 @@ static chunk_t area_location(struct pstore *ps, chunk_t area)
+ return NUM_SNAPSHOT_HDR_CHUNKS + ((ps->exceptions_per_area + 1) * area);
+ }
+
++static void skip_metadata(struct pstore *ps)
++{
++ uint32_t stride = ps->exceptions_per_area + 1;
++ chunk_t next_free = ps->next_free;
++ if (sector_div(next_free, stride) == NUM_SNAPSHOT_HDR_CHUNKS)
++ ps->next_free++;
++}
++
+ /*
+ * Read or write a metadata area. Remembering to skip the first
+ * chunk which holds the header.
+@@ -502,6 +510,8 @@ static int read_exceptions(struct pstore *ps,
+
+ ps->current_area--;
+
++ skip_metadata(ps);
++
+ return 0;
+ }
+
+@@ -616,8 +626,6 @@ static int persistent_prepare_exception(struct dm_exception_store *store,
+ struct dm_exception *e)
+ {
+ struct pstore *ps = get_info(store);
+- uint32_t stride;
+- chunk_t next_free;
+ sector_t size = get_dev_size(dm_snap_cow(store->snap)->bdev);
+
+ /* Is there enough room ? */
+@@ -630,10 +638,8 @@ static int persistent_prepare_exception(struct dm_exception_store *store,
+ * Move onto the next free pending, making sure to take
+ * into account the location of the metadata chunks.
+ */
+- stride = (ps->exceptions_per_area + 1);
+- next_free = ++ps->next_free;
+- if (sector_div(next_free, stride) == 1)
+- ps->next_free++;
++ ps->next_free++;
++ skip_metadata(ps);
+
+ atomic_inc(&ps->pending_count);
+ return 0;
+diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
+index a319057..de87f82 100644
+--- a/drivers/net/can/dev.c
++++ b/drivers/net/can/dev.c
+@@ -658,14 +658,14 @@ static size_t can_get_size(const struct net_device *dev)
+ size_t size;
+
+ size = nla_total_size(sizeof(u32)); /* IFLA_CAN_STATE */
+- size += sizeof(struct can_ctrlmode); /* IFLA_CAN_CTRLMODE */
++ size += nla_total_size(sizeof(struct can_ctrlmode)); /* IFLA_CAN_CTRLMODE */
+ size += nla_total_size(sizeof(u32)); /* IFLA_CAN_RESTART_MS */
+- size += sizeof(struct can_bittiming); /* IFLA_CAN_BITTIMING */
+- size += sizeof(struct can_clock); /* IFLA_CAN_CLOCK */
++ size += nla_total_size(sizeof(struct can_bittiming)); /* IFLA_CAN_BITTIMING */
++ size += nla_total_size(sizeof(struct can_clock)); /* IFLA_CAN_CLOCK */
+ if (priv->do_get_berr_counter) /* IFLA_CAN_BERR_COUNTER */
+- size += sizeof(struct can_berr_counter);
++ size += nla_total_size(sizeof(struct can_berr_counter));
+ if (priv->bittiming_const) /* IFLA_CAN_BITTIMING_CONST */
+- size += sizeof(struct can_bittiming_const);
++ size += nla_total_size(sizeof(struct can_bittiming_const));
+
+ return size;
+ }
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+index 4c50ac0..bbb6692 100644
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+@@ -516,6 +516,7 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp,
+ if (!bnx2x_fill_frag_skb(bp, fp, queue, skb, cqe, cqe_idx)) {
+ if (tpa_info->parsing_flags & PARSING_FLAGS_VLAN)
+ __vlan_hwaccel_put_tag(skb, tpa_info->vlan_tag);
++ skb_record_rx_queue(skb, fp->index);
+ napi_gro_receive(&fp->napi, skb);
+ } else {
+ DP(NETIF_MSG_RX_STATUS, "Failed to allocate new pages"
+diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c
+index 4236b82..4aa830f 100644
+--- a/drivers/net/ethernet/realtek/8139cp.c
++++ b/drivers/net/ethernet/realtek/8139cp.c
+@@ -1234,6 +1234,7 @@ static void cp_tx_timeout(struct net_device *dev)
+ cp_clean_rings(cp);
+ rc = cp_init_rings(cp);
+ cp_start_hw(cp);
++ cp_enable_irq(cp);
+
+ netif_wake_queue(dev);
+
+diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c
+index fd8115e..10668eb 100644
+--- a/drivers/net/ethernet/ti/davinci_emac.c
++++ b/drivers/net/ethernet/ti/davinci_emac.c
+@@ -873,8 +873,7 @@ static void emac_dev_mcast_set(struct net_device *ndev)
+ netdev_mc_count(ndev) > EMAC_DEF_MAX_MULTICAST_ADDRESSES) {
+ mbp_enable = (mbp_enable | EMAC_MBP_RXMCAST);
+ emac_add_mcast(priv, EMAC_ALL_MULTI_SET, NULL);
+- }
+- if (!netdev_mc_empty(ndev)) {
++ } else if (!netdev_mc_empty(ndev)) {
+ struct netdev_hw_addr *ha;
+
+ mbp_enable = (mbp_enable | EMAC_MBP_RXMCAST);
+diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c
+index ebb9f24..7a4c491 100644
+--- a/drivers/net/wan/farsync.c
++++ b/drivers/net/wan/farsync.c
+@@ -1972,6 +1972,7 @@ fst_get_iface(struct fst_card_info *card, struct fst_port_info *port,
+ }
+
+ i = port->index;
++ memset(&sync, 0, sizeof(sync));
+ sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed);
+ /* Lucky card and linux use same encoding here */
+ sync.clock_type = FST_RDB(card, portConfig[i].internalClock) ==
+diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c
+index 44b7071..c643d77 100644
+--- a/drivers/net/wan/wanxl.c
++++ b/drivers/net/wan/wanxl.c
+@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+ ifr->ifr_settings.size = size; /* data size wanted */
+ return -ENOBUFS;
+ }
++ memset(&line, 0, sizeof(line));
+ line.clock_type = get_status(port)->clocking;
+ line.clock_rate = 0;
+ line.loopback = 0;
+diff --git a/drivers/net/wireless/iwlwifi/iwl-2000.c b/drivers/net/wireless/iwlwifi/iwl-2000.c
+index a97a52a..408477d 100644
+--- a/drivers/net/wireless/iwlwifi/iwl-2000.c
++++ b/drivers/net/wireless/iwlwifi/iwl-2000.c
+@@ -270,11 +270,6 @@ struct iwl_cfg iwl2000_2bgn_cfg = {
+ .ht_params = &iwl2000_ht_params,
+ };
+
+-struct iwl_cfg iwl2000_2bg_cfg = {
+- .name = "2000 Series 2x2 BG",
+- IWL_DEVICE_2000,
+-};
+-
+ struct iwl_cfg iwl2000_2bgn_d_cfg = {
+ .name = "2000D Series 2x2 BGN",
+ IWL_DEVICE_2000,
+@@ -304,11 +299,6 @@ struct iwl_cfg iwl2030_2bgn_cfg = {
+ .ht_params = &iwl2000_ht_params,
+ };
+
+-struct iwl_cfg iwl2030_2bg_cfg = {
+- .name = "2000 Series 2x2 BG/BT",
+- IWL_DEVICE_2030,
+-};
+-
+ #define IWL_DEVICE_105 \
+ .fw_name_pre = IWL105_FW_PRE, \
+ .ucode_api_max = IWL105_UCODE_API_MAX, \
+@@ -326,11 +316,6 @@ struct iwl_cfg iwl2030_2bg_cfg = {
+ .rx_with_siso_diversity = true, \
+ .iq_invert = true \
+
+-struct iwl_cfg iwl105_bg_cfg = {
+- .name = "105 Series 1x1 BG",
+- IWL_DEVICE_105,
+-};
+-
+ struct iwl_cfg iwl105_bgn_cfg = {
+ .name = "105 Series 1x1 BGN",
+ IWL_DEVICE_105,
+@@ -361,11 +346,6 @@ struct iwl_cfg iwl105_bgn_d_cfg = {
+ .rx_with_siso_diversity = true, \
+ .iq_invert = true \
+
+-struct iwl_cfg iwl135_bg_cfg = {
+- .name = "135 Series 1x1 BG/BT",
+- IWL_DEVICE_135,
+-};
+-
+ struct iwl_cfg iwl135_bgn_cfg = {
+ .name = "135 Series 1x1 BGN/BT",
+ IWL_DEVICE_135,
+diff --git a/drivers/net/wireless/iwlwifi/iwl-6000.c b/drivers/net/wireless/iwlwifi/iwl-6000.c
+index 4ac4ef0..e1a43c4 100644
+--- a/drivers/net/wireless/iwlwifi/iwl-6000.c
++++ b/drivers/net/wireless/iwlwifi/iwl-6000.c
+@@ -411,6 +411,17 @@ struct iwl_cfg iwl6005_2agn_d_cfg = {
+ .ht_params = &iwl6000_ht_params,
+ };
+
++struct iwl_cfg iwl6005_2agn_mow1_cfg = {
++ .name = "Intel(R) Centrino(R) Advanced-N 6206 AGN",
++ IWL_DEVICE_6005,
++ .ht_params = &iwl6000_ht_params,
++};
++struct iwl_cfg iwl6005_2agn_mow2_cfg = {
++ .name = "Intel(R) Centrino(R) Advanced-N 6207 AGN",
++ IWL_DEVICE_6005,
++ .ht_params = &iwl6000_ht_params,
++};
++
+ #define IWL_DEVICE_6030 \
+ .fw_name_pre = IWL6030_FW_PRE, \
+ .ucode_api_max = IWL6000G2_UCODE_API_MAX, \
+@@ -469,14 +480,10 @@ struct iwl_cfg iwl6035_2agn_cfg = {
+ .ht_params = &iwl6000_ht_params,
+ };
+
+-struct iwl_cfg iwl6035_2abg_cfg = {
+- .name = "6035 Series 2x2 ABG/BT",
+- IWL_DEVICE_6030,
+-};
+-
+-struct iwl_cfg iwl6035_2bg_cfg = {
+- .name = "6035 Series 2x2 BG/BT",
+- IWL_DEVICE_6030,
++struct iwl_cfg iwl6035_2agn_sff_cfg = {
++ .name = "Intel(R) Centrino(R) Ultimate-N 6235 AGN",
++ IWL_DEVICE_6035,
++ .ht_params = &iwl6000_ht_params,
+ };
+
+ struct iwl_cfg iwl1030_bgn_cfg = {
+diff --git a/drivers/net/wireless/iwlwifi/iwl-cfg.h b/drivers/net/wireless/iwlwifi/iwl-cfg.h
+index 2a2dc45..e786497 100644
+--- a/drivers/net/wireless/iwlwifi/iwl-cfg.h
++++ b/drivers/net/wireless/iwlwifi/iwl-cfg.h
+@@ -80,6 +80,8 @@ extern struct iwl_cfg iwl6005_2abg_cfg;
+ extern struct iwl_cfg iwl6005_2bg_cfg;
+ extern struct iwl_cfg iwl6005_2agn_sff_cfg;
+ extern struct iwl_cfg iwl6005_2agn_d_cfg;
++extern struct iwl_cfg iwl6005_2agn_mow1_cfg;
++extern struct iwl_cfg iwl6005_2agn_mow2_cfg;
+ extern struct iwl_cfg iwl1030_bgn_cfg;
+ extern struct iwl_cfg iwl1030_bg_cfg;
+ extern struct iwl_cfg iwl6030_2agn_cfg;
+@@ -101,17 +103,12 @@ extern struct iwl_cfg iwl100_bg_cfg;
+ extern struct iwl_cfg iwl130_bgn_cfg;
+ extern struct iwl_cfg iwl130_bg_cfg;
+ extern struct iwl_cfg iwl2000_2bgn_cfg;
+-extern struct iwl_cfg iwl2000_2bg_cfg;
+ extern struct iwl_cfg iwl2000_2bgn_d_cfg;
+ extern struct iwl_cfg iwl2030_2bgn_cfg;
+-extern struct iwl_cfg iwl2030_2bg_cfg;
+ extern struct iwl_cfg iwl6035_2agn_cfg;
+-extern struct iwl_cfg iwl6035_2abg_cfg;
+-extern struct iwl_cfg iwl6035_2bg_cfg;
+-extern struct iwl_cfg iwl105_bg_cfg;
++extern struct iwl_cfg iwl6035_2agn_sff_cfg;
+ extern struct iwl_cfg iwl105_bgn_cfg;
+ extern struct iwl_cfg iwl105_bgn_d_cfg;
+-extern struct iwl_cfg iwl135_bg_cfg;
+ extern struct iwl_cfg iwl135_bgn_cfg;
+
+ #endif /* __iwl_pci_h__ */
+diff --git a/drivers/net/wireless/iwlwifi/iwl-pci.c b/drivers/net/wireless/iwlwifi/iwl-pci.c
+index 346dc9b..62a0f81 100644
+--- a/drivers/net/wireless/iwlwifi/iwl-pci.c
++++ b/drivers/net/wireless/iwlwifi/iwl-pci.c
+@@ -236,13 +236,16 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
+
+ /* 6x00 Series */
+ {IWL_PCI_DEVICE(0x422B, 0x1101, iwl6000_3agn_cfg)},
++ {IWL_PCI_DEVICE(0x422B, 0x1108, iwl6000_3agn_cfg)},
+ {IWL_PCI_DEVICE(0x422B, 0x1121, iwl6000_3agn_cfg)},
++ {IWL_PCI_DEVICE(0x422B, 0x1128, iwl6000_3agn_cfg)},
+ {IWL_PCI_DEVICE(0x422C, 0x1301, iwl6000i_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x422C, 0x1306, iwl6000i_2abg_cfg)},
+ {IWL_PCI_DEVICE(0x422C, 0x1307, iwl6000i_2bg_cfg)},
+ {IWL_PCI_DEVICE(0x422C, 0x1321, iwl6000i_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x422C, 0x1326, iwl6000i_2abg_cfg)},
+ {IWL_PCI_DEVICE(0x4238, 0x1111, iwl6000_3agn_cfg)},
++ {IWL_PCI_DEVICE(0x4238, 0x1118, iwl6000_3agn_cfg)},
+ {IWL_PCI_DEVICE(0x4239, 0x1311, iwl6000i_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x4239, 0x1316, iwl6000i_2abg_cfg)},
+
+@@ -250,13 +253,19 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
+ {IWL_PCI_DEVICE(0x0082, 0x1301, iwl6005_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x0082, 0x1306, iwl6005_2abg_cfg)},
+ {IWL_PCI_DEVICE(0x0082, 0x1307, iwl6005_2bg_cfg)},
++ {IWL_PCI_DEVICE(0x0082, 0x1308, iwl6005_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x0082, 0x1321, iwl6005_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x0082, 0x1326, iwl6005_2abg_cfg)},
++ {IWL_PCI_DEVICE(0x0082, 0x1328, iwl6005_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x0085, 0x1311, iwl6005_2agn_cfg)},
++ {IWL_PCI_DEVICE(0x0085, 0x1318, iwl6005_2agn_cfg)},
+ {IWL_PCI_DEVICE(0x0085, 0x1316, iwl6005_2abg_cfg)},
+ {IWL_PCI_DEVICE(0x0082, 0xC020, iwl6005_2agn_sff_cfg)},
+ {IWL_PCI_DEVICE(0x0085, 0xC220, iwl6005_2agn_sff_cfg)},
+- {IWL_PCI_DEVICE(0x0082, 0x1341, iwl6005_2agn_d_cfg)},
++ {IWL_PCI_DEVICE(0x0085, 0xC228, iwl6005_2agn_sff_cfg)},
++ {IWL_PCI_DEVICE(0x0082, 0x4820, iwl6005_2agn_d_cfg)},
++ {IWL_PCI_DEVICE(0x0082, 0x1304, iwl6005_2agn_mow1_cfg)},/* low 5GHz active */
++ {IWL_PCI_DEVICE(0x0082, 0x1305, iwl6005_2agn_mow2_cfg)},/* high 5GHz active */
+
+ /* 6x30 Series */
+ {IWL_PCI_DEVICE(0x008A, 0x5305, iwl1030_bgn_cfg)},
+@@ -326,46 +335,33 @@ static DEFINE_PCI_DEVICE_TABLE(iwl_hw_card_ids) = {
+ {IWL_PCI_DEVICE(0x0890, 0x4022, iwl2000_2bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0891, 0x4222, iwl2000_2bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0890, 0x4422, iwl2000_2bgn_cfg)},
+- {IWL_PCI_DEVICE(0x0890, 0x4026, iwl2000_2bg_cfg)},
+- {IWL_PCI_DEVICE(0x0891, 0x4226, iwl2000_2bg_cfg)},
+- {IWL_PCI_DEVICE(0x0890, 0x4426, iwl2000_2bg_cfg)},
+ {IWL_PCI_DEVICE(0x0890, 0x4822, iwl2000_2bgn_d_cfg)},
+
+ /* 2x30 Series */
+ {IWL_PCI_DEVICE(0x0887, 0x4062, iwl2030_2bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0888, 0x4262, iwl2030_2bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0887, 0x4462, iwl2030_2bgn_cfg)},
+- {IWL_PCI_DEVICE(0x0887, 0x4066, iwl2030_2bg_cfg)},
+- {IWL_PCI_DEVICE(0x0888, 0x4266, iwl2030_2bg_cfg)},
+- {IWL_PCI_DEVICE(0x0887, 0x4466, iwl2030_2bg_cfg)},
+
+ /* 6x35 Series */
+ {IWL_PCI_DEVICE(0x088E, 0x4060, iwl6035_2agn_cfg)},
++ {IWL_PCI_DEVICE(0x088E, 0x406A, iwl6035_2agn_sff_cfg)},
+ {IWL_PCI_DEVICE(0x088F, 0x4260, iwl6035_2agn_cfg)},
++ {IWL_PCI_DEVICE(0x088F, 0x426A, iwl6035_2agn_sff_cfg)},
+ {IWL_PCI_DEVICE(0x088E, 0x4460, iwl6035_2agn_cfg)},
+- {IWL_PCI_DEVICE(0x088E, 0x4064, iwl6035_2abg_cfg)},
+- {IWL_PCI_DEVICE(0x088F, 0x4264, iwl6035_2abg_cfg)},
+- {IWL_PCI_DEVICE(0x088E, 0x4464, iwl6035_2abg_cfg)},
+- {IWL_PCI_DEVICE(0x088E, 0x4066, iwl6035_2bg_cfg)},
+- {IWL_PCI_DEVICE(0x088F, 0x4266, iwl6035_2bg_cfg)},
+- {IWL_PCI_DEVICE(0x088E, 0x4466, iwl6035_2bg_cfg)},
++ {IWL_PCI_DEVICE(0x088E, 0x446A, iwl6035_2agn_sff_cfg)},
++ {IWL_PCI_DEVICE(0x088E, 0x4860, iwl6035_2agn_cfg)},
++ {IWL_PCI_DEVICE(0x088F, 0x5260, iwl6035_2agn_cfg)},
+
+ /* 105 Series */
+ {IWL_PCI_DEVICE(0x0894, 0x0022, iwl105_bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0895, 0x0222, iwl105_bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0894, 0x0422, iwl105_bgn_cfg)},
+- {IWL_PCI_DEVICE(0x0894, 0x0026, iwl105_bg_cfg)},
+- {IWL_PCI_DEVICE(0x0895, 0x0226, iwl105_bg_cfg)},
+- {IWL_PCI_DEVICE(0x0894, 0x0426, iwl105_bg_cfg)},
+ {IWL_PCI_DEVICE(0x0894, 0x0822, iwl105_bgn_d_cfg)},
+
+ /* 135 Series */
+ {IWL_PCI_DEVICE(0x0892, 0x0062, iwl135_bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0893, 0x0262, iwl135_bgn_cfg)},
+ {IWL_PCI_DEVICE(0x0892, 0x0462, iwl135_bgn_cfg)},
+- {IWL_PCI_DEVICE(0x0892, 0x0066, iwl135_bg_cfg)},
+- {IWL_PCI_DEVICE(0x0893, 0x0266, iwl135_bg_cfg)},
+- {IWL_PCI_DEVICE(0x0892, 0x0466, iwl135_bg_cfg)},
+
+ {0}
+ };
+diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c b/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
+index bc33b14..a7e1a2c 100644
+--- a/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
++++ b/drivers/net/wireless/rtlwifi/rtl8192cu/trx.c
+@@ -343,7 +343,8 @@ bool rtl92cu_rx_query_desc(struct ieee80211_hw *hw,
+ (bool)GET_RX_DESC_PAGGR(pdesc));
+ rx_status->mactime = GET_RX_DESC_TSFL(pdesc);
+ if (phystatus) {
+- p_drvinfo = (struct rx_fwinfo_92c *)(pdesc + RTL_RX_DESC_SIZE);
++ p_drvinfo = (struct rx_fwinfo_92c *)(skb->data +
++ stats->rx_bufshift);
+ rtl92c_translate_rx_signal_stuff(hw, skb, stats, pdesc,
+ p_drvinfo);
+ }
+diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h
+index 9d7f172..093bf0a 100644
+--- a/drivers/net/xen-netback/common.h
++++ b/drivers/net/xen-netback/common.h
+@@ -88,6 +88,7 @@ struct xenvif {
+ unsigned long credit_usec;
+ unsigned long remaining_credit;
+ struct timer_list credit_timeout;
++ u64 credit_window_start;
+
+ /* Statistics */
+ unsigned long rx_gso_checksum_fixup;
+diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c
+index 8eaf0e2..2cb9c92 100644
+--- a/drivers/net/xen-netback/interface.c
++++ b/drivers/net/xen-netback/interface.c
+@@ -272,8 +272,7 @@ struct xenvif *xenvif_alloc(struct device *parent, domid_t domid,
+ vif->credit_bytes = vif->remaining_credit = ~0UL;
+ vif->credit_usec = 0UL;
+ init_timer(&vif->credit_timeout);
+- /* Initialize 'expires' now: it's used to track the credit window. */
+- vif->credit_timeout.expires = jiffies;
++ vif->credit_window_start = get_jiffies_64();
+
+ dev->netdev_ops = &xenvif_netdev_ops;
+ dev->hw_features = NETIF_F_SG | NETIF_F_IP_CSUM | NETIF_F_TSO;
+diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c
+index fd2b92d..9a4626c 100644
+--- a/drivers/net/xen-netback/netback.c
++++ b/drivers/net/xen-netback/netback.c
+@@ -1365,9 +1365,8 @@ out:
+
+ static bool tx_credit_exceeded(struct xenvif *vif, unsigned size)
+ {
+- unsigned long now = jiffies;
+- unsigned long next_credit =
+- vif->credit_timeout.expires +
++ u64 now = get_jiffies_64();
++ u64 next_credit = vif->credit_window_start +
+ msecs_to_jiffies(vif->credit_usec / 1000);
+
+ /* Timer could already be pending in rare cases. */
+@@ -1375,8 +1374,8 @@ static bool tx_credit_exceeded(struct xenvif *vif, unsigned size)
+ return true;
+
+ /* Passed the point where we can replenish credit? */
+- if (time_after_eq(now, next_credit)) {
+- vif->credit_timeout.expires = now;
++ if (time_after_eq64(now, next_credit)) {
++ vif->credit_window_start = now;
+ tx_add_credit(vif);
+ }
+
+@@ -1388,6 +1387,7 @@ static bool tx_credit_exceeded(struct xenvif *vif, unsigned size)
+ tx_credit_callback;
+ mod_timer(&vif->credit_timeout,
+ next_credit);
++ vif->credit_window_start = next_credit;
+
+ return true;
+ }
+diff --git a/drivers/pci/setup-res.c b/drivers/pci/setup-res.c
+index 8b25f9c..41f08e5 100644
+--- a/drivers/pci/setup-res.c
++++ b/drivers/pci/setup-res.c
+@@ -188,7 +188,8 @@ static int pci_revert_fw_address(struct resource *res, struct pci_dev *dev,
+ return ret;
+ }
+
+-static int _pci_assign_resource(struct pci_dev *dev, int resno, int size, resource_size_t min_align)
++static int _pci_assign_resource(struct pci_dev *dev, int resno,
++ resource_size_t size, resource_size_t min_align)
+ {
+ struct resource *res = dev->resource + resno;
+ struct pci_bus *bus;
+diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
+index 705e13e..2e658d2 100644
+--- a/drivers/scsi/aacraid/linit.c
++++ b/drivers/scsi/aacraid/linit.c
+@@ -771,6 +771,8 @@ static long aac_compat_do_ioctl(struct aac_dev *dev, unsigned cmd, unsigned long
+ static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
+ {
+ struct aac_dev *dev = (struct aac_dev *)sdev->host->hostdata;
++ if (!capable(CAP_SYS_RAWIO))
++ return -EPERM;
+ return aac_compat_do_ioctl(dev, cmd, (unsigned long)arg);
+ }
+
+diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
+index 2fa658e..391b768 100644
+--- a/drivers/staging/bcm/Bcmchar.c
++++ b/drivers/staging/bcm/Bcmchar.c
+@@ -1932,6 +1932,7 @@ cntrlEnd:
+
+ BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Called IOCTL_BCM_GET_DEVICE_DRIVER_INFO\n");
+
++ memset(&DevInfo, 0, sizeof(DevInfo));
+ DevInfo.MaxRDMBufferSize = BUFFER_4K;
+ DevInfo.u32DSDStartOffset = EEPROM_CALPARAM_START;
+ DevInfo.u32RxAlignmentCorrection = 0;
+diff --git a/drivers/staging/wlags49_h2/wl_priv.c b/drivers/staging/wlags49_h2/wl_priv.c
+index 260d4f0..b3d2e17 100644
+--- a/drivers/staging/wlags49_h2/wl_priv.c
++++ b/drivers/staging/wlags49_h2/wl_priv.c
+@@ -570,6 +570,7 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp )
+ ltv_t *pLtv;
+ bool_t ltvAllocated = FALSE;
+ ENCSTRCT sEncryption;
++ size_t len;
+
+ #ifdef USE_WDS
+ hcf_16 hcfPort = HCF_PORT_0;
+@@ -686,7 +687,8 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp )
+ break;
+ case CFG_CNF_OWN_NAME:
+ memset( lp->StationName, 0, sizeof( lp->StationName ));
+- memcpy( (void *)lp->StationName, (void *)&pLtv->u.u8[2], (size_t)pLtv->u.u16[0]);
++ len = min_t(size_t, pLtv->u.u16[0], sizeof(lp->StationName));
++ strlcpy(lp->StationName, &pLtv->u.u8[2], len);
+ pLtv->u.u16[0] = CNV_INT_TO_LITTLE( pLtv->u.u16[0] );
+ break;
+ case CFG_CNF_LOAD_BALANCING:
+@@ -1800,6 +1802,7 @@ int wvlan_set_station_nickname(struct net_device *dev,
+ {
+ struct wl_private *lp = wl_priv(dev);
+ unsigned long flags;
++ size_t len;
+ int ret = 0;
+ /*------------------------------------------------------------------------*/
+
+@@ -1810,8 +1813,8 @@ int wvlan_set_station_nickname(struct net_device *dev,
+ wl_lock(lp, &flags);
+
+ memset( lp->StationName, 0, sizeof( lp->StationName ));
+-
+- memcpy( lp->StationName, extra, wrqu->data.length);
++ len = min_t(size_t, wrqu->data.length, sizeof(lp->StationName));
++ strlcpy(lp->StationName, extra, len);
+
+ /* Commit the adapter parameters */
+ wl_apply( lp );
+diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c
+index d197b3e..e1a4994 100644
+--- a/drivers/staging/zram/zram_drv.c
++++ b/drivers/staging/zram/zram_drv.c
+@@ -553,7 +553,7 @@ static inline int valid_io_request(struct zram *zram, struct bio *bio)
+ end = start + (bio->bi_size >> SECTOR_SHIFT);
+ bound = zram->disksize >> SECTOR_SHIFT;
+ /* out of range range */
+- if (unlikely(start >= bound || end >= bound || start > end))
++ if (unlikely(start >= bound || end > bound || start > end))
+ return 0;
+
+ /* I/O request is valid */
+diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c
+index 5c12137..e813227 100644
+--- a/drivers/target/target_core_pscsi.c
++++ b/drivers/target/target_core_pscsi.c
+@@ -129,10 +129,10 @@ static int pscsi_pmode_enable_hba(struct se_hba *hba, unsigned long mode_flag)
+ * pSCSI Host ID and enable for phba mode
+ */
+ sh = scsi_host_lookup(phv->phv_host_id);
+- if (IS_ERR(sh)) {
++ if (!sh) {
+ pr_err("pSCSI: Unable to locate SCSI Host for"
+ " phv_host_id: %d\n", phv->phv_host_id);
+- return PTR_ERR(sh);
++ return -EINVAL;
+ }
+
+ phv->phv_lld_host = sh;
+@@ -564,10 +564,10 @@ static struct se_device *pscsi_create_virtdevice(
+ sh = phv->phv_lld_host;
+ } else {
+ sh = scsi_host_lookup(pdv->pdv_host_id);
+- if (IS_ERR(sh)) {
++ if (!sh) {
+ pr_err("pSCSI: Unable to locate"
+ " pdv_host_id: %d\n", pdv->pdv_host_id);
+- return ERR_CAST(sh);
++ return ERR_PTR(-EINVAL);
+ }
+ }
+ } else {
+diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
+index a783d53..af57648 100644
+--- a/drivers/uio/uio.c
++++ b/drivers/uio/uio.c
+@@ -650,16 +650,28 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
+ {
+ struct uio_device *idev = vma->vm_private_data;
+ int mi = uio_find_mem_index(vma);
++ struct uio_mem *mem;
+ if (mi < 0)
+ return -EINVAL;
++ mem = idev->info->mem + mi;
+
+- vma->vm_flags |= VM_IO | VM_RESERVED;
++ if (vma->vm_end - vma->vm_start > mem->size)
++ return -EINVAL;
+
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+
++ /*
++ * We cannot use the vm_iomap_memory() helper here,
++ * because vma->vm_pgoff is the map index we looked
++ * up above in uio_find_mem_index(), rather than an
++ * actual page offset into the mmap.
++ *
++ * So we just do the physical mmap without a page
++ * offset.
++ */
+ return remap_pfn_range(vma,
+ vma->vm_start,
+- idev->info->mem[mi].addr >> PAGE_SHIFT,
++ mem->addr >> PAGE_SHIFT,
+ vma->vm_end - vma->vm_start,
+ vma->vm_page_prot);
+ }
+diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
+index f52182d..bcde6f6 100644
+--- a/drivers/usb/core/quirks.c
++++ b/drivers/usb/core/quirks.c
+@@ -97,6 +97,9 @@ static const struct usb_device_id usb_quirk_list[] = {
+ /* Alcor Micro Corp. Hub */
+ { USB_DEVICE(0x058f, 0x9254), .driver_info = USB_QUIRK_RESET_RESUME },
+
++ /* MicroTouch Systems touchscreen */
++ { USB_DEVICE(0x0596, 0x051e), .driver_info = USB_QUIRK_RESET_RESUME },
++
+ /* appletouch */
+ { USB_DEVICE(0x05ac, 0x021a), .driver_info = USB_QUIRK_RESET_RESUME },
+
+@@ -130,6 +133,9 @@ static const struct usb_device_id usb_quirk_list[] = {
+ /* Broadcom BCM92035DGROM BT dongle */
+ { USB_DEVICE(0x0a5c, 0x2021), .driver_info = USB_QUIRK_RESET_RESUME },
+
++ /* MAYA44USB sound device */
++ { USB_DEVICE(0x0a92, 0x0091), .driver_info = USB_QUIRK_RESET_RESUME },
++
+ /* Action Semiconductor flash disk */
+ { USB_DEVICE(0x10d6, 0x2200), .driver_info =
+ USB_QUIRK_STRING_FETCH_255 },
+diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
+index 24107a7..107e6b4 100644
+--- a/drivers/usb/host/xhci-hub.c
++++ b/drivers/usb/host/xhci-hub.c
+@@ -1007,20 +1007,6 @@ int xhci_bus_suspend(struct usb_hcd *hcd)
+ t1 = xhci_port_state_to_neutral(t1);
+ if (t1 != t2)
+ xhci_writel(xhci, t2, port_array[port_index]);
+-
+- if (hcd->speed != HCD_USB3) {
+- /* enable remote wake up for USB 2.0 */
+- __le32 __iomem *addr;
+- u32 tmp;
+-
+- /* Add one to the port status register address to get
+- * the port power control register address.
+- */
+- addr = port_array[port_index] + 1;
+- tmp = xhci_readl(xhci, addr);
+- tmp |= PORT_RWE;
+- xhci_writel(xhci, tmp, addr);
+- }
+ }
+ hcd->state = HC_STATE_SUSPENDED;
+ bus_state->next_statechange = jiffies + msecs_to_jiffies(10);
+@@ -1099,20 +1085,6 @@ int xhci_bus_resume(struct usb_hcd *hcd)
+ xhci_ring_device(xhci, slot_id);
+ } else
+ xhci_writel(xhci, temp, port_array[port_index]);
+-
+- if (hcd->speed != HCD_USB3) {
+- /* disable remote wake up for USB 2.0 */
+- __le32 __iomem *addr;
+- u32 tmp;
+-
+- /* Add one to the port status register address to get
+- * the port power control register address.
+- */
+- addr = port_array[port_index] + 1;
+- tmp = xhci_readl(xhci, addr);
+- tmp &= ~PORT_RWE;
+- xhci_writel(xhci, tmp, addr);
+- }
+ }
+
+ (void) xhci_readl(xhci, &xhci->op_regs->command);
+diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
+index 61b0668..827f933 100644
+--- a/drivers/usb/host/xhci-pci.c
++++ b/drivers/usb/host/xhci-pci.c
+@@ -34,6 +34,9 @@
+ #define PCI_VENDOR_ID_ETRON 0x1b6f
+ #define PCI_DEVICE_ID_ASROCK_P67 0x7023
+
++#define PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI 0x8c31
++#define PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI 0x9c31
++
+ static const char hcd_name[] = "xhci_hcd";
+
+ /* called after powerup, by probe or system-pm "wakeup" */
+@@ -67,6 +70,14 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
+ xhci_dbg(xhci, "QUIRK: Fresco Logic xHC needs configure"
+ " endpoint cmd after reset endpoint\n");
+ }
++ if (pdev->device == PCI_DEVICE_ID_FRESCO_LOGIC_PDK &&
++ pdev->revision == 0x4) {
++ xhci->quirks |= XHCI_SLOW_SUSPEND;
++ xhci_dbg(xhci,
++ "QUIRK: Fresco Logic xHC revision %u"
++ "must be suspended extra slowly",
++ pdev->revision);
++ }
+ /* Fresco Logic confirms: all revisions of this chip do not
+ * support MSI, even though some of them claim to in their PCI
+ * capabilities.
+@@ -103,6 +114,15 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
+ xhci->quirks |= XHCI_SPURIOUS_REBOOT;
+ xhci->quirks |= XHCI_AVOID_BEI;
+ }
++ if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
++ (pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_XHCI ||
++ pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI)) {
++ /* Workaround for occasional spurious wakeups from S5 (or
++ * any other sleep) on Haswell machines with LPT and LPT-LP
++ * with the new Intel BIOS
++ */
++ xhci->quirks |= XHCI_SPURIOUS_WAKEUP;
++ }
+ if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
+ pdev->device == PCI_DEVICE_ID_ASROCK_P67) {
+ xhci->quirks |= XHCI_RESET_ON_RESUME;
+@@ -202,6 +222,11 @@ static void xhci_pci_remove(struct pci_dev *dev)
+ usb_put_hcd(xhci->shared_hcd);
+ }
+ usb_hcd_pci_remove(dev);
++
++ /* Workaround for spurious wakeups at shutdown with HSW */
++ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP)
++ pci_set_power_state(dev, PCI_D3hot);
++
+ kfree(xhci);
+ }
+
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index 629aa74..03c35da 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -763,12 +763,19 @@ void xhci_shutdown(struct usb_hcd *hcd)
+
+ spin_lock_irq(&xhci->lock);
+ xhci_halt(xhci);
++ /* Workaround for spurious wakeups at shutdown with HSW */
++ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP)
++ xhci_reset(xhci);
+ spin_unlock_irq(&xhci->lock);
+
+ xhci_cleanup_msix(xhci);
+
+ xhci_dbg(xhci, "xhci_shutdown completed - status = %x\n",
+ xhci_readl(xhci, &xhci->op_regs->status));
++
++ /* Yet another workaround for spurious wakeups at shutdown with HSW */
++ if (xhci->quirks & XHCI_SPURIOUS_WAKEUP)
++ pci_set_power_state(to_pci_dev(hcd->self.controller), PCI_D3hot);
+ }
+
+ #ifdef CONFIG_PM
+@@ -869,6 +876,7 @@ static void xhci_clear_command_ring(struct xhci_hcd *xhci)
+ int xhci_suspend(struct xhci_hcd *xhci)
+ {
+ int rc = 0;
++ unsigned int delay = XHCI_MAX_HALT_USEC;
+ struct usb_hcd *hcd = xhci_to_hcd(xhci);
+ u32 command;
+
+@@ -887,8 +895,12 @@ int xhci_suspend(struct xhci_hcd *xhci)
+ command = xhci_readl(xhci, &xhci->op_regs->command);
+ command &= ~CMD_RUN;
+ xhci_writel(xhci, command, &xhci->op_regs->command);
++
++ /* Some chips from Fresco Logic need an extraordinary delay */
++ delay *= (xhci->quirks & XHCI_SLOW_SUSPEND) ? 10 : 1;
++
+ if (handshake(xhci, &xhci->op_regs->status,
+- STS_HALT, STS_HALT, XHCI_MAX_HALT_USEC)) {
++ STS_HALT, STS_HALT, delay)) {
+ xhci_warn(xhci, "WARN: xHC CMD_RUN timeout\n");
+ spin_unlock_irq(&xhci->lock);
+ return -ETIMEDOUT;
+diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
+index 8b4cce45..cf4fd24 100644
+--- a/drivers/usb/host/xhci.h
++++ b/drivers/usb/host/xhci.h
+@@ -1493,6 +1493,8 @@ struct xhci_hcd {
+ #define XHCI_SPURIOUS_REBOOT (1 << 13)
+ #define XHCI_COMP_MODE_QUIRK (1 << 14)
+ #define XHCI_AVOID_BEI (1 << 15)
++#define XHCI_SLOW_SUSPEND (1 << 17)
++#define XHCI_SPURIOUS_WAKEUP (1 << 18)
+ unsigned int num_active_eps;
+ unsigned int limit_active_eps;
+ /* There are two roothubs to keep track of bus suspend info for */
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
+index 536c4ad..d8ace82 100644
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -457,6 +457,10 @@ static void option_instat_callback(struct urb *urb);
+ #define CHANGHONG_VENDOR_ID 0x2077
+ #define CHANGHONG_PRODUCT_CH690 0x7001
+
++/* Inovia */
++#define INOVIA_VENDOR_ID 0x20a6
++#define INOVIA_SEW858 0x1105
++
+ /* some devices interfaces need special handling due to a number of reasons */
+ enum option_blacklist_reason {
+ OPTION_BLACKLIST_NONE = 0,
+@@ -703,6 +707,222 @@ static const struct usb_device_id option_ids[] = {
+ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x02, 0x7A) },
+ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x02, 0x7B) },
+ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x02, 0x7C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x01) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x02) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x03) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x04) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x05) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x06) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x0F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x10) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x12) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x13) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x14) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x15) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x17) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x18) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x19) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x1A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x1B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x1C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x31) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x32) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x33) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x34) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x35) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x36) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x3F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x48) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x49) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x4A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x4B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x4C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x61) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x62) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x63) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x64) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x65) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x66) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x6F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x78) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x79) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x7A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x7B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x03, 0x7C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x01) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x02) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x03) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x04) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x05) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x06) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x0F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x10) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x12) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x13) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x14) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x15) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x17) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x18) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x19) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x1A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x1B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x1C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x31) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x32) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x33) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x34) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x35) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x36) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x3F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x48) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x49) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x4A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x4B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x4C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x61) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x62) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x63) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x64) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x65) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x66) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x6F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x78) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x79) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x7A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x7B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x04, 0x7C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x01) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x02) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x03) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x04) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x05) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x06) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x0F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x10) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x12) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x13) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x14) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x15) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x17) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x18) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x19) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x1A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x1B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x1C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x31) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x32) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x33) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x34) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x35) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x36) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x3F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x48) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x49) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x4A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x4B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x4C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x61) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x62) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x63) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x64) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x65) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x66) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x6F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x78) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x79) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x7A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x7B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x05, 0x7C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x01) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x02) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x03) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x04) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x05) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x06) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x0F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x10) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x12) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x13) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x14) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x15) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x17) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x18) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x19) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x1A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x1B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x1C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x31) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x32) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x33) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x34) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x35) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x36) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x3F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x48) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x49) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x4A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x4B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x4C) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x61) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x62) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x63) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x64) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x65) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x66) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6D) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6E) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x6F) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x78) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x79) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x7A) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x7B) },
++ { USB_VENDOR_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0xff, 0x06, 0x7C) },
+
+
+ { USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V640) },
+@@ -1279,7 +1499,9 @@ static const struct usb_device_id option_ids[] = {
+
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) },
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) },
+- { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200) },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200),
++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist
++ },
+ { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */
+ { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/
+ { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM600) },
+@@ -1367,6 +1589,7 @@ static const struct usb_device_id option_ids[] = {
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) },
+ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
++ { USB_DEVICE(INOVIA_VENDOR_ID, INOVIA_SEW858) },
+ { } /* Terminating entry */
+ };
+ MODULE_DEVICE_TABLE(usb, option_ids);
+diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
+index 649cb35..1be8b5d 100644
+--- a/drivers/video/au1100fb.c
++++ b/drivers/video/au1100fb.c
+@@ -387,39 +387,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
+ int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
+ {
+ struct au1100fb_device *fbdev;
+- unsigned int len;
+- unsigned long start=0, off;
+
+ fbdev = to_au1100fb_device(fbi);
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
+
+- vma->vm_flags |= VM_IO;
+-
+- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot)) {
+- return -EAGAIN;
+- }
+-
+- return 0;
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ static struct fb_ops au1100fb_ops =
+diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
+index 7200559..5bd7d88 100644
+--- a/drivers/video/au1200fb.c
++++ b/drivers/video/au1200fb.c
+@@ -1216,38 +1216,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
+ * method mainly to allow the use of the TLB streaming flag (CCA=6)
+ */
+ static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
+-
+ {
+- unsigned int len;
+- unsigned long start=0, off;
+ struct au1200fb_device *fbdev = info->par;
+
+- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
+- return -EINVAL;
+- }
+-
+- start = fbdev->fb_phys & PAGE_MASK;
+- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
+-
+- off = vma->vm_pgoff << PAGE_SHIFT;
+-
+- if ((vma->vm_end - vma->vm_start + off) > len) {
+- return -EINVAL;
+- }
+-
+- off += start;
+- vma->vm_pgoff = off >> PAGE_SHIFT;
+-
+ vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
+
+- vma->vm_flags |= VM_IO;
+-
+- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+- vma->vm_end - vma->vm_start,
+- vma->vm_page_prot);
+-
+- return 0;
++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
+ }
+
+ static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
+diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
+index ac1ad48..5ce56e7 100644
+--- a/fs/ecryptfs/keystore.c
++++ b/fs/ecryptfs/keystore.c
+@@ -1151,7 +1151,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
+ struct ecryptfs_msg_ctx *msg_ctx;
+ struct ecryptfs_message *msg = NULL;
+ char *auth_tok_sig;
+- char *payload;
++ char *payload = NULL;
+ size_t payload_len;
+ int rc;
+
+@@ -1206,6 +1206,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
+ out:
+ if (msg)
+ kfree(msg);
++ kfree(payload);
+ return rc;
+ }
+
+diff --git a/fs/ext3/dir.c b/fs/ext3/dir.c
+index 34f0a07..3268697 100644
+--- a/fs/ext3/dir.c
++++ b/fs/ext3/dir.c
+@@ -25,6 +25,7 @@
+ #include <linux/jbd.h>
+ #include <linux/ext3_fs.h>
+ #include <linux/buffer_head.h>
++#include <linux/compat.h>
+ #include <linux/slab.h>
+ #include <linux/rbtree.h>
+
+@@ -32,24 +33,8 @@ static unsigned char ext3_filetype_table[] = {
+ DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK, DT_FIFO, DT_SOCK, DT_LNK
+ };
+
+-static int ext3_readdir(struct file *, void *, filldir_t);
+ static int ext3_dx_readdir(struct file * filp,
+ void * dirent, filldir_t filldir);
+-static int ext3_release_dir (struct inode * inode,
+- struct file * filp);
+-
+-const struct file_operations ext3_dir_operations = {
+- .llseek = generic_file_llseek,
+- .read = generic_read_dir,
+- .readdir = ext3_readdir, /* we take BKL. needed?*/
+- .unlocked_ioctl = ext3_ioctl,
+-#ifdef CONFIG_COMPAT
+- .compat_ioctl = ext3_compat_ioctl,
+-#endif
+- .fsync = ext3_sync_file, /* BKL held */
+- .release = ext3_release_dir,
+-};
+-
+
+ static unsigned char get_dtype(struct super_block *sb, int filetype)
+ {
+@@ -60,6 +45,25 @@ static unsigned char get_dtype(struct super_block *sb, int filetype)
+ return (ext3_filetype_table[filetype]);
+ }
+
++/**
++ * Check if the given dir-inode refers to an htree-indexed directory
++ * (or a directory which chould potentially get coverted to use htree
++ * indexing).
++ *
++ * Return 1 if it is a dx dir, 0 if not
++ */
++static int is_dx_dir(struct inode *inode)
++{
++ struct super_block *sb = inode->i_sb;
++
++ if (EXT3_HAS_COMPAT_FEATURE(inode->i_sb,
++ EXT3_FEATURE_COMPAT_DIR_INDEX) &&
++ ((EXT3_I(inode)->i_flags & EXT3_INDEX_FL) ||
++ ((inode->i_size >> sb->s_blocksize_bits) == 1)))
++ return 1;
++
++ return 0;
++}
+
+ int ext3_check_dir_entry (const char * function, struct inode * dir,
+ struct ext3_dir_entry_2 * de,
+@@ -99,18 +103,13 @@ static int ext3_readdir(struct file * filp,
+ unsigned long offset;
+ int i, stored;
+ struct ext3_dir_entry_2 *de;
+- struct super_block *sb;
+ int err;
+ struct inode *inode = filp->f_path.dentry->d_inode;
++ struct super_block *sb = inode->i_sb;
+ int ret = 0;
+ int dir_has_error = 0;
+
+- sb = inode->i_sb;
+-
+- if (EXT3_HAS_COMPAT_FEATURE(inode->i_sb,
+- EXT3_FEATURE_COMPAT_DIR_INDEX) &&
+- ((EXT3_I(inode)->i_flags & EXT3_INDEX_FL) ||
+- ((inode->i_size >> sb->s_blocksize_bits) == 1))) {
++ if (is_dx_dir(inode)) {
+ err = ext3_dx_readdir(filp, dirent, filldir);
+ if (err != ERR_BAD_DX_DIR) {
+ ret = err;
+@@ -232,22 +231,87 @@ out:
+ return ret;
+ }
+
++static inline int is_32bit_api(void)
++{
++#ifdef CONFIG_COMPAT
++ return is_compat_task();
++#else
++ return (BITS_PER_LONG == 32);
++#endif
++}
++
+ /*
+ * These functions convert from the major/minor hash to an f_pos
+- * value.
++ * value for dx directories
+ *
+- * Currently we only use major hash numer. This is unfortunate, but
+- * on 32-bit machines, the same VFS interface is used for lseek and
+- * llseek, so if we use the 64 bit offset, then the 32-bit versions of
+- * lseek/telldir/seekdir will blow out spectacularly, and from within
+- * the ext2 low-level routine, we don't know if we're being called by
+- * a 64-bit version of the system call or the 32-bit version of the
+- * system call. Worse yet, NFSv2 only allows for a 32-bit readdir
+- * cookie. Sigh.
++ * Upper layer (for example NFS) should specify FMODE_32BITHASH or
++ * FMODE_64BITHASH explicitly. On the other hand, we allow ext3 to be mounted
++ * directly on both 32-bit and 64-bit nodes, under such case, neither
++ * FMODE_32BITHASH nor FMODE_64BITHASH is specified.
+ */
+-#define hash2pos(major, minor) (major >> 1)
+-#define pos2maj_hash(pos) ((pos << 1) & 0xffffffff)
+-#define pos2min_hash(pos) (0)
++static inline loff_t hash2pos(struct file *filp, __u32 major, __u32 minor)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return major >> 1;
++ else
++ return ((__u64)(major >> 1) << 32) | (__u64)minor;
++}
++
++static inline __u32 pos2maj_hash(struct file *filp, loff_t pos)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return (pos << 1) & 0xffffffff;
++ else
++ return ((pos >> 32) << 1) & 0xffffffff;
++}
++
++static inline __u32 pos2min_hash(struct file *filp, loff_t pos)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return 0;
++ else
++ return pos & 0xffffffff;
++}
++
++/*
++ * Return 32- or 64-bit end-of-file for dx directories
++ */
++static inline loff_t ext3_get_htree_eof(struct file *filp)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return EXT3_HTREE_EOF_32BIT;
++ else
++ return EXT3_HTREE_EOF_64BIT;
++}
++
++
++/*
++ * ext3_dir_llseek() calls generic_file_llseek[_size]() to handle both
++ * non-htree and htree directories, where the "offset" is in terms
++ * of the filename hash value instead of the byte offset.
++ *
++ * Because we may return a 64-bit hash that is well beyond s_maxbytes,
++ * we need to pass the max hash as the maximum allowable offset in
++ * the htree directory case.
++ *
++ * NOTE: offsets obtained *before* ext3_set_inode_flag(dir, EXT3_INODE_INDEX)
++ * will be invalid once the directory was converted into a dx directory
++ */
++loff_t ext3_dir_llseek(struct file *file, loff_t offset, int origin)
++{
++ struct inode *inode = file->f_mapping->host;
++ int dx_dir = is_dx_dir(inode);
++
++ if (likely(dx_dir))
++ return generic_file_llseek_size(file, offset, origin,
++ ext3_get_htree_eof(file));
++ else
++ return generic_file_llseek(file, offset, origin);
++}
+
+ /*
+ * This structure holds the nodes of the red-black tree used to store
+@@ -308,15 +372,16 @@ static void free_rb_tree_fname(struct rb_root *root)
+ }
+
+
+-static struct dir_private_info *ext3_htree_create_dir_info(loff_t pos)
++static struct dir_private_info *ext3_htree_create_dir_info(struct file *filp,
++ loff_t pos)
+ {
+ struct dir_private_info *p;
+
+ p = kzalloc(sizeof(struct dir_private_info), GFP_KERNEL);
+ if (!p)
+ return NULL;
+- p->curr_hash = pos2maj_hash(pos);
+- p->curr_minor_hash = pos2min_hash(pos);
++ p->curr_hash = pos2maj_hash(filp, pos);
++ p->curr_minor_hash = pos2min_hash(filp, pos);
+ return p;
+ }
+
+@@ -406,7 +471,7 @@ static int call_filldir(struct file * filp, void * dirent,
+ printk("call_filldir: called with null fname?!?\n");
+ return 0;
+ }
+- curr_pos = hash2pos(fname->hash, fname->minor_hash);
++ curr_pos = hash2pos(filp, fname->hash, fname->minor_hash);
+ while (fname) {
+ error = filldir(dirent, fname->name,
+ fname->name_len, curr_pos,
+@@ -431,13 +496,13 @@ static int ext3_dx_readdir(struct file * filp,
+ int ret;
+
+ if (!info) {
+- info = ext3_htree_create_dir_info(filp->f_pos);
++ info = ext3_htree_create_dir_info(filp, filp->f_pos);
+ if (!info)
+ return -ENOMEM;
+ filp->private_data = info;
+ }
+
+- if (filp->f_pos == EXT3_HTREE_EOF)
++ if (filp->f_pos == ext3_get_htree_eof(filp))
+ return 0; /* EOF */
+
+ /* Some one has messed with f_pos; reset the world */
+@@ -445,8 +510,8 @@ static int ext3_dx_readdir(struct file * filp,
+ free_rb_tree_fname(&info->root);
+ info->curr_node = NULL;
+ info->extra_fname = NULL;
+- info->curr_hash = pos2maj_hash(filp->f_pos);
+- info->curr_minor_hash = pos2min_hash(filp->f_pos);
++ info->curr_hash = pos2maj_hash(filp, filp->f_pos);
++ info->curr_minor_hash = pos2min_hash(filp, filp->f_pos);
+ }
+
+ /*
+@@ -478,7 +543,7 @@ static int ext3_dx_readdir(struct file * filp,
+ if (ret < 0)
+ return ret;
+ if (ret == 0) {
+- filp->f_pos = EXT3_HTREE_EOF;
++ filp->f_pos = ext3_get_htree_eof(filp);
+ break;
+ }
+ info->curr_node = rb_first(&info->root);
+@@ -498,7 +563,7 @@ static int ext3_dx_readdir(struct file * filp,
+ info->curr_minor_hash = fname->minor_hash;
+ } else {
+ if (info->next_hash == ~0) {
+- filp->f_pos = EXT3_HTREE_EOF;
++ filp->f_pos = ext3_get_htree_eof(filp);
+ break;
+ }
+ info->curr_hash = info->next_hash;
+@@ -517,3 +582,15 @@ static int ext3_release_dir (struct inode * inode, struct file * filp)
+
+ return 0;
+ }
++
++const struct file_operations ext3_dir_operations = {
++ .llseek = ext3_dir_llseek,
++ .read = generic_read_dir,
++ .readdir = ext3_readdir,
++ .unlocked_ioctl = ext3_ioctl,
++#ifdef CONFIG_COMPAT
++ .compat_ioctl = ext3_compat_ioctl,
++#endif
++ .fsync = ext3_sync_file,
++ .release = ext3_release_dir,
++};
+diff --git a/fs/ext3/hash.c b/fs/ext3/hash.c
+index 7d215b4..d4d3ade 100644
+--- a/fs/ext3/hash.c
++++ b/fs/ext3/hash.c
+@@ -200,8 +200,8 @@ int ext3fs_dirhash(const char *name, int len, struct dx_hash_info *hinfo)
+ return -1;
+ }
+ hash = hash & ~1;
+- if (hash == (EXT3_HTREE_EOF << 1))
+- hash = (EXT3_HTREE_EOF-1) << 1;
++ if (hash == (EXT3_HTREE_EOF_32BIT << 1))
++ hash = (EXT3_HTREE_EOF_32BIT - 1) << 1;
+ hinfo->hash = hash;
+ hinfo->minor_hash = minor_hash;
+ return 0;
+diff --git a/fs/ext4/dir.c b/fs/ext4/dir.c
+index 164c560..689d1b1 100644
+--- a/fs/ext4/dir.c
++++ b/fs/ext4/dir.c
+@@ -32,24 +32,8 @@ static unsigned char ext4_filetype_table[] = {
+ DT_UNKNOWN, DT_REG, DT_DIR, DT_CHR, DT_BLK, DT_FIFO, DT_SOCK, DT_LNK
+ };
+
+-static int ext4_readdir(struct file *, void *, filldir_t);
+ static int ext4_dx_readdir(struct file *filp,
+ void *dirent, filldir_t filldir);
+-static int ext4_release_dir(struct inode *inode,
+- struct file *filp);
+-
+-const struct file_operations ext4_dir_operations = {
+- .llseek = ext4_llseek,
+- .read = generic_read_dir,
+- .readdir = ext4_readdir, /* we take BKL. needed?*/
+- .unlocked_ioctl = ext4_ioctl,
+-#ifdef CONFIG_COMPAT
+- .compat_ioctl = ext4_compat_ioctl,
+-#endif
+- .fsync = ext4_sync_file,
+- .release = ext4_release_dir,
+-};
+-
+
+ static unsigned char get_dtype(struct super_block *sb, int filetype)
+ {
+@@ -60,6 +44,26 @@ static unsigned char get_dtype(struct super_block *sb, int filetype)
+ return (ext4_filetype_table[filetype]);
+ }
+
++/**
++ * Check if the given dir-inode refers to an htree-indexed directory
++ * (or a directory which chould potentially get coverted to use htree
++ * indexing).
++ *
++ * Return 1 if it is a dx dir, 0 if not
++ */
++static int is_dx_dir(struct inode *inode)
++{
++ struct super_block *sb = inode->i_sb;
++
++ if (EXT4_HAS_COMPAT_FEATURE(inode->i_sb,
++ EXT4_FEATURE_COMPAT_DIR_INDEX) &&
++ ((ext4_test_inode_flag(inode, EXT4_INODE_INDEX)) ||
++ ((inode->i_size >> sb->s_blocksize_bits) == 1)))
++ return 1;
++
++ return 0;
++}
++
+ /*
+ * Return 0 if the directory entry is OK, and 1 if there is a problem
+ *
+@@ -115,18 +119,13 @@ static int ext4_readdir(struct file *filp,
+ unsigned int offset;
+ int i, stored;
+ struct ext4_dir_entry_2 *de;
+- struct super_block *sb;
+ int err;
+ struct inode *inode = filp->f_path.dentry->d_inode;
++ struct super_block *sb = inode->i_sb;
+ int ret = 0;
+ int dir_has_error = 0;
+
+- sb = inode->i_sb;
+-
+- if (EXT4_HAS_COMPAT_FEATURE(inode->i_sb,
+- EXT4_FEATURE_COMPAT_DIR_INDEX) &&
+- ((ext4_test_inode_flag(inode, EXT4_INODE_INDEX)) ||
+- ((inode->i_size >> sb->s_blocksize_bits) == 1))) {
++ if (is_dx_dir(inode)) {
+ err = ext4_dx_readdir(filp, dirent, filldir);
+ if (err != ERR_BAD_DX_DIR) {
+ ret = err;
+@@ -254,22 +253,134 @@ out:
+ return ret;
+ }
+
++static inline int is_32bit_api(void)
++{
++#ifdef CONFIG_COMPAT
++ return is_compat_task();
++#else
++ return (BITS_PER_LONG == 32);
++#endif
++}
++
+ /*
+ * These functions convert from the major/minor hash to an f_pos
+- * value.
++ * value for dx directories
++ *
++ * Upper layer (for example NFS) should specify FMODE_32BITHASH or
++ * FMODE_64BITHASH explicitly. On the other hand, we allow ext4 to be mounted
++ * directly on both 32-bit and 64-bit nodes, under such case, neither
++ * FMODE_32BITHASH nor FMODE_64BITHASH is specified.
++ */
++static inline loff_t hash2pos(struct file *filp, __u32 major, __u32 minor)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return major >> 1;
++ else
++ return ((__u64)(major >> 1) << 32) | (__u64)minor;
++}
++
++static inline __u32 pos2maj_hash(struct file *filp, loff_t pos)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return (pos << 1) & 0xffffffff;
++ else
++ return ((pos >> 32) << 1) & 0xffffffff;
++}
++
++static inline __u32 pos2min_hash(struct file *filp, loff_t pos)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return 0;
++ else
++ return pos & 0xffffffff;
++}
++
++/*
++ * Return 32- or 64-bit end-of-file for dx directories
++ */
++static inline loff_t ext4_get_htree_eof(struct file *filp)
++{
++ if ((filp->f_mode & FMODE_32BITHASH) ||
++ (!(filp->f_mode & FMODE_64BITHASH) && is_32bit_api()))
++ return EXT4_HTREE_EOF_32BIT;
++ else
++ return EXT4_HTREE_EOF_64BIT;
++}
++
++
++/*
++ * ext4_dir_llseek() based on generic_file_llseek() to handle both
++ * non-htree and htree directories, where the "offset" is in terms
++ * of the filename hash value instead of the byte offset.
+ *
+- * Currently we only use major hash numer. This is unfortunate, but
+- * on 32-bit machines, the same VFS interface is used for lseek and
+- * llseek, so if we use the 64 bit offset, then the 32-bit versions of
+- * lseek/telldir/seekdir will blow out spectacularly, and from within
+- * the ext2 low-level routine, we don't know if we're being called by
+- * a 64-bit version of the system call or the 32-bit version of the
+- * system call. Worse yet, NFSv2 only allows for a 32-bit readdir
+- * cookie. Sigh.
++ * NOTE: offsets obtained *before* ext4_set_inode_flag(dir, EXT4_INODE_INDEX)
++ * will be invalid once the directory was converted into a dx directory
+ */
+-#define hash2pos(major, minor) (major >> 1)
+-#define pos2maj_hash(pos) ((pos << 1) & 0xffffffff)
+-#define pos2min_hash(pos) (0)
++loff_t ext4_dir_llseek(struct file *file, loff_t offset, int origin)
++{
++ struct inode *inode = file->f_mapping->host;
++ loff_t ret = -EINVAL;
++ int dx_dir = is_dx_dir(inode);
++
++ mutex_lock(&inode->i_mutex);
++
++ /* NOTE: relative offsets with dx directories might not work
++ * as expected, as it is difficult to figure out the
++ * correct offset between dx hashes */
++
++ switch (origin) {
++ case SEEK_END:
++ if (unlikely(offset > 0))
++ goto out_err; /* not supported for directories */
++
++ /* so only negative offsets are left, does that have a
++ * meaning for directories at all? */
++ if (dx_dir)
++ offset += ext4_get_htree_eof(file);
++ else
++ offset += inode->i_size;
++ break;
++ case SEEK_CUR:
++ /*
++ * Here we special-case the lseek(fd, 0, SEEK_CUR)
++ * position-querying operation. Avoid rewriting the "same"
++ * f_pos value back to the file because a concurrent read(),
++ * write() or lseek() might have altered it
++ */
++ if (offset == 0) {
++ offset = file->f_pos;
++ goto out_ok;
++ }
++
++ offset += file->f_pos;
++ break;
++ }
++
++ if (unlikely(offset < 0))
++ goto out_err;
++
++ if (!dx_dir) {
++ if (offset > inode->i_sb->s_maxbytes)
++ goto out_err;
++ } else if (offset > ext4_get_htree_eof(file))
++ goto out_err;
++
++ /* Special lock needed here? */
++ if (offset != file->f_pos) {
++ file->f_pos = offset;
++ file->f_version = 0;
++ }
++
++out_ok:
++ ret = offset;
++out_err:
++ mutex_unlock(&inode->i_mutex);
++
++ return ret;
++}
+
+ /*
+ * This structure holds the nodes of the red-black tree used to store
+@@ -330,15 +441,16 @@ static void free_rb_tree_fname(struct rb_root *root)
+ }
+
+
+-static struct dir_private_info *ext4_htree_create_dir_info(loff_t pos)
++static struct dir_private_info *ext4_htree_create_dir_info(struct file *filp,
++ loff_t pos)
+ {
+ struct dir_private_info *p;
+
+ p = kzalloc(sizeof(struct dir_private_info), GFP_KERNEL);
+ if (!p)
+ return NULL;
+- p->curr_hash = pos2maj_hash(pos);
+- p->curr_minor_hash = pos2min_hash(pos);
++ p->curr_hash = pos2maj_hash(filp, pos);
++ p->curr_minor_hash = pos2min_hash(filp, pos);
+ return p;
+ }
+
+@@ -429,7 +541,7 @@ static int call_filldir(struct file *filp, void *dirent,
+ "null fname?!?\n");
+ return 0;
+ }
+- curr_pos = hash2pos(fname->hash, fname->minor_hash);
++ curr_pos = hash2pos(filp, fname->hash, fname->minor_hash);
+ while (fname) {
+ error = filldir(dirent, fname->name,
+ fname->name_len, curr_pos,
+@@ -454,13 +566,13 @@ static int ext4_dx_readdir(struct file *filp,
+ int ret;
+
+ if (!info) {
+- info = ext4_htree_create_dir_info(filp->f_pos);
++ info = ext4_htree_create_dir_info(filp, filp->f_pos);
+ if (!info)
+ return -ENOMEM;
+ filp->private_data = info;
+ }
+
+- if (filp->f_pos == EXT4_HTREE_EOF)
++ if (filp->f_pos == ext4_get_htree_eof(filp))
+ return 0; /* EOF */
+
+ /* Some one has messed with f_pos; reset the world */
+@@ -468,8 +580,8 @@ static int ext4_dx_readdir(struct file *filp,
+ free_rb_tree_fname(&info->root);
+ info->curr_node = NULL;
+ info->extra_fname = NULL;
+- info->curr_hash = pos2maj_hash(filp->f_pos);
+- info->curr_minor_hash = pos2min_hash(filp->f_pos);
++ info->curr_hash = pos2maj_hash(filp, filp->f_pos);
++ info->curr_minor_hash = pos2min_hash(filp, filp->f_pos);
+ }
+
+ /*
+@@ -501,7 +613,7 @@ static int ext4_dx_readdir(struct file *filp,
+ if (ret < 0)
+ return ret;
+ if (ret == 0) {
+- filp->f_pos = EXT4_HTREE_EOF;
++ filp->f_pos = ext4_get_htree_eof(filp);
+ break;
+ }
+ info->curr_node = rb_first(&info->root);
+@@ -521,7 +633,7 @@ static int ext4_dx_readdir(struct file *filp,
+ info->curr_minor_hash = fname->minor_hash;
+ } else {
+ if (info->next_hash == ~0) {
+- filp->f_pos = EXT4_HTREE_EOF;
++ filp->f_pos = ext4_get_htree_eof(filp);
+ break;
+ }
+ info->curr_hash = info->next_hash;
+@@ -540,3 +652,15 @@ static int ext4_release_dir(struct inode *inode, struct file *filp)
+
+ return 0;
+ }
++
++const struct file_operations ext4_dir_operations = {
++ .llseek = ext4_dir_llseek,
++ .read = generic_read_dir,
++ .readdir = ext4_readdir,
++ .unlocked_ioctl = ext4_ioctl,
++#ifdef CONFIG_COMPAT
++ .compat_ioctl = ext4_compat_ioctl,
++#endif
++ .fsync = ext4_sync_file,
++ .release = ext4_release_dir,
++};
+diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
+index 60b6ca5..22c71b9 100644
+--- a/fs/ext4/ext4.h
++++ b/fs/ext4/ext4.h
+@@ -1597,7 +1597,11 @@ struct dx_hash_info
+ u32 *seed;
+ };
+
+-#define EXT4_HTREE_EOF 0x7fffffff
++
++/* 32 and 64 bit signed EOF for dx directories */
++#define EXT4_HTREE_EOF_32BIT ((1UL << (32 - 1)) - 1)
++#define EXT4_HTREE_EOF_64BIT ((1ULL << (64 - 1)) - 1)
++
+
+ /*
+ * Control parameters used by ext4_htree_next_block
+diff --git a/fs/ext4/hash.c b/fs/ext4/hash.c
+index ac8f168..fa8e491 100644
+--- a/fs/ext4/hash.c
++++ b/fs/ext4/hash.c
+@@ -200,8 +200,8 @@ int ext4fs_dirhash(const char *name, int len, struct dx_hash_info *hinfo)
+ return -1;
+ }
+ hash = hash & ~1;
+- if (hash == (EXT4_HTREE_EOF << 1))
+- hash = (EXT4_HTREE_EOF-1) << 1;
++ if (hash == (EXT4_HTREE_EOF_32BIT << 1))
++ hash = (EXT4_HTREE_EOF_32BIT - 1) << 1;
+ hinfo->hash = hash;
+ hinfo->minor_hash = minor_hash;
+ return 0;
+diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
+index d5498b2..b4e9f3f 100644
+--- a/fs/ext4/xattr.c
++++ b/fs/ext4/xattr.c
+@@ -1269,6 +1269,8 @@ retry:
+ s_min_extra_isize) {
+ tried_min_extra_isize++;
+ new_extra_isize = s_min_extra_isize;
++ kfree(is); is = NULL;
++ kfree(bs); bs = NULL;
+ goto retry;
+ }
+ error = -1;
+diff --git a/fs/jfs/jfs_inode.c b/fs/jfs/jfs_inode.c
+index c1a3e60..7f464c5 100644
+--- a/fs/jfs/jfs_inode.c
++++ b/fs/jfs/jfs_inode.c
+@@ -95,7 +95,7 @@ struct inode *ialloc(struct inode *parent, umode_t mode)
+
+ if (insert_inode_locked(inode) < 0) {
+ rc = -EINVAL;
+- goto fail_unlock;
++ goto fail_put;
+ }
+
+ inode_init_owner(inode, parent, mode);
+@@ -156,7 +156,6 @@ struct inode *ialloc(struct inode *parent, umode_t mode)
+ fail_drop:
+ dquot_drop(inode);
+ inode->i_flags |= S_NOQUOTA;
+-fail_unlock:
+ clear_nlink(inode);
+ unlock_new_inode(inode);
+ fail_put:
+diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
+index 561a3dc..61b697e 100644
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -726,12 +726,13 @@ static int nfsd_open_break_lease(struct inode *inode, int access)
+
+ /*
+ * Open an existing file or directory.
+- * The access argument indicates the type of open (read/write/lock)
++ * The may_flags argument indicates the type of open (read/write/lock)
++ * and additional flags.
+ * N.B. After this call fhp needs an fh_put
+ */
+ __be32
+ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
+- int access, struct file **filp)
++ int may_flags, struct file **filp)
+ {
+ struct dentry *dentry;
+ struct inode *inode;
+@@ -746,7 +747,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
+ * and (hopefully) checked permission - so allow OWNER_OVERRIDE
+ * in case a chmod has now revoked permission.
+ */
+- err = fh_verify(rqstp, fhp, type, access | NFSD_MAY_OWNER_OVERRIDE);
++ err = fh_verify(rqstp, fhp, type, may_flags | NFSD_MAY_OWNER_OVERRIDE);
+ if (err)
+ goto out;
+
+@@ -757,7 +758,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
+ * or any access when mandatory locking enabled
+ */
+ err = nfserr_perm;
+- if (IS_APPEND(inode) && (access & NFSD_MAY_WRITE))
++ if (IS_APPEND(inode) && (may_flags & NFSD_MAY_WRITE))
+ goto out;
+ /*
+ * We must ignore files (but only files) which might have mandatory
+@@ -770,12 +771,12 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
+ if (!inode->i_fop)
+ goto out;
+
+- host_err = nfsd_open_break_lease(inode, access);
++ host_err = nfsd_open_break_lease(inode, may_flags);
+ if (host_err) /* NOMEM or WOULDBLOCK */
+ goto out_nfserr;
+
+- if (access & NFSD_MAY_WRITE) {
+- if (access & NFSD_MAY_READ)
++ if (may_flags & NFSD_MAY_WRITE) {
++ if (may_flags & NFSD_MAY_READ)
+ flags = O_RDWR|O_LARGEFILE;
+ else
+ flags = O_WRONLY|O_LARGEFILE;
+@@ -785,8 +786,15 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
+ if (IS_ERR(*filp)) {
+ host_err = PTR_ERR(*filp);
+ *filp = NULL;
+- } else
+- host_err = ima_file_check(*filp, access);
++ } else {
++ host_err = ima_file_check(*filp, may_flags);
++
++ if (may_flags & NFSD_MAY_64BIT_COOKIE)
++ (*filp)->f_mode |= FMODE_64BITHASH;
++ else
++ (*filp)->f_mode |= FMODE_32BITHASH;
++ }
++
+ out_nfserr:
+ err = nfserrno(host_err);
+ out:
+@@ -2016,8 +2024,13 @@ nfsd_readdir(struct svc_rqst *rqstp, struct svc_fh *fhp, loff_t *offsetp,
+ __be32 err;
+ struct file *file;
+ loff_t offset = *offsetp;
++ int may_flags = NFSD_MAY_READ;
++
++ /* NFSv2 only supports 32 bit cookies */
++ if (rqstp->rq_vers > 2)
++ may_flags |= NFSD_MAY_64BIT_COOKIE;
+
+- err = nfsd_open(rqstp, fhp, S_IFDIR, NFSD_MAY_READ, &file);
++ err = nfsd_open(rqstp, fhp, S_IFDIR, may_flags, &file);
+ if (err)
+ goto out;
+
+diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h
+index 3f54ad0..85d4d42 100644
+--- a/fs/nfsd/vfs.h
++++ b/fs/nfsd/vfs.h
+@@ -27,6 +27,8 @@
+ #define NFSD_MAY_BYPASS_GSS 0x400
+ #define NFSD_MAY_READ_IF_EXEC 0x800
+
++#define NFSD_MAY_64BIT_COOKIE 0x1000 /* 64 bit readdir cookies for >= NFSv3 */
++
+ #define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE)
+ #define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC)
+
+diff --git a/fs/statfs.c b/fs/statfs.c
+index 9cf04a1..a133c3e 100644
+--- a/fs/statfs.c
++++ b/fs/statfs.c
+@@ -86,7 +86,7 @@ int user_statfs(const char __user *pathname, struct kstatfs *st)
+
+ int fd_statfs(int fd, struct kstatfs *st)
+ {
+- struct file *file = fget(fd);
++ struct file *file = fget_raw(fd);
+ int error = -EBADF;
+ if (file) {
+ error = vfs_statfs(&file->f_path, st);
+diff --git a/include/drm/drm_mode.h b/include/drm/drm_mode.h
+index 7639f18..8f4ae68 100644
+--- a/include/drm/drm_mode.h
++++ b/include/drm/drm_mode.h
+@@ -184,6 +184,8 @@ struct drm_mode_get_connector {
+ __u32 connection;
+ __u32 mm_width, mm_height; /**< HxW in millimeters */
+ __u32 subpixel;
++
++ __u32 pad;
+ };
+
+ #define DRM_MODE_PROP_PENDING (1<<0)
+diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
+index 3fd17c2..5633053 100644
+--- a/include/linux/compiler-gcc.h
++++ b/include/linux/compiler-gcc.h
+@@ -5,6 +5,9 @@
+ /*
+ * Common definitions for all gcc versions go here.
+ */
++#define GCC_VERSION (__GNUC__ * 10000 \
++ + __GNUC_MINOR__ * 100 \
++ + __GNUC_PATCHLEVEL__)
+
+
+ /* Optimization barrier */
+diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
+index dfadc96..643d6c4 100644
+--- a/include/linux/compiler-gcc4.h
++++ b/include/linux/compiler-gcc4.h
+@@ -29,6 +29,21 @@
+ the kernel context */
+ #define __cold __attribute__((__cold__))
+
++/*
++ * GCC 'asm goto' miscompiles certain code sequences:
++ *
++ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58670
++ *
++ * Work it around via a compiler barrier quirk suggested by Jakub Jelinek.
++ * Fixed in GCC 4.8.2 and later versions.
++ *
++ * (asm goto is automatically volatile - the naming reflects this.)
++ */
++#if GCC_VERSION <= 40801
++# define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
++#else
++# define asm_volatile_goto(x...) do { asm goto(x); } while (0)
++#endif
+
+ #if __GNUC_MINOR__ >= 5
+ /*
+diff --git a/include/linux/ext3_fs.h b/include/linux/ext3_fs.h
+index dec9911..d59ab12 100644
+--- a/include/linux/ext3_fs.h
++++ b/include/linux/ext3_fs.h
+@@ -781,7 +781,11 @@ struct dx_hash_info
+ u32 *seed;
+ };
+
+-#define EXT3_HTREE_EOF 0x7fffffff
++
++/* 32 and 64 bit signed EOF for dx directories */
++#define EXT3_HTREE_EOF_32BIT ((1UL << (32 - 1)) - 1)
++#define EXT3_HTREE_EOF_64BIT ((1ULL << (64 - 1)) - 1)
++
+
+ /*
+ * Control parameters used by ext3_htree_next_block
+diff --git a/include/linux/fs.h b/include/linux/fs.h
+index a276817..dd74385 100644
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -92,6 +92,10 @@ struct inodes_stat_t {
+ /* File is opened using open(.., 3, ..) and is writeable only for ioctls
+ (specialy hack for floppy.c) */
+ #define FMODE_WRITE_IOCTL ((__force fmode_t)0x100)
++/* 32bit hashes as llseek() offset (for directories) */
++#define FMODE_32BITHASH ((__force fmode_t)0x200)
++/* 64bit hashes as llseek() offset (for directories) */
++#define FMODE_64BITHASH ((__force fmode_t)0x400)
+
+ /*
+ * Don't update ctime and mtime.
+@@ -907,9 +911,11 @@ static inline loff_t i_size_read(const struct inode *inode)
+ static inline void i_size_write(struct inode *inode, loff_t i_size)
+ {
+ #if BITS_PER_LONG==32 && defined(CONFIG_SMP)
++ preempt_disable();
+ write_seqcount_begin(&inode->i_size_seqcount);
+ inode->i_size = i_size;
+ write_seqcount_end(&inode->i_size_seqcount);
++ preempt_enable();
+ #elif BITS_PER_LONG==32 && defined(CONFIG_PREEMPT)
+ preempt_disable();
+ inode->i_size = i_size;
+diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
+index eeb6a29..8d5b91e 100644
+--- a/include/linux/perf_event.h
++++ b/include/linux/perf_event.h
+@@ -300,13 +300,15 @@ struct perf_event_mmap_page {
+ /*
+ * Control data for the mmap() data buffer.
+ *
+- * User-space reading the @data_head value should issue an rmb(), on
+- * SMP capable platforms, after reading this value -- see
+- * perf_event_wakeup().
++ * User-space reading the @data_head value should issue an smp_rmb(),
++ * after reading this value.
+ *
+ * When the mapping is PROT_WRITE the @data_tail value should be
+- * written by userspace to reflect the last read data. In this case
+- * the kernel will not over-write unread data.
++ * written by userspace to reflect the last read data, after issueing
++ * an smp_mb() to separate the data read from the ->data_tail store.
++ * In this case the kernel will not over-write unread data.
++ *
++ * See perf_output_put_handle() for the data ordering.
+ */
+ __u64 data_head; /* head in the data section */
+ __u64 data_tail; /* user-space written tail */
+diff --git a/include/linux/random.h b/include/linux/random.h
+index 29e217a..7e77cee 100644
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -58,6 +58,7 @@ extern void add_interrupt_randomness(int irq, int irq_flags);
+ extern void get_random_bytes(void *buf, int nbytes);
+ extern void get_random_bytes_arch(void *buf, int nbytes);
+ void generate_random_uuid(unsigned char uuid_out[16]);
++extern int random_int_secret_init(void);
+
+ #ifndef MODULE
+ extern const struct file_operations random_fops, urandom_fops;
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index efe50af..85180bf 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -737,6 +737,16 @@ static inline int skb_cloned(const struct sk_buff *skb)
+ (atomic_read(&skb_shinfo(skb)->dataref) & SKB_DATAREF_MASK) != 1;
+ }
+
++static inline int skb_unclone(struct sk_buff *skb, gfp_t pri)
++{
++ might_sleep_if(pri & __GFP_WAIT);
++
++ if (skb_cloned(skb))
++ return pskb_expand_head(skb, 0, 0, pri);
++
++ return 0;
++}
++
+ /**
+ * skb_header_cloned - is the header a clone
+ * @skb: buffer to check
+@@ -1157,6 +1167,11 @@ static inline int skb_pagelen(const struct sk_buff *skb)
+ return len + skb_headlen(skb);
+ }
+
++static inline bool skb_has_frags(const struct sk_buff *skb)
++{
++ return skb_shinfo(skb)->nr_frags;
++}
++
+ /**
+ * __skb_fill_page_desc - initialise a paged fragment in an skb
+ * @skb: buffer containing fragment to be initialised
+diff --git a/include/linux/timex.h b/include/linux/timex.h
+index 08e90fb..5fee575 100644
+--- a/include/linux/timex.h
++++ b/include/linux/timex.h
+@@ -173,6 +173,20 @@ struct timex {
+
+ #include <asm/timex.h>
+
++#ifndef random_get_entropy
++/*
++ * The random_get_entropy() function is used by the /dev/random driver
++ * in order to extract entropy via the relative unpredictability of
++ * when an interrupt takes places versus a high speed, fine-grained
++ * timing source or cycle counter. Since it will be occurred on every
++ * single interrupt, it must have a very low cost/overhead.
++ *
++ * By default we use get_cycles() for this purpose, but individual
++ * architectures may override this in their asm/timex.h header file.
++ */
++#define random_get_entropy() get_cycles()
++#endif
++
+ /*
+ * SHIFT_PLL is used as a dampening factor to define how much we
+ * adjust the frequency correction for a given offset in PLL mode.
+diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
+index a7a683e..a8c2ef6 100644
+--- a/include/net/cipso_ipv4.h
++++ b/include/net/cipso_ipv4.h
+@@ -290,6 +290,7 @@ static inline int cipso_v4_validate(const struct sk_buff *skb,
+ unsigned char err_offset = 0;
+ u8 opt_len = opt[1];
+ u8 opt_iter;
++ u8 tag_len;
+
+ if (opt_len < 8) {
+ err_offset = 1;
+@@ -302,11 +303,12 @@ static inline int cipso_v4_validate(const struct sk_buff *skb,
+ }
+
+ for (opt_iter = 6; opt_iter < opt_len;) {
+- if (opt[opt_iter + 1] > (opt_len - opt_iter)) {
++ tag_len = opt[opt_iter + 1];
++ if ((tag_len == 0) || (opt[opt_iter + 1] > (opt_len - opt_iter))) {
+ err_offset = opt_iter + 1;
+ goto out;
+ }
+- opt_iter += opt[opt_iter + 1];
++ opt_iter += tag_len;
+ }
+
+ out:
+diff --git a/include/net/dst.h b/include/net/dst.h
+index 16010d1..86ef78d 100644
+--- a/include/net/dst.h
++++ b/include/net/dst.h
+@@ -459,10 +459,22 @@ static inline struct dst_entry *xfrm_lookup(struct net *net,
+ {
+ return dst_orig;
+ }
++
++static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst)
++{
++ return NULL;
++}
++
+ #else
+ extern struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
+ const struct flowi *fl, struct sock *sk,
+ int flags);
++
++/* skb attached with this dst needs transformation if dst->xfrm is valid */
++static inline struct xfrm_state *dst_xfrm(const struct dst_entry *dst)
++{
++ return dst->xfrm;
++}
+ #endif
+
+ #endif /* _NET_DST_H */
+diff --git a/init/main.c b/init/main.c
+index 5d0eb1d..7474450 100644
+--- a/init/main.c
++++ b/init/main.c
+@@ -68,6 +68,7 @@
+ #include <linux/shmem_fs.h>
+ #include <linux/slab.h>
+ #include <linux/perf_event.h>
++#include <linux/random.h>
+
+ #include <asm/io.h>
+ #include <asm/bugs.h>
+@@ -732,6 +733,7 @@ static void __init do_basic_setup(void)
+ do_ctors();
+ usermodehelper_enable();
+ do_initcalls();
++ random_int_secret_init();
+ }
+
+ static void __init do_pre_smp_initcalls(void)
+diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c
+index 7f3011c..58c3b51 100644
+--- a/kernel/events/ring_buffer.c
++++ b/kernel/events/ring_buffer.c
+@@ -75,10 +75,31 @@ again:
+ goto out;
+
+ /*
+- * Publish the known good head. Rely on the full barrier implied
+- * by atomic_dec_and_test() order the rb->head read and this
+- * write.
++ * Since the mmap() consumer (userspace) can run on a different CPU:
++ *
++ * kernel user
++ *
++ * READ ->data_tail READ ->data_head
++ * smp_mb() (A) smp_rmb() (C)
++ * WRITE $data READ $data
++ * smp_wmb() (B) smp_mb() (D)
++ * STORE ->data_head WRITE ->data_tail
++ *
++ * Where A pairs with D, and B pairs with C.
++ *
++ * I don't think A needs to be a full barrier because we won't in fact
++ * write data until we see the store from userspace. So we simply don't
++ * issue the data WRITE until we observe it. Be conservative for now.
++ *
++ * OTOH, D needs to be a full barrier since it separates the data READ
++ * from the tail WRITE.
++ *
++ * For B a WMB is sufficient since it separates two WRITEs, and for C
++ * an RMB is sufficient since it separates two READs.
++ *
++ * See perf_output_begin().
+ */
++ smp_wmb();
+ rb->user_page->data_head = head;
+
+ /*
+@@ -142,9 +163,11 @@ int perf_output_begin(struct perf_output_handle *handle,
+ * Userspace could choose to issue a mb() before updating the
+ * tail pointer. So that all reads will be completed before the
+ * write is issued.
++ *
++ * See perf_output_put_handle().
+ */
+ tail = ACCESS_ONCE(rb->user_page->data_tail);
+- smp_rmb();
++ smp_mb();
+ offset = head = local_read(&rb->head);
+ head += size;
+ if (unlikely(!perf_output_space(rb, tail, offset, head)))
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
+index ce1067f..c5a12a7 100644
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -534,9 +534,12 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
+ if (isspace(ch)) {
+ parser->buffer[parser->idx] = 0;
+ parser->cont = false;
+- } else {
++ } else if (parser->idx < parser->size - 1) {
+ parser->cont = true;
+ parser->buffer[parser->idx++] = ch;
++ } else {
++ ret = -EINVAL;
++ goto out;
+ }
+
+ *ppos += read;
+diff --git a/lib/scatterlist.c b/lib/scatterlist.c
+index 4ceb05d..2ffcb3c 100644
+--- a/lib/scatterlist.c
++++ b/lib/scatterlist.c
+@@ -419,7 +419,8 @@ void sg_miter_stop(struct sg_mapping_iter *miter)
+ if (miter->addr) {
+ miter->__offset += miter->consumed;
+
+- if (miter->__flags & SG_MITER_TO_SG)
++ if ((miter->__flags & SG_MITER_TO_SG) &&
++ !PageSlab(miter->page))
+ flush_kernel_dcache_page(miter->page);
+
+ if (miter->__flags & SG_MITER_ATOMIC) {
+diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c
+index 235c219..c705612 100644
+--- a/net/8021q/vlan_netlink.c
++++ b/net/8021q/vlan_netlink.c
+@@ -152,7 +152,7 @@ static size_t vlan_get_size(const struct net_device *dev)
+ struct vlan_dev_info *vlan = vlan_dev_info(dev);
+
+ return nla_total_size(2) + /* IFLA_VLAN_ID */
+- sizeof(struct ifla_vlan_flags) + /* IFLA_VLAN_FLAGS */
++ nla_total_size(sizeof(struct ifla_vlan_flags)) + /* IFLA_VLAN_FLAGS */
+ vlan_qos_map_size(vlan->nr_ingress_mappings) +
+ vlan_qos_map_size(vlan->nr_egress_mappings);
+ }
+diff --git a/net/compat.c b/net/compat.c
+index 8c979cc..3139ef2 100644
+--- a/net/compat.c
++++ b/net/compat.c
+@@ -71,6 +71,8 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
+ __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
+ __get_user(kmsg->msg_flags, &umsg->msg_flags))
+ return -EFAULT;
++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
++ return -EINVAL;
+ kmsg->msg_name = compat_ptr(tmp1);
+ kmsg->msg_iov = compat_ptr(tmp2);
+ kmsg->msg_control = compat_ptr(tmp3);
+diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
+index 984ec65..4afcf31 100644
+--- a/net/ipv4/inet_hashtables.c
++++ b/net/ipv4/inet_hashtables.c
+@@ -268,7 +268,7 @@ begintw:
+ }
+ if (unlikely(!INET_TW_MATCH(sk, net, hash, acookie,
+ saddr, daddr, ports, dif))) {
+- sock_put(sk);
++ inet_twsk_put(inet_twsk(sk));
+ goto begintw;
+ }
+ goto out;
+diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
+index daf408e..16191f0 100644
+--- a/net/ipv4/ip_output.c
++++ b/net/ipv4/ip_output.c
+@@ -833,7 +833,7 @@ static int __ip_append_data(struct sock *sk,
+ csummode = CHECKSUM_PARTIAL;
+
+ cork->length += length;
+- if (((length > mtu) || (skb && skb_is_gso(skb))) &&
++ if (((length > mtu) || (skb && skb_has_frags(skb))) &&
+ (sk->sk_protocol == IPPROTO_UDP) &&
+ (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) {
+ err = ip_ufo_append_data(sk, queue, getfrag, from, length,
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c
+index c45a155a3..6768ce2 100644
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -2727,7 +2727,7 @@ static struct rtable *ip_route_output_slow(struct net *net, struct flowi4 *fl4)
+ RT_SCOPE_LINK);
+ goto make_route;
+ }
+- if (fl4->saddr) {
++ if (!fl4->saddr) {
+ if (ipv4_is_multicast(fl4->daddr))
+ fl4->saddr = inet_select_addr(dev_out, 0,
+ fl4->flowi4_scope);
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
+index 872b41d..c1ed01e 100644
+--- a/net/ipv4/tcp_input.c
++++ b/net/ipv4/tcp_input.c
+@@ -1469,7 +1469,10 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb,
+ tp->lost_cnt_hint -= tcp_skb_pcount(prev);
+ }
+
+- TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(prev)->tcp_flags;
++ TCP_SKB_CB(prev)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags;
++ if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
++ TCP_SKB_CB(prev)->end_seq++;
++
+ if (skb == tcp_highest_sack(sk))
+ tcp_advance_highest_sack(sk, skb);
+
+diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
+index 3add486..0d5a118 100644
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -933,6 +933,9 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
+ static void tcp_set_skb_tso_segs(const struct sock *sk, struct sk_buff *skb,
+ unsigned int mss_now)
+ {
++ /* Make sure we own this skb before messing gso_size/gso_segs */
++ WARN_ON_ONCE(skb_cloned(skb));
++
+ if (skb->len <= mss_now || !sk_can_gso(sk) ||
+ skb->ip_summed == CHECKSUM_NONE) {
+ /* Avoid the costly divide in the normal
+@@ -1014,9 +1017,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
+ if (nsize < 0)
+ nsize = 0;
+
+- if (skb_cloned(skb) &&
+- skb_is_nonlinear(skb) &&
+- pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
++ if (skb_unclone(skb, GFP_ATOMIC))
+ return -ENOMEM;
+
+ /* Get a new skb... force flag on. */
+@@ -2129,6 +2130,8 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
+ int oldpcount = tcp_skb_pcount(skb);
+
+ if (unlikely(oldpcount > 1)) {
++ if (skb_unclone(skb, GFP_ATOMIC))
++ return -ENOMEM;
+ tcp_init_tso_segs(sk, skb, cur_mss);
+ tcp_adjust_pcount(sk, skb, oldpcount - tcp_skb_pcount(skb));
+ }
+diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
+index 73f1a00..e38290b 100644
+--- a/net/ipv6/inet6_hashtables.c
++++ b/net/ipv6/inet6_hashtables.c
+@@ -110,7 +110,7 @@ begintw:
+ goto out;
+ }
+ if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) {
+- sock_put(sk);
++ inet_twsk_put(inet_twsk(sk));
+ goto begintw;
+ }
+ goto out;
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index 91d0711..97675bf 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -1342,7 +1342,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
+ skb = skb_peek_tail(&sk->sk_write_queue);
+ cork->length += length;
+ if (((length > mtu) ||
+- (skb && skb_is_gso(skb))) &&
++ (skb && skb_has_frags(skb))) &&
+ (sk->sk_protocol == IPPROTO_UDP) &&
+ (rt->dst.dev->features & NETIF_F_UFO)) {
+ err = ip6_ufo_append_data(sk, getfrag, from, length,
+diff --git a/net/ipv6/route.c b/net/ipv6/route.c
+index 18ea73c..bc9103d 100644
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -791,7 +791,7 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort,
+ }
+
+ static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif,
+- struct flowi6 *fl6, int flags)
++ struct flowi6 *fl6, int flags, bool input)
+ {
+ struct fib6_node *fn;
+ struct rt6_info *rt, *nrt;
+@@ -799,8 +799,11 @@ static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table,
+ int attempts = 3;
+ int err;
+ int reachable = net->ipv6.devconf_all->forwarding ? 0 : RT6_LOOKUP_F_REACHABLE;
++ int local = RTF_NONEXTHOP;
+
+ strict |= flags & RT6_LOOKUP_F_IFACE;
++ if (input)
++ local |= RTF_LOCAL;
+
+ relookup:
+ read_lock_bh(&table->tb6_lock);
+@@ -820,7 +823,7 @@ restart:
+ read_unlock_bh(&table->tb6_lock);
+
+ if (!dst_get_neighbour_raw(&rt->dst)
+- && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL)))
++ && !(rt->rt6i_flags & local))
+ nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr);
+ else if (!(rt->dst.flags & DST_HOST))
+ nrt = rt6_alloc_clone(rt, &fl6->daddr);
+@@ -864,7 +867,7 @@ out2:
+ static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table,
+ struct flowi6 *fl6, int flags)
+ {
+- return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags);
++ return ip6_pol_route(net, table, fl6->flowi6_iif, fl6, flags, true);
+ }
+
+ void ip6_route_input(struct sk_buff *skb)
+@@ -890,7 +893,7 @@ void ip6_route_input(struct sk_buff *skb)
+ static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table,
+ struct flowi6 *fl6, int flags)
+ {
+- return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags);
++ return ip6_pol_route(net, table, fl6->flowi6_oif, fl6, flags, false);
+ }
+
+ struct dst_entry * ip6_route_output(struct net *net, const struct sock *sk,
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
+index e579006..8570079 100644
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -357,7 +357,9 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
+ goto error_put_sess_tun;
+ }
+
++ local_bh_disable();
+ l2tp_xmit_skb(session, skb, session->hdr_len);
++ local_bh_enable();
+
+ sock_put(ps->tunnel_sock);
+ sock_put(sk);
+@@ -432,7 +434,9 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
+ skb->data[0] = ppph[0];
+ skb->data[1] = ppph[1];
+
++ local_bh_disable();
+ l2tp_xmit_skb(session, skb, session->hdr_len);
++ local_bh_enable();
+
+ sock_put(sk_tun);
+ sock_put(sk);
+diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
+index 73495f1..a9cf593 100644
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -708,6 +708,8 @@ struct tpt_led_trigger {
+ * that the scan completed.
+ * @SCAN_ABORTED: Set for our scan work function when the driver reported
+ * a scan complete for an aborted scan.
++ * @SCAN_HW_CANCELLED: Set for our scan work function when the scan is being
++ * cancelled.
+ */
+ enum {
+ SCAN_SW_SCANNING,
+@@ -715,6 +717,7 @@ enum {
+ SCAN_OFF_CHANNEL,
+ SCAN_COMPLETED,
+ SCAN_ABORTED,
++ SCAN_HW_CANCELLED,
+ };
+
+ /**
+diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
+index 7d882fc..db01d02 100644
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -2780,6 +2780,9 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
+ case NL80211_IFTYPE_ADHOC:
+ if (!bssid)
+ return 0;
++ if (compare_ether_addr(sdata->vif.addr, hdr->addr2) == 0 ||
++ compare_ether_addr(sdata->u.ibss.bssid, hdr->addr2) == 0)
++ return 0;
+ if (ieee80211_is_beacon(hdr->frame_control)) {
+ return 1;
+ }
+diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
+index 5279300..0aeea49 100644
+--- a/net/mac80211/scan.c
++++ b/net/mac80211/scan.c
+@@ -224,6 +224,9 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
+ enum ieee80211_band band;
+ int i, ielen, n_chans;
+
++ if (test_bit(SCAN_HW_CANCELLED, &local->scanning))
++ return false;
++
+ do {
+ if (local->hw_scan_band == IEEE80211_NUM_BANDS)
+ return false;
+@@ -815,7 +818,23 @@ void ieee80211_scan_cancel(struct ieee80211_local *local)
+ if (!local->scan_req)
+ goto out;
+
++ /*
++ * We have a scan running and the driver already reported completion,
++ * but the worker hasn't run yet or is stuck on the mutex - mark it as
++ * cancelled.
++ */
++ if (test_bit(SCAN_HW_SCANNING, &local->scanning) &&
++ test_bit(SCAN_COMPLETED, &local->scanning)) {
++ set_bit(SCAN_HW_CANCELLED, &local->scanning);
++ goto out;
++ }
++
+ if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
++ /*
++ * Make sure that __ieee80211_scan_completed doesn't trigger a
++ * scan on another band.
++ */
++ set_bit(SCAN_HW_CANCELLED, &local->scanning);
+ if (local->ops->cancel_hw_scan)
+ drv_cancel_hw_scan(local, local->scan_sdata);
+ goto out;
+diff --git a/net/mac80211/status.c b/net/mac80211/status.c
+index 67df50e..1a49354 100644
+--- a/net/mac80211/status.c
++++ b/net/mac80211/status.c
+@@ -181,6 +181,9 @@ static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb)
+ struct ieee80211_local *local = sta->local;
+ struct ieee80211_sub_if_data *sdata = sta->sdata;
+
++ if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
++ sta->last_rx = jiffies;
++
+ if (ieee80211_is_data_qos(mgmt->frame_control)) {
+ struct ieee80211_hdr *hdr = (void *) skb->data;
+ u8 *qc = ieee80211_get_qos_ctl(hdr);
+diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
+index 93faf6a..4a8c55b 100644
+--- a/net/netfilter/nf_conntrack_sip.c
++++ b/net/netfilter/nf_conntrack_sip.c
+@@ -1468,7 +1468,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
+
+ msglen = origlen = end - dptr;
+ if (msglen > datalen)
+- return NF_DROP;
++ return NF_ACCEPT;
+
+ ret = process_sip_msg(skb, ct, dataoff, &dptr, &msglen);
+ if (ret != NF_ACCEPT)
+diff --git a/net/sctp/output.c b/net/sctp/output.c
+index 32ba8d0..cf3e22c 100644
+--- a/net/sctp/output.c
++++ b/net/sctp/output.c
+@@ -518,7 +518,8 @@ int sctp_packet_transmit(struct sctp_packet *packet)
+ * by CRC32-C as described in <draft-ietf-tsvwg-sctpcsum-02.txt>.
+ */
+ if (!sctp_checksum_disable) {
+- if (!(dst->dev->features & NETIF_F_SCTP_CSUM)) {
++ if (!(dst->dev->features & NETIF_F_SCTP_CSUM) ||
++ (dst_xfrm(dst) != NULL) || packet->ipfragok) {
+ __u32 crc32 = sctp_start_cksum((__u8 *)sh, cksum_buf_len);
+
+ /* 3) Put the resultant value into the checksum field in the
+diff --git a/net/socket.c b/net/socket.c
+index cf546a3..bf7adaa 100644
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -1876,6 +1876,16 @@ struct used_address {
+ unsigned int name_len;
+ };
+
++static int copy_msghdr_from_user(struct msghdr *kmsg,
++ struct msghdr __user *umsg)
++{
++ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
++ return -EFAULT;
++ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
++ return -EINVAL;
++ return 0;
++}
++
+ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+ struct msghdr *msg_sys, unsigned flags,
+ struct used_address *used_address)
+@@ -1894,8 +1904,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+ if (MSG_CMSG_COMPAT & flags) {
+ if (get_compat_msghdr(msg_sys, msg_compat))
+ return -EFAULT;
+- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
+- return -EFAULT;
++ } else {
++ err = copy_msghdr_from_user(msg_sys, msg);
++ if (err)
++ return err;
++ }
+
+ /* do not move before msg_sys is valid */
+ err = -EMSGSIZE;
+@@ -2110,8 +2123,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+ if (MSG_CMSG_COMPAT & flags) {
+ if (get_compat_msghdr(msg_sys, msg_compat))
+ return -EFAULT;
+- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
+- return -EFAULT;
++ } else {
++ err = copy_msghdr_from_user(msg_sys, msg);
++ if (err)
++ return err;
++ }
+
+ err = -EMSGSIZE;
+ if (msg_sys->msg_iovlen > UIO_MAXIOV)
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
+index 5611563..5122b22 100644
+--- a/net/unix/af_unix.c
++++ b/net/unix/af_unix.c
+@@ -1236,6 +1236,15 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
+ return 0;
+ }
+
++static void unix_sock_inherit_flags(const struct socket *old,
++ struct socket *new)
++{
++ if (test_bit(SOCK_PASSCRED, &old->flags))
++ set_bit(SOCK_PASSCRED, &new->flags);
++ if (test_bit(SOCK_PASSSEC, &old->flags))
++ set_bit(SOCK_PASSSEC, &new->flags);
++}
++
+ static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
+ {
+ struct sock *sk = sock->sk;
+@@ -1270,6 +1279,7 @@ static int unix_accept(struct socket *sock, struct socket *newsock, int flags)
+ /* attach accepted sock to socket */
+ unix_state_lock(tsk);
+ newsock->state = SS_CONNECTED;
++ unix_sock_inherit_flags(sock, newsock);
+ sock_graft(tsk, newsock);
+ unix_state_unlock(tsk);
+ return 0;
+diff --git a/net/wireless/radiotap.c b/net/wireless/radiotap.c
+index c4ad795..617a310 100644
+--- a/net/wireless/radiotap.c
++++ b/net/wireless/radiotap.c
+@@ -95,6 +95,10 @@ int ieee80211_radiotap_iterator_init(
+ struct ieee80211_radiotap_header *radiotap_header,
+ int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns)
+ {
++ /* check the radiotap header can actually be present */
++ if (max_length < sizeof(struct ieee80211_radiotap_header))
++ return -EINVAL;
++
+ /* Linux only supports version 0 radiotap format */
+ if (radiotap_header->it_version)
+ return -EINVAL;
+@@ -129,7 +133,8 @@ int ieee80211_radiotap_iterator_init(
+ */
+
+ if ((unsigned long)iterator->_arg -
+- (unsigned long)iterator->_rtheader >
++ (unsigned long)iterator->_rtheader +
++ sizeof(uint32_t) >
+ (unsigned long)iterator->_max_length)
+ return -EINVAL;
+ }
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
+index 1b43fde..92c913d 100644
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -5798,6 +5798,8 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x1025, 0x031c, "Gateway NV79", ALC662_FIXUP_SKU_IGNORE),
+ SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE),
+ SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800),
++ SND_PCI_QUIRK(0x1043, 0x1477, "ASUS N56VZ", ALC662_FIXUP_ASUS_MODE4),
++ SND_PCI_QUIRK(0x1043, 0x1bf3, "ASUS N76VZ", ALC662_FIXUP_ASUS_MODE4),
+ SND_PCI_QUIRK(0x1043, 0x8469, "ASUS mobo", ALC662_FIXUP_NO_JACK_DETECT),
+ SND_PCI_QUIRK(0x105b, 0x0cd6, "Foxconn", ALC662_FIXUP_ASUS_MODE2),
+ SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD),
+diff --git a/sound/soc/codecs/wm_hubs.c b/sound/soc/codecs/wm_hubs.c
+index 3642e06..e44c0e3 100644
+--- a/sound/soc/codecs/wm_hubs.c
++++ b/sound/soc/codecs/wm_hubs.c
+@@ -414,6 +414,7 @@ static int hp_supply_event(struct snd_soc_dapm_widget *w,
+ hubs->hp_startup_mode);
+ break;
+ }
++ break;
+
+ case SND_SOC_DAPM_PRE_PMD:
+ snd_soc_update_bits(codec, WM8993_CHARGE_PUMP_1,
+diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
+index b516488..1d83a40 100644
+--- a/sound/soc/soc-dapm.c
++++ b/sound/soc/soc-dapm.c
+@@ -1523,7 +1523,7 @@ static ssize_t dapm_widget_power_read_file(struct file *file,
+ w->active ? "active" : "inactive");
+
+ list_for_each_entry(p, &w->sources, list_sink) {
+- if (p->connected && !p->connected(w, p->sink))
++ if (p->connected && !p->connected(w, p->source))
+ continue;
+
+ if (p->connect)
+diff --git a/sound/usb/usx2y/usbusx2yaudio.c b/sound/usb/usx2y/usbusx2yaudio.c
+index d5724d8..1226631 100644
+--- a/sound/usb/usx2y/usbusx2yaudio.c
++++ b/sound/usb/usx2y/usbusx2yaudio.c
+@@ -299,19 +299,6 @@ static void usX2Y_error_urb_status(struct usX2Ydev *usX2Y,
+ usX2Y_clients_stop(usX2Y);
+ }
+
+-static void usX2Y_error_sequence(struct usX2Ydev *usX2Y,
+- struct snd_usX2Y_substream *subs, struct urb *urb)
+-{
+- snd_printk(KERN_ERR
+-"Sequence Error!(hcd_frame=%i ep=%i%s;wait=%i,frame=%i).\n"
+-"Most propably some urb of usb-frame %i is still missing.\n"
+-"Cause could be too long delays in usb-hcd interrupt handling.\n",
+- usb_get_current_frame_number(usX2Y->dev),
+- subs->endpoint, usb_pipein(urb->pipe) ? "in" : "out",
+- usX2Y->wait_iso_frame, urb->start_frame, usX2Y->wait_iso_frame);
+- usX2Y_clients_stop(usX2Y);
+-}
+-
+ static void i_usX2Y_urb_complete(struct urb *urb)
+ {
+ struct snd_usX2Y_substream *subs = urb->context;
+@@ -328,12 +315,9 @@ static void i_usX2Y_urb_complete(struct urb *urb)
+ usX2Y_error_urb_status(usX2Y, subs, urb);
+ return;
+ }
+- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF)))
+- subs->completed_urb = urb;
+- else {
+- usX2Y_error_sequence(usX2Y, subs, urb);
+- return;
+- }
++
++ subs->completed_urb = urb;
++
+ {
+ struct snd_usX2Y_substream *capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE],
+ *playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK];
+diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c
+index a51340f..83a8b8d 100644
+--- a/sound/usb/usx2y/usx2yhwdeppcm.c
++++ b/sound/usb/usx2y/usx2yhwdeppcm.c
+@@ -244,13 +244,8 @@ static void i_usX2Y_usbpcm_urb_complete(struct urb *urb)
+ usX2Y_error_urb_status(usX2Y, subs, urb);
+ return;
+ }
+- if (likely((urb->start_frame & 0xFFFF) == (usX2Y->wait_iso_frame & 0xFFFF)))
+- subs->completed_urb = urb;
+- else {
+- usX2Y_error_sequence(usX2Y, subs, urb);
+- return;
+- }
+
++ subs->completed_urb = urb;
+ capsubs = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE];
+ capsubs2 = usX2Y->subs[SNDRV_PCM_STREAM_CAPTURE + 2];
+ playbacksubs = usX2Y->subs[SNDRV_PCM_STREAM_PLAYBACK];
+diff --git a/tools/perf/builtin-sched.c b/tools/perf/builtin-sched.c
+index 5177964..714fc35 100644
+--- a/tools/perf/builtin-sched.c
++++ b/tools/perf/builtin-sched.c
+@@ -14,6 +14,7 @@
+ #include "util/debug.h"
+
+ #include <sys/prctl.h>
++#include <sys/resource.h>
+
+ #include <semaphore.h>
+ #include <pthread.h>
diff --git a/3.2.52/4420_grsecurity-3.0-3.2.52-201311261520.patch b/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch
index bb4bd2e..15444aa 100644
--- a/3.2.52/4420_grsecurity-3.0-3.2.52-201311261520.patch
+++ b/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch
@@ -270,7 +270,7 @@ index 88fd7f5..b318a78 100644
==============================================================
diff --git a/Makefile b/Makefile
-index 1dd2c09..6f850c4 100644
+index 90f57dc..1082409 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -4742,7 +4742,7 @@ index 7ea75d1..5075226 100644
return addr;
}
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
-index f19e660..414fe24 100644
+index cd8b02f..543008b 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
@@ -733,9 +733,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
@@ -9496,23 +9496,6 @@ index 0032f92..cd151e0 100644
#ifdef CONFIG_64BIT
#define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
-diff --git a/arch/um/kernel/exitcode.c b/arch/um/kernel/exitcode.c
-index 829df49..41ebbfe 100644
---- a/arch/um/kernel/exitcode.c
-+++ b/arch/um/kernel/exitcode.c
-@@ -40,9 +40,11 @@ static ssize_t exitcode_proc_write(struct file *file,
- const char __user *buffer, size_t count, loff_t *pos)
- {
- char *end, buf[sizeof("nnnnn\0")];
-+ size_t size;
- int tmp;
-
-- if (copy_from_user(buf, buffer, count))
-+ size = min(count, sizeof(buf));
-+ if (copy_from_user(buf, buffer, size))
- return -EFAULT;
-
- tmp = simple_strtol(buf, &end, 0);
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
index c533835..84db18e 100644
--- a/arch/um/kernel/process.c
@@ -12187,7 +12170,7 @@ index 30d737e..9830a9b 100644
static inline void __user *compat_ptr(compat_uptr_t uptr)
{
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index 0c3b775..8cadbc6 100644
+index a315f1c..540df6a 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -197,8 +197,9 @@
@@ -33707,7 +33690,7 @@ index da3cfee..a5a6606 100644
*ppos = i;
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index b651733..788c4ba 100644
+index c244f0e..255f226 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -269,8 +269,13 @@
@@ -33984,184 +33967,6 @@ index c68b8ad..ef7a702 100644
}
static ssize_t port_fops_write(struct file *filp, const char __user *ubuf,
-diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
-index 46bbf43..9954dff 100644
---- a/drivers/connector/cn_proc.c
-+++ b/drivers/connector/cn_proc.c
-@@ -62,8 +62,9 @@ void proc_fork_connector(struct task_struct *task)
- if (atomic_read(&proc_event_num_listeners) < 1)
- return;
-
-- msg = (struct cn_msg*)buffer;
-- ev = (struct proc_event*)msg->data;
-+ msg = (struct cn_msg *)buffer;
-+ ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- get_seq(&msg->seq, &ev->cpu);
- ktime_get_ts(&ts); /* get high res monotonic timestamp */
- put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
-@@ -79,6 +80,7 @@ void proc_fork_connector(struct task_struct *task)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = 0; /* not used */
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- /* If cn_netlink_send() failed, the data is not sent */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-@@ -93,8 +95,9 @@ void proc_exec_connector(struct task_struct *task)
- if (atomic_read(&proc_event_num_listeners) < 1)
- return;
-
-- msg = (struct cn_msg*)buffer;
-- ev = (struct proc_event*)msg->data;
-+ msg = (struct cn_msg *)buffer;
-+ ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- get_seq(&msg->seq, &ev->cpu);
- ktime_get_ts(&ts); /* get high res monotonic timestamp */
- put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
-@@ -105,6 +108,7 @@ void proc_exec_connector(struct task_struct *task)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = 0; /* not used */
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-
-@@ -119,8 +123,9 @@ void proc_id_connector(struct task_struct *task, int which_id)
- if (atomic_read(&proc_event_num_listeners) < 1)
- return;
-
-- msg = (struct cn_msg*)buffer;
-- ev = (struct proc_event*)msg->data;
-+ msg = (struct cn_msg *)buffer;
-+ ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- ev->what = which_id;
- ev->event_data.id.process_pid = task->pid;
- ev->event_data.id.process_tgid = task->tgid;
-@@ -144,6 +149,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = 0; /* not used */
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-
-@@ -159,6 +165,7 @@ void proc_sid_connector(struct task_struct *task)
-
- msg = (struct cn_msg *)buffer;
- ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- get_seq(&msg->seq, &ev->cpu);
- ktime_get_ts(&ts); /* get high res monotonic timestamp */
- put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
-@@ -169,6 +176,7 @@ void proc_sid_connector(struct task_struct *task)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = 0; /* not used */
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-
-@@ -184,6 +192,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
-
- msg = (struct cn_msg *)buffer;
- ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- get_seq(&msg->seq, &ev->cpu);
- ktime_get_ts(&ts); /* get high res monotonic timestamp */
- put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
-@@ -202,6 +211,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = 0; /* not used */
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-
-@@ -217,6 +227,7 @@ void proc_comm_connector(struct task_struct *task)
-
- msg = (struct cn_msg *)buffer;
- ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- get_seq(&msg->seq, &ev->cpu);
- ktime_get_ts(&ts); /* get high res monotonic timestamp */
- put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
-@@ -228,6 +239,7 @@ void proc_comm_connector(struct task_struct *task)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = 0; /* not used */
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-
-@@ -241,8 +253,9 @@ void proc_exit_connector(struct task_struct *task)
- if (atomic_read(&proc_event_num_listeners) < 1)
- return;
-
-- msg = (struct cn_msg*)buffer;
-- ev = (struct proc_event*)msg->data;
-+ msg = (struct cn_msg *)buffer;
-+ ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- get_seq(&msg->seq, &ev->cpu);
- ktime_get_ts(&ts); /* get high res monotonic timestamp */
- put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
-@@ -255,6 +268,7 @@ void proc_exit_connector(struct task_struct *task)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = 0; /* not used */
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-
-@@ -276,8 +290,9 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
- if (atomic_read(&proc_event_num_listeners) < 1)
- return;
-
-- msg = (struct cn_msg*)buffer;
-- ev = (struct proc_event*)msg->data;
-+ msg = (struct cn_msg *)buffer;
-+ ev = (struct proc_event *)msg->data;
-+ memset(&ev->event_data, 0, sizeof(ev->event_data));
- msg->seq = rcvd_seq;
- ktime_get_ts(&ts); /* get high res monotonic timestamp */
- put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
-@@ -287,6 +302,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
- memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
- msg->ack = rcvd_ack + 1;
- msg->len = sizeof(*ev);
-+ msg->flags = 0; /* not used */
- cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
- }
-
-diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
-index dde6a0f..ea6efe8 100644
---- a/drivers/connector/connector.c
-+++ b/drivers/connector/connector.c
-@@ -157,17 +157,18 @@ static int cn_call_callback(struct sk_buff *skb)
- static void cn_rx_skb(struct sk_buff *__skb)
- {
- struct nlmsghdr *nlh;
-- int err;
- struct sk_buff *skb;
-+ int len, err;
-
- skb = skb_get(__skb);
-
- if (skb->len >= NLMSG_SPACE(0)) {
- nlh = nlmsg_hdr(skb);
-+ len = nlmsg_len(nlh);
-
-- if (nlh->nlmsg_len < sizeof(struct cn_msg) ||
-+ if (len < (int)sizeof(struct cn_msg) ||
- skb->len < nlh->nlmsg_len ||
-- nlh->nlmsg_len > CONNECTOR_MAX_MSG_SIZE) {
-+ len > CONNECTOR_MAX_MSG_SIZE) {
- kfree_skb(skb);
- return;
- }
diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
index 56c6c6b..99056e6 100644
--- a/drivers/cpufreq/acpi-cpufreq.c
@@ -35077,7 +34882,7 @@ index 11788f7..cd469eb 100644
dev = crtc->dev;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index 40c187c..59da444 100644
+index acfe567..6fd273c1 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -308,7 +308,7 @@ module_exit(drm_core_exit);
@@ -36044,7 +35849,7 @@ index a9e33ce..09edd4b 100644
#endif
diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
-index a68057a..f3e26dd 100644
+index 5efba47..aaaf339 100644
--- a/drivers/gpu/drm/radeon/evergreen.c
+++ b/drivers/gpu/drm/radeon/evergreen.c
@@ -3094,7 +3094,9 @@ static int evergreen_startup(struct radeon_device *rdev)
@@ -36897,10 +36702,10 @@ index 66f6729..4de8c4a 100644
int res = 0;
diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
-index 30cac58..f6406b3 100644
+index 0b86d47..8066c3f 100644
--- a/drivers/hwmon/applesmc.c
+++ b/drivers/hwmon/applesmc.c
-@@ -1069,7 +1069,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
+@@ -1082,7 +1082,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
{
struct applesmc_node_group *grp;
struct applesmc_dev_attr *node;
@@ -41980,30 +41785,6 @@ index e662cbc..8d4a102 100644
return -EINVAL;
}
-diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c
-index ebb9f24..7a4c491 100644
---- a/drivers/net/wan/farsync.c
-+++ b/drivers/net/wan/farsync.c
-@@ -1972,6 +1972,7 @@ fst_get_iface(struct fst_card_info *card, struct fst_port_info *port,
- }
-
- i = port->index;
-+ memset(&sync, 0, sizeof(sync));
- sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed);
- /* Lucky card and linux use same encoding here */
- sync.clock_type = FST_RDB(card, portConfig[i].internalClock) ==
-diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c
-index 44b7071..c643d77 100644
---- a/drivers/net/wan/wanxl.c
-+++ b/drivers/net/wan/wanxl.c
-@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
- ifr->ifr_settings.size = size; /* data size wanted */
- return -ENOBUFS;
- }
-+ memset(&line, 0, sizeof(line));
- line.clock_type = get_status(port)->clocking;
- line.clock_rate = 0;
- line.loopback = 0;
diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c
index ac1176a..79e93d4 100644
--- a/drivers/net/wireless/airo.c
@@ -43496,7 +43277,7 @@ index 2836538..30edf9d 100644
ret = sysfs_create_bin_file(&pdev->dev.kobj, &m48t59_nvram_attr);
if (ret) {
diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
-index 705e13e..46f4afb 100644
+index 2e658d2..46f4afb 100644
--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -93,7 +93,7 @@ static DECLARE_PCI_DEVICE_TABLE(aac_pci_tbl) = {
@@ -43508,15 +43289,6 @@ index 705e13e..46f4afb 100644
#endif
{ 0x1028, 0x0001, 0x1028, 0x0001, 0, 0, 0 }, /* PERC 2/Si (Iguana/PERC2Si) */
{ 0x1028, 0x0002, 0x1028, 0x0002, 0, 0, 1 }, /* PERC 3/Di (Opal/PERC3Di) */
-@@ -771,6 +771,8 @@ static long aac_compat_do_ioctl(struct aac_dev *dev, unsigned cmd, unsigned long
- static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user *arg)
- {
- struct aac_dev *dev = (struct aac_dev *)sdev->host->hostdata;
-+ if (!capable(CAP_SYS_RAWIO))
-+ return -EPERM;
- return aac_compat_do_ioctl(dev, cmd, (unsigned long)arg);
- }
-
diff --git a/drivers/scsi/aic7xxx/aic79xx_pci.c b/drivers/scsi/aic7xxx/aic79xx_pci.c
index 14b5f8d..cc9bd26 100644
--- a/drivers/scsi/aic7xxx/aic79xx_pci.c
@@ -44557,18 +44329,6 @@ index b2ccdea..84cde75 100644
static u8 *buf;
-diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c
-index 2fa658e..391b768 100644
---- a/drivers/staging/bcm/Bcmchar.c
-+++ b/drivers/staging/bcm/Bcmchar.c
-@@ -1932,6 +1932,7 @@ cntrlEnd:
-
- BCM_DEBUG_PRINT(Adapter, DBG_TYPE_OTHERS, OSAL_DBG, DBG_LVL_ALL, "Called IOCTL_BCM_GET_DEVICE_DRIVER_INFO\n");
-
-+ memset(&DevInfo, 0, sizeof(DevInfo));
- DevInfo.MaxRDMBufferSize = BUFFER_4K;
- DevInfo.u32DSDStartOffset = EEPROM_CALPARAM_START;
- DevInfo.u32RxAlignmentCorrection = 0;
diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/power.c
index 436fe97..4082570 100644
--- a/drivers/staging/gma500/power.c
@@ -44931,59 +44691,6 @@ index df8ea25..47dd9c6 100644
pDevice->apdev->netdev_ops = &apdev_netdev_ops;
pDevice->apdev->type = ARPHRD_IEEE80211;
-diff --git a/drivers/staging/wlags49_h2/wl_priv.c b/drivers/staging/wlags49_h2/wl_priv.c
-index 260d4f0..ed836c2 100644
---- a/drivers/staging/wlags49_h2/wl_priv.c
-+++ b/drivers/staging/wlags49_h2/wl_priv.c
-@@ -570,6 +570,7 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp )
- ltv_t *pLtv;
- bool_t ltvAllocated = FALSE;
- ENCSTRCT sEncryption;
-+ size_t len;
-
- #ifdef USE_WDS
- hcf_16 hcfPort = HCF_PORT_0;
-@@ -685,9 +686,10 @@ int wvlan_uil_put_info( struct uilreq *urq, struct wl_private *lp )
- pLtv->u.u16[0] = CNV_INT_TO_LITTLE( pLtv->u.u16[0] );
- break;
- case CFG_CNF_OWN_NAME:
-- memset( lp->StationName, 0, sizeof( lp->StationName ));
-- memcpy( (void *)lp->StationName, (void *)&pLtv->u.u8[2], (size_t)pLtv->u.u16[0]);
-- pLtv->u.u16[0] = CNV_INT_TO_LITTLE( pLtv->u.u16[0] );
-+ memset(lp->StationName, 0, sizeof(lp->StationName));
-+ len = min_t(size_t, pLtv->u.u16[0], sizeof(lp->StationName));
-+ strlcpy(lp->StationName, &pLtv->u.u8[2], len);
-+ pLtv->u.u16[0] = CNV_INT_TO_LITTLE(pLtv->u.u16[0]);
- break;
- case CFG_CNF_LOAD_BALANCING:
- lp->loadBalancing = pLtv->u.u16[0];
-@@ -1798,9 +1800,10 @@ int wvlan_set_station_nickname(struct net_device *dev,
- union iwreq_data *wrqu,
- char *extra)
- {
-- struct wl_private *lp = wl_priv(dev);
-- unsigned long flags;
-- int ret = 0;
-+ struct wl_private *lp = wl_priv(dev);
-+ unsigned long flags;
-+ size_t len;
-+ int ret = 0;
- /*------------------------------------------------------------------------*/
-
-
-@@ -1809,9 +1812,9 @@ int wvlan_set_station_nickname(struct net_device *dev,
-
- wl_lock(lp, &flags);
-
-- memset( lp->StationName, 0, sizeof( lp->StationName ));
--
-- memcpy( lp->StationName, extra, wrqu->data.length);
-+ memset(lp->StationName, 0, sizeof(lp->StationName));
-+ len = min_t(size_t, wrqu->data.length, sizeof(lp->StationName));
-+ strlcpy(lp->StationName, extra, len);
-
- /* Commit the adapter parameters */
- wl_apply( lp );
diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c
index 1ca66ea..76f1343 100644
--- a/drivers/staging/zcache/tmem.c
@@ -45849,7 +45556,7 @@ index 65447c5..0526f0a 100644
ret = -EPERM;
goto reterr;
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index a783d53..45f96c9 100644
+index af57648..2b62a69 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -25,6 +25,7 @@
@@ -45949,36 +45656,7 @@ index a783d53..45f96c9 100644
}
static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
-@@ -650,16 +655,27 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
- {
- struct uio_device *idev = vma->vm_private_data;
- int mi = uio_find_mem_index(vma);
-+ struct uio_mem *mem;
- if (mi < 0)
- return -EINVAL;
-+ mem = idev->info->mem + mi;
-
- vma->vm_flags |= VM_IO | VM_RESERVED;
-
- vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
-
-+ /*
-+ * We cannot use the vm_iomap_memory() helper here,
-+ * because vma->vm_pgoff is the map index we looked
-+ * up above in uio_find_mem_index(), rather than an
-+ * actual page offset into the mmap.
-+ *
-+ * So we just do the physical mmap without a page
-+ * offset.
-+ */
- return remap_pfn_range(vma,
- vma->vm_start,
-- idev->info->mem[mi].addr >> PAGE_SHIFT,
-+ mem->addr >> PAGE_SHIFT,
- vma->vm_end - vma->vm_start,
- vma->vm_page_prot);
- }
-@@ -821,7 +837,7 @@ int __uio_register_device(struct module *owner,
+@@ -833,7 +838,7 @@ int __uio_register_device(struct module *owner,
idev->owner = owner;
idev->info = info;
init_waitqueue_head(&idev->wait);
@@ -46490,95 +46168,6 @@ index 46f72ed..107788d 100644
return 0;
}
-diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
-index 649cb35..1be8b5d 100644
---- a/drivers/video/au1100fb.c
-+++ b/drivers/video/au1100fb.c
-@@ -387,39 +387,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
- int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
- {
- struct au1100fb_device *fbdev;
-- unsigned int len;
-- unsigned long start=0, off;
-
- fbdev = to_au1100fb_device(fbi);
-
-- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
-- return -EINVAL;
-- }
--
-- start = fbdev->fb_phys & PAGE_MASK;
-- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
--
-- off = vma->vm_pgoff << PAGE_SHIFT;
--
-- if ((vma->vm_end - vma->vm_start + off) > len) {
-- return -EINVAL;
-- }
--
-- off += start;
-- vma->vm_pgoff = off >> PAGE_SHIFT;
--
- vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
- pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
-
-- vma->vm_flags |= VM_IO;
--
-- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
-- vma->vm_end - vma->vm_start,
-- vma->vm_page_prot)) {
-- return -EAGAIN;
-- }
--
-- return 0;
-+ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
- }
-
- static struct fb_ops au1100fb_ops =
-diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
-index 7200559..5bd7d88 100644
---- a/drivers/video/au1200fb.c
-+++ b/drivers/video/au1200fb.c
-@@ -1216,38 +1216,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
- * method mainly to allow the use of the TLB streaming flag (CCA=6)
- */
- static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
--
- {
-- unsigned int len;
-- unsigned long start=0, off;
- struct au1200fb_device *fbdev = info->par;
-
-- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
-- return -EINVAL;
-- }
--
-- start = fbdev->fb_phys & PAGE_MASK;
-- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
--
-- off = vma->vm_pgoff << PAGE_SHIFT;
--
-- if ((vma->vm_end - vma->vm_start + off) > len) {
-- return -EINVAL;
-- }
--
-- off += start;
-- vma->vm_pgoff = off >> PAGE_SHIFT;
--
- vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
- pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
-
-- vma->vm_flags |= VM_IO;
--
-- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
-- vma->vm_end - vma->vm_start,
-- vma->vm_page_prot);
--
-- return 0;
-+ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
- }
-
- static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c
index 7363c1b..b69ad66 100644
--- a/drivers/video/backlight/backlight.c
@@ -49625,7 +49214,7 @@ index 28b1c6c..b9939d9 100644
FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA;
break;
diff --git a/drivers/video/smscufx.c b/drivers/video/smscufx.c
-index dd9533a..aff3199 100644
+index dd9533a..aff3199e 100644
--- a/drivers/video/smscufx.c
+++ b/drivers/video/smscufx.c
@@ -1172,7 +1172,9 @@ static int ufx_ops_release(struct fb_info *info, int user)
@@ -52514,31 +52103,28 @@ index a9be90d..3cf866c 100644
/* Free the char* */
kfree(buf);
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
-index ac1ad48..d80e1db 100644
+index 5ce56e7..d80e1db 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
-@@ -1151,8 +1151,8 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
- struct ecryptfs_msg_ctx *msg_ctx;
+@@ -1152,7 +1152,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
struct ecryptfs_message *msg = NULL;
char *auth_tok_sig;
-- char *payload;
+ char *payload = NULL;
- size_t payload_len;
-+ char *payload = NULL;
+ size_t payload_len = 0;
int rc;
rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok);
-@@ -1204,8 +1204,8 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
+@@ -1204,8 +1204,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
crypt_stat->key_size);
}
out:
- if (msg)
- kfree(msg);
+ kfree(msg);
-+ kfree(payload);
+ kfree(payload);
return rc;
}
-
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index 94afdfd..bdb8854 100644
--- a/fs/ecryptfs/main.c
@@ -53783,7 +53369,7 @@ index 2845a1f..f29de63 100644
if (free_clusters >= (nclusters + dirty_clusters))
return 1;
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 60b6ca5..bfa15a7 100644
+index 22c71b9..ba28a7d 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1206,19 +1206,19 @@ struct ext4_sb_info {
@@ -54019,7 +53605,7 @@ index 84f84bf..a8770cd 100644
static int __init ext4_init_feat_adverts(void)
{
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
-index d5498b2..14a9eca 100644
+index b4e9f3f..14a9eca 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -328,7 +328,7 @@ static int
@@ -54043,15 +53629,6 @@ index d5498b2..14a9eca 100644
}
static int
-@@ -1269,6 +1270,8 @@ retry:
- s_min_extra_isize) {
- tried_min_extra_isize++;
- new_extra_isize = s_min_extra_isize;
-+ kfree(is); is = NULL;
-+ kfree(bs); bs = NULL;
- goto retry;
- }
- error = -1;
diff --git a/fs/fat/namei_msdos.c b/fs/fat/namei_msdos.c
index 216b419..350a088 100644
--- a/fs/fat/namei_msdos.c
@@ -57061,10 +56638,10 @@ index c45a2ea..1a6bd66 100644
#ifdef CONFIG_PROC_FS
static int create_proc_exports_entry(void)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index 561a3dc..9c46c5e 100644
+index 61b697e..eb6503c 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
-@@ -915,7 +915,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -923,7 +923,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
@@ -57073,7 +56650,7 @@ index 561a3dc..9c46c5e 100644
set_fs(oldfs);
}
-@@ -1019,7 +1019,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -1027,7 +1027,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -57082,7 +56659,7 @@ index 561a3dc..9c46c5e 100644
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
-@@ -1560,7 +1560,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
+@@ -1568,7 +1568,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
*/
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -72260,11 +71837,11 @@ index d42bd48..554dcd5 100644
/*
* epoll (fs/eventpoll.c) compat bits follow ...
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index dfadc96..23c5182 100644
+index 643d6c4..3e46a17 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
-@@ -31,6 +31,21 @@
-
+@@ -46,6 +46,21 @@
+ #endif
#if __GNUC_MINOR__ >= 5
+
@@ -72285,7 +71862,7 @@ index dfadc96..23c5182 100644
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -46,6 +61,11 @@
+@@ -61,6 +76,11 @@
#define __noclone __attribute__((__noclone__))
#endif
@@ -72901,10 +72478,10 @@ index 8eeb205..13d571c 100644
#endif /* __KERNEL__ */
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index a276817..ba31358 100644
+index dd74385..c745e49 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
-@@ -1618,7 +1618,8 @@ struct file_operations {
+@@ -1624,7 +1624,8 @@ struct file_operations {
int (*setlease)(struct file *, long, struct file_lock **);
long (*fallocate)(struct file *file, int mode, loff_t offset,
loff_t len);
@@ -72914,7 +72491,7 @@ index a276817..ba31358 100644
struct inode_operations {
struct dentry * (*lookup) (struct inode *,struct dentry *, struct nameidata *);
-@@ -1885,6 +1886,8 @@ struct file_system_type {
+@@ -1891,6 +1892,8 @@ struct file_system_type {
struct lock_class_key i_mutex_dir_key;
};
@@ -72923,7 +72500,7 @@ index a276817..ba31358 100644
extern struct dentry *mount_ns(struct file_system_type *fs_type, int flags,
void *data, int (*fill_super)(struct super_block *, void *, int));
extern struct dentry *mount_bdev(struct file_system_type *fs_type,
-@@ -2716,5 +2719,15 @@ static inline void inode_has_no_xattr(struct inode *inode)
+@@ -2722,5 +2725,15 @@ static inline void inode_has_no_xattr(struct inode *inode)
inode->i_flags |= S_NOSEC;
}
@@ -75703,10 +75280,10 @@ index 45fc162..01a4068 100644
/**
* struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index eeb6a29..6eb2b52 100644
+index 8d5b91e..9209ea4 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
-@@ -748,8 +748,8 @@ struct perf_event {
+@@ -750,8 +750,8 @@ struct perf_event {
enum perf_event_active_state state;
unsigned int attach_state;
@@ -75717,7 +75294,7 @@ index eeb6a29..6eb2b52 100644
/*
* These are the total time in nanoseconds that the event
-@@ -800,8 +800,8 @@ struct perf_event {
+@@ -802,8 +802,8 @@ struct perf_event {
* These accumulate total time (in nanoseconds) that children
* events have been enabled and running, respectively.
*/
@@ -75728,7 +75305,7 @@ index eeb6a29..6eb2b52 100644
/*
* Protect attach/detach and child_list:
-@@ -1100,7 +1100,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64
+@@ -1102,7 +1102,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64
entry->ip[entry->nr++] = ip;
}
@@ -75737,7 +75314,7 @@ index eeb6a29..6eb2b52 100644
extern int sysctl_perf_event_mlock;
extern int sysctl_perf_event_sample_rate;
-@@ -1108,19 +1108,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
+@@ -1110,19 +1110,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp,
loff_t *ppos);
@@ -75765,7 +75342,7 @@ index eeb6a29..6eb2b52 100644
}
extern void perf_event_init(void);
-@@ -1198,7 +1203,7 @@ static inline void perf_restore_debug_store(void) { }
+@@ -1200,7 +1205,7 @@ static inline void perf_restore_debug_store(void) { }
*/
#define perf_cpu_notifier(fn) \
do { \
@@ -75998,7 +75575,7 @@ index 800f113..13b3715 100644
}
diff --git a/include/linux/random.h b/include/linux/random.h
-index 29e217a..a76bcd0 100644
+index 7e77cee..207b34e 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -51,9 +51,19 @@ struct rnd_state {
@@ -76023,7 +75600,7 @@ index 29e217a..a76bcd0 100644
extern void get_random_bytes(void *buf, int nbytes);
extern void get_random_bytes_arch(void *buf, int nbytes);
-@@ -71,12 +81,17 @@ void srandom32(u32 seed);
+@@ -72,12 +82,17 @@ void srandom32(u32 seed);
u32 prandom32(struct rnd_state *);
@@ -76781,7 +76358,7 @@ index 92808b8..c28cac4 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index efe50af..9a039e5 100644
+index 85180bf..cc75886 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb);
@@ -76820,19 +76397,7 @@ index efe50af..9a039e5 100644
}
/**
-@@ -1157,6 +1157,11 @@ static inline int skb_pagelen(const struct sk_buff *skb)
- return len + skb_headlen(skb);
- }
-
-+static inline bool skb_has_frags(const struct sk_buff *skb)
-+{
-+ return skb_shinfo(skb)->nr_frags;
-+}
-+
- /**
- * __skb_fill_page_desc - initialise a paged fragment in an skb
- * @skb: buffer containing fragment to be initialised
-@@ -1546,7 +1551,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1561,7 +1561,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -76841,7 +76406,7 @@ index efe50af..9a039e5 100644
#endif
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2085,7 +2090,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2100,7 +2100,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
int noblock, int *err);
extern unsigned int datagram_poll(struct file *file, struct socket *sock,
struct poll_table_struct *wait);
@@ -76850,7 +76415,7 @@ index efe50af..9a039e5 100644
int offset, struct iovec *to,
int size);
extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
-@@ -2365,6 +2370,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2380,6 +2380,9 @@ static inline void nf_reset(struct sk_buff *skb)
nf_bridge_put(skb->nf_bridge);
skb->nf_bridge = NULL;
#endif
@@ -79065,10 +78630,10 @@ index 2531811..4f036c4 100644
#ifdef CONFIG_BLK_DEV_RAM
int fd;
diff --git a/init/main.c b/init/main.c
-index 5d0eb1d..83506bb 100644
+index 7474450..caef7e7 100644
--- a/init/main.c
+++ b/init/main.c
-@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
+@@ -97,6 +97,8 @@ static inline void mark_rodata_ro(void) { }
extern void tc_init(void);
#endif
@@ -79077,7 +78642,7 @@ index 5d0eb1d..83506bb 100644
/*
* Debug helper: via this flag we know that we are in 'early bootup code'
* where only the boot processor is running with IRQ disabled. This means
-@@ -149,6 +151,64 @@ static int __init set_reset_devices(char *str)
+@@ -150,6 +152,64 @@ static int __init set_reset_devices(char *str)
__setup("reset_devices", set_reset_devices);
@@ -79142,7 +78707,7 @@ index 5d0eb1d..83506bb 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -678,6 +738,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -679,6 +739,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -79150,7 +78715,7 @@ index 5d0eb1d..83506bb 100644
if (initcall_debug)
ret = do_one_initcall_debug(fn);
-@@ -690,17 +751,18 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -691,17 +752,18 @@ int __init_or_module do_one_initcall(initcall_t fn)
sprintf(msgbuf, "error code %d ", ret);
if (preempt_count() != count) {
@@ -79173,7 +78738,7 @@ index 5d0eb1d..83506bb 100644
return ret;
}
-@@ -748,6 +810,10 @@ static void run_init_process(const char *init_filename)
+@@ -750,6 +812,10 @@ static void run_init_process(const char *init_filename)
kernel_execve(init_filename, argv_init, envp_init);
}
@@ -79184,7 +78749,7 @@ index 5d0eb1d..83506bb 100644
/* This is a non __init function. Force it to be noinline otherwise gcc
* makes it inline to init() and it becomes part of init.text section
*/
-@@ -769,6 +835,11 @@ static noinline int init_post(void)
+@@ -771,6 +837,11 @@ static noinline int init_post(void)
ramdisk_execute_command);
}
@@ -79196,7 +78761,7 @@ index 5d0eb1d..83506bb 100644
/*
* We try each of these until one succeeds.
*
-@@ -821,7 +892,7 @@ static int __init kernel_init(void * unused)
+@@ -823,7 +894,7 @@ static int __init kernel_init(void * unused)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -79205,7 +78770,7 @@ index 5d0eb1d..83506bb 100644
printk(KERN_WARNING "Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -834,11 +905,13 @@ static int __init kernel_init(void * unused)
+@@ -836,11 +907,13 @@ static int __init kernel_init(void * unused)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -85746,10 +85311,10 @@ index 6fdc629..55739fe 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index ce1067f..d823ee9 100644
+index c5a12a7..4d94416 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -2653,7 +2653,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+@@ -2656,7 +2656,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
return 0;
}
@@ -85758,7 +85323,7 @@ index ce1067f..d823ee9 100644
{
/* do nothing if flag is already set */
if (!!(trace_flags & mask) == !!enabled)
-@@ -4245,10 +4245,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4248,10 +4248,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
@@ -85770,7 +85335,7 @@ index ce1067f..d823ee9 100644
static int once;
if (d_tracer)
-@@ -4268,10 +4267,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4271,10 +4270,9 @@ struct dentry *tracing_init_dentry(void)
return d_tracer;
}
@@ -86605,20 +86170,6 @@ index d9df745..e73c2fe 100644
static inline void *ptr_to_indirect(void *ptr)
{
-diff --git a/lib/scatterlist.c b/lib/scatterlist.c
-index 4ceb05d..2ffcb3c 100644
---- a/lib/scatterlist.c
-+++ b/lib/scatterlist.c
-@@ -419,7 +419,8 @@ void sg_miter_stop(struct sg_mapping_iter *miter)
- if (miter->addr) {
- miter->__offset += miter->consumed;
-
-- if (miter->__flags & SG_MITER_TO_SG)
-+ if ((miter->__flags & SG_MITER_TO_SG) &&
-+ !PageSlab(miter->page))
- flush_kernel_dcache_page(miter->page);
-
- if (miter->__flags & SG_MITER_ATOMIC) {
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index d74c317..1170419 100644
--- a/lib/vsprintf.c
@@ -90350,6 +89901,19 @@ index 70e814a..38e1f43 100644
for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) {
rc = process_vm_rw_single_vec(
(unsigned long)rvec[i].iov_base, rvec[i].iov_len,
+diff --git a/mm/readahead.c b/mm/readahead.c
+index cbcbb02..dfdc1de 100644
+--- a/mm/readahead.c
++++ b/mm/readahead.c
+@@ -342,7 +342,7 @@ static unsigned long get_next_ra_size(struct file_ra_state *ra,
+ * - length of the sequential read sequence, or
+ * - thrashing threshold in memory tight systems
+ */
+-static pgoff_t count_history_pages(struct address_space *mapping,
++static pgoff_t __intentional_overflow(-1) count_history_pages(struct address_space *mapping,
+ struct file_ra_state *ra,
+ pgoff_t offset, unsigned long max)
+ {
diff --git a/mm/rmap.c b/mm/rmap.c
index 8685697..e047d10 100644
--- a/mm/rmap.c
@@ -92688,25 +92252,23 @@ index f78f898..d7aa843 100644
if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) {
diff --git a/net/compat.c b/net/compat.c
-index 8c979cc..453a165 100644
+index 3139ef2..453a165 100644
--- a/net/compat.c
+++ b/net/compat.c
-@@ -71,9 +71,11 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
- __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
- __get_user(kmsg->msg_flags, &umsg->msg_flags))
+@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
return -EFAULT;
+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
+ return -EINVAL;
- kmsg->msg_name = compat_ptr(tmp1);
- kmsg->msg_iov = compat_ptr(tmp2);
- kmsg->msg_control = compat_ptr(tmp3);
-+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
-+ return -EINVAL;
+ kmsg->msg_name = (void __force_kernel *)compat_ptr(tmp1);
+ kmsg->msg_iov = (void __force_kernel *)compat_ptr(tmp2);
+ kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3);
return 0;
}
-@@ -85,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -87,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
if (kern_msg->msg_namelen) {
if (mode == VERIFY_READ) {
@@ -92715,7 +92277,7 @@ index 8c979cc..453a165 100644
kern_msg->msg_namelen,
kern_address);
if (err < 0)
-@@ -96,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -98,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
kern_msg->msg_name = NULL;
tot_len = iov_from_user_compat_to_kern(kern_iov,
@@ -92724,7 +92286,7 @@ index 8c979cc..453a165 100644
kern_msg->msg_iovlen);
if (tot_len >= 0)
kern_msg->msg_iov = kern_iov;
-@@ -116,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
+@@ -118,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
#define CMSG_COMPAT_FIRSTHDR(msg) \
(((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
@@ -92748,7 +92310,7 @@ index 8c979cc..453a165 100644
msg->msg_controllen)
return NULL;
return (struct compat_cmsghdr __user *)ptr;
-@@ -221,7 +223,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
+@@ -223,7 +223,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
{
struct compat_timeval ctv;
struct compat_timespec cts[3];
@@ -92757,7 +92319,7 @@ index 8c979cc..453a165 100644
struct compat_cmsghdr cmhdr;
int cmlen;
-@@ -273,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
+@@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
{
@@ -92766,7 +92328,7 @@ index 8c979cc..453a165 100644
int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
int fdnum = scm->fp->count;
struct file **fp = scm->fp->fp;
-@@ -326,14 +328,6 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
+@@ -328,14 +328,6 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
__scm_destroy(scm);
}
@@ -92781,7 +92343,7 @@ index 8c979cc..453a165 100644
static int do_set_attach_filter(struct socket *sock, int level, int optname,
char __user *optval, unsigned int optlen)
{
-@@ -370,7 +364,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
+@@ -372,7 +364,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
return -EFAULT;
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -92790,7 +92352,7 @@ index 8c979cc..453a165 100644
set_fs(old_fs);
return err;
-@@ -431,7 +425,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
+@@ -433,7 +425,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
len = sizeof(ktime);
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -92799,7 +92361,7 @@ index 8c979cc..453a165 100644
set_fs(old_fs);
if (!err) {
-@@ -566,7 +560,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -568,7 +560,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
case MCAST_JOIN_GROUP:
case MCAST_LEAVE_GROUP:
{
@@ -92808,7 +92370,7 @@ index 8c979cc..453a165 100644
struct group_req __user *kgr =
compat_alloc_user_space(sizeof(struct group_req));
u32 interface;
-@@ -587,7 +581,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -589,7 +581,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
case MCAST_BLOCK_SOURCE:
case MCAST_UNBLOCK_SOURCE:
{
@@ -92817,7 +92379,7 @@ index 8c979cc..453a165 100644
struct group_source_req __user *kgsr = compat_alloc_user_space(
sizeof(struct group_source_req));
u32 interface;
-@@ -608,7 +602,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
+@@ -610,7 +602,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
}
case MCAST_MSFILTER:
{
@@ -92826,7 +92388,7 @@ index 8c979cc..453a165 100644
struct group_filter __user *kgf;
u32 interface, fmode, numsrc;
-@@ -646,7 +640,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
+@@ -648,7 +640,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
char __user *optval, int __user *optlen,
int (*getsockopt)(struct sock *, int, int, char __user *, int __user *))
{
@@ -92835,7 +92397,7 @@ index 8c979cc..453a165 100644
struct group_filter __user *kgf;
int __user *koptlen;
u32 interface, fmode, numsrc;
-@@ -799,7 +793,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
+@@ -801,7 +793,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
if (call < SYS_SOCKET || call > SYS_SENDMMSG)
return -EINVAL;
@@ -93883,7 +93445,7 @@ index ccee270..db23c3c 100644
tmo = req->expires - jiffies;
if (tmo < 0)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
-index 984ec65..392d206 100644
+index 4afcf31..392d206 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -18,12 +18,15 @@
@@ -93902,15 +93464,6 @@ index 984ec65..392d206 100644
/*
* Allocate and initialize a new local port bind bucket.
* The bindhash mutex for snum's hash chain must be held here.
-@@ -268,7 +271,7 @@ begintw:
- }
- if (unlikely(!INET_TW_MATCH(sk, net, hash, acookie,
- saddr, daddr, ports, dif))) {
-- sock_put(sk);
-+ inet_twsk_put(inet_twsk(sk));
- goto begintw;
- }
- goto out;
@@ -530,6 +533,8 @@ ok:
twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
spin_unlock(&head->lock);
@@ -94016,19 +93569,6 @@ index 5f28fab..ebd7a97 100644
.kind = "gretap",
.maxtype = IFLA_GRE_MAX,
.policy = ipgre_policy,
-diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
-index daf408e..16191f0 100644
---- a/net/ipv4/ip_output.c
-+++ b/net/ipv4/ip_output.c
-@@ -833,7 +833,7 @@ static int __ip_append_data(struct sock *sk,
- csummode = CHECKSUM_PARTIAL;
-
- cork->length += length;
-- if (((length > mtu) || (skb && skb_is_gso(skb))) &&
-+ if (((length > mtu) || (skb && skb_has_frags(skb))) &&
- (sk->sk_protocol == IPPROTO_UDP) &&
- (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) {
- err = ip_ufo_append_data(sk, queue, getfrag, from, length,
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 3b36002..27e6634 100644
--- a/net/ipv4/ip_sockglue.c
@@ -94328,7 +93868,7 @@ index 2815014..1d39ae6 100644
.exit = raw_exit_net,
};
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index c45a155a3..dadea8d 100644
+index 6768ce2..c682a62 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
@@ -94556,22 +94096,10 @@ index 739b073..7ac6591 100644
hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table);
if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 872b41d..bb914c3 100644
+index c1ed01e..bb914c3 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
-@@ -1469,7 +1469,10 @@ static int tcp_shifted_skb(struct sock *sk, struct sk_buff *skb,
- tp->lost_cnt_hint -= tcp_skb_pcount(prev);
- }
-
-- TCP_SKB_CB(skb)->tcp_flags |= TCP_SKB_CB(prev)->tcp_flags;
-+ TCP_SKB_CB(prev)->tcp_flags |= TCP_SKB_CB(skb)->tcp_flags;
-+ if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
-+ TCP_SKB_CB(prev)->end_seq++;
-+
- if (skb == tcp_highest_sack(sk))
- tcp_advance_highest_sack(sk, skb);
-
-@@ -4736,7 +4739,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4739,7 +4739,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
* simplifies code)
*/
static void
@@ -94580,7 +94108,7 @@ index 872b41d..bb914c3 100644
struct sk_buff *head, struct sk_buff *tail,
u32 start, u32 end)
{
-@@ -5551,6 +5554,9 @@ slow_path:
+@@ -5554,6 +5554,9 @@ slow_path:
if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb))
goto csum_error;
@@ -94590,7 +94118,7 @@ index 872b41d..bb914c3 100644
/*
* Standard slow path.
*/
-@@ -5559,8 +5565,7 @@ slow_path:
+@@ -5562,8 +5565,7 @@ slow_path:
return 0;
step5:
@@ -94600,7 +94128,7 @@ index 872b41d..bb914c3 100644
goto discard;
tcp_rcv_rtt_measure_ts(sk, skb);
-@@ -5791,6 +5796,7 @@ discard:
+@@ -5794,6 +5796,7 @@ discard:
tcp_paws_reject(&tp->rx_opt, 0))
goto discard_and_undo;
@@ -94608,7 +94136,7 @@ index 872b41d..bb914c3 100644
if (th->syn) {
/* We see SYN without ACK. It is attempt of
* simultaneous connect with crossed SYNs.
-@@ -5839,6 +5845,7 @@ discard:
+@@ -5842,6 +5845,7 @@ discard:
goto discard;
#endif
}
@@ -94616,7 +94144,7 @@ index 872b41d..bb914c3 100644
/* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*/
-@@ -5882,7 +5889,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5885,7 +5889,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
goto discard;
if (th->syn) {
@@ -94625,7 +94153,7 @@ index 872b41d..bb914c3 100644
goto discard;
if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
return 1;
-@@ -5921,11 +5928,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5924,11 +5928,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
return 0;
}
@@ -94641,7 +94169,7 @@ index 872b41d..bb914c3 100644
int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH |
FLAG_UPDATE_TS_RECENT) > 0;
-@@ -6031,8 +6041,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -6034,8 +6041,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
}
break;
}
@@ -94786,10 +94314,10 @@ index 66363b6..b0654a3 100644
req->rsk_ops->send_reset(sk, skb);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
-index 3add486..a5df757 100644
+index 0d5a118..5f6f0e6 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
-@@ -1318,7 +1318,7 @@ static void tcp_cwnd_validate(struct sock *sk)
+@@ -1319,7 +1319,7 @@ static void tcp_cwnd_validate(struct sock *sk)
* modulo only when the receiver window alone is the limiting factor or
* when we would be allowed to send the split-due-to-Nagle skb fully.
*/
@@ -95056,21 +94584,8 @@ index 1567fb1..29af910 100644
__sk_dst_reset(sk);
dst = NULL;
}
-diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
-index 73f1a00..e38290b 100644
---- a/net/ipv6/inet6_hashtables.c
-+++ b/net/ipv6/inet6_hashtables.c
-@@ -110,7 +110,7 @@ begintw:
- goto out;
- }
- if (!INET6_TW_MATCH(sk, net, hash, saddr, daddr, ports, dif)) {
-- sock_put(sk);
-+ inet_twsk_put(inet_twsk(sk));
- goto begintw;
- }
- goto out;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index 91d0711..7dc5e62 100644
+index 97675bf..7dc5e62 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -600,8 +600,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
@@ -95102,15 +94617,6 @@ index 91d0711..7dc5e62 100644
}
int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
-@@ -1342,7 +1339,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
- skb = skb_peek_tail(&sk->sk_write_queue);
- cork->length += length;
- if (((length > mtu) ||
-- (skb && skb_is_gso(skb))) &&
-+ (skb && skb_has_frags(skb))) &&
- (sk->sk_protocol == IPPROTO_UDP) &&
- (rt->dst.dev->features & NETIF_F_UFO)) {
- err = ip6_ufo_append_data(sk, getfrag, from, length,
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index b204df8..8f274f4 100644
--- a/net/ipv6/ipv6_sockglue.c
@@ -95314,10 +94820,10 @@ index eba5deb..61e026f 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 18ea73c..b0b7be2 100644
+index bc9103d..48a383f 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -2806,7 +2806,7 @@ ctl_table ipv6_route_table_template[] = {
+@@ -2809,7 +2809,7 @@ ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
{
@@ -95802,7 +95308,7 @@ index 93a41a0..d4b4edb 100644
NLA_PUT_U32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id);
NLA_PUT_U32(skb, L2TP_ATTR_SESSION_ID, session->session_id);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 73495f1..ad51356 100644
+index a9cf593..b04a2d5 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -27,6 +27,7 @@
@@ -95813,7 +95319,7 @@ index 73495f1..ad51356 100644
#include "key.h"
#include "sta_info.h"
-@@ -764,7 +765,7 @@ struct ieee80211_local {
+@@ -767,7 +768,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
@@ -97605,7 +97111,7 @@ index 8da4481..d02565e 100644
+ (rtt >> sctp_rto_alpha);
} else {
diff --git a/net/socket.c b/net/socket.c
-index cf546a3..3cb0fca 100644
+index bf7adaa..3cb0fca 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -97789,38 +97295,7 @@ index cf546a3..3cb0fca 100644
int err, err2;
int fput_needed;
-@@ -1876,6 +1942,16 @@ struct used_address {
- unsigned int name_len;
- };
-
-+static int copy_msghdr_from_user(struct msghdr *kmsg,
-+ struct msghdr __user *umsg)
-+{
-+ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
-+ return -EFAULT;
-+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
-+ return -EINVAL;
-+ return 0;
-+}
-+
- static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
- struct msghdr *msg_sys, unsigned flags,
- struct used_address *used_address)
-@@ -1894,8 +1970,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
- if (MSG_CMSG_COMPAT & flags) {
- if (get_compat_msghdr(msg_sys, msg_compat))
- return -EFAULT;
-- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
-- return -EFAULT;
-+ } else {
-+ err = copy_msghdr_from_user(msg_sys, msg);
-+ if (err)
-+ return err;
-+ }
-
- /* do not move before msg_sys is valid */
- err = -EMSGSIZE;
-@@ -1950,7 +2029,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -1963,7 +2029,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -97829,7 +97304,7 @@ index cf546a3..3cb0fca 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2101,7 +2180,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2114,7 +2180,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
int err, iov_size, total_len, len;
/* kernel mode address */
@@ -97838,21 +97313,7 @@ index cf546a3..3cb0fca 100644
/* user mode address pointers */
struct sockaddr __user *uaddr;
-@@ -2110,8 +2189,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
- if (MSG_CMSG_COMPAT & flags) {
- if (get_compat_msghdr(msg_sys, msg_compat))
- return -EFAULT;
-- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
-- return -EFAULT;
-+ } else {
-+ err = copy_msghdr_from_user(msg_sys, msg);
-+ if (err)
-+ return err;
-+ }
-
- err = -EMSGSIZE;
- if (msg_sys->msg_iovlen > UIO_MAXIOV)
-@@ -2131,7 +2213,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2147,7 +2213,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
* kernel msghdr to use the kernel address space)
*/
@@ -97861,7 +97322,7 @@ index cf546a3..3cb0fca 100644
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags) {
err = verify_compat_iovec(msg_sys, iov,
-@@ -2772,7 +2854,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2788,7 +2854,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
}
ifr = compat_alloc_user_space(buf_size);
@@ -97870,7 +97331,7 @@ index cf546a3..3cb0fca 100644
if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
return -EFAULT;
-@@ -2796,12 +2878,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2812,12 +2878,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
offsetof(struct ethtool_rxnfc, fs.ring_cookie));
if (copy_in_user(rxnfc, compat_rxnfc,
@@ -97887,7 +97348,7 @@ index cf546a3..3cb0fca 100644
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2813,12 +2895,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2829,12 +2895,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
if (convert_out) {
if (copy_in_user(compat_rxnfc, rxnfc,
@@ -97904,7 +97365,7 @@ index cf546a3..3cb0fca 100644
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2888,7 +2970,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2904,7 +2970,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -97913,7 +97374,7 @@ index cf546a3..3cb0fca 100644
set_fs(old_fs);
return err;
-@@ -2997,7 +3079,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3013,7 +3079,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -97922,7 +97383,7 @@ index cf546a3..3cb0fca 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3102,7 +3184,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3118,7 +3184,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= __get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -97931,7 +97392,7 @@ index cf546a3..3cb0fca 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3342,8 +3424,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3358,8 +3424,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -97942,7 +97403,7 @@ index cf546a3..3cb0fca 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3363,7 +3445,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3379,7 +3445,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -98757,7 +98218,7 @@ index 1983717..4d6102c 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 5611563..911c6c1 100644
+index 5122b22..25b11eb 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -766,6 +766,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -98806,7 +98267,7 @@ index 5611563..911c6c1 100644
mutex_unlock(&path.dentry->d_inode->i_mutex);
dput(path.dentry);
path.dentry = dentry;
-@@ -2260,9 +2280,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2270,9 +2290,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -98821,7 +98282,7 @@ index 5611563..911c6c1 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2289,8 +2313,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2299,8 +2323,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -104752,10 +104213,10 @@ index 0000000..679b9ef
+}
diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
new file mode 100644
-index 0000000..05e26dd
+index 0000000..0634465
--- /dev/null
+++ b/tools/gcc/size_overflow_hash.data
-@@ -0,0 +1,5989 @@
+@@ -0,0 +1,5990 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -105379,8 +104840,8 @@ index 0000000..05e26dd
+send_mpa_reject_7135 send_mpa_reject 3 7135 NULL
+ipv6_recv_rxpmtu_7142 ipv6_recv_rxpmtu 3 7142 NULL
+ocfs2_get_left_path_7159 ocfs2_get_left_path 0 7159 NULL
-+__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL nohasharray
-+utf16_strsize_7203 utf16_strsize 0 7203 &__alloc_objio_seg_7203
++utf16_strsize_7203 utf16_strsize 0 7203 NULL nohasharray
++__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 &utf16_strsize_7203
+sys32_ipc_7238 sys32_ipc 3 7238 NULL
+hdlc_loop_7255 hdlc_loop 0 7255 NULL
+snd_mask_refine_7267 snd_mask_refine 0 7267 NULL
@@ -105546,8 +105007,8 @@ index 0000000..05e26dd
+usb_allocate_stream_buffers_8964 usb_allocate_stream_buffers 3 8964 NULL
+qib_qsfp_dump_8966 qib_qsfp_dump 0-3 8966 NULL
+venus_mkdir_8967 venus_mkdir 4 8967 NULL
-+vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray
-+seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968
++seq_open_net_8968 seq_open_net 4 8968 NULL nohasharray
++vol_cdev_read_8968 vol_cdev_read 3 8968 &seq_open_net_8968
+bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL
+btrfs_alloc_free_block_8986 btrfs_alloc_free_block 8 8986 NULL
+get_pipes_9008 get_pipes 0 9008 NULL
@@ -105699,8 +105160,8 @@ index 0000000..05e26dd
+do_compat_pselect_10398 do_compat_pselect 1 10398 NULL
+event_phy_transmit_error_read_10471 event_phy_transmit_error_read 3 10471 NULL
+qib_alloc_fast_reg_page_list_10507 qib_alloc_fast_reg_page_list 2 10507 NULL
-+sel_write_disable_10511 sel_write_disable 3 10511 NULL nohasharray
-+rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 &sel_write_disable_10511
++rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 NULL nohasharray
++sel_write_disable_10511 sel_write_disable 3 10511 &rbd_get_segment_10511
+osd_req_write_sg_kern_10514 osd_req_write_sg_kern 5 10514 NULL
+rds_message_alloc_10517 rds_message_alloc 1 10517 NULL
+snd_pcm_hw_params_user_10520 snd_pcm_hw_params_user 0 10520 NULL
@@ -106095,8 +105556,8 @@ index 0000000..05e26dd
+cmd_complete_14502 cmd_complete 5 14502 NULL
+ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL
+prepare_data_14536 prepare_data 3 14536 NULL nohasharray
-+ep0_write_14536 ep0_write 3 14536 &prepare_data_14536 nohasharray
-+dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &ep0_write_14536
++dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &prepare_data_14536 nohasharray
++ep0_write_14536 ep0_write 3 14536 &dataflash_read_user_otp_14536
+register_trace_sched_switch_14545 register_trace_sched_switch 0 14545 NULL
+l2cap_send_cmd_14548 l2cap_send_cmd 4 14548 NULL
+picolcd_debug_eeprom_read_14549 picolcd_debug_eeprom_read 3 14549 NULL
@@ -106121,8 +105582,8 @@ index 0000000..05e26dd
+cp_tm1217_read_14792 cp_tm1217_read 3 14792 &keys_proc_write_14792
+ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL
+__kfifo_in_14797 __kfifo_in 3-0 14797 NULL
-+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 NULL nohasharray
-+hpet_readl_14801 hpet_readl 0 14801 &snd_als300_gcr_read_14801
++hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
++snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
+__i2400ms_rx_get_size_14826 __i2400ms_rx_get_size 0 14826 NULL
+do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
+__mutex_fastpath_lock_retval_14844 __mutex_fastpath_lock_retval 0 14844 NULL
@@ -106896,8 +106357,8 @@ index 0000000..05e26dd
+pipe_iov_copy_from_user_23102 pipe_iov_copy_from_user 3 23102 NULL
+dgram_recvmsg_23104 dgram_recvmsg 4 23104 NULL
+ip_recv_error_23109 ip_recv_error 3 23109 NULL
-+msix_setup_entries_23110 msix_setup_entries 0 23110 NULL nohasharray
-+mwl8k_cmd_set_beacon_23110 mwl8k_cmd_set_beacon 4 23110 &msix_setup_entries_23110
++mwl8k_cmd_set_beacon_23110 mwl8k_cmd_set_beacon 4 23110 NULL nohasharray
++msix_setup_entries_23110 msix_setup_entries 0 23110 &mwl8k_cmd_set_beacon_23110
+nl80211_send_rx_auth_23111 nl80211_send_rx_auth 4 23111 NULL
+__clear_user_23118 __clear_user 0-2 23118 NULL
+iwl_legacy_dbgfs_interrupt_write_23122 iwl_legacy_dbgfs_interrupt_write 3 23122 NULL nohasharray
@@ -107314,9 +106775,9 @@ index 0000000..05e26dd
+cxio_hal_pblpool_alloc_27714 cxio_hal_pblpool_alloc 2 27714 NULL
+evm_write_key_27715 evm_write_key 3 27715 NULL
+ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol_27722 ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol 3 27722 NULL
-+pstore_write_27724 pstore_write 3 27724 NULL nohasharray
-+iwl_dbgfs_traffic_log_write_27724 iwl_dbgfs_traffic_log_write 3 27724 &pstore_write_27724 nohasharray
-+reg_w_buf_27724 reg_w_buf 3 27724 &iwl_dbgfs_traffic_log_write_27724
++reg_w_buf_27724 reg_w_buf 3 27724 NULL nohasharray
++pstore_write_27724 pstore_write 3 27724 &reg_w_buf_27724 nohasharray
++iwl_dbgfs_traffic_log_write_27724 iwl_dbgfs_traffic_log_write 3 27724 &pstore_write_27724
+xfs_dir2_block_sfsize_27727 xfs_dir2_block_sfsize 0 27727 NULL
+kcalloc_27770 kcalloc 2-1 27770 NULL
+ttm_object_file_init_27804 ttm_object_file_init 2 27804 NULL
@@ -107432,8 +106893,8 @@ index 0000000..05e26dd
+hci_sock_setsockopt_28993 hci_sock_setsockopt 5 28993 NULL
+bin_uuid_28999 bin_uuid 3 28999 NULL
+sys_fcntl64_29031 sys_fcntl64 3 29031 NULL
-+rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 NULL nohasharray
-+ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 &rxrpc_sendmsg_29049
++ProcessGetHostMibs_29049 ProcessGetHostMibs 0 29049 NULL nohasharray
++rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 &ProcessGetHostMibs_29049
+tso_fragment_29050 tso_fragment 3 29050 NULL
+split_bvec_29058 split_bvec 5 29058 NULL
+iso_packets_buffer_init_29061 iso_packets_buffer_init 3-4 29061 NULL
@@ -108246,8 +107707,8 @@ index 0000000..05e26dd
+snd_pcm_playback_rewind_38249 snd_pcm_playback_rewind 0-2 38249 NULL
+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray
+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 3-4 38268 &ieee80211_if_read_auto_open_plinks_38268
-+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray
-+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275
++xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 NULL nohasharray
++xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 &xfs_bmdr_to_bmbt_38275
+zd_mac_rx_38296 zd_mac_rx 3 38296 NULL
+isr_rx_headers_read_38325 isr_rx_headers_read 3 38325 NULL
+ida_simple_get_38326 ida_simple_get 2 38326 NULL
@@ -108741,8 +108202,8 @@ index 0000000..05e26dd
+msi_capability_init_43423 msi_capability_init 0 43423 &__alloc_bootmem_low_43423
+usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL
+ocfs2_rotate_tree_left_43442 ocfs2_rotate_tree_left 0 43442 NULL
-+usb_string_43443 usb_string 0 43443 NULL nohasharray
-+usemap_size_43443 usemap_size 0-2-1 43443 &usb_string_43443
++usemap_size_43443 usemap_size 0-2-1 43443 NULL nohasharray
++usb_string_43443 usb_string 0 43443 &usemap_size_43443
+__data_list_add_eb_43472 __data_list_add_eb 0 43472 NULL
+alloc_new_reservation_43480 alloc_new_reservation 4-0-2 43480 NULL
+nf_nat_ftp_fmt_cmd_43495 nf_nat_ftp_fmt_cmd 0 43495 NULL
@@ -109146,8 +108607,8 @@ index 0000000..05e26dd
+iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray
+mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983
+pnpacpi_parse_allocated_irqresource_47986 pnpacpi_parse_allocated_irqresource 2 47986 NULL
-+mgmt_pending_add_47990 mgmt_pending_add 5 47990 NULL nohasharray
-+dbg_port_buf_47990 dbg_port_buf 2 47990 &mgmt_pending_add_47990
++dbg_port_buf_47990 dbg_port_buf 2 47990 NULL nohasharray
++mgmt_pending_add_47990 mgmt_pending_add 5 47990 &dbg_port_buf_47990
+ib_umad_write_47993 ib_umad_write 3 47993 NULL
+ocfs2_find_refcount_split_pos_48001 ocfs2_find_refcount_split_pos 0 48001 NULL
+ffs_epfile_write_48014 ffs_epfile_write 3 48014 NULL
@@ -109192,8 +108653,8 @@ index 0000000..05e26dd
+r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL
+send_control_msg_48498 send_control_msg 6 48498 NULL
+mlx4_en_create_tx_ring_48501 mlx4_en_create_tx_ring 4 48501 NULL
-+diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL nohasharray
-+iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 &diva_os_copy_to_user_48508
++iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 NULL nohasharray
++diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 &iwl_legacy_dbgfs_status_read_48508
+phantom_get_free_48514 phantom_get_free 0 48514 NULL
+ubi_dbg_check_write_48525 ubi_dbg_check_write 0 48525 NULL
+wiimote_hid_send_48528 wiimote_hid_send 3 48528 NULL
@@ -109753,8 +109214,8 @@ index 0000000..05e26dd
+pn_raw_send_54330 pn_raw_send 2 54330 NULL
+br_fdb_fillbuf_54339 br_fdb_fillbuf 0 54339 NULL
+__alloc_dev_table_54343 __alloc_dev_table 2 54343 NULL
-+_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 NULL nohasharray
-+__get_free_pages_54352 __get_free_pages 0 54352 &_osd_realloc_seg_54352
++__get_free_pages_54352 __get_free_pages 0 54352 NULL nohasharray
++_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 &__get_free_pages_54352
+tcf_hash_create_54360 tcf_hash_create 4 54360 NULL
+read_file_credit_dist_stats_54367 read_file_credit_dist_stats 3 54367 NULL
+vfs_readlink_54368 vfs_readlink 3 54368 NULL
@@ -109982,8 +109443,8 @@ index 0000000..05e26dd
+pvr2_debugifc_print_status_56890 pvr2_debugifc_print_status 3 56890 NULL
+__bitmap_clear_bits_56912 __bitmap_clear_bits 3 56912 NULL
+__kfifo_out_56927 __kfifo_out 0-3 56927 NULL
-+journal_init_revoke_56933 journal_init_revoke 2 56933 NULL nohasharray
-+CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 &journal_init_revoke_56933
++CopyBufferToControlPacket_56933 CopyBufferToControlPacket 0 56933 NULL nohasharray
++journal_init_revoke_56933 journal_init_revoke 2 56933 &CopyBufferToControlPacket_56933
+diva_get_driver_info_56967 diva_get_driver_info 0 56967 NULL
+vlsi_alloc_ring_57003 vlsi_alloc_ring 3-4 57003 NULL
+btrfs_super_csum_size_57004 btrfs_super_csum_size 0 57004 NULL
@@ -110077,8 +109538,8 @@ index 0000000..05e26dd
+tt_response_fill_table_57902 tt_response_fill_table 1 57902 NULL
+xt_alloc_table_info_57903 xt_alloc_table_info 1 57903 NULL
+emi26_writememory_57908 emi26_writememory 4 57908 NULL
-+atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 NULL nohasharray
-+iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 &atomic_add_return_unchecked_57910
++iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 NULL nohasharray
++atomic_add_return_unchecked_57910 atomic_add_return_unchecked 0-1 57910 &iio_read_first_n_kfifo_57910
+__snd_gf1_look16_57925 __snd_gf1_look16 0 57925 NULL
+sel_read_handle_unknown_57933 sel_read_handle_unknown 3 57933 NULL
+xfs_mru_cache_create_57943 xfs_mru_cache_create 3 57943 NULL
@@ -110271,8 +109732,8 @@ index 0000000..05e26dd
+sys_sched_getaffinity_60033 sys_sched_getaffinity 2 60033 NULL
+bio_integrity_hw_sectors_60039 bio_integrity_hw_sectors 0-2 60039 NULL
+do_ip6t_set_ctl_60040 do_ip6t_set_ctl 4 60040 NULL
-+vcs_size_60050 vcs_size 0 60050 NULL nohasharray
-+pin_2_irq_60050 pin_2_irq 0-3 60050 &vcs_size_60050
++pin_2_irq_60050 pin_2_irq 0-3 60050 NULL nohasharray
++vcs_size_60050 vcs_size 0 60050 &pin_2_irq_60050
+load_module_60056 load_module 2 60056 NULL nohasharray
+gru_alloc_gts_60056 gru_alloc_gts 3-2 60056 &load_module_60056
+compat_writev_60063 compat_writev 3 60063 NULL
@@ -110293,6 +109754,7 @@ index 0000000..05e26dd
+printer_write_60276 printer_write 3 60276 NULL
+__pskb_pull_tail_60287 __pskb_pull_tail 2 60287 NULL
+do_xip_mapping_read_60297 do_xip_mapping_read 5 60297 NULL
++ext3_dir_llseek_60298 ext3_dir_llseek 2 60298 NULL
+getDataLength_60301 getDataLength 0 60301 NULL
+usb_alphatrack_write_60341 usb_alphatrack_write 3 60341 NULL
+__kfifo_from_user_r_60345 __kfifo_from_user_r 5-3 60345 NULL
diff --git a/3.2.52/4425_grsec_remove_EI_PAX.patch b/3.2.53/4425_grsec_remove_EI_PAX.patch
index 415fda5..415fda5 100644
--- a/3.2.52/4425_grsec_remove_EI_PAX.patch
+++ b/3.2.53/4425_grsec_remove_EI_PAX.patch
diff --git a/3.2.52/4427_force_XATTR_PAX_tmpfs.patch b/3.2.53/4427_force_XATTR_PAX_tmpfs.patch
index 8c7a533..8c7a533 100644
--- a/3.2.52/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.2.53/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.2.52/4430_grsec-remove-localversion-grsec.patch b/3.2.53/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.2.52/4430_grsec-remove-localversion-grsec.patch
+++ b/3.2.53/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.52/4435_grsec-mute-warnings.patch b/3.2.53/4435_grsec-mute-warnings.patch
index f099757..f099757 100644
--- a/3.2.52/4435_grsec-mute-warnings.patch
+++ b/3.2.53/4435_grsec-mute-warnings.patch
diff --git a/3.2.52/4440_grsec-remove-protected-paths.patch b/3.2.53/4440_grsec-remove-protected-paths.patch
index 05710b1..05710b1 100644
--- a/3.2.52/4440_grsec-remove-protected-paths.patch
+++ b/3.2.53/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.52/4450_grsec-kconfig-default-gids.patch b/3.2.53/4450_grsec-kconfig-default-gids.patch
index 8c7b0b2..8c7b0b2 100644
--- a/3.2.52/4450_grsec-kconfig-default-gids.patch
+++ b/3.2.53/4450_grsec-kconfig-default-gids.patch
diff --git a/3.2.52/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.53/4465_selinux-avc_audit-log-curr_ip.patch
index 687ae4c..687ae4c 100644
--- a/3.2.52/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.2.53/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.2.52/4470_disable-compat_vdso.patch b/3.2.53/4470_disable-compat_vdso.patch
index 6905571..6905571 100644
--- a/3.2.52/4470_disable-compat_vdso.patch
+++ b/3.2.53/4470_disable-compat_vdso.patch
diff --git a/3.2.52/4475_emutramp_default_on.patch b/3.2.53/4475_emutramp_default_on.patch
index cfde6f8..cfde6f8 100644
--- a/3.2.52/4475_emutramp_default_on.patch
+++ b/3.2.53/4475_emutramp_default_on.patch