diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2013-04-06 11:31:37 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2013-04-06 11:31:37 -0400 |
| commit | 533d951dabdd839356a15662adf8f5703d1319e5 (patch) | |
| tree | 6bb8ea7600a5d179d06c9cdede85aacb8255394a | |
| parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.42,3.8.5}-201303292018 (diff) | |
| download | hardened-patchset-533d951dabdd839356a15662adf8f5703d1319e5.tar.gz hardened-patchset-533d951dabdd839356a15662adf8f5703d1319e5.tar.bz2 hardened-patchset-533d951dabdd839356a15662adf8f5703d1319e5.zip | |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.42,3.8.6}-20130405230520130405
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304052259.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201303292014.patch) | 91 | ||||
| -rw-r--r-- | 3.2.42/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.42/4420_grsecurity-2.9.1-3.2.42-201304052303.patch (renamed from 3.2.42/4420_grsecurity-2.9.1-3.2.42-201303292017.patch) | 450 | ||||
| -rw-r--r-- | 3.8.6/0000_README (renamed from 3.8.5/0000_README) | 6 | ||||
| -rw-r--r-- | 3.8.6/1004_linux-3.8.5.patch (renamed from 3.8.5/1004_linux-3.8.5.patch) | 0 | ||||
| -rw-r--r-- | 3.8.6/1005_linux-3.8.6.patch | 5592 | ||||
| -rw-r--r-- | 3.8.6/4420_grsecurity-2.9.1-3.8.6-201304052305.patch (renamed from 3.8.5/4420_grsecurity-2.9.1-3.8.5-201303292018.patch) | 1352 | ||||
| -rw-r--r-- | 3.8.6/4425_grsec_remove_EI_PAX.patch (renamed from 3.8.5/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.8.6/4430_grsec-remove-localversion-grsec.patch (renamed from 3.8.5/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.8.6/4435_grsec-mute-warnings.patch (renamed from 3.8.5/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.8.6/4440_grsec-remove-protected-paths.patch (renamed from 3.8.5/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.8.6/4450_grsec-kconfig-default-gids.patch (renamed from 3.8.5/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.8.6/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.8.5/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.8.6/4470_disable-compat_vdso.patch (renamed from 3.8.5/4470_disable-compat_vdso.patch) | 0 |
15 files changed, 6995 insertions, 500 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 7ca453d..913d7a0 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201303292014.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304052259.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201303292014.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304052259.patch index 095a480..5300fa4 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201303292014.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304052259.patch @@ -84494,6 +84494,21 @@ index 7cb1285..c726cd0 100644 *blocks = 0; if (!options || !*options) /* use default configuration: create tails, journaling on, no +diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c +index cc1caa2..c0f6046 100644 +--- a/fs/reiserfs/xattr.c ++++ b/fs/reiserfs/xattr.c +@@ -189,8 +189,8 @@ fill_with_dentries(void *buf, const char *name, int namelen, loff_t offset, + if (dbuf->count == ARRAY_SIZE(dbuf->dentries)) + return -ENOSPC; + +- if (name[0] == '.' && (name[1] == '\0' || +- (name[1] == '.' && name[2] == '\0'))) ++ if (name[0] == '.' && (namelen < 2 || ++ (namelen == 2 && name[1] == '.'))) + return 0; + + dentry = lookup_one_len(name, dbuf->xadir, namelen); diff --git a/fs/select.c b/fs/select.c index fd38ce2..f5381b8 100644 --- a/fs/select.c @@ -100583,7 +100598,7 @@ index eca6235..c7417ed 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 4e647bb..23b3911 100644 +index 4e647bb..e33c585 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -14,6 +14,7 @@ @@ -100671,6 +100686,16 @@ index 4e647bb..23b3911 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, +@@ -1970,6 +1987,9 @@ static inline void nf_reset(struct sk_buff *skb) + nf_bridge_put(skb->nf_bridge); + skb->nf_bridge = NULL; + #endif ++#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) ++ skb->nf_trace = 0; ++#endif + } + + /* Note: This doesn't put any conntrack and bridge info in dst. */ diff --git a/include/linux/slab.h b/include/linux/slab.h index 2da8372..aa58826 100644 --- a/include/linux/slab.h @@ -110838,7 +110863,7 @@ index 2d846cf..8d5cdd8 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 4b80cbf..abfd61a 100644 +index 4b80cbf..89afb9e 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -29,6 +29,7 @@ @@ -111539,6 +111564,15 @@ index 4b80cbf..abfd61a 100644 } unsigned long +@@ -1480,7 +1744,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) + if (mm) { + /* Check the cache first. */ + /* (Cache hit rate is typically around 35%.) */ +- vma = mm->mmap_cache; ++ vma = ACCESS_ONCE(mm->mmap_cache); + if (!(vma && vma->vm_end > addr && vma->vm_start <= addr)) { + struct rb_node * rb_node; + @@ -1510,40 +1774,49 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); @@ -112592,7 +112626,7 @@ index 3e98d79..36c2b5d 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 406e8d4..53970d3 100644 +index 406e8d4..2d13998 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -67,7 +67,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -112603,6 +112637,15 @@ index 406e8d4..53970d3 100644 atomic_long_t mmap_pages_allocated; +@@ -740,7 +739,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) + struct rb_node *n = mm->mm_rb.rb_node; + + /* check the cache first */ +- vma = mm->mmap_cache; ++ vma = ACCESS_ONCE(mm->mmap_cache); + if (vma && vma->vm_start <= addr && vma->vm_end > addr) + return vma; + @@ -761,15 +760,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); @@ -118713,10 +118756,40 @@ index 0747d8a..e8bf3f3 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index db8d51a..b141925 100644 +index db8d51a..621ceb3 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -745,6 +745,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -370,7 +370,7 @@ static void unix_sock_destructor(struct sock *sk) + #endif + } + +-static int unix_release_sock(struct sock *sk, int embrion) ++static void unix_release_sock(struct sock *sk, int embrion) + { + struct unix_sock *u = unix_sk(sk); + struct dentry *dentry; +@@ -445,8 +445,6 @@ static int unix_release_sock(struct sock *sk, int embrion) + + if (unix_tot_inflight) + unix_gc(); /* Garbage collect fds */ +- +- return 0; + } + + static int unix_listen(struct socket *sock, int backlog) +@@ -660,9 +658,10 @@ static int unix_release(struct socket *sock) + if (!sk) + return 0; + ++ unix_release_sock(sk, 0); + sock->sk = NULL; + +- return unix_release_sock(sk, 0); ++ return 0; + } + + static int unix_autobind(struct socket *sock) +@@ -745,6 +744,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -118729,7 +118802,7 @@ index db8d51a..b141925 100644 u = unix_find_socket_byinode(net, inode); if (!u) goto put_fail; -@@ -765,6 +771,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -765,6 +770,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->dentry; @@ -118743,7 +118816,7 @@ index db8d51a..b141925 100644 if (dentry) touch_atime(unix_sk(u)->mnt, dentry); } else -@@ -850,11 +863,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) +@@ -850,11 +862,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) err = security_path_mknod(&nd.path, dentry, mode, 0); if (err) goto out_mknod_drop_write; @@ -118762,7 +118835,7 @@ index db8d51a..b141925 100644 mutex_unlock(&nd.path.dentry->d_inode->i_mutex); dput(nd.path.dentry); nd.path.dentry = dentry; -@@ -2206,12 +2226,20 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2206,12 +2225,20 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -118784,7 +118857,7 @@ index db8d51a..b141925 100644 atomic_read(&s->sk_refcnt), 0, s->sk_state == TCP_LISTEN ? __SO_ACCEPTCON : 0, -@@ -2235,8 +2263,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2235,8 +2262,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); diff --git a/3.2.42/0000_README b/3.2.42/0000_README index 57b50e6..45b1591 100644 --- a/3.2.42/0000_README +++ b/3.2.42/0000_README @@ -86,7 +86,7 @@ Patch: 1041_linux-3.2.42.patch From: http://www.kernel.org Desc: Linux 3.2.42 -Patch: 4420_grsecurity-2.9.1-3.2.42-201303292017.patch +Patch: 4420_grsecurity-2.9.1-3.2.42-201304052303.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.42/4420_grsecurity-2.9.1-3.2.42-201303292017.patch b/3.2.42/4420_grsecurity-2.9.1-3.2.42-201304052303.patch index 56f6d3b..f19c642 100644 --- a/3.2.42/4420_grsecurity-2.9.1-3.2.42-201303292017.patch +++ b/3.2.42/4420_grsecurity-2.9.1-3.2.42-201304052303.patch @@ -2034,10 +2034,44 @@ index 2b2d51c..0127490 100644 static int mbox_show(struct seq_file *s, void *data) { diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index 4b0bc37..e405631 100644 +index 4b0bc37..d556b08 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c -@@ -630,6 +630,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -386,6 +386,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) + } + #endif /* CONFIG_MMU */ + ++#ifdef CONFIG_PAX_PAGEEXEC ++void pax_report_insns(struct pt_regs *regs, void *pc, void *sp) ++{ ++ long i; ++ ++ printk(KERN_ERR "PAX: bytes at PC: "); ++ for (i = 0; i < 20; i++) { ++ unsigned char c; ++ if (get_user(c, (__force unsigned char __user *)pc+i)) ++ printk(KERN_CONT "?? "); ++ else ++ printk(KERN_CONT "%02x ", c); ++ } ++ printk("\n"); ++ ++ printk(KERN_ERR "PAX: bytes at SP-4: "); ++ for (i = -1; i < 20; i++) { ++ unsigned long c; ++ if (get_user(c, (__force unsigned long __user *)sp+i)) ++ printk(KERN_CONT "???????? "); ++ else ++ printk(KERN_CONT "%08lx ", c); ++ } ++ printk("\n"); ++} ++#endif ++ + /* + * First Level Translation Fault Handler + * +@@ -630,6 +657,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; @@ -13870,7 +13904,7 @@ index 566e803..86f1302 100644 } diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..110003f 100644 +index 1c66d30..f2fbd07 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -13910,16 +13944,16 @@ index 1c66d30..110003f 100644 } +static __always_inline __must_check unsigned long -+__copy_to_user(void __user *to, const void *from, unsigned long len) __size_overflow(3); ++__copy_to_user(void __user *to, const void *from, unsigned long len); +static __always_inline __must_check unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long len) __size_overflow(3); ++__copy_from_user(void *to, const void __user *from, unsigned long len); __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned len); -__must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned len); -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); -+copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3); ++copy_in_user(void __user *to, const void __user *from, unsigned long len); + +extern void copy_to_user_overflow(void) +#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS @@ -37417,6 +37451,23 @@ index 68d1240..46b32eb 100644 {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0, } +diff --git a/drivers/media/video/cx88/cx88-video.c b/drivers/media/video/cx88/cx88-video.c +index 921c56d..7e6c4b2 100644 +--- a/drivers/media/video/cx88/cx88-video.c ++++ b/drivers/media/video/cx88/cx88-video.c +@@ -49,9 +49,9 @@ MODULE_VERSION(CX88_VERSION); + + /* ------------------------------------------------------------------ */ + +-static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; +-static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; +-static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; ++static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; ++static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; ++static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; + + module_param_array(video_nr, int, NULL, 0444); + module_param_array(vbi_nr, int, NULL, 0444); diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c index d345215..b607565 100644 --- a/drivers/media/video/omap/omap_vout.c @@ -38373,7 +38424,7 @@ index a9ff89ff..461d313 100644 struct sm_sysfs_attribute *vendor_attribute; diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index 63e3c47..b32ea7e 100644 +index 63e3c47..c20fba6 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -4832,7 +4832,7 @@ static int bond_get_tx_queues(struct net *net, struct nlattr *tb[], @@ -38385,6 +38436,16 @@ index 63e3c47..b32ea7e 100644 .kind = "bond", .priv_size = sizeof(struct bonding), .setup = bond_setup, +@@ -4948,8 +4948,8 @@ static void __exit bonding_exit(void) + + bond_destroy_debugfs(); + +- rtnl_link_unregister(&bond_link_ops); + unregister_pernet_subsys(&bond_net_ops); ++ rtnl_link_unregister(&bond_link_ops); + + #ifdef CONFIG_NET_POLL_CONTROLLER + /* diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c index a03fde9..83254bc 100644 --- a/drivers/net/bonding/bond_sysfs.c @@ -38815,6 +38876,19 @@ index 4c8e199..f7f5587 100644 if (!q_vector->rxr_count) return IRQ_HANDLED; +diff --git a/drivers/net/ethernet/lantiq_etop.c b/drivers/net/ethernet/lantiq_etop.c +index 0b3567a..49bc4bc 100644 +--- a/drivers/net/ethernet/lantiq_etop.c ++++ b/drivers/net/ethernet/lantiq_etop.c +@@ -756,7 +756,7 @@ ltq_etop_probe(struct platform_device *pdev) + return 0; + + err_free: +- kfree(dev); ++ free_netdev(dev); + err_out: + return err; + } diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c index 24ee967..9a07e41 100644 --- a/drivers/net/ethernet/mellanox/mlx4/eq.c @@ -47918,6 +47992,20 @@ index cfb5543..1ae7347 100644 if (!del) { spin_lock(&rc->reloc_root_tree.lock); +diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c +index ddf2c90..37afd35 100644 +--- a/fs/btrfs/scrub.c ++++ b/fs/btrfs/scrub.c +@@ -348,7 +348,9 @@ static void scrub_print_warning(const char *errstr, struct scrub_bio *sbio, + ret < 0 ? -1 : ref_level, + ret < 0 ? -1 : ref_root); + } while (ret != 1); ++ btrfs_release_path(path); + } else { ++ btrfs_release_path(path); + swarn.path = path; + iterate_extent_inodes(fs_info, path, found_key.objectid, + extent_offset, diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 622f469..e8d2d55 100644 --- a/fs/cachefiles/bind.c @@ -52630,7 +52718,7 @@ index b78b5b6..c64d84f 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index fe5c5fb..638dac1 100644 +index fe5c5fb6..638dac1 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1037,7 +1037,7 @@ struct nfsd4_operation { @@ -54823,6 +54911,21 @@ index 7a99811..a7c96c4 100644 SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes), SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), +diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c +index 6bc346c..04eecc4 100644 +--- a/fs/reiserfs/xattr.c ++++ b/fs/reiserfs/xattr.c +@@ -187,8 +187,8 @@ fill_with_dentries(void *buf, const char *name, int namelen, loff_t offset, + if (dbuf->count == ARRAY_SIZE(dbuf->dentries)) + return -ENOSPC; + +- if (name[0] == '.' && (name[1] == '\0' || +- (name[1] == '.' && name[2] == '\0'))) ++ if (name[0] == '.' && (namelen < 2 || ++ (namelen == 2 && name[1] == '.'))) + return 0; + + dentry = lookup_one_len(name, dbuf->xadir, namelen); diff --git a/fs/select.c b/fs/select.c index d33418f..2a5345e 100644 --- a/fs/select.c @@ -66734,19 +66837,6 @@ index 4f7a632..b9e6f95 100644 int cpumask_any_but(const struct cpumask *mask, unsigned int cpu); /** -diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h -index b936763..48685ee 100644 ---- a/include/linux/crash_dump.h -+++ b/include/linux/crash_dump.h -@@ -14,7 +14,7 @@ extern unsigned long long elfcorehdr_addr; - extern unsigned long long elfcorehdr_size; - - extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, -- unsigned long, int); -+ unsigned long, int) __size_overflow(3); - - /* Architecture code defines this if there are other possible ELF - * machine types, e.g. on bi-arch capable hardware. */ diff --git a/include/linux/cred.h b/include/linux/cred.h index 4030896..8d6f342 100644 --- a/include/linux/cred.h @@ -68628,7 +68718,7 @@ index f66b065..c2c29b4 100644 int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); int kobj_ns_type_registered(enum kobj_ns_type type); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 6136821..b3ba6ba 100644 +index 6136821..da8ced0 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -308,7 +308,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); @@ -68640,33 +68730,6 @@ index 6136821..b3ba6ba 100644 struct module *module); void kvm_exit(void); -@@ -385,20 +385,20 @@ void kvm_get_pfn(pfn_t pfn); - int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, - int len); - int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data, -- unsigned long len); --int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len); -+ unsigned long len) __size_overflow(4); -+int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len) __size_overflow(2,4); - int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, -- void *data, unsigned long len); -+ void *data, unsigned long len) __size_overflow(4); - int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data, - int offset, int len); - int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data, -- unsigned long len); -+ unsigned long len) __size_overflow(2,4); - int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, -- void *data, unsigned long len); -+ void *data, unsigned long len) __size_overflow(4); - int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc, - gpa_t gpa); - int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len); --int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len); -+int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len) __size_overflow(2,3); - struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn); - int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn); - unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn); @@ -454,7 +454,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -68676,15 +68739,6 @@ index 6136821..b3ba6ba 100644 void kvm_arch_exit(void); int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); -@@ -696,7 +696,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm); - int kvm_set_irq_routing(struct kvm *kvm, - const struct kvm_irq_routing_entry *entries, - unsigned nr, -- unsigned flags); -+ unsigned flags) __size_overflow(3); - void kvm_free_irq_routing(struct kvm *kvm); - - #else diff --git a/include/linux/libata.h b/include/linux/libata.h index cafc09a..d7e7829 100644 --- a/include/linux/libata.h @@ -69229,22 +69283,19 @@ index 3cb7839..56d41ff 100644 /* Search for module by name: must hold module_mutex. */ diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index b2be02e..72d2f78 100644 +index b2be02e..6a9fdb1 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h -@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); - - /* Allocator used for allocating struct module, core sections and init +@@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); sections. Returns NULL on failure. */ --void *module_alloc(unsigned long size); -+void *module_alloc(unsigned long size) __size_overflow(1); -+ + void *module_alloc(unsigned long size); + +#ifdef CONFIG_PAX_KERNEXEC -+void *module_alloc_exec(unsigned long size) __size_overflow(1); ++void *module_alloc_exec(unsigned long size); +#else +#define module_alloc_exec(x) module_alloc(x) +#endif - ++ /* Free memory returned from module_alloc. */ void module_free(struct module *mod, void *module_region); @@ -69432,7 +69483,7 @@ index d65746e..62e72c2 100644 struct atomic_notifier_head { spinlock_t lock; diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h -index a4c5624..2dabfb7 100644 +index a4c5624..79d6d88 100644 --- a/include/linux/oprofile.h +++ b/include/linux/oprofile.h @@ -139,9 +139,9 @@ int oprofilefs_create_ulong(struct super_block * sb, struct dentry * root, @@ -69447,15 +69498,6 @@ index a4c5624..2dabfb7 100644 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, -@@ -163,7 +163,7 @@ ssize_t oprofilefs_ulong_to_user(unsigned long val, char __user * buf, size_t co - * Read an ASCII string for a number from a userspace buffer and fill *val on success. - * Returns 0 on success, < 0 on error. - */ --int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count); -+int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count) __size_overflow(3); - - /** lock for read/write safety */ - extern raw_spinlock_t oprofilefs_lock; diff --git a/include/linux/padata.h b/include/linux/padata.h index 4633b2f..988bc08 100644 --- a/include/linux/padata.h @@ -70246,7 +70288,7 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index da65890..108f60f 100644 +index da65890..987de29 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb); @@ -70303,8 +70345,18 @@ index da65890..108f60f 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, +@@ -2365,6 +2365,9 @@ static inline void nf_reset(struct sk_buff *skb) + nf_bridge_put(skb->nf_bridge); + skb->nf_bridge = NULL; + #endif ++#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) ++ skb->nf_trace = 0; ++#endif + } + + /* Note: This doesn't put any conntrack and bridge info in dst. */ diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..d11cea2 100644 +index 573c809..59fadfb 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -70345,14 +70397,7 @@ index 573c809..d11cea2 100644 /* * struct kmem_cache related prototypes -@@ -156,11 +167,13 @@ unsigned int kmem_cache_size(struct kmem_cache *); - /* - * Common kmalloc functions provided by all allocators - */ --void * __must_check __krealloc(const void *, size_t, gfp_t); --void * __must_check krealloc(const void *, size_t, gfp_t); -+void * __must_check __krealloc(const void *, size_t, gfp_t) __size_overflow(2); -+void * __must_check krealloc(const void *, size_t, gfp_t) __size_overflow(2); +@@ -161,6 +172,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); @@ -70388,7 +70433,7 @@ index 573c809..d11cea2 100644 __kmalloc_node_track_caller(size, flags, node, \ _RET_IP_) diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index d00e0ba..f75c968 100644 +index d00e0ba..ce1f90b 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h @@ -68,10 +68,10 @@ struct kmem_cache { @@ -70424,15 +70469,7 @@ index d00e0ba..f75c968 100644 #ifdef CONFIG_TRACING extern void *kmem_cache_alloc_trace(size_t size, -@@ -127,6 +132,7 @@ static inline size_t slab_buffer_size(struct kmem_cache *cachep) - } - #endif - -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - struct kmem_cache *cachep; -@@ -152,6 +158,13 @@ found: +@@ -152,6 +157,13 @@ found: cachep = malloc_sizes[i].cs_dmacachep; else #endif @@ -70446,7 +70483,7 @@ index d00e0ba..f75c968 100644 cachep = malloc_sizes[i].cs_cachep; ret = kmem_cache_alloc_trace(size, cachep, flags); -@@ -162,7 +175,7 @@ found: +@@ -162,7 +174,7 @@ found: } #ifdef CONFIG_NUMA @@ -70455,7 +70492,7 @@ index d00e0ba..f75c968 100644 extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); #ifdef CONFIG_TRACING -@@ -181,6 +194,7 @@ kmem_cache_alloc_node_trace(size_t size, +@@ -181,6 +193,7 @@ kmem_cache_alloc_node_trace(size_t size, } #endif @@ -70463,7 +70500,7 @@ index d00e0ba..f75c968 100644 static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) { struct kmem_cache *cachep; -@@ -205,6 +219,13 @@ found: +@@ -205,6 +218,13 @@ found: cachep = malloc_sizes[i].cs_dmacachep; else #endif @@ -70500,7 +70537,7 @@ index 0ec00b3..22b4715 100644 return kmalloc(size, flags); } diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index a32bcfd..c3991fb 100644 +index a32bcfd..4a77b17 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -89,7 +89,7 @@ struct kmem_cache { @@ -70533,7 +70570,7 @@ index a32bcfd..c3991fb 100644 kmalloc_order(size_t size, gfp_t flags, unsigned int order) { void *ret = (void *) __get_free_pages(flags | __GFP_COMP, order); -@@ -256,12 +256,13 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) +@@ -256,7 +256,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) } #endif @@ -70542,13 +70579,7 @@ index a32bcfd..c3991fb 100644 { unsigned int order = get_order(size); return kmalloc_order_trace(size, flags, order); - } - -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - if (__builtin_constant_p(size)) { -@@ -281,7 +282,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) +@@ -281,7 +281,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) } #ifdef CONFIG_NUMA @@ -70557,7 +70588,7 @@ index a32bcfd..c3991fb 100644 void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); #ifdef CONFIG_TRACING -@@ -298,6 +299,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s, +@@ -298,6 +298,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s, } #endif @@ -70847,20 +70878,18 @@ index dac0859..4ea79a9 100644 /** * sysfs_bin_attr_init - initialize a dynamically allocated bin_attribute diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h -index 7faf933..4657127 100644 +index 7faf933..9b85a0c 100644 --- a/include/linux/sysrq.h +++ b/include/linux/sysrq.h -@@ -15,7 +15,9 @@ - #define _LINUX_SYSRQ_H +@@ -16,6 +16,7 @@ #include <linux/errno.h> -+#include <linux/compiler.h> #include <linux/types.h> +#include <linux/compiler.h> /* Enable/disable SYSRQ support by default (0==no, 1==yes). */ #define SYSRQ_DEFAULT_ENABLE 1 -@@ -36,7 +38,7 @@ struct sysrq_key_op { +@@ -36,7 +37,7 @@ struct sysrq_key_op { char *help_msg; char *action_msg; int enable_mask; @@ -71159,7 +71188,7 @@ index 6f8fbcf..8259001 100644 + MODULE_GRSEC diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 4bde182..c42a656 100644 +index 4bde182..86b5ac7 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ @@ -71174,28 +71203,8 @@ index 4bde182..c42a656 100644 /* bits [20..32] reserved for arch specific ioremap internals */ /* -@@ -51,18 +56,18 @@ static inline void vmalloc_init(void) - } - #endif - --extern void *vmalloc(unsigned long size); --extern void *vzalloc(unsigned long size); --extern void *vmalloc_user(unsigned long size); --extern void *vmalloc_node(unsigned long size, int node); --extern void *vzalloc_node(unsigned long size, int node); --extern void *vmalloc_exec(unsigned long size); --extern void *vmalloc_32(unsigned long size); --extern void *vmalloc_32_user(unsigned long size); --extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); -+extern void *vmalloc(unsigned long size) __size_overflow(1); -+extern void *vzalloc(unsigned long size) __size_overflow(1); -+extern void *vmalloc_user(unsigned long size) __size_overflow(1); -+extern void *vmalloc_node(unsigned long size, int node) __size_overflow(1); -+extern void *vzalloc_node(unsigned long size, int node) __size_overflow(1); -+extern void *vmalloc_exec(unsigned long size) __size_overflow(1); -+extern void *vmalloc_32(unsigned long size) __size_overflow(1); -+extern void *vmalloc_32_user(unsigned long size) __size_overflow(1); -+extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __size_overflow(1); +@@ -62,7 +67,7 @@ extern void *vmalloc_32_user(unsigned long size); + extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); extern void *__vmalloc_node_range(unsigned long size, unsigned long align, unsigned long start, unsigned long end, gfp_t gfp_mask, - pgprot_t prot, int node, void *caller); @@ -71661,10 +71670,10 @@ index 2720884..3aa5c25 100644 struct pneigh_entry { struct pneigh_entry *next; diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h -index 3bb6fa0..41bbe86 100644 +index 3bb6fa0..3af7393 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h -@@ -240,10 +240,12 @@ static inline struct net *read_pnet(struct net * const *pnet) +@@ -240,10 +240,16 @@ static inline struct net *read_pnet(struct net * const *pnet) #define __net_init #define __net_exit #define __net_initdata @@ -71673,11 +71682,15 @@ index 3bb6fa0..41bbe86 100644 #define __net_init __init #define __net_exit __exit_refok #define __net_initdata __initdata ++#ifdef CONSTIFY_PLUGIN +#define __net_initconst __initconst ++#else ++#define __net_initconst __initdata ++#endif #endif struct pernet_operations { -@@ -253,7 +255,7 @@ struct pernet_operations { +@@ -253,7 +259,7 @@ struct pernet_operations { void (*exit_batch)(struct list_head *net_exit_list); int *id; size_t size; @@ -80410,7 +80423,7 @@ index 4f4f53b..de8e432 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index eae90af..b3c47a1 100644 +index eae90af..d2e3afd 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -30,6 +30,7 @@ @@ -81109,6 +81122,15 @@ index eae90af..b3c47a1 100644 } unsigned long +@@ -1573,7 +1837,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) + if (mm) { + /* Check the cache first. */ + /* (Cache hit rate is typically around 35%.) */ +- vma = mm->mmap_cache; ++ vma = ACCESS_ONCE(mm->mmap_cache); + if (!(vma && vma->vm_end > addr && vma->vm_start <= addr)) { + struct rb_node * rb_node; + @@ -1603,40 +1867,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); @@ -82233,7 +82255,7 @@ index 07c08c4..8d4ad26 100644 return count; } diff --git a/mm/nommu.c b/mm/nommu.c -index f59e170..34e2a2b 100644 +index f59e170..a9e7b15 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -82244,6 +82266,15 @@ index f59e170..34e2a2b 100644 atomic_long_t mmap_pages_allocated; +@@ -807,7 +806,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) + struct vm_area_struct *vma; + + /* check the cache first */ +- vma = mm->mmap_cache; ++ vma = ACCESS_ONCE(mm->mmap_cache); + if (vma && vma->vm_start <= addr && vma->vm_end > addr) + return vma; + @@ -827,15 +826,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); @@ -89676,10 +89707,40 @@ index 1983717..4d6102c 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 317bfe3..342dd43 100644 +index 317bfe3..911c6c1 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -371,7 +371,7 @@ static void unix_sock_destructor(struct sock *sk) + #endif + } + +-static int unix_release_sock(struct sock *sk, int embrion) ++static void unix_release_sock(struct sock *sk, int embrion) + { + struct unix_sock *u = unix_sk(sk); + struct dentry *dentry; +@@ -444,8 +444,6 @@ static int unix_release_sock(struct sock *sk, int embrion) + + if (unix_tot_inflight) + unix_gc(); /* Garbage collect fds */ +- +- return 0; + } + + static void init_peercred(struct sock *sk) +@@ -682,9 +680,10 @@ static int unix_release(struct socket *sock) + if (!sk) + return 0; + ++ unix_release_sock(sk, 0); + sock->sk = NULL; + +- return unix_release_sock(sk, 0); ++ return 0; + } + + static int unix_autobind(struct socket *sock) +@@ -767,6 +766,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -89692,7 +89753,7 @@ index 317bfe3..342dd43 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -787,6 +793,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -787,6 +792,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->dentry; @@ -89706,7 +89767,7 @@ index 317bfe3..342dd43 100644 if (dentry) touch_atime(unix_sk(u)->mnt, dentry); } else -@@ -869,11 +882,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) +@@ -869,11 +881,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) err = security_path_mknod(&path, dentry, mode, 0); if (err) goto out_mknod_drop_write; @@ -89725,7 +89786,16 @@ index 317bfe3..342dd43 100644 mutex_unlock(&path.dentry->d_inode->i_mutex); dput(path.dentry); path.dentry = dentry; -@@ -2261,9 +2281,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -1957,7 +1976,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + if ((UNIXCB(skb).pid != siocb->scm->pid) || + (UNIXCB(skb).cred != siocb->scm->cred)) + break; +- } else { ++ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { + /* Copy credentials */ + scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); + check_creds = 1; +@@ -2261,9 +2280,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -89740,7 +89810,7 @@ index 317bfe3..342dd43 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2290,8 +2314,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2290,8 +2313,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -94388,10 +94458,10 @@ index 0000000..b5395ba +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..1e116f6 +index 0000000..6fcc08d --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,4770 @@ +@@ -0,0 +1,4784 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -94639,9 +94709,9 @@ index 0000000..1e116f6 +cm_copy_private_data_3649 cm_copy_private_data 2 3649 NULL +i915_compat_ioctl_3656 i915_compat_ioctl 2 3656 NULL +kmem_cache_alloc_3690 kmem_cache_alloc 0 3690 NULL -+create_irq_3703 create_irq 0 3703 NULL nohasharray -+btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 &create_irq_3703 nohasharray -+snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 &btmrvl_psmode_write_3703 ++btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 NULL nohasharray ++snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 &btmrvl_psmode_write_3703 nohasharray ++create_irq_3703 create_irq 0 3703 &snd_m3_assp_read_3703 +videobuf_pages_to_sg_3708 videobuf_pages_to_sg 2 3708 NULL +ci_ll_write_3740 ci_ll_write 4 3740 NULL +sctp_setsockopt_auth_key_3793 sctp_setsockopt_auth_key 3 3793 NULL @@ -94883,8 +94953,8 @@ index 0000000..1e116f6 +beacon_interval_read_7091 beacon_interval_read 3 7091 NULL +lp_compat_ioctl_7098 lp_compat_ioctl 3 7098 NULL +check_header_7108 check_header 0 7108 NULL -+utf16_strsize_7203 utf16_strsize 0 7203 NULL nohasharray -+__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 &utf16_strsize_7203 ++__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL nohasharray ++utf16_strsize_7203 utf16_strsize 0 7203 &__alloc_objio_seg_7203 +sys32_ipc_7238 sys32_ipc 3-5-6 7238 NULL +dma_ops_alloc_addresses_7272 dma_ops_alloc_addresses 3-4-5 7272 NULL +mgmt_control_7349 mgmt_control 3 7349 NULL @@ -95013,8 +95083,8 @@ index 0000000..1e116f6 +usb_allocate_stream_buffers_8964 usb_allocate_stream_buffers 3 8964 NULL +qib_qsfp_dump_8966 qib_qsfp_dump 0-3 8966 NULL +venus_mkdir_8967 venus_mkdir 4 8967 NULL -+seq_open_net_8968 seq_open_net 4 8968 NULL nohasharray -+vol_cdev_read_8968 vol_cdev_read 3 8968 &seq_open_net_8968 ++vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray ++seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968 +bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL nohasharray +selinux_proc_get_sid_8974 selinux_proc_get_sid 2 8974 &bio_integrity_get_tag_8974 +snd_emu10k1_ptr_read_9026 snd_emu10k1_ptr_read 0-2 9026 NULL @@ -95077,8 +95147,8 @@ index 0000000..1e116f6 +dns_query_9676 dns_query 3 9676 &ks8842_read16_9676 +qib_7322_handle_hwerrors_9678 qib_7322_handle_hwerrors 3 9678 NULL +__erst_read_from_storage_9690 __erst_read_from_storage 0 9690 NULL -+x25_asy_compat_ioctl_9694 x25_asy_compat_ioctl 4 9694 NULL nohasharray -+is_hole_9694 is_hole 2 9694 &x25_asy_compat_ioctl_9694 ++is_hole_9694 is_hole 2 9694 NULL nohasharray ++x25_asy_compat_ioctl_9694 x25_asy_compat_ioctl 4 9694 &is_hole_9694 +fnb_9703 fnb 2-3 9703 NULL +ieee80211_if_read_aid_9705 ieee80211_if_read_aid 3 9705 NULL +ddb_input_read_9743 ddb_input_read 3 9743 NULL @@ -95136,8 +95206,8 @@ index 0000000..1e116f6 +event_phy_transmit_error_read_10471 event_phy_transmit_error_read 3 10471 NULL +ca91cx42_alloc_resource_10502 ca91cx42_alloc_resource 2 10502 NULL +qib_alloc_fast_reg_page_list_10507 qib_alloc_fast_reg_page_list 2 10507 NULL -+sel_write_disable_10511 sel_write_disable 3 10511 NULL nohasharray -+rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 &sel_write_disable_10511 ++rbd_get_segment_10511 rbd_get_segment 0-3-4 10511 NULL nohasharray ++sel_write_disable_10511 sel_write_disable 3 10511 &rbd_get_segment_10511 +osd_req_write_sg_kern_10514 osd_req_write_sg_kern 5 10514 NULL +rds_message_alloc_10517 rds_message_alloc 1 10517 NULL +ocfs2_add_refcounted_extent_10526 ocfs2_add_refcounted_extent 6 10526 NULL @@ -95450,8 +95520,8 @@ index 0000000..1e116f6 +udplite_getfrag_14479 udplite_getfrag 3-4 14479 NULL +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL -+dataflash_read_user_otp_14536 dataflash_read_user_otp 2-3 14536 NULL nohasharray -+ep0_write_14536 ep0_write 3 14536 &dataflash_read_user_otp_14536 ++ep0_write_14536 ep0_write 3 14536 NULL nohasharray ++dataflash_read_user_otp_14536 dataflash_read_user_otp 2-3 14536 &ep0_write_14536 +picolcd_debug_eeprom_read_14549 picolcd_debug_eeprom_read 3 14549 NULL +drm_vmalloc_dma_14550 drm_vmalloc_dma 1 14550 NULL +usb_dump_desc_14553 usb_dump_desc 0 14553 NULL @@ -95472,8 +95542,8 @@ index 0000000..1e116f6 +cp_tm1217_read_14792 cp_tm1217_read 3 14792 NULL +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL +nfs_parse_server_name_14800 nfs_parse_server_name 2 14800 NULL -+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 NULL nohasharray -+hpet_readl_14801 hpet_readl 0 14801 &snd_als300_gcr_read_14801 ++hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray ++snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 +bcma_scan_read32_14802 bcma_scan_read32 0 14802 NULL +do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL +__mutex_fastpath_lock_retval_14844 __mutex_fastpath_lock_retval 0 14844 NULL @@ -95862,6 +95932,7 @@ index 0000000..1e116f6 +usbvision_rvmalloc_19655 usbvision_rvmalloc 1 19655 NULL +LoadBitmap_19658 LoadBitmap 2 19658 NULL +rbd_snap_add_19678 rbd_snap_add 4 19678 NULL ++delay_status_19685 delay_status 4 19685 NULL +au_ibusy_compat_ioctl_19723 au_ibusy_compat_ioctl 2 19723 NULL nohasharray +read_reg_19723 read_reg 0 19723 &au_ibusy_compat_ioctl_19723 +memcpy_toiovecend_19736 memcpy_toiovecend 4-3 19736 NULL @@ -96285,6 +96356,7 @@ index 0000000..1e116f6 +l2tp_session_create_25286 l2tp_session_create 1 25286 NULL +snd_seq_ioctl_compat_25307 snd_seq_ioctl_compat 3 25307 NULL +ath9k_debugfs_read_buf_25316 ath9k_debugfs_read_buf 3 25316 NULL ++rng_buffer_size_25348 rng_buffer_size 0 25348 NULL +i915_gem_execbuffer_relocate_slow_25355 i915_gem_execbuffer_relocate_slow 7 25355 NULL +unix_mkname_25368 unix_mkname 0-2 25368 NULL +sel_read_mls_25369 sel_read_mls 3 25369 NULL @@ -96338,6 +96410,7 @@ index 0000000..1e116f6 +udp_setsockopt_25985 udp_setsockopt 5 25985 NULL +ebt_compat_entry_padsize_26001 ebt_compat_entry_padsize 0 26001 NULL +lpfc_sli_probe_sriov_nr_virtfn_26004 lpfc_sli_probe_sriov_nr_virtfn 2 26004 NULL ++cap_file_mmap_26018 cap_file_mmap 0 26018 NULL +xfs_xattr_acl_set_26028 xfs_xattr_acl_set 4 26028 NULL +skb_mac_header_26034 skb_mac_header 0 26034 NULL +mptscsih_change_queue_depth_26036 mptscsih_change_queue_depth 2 26036 NULL @@ -96480,6 +96553,7 @@ index 0000000..1e116f6 +mic_rx_pkts_read_27972 mic_rx_pkts_read 3 27972 NULL +snd_rawmidi_write_28008 snd_rawmidi_write 3 28008 NULL +serial8250_port_size_28019 serial8250_port_size 0 28019 NULL ++raid_status_28025 raid_status 4 28025 NULL +sctp_setsockopt_maxburst_28041 sctp_setsockopt_maxburst 3 28041 NULL +cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 3-2 28053 NULL +lpfc_idiag_mbxacc_read_28061 lpfc_idiag_mbxacc_read 3 28061 NULL @@ -97212,8 +97286,8 @@ index 0000000..1e116f6 +_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL +ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268 -+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray -+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275 ++xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 NULL nohasharray ++xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 &xfs_bmdr_to_bmbt_38275 +isr_rx_headers_read_38325 isr_rx_headers_read 3 38325 NULL +ida_simple_get_38326 ida_simple_get 2 38326 NULL +__snd_gf1_look8_38333 __snd_gf1_look8 0 38333 NULL @@ -97480,6 +97554,7 @@ index 0000000..1e116f6 +dst_mtu_41969 dst_mtu 0 41969 NULL +cx24116_writeregN_41975 cx24116_writeregN 4 41975 NULL +ubi_io_is_bad_41983 ubi_io_is_bad 0 41983 NULL ++flakey_status_42000 flakey_status 4 42000 NULL +lguest_map_42008 lguest_map 1-2 42008 NULL +pool_allocate_42012 pool_allocate 3 42012 NULL +spidev_sync_read_42014 spidev_sync_read 0 42014 NULL @@ -97504,7 +97579,8 @@ index 0000000..1e116f6 +btmrvl_hsmode_write_42252 btmrvl_hsmode_write 3 42252 NULL +netxen_nic_map_indirect_address_128M_42257 netxen_nic_map_indirect_address_128M 2 42257 NULL +snd_pcm_hw_param_value_max_42280 snd_pcm_hw_param_value_max 0 42280 NULL -+sel_read_perm_42302 sel_read_perm 3 42302 NULL ++sel_read_perm_42302 sel_read_perm 3 42302 NULL nohasharray ++crypt_status_42302 crypt_status 4 42302 &sel_read_perm_42302 +sctp_setsockopt_del_key_42304 sctp_setsockopt_del_key 3 42304 NULL nohasharray +ulong_read_file_42304 ulong_read_file 3 42304 &sctp_setsockopt_del_key_42304 +hysdn_conf_read_42324 hysdn_conf_read 3 42324 NULL @@ -97591,8 +97667,8 @@ index 0000000..1e116f6 +xenfb_write_43412 xenfb_write 3 43412 NULL +__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL -+usemap_size_43443 usemap_size 0-2-1 43443 NULL nohasharray -+usb_string_43443 usb_string 0 43443 &usemap_size_43443 ++usb_string_43443 usb_string 0 43443 NULL nohasharray ++usemap_size_43443 usemap_size 0-2-1 43443 &usb_string_43443 +alloc_new_reservation_43480 alloc_new_reservation 4 43480 NULL +nf_nat_ftp_fmt_cmd_43495 nf_nat_ftp_fmt_cmd 0 43495 NULL +ieee80211_if_fmt_dot11MeshHWMPnetDiameterTraversalTime_43505 ieee80211_if_fmt_dot11MeshHWMPnetDiameterTraversalTime 3 43505 NULL @@ -97697,8 +97773,8 @@ index 0000000..1e116f6 +ptrace_writedata_45021 ptrace_writedata 4-3 45021 &read_block_bitmap_45021 +vhci_get_user_45039 vhci_get_user 3 45039 NULL +sel_write_user_45060 sel_write_user 3 45060 NULL -+do_video_ioctl_45069 do_video_ioctl 3 45069 NULL nohasharray -+snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 &do_video_ioctl_45069 ++snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 NULL nohasharray ++do_video_ioctl_45069 do_video_ioctl 3 45069 &snd_mixart_BA0_read_45069 +orig_hash_del_if_45080 orig_hash_del_if 2 45080 NULL +au_sbend_45097 au_sbend 0 45097 NULL +alternate_node_alloc_45100 alternate_node_alloc 0 45100 NULL @@ -97919,8 +97995,8 @@ index 0000000..1e116f6 +iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray +mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983 +pnpacpi_parse_allocated_irqresource_47986 pnpacpi_parse_allocated_irqresource 2 47986 NULL -+mgmt_pending_add_47990 mgmt_pending_add 5 47990 NULL nohasharray -+dbg_port_buf_47990 dbg_port_buf 2 47990 &mgmt_pending_add_47990 ++dbg_port_buf_47990 dbg_port_buf 2 47990 NULL nohasharray ++mgmt_pending_add_47990 mgmt_pending_add 5 47990 &dbg_port_buf_47990 +ib_umad_write_47993 ib_umad_write 3 47993 NULL +ffs_epfile_write_48014 ffs_epfile_write 3 48014 NULL +bio_integrity_set_tag_48035 bio_integrity_set_tag 3 48035 NULL @@ -97958,8 +98034,8 @@ index 0000000..1e116f6 +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL +send_control_msg_48498 send_control_msg 6 48498 NULL +mlx4_en_create_tx_ring_48501 mlx4_en_create_tx_ring 4 48501 NULL -+diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL nohasharray -+iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 &diva_os_copy_to_user_48508 ++iwl_legacy_dbgfs_status_read_48508 iwl_legacy_dbgfs_status_read 3 48508 NULL nohasharray ++diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 &iwl_legacy_dbgfs_status_read_48508 +phantom_get_free_48514 phantom_get_free 0 48514 NULL +ubi_dbg_check_write_48525 ubi_dbg_check_write 5 48525 NULL +wiimote_hid_send_48528 wiimote_hid_send 3 48528 NULL @@ -97998,6 +98074,7 @@ index 0000000..1e116f6 +xd_rw_49020 xd_rw 3-4 49020 NULL +transient_status_49027 transient_status 4 49027 NULL +ubi_read_49061 ubi_read 0 49061 NULL ++mirror_status_49073 mirror_status 4 49073 NULL +vmx_set_msr_49090 vmx_set_msr 3 49090 NULL +scsi_register_49094 scsi_register 2 49094 NULL +compat_do_readv_writev_49102 compat_do_readv_writev 4 49102 NULL @@ -98095,8 +98172,8 @@ index 0000000..1e116f6 +do_launder_page_50329 do_launder_page 0 50329 NULL +lpfc_idiag_pcicfg_read_50334 lpfc_idiag_pcicfg_read 3 50334 NULL +ocfs2_block_to_cluster_group_50337 ocfs2_block_to_cluster_group 2 50337 NULL nohasharray -+au_br_alloc_50337 au_br_alloc 2 50337 &ocfs2_block_to_cluster_group_50337 nohasharray -+snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 &au_br_alloc_50337 ++snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 &ocfs2_block_to_cluster_group_50337 nohasharray ++au_br_alloc_50337 au_br_alloc 2 50337 &snd_pcm_lib_writev_50337 +tpm_read_50344 tpm_read 3 50344 NULL +isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL +unpack_u16_chunk_50357 unpack_u16_chunk 0 50357 NULL @@ -98265,6 +98342,7 @@ index 0000000..1e116f6 +skb_cow_head_52495 skb_cow_head 2 52495 NULL +int_tasklet_entry_52500 int_tasklet_entry 3 52500 NULL +pm_qos_power_write_52513 pm_qos_power_write 3 52513 NULL ++dup_variable_bug_52525 dup_variable_bug 3 52525 NULL +dccpprobe_read_52549 dccpprobe_read 3 52549 NULL +ocfs2_make_right_split_rec_52562 ocfs2_make_right_split_rec 3 52562 NULL +emit_code_52583 emit_code 0-3 52583 NULL @@ -98339,6 +98417,7 @@ index 0000000..1e116f6 +regmap_raw_write_53803 regmap_raw_write 4 53803 NULL +lpfc_idiag_ctlacc_read_reg_53809 lpfc_idiag_ctlacc_read_reg 0-3 53809 NULL +nls_nullsize_53815 nls_nullsize 0 53815 NULL ++multipath_status_53836 multipath_status 4 53836 NULL +ieee80211_if_fmt_dropped_frames_congestion_53883 ieee80211_if_fmt_dropped_frames_congestion 3 53883 NULL +ocfs2_rm_xattr_cluster_53900 ocfs2_rm_xattr_cluster 5-4-3 53900 NULL +proc_file_read_53905 proc_file_read 3 53905 NULL @@ -98375,8 +98454,8 @@ index 0000000..1e116f6 +sprintf_54306 sprintf 0 54306 NULL +br_fdb_fillbuf_54339 br_fdb_fillbuf 0 54339 NULL +__alloc_dev_table_54343 __alloc_dev_table 2 54343 NULL -+_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 NULL nohasharray -+__get_free_pages_54352 __get_free_pages 0 54352 &_osd_realloc_seg_54352 ++__get_free_pages_54352 __get_free_pages 0 54352 NULL nohasharray ++_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 &__get_free_pages_54352 +tcf_hash_create_54360 tcf_hash_create 4 54360 NULL +read_file_credit_dist_stats_54367 read_file_credit_dist_stats 3 54367 NULL +vfs_readlink_54368 vfs_readlink 3 54368 NULL @@ -98573,6 +98652,7 @@ index 0000000..1e116f6 +sca3000_read_data_57064 sca3000_read_data 4 57064 NULL +pcmcia_replace_cis_57066 pcmcia_replace_cis 3 57066 NULL +sis190_try_rx_copy_57069 sis190_try_rx_copy 3 57069 NULL ++thin_status_57084 thin_status 4 57084 NULL +tracing_set_trace_write_57096 tracing_set_trace_write 3 57096 NULL +crypto_compress_ctxsize_57109 crypto_compress_ctxsize 0 57109 NULL +sysfs_write_file_57116 sysfs_write_file 3 57116 NULL @@ -98643,6 +98723,7 @@ index 0000000..1e116f6 +ip_set_alloc_57953 ip_set_alloc 1 57953 NULL nohasharray +ioat3_dca_count_dca_slots_57953 ioat3_dca_count_dca_slots 0 57953 &ip_set_alloc_57953 +i915_cache_sharing_write_57961 i915_cache_sharing_write 3 57961 NULL ++stripe_status_57985 stripe_status 4 57985 NULL +rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL +regcache_rbtree_insert_to_block_58009 regcache_rbtree_insert_to_block 5 58009 NULL +iwl_dbgfs_ucode_rx_stats_read_58023 iwl_dbgfs_ucode_rx_stats_read 3 58023 NULL @@ -98785,8 +98866,8 @@ index 0000000..1e116f6 +sys_sched_getaffinity_60033 sys_sched_getaffinity 2 60033 NULL +bio_integrity_hw_sectors_60039 bio_integrity_hw_sectors 0-2 60039 NULL +do_ip6t_set_ctl_60040 do_ip6t_set_ctl 4 60040 NULL -+pin_2_irq_60050 pin_2_irq 0-3 60050 NULL nohasharray -+vcs_size_60050 vcs_size 0 60050 &pin_2_irq_60050 ++vcs_size_60050 vcs_size 0 60050 NULL nohasharray ++pin_2_irq_60050 pin_2_irq 0-3 60050 &vcs_size_60050 +load_module_60056 load_module 2 60056 NULL nohasharray +gru_alloc_gts_60056 gru_alloc_gts 3-2 60056 &load_module_60056 +compat_writev_60063 compat_writev 3 60063 NULL @@ -98841,6 +98922,7 @@ index 0000000..1e116f6 +snd_pcm_oss_readv3_60792 snd_pcm_oss_readv3 3 60792 NULL +mtd_compat_ioctl_60850 mtd_compat_ioctl 3 60850 NULL +pwr_tx_with_ps_read_60851 pwr_tx_with_ps_read 3 60851 NULL ++pool_status_60861 pool_status 4 60861 NULL +alloc_irq_from_60868 alloc_irq_from 1 60868 NULL +generic_writepages_60871 generic_writepages 0 60871 NULL +mgt_set_varlen_60916 mgt_set_varlen 4 60916 NULL @@ -99013,6 +99095,7 @@ index 0000000..1e116f6 +read_kcore_63488 read_kcore 3 63488 NULL +snd_pcm_plug_write_transfer_63503 snd_pcm_plug_write_transfer 0-3 63503 NULL +ubi_more_leb_change_data_63534 ubi_more_leb_change_data 4 63534 NULL ++snapshot_status_63538 snapshot_status 4 63538 NULL +if_sdio_read_scratch_63540 if_sdio_read_scratch 0 63540 NULL +append_to_buffer_63550 append_to_buffer 3 63550 NULL +kvm_write_guest_page_63555 kvm_write_guest_page 5 63555 NULL @@ -99158,6 +99241,7 @@ index 0000000..1e116f6 +iio_device_add_channel_sysfs_65406 iio_device_add_channel_sysfs 0 65406 NULL +ocfs2_write_begin_nolock_65410 ocfs2_write_begin_nolock 3-4 65410 NULL +drm_calloc_large_65421 drm_calloc_large 1-2 65421 NULL ++cap_capable_65430 cap_capable 0 65430 NULL +xpc_kzalloc_cacheline_aligned_65433 xpc_kzalloc_cacheline_aligned 1 65433 NULL +usb_alloc_coherent_65444 usb_alloc_coherent 2 65444 NULL +ath_rx_edma_init_65483 ath_rx_edma_init 2 65483 NULL diff --git a/3.8.5/0000_README b/3.8.6/0000_README index 0016017..8e2631e 100644 --- a/3.8.5/0000_README +++ b/3.8.6/0000_README @@ -6,7 +6,11 @@ Patch: 1004_linux-3.8.5.patch From: http://www.kernel.org Desc: Linux 3.8.5 -Patch: 4420_grsecurity-2.9.1-3.8.5-201303292018.patch +Patch: 1005_linux-3.8.6.patch +From: http://www.kernel.org +Desc: Linux 3.8.6 + +Patch: 4420_grsecurity-2.9.1-3.8.6-201304052305.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.8.5/1004_linux-3.8.5.patch b/3.8.6/1004_linux-3.8.5.patch index 27b152f..27b152f 100644 --- a/3.8.5/1004_linux-3.8.5.patch +++ b/3.8.6/1004_linux-3.8.5.patch diff --git a/3.8.6/1005_linux-3.8.6.patch b/3.8.6/1005_linux-3.8.6.patch new file mode 100644 index 0000000..94a07ae --- /dev/null +++ b/3.8.6/1005_linux-3.8.6.patch @@ -0,0 +1,5592 @@ +diff --git a/Makefile b/Makefile +index 14b38cf..10075d6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 8 +-SUBLEVEL = 5 ++SUBLEVEL = 6 + EXTRAVERSION = + NAME = Displaced Humerus Anterior + +diff --git a/arch/arm/boot/dts/kirkwood-goflexnet.dts b/arch/arm/boot/dts/kirkwood-goflexnet.dts +index bd83b8f..c3573be 100644 +--- a/arch/arm/boot/dts/kirkwood-goflexnet.dts ++++ b/arch/arm/boot/dts/kirkwood-goflexnet.dts +@@ -77,6 +77,7 @@ + }; + + nand@3000000 { ++ chip-delay = <40>; + status = "okay"; + + partition@0 { +diff --git a/arch/arm/include/asm/signal.h b/arch/arm/include/asm/signal.h +index 9a0ea6a..7f79136 100644 +--- a/arch/arm/include/asm/signal.h ++++ b/arch/arm/include/asm/signal.h +@@ -29,6 +29,7 @@ struct sigaction { + __sigrestore_t sa_restorer; + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/arm/mach-cns3xxx/core.c b/arch/arm/mach-cns3xxx/core.c +index 031805b..7f26faf 100644 +--- a/arch/arm/mach-cns3xxx/core.c ++++ b/arch/arm/mach-cns3xxx/core.c +@@ -22,19 +22,9 @@ + + static struct map_desc cns3xxx_io_desc[] __initdata = { + { +- .virtual = CNS3XXX_TC11MP_TWD_BASE_VIRT, +- .pfn = __phys_to_pfn(CNS3XXX_TC11MP_TWD_BASE), +- .length = SZ_4K, +- .type = MT_DEVICE, +- }, { +- .virtual = CNS3XXX_TC11MP_GIC_CPU_BASE_VIRT, +- .pfn = __phys_to_pfn(CNS3XXX_TC11MP_GIC_CPU_BASE), +- .length = SZ_4K, +- .type = MT_DEVICE, +- }, { +- .virtual = CNS3XXX_TC11MP_GIC_DIST_BASE_VIRT, +- .pfn = __phys_to_pfn(CNS3XXX_TC11MP_GIC_DIST_BASE), +- .length = SZ_4K, ++ .virtual = CNS3XXX_TC11MP_SCU_BASE_VIRT, ++ .pfn = __phys_to_pfn(CNS3XXX_TC11MP_SCU_BASE), ++ .length = SZ_8K, + .type = MT_DEVICE, + }, { + .virtual = CNS3XXX_TIMER1_2_3_BASE_VIRT, +diff --git a/arch/arm/mach-cns3xxx/include/mach/cns3xxx.h b/arch/arm/mach-cns3xxx/include/mach/cns3xxx.h +index 191c8e5..b1021aa 100644 +--- a/arch/arm/mach-cns3xxx/include/mach/cns3xxx.h ++++ b/arch/arm/mach-cns3xxx/include/mach/cns3xxx.h +@@ -94,10 +94,10 @@ + #define RTC_INTR_STS_OFFSET 0x34 + + #define CNS3XXX_MISC_BASE 0x76000000 /* Misc Control */ +-#define CNS3XXX_MISC_BASE_VIRT 0xFFF07000 /* Misc Control */ ++#define CNS3XXX_MISC_BASE_VIRT 0xFB000000 /* Misc Control */ + + #define CNS3XXX_PM_BASE 0x77000000 /* Power Management Control */ +-#define CNS3XXX_PM_BASE_VIRT 0xFFF08000 ++#define CNS3XXX_PM_BASE_VIRT 0xFB001000 + + #define PM_CLK_GATE_OFFSET 0x00 + #define PM_SOFT_RST_OFFSET 0x04 +@@ -109,7 +109,7 @@ + #define PM_PLL_HM_PD_OFFSET 0x1C + + #define CNS3XXX_UART0_BASE 0x78000000 /* UART 0 */ +-#define CNS3XXX_UART0_BASE_VIRT 0xFFF09000 ++#define CNS3XXX_UART0_BASE_VIRT 0xFB002000 + + #define CNS3XXX_UART1_BASE 0x78400000 /* UART 1 */ + #define CNS3XXX_UART1_BASE_VIRT 0xFFF0A000 +@@ -130,7 +130,7 @@ + #define CNS3XXX_I2S_BASE_VIRT 0xFFF10000 + + #define CNS3XXX_TIMER1_2_3_BASE 0x7C800000 /* Timer */ +-#define CNS3XXX_TIMER1_2_3_BASE_VIRT 0xFFF10800 ++#define CNS3XXX_TIMER1_2_3_BASE_VIRT 0xFB003000 + + #define TIMER1_COUNTER_OFFSET 0x00 + #define TIMER1_AUTO_RELOAD_OFFSET 0x04 +@@ -227,16 +227,16 @@ + * Testchip peripheral and fpga gic regions + */ + #define CNS3XXX_TC11MP_SCU_BASE 0x90000000 /* IRQ, Test chip */ +-#define CNS3XXX_TC11MP_SCU_BASE_VIRT 0xFF000000 ++#define CNS3XXX_TC11MP_SCU_BASE_VIRT 0xFB004000 + + #define CNS3XXX_TC11MP_GIC_CPU_BASE 0x90000100 /* Test chip interrupt controller CPU interface */ +-#define CNS3XXX_TC11MP_GIC_CPU_BASE_VIRT 0xFF000100 ++#define CNS3XXX_TC11MP_GIC_CPU_BASE_VIRT (CNS3XXX_TC11MP_SCU_BASE_VIRT + 0x100) + + #define CNS3XXX_TC11MP_TWD_BASE 0x90000600 +-#define CNS3XXX_TC11MP_TWD_BASE_VIRT 0xFF000600 ++#define CNS3XXX_TC11MP_TWD_BASE_VIRT (CNS3XXX_TC11MP_SCU_BASE_VIRT + 0x600) + + #define CNS3XXX_TC11MP_GIC_DIST_BASE 0x90001000 /* Test chip interrupt controller distributor */ +-#define CNS3XXX_TC11MP_GIC_DIST_BASE_VIRT 0xFF001000 ++#define CNS3XXX_TC11MP_GIC_DIST_BASE_VIRT (CNS3XXX_TC11MP_SCU_BASE_VIRT + 0x1000) + + #define CNS3XXX_TC11MP_L220_BASE 0x92002000 /* L220 registers */ + #define CNS3XXX_TC11MP_L220_BASE_VIRT 0xFF002000 +diff --git a/arch/arm/mach-imx/common.h b/arch/arm/mach-imx/common.h +index fa36fb8..122da24 100644 +--- a/arch/arm/mach-imx/common.h ++++ b/arch/arm/mach-imx/common.h +@@ -116,6 +116,8 @@ void tzic_handle_irq(struct pt_regs *); + + extern void imx_enable_cpu(int cpu, bool enable); + extern void imx_set_cpu_jump(int cpu, void *jump_addr); ++extern u32 imx_get_cpu_arg(int cpu); ++extern void imx_set_cpu_arg(int cpu, u32 arg); + #ifdef CONFIG_DEBUG_LL + extern void imx_lluart_map_io(void); + #else +diff --git a/arch/arm/mach-imx/hotplug.c b/arch/arm/mach-imx/hotplug.c +index 7bc5fe1..361a253 100644 +--- a/arch/arm/mach-imx/hotplug.c ++++ b/arch/arm/mach-imx/hotplug.c +@@ -46,11 +46,23 @@ static inline void cpu_enter_lowpower(void) + void imx_cpu_die(unsigned int cpu) + { + cpu_enter_lowpower(); ++ /* ++ * We use the cpu jumping argument register to sync with ++ * imx_cpu_kill() which is running on cpu0 and waiting for ++ * the register being cleared to kill the cpu. ++ */ ++ imx_set_cpu_arg(cpu, ~0); + cpu_do_idle(); + } + + int imx_cpu_kill(unsigned int cpu) + { ++ unsigned long timeout = jiffies + msecs_to_jiffies(50); ++ ++ while (imx_get_cpu_arg(cpu) == 0) ++ if (time_after(jiffies, timeout)) ++ return 0; + imx_enable_cpu(cpu, false); ++ imx_set_cpu_arg(cpu, 0); + return 1; + } +diff --git a/arch/arm/mach-imx/src.c b/arch/arm/mach-imx/src.c +index e15f155..09a742f 100644 +--- a/arch/arm/mach-imx/src.c ++++ b/arch/arm/mach-imx/src.c +@@ -43,6 +43,18 @@ void imx_set_cpu_jump(int cpu, void *jump_addr) + src_base + SRC_GPR1 + cpu * 8); + } + ++u32 imx_get_cpu_arg(int cpu) ++{ ++ cpu = cpu_logical_map(cpu); ++ return readl_relaxed(src_base + SRC_GPR1 + cpu * 8 + 4); ++} ++ ++void imx_set_cpu_arg(int cpu, u32 arg) ++{ ++ cpu = cpu_logical_map(cpu); ++ writel_relaxed(arg, src_base + SRC_GPR1 + cpu * 8 + 4); ++} ++ + void imx_src_prepare_restart(void) + { + u32 val; +diff --git a/arch/arm/mach-omap2/common.h b/arch/arm/mach-omap2/common.h +index 948bcaa..b9adf69 100644 +--- a/arch/arm/mach-omap2/common.h ++++ b/arch/arm/mach-omap2/common.h +@@ -286,5 +286,8 @@ extern void omap_reserve(void); + struct omap_hwmod; + extern int omap_dss_reset(struct omap_hwmod *); + ++/* SoC specific clock initializer */ ++extern int (*omap_clk_init)(void); ++ + #endif /* __ASSEMBLER__ */ + #endif /* __ARCH_ARM_MACH_OMAP2PLUS_COMMON_H */ +diff --git a/arch/arm/mach-omap2/io.c b/arch/arm/mach-omap2/io.c +index 2c3fdd6..5c445ca 100644 +--- a/arch/arm/mach-omap2/io.c ++++ b/arch/arm/mach-omap2/io.c +@@ -55,6 +55,12 @@ + #include "prm44xx.h" + + /* ++ * omap_clk_init: points to a function that does the SoC-specific ++ * clock initializations ++ */ ++int (*omap_clk_init)(void); ++ ++/* + * The machine specific code may provide the extra mapping besides the + * default mapping provided here. + */ +@@ -397,7 +403,7 @@ void __init omap2420_init_early(void) + omap242x_clockdomains_init(); + omap2420_hwmod_init(); + omap_hwmod_init_postsetup(); +- omap2420_clk_init(); ++ omap_clk_init = omap2420_clk_init; + } + + void __init omap2420_init_late(void) +@@ -427,7 +433,7 @@ void __init omap2430_init_early(void) + omap243x_clockdomains_init(); + omap2430_hwmod_init(); + omap_hwmod_init_postsetup(); +- omap2430_clk_init(); ++ omap_clk_init = omap2430_clk_init; + } + + void __init omap2430_init_late(void) +@@ -462,7 +468,7 @@ void __init omap3_init_early(void) + omap3xxx_clockdomains_init(); + omap3xxx_hwmod_init(); + omap_hwmod_init_postsetup(); +- omap3xxx_clk_init(); ++ omap_clk_init = omap3xxx_clk_init; + } + + void __init omap3430_init_early(void) +@@ -500,7 +506,7 @@ void __init ti81xx_init_early(void) + omap3xxx_clockdomains_init(); + omap3xxx_hwmod_init(); + omap_hwmod_init_postsetup(); +- omap3xxx_clk_init(); ++ omap_clk_init = omap3xxx_clk_init; + } + + void __init omap3_init_late(void) +@@ -568,7 +574,7 @@ void __init am33xx_init_early(void) + am33xx_clockdomains_init(); + am33xx_hwmod_init(); + omap_hwmod_init_postsetup(); +- am33xx_clk_init(); ++ omap_clk_init = am33xx_clk_init; + } + #endif + +@@ -593,7 +599,7 @@ void __init omap4430_init_early(void) + omap44xx_clockdomains_init(); + omap44xx_hwmod_init(); + omap_hwmod_init_postsetup(); +- omap4xxx_clk_init(); ++ omap_clk_init = omap4xxx_clk_init; + } + + void __init omap4430_init_late(void) +diff --git a/arch/arm/mach-omap2/timer.c b/arch/arm/mach-omap2/timer.c +index b8ad6e6..559c87b 100644 +--- a/arch/arm/mach-omap2/timer.c ++++ b/arch/arm/mach-omap2/timer.c +@@ -554,6 +554,8 @@ static inline void __init realtime_counter_init(void) + clksrc_nr, clksrc_src) \ + static void __init omap##name##_gptimer_timer_init(void) \ + { \ ++ if (omap_clk_init) \ ++ omap_clk_init(); \ + omap_dmtimer_init(); \ + omap2_gp_clockevent_init((clkev_nr), clkev_src, clkev_prop); \ + omap2_gptimer_clocksource_init((clksrc_nr), clksrc_src); \ +@@ -563,6 +565,8 @@ static void __init omap##name##_gptimer_timer_init(void) \ + clksrc_nr, clksrc_src) \ + static void __init omap##name##_sync32k_timer_init(void) \ + { \ ++ if (omap_clk_init) \ ++ omap_clk_init(); \ + omap_dmtimer_init(); \ + omap2_gp_clockevent_init((clkev_nr), clkev_src, clkev_prop); \ + /* Enable the use of clocksource="gp_timer" kernel parameter */ \ +diff --git a/arch/avr32/include/asm/signal.h b/arch/avr32/include/asm/signal.h +index 9326d18..b65e61a 100644 +--- a/arch/avr32/include/asm/signal.h ++++ b/arch/avr32/include/asm/signal.h +@@ -29,6 +29,7 @@ struct sigaction { + __sigrestore_t sa_restorer; + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/cris/include/asm/signal.h b/arch/cris/include/asm/signal.h +index c0cb1fd..a7e267c 100644 +--- a/arch/cris/include/asm/signal.h ++++ b/arch/cris/include/asm/signal.h +@@ -29,6 +29,7 @@ struct sigaction { + void (*sa_restorer)(void); + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/h8300/include/asm/signal.h b/arch/h8300/include/asm/signal.h +index 66c81c6..4bf76ac 100644 +--- a/arch/h8300/include/asm/signal.h ++++ b/arch/h8300/include/asm/signal.h +@@ -29,6 +29,7 @@ struct sigaction { + void (*sa_restorer)(void); + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/m32r/include/asm/signal.h b/arch/m32r/include/asm/signal.h +index a5ba4a2..04ccbcd 100644 +--- a/arch/m32r/include/asm/signal.h ++++ b/arch/m32r/include/asm/signal.h +@@ -22,6 +22,7 @@ struct sigaction { + __sigrestore_t sa_restorer; + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/m68k/include/asm/signal.h b/arch/m68k/include/asm/signal.h +index 9c8c46b..60370da 100644 +--- a/arch/m68k/include/asm/signal.h ++++ b/arch/m68k/include/asm/signal.h +@@ -29,6 +29,7 @@ struct sigaction { + __sigrestore_t sa_restorer; + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/mn10300/include/asm/signal.h b/arch/mn10300/include/asm/signal.h +index d280e97..d673860 100644 +--- a/arch/mn10300/include/asm/signal.h ++++ b/arch/mn10300/include/asm/signal.h +@@ -39,6 +39,7 @@ struct sigaction { + __sigrestore_t sa_restorer; + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/powerpc/include/asm/signal.h b/arch/powerpc/include/asm/signal.h +index a101637..fbe66c4 100644 +--- a/arch/powerpc/include/asm/signal.h ++++ b/arch/powerpc/include/asm/signal.h +@@ -1,6 +1,7 @@ + #ifndef _ASM_POWERPC_SIGNAL_H + #define _ASM_POWERPC_SIGNAL_H + ++#define __ARCH_HAS_SA_RESTORER + #include <uapi/asm/signal.h> + + #endif /* _ASM_POWERPC_SIGNAL_H */ +diff --git a/arch/s390/include/asm/signal.h b/arch/s390/include/asm/signal.h +index db7ddfa..639f569 100644 +--- a/arch/s390/include/asm/signal.h ++++ b/arch/s390/include/asm/signal.h +@@ -34,6 +34,7 @@ struct sigaction { + void (*sa_restorer)(void); + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/arch/sparc/include/asm/signal.h b/arch/sparc/include/asm/signal.h +index 77b8585..2f0df05 100644 +--- a/arch/sparc/include/asm/signal.h ++++ b/arch/sparc/include/asm/signal.h +@@ -26,5 +26,7 @@ struct k_sigaction { + void __user *ka_restorer; + }; + ++#define __ARCH_HAS_SA_RESTORER ++ + #endif /* !(__ASSEMBLY__) */ + #endif /* !(__SPARC_SIGNAL_H) */ +diff --git a/arch/tile/kernel/setup.c b/arch/tile/kernel/setup.c +index d1e15f7..7a5aa1a 100644 +--- a/arch/tile/kernel/setup.c ++++ b/arch/tile/kernel/setup.c +@@ -1004,15 +1004,8 @@ void __cpuinit setup_cpu(int boot) + + #ifdef CONFIG_BLK_DEV_INITRD + +-/* +- * Note that the kernel can potentially support other compression +- * techniques than gz, though we don't do so by default. If we ever +- * decide to do so we can either look for other filename extensions, +- * or just allow a file with this name to be compressed with an +- * arbitrary compressor (somewhat counterintuitively). +- */ + static int __initdata set_initramfs_file; +-static char __initdata initramfs_file[128] = "initramfs.cpio.gz"; ++static char __initdata initramfs_file[128] = "initramfs"; + + static int __init setup_initramfs_file(char *str) + { +@@ -1026,9 +1019,9 @@ static int __init setup_initramfs_file(char *str) + early_param("initramfs_file", setup_initramfs_file); + + /* +- * We look for an "initramfs.cpio.gz" file in the hvfs. +- * If there is one, we allocate some memory for it and it will be +- * unpacked to the initramfs. ++ * We look for a file called "initramfs" in the hvfs. If there is one, we ++ * allocate some memory for it and it will be unpacked to the initramfs. ++ * If it's compressed, the initd code will uncompress it first. + */ + static void __init load_hv_initrd(void) + { +@@ -1038,10 +1031,16 @@ static void __init load_hv_initrd(void) + + fd = hv_fs_findfile((HV_VirtAddr) initramfs_file); + if (fd == HV_ENOENT) { +- if (set_initramfs_file) ++ if (set_initramfs_file) { + pr_warning("No such hvfs initramfs file '%s'\n", + initramfs_file); +- return; ++ return; ++ } else { ++ /* Try old backwards-compatible name. */ ++ fd = hv_fs_findfile((HV_VirtAddr)"initramfs.cpio.gz"); ++ if (fd == HV_ENOENT) ++ return; ++ } + } + BUG_ON(fd < 0); + stat = hv_fs_fstat(fd); +diff --git a/arch/x86/include/asm/signal.h b/arch/x86/include/asm/signal.h +index 216bf36..111d272 100644 +--- a/arch/x86/include/asm/signal.h ++++ b/arch/x86/include/asm/signal.h +@@ -31,6 +31,9 @@ typedef sigset_t compat_sigset_t; + #include <uapi/asm/signal.h> + #ifndef __ASSEMBLY__ + extern void do_notify_resume(struct pt_regs *, void *, __u32); ++ ++#define __ARCH_HAS_SA_RESTORER ++ + #ifdef __i386__ + struct old_sigaction { + __sighandler_t sa_handler; +diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h +index c20d1ce..e709884 100644 +--- a/arch/x86/include/asm/xen/hypercall.h ++++ b/arch/x86/include/asm/xen/hypercall.h +@@ -382,14 +382,14 @@ HYPERVISOR_console_io(int cmd, int count, char *str) + return _hypercall3(int, console_io, cmd, count, str); + } + +-extern int __must_check HYPERVISOR_physdev_op_compat(int, void *); ++extern int __must_check xen_physdev_op_compat(int, void *); + + static inline int + HYPERVISOR_physdev_op(int cmd, void *arg) + { + int rc = _hypercall2(int, physdev_op, cmd, arg); + if (unlikely(rc == -ENOSYS)) +- rc = HYPERVISOR_physdev_op_compat(cmd, arg); ++ rc = xen_physdev_op_compat(cmd, arg); + return rc; + } + +diff --git a/arch/xtensa/include/asm/signal.h b/arch/xtensa/include/asm/signal.h +index 6f586bd..83e23f4 100644 +--- a/arch/xtensa/include/asm/signal.h ++++ b/arch/xtensa/include/asm/signal.h +@@ -21,6 +21,7 @@ struct sigaction { + void (*sa_restorer)(void); + sigset_t sa_mask; /* mask last for extensibility */ + }; ++#define __ARCH_HAS_SA_RESTORER + + struct k_sigaction { + struct sigaction sa; +diff --git a/drivers/block/aoe/aoecmd.c b/drivers/block/aoe/aoecmd.c +index 25ef5c0..92b6d7c 100644 +--- a/drivers/block/aoe/aoecmd.c ++++ b/drivers/block/aoe/aoecmd.c +@@ -51,8 +51,9 @@ new_skb(ulong len) + { + struct sk_buff *skb; + +- skb = alloc_skb(len, GFP_ATOMIC); ++ skb = alloc_skb(len + MAX_HEADER, GFP_ATOMIC); + if (skb) { ++ skb_reserve(skb, MAX_HEADER); + skb_reset_mac_header(skb); + skb_reset_network_header(skb); + skb->protocol = __constant_htons(ETH_P_AOE); +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index 8bc6d39..f74f2c0 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -917,6 +917,11 @@ static int loop_set_fd(struct loop_device *lo, fmode_t mode, + lo->lo_flags |= LO_FLAGS_PARTSCAN; + if (lo->lo_flags & LO_FLAGS_PARTSCAN) + ioctl_by_bdev(bdev, BLKRRPART, 0); ++ ++ /* Grab the block_device to prevent its destruction after we ++ * put /dev/loopXX inode. Later in loop_clr_fd() we bdput(bdev). ++ */ ++ bdgrab(bdev); + return 0; + + out_clr: +@@ -1026,8 +1031,10 @@ static int loop_clr_fd(struct loop_device *lo) + memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE); + memset(lo->lo_crypt_name, 0, LO_NAME_SIZE); + memset(lo->lo_file_name, 0, LO_NAME_SIZE); +- if (bdev) ++ if (bdev) { ++ bdput(bdev); + invalidate_bdev(bdev); ++ } + set_capacity(lo->lo_disk, 0); + loop_sysfs_exit(lo); + if (bdev) { +diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c +index e34a7b4..ef6d9be 100644 +--- a/drivers/block/xen-blkback/blkback.c ++++ b/drivers/block/xen-blkback/blkback.c +@@ -679,6 +679,16 @@ static int dispatch_discard_io(struct xen_blkif *blkif, + return err; + } + ++static int dispatch_other_io(struct xen_blkif *blkif, ++ struct blkif_request *req, ++ struct pending_req *pending_req) ++{ ++ free_req(pending_req); ++ make_response(blkif, req->u.other.id, req->operation, ++ BLKIF_RSP_EOPNOTSUPP); ++ return -EIO; ++} ++ + static void xen_blk_drain_io(struct xen_blkif *blkif) + { + atomic_set(&blkif->drain, 1); +@@ -800,17 +810,30 @@ __do_block_io_op(struct xen_blkif *blkif) + + /* Apply all sanity checks to /private copy/ of request. */ + barrier(); +- if (unlikely(req.operation == BLKIF_OP_DISCARD)) { ++ ++ switch (req.operation) { ++ case BLKIF_OP_READ: ++ case BLKIF_OP_WRITE: ++ case BLKIF_OP_WRITE_BARRIER: ++ case BLKIF_OP_FLUSH_DISKCACHE: ++ if (dispatch_rw_block_io(blkif, &req, pending_req)) ++ goto done; ++ break; ++ case BLKIF_OP_DISCARD: + free_req(pending_req); + if (dispatch_discard_io(blkif, &req)) +- break; +- } else if (dispatch_rw_block_io(blkif, &req, pending_req)) ++ goto done; + break; ++ default: ++ if (dispatch_other_io(blkif, &req, pending_req)) ++ goto done; ++ break; ++ } + + /* Yield point for this unbounded loop. */ + cond_resched(); + } +- ++done: + return more_to_do; + } + +@@ -978,13 +1001,7 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif, + bio->bi_end_io = end_block_io_op; + } + +- /* +- * We set it one so that the last submit_bio does not have to call +- * atomic_inc. +- */ + atomic_set(&pending_req->pendcnt, nbio); +- +- /* Get a reference count for the disk queue and start sending I/O */ + blk_start_plug(&plug); + + for (i = 0; i < nbio; i++) +@@ -1012,6 +1029,7 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif, + fail_put_bio: + for (i = 0; i < nbio; i++) + bio_put(biolist[i]); ++ atomic_set(&pending_req->pendcnt, 1); + __end_block_io_op(pending_req, -EINVAL); + msleep(1); /* back off a bit */ + return -EIO; +diff --git a/drivers/block/xen-blkback/common.h b/drivers/block/xen-blkback/common.h +index 6072390..195278a 100644 +--- a/drivers/block/xen-blkback/common.h ++++ b/drivers/block/xen-blkback/common.h +@@ -77,11 +77,18 @@ struct blkif_x86_32_request_discard { + uint64_t nr_sectors; + } __attribute__((__packed__)); + ++struct blkif_x86_32_request_other { ++ uint8_t _pad1; ++ blkif_vdev_t _pad2; ++ uint64_t id; /* private guest value, echoed in resp */ ++} __attribute__((__packed__)); ++ + struct blkif_x86_32_request { + uint8_t operation; /* BLKIF_OP_??? */ + union { + struct blkif_x86_32_request_rw rw; + struct blkif_x86_32_request_discard discard; ++ struct blkif_x86_32_request_other other; + } u; + } __attribute__((__packed__)); + +@@ -113,11 +120,19 @@ struct blkif_x86_64_request_discard { + uint64_t nr_sectors; + } __attribute__((__packed__)); + ++struct blkif_x86_64_request_other { ++ uint8_t _pad1; ++ blkif_vdev_t _pad2; ++ uint32_t _pad3; /* offsetof(blkif_..,u.discard.id)==8 */ ++ uint64_t id; /* private guest value, echoed in resp */ ++} __attribute__((__packed__)); ++ + struct blkif_x86_64_request { + uint8_t operation; /* BLKIF_OP_??? */ + union { + struct blkif_x86_64_request_rw rw; + struct blkif_x86_64_request_discard discard; ++ struct blkif_x86_64_request_other other; + } u; + } __attribute__((__packed__)); + +@@ -278,6 +293,11 @@ static inline void blkif_get_x86_32_req(struct blkif_request *dst, + dst->u.discard.nr_sectors = src->u.discard.nr_sectors; + break; + default: ++ /* ++ * Don't know how to translate this op. Only get the ++ * ID so failure can be reported to the frontend. ++ */ ++ dst->u.other.id = src->u.other.id; + break; + } + } +@@ -309,6 +329,11 @@ static inline void blkif_get_x86_64_req(struct blkif_request *dst, + dst->u.discard.nr_sectors = src->u.discard.nr_sectors; + break; + default: ++ /* ++ * Don't know how to translate this op. Only get the ++ * ID so failure can be reported to the frontend. ++ */ ++ dst->u.other.id = src->u.other.id; + break; + } + } +diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c +index c3dae2e..2e39eaf 100644 +--- a/drivers/block/xen-blkfront.c ++++ b/drivers/block/xen-blkfront.c +@@ -44,7 +44,7 @@ + #include <linux/mutex.h> + #include <linux/scatterlist.h> + #include <linux/bitmap.h> +-#include <linux/llist.h> ++#include <linux/list.h> + + #include <xen/xen.h> + #include <xen/xenbus.h> +@@ -68,7 +68,7 @@ enum blkif_state { + struct grant { + grant_ref_t gref; + unsigned long pfn; +- struct llist_node node; ++ struct list_head node; + }; + + struct blk_shadow { +@@ -105,7 +105,7 @@ struct blkfront_info + struct work_struct work; + struct gnttab_free_callback callback; + struct blk_shadow shadow[BLK_RING_SIZE]; +- struct llist_head persistent_gnts; ++ struct list_head persistent_gnts; + unsigned int persistent_gnts_c; + unsigned long shadow_free; + unsigned int feature_flush; +@@ -371,10 +371,11 @@ static int blkif_queue_request(struct request *req) + lsect = fsect + (sg->length >> 9) - 1; + + if (info->persistent_gnts_c) { +- BUG_ON(llist_empty(&info->persistent_gnts)); +- gnt_list_entry = llist_entry( +- llist_del_first(&info->persistent_gnts), +- struct grant, node); ++ BUG_ON(list_empty(&info->persistent_gnts)); ++ gnt_list_entry = list_first_entry( ++ &info->persistent_gnts, ++ struct grant, node); ++ list_del(&gnt_list_entry->node); + + ref = gnt_list_entry->gref; + buffer_mfn = pfn_to_mfn(gnt_list_entry->pfn); +@@ -790,9 +791,8 @@ static void blkif_restart_queue(struct work_struct *work) + + static void blkif_free(struct blkfront_info *info, int suspend) + { +- struct llist_node *all_gnts; +- struct grant *persistent_gnt, *tmp; +- struct llist_node *n; ++ struct grant *persistent_gnt; ++ struct grant *n; + + /* Prevent new requests being issued until we fix things up. */ + spin_lock_irq(&info->io_lock); +@@ -804,20 +804,15 @@ static void blkif_free(struct blkfront_info *info, int suspend) + + /* Remove all persistent grants */ + if (info->persistent_gnts_c) { +- all_gnts = llist_del_all(&info->persistent_gnts); +- persistent_gnt = llist_entry(all_gnts, typeof(*(persistent_gnt)), node); +- while (persistent_gnt) { ++ list_for_each_entry_safe(persistent_gnt, n, ++ &info->persistent_gnts, node) { ++ list_del(&persistent_gnt->node); + gnttab_end_foreign_access(persistent_gnt->gref, 0, 0UL); + __free_page(pfn_to_page(persistent_gnt->pfn)); +- tmp = persistent_gnt; +- n = persistent_gnt->node.next; +- if (n) +- persistent_gnt = llist_entry(n, typeof(*(persistent_gnt)), node); +- else +- persistent_gnt = NULL; +- kfree(tmp); ++ kfree(persistent_gnt); ++ info->persistent_gnts_c--; + } +- info->persistent_gnts_c = 0; ++ BUG_ON(info->persistent_gnts_c != 0); + } + + /* No more gnttab callback work. */ +@@ -875,7 +870,7 @@ static void blkif_completion(struct blk_shadow *s, struct blkfront_info *info, + } + /* Add the persistent grant into the list of free grants */ + for (i = 0; i < s->req.u.rw.nr_segments; i++) { +- llist_add(&s->grants_used[i]->node, &info->persistent_gnts); ++ list_add(&s->grants_used[i]->node, &info->persistent_gnts); + info->persistent_gnts_c++; + } + } +@@ -1171,7 +1166,7 @@ static int blkfront_probe(struct xenbus_device *dev, + spin_lock_init(&info->io_lock); + info->xbdev = dev; + info->vdevice = vdevice; +- init_llist_head(&info->persistent_gnts); ++ INIT_LIST_HEAD(&info->persistent_gnts); + info->persistent_gnts_c = 0; + info->connected = BLKIF_STATE_DISCONNECTED; + INIT_WORK(&info->work, blkif_restart_queue); +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c +index 33c9a44..1c0929b 100644 +--- a/drivers/bluetooth/ath3k.c ++++ b/drivers/bluetooth/ath3k.c +@@ -73,8 +73,10 @@ static struct usb_device_id ath3k_table[] = { + { USB_DEVICE(0x03F0, 0x311D) }, + + /* Atheros AR3012 with sflash firmware*/ ++ { USB_DEVICE(0x0CF3, 0x0036) }, + { USB_DEVICE(0x0CF3, 0x3004) }, + { USB_DEVICE(0x0CF3, 0x311D) }, ++ { USB_DEVICE(0x0CF3, 0x817a) }, + { USB_DEVICE(0x13d3, 0x3375) }, + { USB_DEVICE(0x04CA, 0x3005) }, + { USB_DEVICE(0x04CA, 0x3006) }, +@@ -105,8 +107,10 @@ MODULE_DEVICE_TABLE(usb, ath3k_table); + static struct usb_device_id ath3k_blist_tbl[] = { + + /* Atheros AR3012 with sflash firmware*/ ++ { USB_DEVICE(0x0CF3, 0x0036), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x311D), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index 7e351e3..568e703 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -131,8 +131,10 @@ static struct usb_device_id blacklist_table[] = { + { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, + + /* Atheros 3012 with sflash firmware */ ++ { USB_DEVICE(0x0cf3, 0x0036), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x3004), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x0cf3, 0x311d), .driver_info = BTUSB_ATH3012 }, ++ { USB_DEVICE(0x0cf3, 0x817a), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3005), .driver_info = BTUSB_ATH3012 }, + { USB_DEVICE(0x04ca, 0x3006), .driver_info = BTUSB_ATH3012 }, +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c +index ee4dbea..a4b7aa0 100644 +--- a/drivers/char/virtio_console.c ++++ b/drivers/char/virtio_console.c +@@ -152,7 +152,8 @@ struct ports_device { + spinlock_t ports_lock; + + /* To protect the vq operations for the control channel */ +- spinlock_t cvq_lock; ++ spinlock_t c_ivq_lock; ++ spinlock_t c_ovq_lock; + + /* The current config space is stored here */ + struct virtio_console_config config; +@@ -575,11 +576,14 @@ static ssize_t __send_control_msg(struct ports_device *portdev, u32 port_id, + vq = portdev->c_ovq; + + sg_init_one(sg, &cpkt, sizeof(cpkt)); ++ ++ spin_lock(&portdev->c_ovq_lock); + if (virtqueue_add_buf(vq, sg, 1, 0, &cpkt, GFP_ATOMIC) == 0) { + virtqueue_kick(vq); + while (!virtqueue_get_buf(vq, &len)) + cpu_relax(); + } ++ spin_unlock(&portdev->c_ovq_lock); + return 0; + } + +@@ -1715,23 +1719,23 @@ static void control_work_handler(struct work_struct *work) + portdev = container_of(work, struct ports_device, control_work); + vq = portdev->c_ivq; + +- spin_lock(&portdev->cvq_lock); ++ spin_lock(&portdev->c_ivq_lock); + while ((buf = virtqueue_get_buf(vq, &len))) { +- spin_unlock(&portdev->cvq_lock); ++ spin_unlock(&portdev->c_ivq_lock); + + buf->len = len; + buf->offset = 0; + + handle_control_message(portdev, buf); + +- spin_lock(&portdev->cvq_lock); ++ spin_lock(&portdev->c_ivq_lock); + if (add_inbuf(portdev->c_ivq, buf) < 0) { + dev_warn(&portdev->vdev->dev, + "Error adding buffer to queue\n"); + free_buf(buf, false); + } + } +- spin_unlock(&portdev->cvq_lock); ++ spin_unlock(&portdev->c_ivq_lock); + } + + static void out_intr(struct virtqueue *vq) +@@ -1996,10 +2000,12 @@ static int virtcons_probe(struct virtio_device *vdev) + if (multiport) { + unsigned int nr_added_bufs; + +- spin_lock_init(&portdev->cvq_lock); ++ spin_lock_init(&portdev->c_ivq_lock); ++ spin_lock_init(&portdev->c_ovq_lock); + INIT_WORK(&portdev->control_work, &control_work_handler); + +- nr_added_bufs = fill_queue(portdev->c_ivq, &portdev->cvq_lock); ++ nr_added_bufs = fill_queue(portdev->c_ivq, ++ &portdev->c_ivq_lock); + if (!nr_added_bufs) { + dev_err(&vdev->dev, + "Error allocating buffers for control queue\n"); +@@ -2150,7 +2156,7 @@ static int virtcons_restore(struct virtio_device *vdev) + return ret; + + if (use_multiport(portdev)) +- fill_queue(portdev->c_ivq, &portdev->cvq_lock); ++ fill_queue(portdev->c_ivq, &portdev->c_ivq_lock); + + list_for_each_entry(port, &portdev->ports, list) { + port->in_vq = portdev->in_vqs[port->id]; +diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c +index b2a0a07..cf268b1 100644 +--- a/drivers/crypto/caam/caamalg.c ++++ b/drivers/crypto/caam/caamalg.c +@@ -1650,11 +1650,7 @@ struct caam_alg_template { + }; + + static struct caam_alg_template driver_algs[] = { +- /* +- * single-pass ipsec_esp descriptor +- * authencesn(*,*) is also registered, although not present +- * explicitly here. +- */ ++ /* single-pass ipsec_esp descriptor */ + { + .name = "authenc(hmac(md5),cbc(aes))", + .driver_name = "authenc-hmac-md5-cbc-aes-caam", +@@ -2217,9 +2213,7 @@ static int __init caam_algapi_init(void) + for (i = 0; i < ARRAY_SIZE(driver_algs); i++) { + /* TODO: check if h/w supports alg */ + struct caam_crypto_alg *t_alg; +- bool done = false; + +-authencesn: + t_alg = caam_alg_alloc(ctrldev, &driver_algs[i]); + if (IS_ERR(t_alg)) { + err = PTR_ERR(t_alg); +@@ -2233,25 +2227,8 @@ authencesn: + dev_warn(ctrldev, "%s alg registration failed\n", + t_alg->crypto_alg.cra_driver_name); + kfree(t_alg); +- } else { ++ } else + list_add_tail(&t_alg->entry, &priv->alg_list); +- if (driver_algs[i].type == CRYPTO_ALG_TYPE_AEAD && +- !memcmp(driver_algs[i].name, "authenc", 7) && +- !done) { +- char *name; +- +- name = driver_algs[i].name; +- memmove(name + 10, name + 7, strlen(name) - 7); +- memcpy(name + 7, "esn", 3); +- +- name = driver_algs[i].driver_name; +- memmove(name + 10, name + 7, strlen(name) - 7); +- memcpy(name + 7, "esn", 3); +- +- done = true; +- goto authencesn; +- } +- } + } + if (!list_empty(&priv->alg_list)) + dev_info(ctrldev, "%s algorithms registered in /proc/crypto\n", +diff --git a/drivers/crypto/caam/compat.h b/drivers/crypto/caam/compat.h +index cf15e78..762aeff 100644 +--- a/drivers/crypto/caam/compat.h ++++ b/drivers/crypto/caam/compat.h +@@ -23,7 +23,6 @@ + #include <linux/types.h> + #include <linux/debugfs.h> + #include <linux/circ_buf.h> +-#include <linux/string.h> + #include <net/xfrm.h> + + #include <crypto/algapi.h> +diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c +index 09b184a..5b2b5e6 100644 +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -38,7 +38,6 @@ + #include <linux/spinlock.h> + #include <linux/rtnetlink.h> + #include <linux/slab.h> +-#include <linux/string.h> + + #include <crypto/algapi.h> + #include <crypto/aes.h> +@@ -1974,11 +1973,7 @@ struct talitos_alg_template { + }; + + static struct talitos_alg_template driver_algs[] = { +- /* +- * AEAD algorithms. These use a single-pass ipsec_esp descriptor. +- * authencesn(*,*) is also registered, although not present +- * explicitly here. +- */ ++ /* AEAD algorithms. These use a single-pass ipsec_esp descriptor */ + { .type = CRYPTO_ALG_TYPE_AEAD, + .alg.crypto = { + .cra_name = "authenc(hmac(sha1),cbc(aes))", +@@ -2820,9 +2815,7 @@ static int talitos_probe(struct platform_device *ofdev) + if (hw_supports(dev, driver_algs[i].desc_hdr_template)) { + struct talitos_crypto_alg *t_alg; + char *name = NULL; +- bool authenc = false; + +-authencesn: + t_alg = talitos_alg_alloc(dev, &driver_algs[i]); + if (IS_ERR(t_alg)) { + err = PTR_ERR(t_alg); +@@ -2837,8 +2830,6 @@ authencesn: + err = crypto_register_alg( + &t_alg->algt.alg.crypto); + name = t_alg->algt.alg.crypto.cra_driver_name; +- authenc = authenc ? !authenc : +- !(bool)memcmp(name, "authenc", 7); + break; + case CRYPTO_ALG_TYPE_AHASH: + err = crypto_register_ahash( +@@ -2851,25 +2842,8 @@ authencesn: + dev_err(dev, "%s alg registration failed\n", + name); + kfree(t_alg); +- } else { ++ } else + list_add_tail(&t_alg->entry, &priv->alg_list); +- if (authenc) { +- struct crypto_alg *alg = +- &driver_algs[i].alg.crypto; +- +- name = alg->cra_name; +- memmove(name + 10, name + 7, +- strlen(name) - 7); +- memcpy(name + 7, "esn", 3); +- +- name = alg->cra_driver_name; +- memmove(name + 10, name + 7, +- strlen(name) - 7); +- memcpy(name + 7, "esn", 3); +- +- goto authencesn; +- } +- } + } + } + if (!list_empty(&priv->alg_list)) +diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c +index e1d6253..b07cb37 100644 +--- a/drivers/firmware/efivars.c ++++ b/drivers/firmware/efivars.c +@@ -1669,6 +1669,53 @@ static ssize_t efivar_delete(struct file *filp, struct kobject *kobj, + return count; + } + ++static bool variable_is_present(efi_char16_t *variable_name, efi_guid_t *vendor) ++{ ++ struct efivar_entry *entry, *n; ++ struct efivars *efivars = &__efivars; ++ unsigned long strsize1, strsize2; ++ bool found = false; ++ ++ strsize1 = utf16_strsize(variable_name, 1024); ++ list_for_each_entry_safe(entry, n, &efivars->list, list) { ++ strsize2 = utf16_strsize(entry->var.VariableName, 1024); ++ if (strsize1 == strsize2 && ++ !memcmp(variable_name, &(entry->var.VariableName), ++ strsize2) && ++ !efi_guidcmp(entry->var.VendorGuid, ++ *vendor)) { ++ found = true; ++ break; ++ } ++ } ++ return found; ++} ++ ++/* ++ * Returns the size of variable_name, in bytes, including the ++ * terminating NULL character, or variable_name_size if no NULL ++ * character is found among the first variable_name_size bytes. ++ */ ++static unsigned long var_name_strnsize(efi_char16_t *variable_name, ++ unsigned long variable_name_size) ++{ ++ unsigned long len; ++ efi_char16_t c; ++ ++ /* ++ * The variable name is, by definition, a NULL-terminated ++ * string, so make absolutely sure that variable_name_size is ++ * the value we expect it to be. If not, return the real size. ++ */ ++ for (len = 2; len <= variable_name_size; len += sizeof(c)) { ++ c = variable_name[(len / sizeof(c)) - 1]; ++ if (!c) ++ break; ++ } ++ ++ return min(len, variable_name_size); ++} ++ + /* + * Let's not leave out systab information that snuck into + * the efivars driver +@@ -1864,6 +1911,28 @@ void unregister_efivars(struct efivars *efivars) + } + EXPORT_SYMBOL_GPL(unregister_efivars); + ++/* ++ * Print a warning when duplicate EFI variables are encountered and ++ * disable the sysfs workqueue since the firmware is buggy. ++ */ ++static void dup_variable_bug(efi_char16_t *s16, efi_guid_t *vendor_guid, ++ unsigned long len16) ++{ ++ size_t i, len8 = len16 / sizeof(efi_char16_t); ++ char *s8; ++ ++ s8 = kzalloc(len8, GFP_KERNEL); ++ if (!s8) ++ return; ++ ++ for (i = 0; i < len8; i++) ++ s8[i] = s16[i]; ++ ++ printk(KERN_WARNING "efivars: duplicate variable: %s-%pUl\n", ++ s8, vendor_guid); ++ kfree(s8); ++} ++ + int register_efivars(struct efivars *efivars, + const struct efivar_operations *ops, + struct kobject *parent_kobj) +@@ -1912,6 +1981,24 @@ int register_efivars(struct efivars *efivars, + &vendor_guid); + switch (status) { + case EFI_SUCCESS: ++ variable_name_size = var_name_strnsize(variable_name, ++ variable_name_size); ++ ++ /* ++ * Some firmware implementations return the ++ * same variable name on multiple calls to ++ * get_next_variable(). Terminate the loop ++ * immediately as there is no guarantee that ++ * we'll ever see a different variable name, ++ * and may end up looping here forever. ++ */ ++ if (variable_is_present(variable_name, &vendor_guid)) { ++ dup_variable_bug(variable_name, &vendor_guid, ++ variable_name_size); ++ status = EFI_NOT_FOUND; ++ break; ++ } ++ + efivar_create_sysfs_entry(efivars, + variable_name_size, + variable_name, +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c +index 80aa1fc..e6e4df7 100644 +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -7420,8 +7420,8 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, + { + struct drm_device *dev = crtc->dev; + struct drm_i915_private *dev_priv = dev->dev_private; +- struct intel_framebuffer *intel_fb; +- struct drm_i915_gem_object *obj; ++ struct drm_framebuffer *old_fb = crtc->fb; ++ struct drm_i915_gem_object *obj = to_intel_framebuffer(fb)->obj; + struct intel_crtc *intel_crtc = to_intel_crtc(crtc); + struct intel_unpin_work *work; + unsigned long flags; +@@ -7446,8 +7446,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, + + work->event = event; + work->crtc = crtc; +- intel_fb = to_intel_framebuffer(crtc->fb); +- work->old_fb_obj = intel_fb->obj; ++ work->old_fb_obj = to_intel_framebuffer(old_fb)->obj; + INIT_WORK(&work->work, intel_unpin_work_fn); + + ret = drm_vblank_get(dev, intel_crtc->pipe); +@@ -7467,9 +7466,6 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, + intel_crtc->unpin_work = work; + spin_unlock_irqrestore(&dev->event_lock, flags); + +- intel_fb = to_intel_framebuffer(fb); +- obj = intel_fb->obj; +- + if (atomic_read(&intel_crtc->unpin_work_count) >= 2) + flush_workqueue(dev_priv->wq); + +@@ -7507,6 +7503,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, + + cleanup_pending: + atomic_dec(&intel_crtc->unpin_work_count); ++ crtc->fb = old_fb; + atomic_sub(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); + drm_gem_object_unreference(&work->old_fb_obj->base); + drm_gem_object_unreference(&obj->base); +diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c +index 2e1c10a..73ce6e9 100644 +--- a/drivers/gpu/drm/i915/intel_dp.c ++++ b/drivers/gpu/drm/i915/intel_dp.c +@@ -788,6 +788,7 @@ intel_dp_set_m_n(struct drm_crtc *crtc, struct drm_display_mode *mode, + struct intel_dp_m_n m_n; + int pipe = intel_crtc->pipe; + enum transcoder cpu_transcoder = intel_crtc->cpu_transcoder; ++ int target_clock; + + /* + * Find the lane count in the intel_encoder private +@@ -803,13 +804,22 @@ intel_dp_set_m_n(struct drm_crtc *crtc, struct drm_display_mode *mode, + } + } + ++ target_clock = mode->clock; ++ for_each_encoder_on_crtc(dev, crtc, intel_encoder) { ++ if (intel_encoder->type == INTEL_OUTPUT_EDP) { ++ target_clock = intel_edp_target_clock(intel_encoder, ++ mode); ++ break; ++ } ++ } ++ + /* + * Compute the GMCH and Link ratios. The '3' here is + * the number of bytes_per_pixel post-LUT, which we always + * set up for 8-bits of R/G/B, or 3 bytes total. + */ + intel_dp_compute_m_n(intel_crtc->bpp, lane_count, +- mode->clock, adjusted_mode->clock, &m_n); ++ target_clock, adjusted_mode->clock, &m_n); + + if (IS_HASWELL(dev)) { + I915_WRITE(PIPE_DATA_M1(cpu_transcoder), +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index 266e2ae..160a309 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -587,6 +587,9 @@ + #define USB_VENDOR_ID_MONTEREY 0x0566 + #define USB_DEVICE_ID_GENIUS_KB29E 0x3004 + ++#define USB_VENDOR_ID_MSI 0x1770 ++#define USB_DEVICE_ID_MSI_GX680R_LED_PANEL 0xff00 ++ + #define USB_VENDOR_ID_NATIONAL_SEMICONDUCTOR 0x0400 + #define USB_DEVICE_ID_N_S_HARMONY 0xc359 + +@@ -678,6 +681,9 @@ + #define USB_DEVICE_ID_QUANTA_OPTICAL_TOUCH_3001 0x3001 + #define USB_DEVICE_ID_QUANTA_OPTICAL_TOUCH_3008 0x3008 + ++#define USB_VENDOR_ID_REALTEK 0x0bda ++#define USB_DEVICE_ID_REALTEK_READER 0x0152 ++ + #define USB_VENDOR_ID_ROCCAT 0x1e7d + #define USB_DEVICE_ID_ROCCAT_ARVO 0x30d4 + #define USB_DEVICE_ID_ROCCAT_ISKU 0x319c +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c +index e0e6abf..19b8360 100644 +--- a/drivers/hid/usbhid/hid-quirks.c ++++ b/drivers/hid/usbhid/hid-quirks.c +@@ -73,6 +73,7 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS, HID_QUIRK_NOGET }, ++ { USB_VENDOR_ID_MSI, USB_DEVICE_ID_MSI_GX680R_LED_PANEL, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_NOVATEK, USB_DEVICE_ID_NOVATEK_MOUSE, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN1, HID_QUIRK_NO_INIT_REPORTS }, +@@ -80,6 +81,7 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_PRODIGE, USB_DEVICE_ID_PRODIGE_CORDLESS, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_QUANTA, USB_DEVICE_ID_QUANTA_OPTICAL_TOUCH_3001, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_QUANTA, USB_DEVICE_ID_QUANTA_OPTICAL_TOUCH_3008, HID_QUIRK_NOGET }, ++ { USB_VENDOR_ID_REALTEK, USB_DEVICE_ID_REALTEK_READER, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_SENNHEISER, USB_DEVICE_ID_SENNHEISER_BTD500USB, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_SIGMATEL, USB_DEVICE_ID_SIGMATEL_STMP3780, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_SUN, USB_DEVICE_ID_RARITAN_KVM_DONGLE, HID_QUIRK_NOGET }, +diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c +index c1c74e0..4647b50 100644 +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -2466,18 +2466,16 @@ static int device_change_notifier(struct notifier_block *nb, + + /* allocate a protection domain if a device is added */ + dma_domain = find_protection_domain(devid); +- if (dma_domain) +- goto out; +- dma_domain = dma_ops_domain_alloc(); +- if (!dma_domain) +- goto out; +- dma_domain->target_dev = devid; +- +- spin_lock_irqsave(&iommu_pd_list_lock, flags); +- list_add_tail(&dma_domain->list, &iommu_pd_list); +- spin_unlock_irqrestore(&iommu_pd_list_lock, flags); +- +- dev_data = get_dev_data(dev); ++ if (!dma_domain) { ++ dma_domain = dma_ops_domain_alloc(); ++ if (!dma_domain) ++ goto out; ++ dma_domain->target_dev = devid; ++ ++ spin_lock_irqsave(&iommu_pd_list_lock, flags); ++ list_add_tail(&dma_domain->list, &iommu_pd_list); ++ spin_unlock_irqrestore(&iommu_pd_list_lock, flags); ++ } + + dev->archdata.dma_ops = &amd_iommu_dma_ops; + +diff --git a/drivers/media/pci/bt8xx/bttv-driver.c b/drivers/media/pci/bt8xx/bttv-driver.c +index 45e5d06..dd53210 100644 +--- a/drivers/media/pci/bt8xx/bttv-driver.c ++++ b/drivers/media/pci/bt8xx/bttv-driver.c +@@ -250,17 +250,19 @@ static u8 SRAM_Table[][60] = + vdelay start of active video in 2 * field lines relative to + trailing edge of /VRESET pulse (VDELAY register). + sheight height of active video in 2 * field lines. ++ extraheight Added to sheight for cropcap.bounds.height only + videostart0 ITU-R frame line number of the line corresponding + to vdelay in the first field. */ + #define CROPCAP(minhdelayx1, hdelayx1, swidth, totalwidth, sqwidth, \ +- vdelay, sheight, videostart0) \ ++ vdelay, sheight, extraheight, videostart0) \ + .cropcap.bounds.left = minhdelayx1, \ + /* * 2 because vertically we count field lines times two, */ \ + /* e.g. 23 * 2 to 23 * 2 + 576 in PAL-BGHI defrect. */ \ + .cropcap.bounds.top = (videostart0) * 2 - (vdelay) + MIN_VDELAY, \ + /* 4 is a safety margin at the end of the line. */ \ + .cropcap.bounds.width = (totalwidth) - (minhdelayx1) - 4, \ +- .cropcap.bounds.height = (sheight) + (vdelay) - MIN_VDELAY, \ ++ .cropcap.bounds.height = (sheight) + (extraheight) + (vdelay) - \ ++ MIN_VDELAY, \ + .cropcap.defrect.left = hdelayx1, \ + .cropcap.defrect.top = (videostart0) * 2, \ + .cropcap.defrect.width = swidth, \ +@@ -301,9 +303,10 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* totalwidth */ 1135, + /* sqwidth */ 944, + /* vdelay */ 0x20, +- /* bt878 (and bt848?) can capture another +- line below active video. */ +- /* sheight */ (576 + 2) + 0x20 - 2, ++ /* sheight */ 576, ++ /* bt878 (and bt848?) can capture another ++ line below active video. */ ++ /* extraheight */ 2, + /* videostart0 */ 23) + },{ + .v4l2_id = V4L2_STD_NTSC_M | V4L2_STD_NTSC_M_KR, +@@ -330,6 +333,7 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* sqwidth */ 780, + /* vdelay */ 0x1a, + /* sheight */ 480, ++ /* extraheight */ 0, + /* videostart0 */ 23) + },{ + .v4l2_id = V4L2_STD_SECAM, +@@ -355,6 +359,7 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* sqwidth */ 944, + /* vdelay */ 0x20, + /* sheight */ 576, ++ /* extraheight */ 0, + /* videostart0 */ 23) + },{ + .v4l2_id = V4L2_STD_PAL_Nc, +@@ -380,6 +385,7 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* sqwidth */ 780, + /* vdelay */ 0x1a, + /* sheight */ 576, ++ /* extraheight */ 0, + /* videostart0 */ 23) + },{ + .v4l2_id = V4L2_STD_PAL_M, +@@ -405,6 +411,7 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* sqwidth */ 780, + /* vdelay */ 0x1a, + /* sheight */ 480, ++ /* extraheight */ 0, + /* videostart0 */ 23) + },{ + .v4l2_id = V4L2_STD_PAL_N, +@@ -430,6 +437,7 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* sqwidth */ 944, + /* vdelay */ 0x20, + /* sheight */ 576, ++ /* extraheight */ 0, + /* videostart0 */ 23) + },{ + .v4l2_id = V4L2_STD_NTSC_M_JP, +@@ -455,6 +463,7 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* sqwidth */ 780, + /* vdelay */ 0x16, + /* sheight */ 480, ++ /* extraheight */ 0, + /* videostart0 */ 23) + },{ + /* that one hopefully works with the strange timing +@@ -484,6 +493,7 @@ const struct bttv_tvnorm bttv_tvnorms[] = { + /* sqwidth */ 944, + /* vdelay */ 0x1a, + /* sheight */ 480, ++ /* extraheight */ 0, + /* videostart0 */ 23) + } + }; +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 272f81a..27cdf1f 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1955,12 +1955,11 @@ int bond_release(struct net_device *bond_dev, struct net_device *slave_dev) + return -EINVAL; + } + ++ write_unlock_bh(&bond->lock); + /* unregister rx_handler early so bond_handle_frame wouldn't be called + * for this slave anymore. + */ + netdev_rx_handler_unregister(slave_dev); +- write_unlock_bh(&bond->lock); +- synchronize_net(); + write_lock_bh(&bond->lock); + + if (!bond->params.fail_over_mac) { +diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c +index 1c9e09f..ea7a388 100644 +--- a/drivers/net/bonding/bond_sysfs.c ++++ b/drivers/net/bonding/bond_sysfs.c +@@ -183,6 +183,11 @@ int bond_create_slave_symlinks(struct net_device *master, + sprintf(linkname, "slave_%s", slave->name); + ret = sysfs_create_link(&(master->dev.kobj), &(slave->dev.kobj), + linkname); ++ ++ /* free the master link created earlier in case of error */ ++ if (ret) ++ sysfs_remove_link(&(slave->dev.kobj), "master"); ++ + return ret; + + } +@@ -522,7 +527,7 @@ static ssize_t bonding_store_arp_interval(struct device *d, + goto out; + } + if (new_value < 0) { +- pr_err("%s: Invalid arp_interval value %d not in range 1-%d; rejected.\n", ++ pr_err("%s: Invalid arp_interval value %d not in range 0-%d; rejected.\n", + bond->dev->name, new_value, INT_MAX); + ret = -EINVAL; + goto out; +@@ -537,14 +542,15 @@ static ssize_t bonding_store_arp_interval(struct device *d, + pr_info("%s: Setting ARP monitoring interval to %d.\n", + bond->dev->name, new_value); + bond->params.arp_interval = new_value; +- if (bond->params.miimon) { +- pr_info("%s: ARP monitoring cannot be used with MII monitoring. %s Disabling MII monitoring.\n", +- bond->dev->name, bond->dev->name); +- bond->params.miimon = 0; +- } +- if (!bond->params.arp_targets[0]) { +- pr_info("%s: ARP monitoring has been set up, but no ARP targets have been specified.\n", +- bond->dev->name); ++ if (new_value) { ++ if (bond->params.miimon) { ++ pr_info("%s: ARP monitoring cannot be used with MII monitoring. %s Disabling MII monitoring.\n", ++ bond->dev->name, bond->dev->name); ++ bond->params.miimon = 0; ++ } ++ if (!bond->params.arp_targets[0]) ++ pr_info("%s: ARP monitoring has been set up, but no ARP targets have been specified.\n", ++ bond->dev->name); + } + if (bond->dev->flags & IFF_UP) { + /* If the interface is up, we may need to fire off +@@ -552,10 +558,13 @@ static ssize_t bonding_store_arp_interval(struct device *d, + * timer will get fired off when the open function + * is called. + */ +- cancel_delayed_work_sync(&bond->mii_work); +- queue_delayed_work(bond->wq, &bond->arp_work, 0); ++ if (!new_value) { ++ cancel_delayed_work_sync(&bond->arp_work); ++ } else { ++ cancel_delayed_work_sync(&bond->mii_work); ++ queue_delayed_work(bond->wq, &bond->arp_work, 0); ++ } + } +- + out: + rtnl_unlock(); + return ret; +@@ -697,7 +706,7 @@ static ssize_t bonding_store_downdelay(struct device *d, + } + if (new_value < 0) { + pr_err("%s: Invalid down delay value %d not in range %d-%d; rejected.\n", +- bond->dev->name, new_value, 1, INT_MAX); ++ bond->dev->name, new_value, 0, INT_MAX); + ret = -EINVAL; + goto out; + } else { +@@ -752,8 +761,8 @@ static ssize_t bonding_store_updelay(struct device *d, + goto out; + } + if (new_value < 0) { +- pr_err("%s: Invalid down delay value %d not in range %d-%d; rejected.\n", +- bond->dev->name, new_value, 1, INT_MAX); ++ pr_err("%s: Invalid up delay value %d not in range %d-%d; rejected.\n", ++ bond->dev->name, new_value, 0, INT_MAX); + ret = -EINVAL; + goto out; + } else { +@@ -963,37 +972,37 @@ static ssize_t bonding_store_miimon(struct device *d, + } + if (new_value < 0) { + pr_err("%s: Invalid miimon value %d not in range %d-%d; rejected.\n", +- bond->dev->name, new_value, 1, INT_MAX); ++ bond->dev->name, new_value, 0, INT_MAX); + ret = -EINVAL; + goto out; +- } else { +- pr_info("%s: Setting MII monitoring interval to %d.\n", +- bond->dev->name, new_value); +- bond->params.miimon = new_value; +- if (bond->params.updelay) +- pr_info("%s: Note: Updating updelay (to %d) since it is a multiple of the miimon value.\n", +- bond->dev->name, +- bond->params.updelay * bond->params.miimon); +- if (bond->params.downdelay) +- pr_info("%s: Note: Updating downdelay (to %d) since it is a multiple of the miimon value.\n", +- bond->dev->name, +- bond->params.downdelay * bond->params.miimon); +- if (bond->params.arp_interval) { +- pr_info("%s: MII monitoring cannot be used with ARP monitoring. Disabling ARP monitoring...\n", +- bond->dev->name); +- bond->params.arp_interval = 0; +- if (bond->params.arp_validate) { +- bond->params.arp_validate = +- BOND_ARP_VALIDATE_NONE; +- } +- } +- +- if (bond->dev->flags & IFF_UP) { +- /* If the interface is up, we may need to fire off +- * the MII timer. If the interface is down, the +- * timer will get fired off when the open function +- * is called. +- */ ++ } ++ pr_info("%s: Setting MII monitoring interval to %d.\n", ++ bond->dev->name, new_value); ++ bond->params.miimon = new_value; ++ if (bond->params.updelay) ++ pr_info("%s: Note: Updating updelay (to %d) since it is a multiple of the miimon value.\n", ++ bond->dev->name, ++ bond->params.updelay * bond->params.miimon); ++ if (bond->params.downdelay) ++ pr_info("%s: Note: Updating downdelay (to %d) since it is a multiple of the miimon value.\n", ++ bond->dev->name, ++ bond->params.downdelay * bond->params.miimon); ++ if (new_value && bond->params.arp_interval) { ++ pr_info("%s: MII monitoring cannot be used with ARP monitoring. Disabling ARP monitoring...\n", ++ bond->dev->name); ++ bond->params.arp_interval = 0; ++ if (bond->params.arp_validate) ++ bond->params.arp_validate = BOND_ARP_VALIDATE_NONE; ++ } ++ if (bond->dev->flags & IFF_UP) { ++ /* If the interface is up, we may need to fire off ++ * the MII timer. If the interface is down, the ++ * timer will get fired off when the open function ++ * is called. ++ */ ++ if (!new_value) { ++ cancel_delayed_work_sync(&bond->mii_work); ++ } else { + cancel_delayed_work_sync(&bond->arp_work); + queue_delayed_work(bond->wq, &bond->mii_work, 0); + } +diff --git a/drivers/net/can/sja1000/plx_pci.c b/drivers/net/can/sja1000/plx_pci.c +index 11d1062..08a606c 100644 +--- a/drivers/net/can/sja1000/plx_pci.c ++++ b/drivers/net/can/sja1000/plx_pci.c +@@ -348,7 +348,7 @@ static inline int plx_pci_check_sja1000(const struct sja1000_priv *priv) + */ + if ((priv->read_reg(priv, REG_CR) & REG_CR_BASICCAN_INITIAL_MASK) == + REG_CR_BASICCAN_INITIAL && +- (priv->read_reg(priv, REG_SR) == REG_SR_BASICCAN_INITIAL) && ++ (priv->read_reg(priv, SJA1000_REG_SR) == REG_SR_BASICCAN_INITIAL) && + (priv->read_reg(priv, REG_IR) == REG_IR_BASICCAN_INITIAL)) + flag = 1; + +@@ -360,7 +360,7 @@ static inline int plx_pci_check_sja1000(const struct sja1000_priv *priv) + * See states on p. 23 of the Datasheet. + */ + if (priv->read_reg(priv, REG_MOD) == REG_MOD_PELICAN_INITIAL && +- priv->read_reg(priv, REG_SR) == REG_SR_PELICAN_INITIAL && ++ priv->read_reg(priv, SJA1000_REG_SR) == REG_SR_PELICAN_INITIAL && + priv->read_reg(priv, REG_IR) == REG_IR_PELICAN_INITIAL) + return flag; + +diff --git a/drivers/net/can/sja1000/sja1000.c b/drivers/net/can/sja1000/sja1000.c +index 83ee11e..43921f9 100644 +--- a/drivers/net/can/sja1000/sja1000.c ++++ b/drivers/net/can/sja1000/sja1000.c +@@ -91,7 +91,7 @@ static void sja1000_write_cmdreg(struct sja1000_priv *priv, u8 val) + */ + spin_lock_irqsave(&priv->cmdreg_lock, flags); + priv->write_reg(priv, REG_CMR, val); +- priv->read_reg(priv, REG_SR); ++ priv->read_reg(priv, SJA1000_REG_SR); + spin_unlock_irqrestore(&priv->cmdreg_lock, flags); + } + +@@ -499,7 +499,7 @@ irqreturn_t sja1000_interrupt(int irq, void *dev_id) + + while ((isrc = priv->read_reg(priv, REG_IR)) && (n < SJA1000_MAX_IRQ)) { + n++; +- status = priv->read_reg(priv, REG_SR); ++ status = priv->read_reg(priv, SJA1000_REG_SR); + /* check for absent controller due to hw unplug */ + if (status == 0xFF && sja1000_is_absent(priv)) + return IRQ_NONE; +@@ -526,7 +526,7 @@ irqreturn_t sja1000_interrupt(int irq, void *dev_id) + /* receive interrupt */ + while (status & SR_RBS) { + sja1000_rx(dev); +- status = priv->read_reg(priv, REG_SR); ++ status = priv->read_reg(priv, SJA1000_REG_SR); + /* check for absent controller */ + if (status == 0xFF && sja1000_is_absent(priv)) + return IRQ_NONE; +diff --git a/drivers/net/can/sja1000/sja1000.h b/drivers/net/can/sja1000/sja1000.h +index afa9984..aa48e05 100644 +--- a/drivers/net/can/sja1000/sja1000.h ++++ b/drivers/net/can/sja1000/sja1000.h +@@ -56,7 +56,7 @@ + /* SJA1000 registers - manual section 6.4 (Pelican Mode) */ + #define REG_MOD 0x00 + #define REG_CMR 0x01 +-#define REG_SR 0x02 ++#define SJA1000_REG_SR 0x02 + #define REG_IR 0x03 + #define REG_IER 0x04 + #define REG_ALC 0x0B +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e.h b/drivers/net/ethernet/atheros/atl1e/atl1e.h +index 829b5ad..edfdf6b 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e.h ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e.h +@@ -438,7 +438,6 @@ struct atl1e_adapter { + struct atl1e_hw hw; + struct atl1e_hw_stats hw_stats; + +- bool have_msi; + u32 wol; + u16 link_speed; + u16 link_duplex; +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +index e4466a3..35faab7 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +@@ -1851,34 +1851,19 @@ static void atl1e_free_irq(struct atl1e_adapter *adapter) + struct net_device *netdev = adapter->netdev; + + free_irq(adapter->pdev->irq, netdev); +- +- if (adapter->have_msi) +- pci_disable_msi(adapter->pdev); + } + + static int atl1e_request_irq(struct atl1e_adapter *adapter) + { + struct pci_dev *pdev = adapter->pdev; + struct net_device *netdev = adapter->netdev; +- int flags = 0; + int err = 0; + +- adapter->have_msi = true; +- err = pci_enable_msi(pdev); +- if (err) { +- netdev_dbg(netdev, +- "Unable to allocate MSI interrupt Error: %d\n", err); +- adapter->have_msi = false; +- } +- +- if (!adapter->have_msi) +- flags |= IRQF_SHARED; +- err = request_irq(pdev->irq, atl1e_intr, flags, netdev->name, netdev); ++ err = request_irq(pdev->irq, atl1e_intr, IRQF_SHARED, netdev->name, ++ netdev); + if (err) { + netdev_dbg(adapter->netdev, + "Unable to allocate interrupt Error: %d\n", err); +- if (adapter->have_msi) +- pci_disable_msi(pdev); + return err; + } + netdev_dbg(netdev, "atl1e_request_irq OK\n"); +diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c +index 3ec98f2..8a5253c 100644 +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -14403,8 +14403,11 @@ static void tg3_read_vpd(struct tg3 *tp) + if (j + len > block_end) + goto partno; + +- memcpy(tp->fw_ver, &vpd_data[j], len); +- strncat(tp->fw_ver, " bc ", vpdlen - len - 1); ++ if (len >= sizeof(tp->fw_ver)) ++ len = sizeof(tp->fw_ver) - 1; ++ memset(tp->fw_ver, 0, sizeof(tp->fw_ver)); ++ snprintf(tp->fw_ver, sizeof(tp->fw_ver), "%.*s bc ", len, ++ &vpd_data[j]); + } + + partno: +diff --git a/drivers/net/ethernet/davicom/dm9000.c b/drivers/net/ethernet/davicom/dm9000.c +index c73472c..d67de83 100644 +--- a/drivers/net/ethernet/davicom/dm9000.c ++++ b/drivers/net/ethernet/davicom/dm9000.c +@@ -257,6 +257,107 @@ static void dm9000_dumpblk_32bit(void __iomem *reg, int count) + tmp = readl(reg); + } + ++/* ++ * Sleep, either by using msleep() or if we are suspending, then ++ * use mdelay() to sleep. ++ */ ++static void dm9000_msleep(board_info_t *db, unsigned int ms) ++{ ++ if (db->in_suspend) ++ mdelay(ms); ++ else ++ msleep(ms); ++} ++ ++/* Read a word from phyxcer */ ++static int ++dm9000_phy_read(struct net_device *dev, int phy_reg_unused, int reg) ++{ ++ board_info_t *db = netdev_priv(dev); ++ unsigned long flags; ++ unsigned int reg_save; ++ int ret; ++ ++ mutex_lock(&db->addr_lock); ++ ++ spin_lock_irqsave(&db->lock, flags); ++ ++ /* Save previous register address */ ++ reg_save = readb(db->io_addr); ++ ++ /* Fill the phyxcer register into REG_0C */ ++ iow(db, DM9000_EPAR, DM9000_PHY | reg); ++ ++ /* Issue phyxcer read command */ ++ iow(db, DM9000_EPCR, EPCR_ERPRR | EPCR_EPOS); ++ ++ writeb(reg_save, db->io_addr); ++ spin_unlock_irqrestore(&db->lock, flags); ++ ++ dm9000_msleep(db, 1); /* Wait read complete */ ++ ++ spin_lock_irqsave(&db->lock, flags); ++ reg_save = readb(db->io_addr); ++ ++ iow(db, DM9000_EPCR, 0x0); /* Clear phyxcer read command */ ++ ++ /* The read data keeps on REG_0D & REG_0E */ ++ ret = (ior(db, DM9000_EPDRH) << 8) | ior(db, DM9000_EPDRL); ++ ++ /* restore the previous address */ ++ writeb(reg_save, db->io_addr); ++ spin_unlock_irqrestore(&db->lock, flags); ++ ++ mutex_unlock(&db->addr_lock); ++ ++ dm9000_dbg(db, 5, "phy_read[%02x] -> %04x\n", reg, ret); ++ return ret; ++} ++ ++/* Write a word to phyxcer */ ++static void ++dm9000_phy_write(struct net_device *dev, ++ int phyaddr_unused, int reg, int value) ++{ ++ board_info_t *db = netdev_priv(dev); ++ unsigned long flags; ++ unsigned long reg_save; ++ ++ dm9000_dbg(db, 5, "phy_write[%02x] = %04x\n", reg, value); ++ mutex_lock(&db->addr_lock); ++ ++ spin_lock_irqsave(&db->lock, flags); ++ ++ /* Save previous register address */ ++ reg_save = readb(db->io_addr); ++ ++ /* Fill the phyxcer register into REG_0C */ ++ iow(db, DM9000_EPAR, DM9000_PHY | reg); ++ ++ /* Fill the written data into REG_0D & REG_0E */ ++ iow(db, DM9000_EPDRL, value); ++ iow(db, DM9000_EPDRH, value >> 8); ++ ++ /* Issue phyxcer write command */ ++ iow(db, DM9000_EPCR, EPCR_EPOS | EPCR_ERPRW); ++ ++ writeb(reg_save, db->io_addr); ++ spin_unlock_irqrestore(&db->lock, flags); ++ ++ dm9000_msleep(db, 1); /* Wait write complete */ ++ ++ spin_lock_irqsave(&db->lock, flags); ++ reg_save = readb(db->io_addr); ++ ++ iow(db, DM9000_EPCR, 0x0); /* Clear phyxcer write command */ ++ ++ /* restore the previous address */ ++ writeb(reg_save, db->io_addr); ++ ++ spin_unlock_irqrestore(&db->lock, flags); ++ mutex_unlock(&db->addr_lock); ++} ++ + /* dm9000_set_io + * + * select the specified set of io routines to use with the +@@ -794,6 +895,9 @@ dm9000_init_dm9000(struct net_device *dev) + + iow(db, DM9000_GPCR, GPCR_GEP_CNTL); /* Let GPIO0 output */ + ++ dm9000_phy_write(dev, 0, MII_BMCR, BMCR_RESET); /* PHY RESET */ ++ dm9000_phy_write(dev, 0, MII_DM_DSPCR, DSPCR_INIT_PARAM); /* Init */ ++ + ncr = (db->flags & DM9000_PLATF_EXT_PHY) ? NCR_EXT_PHY : 0; + + /* if wol is needed, then always set NCR_WAKEEN otherwise we end +@@ -1200,109 +1304,6 @@ dm9000_open(struct net_device *dev) + return 0; + } + +-/* +- * Sleep, either by using msleep() or if we are suspending, then +- * use mdelay() to sleep. +- */ +-static void dm9000_msleep(board_info_t *db, unsigned int ms) +-{ +- if (db->in_suspend) +- mdelay(ms); +- else +- msleep(ms); +-} +- +-/* +- * Read a word from phyxcer +- */ +-static int +-dm9000_phy_read(struct net_device *dev, int phy_reg_unused, int reg) +-{ +- board_info_t *db = netdev_priv(dev); +- unsigned long flags; +- unsigned int reg_save; +- int ret; +- +- mutex_lock(&db->addr_lock); +- +- spin_lock_irqsave(&db->lock,flags); +- +- /* Save previous register address */ +- reg_save = readb(db->io_addr); +- +- /* Fill the phyxcer register into REG_0C */ +- iow(db, DM9000_EPAR, DM9000_PHY | reg); +- +- iow(db, DM9000_EPCR, EPCR_ERPRR | EPCR_EPOS); /* Issue phyxcer read command */ +- +- writeb(reg_save, db->io_addr); +- spin_unlock_irqrestore(&db->lock,flags); +- +- dm9000_msleep(db, 1); /* Wait read complete */ +- +- spin_lock_irqsave(&db->lock,flags); +- reg_save = readb(db->io_addr); +- +- iow(db, DM9000_EPCR, 0x0); /* Clear phyxcer read command */ +- +- /* The read data keeps on REG_0D & REG_0E */ +- ret = (ior(db, DM9000_EPDRH) << 8) | ior(db, DM9000_EPDRL); +- +- /* restore the previous address */ +- writeb(reg_save, db->io_addr); +- spin_unlock_irqrestore(&db->lock,flags); +- +- mutex_unlock(&db->addr_lock); +- +- dm9000_dbg(db, 5, "phy_read[%02x] -> %04x\n", reg, ret); +- return ret; +-} +- +-/* +- * Write a word to phyxcer +- */ +-static void +-dm9000_phy_write(struct net_device *dev, +- int phyaddr_unused, int reg, int value) +-{ +- board_info_t *db = netdev_priv(dev); +- unsigned long flags; +- unsigned long reg_save; +- +- dm9000_dbg(db, 5, "phy_write[%02x] = %04x\n", reg, value); +- mutex_lock(&db->addr_lock); +- +- spin_lock_irqsave(&db->lock,flags); +- +- /* Save previous register address */ +- reg_save = readb(db->io_addr); +- +- /* Fill the phyxcer register into REG_0C */ +- iow(db, DM9000_EPAR, DM9000_PHY | reg); +- +- /* Fill the written data into REG_0D & REG_0E */ +- iow(db, DM9000_EPDRL, value); +- iow(db, DM9000_EPDRH, value >> 8); +- +- iow(db, DM9000_EPCR, EPCR_EPOS | EPCR_ERPRW); /* Issue phyxcer write command */ +- +- writeb(reg_save, db->io_addr); +- spin_unlock_irqrestore(&db->lock, flags); +- +- dm9000_msleep(db, 1); /* Wait write complete */ +- +- spin_lock_irqsave(&db->lock,flags); +- reg_save = readb(db->io_addr); +- +- iow(db, DM9000_EPCR, 0x0); /* Clear phyxcer write command */ +- +- /* restore the previous address */ +- writeb(reg_save, db->io_addr); +- +- spin_unlock_irqrestore(&db->lock, flags); +- mutex_unlock(&db->addr_lock); +-} +- + static void + dm9000_shutdown(struct net_device *dev) + { +@@ -1501,7 +1502,12 @@ dm9000_probe(struct platform_device *pdev) + db->flags |= DM9000_PLATF_SIMPLE_PHY; + #endif + +- dm9000_reset(db); ++ /* Fixing bug on dm9000_probe, takeover dm9000_reset(db), ++ * Need 'NCR_MAC_LBK' bit to indeed stable our DM9000 fifo ++ * while probe stage. ++ */ ++ ++ iow(db, DM9000_NCR, NCR_MAC_LBK | NCR_RST); + + /* try multiple times, DM9000 sometimes gets the read wrong */ + for (i = 0; i < 8; i++) { +diff --git a/drivers/net/ethernet/davicom/dm9000.h b/drivers/net/ethernet/davicom/dm9000.h +index 55688bd..9ce058a 100644 +--- a/drivers/net/ethernet/davicom/dm9000.h ++++ b/drivers/net/ethernet/davicom/dm9000.h +@@ -69,7 +69,9 @@ + #define NCR_WAKEEN (1<<6) + #define NCR_FCOL (1<<4) + #define NCR_FDX (1<<3) +-#define NCR_LBK (3<<1) ++ ++#define NCR_RESERVED (3<<1) ++#define NCR_MAC_LBK (1<<1) + #define NCR_RST (1<<0) + + #define NSR_SPEED (1<<7) +@@ -167,5 +169,12 @@ + #define ISR_LNKCHNG (1<<5) + #define ISR_UNDERRUN (1<<4) + ++/* Davicom MII registers. ++ */ ++ ++#define MII_DM_DSPCR 0x1b /* DSP Control Register */ ++ ++#define DSPCR_INIT_PARAM 0xE100 /* DSP init parameter */ ++ + #endif /* _DM9000X_H_ */ + +diff --git a/drivers/net/ethernet/freescale/fec_ptp.c b/drivers/net/ethernet/freescale/fec_ptp.c +index c40526c..547c9f1 100644 +--- a/drivers/net/ethernet/freescale/fec_ptp.c ++++ b/drivers/net/ethernet/freescale/fec_ptp.c +@@ -128,6 +128,7 @@ void fec_ptp_start_cyclecounter(struct net_device *ndev) + + spin_unlock_irqrestore(&fep->tmreg_lock, flags); + } ++EXPORT_SYMBOL(fec_ptp_start_cyclecounter); + + /** + * fec_ptp_adjfreq - adjust ptp cycle frequency +@@ -318,6 +319,7 @@ int fec_ptp_ioctl(struct net_device *ndev, struct ifreq *ifr, int cmd) + return copy_to_user(ifr->ifr_data, &config, sizeof(config)) ? + -EFAULT : 0; + } ++EXPORT_SYMBOL(fec_ptp_ioctl); + + /** + * fec_time_keep - call timecounter_read every second to avoid timer overrun +@@ -381,3 +383,4 @@ void fec_ptp_init(struct net_device *ndev, struct platform_device *pdev) + pr_info("registered PHC device on %s\n", ndev->name); + } + } ++EXPORT_SYMBOL(fec_ptp_init); +diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c +index 3269eb3..d23dc5e 100644 +--- a/drivers/net/ethernet/marvell/sky2.c ++++ b/drivers/net/ethernet/marvell/sky2.c +@@ -1067,7 +1067,7 @@ static void sky2_ramset(struct sky2_hw *hw, u16 q, u32 start, u32 space) + sky2_write32(hw, RB_ADDR(q, RB_RX_UTHP), tp); + sky2_write32(hw, RB_ADDR(q, RB_RX_LTHP), space/2); + +- tp = space - 2048/8; ++ tp = space - 8192/8; + sky2_write32(hw, RB_ADDR(q, RB_RX_UTPP), tp); + sky2_write32(hw, RB_ADDR(q, RB_RX_LTPP), space/4); + } else { +diff --git a/drivers/net/ethernet/marvell/sky2.h b/drivers/net/ethernet/marvell/sky2.h +index 615ac63..ec6dcd8 100644 +--- a/drivers/net/ethernet/marvell/sky2.h ++++ b/drivers/net/ethernet/marvell/sky2.h +@@ -2074,7 +2074,7 @@ enum { + GM_IS_RX_FF_OR = 1<<1, /* Receive FIFO Overrun */ + GM_IS_RX_COMPL = 1<<0, /* Frame Reception Complete */ + +-#define GMAC_DEF_MSK GM_IS_TX_FF_UR ++#define GMAC_DEF_MSK (GM_IS_TX_FF_UR | GM_IS_RX_FF_OR) + }; + + /* GMAC_LINK_CTRL 16 bit GMAC Link Control Reg (YUKON only) */ +diff --git a/drivers/net/ethernet/micrel/ks8851.c b/drivers/net/ethernet/micrel/ks8851.c +index 286816a..1e42882 100644 +--- a/drivers/net/ethernet/micrel/ks8851.c ++++ b/drivers/net/ethernet/micrel/ks8851.c +@@ -547,7 +547,7 @@ static void ks8851_rx_pkts(struct ks8851_net *ks) + for (; rxfc != 0; rxfc--) { + rxh = ks8851_rdreg32(ks, KS_RXFHSR); + rxstat = rxh & 0xffff; +- rxlen = rxh >> 16; ++ rxlen = (rxh >> 16) & 0xfff; + + netif_dbg(ks, rx_status, ks->netdev, + "rx: stat 0x%04x, len 0x%04x\n", rxstat, rxlen); +diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c +index 39ab4d0..73ce7dd 100644 +--- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c ++++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c +@@ -1726,9 +1726,9 @@ pch_gbe_clean_rx(struct pch_gbe_adapter *adapter, + + skb->protocol = eth_type_trans(skb, netdev); + if (tcp_ip_status & PCH_GBE_RXD_ACC_STAT_TCPIPOK) +- skb->ip_summed = CHECKSUM_NONE; +- else + skb->ip_summed = CHECKSUM_UNNECESSARY; ++ else ++ skb->ip_summed = CHECKSUM_NONE; + + napi_gro_receive(&adapter->napi, skb); + (*work_done)++; +diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c +index 40aff68..3b1be52 100644 +--- a/drivers/net/ethernet/ti/cpsw.c ++++ b/drivers/net/ethernet/ti/cpsw.c +@@ -375,7 +375,7 @@ void cpsw_tx_handler(void *token, int len, int status) + struct cpsw_priv *priv = netdev_priv(ndev); + + if (unlikely(netif_queue_stopped(ndev))) +- netif_start_queue(ndev); ++ netif_wake_queue(ndev); + cpts_tx_timestamp(&priv->cpts, skb); + priv->stats.tx_packets++; + priv->stats.tx_bytes += len; +@@ -1111,7 +1111,7 @@ static int cpsw_probe_dt(struct cpsw_platform_data *data, + struct platform_device *mdio; + + parp = of_get_property(slave_node, "phy_id", &lenp); +- if ((parp == NULL) && (lenp != (sizeof(void *) * 2))) { ++ if ((parp == NULL) || (lenp != (sizeof(void *) * 2))) { + pr_err("Missing slave[%d] phy_id property\n", i); + ret = -EINVAL; + goto error_ret; +diff --git a/drivers/net/ethernet/ti/davinci_emac.c b/drivers/net/ethernet/ti/davinci_emac.c +index 2a3e2c5..4ebcb24 100644 +--- a/drivers/net/ethernet/ti/davinci_emac.c ++++ b/drivers/net/ethernet/ti/davinci_emac.c +@@ -1055,7 +1055,7 @@ static void emac_tx_handler(void *token, int len, int status) + atomic_dec(&priv->cur_tx); + + if (unlikely(netif_queue_stopped(ndev))) +- netif_start_queue(ndev); ++ netif_wake_queue(ndev); + ndev->stats.tx_packets++; + ndev->stats.tx_bytes += len; + dev_kfree_skb_any(skb); +diff --git a/drivers/net/usb/smsc75xx.c b/drivers/net/usb/smsc75xx.c +index 251a335..937c09d 100644 +--- a/drivers/net/usb/smsc75xx.c ++++ b/drivers/net/usb/smsc75xx.c +@@ -914,8 +914,12 @@ static int smsc75xx_set_rx_max_frame_length(struct usbnet *dev, int size) + static int smsc75xx_change_mtu(struct net_device *netdev, int new_mtu) + { + struct usbnet *dev = netdev_priv(netdev); ++ int ret; ++ ++ if (new_mtu > MAX_SINGLE_PACKET_SIZE) ++ return -EINVAL; + +- int ret = smsc75xx_set_rx_max_frame_length(dev, new_mtu); ++ ret = smsc75xx_set_rx_max_frame_length(dev, new_mtu + ETH_HLEN); + if (ret < 0) { + netdev_warn(dev->net, "Failed to set mac rx frame length\n"); + return ret; +@@ -1324,7 +1328,7 @@ static int smsc75xx_reset(struct usbnet *dev) + + netif_dbg(dev, ifup, dev->net, "FCT_TX_CTL set to 0x%08x\n", buf); + +- ret = smsc75xx_set_rx_max_frame_length(dev, 1514); ++ ret = smsc75xx_set_rx_max_frame_length(dev, dev->net->mtu + ETH_HLEN); + if (ret < 0) { + netdev_warn(dev->net, "Failed to set max rx frame length\n"); + return ret; +@@ -2136,8 +2140,8 @@ static int smsc75xx_rx_fixup(struct usbnet *dev, struct sk_buff *skb) + else if (rx_cmd_a & (RX_CMD_A_LONG | RX_CMD_A_RUNT)) + dev->net->stats.rx_frame_errors++; + } else { +- /* ETH_FRAME_LEN + 4(CRC) + 2(COE) + 4(Vlan) */ +- if (unlikely(size > (ETH_FRAME_LEN + 12))) { ++ /* MAX_SINGLE_PACKET_SIZE + 4(CRC) + 2(COE) + 4(Vlan) */ ++ if (unlikely(size > (MAX_SINGLE_PACKET_SIZE + ETH_HLEN + 12))) { + netif_dbg(dev, rx_err, dev->net, + "size err rx_cmd_a=0x%08x\n", + rx_cmd_a); +diff --git a/drivers/net/wireless/ath/ath9k/ar9003_calib.c b/drivers/net/wireless/ath/ath9k/ar9003_calib.c +index 56317b0..e99f481 100644 +--- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c +@@ -976,6 +976,7 @@ static bool ar9003_hw_init_cal(struct ath_hw *ah, + AR_PHY_CL_TAB_1, + AR_PHY_CL_TAB_2 }; + ++ /* Use chip chainmask only for calibration */ + ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask); + + if (rtt) { +@@ -1131,6 +1132,9 @@ skip_tx_iqcal: + ar9003_hw_rtt_disable(ah); + } + ++ /* Revert chainmask to runtime parameters */ ++ ar9003_hw_set_chain_masks(ah, ah->rxchainmask, ah->txchainmask); ++ + /* Initialize list pointers */ + ah->cal_list = ah->cal_list_last = ah->cal_list_curr = NULL; + ah->supp_cals = IQ_MISMATCH_CAL; +diff --git a/drivers/net/wireless/ath/ath9k/link.c b/drivers/net/wireless/ath/ath9k/link.c +index ade3afb..7fdac6c 100644 +--- a/drivers/net/wireless/ath/ath9k/link.c ++++ b/drivers/net/wireless/ath/ath9k/link.c +@@ -28,21 +28,21 @@ void ath_tx_complete_poll_work(struct work_struct *work) + int i; + bool needreset = false; + +- for (i = 0; i < ATH9K_NUM_TX_QUEUES; i++) +- if (ATH_TXQ_SETUP(sc, i)) { +- txq = &sc->tx.txq[i]; +- ath_txq_lock(sc, txq); +- if (txq->axq_depth) { +- if (txq->axq_tx_inprogress) { +- needreset = true; +- ath_txq_unlock(sc, txq); +- break; +- } else { +- txq->axq_tx_inprogress = true; +- } ++ for (i = 0; i < IEEE80211_NUM_ACS; i++) { ++ txq = sc->tx.txq_map[i]; ++ ++ ath_txq_lock(sc, txq); ++ if (txq->axq_depth) { ++ if (txq->axq_tx_inprogress) { ++ needreset = true; ++ ath_txq_unlock(sc, txq); ++ break; ++ } else { ++ txq->axq_tx_inprogress = true; + } +- ath_txq_unlock_complete(sc, txq); + } ++ ath_txq_unlock_complete(sc, txq); ++ } + + if (needreset) { + ath_dbg(ath9k_hw_common(sc->sc_ah), RESET, +@@ -170,7 +170,8 @@ void ath_rx_poll(unsigned long data) + { + struct ath_softc *sc = (struct ath_softc *)data; + +- ieee80211_queue_work(sc->hw, &sc->hw_check_work); ++ if (!test_bit(SC_OP_INVALID, &sc->sc_flags)) ++ ieee80211_queue_work(sc->hw, &sc->hw_check_work); + } + + /* +diff --git a/drivers/net/wireless/b43/dma.c b/drivers/net/wireless/b43/dma.c +index 38bc5a7..1221469 100644 +--- a/drivers/net/wireless/b43/dma.c ++++ b/drivers/net/wireless/b43/dma.c +@@ -1487,8 +1487,12 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, + const struct b43_dma_ops *ops; + struct b43_dmaring *ring; + struct b43_dmadesc_meta *meta; ++ static const struct b43_txstatus fake; /* filled with 0 */ ++ const struct b43_txstatus *txstat; + int slot, firstused; + bool frame_succeed; ++ int skip; ++ static u8 err_out1, err_out2; + + ring = parse_cookie(dev, status->cookie, &slot); + if (unlikely(!ring)) +@@ -1501,13 +1505,36 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, + firstused = ring->current_slot - ring->used_slots + 1; + if (firstused < 0) + firstused = ring->nr_slots + firstused; ++ ++ skip = 0; + if (unlikely(slot != firstused)) { + /* This possibly is a firmware bug and will result in +- * malfunction, memory leaks and/or stall of DMA functionality. */ +- b43dbg(dev->wl, "Out of order TX status report on DMA ring %d. " +- "Expected %d, but got %d\n", +- ring->index, firstused, slot); +- return; ++ * malfunction, memory leaks and/or stall of DMA functionality. ++ */ ++ if (slot == next_slot(ring, next_slot(ring, firstused))) { ++ /* If a single header/data pair was missed, skip over ++ * the first two slots in an attempt to recover. ++ */ ++ slot = firstused; ++ skip = 2; ++ if (!err_out1) { ++ /* Report the error once. */ ++ b43dbg(dev->wl, ++ "Skip on DMA ring %d slot %d.\n", ++ ring->index, slot); ++ err_out1 = 1; ++ } ++ } else { ++ /* More than a single header/data pair were missed. ++ * Report this error once. ++ */ ++ if (!err_out2) ++ b43dbg(dev->wl, ++ "Out of order TX status report on DMA ring %d. Expected %d, but got %d\n", ++ ring->index, firstused, slot); ++ err_out2 = 1; ++ return; ++ } + } + + ops = ring->ops; +@@ -1522,11 +1549,13 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, + slot, firstused, ring->index); + break; + } ++ + if (meta->skb) { + struct b43_private_tx_info *priv_info = +- b43_get_priv_tx_info(IEEE80211_SKB_CB(meta->skb)); ++ b43_get_priv_tx_info(IEEE80211_SKB_CB(meta->skb)); + +- unmap_descbuffer(ring, meta->dmaaddr, meta->skb->len, 1); ++ unmap_descbuffer(ring, meta->dmaaddr, ++ meta->skb->len, 1); + kfree(priv_info->bouncebuffer); + priv_info->bouncebuffer = NULL; + } else { +@@ -1538,8 +1567,9 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, + struct ieee80211_tx_info *info; + + if (unlikely(!meta->skb)) { +- /* This is a scatter-gather fragment of a frame, so +- * the skb pointer must not be NULL. */ ++ /* This is a scatter-gather fragment of a frame, ++ * so the skb pointer must not be NULL. ++ */ + b43dbg(dev->wl, "TX status unexpected NULL skb " + "at slot %d (first=%d) on ring %d\n", + slot, firstused, ring->index); +@@ -1550,9 +1580,18 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, + + /* + * Call back to inform the ieee80211 subsystem about +- * the status of the transmission. ++ * the status of the transmission. When skipping over ++ * a missed TX status report, use a status structure ++ * filled with zeros to indicate that the frame was not ++ * sent (frame_count 0) and not acknowledged + */ +- frame_succeed = b43_fill_txstatus_report(dev, info, status); ++ if (unlikely(skip)) ++ txstat = &fake; ++ else ++ txstat = status; ++ ++ frame_succeed = b43_fill_txstatus_report(dev, info, ++ txstat); + #ifdef CONFIG_B43_DEBUG + if (frame_succeed) + ring->nr_succeed_tx_packets++; +@@ -1580,12 +1619,14 @@ void b43_dma_handle_txstatus(struct b43_wldev *dev, + /* Everything unmapped and free'd. So it's not used anymore. */ + ring->used_slots--; + +- if (meta->is_last_fragment) { ++ if (meta->is_last_fragment && !skip) { + /* This is the last scatter-gather + * fragment of the frame. We are done. */ + break; + } + slot = next_slot(ring, slot); ++ if (skip > 0) ++ --skip; + } + if (ring->stopped) { + B43_WARN_ON(free_slots(ring) < TX_SLOTS_PER_FRAME); +diff --git a/drivers/net/wireless/b43/phy_n.c b/drivers/net/wireless/b43/phy_n.c +index 3c35382..e8486c1 100644 +--- a/drivers/net/wireless/b43/phy_n.c ++++ b/drivers/net/wireless/b43/phy_n.c +@@ -1564,7 +1564,7 @@ static void b43_nphy_rev3_rssi_cal(struct b43_wldev *dev) + u16 clip_off[2] = { 0xFFFF, 0xFFFF }; + + u8 vcm_final = 0; +- s8 offset[4]; ++ s32 offset[4]; + s32 results[8][4] = { }; + s32 results_min[4] = { }; + s32 poll_results[4] = { }; +@@ -1615,7 +1615,7 @@ static void b43_nphy_rev3_rssi_cal(struct b43_wldev *dev) + } + for (i = 0; i < 4; i += 2) { + s32 curr; +- s32 mind = 40; ++ s32 mind = 0x100000; + s32 minpoll = 249; + u8 minvcm = 0; + if (2 * core != i) +@@ -1732,7 +1732,7 @@ static void b43_nphy_rev2_rssi_cal(struct b43_wldev *dev, u8 type) + u8 regs_save_radio[2]; + u16 regs_save_phy[2]; + +- s8 offset[4]; ++ s32 offset[4]; + u8 core; + u8 rail; + +@@ -1799,7 +1799,7 @@ static void b43_nphy_rev2_rssi_cal(struct b43_wldev *dev, u8 type) + } + + for (i = 0; i < 4; i++) { +- s32 mind = 40; ++ s32 mind = 0x100000; + u8 minvcm = 0; + s32 minpoll = 249; + s32 curr; +diff --git a/drivers/net/wireless/iwlwifi/dvm/lib.c b/drivers/net/wireless/iwlwifi/dvm/lib.c +index 6ff4660..0348f42 100644 +--- a/drivers/net/wireless/iwlwifi/dvm/lib.c ++++ b/drivers/net/wireless/iwlwifi/dvm/lib.c +@@ -1262,6 +1262,15 @@ int iwl_dvm_send_cmd(struct iwl_priv *priv, struct iwl_host_cmd *cmd) + } + + /* ++ * This can happen upon FW ASSERT: we clear the STATUS_FW_ERROR flag ++ * in iwl_down but cancel the workers only later. ++ */ ++ if (!priv->ucode_loaded) { ++ IWL_ERR(priv, "Fw not loaded - dropping CMD: %x\n", cmd->id); ++ return -EIO; ++ } ++ ++ /* + * Synchronous commands from this op-mode must hold + * the mutex, this ensures we don't try to send two + * (or more) synchronous commands at a time. +diff --git a/drivers/net/wireless/iwlwifi/dvm/ucode.c b/drivers/net/wireless/iwlwifi/dvm/ucode.c +index c6467e5..9b138b8 100644 +--- a/drivers/net/wireless/iwlwifi/dvm/ucode.c ++++ b/drivers/net/wireless/iwlwifi/dvm/ucode.c +@@ -450,6 +450,8 @@ int iwl_load_ucode_wait_alive(struct iwl_priv *priv, + return -EIO; + } + ++ priv->ucode_loaded = true; ++ + /* + * This step takes a long time (60-80ms!!) and + * WoWLAN image should be loaded quickly, so +@@ -474,8 +476,6 @@ int iwl_load_ucode_wait_alive(struct iwl_priv *priv, + return ret; + } + +- priv->ucode_loaded = true; +- + return 0; + } + +diff --git a/drivers/net/wireless/iwlwifi/pcie/tx.c b/drivers/net/wireless/iwlwifi/pcie/tx.c +index c6cd922..d760da9 100644 +--- a/drivers/net/wireless/iwlwifi/pcie/tx.c ++++ b/drivers/net/wireless/iwlwifi/pcie/tx.c +@@ -1242,7 +1242,7 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans, + for (i = 0; i < IWL_MAX_CMD_TFDS; i++) { + int copy = 0; + +- if (!cmd->len) ++ if (!cmd->len[i]) + continue; + + /* need at least IWL_HCMD_MIN_COPY_SIZE copied */ +diff --git a/drivers/net/wireless/mwifiex/cmdevt.c b/drivers/net/wireless/mwifiex/cmdevt.c +index 5f438e6..bc9a402 100644 +--- a/drivers/net/wireless/mwifiex/cmdevt.c ++++ b/drivers/net/wireless/mwifiex/cmdevt.c +@@ -156,6 +156,20 @@ static int mwifiex_dnld_cmd_to_fw(struct mwifiex_private *priv, + return -1; + } + ++ cmd_code = le16_to_cpu(host_cmd->command); ++ cmd_size = le16_to_cpu(host_cmd->size); ++ ++ if (adapter->hw_status == MWIFIEX_HW_STATUS_RESET && ++ cmd_code != HostCmd_CMD_FUNC_SHUTDOWN && ++ cmd_code != HostCmd_CMD_FUNC_INIT) { ++ dev_err(adapter->dev, ++ "DNLD_CMD: FW in reset state, ignore cmd %#x\n", ++ cmd_code); ++ mwifiex_complete_cmd(adapter, cmd_node); ++ mwifiex_insert_cmd_to_free_q(adapter, cmd_node); ++ return -1; ++ } ++ + /* Set command sequence number */ + adapter->seq_num++; + host_cmd->seq_num = cpu_to_le16(HostCmd_SET_SEQ_NO_BSS_INFO +@@ -167,9 +181,6 @@ static int mwifiex_dnld_cmd_to_fw(struct mwifiex_private *priv, + adapter->curr_cmd = cmd_node; + spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags); + +- cmd_code = le16_to_cpu(host_cmd->command); +- cmd_size = le16_to_cpu(host_cmd->size); +- + /* Adjust skb length */ + if (cmd_node->cmd_skb->len > cmd_size) + /* +@@ -488,8 +499,6 @@ int mwifiex_send_cmd_sync(struct mwifiex_private *priv, uint16_t cmd_no, + + ret = mwifiex_send_cmd_async(priv, cmd_no, cmd_action, cmd_oid, + data_buf); +- if (!ret) +- ret = mwifiex_wait_queue_complete(adapter); + + return ret; + } +@@ -592,9 +601,10 @@ int mwifiex_send_cmd_async(struct mwifiex_private *priv, uint16_t cmd_no, + if (cmd_no == HostCmd_CMD_802_11_SCAN) { + mwifiex_queue_scan_cmd(priv, cmd_node); + } else { +- adapter->cmd_queued = cmd_node; + mwifiex_insert_cmd_to_pending_q(adapter, cmd_node, true); + queue_work(adapter->workqueue, &adapter->main_work); ++ if (cmd_node->wait_q_enabled) ++ ret = mwifiex_wait_queue_complete(adapter, cmd_node); + } + + return ret; +diff --git a/drivers/net/wireless/mwifiex/init.c b/drivers/net/wireless/mwifiex/init.c +index 39f03ce..78c3aa6 100644 +--- a/drivers/net/wireless/mwifiex/init.c ++++ b/drivers/net/wireless/mwifiex/init.c +@@ -707,6 +707,14 @@ mwifiex_shutdown_drv(struct mwifiex_adapter *adapter) + return ret; + } + ++ /* cancel current command */ ++ if (adapter->curr_cmd) { ++ dev_warn(adapter->dev, "curr_cmd is still in processing\n"); ++ del_timer(&adapter->cmd_timer); ++ mwifiex_insert_cmd_to_free_q(adapter, adapter->curr_cmd); ++ adapter->curr_cmd = NULL; ++ } ++ + /* shut down mwifiex */ + dev_dbg(adapter->dev, "info: shutdown mwifiex...\n"); + +diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h +index 1b3cfc8..db39449 100644 +--- a/drivers/net/wireless/mwifiex/main.h ++++ b/drivers/net/wireless/mwifiex/main.h +@@ -714,7 +714,6 @@ struct mwifiex_adapter { + u16 cmd_wait_q_required; + struct mwifiex_wait_queue cmd_wait_q; + u8 scan_wait_q_woken; +- struct cmd_ctrl_node *cmd_queued; + spinlock_t queue_lock; /* lock for tx queues */ + struct completion fw_load; + u8 country_code[IEEE80211_COUNTRY_STRING_LEN]; +@@ -994,7 +993,8 @@ int mwifiex_request_set_multicast_list(struct mwifiex_private *priv, + struct mwifiex_multicast_list *mcast_list); + int mwifiex_copy_mcast_addr(struct mwifiex_multicast_list *mlist, + struct net_device *dev); +-int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter); ++int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter, ++ struct cmd_ctrl_node *cmd_queued); + int mwifiex_bss_start(struct mwifiex_private *priv, struct cfg80211_bss *bss, + struct cfg80211_ssid *req_ssid); + int mwifiex_cancel_hs(struct mwifiex_private *priv, int cmd_type); +diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c +index 973a9d9..8955a0e 100644 +--- a/drivers/net/wireless/mwifiex/scan.c ++++ b/drivers/net/wireless/mwifiex/scan.c +@@ -1366,10 +1366,13 @@ int mwifiex_scan_networks(struct mwifiex_private *priv, + list_del(&cmd_node->list); + spin_unlock_irqrestore(&adapter->scan_pending_q_lock, + flags); +- adapter->cmd_queued = cmd_node; + mwifiex_insert_cmd_to_pending_q(adapter, cmd_node, + true); + queue_work(adapter->workqueue, &adapter->main_work); ++ ++ /* Perform internal scan synchronously */ ++ if (!priv->scan_request) ++ mwifiex_wait_queue_complete(adapter, cmd_node); + } else { + spin_unlock_irqrestore(&adapter->scan_pending_q_lock, + flags); +@@ -1923,9 +1926,6 @@ int mwifiex_request_scan(struct mwifiex_private *priv, + /* Normal scan */ + ret = mwifiex_scan_networks(priv, NULL); + +- if (!ret) +- ret = mwifiex_wait_queue_complete(priv->adapter); +- + up(&priv->async_sem); + + return ret; +diff --git a/drivers/net/wireless/mwifiex/sta_ioctl.c b/drivers/net/wireless/mwifiex/sta_ioctl.c +index f542bb8..1798bc7 100644 +--- a/drivers/net/wireless/mwifiex/sta_ioctl.c ++++ b/drivers/net/wireless/mwifiex/sta_ioctl.c +@@ -54,16 +54,10 @@ int mwifiex_copy_mcast_addr(struct mwifiex_multicast_list *mlist, + * This function waits on a cmd wait queue. It also cancels the pending + * request after waking up, in case of errors. + */ +-int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter) ++int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter, ++ struct cmd_ctrl_node *cmd_queued) + { + int status; +- struct cmd_ctrl_node *cmd_queued; +- +- if (!adapter->cmd_queued) +- return 0; +- +- cmd_queued = adapter->cmd_queued; +- adapter->cmd_queued = NULL; + + dev_dbg(adapter->dev, "cmd pending\n"); + atomic_inc(&adapter->cmd_pending); +diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c +index 2106fcf..82bc684 100644 +--- a/drivers/net/wireless/rtlwifi/usb.c ++++ b/drivers/net/wireless/rtlwifi/usb.c +@@ -854,6 +854,7 @@ static void _rtl_usb_transmit(struct ieee80211_hw *hw, struct sk_buff *skb, + if (unlikely(!_urb)) { + RT_TRACE(rtlpriv, COMP_ERR, DBG_EMERG, + "Can't allocate urb. Drop skb!\n"); ++ kfree_skb(skb); + return; + } + urb_list = &rtlusb->tx_pending[ep_num]; +diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c +index 2785843..5a0f54a 100644 +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -200,8 +200,8 @@ static int regulator_check_consumers(struct regulator_dev *rdev, + } + + if (*min_uV > *max_uV) { +- dev_err(regulator->dev, "Restricting voltage, %u-%uuV\n", +- regulator->min_uV, regulator->max_uV); ++ rdev_err(rdev, "Restricting voltage, %u-%uuV\n", ++ *min_uV, *max_uV); + return -EINVAL; + } + +diff --git a/drivers/staging/comedi/drivers/s626.c b/drivers/staging/comedi/drivers/s626.c +index 6dc1d28..5b65b52 100644 +--- a/drivers/staging/comedi/drivers/s626.c ++++ b/drivers/staging/comedi/drivers/s626.c +@@ -1482,7 +1482,7 @@ static int s626_ai_cmd(struct comedi_device *dev, struct comedi_subdevice *s) + case TRIG_NONE: + /* continous acquisition */ + devpriv->ai_continous = 1; +- devpriv->ai_sample_count = 0; ++ devpriv->ai_sample_count = 1; + break; + } + +diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c +index bd587b7..fcf880f 100644 +--- a/drivers/target/target_core_transport.c ++++ b/drivers/target/target_core_transport.c +@@ -1136,8 +1136,10 @@ target_setup_cmd_from_cdb(struct se_cmd *cmd, unsigned char *cdb) + return ret; + + ret = target_check_reservation(cmd); +- if (ret) ++ if (ret) { ++ cmd->scsi_status = SAM_STAT_RESERVATION_CONFLICT; + return ret; ++ } + + ret = dev->transport->parse_cdb(cmd); + if (ret) +diff --git a/drivers/tty/serial/atmel_serial.c b/drivers/tty/serial/atmel_serial.c +index 922e85a..2d2288d 100644 +--- a/drivers/tty/serial/atmel_serial.c ++++ b/drivers/tty/serial/atmel_serial.c +@@ -158,7 +158,7 @@ struct atmel_uart_port { + }; + + static struct atmel_uart_port atmel_ports[ATMEL_MAX_UART]; +-static unsigned long atmel_ports_in_use; ++static DECLARE_BITMAP(atmel_ports_in_use, ATMEL_MAX_UART); + + #ifdef SUPPORT_SYSRQ + static struct console atmel_console; +@@ -1768,15 +1768,14 @@ static int atmel_serial_probe(struct platform_device *pdev) + if (ret < 0) + /* port id not found in platform data nor device-tree aliases: + * auto-enumerate it */ +- ret = find_first_zero_bit(&atmel_ports_in_use, +- sizeof(atmel_ports_in_use)); ++ ret = find_first_zero_bit(atmel_ports_in_use, ATMEL_MAX_UART); + +- if (ret > ATMEL_MAX_UART) { ++ if (ret >= ATMEL_MAX_UART) { + ret = -ENODEV; + goto err; + } + +- if (test_and_set_bit(ret, &atmel_ports_in_use)) { ++ if (test_and_set_bit(ret, atmel_ports_in_use)) { + /* port already in use */ + ret = -EBUSY; + goto err; +@@ -1856,7 +1855,7 @@ static int atmel_serial_remove(struct platform_device *pdev) + + /* "port" is allocated statically, so we shouldn't free it */ + +- clear_bit(port->line, &atmel_ports_in_use); ++ clear_bit(port->line, atmel_ports_in_use); + + clk_put(atmel_port->clk); + +diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c +index fa7268a..6abb92c 100644 +--- a/drivers/tty/vt/vc_screen.c ++++ b/drivers/tty/vt/vc_screen.c +@@ -93,7 +93,7 @@ vcs_poll_data_free(struct vcs_poll_data *poll) + static struct vcs_poll_data * + vcs_poll_data_get(struct file *file) + { +- struct vcs_poll_data *poll = file->private_data; ++ struct vcs_poll_data *poll = file->private_data, *kill = NULL; + + if (poll) + return poll; +@@ -122,10 +122,12 @@ vcs_poll_data_get(struct file *file) + file->private_data = poll; + } else { + /* someone else raced ahead of us */ +- vcs_poll_data_free(poll); ++ kill = poll; + poll = file->private_data; + } + spin_unlock(&file->f_lock); ++ if (kill) ++ vcs_poll_data_free(kill); + + return poll; + } +diff --git a/drivers/usb/gadget/udc-core.c b/drivers/usb/gadget/udc-core.c +index 4d90a80..34a3907 100644 +--- a/drivers/usb/gadget/udc-core.c ++++ b/drivers/usb/gadget/udc-core.c +@@ -265,7 +265,7 @@ static void usb_gadget_remove_driver(struct usb_udc *udc) + usb_gadget_disconnect(udc->gadget); + udc->driver->disconnect(udc->gadget); + udc->driver->unbind(udc->gadget); +- usb_gadget_udc_stop(udc->gadget, udc->driver); ++ usb_gadget_udc_stop(udc->gadget, NULL); + } else { + usb_gadget_stop(udc->gadget, udc->driver); + } +diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c +index b476daf..010f686 100644 +--- a/drivers/usb/host/ehci-sched.c ++++ b/drivers/usb/host/ehci-sched.c +@@ -1214,6 +1214,7 @@ itd_urb_transaction ( + + memset (itd, 0, sizeof *itd); + itd->itd_dma = itd_dma; ++ itd->frame = 9999; /* an invalid value */ + list_add (&itd->itd_list, &sched->td_list); + } + spin_unlock_irqrestore (&ehci->lock, flags); +@@ -1915,6 +1916,7 @@ sitd_urb_transaction ( + + memset (sitd, 0, sizeof *sitd); + sitd->sitd_dma = sitd_dma; ++ sitd->frame = 9999; /* an invalid value */ + list_add (&sitd->sitd_list, &iso_sched->td_list); + } + +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c +index 7f76a49..f2845f1 100644 +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -2027,8 +2027,8 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td, + if (event_trb != ep_ring->dequeue && + event_trb != td->last_trb) + td->urb->actual_length = +- td->urb->transfer_buffer_length +- - TRB_LEN(le32_to_cpu(event->transfer_len)); ++ td->urb->transfer_buffer_length - ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); + else + td->urb->actual_length = 0; + +@@ -2060,7 +2060,7 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td, + /* Maybe the event was for the data stage? */ + td->urb->actual_length = + td->urb->transfer_buffer_length - +- TRB_LEN(le32_to_cpu(event->transfer_len)); ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); + xhci_dbg(xhci, "Waiting for status " + "stage event\n"); + return 0; +@@ -2096,7 +2096,7 @@ static int process_isoc_td(struct xhci_hcd *xhci, struct xhci_td *td, + /* handle completion code */ + switch (trb_comp_code) { + case COMP_SUCCESS: +- if (TRB_LEN(le32_to_cpu(event->transfer_len)) == 0) { ++ if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) == 0) { + frame->status = 0; + break; + } +@@ -2141,7 +2141,7 @@ static int process_isoc_td(struct xhci_hcd *xhci, struct xhci_td *td, + len += TRB_LEN(le32_to_cpu(cur_trb->generic.field[2])); + } + len += TRB_LEN(le32_to_cpu(cur_trb->generic.field[2])) - +- TRB_LEN(le32_to_cpu(event->transfer_len)); ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); + + if (trb_comp_code != COMP_STOP_INVAL) { + frame->actual_length = len; +@@ -2199,7 +2199,7 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td, + case COMP_SUCCESS: + /* Double check that the HW transferred everything. */ + if (event_trb != td->last_trb || +- TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) { ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) { + xhci_warn(xhci, "WARN Successful completion " + "on short TX\n"); + if (td->urb->transfer_flags & URB_SHORT_NOT_OK) +@@ -2227,18 +2227,18 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td, + "%d bytes untransferred\n", + td->urb->ep->desc.bEndpointAddress, + td->urb->transfer_buffer_length, +- TRB_LEN(le32_to_cpu(event->transfer_len))); ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))); + /* Fast path - was this the last TRB in the TD for this URB? */ + if (event_trb == td->last_trb) { +- if (TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) { ++ if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) { + td->urb->actual_length = + td->urb->transfer_buffer_length - +- TRB_LEN(le32_to_cpu(event->transfer_len)); ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); + if (td->urb->transfer_buffer_length < + td->urb->actual_length) { + xhci_warn(xhci, "HC gave bad length " + "of %d bytes left\n", +- TRB_LEN(le32_to_cpu(event->transfer_len))); ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))); + td->urb->actual_length = 0; + if (td->urb->transfer_flags & URB_SHORT_NOT_OK) + *status = -EREMOTEIO; +@@ -2280,7 +2280,7 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td, + if (trb_comp_code != COMP_STOP_INVAL) + td->urb->actual_length += + TRB_LEN(le32_to_cpu(cur_trb->generic.field[2])) - +- TRB_LEN(le32_to_cpu(event->transfer_len)); ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); + } + + return finish_td(xhci, td, event_trb, event, ep, status, false); +@@ -2368,7 +2368,7 @@ static int handle_tx_event(struct xhci_hcd *xhci, + * transfer type + */ + case COMP_SUCCESS: +- if (TRB_LEN(le32_to_cpu(event->transfer_len)) == 0) ++ if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) == 0) + break; + if (xhci->quirks & XHCI_TRUST_TX_LENGTH) + trb_comp_code = COMP_SHORT_TX; +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h +index 2c510e4..6a563ef 100644 +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -972,6 +972,10 @@ struct xhci_transfer_event { + __le32 flags; + }; + ++/* Transfer event TRB length bit mask */ ++/* bits 0:23 */ ++#define EVENT_TRB_LEN(p) ((p) & 0xffffff) ++ + /** Transfer Event bit fields **/ + #define TRB_TO_EP_ID(p) (((p) >> 16) & 0x1f) + +diff --git a/drivers/usb/serial/ark3116.c b/drivers/usb/serial/ark3116.c +index a88882c..0b44e45 100644 +--- a/drivers/usb/serial/ark3116.c ++++ b/drivers/usb/serial/ark3116.c +@@ -62,7 +62,6 @@ static int is_irda(struct usb_serial *serial) + } + + struct ark3116_private { +- wait_queue_head_t delta_msr_wait; + struct async_icount icount; + int irda; /* 1 for irda device */ + +@@ -146,7 +145,6 @@ static int ark3116_port_probe(struct usb_serial_port *port) + if (!priv) + return -ENOMEM; + +- init_waitqueue_head(&priv->delta_msr_wait); + mutex_init(&priv->hw_lock); + spin_lock_init(&priv->status_lock); + +@@ -456,10 +454,14 @@ static int ark3116_ioctl(struct tty_struct *tty, + case TIOCMIWAIT: + for (;;) { + struct async_icount prev = priv->icount; +- interruptible_sleep_on(&priv->delta_msr_wait); ++ interruptible_sleep_on(&port->delta_msr_wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ + if ((prev.rng == priv->icount.rng) && + (prev.dsr == priv->icount.dsr) && + (prev.dcd == priv->icount.dcd) && +@@ -580,7 +582,7 @@ static void ark3116_update_msr(struct usb_serial_port *port, __u8 msr) + priv->icount.dcd++; + if (msr & UART_MSR_TERI) + priv->icount.rng++; +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + } + } + +diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c +index d255f66..07d4650 100644 +--- a/drivers/usb/serial/ch341.c ++++ b/drivers/usb/serial/ch341.c +@@ -80,7 +80,6 @@ MODULE_DEVICE_TABLE(usb, id_table); + + struct ch341_private { + spinlock_t lock; /* access lock */ +- wait_queue_head_t delta_msr_wait; /* wait queue for modem status */ + unsigned baud_rate; /* set baud rate */ + u8 line_control; /* set line control value RTS/DTR */ + u8 line_status; /* active status of modem control inputs */ +@@ -252,7 +251,6 @@ static int ch341_port_probe(struct usb_serial_port *port) + return -ENOMEM; + + spin_lock_init(&priv->lock); +- init_waitqueue_head(&priv->delta_msr_wait); + priv->baud_rate = DEFAULT_BAUD_RATE; + priv->line_control = CH341_BIT_RTS | CH341_BIT_DTR; + +@@ -298,7 +296,7 @@ static void ch341_dtr_rts(struct usb_serial_port *port, int on) + priv->line_control &= ~(CH341_BIT_RTS | CH341_BIT_DTR); + spin_unlock_irqrestore(&priv->lock, flags); + ch341_set_handshake(port->serial->dev, priv->line_control); +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + } + + static void ch341_close(struct usb_serial_port *port) +@@ -491,7 +489,7 @@ static void ch341_read_int_callback(struct urb *urb) + tty_kref_put(tty); + } + +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + } + + exit: +@@ -517,11 +515,14 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + spin_unlock_irqrestore(&priv->lock, flags); + + while (!multi_change) { +- interruptible_sleep_on(&priv->delta_msr_wait); ++ interruptible_sleep_on(&port->delta_msr_wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; + ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&priv->lock, flags); + status = priv->line_status; + multi_change = priv->multi_status_change; +diff --git a/drivers/usb/serial/cypress_m8.c b/drivers/usb/serial/cypress_m8.c +index fd8c35f..a06076f 100644 +--- a/drivers/usb/serial/cypress_m8.c ++++ b/drivers/usb/serial/cypress_m8.c +@@ -111,7 +111,6 @@ struct cypress_private { + int baud_rate; /* stores current baud rate in + integer form */ + int isthrottled; /* if throttled, discard reads */ +- wait_queue_head_t delta_msr_wait; /* used for TIOCMIWAIT */ + char prev_status, diff_status; /* used for TIOCMIWAIT */ + /* we pass a pointer to this as the argument sent to + cypress_set_termios old_termios */ +@@ -449,7 +448,6 @@ static int cypress_generic_port_probe(struct usb_serial_port *port) + kfree(priv); + return -ENOMEM; + } +- init_waitqueue_head(&priv->delta_msr_wait); + + usb_reset_configuration(serial->dev); + +@@ -868,12 +866,16 @@ static int cypress_ioctl(struct tty_struct *tty, + switch (cmd) { + /* This code comes from drivers/char/serial.c and ftdi_sio.c */ + case TIOCMIWAIT: +- while (priv != NULL) { +- interruptible_sleep_on(&priv->delta_msr_wait); ++ for (;;) { ++ interruptible_sleep_on(&port->delta_msr_wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; +- else { ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ ++ { + char diff = priv->diff_status; + if (diff == 0) + return -EIO; /* no change => error */ +@@ -1187,7 +1189,7 @@ static void cypress_read_int_callback(struct urb *urb) + if (priv->current_status != priv->prev_status) { + priv->diff_status |= priv->current_status ^ + priv->prev_status; +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + priv->prev_status = priv->current_status; + } + spin_unlock_irqrestore(&priv->lock, flags); +diff --git a/drivers/usb/serial/f81232.c b/drivers/usb/serial/f81232.c +index 6e4eb57..1e64343 100644 +--- a/drivers/usb/serial/f81232.c ++++ b/drivers/usb/serial/f81232.c +@@ -47,7 +47,6 @@ MODULE_DEVICE_TABLE(usb, id_table); + + struct f81232_private { + spinlock_t lock; +- wait_queue_head_t delta_msr_wait; + u8 line_control; + u8 line_status; + }; +@@ -112,7 +111,7 @@ static void f81232_process_read_urb(struct urb *urb) + line_status = priv->line_status; + priv->line_status &= ~UART_STATE_TRANSIENT_MASK; + spin_unlock_irqrestore(&priv->lock, flags); +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + + if (!urb->actual_length) + return; +@@ -261,11 +260,14 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + spin_unlock_irqrestore(&priv->lock, flags); + + while (1) { +- interruptible_sleep_on(&priv->delta_msr_wait); ++ interruptible_sleep_on(&port->delta_msr_wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; + ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&priv->lock, flags); + status = priv->line_status; + spin_unlock_irqrestore(&priv->lock, flags); +@@ -327,7 +329,6 @@ static int f81232_port_probe(struct usb_serial_port *port) + return -ENOMEM; + + spin_lock_init(&priv->lock); +- init_waitqueue_head(&priv->delta_msr_wait); + + usb_set_serial_port_data(port, priv); + +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index d07fccf..8e4f40b 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -69,9 +69,7 @@ struct ftdi_private { + int flags; /* some ASYNC_xxxx flags are supported */ + unsigned long last_dtr_rts; /* saved modem control outputs */ + struct async_icount icount; +- wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */ + char prev_status; /* Used for TIOCMIWAIT */ +- bool dev_gone; /* Used to abort TIOCMIWAIT */ + char transmit_empty; /* If transmitter is empty or not */ + __u16 interface; /* FT2232C, FT2232H or FT4232H port interface + (0 for FT232/245) */ +@@ -642,6 +640,7 @@ static struct usb_device_id id_table_combined [] = { + { USB_DEVICE(FTDI_VID, FTDI_RM_CANVIEW_PID) }, + { USB_DEVICE(ACTON_VID, ACTON_SPECTRAPRO_PID) }, + { USB_DEVICE(CONTEC_VID, CONTEC_COM1USBH_PID) }, ++ { USB_DEVICE(MITSUBISHI_VID, MITSUBISHI_FXUSB_PID) }, + { USB_DEVICE(BANDB_VID, BANDB_USOTL4_PID) }, + { USB_DEVICE(BANDB_VID, BANDB_USTL4_PID) }, + { USB_DEVICE(BANDB_VID, BANDB_USO9ML2_PID) }, +@@ -1691,10 +1690,8 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port) + + kref_init(&priv->kref); + mutex_init(&priv->cfg_lock); +- init_waitqueue_head(&priv->delta_msr_wait); + + priv->flags = ASYNC_LOW_LATENCY; +- priv->dev_gone = false; + + if (quirk && quirk->port_probe) + quirk->port_probe(priv); +@@ -1840,8 +1837,7 @@ static int ftdi_sio_port_remove(struct usb_serial_port *port) + { + struct ftdi_private *priv = usb_get_serial_port_data(port); + +- priv->dev_gone = true; +- wake_up_interruptible_all(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + + remove_sysfs_attrs(port); + +@@ -1990,7 +1986,7 @@ static int ftdi_process_packet(struct tty_struct *tty, + if (diff_status & FTDI_RS0_RLSD) + priv->icount.dcd++; + +- wake_up_interruptible_all(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + priv->prev_status = status; + } + +@@ -2447,11 +2443,15 @@ static int ftdi_ioctl(struct tty_struct *tty, + */ + case TIOCMIWAIT: + cprev = priv->icount; +- while (!priv->dev_gone) { +- interruptible_sleep_on(&priv->delta_msr_wait); ++ for (;;) { ++ interruptible_sleep_on(&port->delta_msr_wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ + cnow = priv->icount; + if (((arg & TIOCM_RNG) && (cnow.rng != cprev.rng)) || + ((arg & TIOCM_DSR) && (cnow.dsr != cprev.dsr)) || +@@ -2461,8 +2461,6 @@ static int ftdi_ioctl(struct tty_struct *tty, + } + cprev = cnow; + } +- return -EIO; +- break; + case TIOCSERGETLSR: + return get_lsr_info(port, (struct serial_struct __user *)arg); + break; +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index 9d359e1..e79861e 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -584,6 +584,13 @@ + #define CONTEC_COM1USBH_PID 0x8311 /* COM-1(USB)H */ + + /* ++ * Mitsubishi Electric Corp. (http://www.meau.com) ++ * Submitted by Konstantin Holoborodko ++ */ ++#define MITSUBISHI_VID 0x06D3 ++#define MITSUBISHI_FXUSB_PID 0x0284 /* USB/RS422 converters: FX-USB-AW/-BD */ ++ ++/* + * Definitions for B&B Electronics products. + */ + #define BANDB_VID 0x0856 /* B&B Electronics Vendor ID */ +diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c +index 7b770c7..adfd73d 100644 +--- a/drivers/usb/serial/io_edgeport.c ++++ b/drivers/usb/serial/io_edgeport.c +@@ -110,7 +110,6 @@ struct edgeport_port { + wait_queue_head_t wait_chase; /* for handling sleeping while waiting for chase to finish */ + wait_queue_head_t wait_open; /* for handling sleeping while waiting for open to finish */ + wait_queue_head_t wait_command; /* for handling sleeping while waiting for command to finish */ +- wait_queue_head_t delta_msr_wait; /* for handling sleeping while waiting for msr change to happen */ + + struct async_icount icount; + struct usb_serial_port *port; /* loop back to the owner of this object */ +@@ -884,7 +883,6 @@ static int edge_open(struct tty_struct *tty, struct usb_serial_port *port) + /* initialize our wait queues */ + init_waitqueue_head(&edge_port->wait_open); + init_waitqueue_head(&edge_port->wait_chase); +- init_waitqueue_head(&edge_port->delta_msr_wait); + init_waitqueue_head(&edge_port->wait_command); + + /* initialize our icount structure */ +@@ -1669,13 +1667,17 @@ static int edge_ioctl(struct tty_struct *tty, + dev_dbg(&port->dev, "%s (%d) TIOCMIWAIT\n", __func__, port->number); + cprev = edge_port->icount; + while (1) { +- prepare_to_wait(&edge_port->delta_msr_wait, ++ prepare_to_wait(&port->delta_msr_wait, + &wait, TASK_INTERRUPTIBLE); + schedule(); +- finish_wait(&edge_port->delta_msr_wait, &wait); ++ finish_wait(&port->delta_msr_wait, &wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ + cnow = edge_port->icount; + if (cnow.rng == cprev.rng && cnow.dsr == cprev.dsr && + cnow.dcd == cprev.dcd && cnow.cts == cprev.cts) +@@ -2055,7 +2057,7 @@ static void handle_new_msr(struct edgeport_port *edge_port, __u8 newMsr) + icount->dcd++; + if (newMsr & EDGEPORT_MSR_DELTA_RI) + icount->rng++; +- wake_up_interruptible(&edge_port->delta_msr_wait); ++ wake_up_interruptible(&edge_port->port->delta_msr_wait); + } + + /* Save the new modem status */ +diff --git a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c +index aa6462f..1db782d 100644 +--- a/drivers/usb/serial/io_ti.c ++++ b/drivers/usb/serial/io_ti.c +@@ -87,9 +87,6 @@ struct edgeport_port { + int close_pending; + int lsr_event; + struct async_icount icount; +- wait_queue_head_t delta_msr_wait; /* for handling sleeping while +- waiting for msr change to +- happen */ + struct edgeport_serial *edge_serial; + struct usb_serial_port *port; + __u8 bUartMode; /* Port type, 0: RS232, etc. */ +@@ -1518,7 +1515,7 @@ static void handle_new_msr(struct edgeport_port *edge_port, __u8 msr) + icount->dcd++; + if (msr & EDGEPORT_MSR_DELTA_RI) + icount->rng++; +- wake_up_interruptible(&edge_port->delta_msr_wait); ++ wake_up_interruptible(&edge_port->port->delta_msr_wait); + } + + /* Save the new modem status */ +@@ -1821,7 +1818,6 @@ static int edge_open(struct tty_struct *tty, struct usb_serial_port *port) + dev = port->serial->dev; + + memset(&(edge_port->icount), 0x00, sizeof(edge_port->icount)); +- init_waitqueue_head(&edge_port->delta_msr_wait); + + /* turn off loopback */ + status = ti_do_config(edge_port, UMPC_SET_CLR_LOOPBACK, 0); +@@ -2488,10 +2484,14 @@ static int edge_ioctl(struct tty_struct *tty, + dev_dbg(&port->dev, "%s - TIOCMIWAIT\n", __func__); + cprev = edge_port->icount; + while (1) { +- interruptible_sleep_on(&edge_port->delta_msr_wait); ++ interruptible_sleep_on(&port->delta_msr_wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ + cnow = edge_port->icount; + if (cnow.rng == cprev.rng && cnow.dsr == cprev.dsr && + cnow.dcd == cprev.dcd && cnow.cts == cprev.cts) +diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c +index d9c8651..3b9f834 100644 +--- a/drivers/usb/serial/mct_u232.c ++++ b/drivers/usb/serial/mct_u232.c +@@ -114,8 +114,6 @@ struct mct_u232_private { + unsigned char last_msr; /* Modem Status Register */ + unsigned int rx_flags; /* Throttling flags */ + struct async_icount icount; +- wait_queue_head_t msr_wait; /* for handling sleeping while waiting +- for msr change to happen */ + }; + + #define THROTTLED 0x01 +@@ -409,7 +407,6 @@ static int mct_u232_port_probe(struct usb_serial_port *port) + return -ENOMEM; + + spin_lock_init(&priv->lock); +- init_waitqueue_head(&priv->msr_wait); + + usb_set_serial_port_data(port, priv); + +@@ -606,7 +603,7 @@ static void mct_u232_read_int_callback(struct urb *urb) + tty_kref_put(tty); + } + #endif +- wake_up_interruptible(&priv->msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + spin_unlock_irqrestore(&priv->lock, flags); + exit: + retval = usb_submit_urb(urb, GFP_ATOMIC); +@@ -815,13 +812,17 @@ static int mct_u232_ioctl(struct tty_struct *tty, + cprev = mct_u232_port->icount; + spin_unlock_irqrestore(&mct_u232_port->lock, flags); + for ( ; ; ) { +- prepare_to_wait(&mct_u232_port->msr_wait, ++ prepare_to_wait(&port->delta_msr_wait, + &wait, TASK_INTERRUPTIBLE); + schedule(); +- finish_wait(&mct_u232_port->msr_wait, &wait); ++ finish_wait(&port->delta_msr_wait, &wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&mct_u232_port->lock, flags); + cnow = mct_u232_port->icount; + spin_unlock_irqrestore(&mct_u232_port->lock, flags); +diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c +index 66d9e08..3b909e0 100644 +--- a/drivers/usb/serial/mos7840.c ++++ b/drivers/usb/serial/mos7840.c +@@ -219,7 +219,6 @@ struct moschip_port { + char open; + char open_ports; + wait_queue_head_t wait_chase; /* for handling sleeping while waiting for chase to finish */ +- wait_queue_head_t delta_msr_wait; /* for handling sleeping while waiting for msr change to happen */ + int delta_msr_cond; + struct async_icount icount; + struct usb_serial_port *port; /* loop back to the owner of this object */ +@@ -423,6 +422,9 @@ static void mos7840_handle_new_msr(struct moschip_port *port, __u8 new_msr) + icount->rng++; + smp_wmb(); + } ++ ++ mos7840_port->delta_msr_cond = 1; ++ wake_up_interruptible(&port->port->delta_msr_wait); + } + } + +@@ -1131,7 +1133,6 @@ static int mos7840_open(struct tty_struct *tty, struct usb_serial_port *port) + + /* initialize our wait queues */ + init_waitqueue_head(&mos7840_port->wait_chase); +- init_waitqueue_head(&mos7840_port->delta_msr_wait); + + /* initialize our icount structure */ + memset(&(mos7840_port->icount), 0x00, sizeof(mos7840_port->icount)); +@@ -2021,8 +2022,6 @@ static void mos7840_change_port_settings(struct tty_struct *tty, + mos7840_port->read_urb_busy = false; + } + } +- wake_up(&mos7840_port->delta_msr_wait); +- mos7840_port->delta_msr_cond = 1; + dev_dbg(&port->dev, "%s - mos7840_port->shadowLCR is End %x\n", __func__, + mos7840_port->shadowLCR); + } +@@ -2223,13 +2222,18 @@ static int mos7840_ioctl(struct tty_struct *tty, + while (1) { + /* interruptible_sleep_on(&mos7840_port->delta_msr_wait); */ + mos7840_port->delta_msr_cond = 0; +- wait_event_interruptible(mos7840_port->delta_msr_wait, +- (mos7840_port-> ++ wait_event_interruptible(port->delta_msr_wait, ++ (port->serial->disconnected || ++ mos7840_port-> + delta_msr_cond == 1)); + + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ + cnow = mos7840_port->icount; + smp_rmb(); + if (cnow.rng == cprev.rng && cnow.dsr == cprev.dsr && +diff --git a/drivers/usb/serial/oti6858.c b/drivers/usb/serial/oti6858.c +index d217fd6..ae4495a 100644 +--- a/drivers/usb/serial/oti6858.c ++++ b/drivers/usb/serial/oti6858.c +@@ -188,7 +188,6 @@ struct oti6858_private { + u8 setup_done; + struct delayed_work delayed_setup_work; + +- wait_queue_head_t intr_wait; + struct usb_serial_port *port; /* USB port with which associated */ + }; + +@@ -339,7 +338,6 @@ static int oti6858_port_probe(struct usb_serial_port *port) + return -ENOMEM; + + spin_lock_init(&priv->lock); +- init_waitqueue_head(&priv->intr_wait); + priv->port = port; + INIT_DELAYED_WORK(&priv->delayed_setup_work, setup_line); + INIT_DELAYED_WORK(&priv->delayed_write_work, send_data); +@@ -664,11 +662,15 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + spin_unlock_irqrestore(&priv->lock, flags); + + while (1) { +- wait_event_interruptible(priv->intr_wait, ++ wait_event_interruptible(port->delta_msr_wait, ++ port->serial->disconnected || + priv->status.pin_state != prev); + if (signal_pending(current)) + return -ERESTARTSYS; + ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&priv->lock, flags); + status = priv->status.pin_state & PIN_MASK; + spin_unlock_irqrestore(&priv->lock, flags); +@@ -763,7 +765,7 @@ static void oti6858_read_int_callback(struct urb *urb) + + if (!priv->transient) { + if (xs->pin_state != priv->status.pin_state) +- wake_up_interruptible(&priv->intr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + memcpy(&priv->status, xs, OTI6858_CTRL_PKT_SIZE); + } + +diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c +index 6002419..bb056a1 100644 +--- a/drivers/usb/serial/pl2303.c ++++ b/drivers/usb/serial/pl2303.c +@@ -139,7 +139,6 @@ struct pl2303_serial_private { + + struct pl2303_private { + spinlock_t lock; +- wait_queue_head_t delta_msr_wait; + u8 line_control; + u8 line_status; + }; +@@ -233,7 +232,6 @@ static int pl2303_port_probe(struct usb_serial_port *port) + return -ENOMEM; + + spin_lock_init(&priv->lock); +- init_waitqueue_head(&priv->delta_msr_wait); + + usb_set_serial_port_data(port, priv); + +@@ -607,11 +605,14 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + spin_unlock_irqrestore(&priv->lock, flags); + + while (1) { +- interruptible_sleep_on(&priv->delta_msr_wait); ++ interruptible_sleep_on(&port->delta_msr_wait); + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; + ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&priv->lock, flags); + status = priv->line_status; + spin_unlock_irqrestore(&priv->lock, flags); +@@ -719,7 +720,7 @@ static void pl2303_update_line_status(struct usb_serial_port *port, + spin_unlock_irqrestore(&priv->lock, flags); + if (priv->line_status & UART_BREAK_ERROR) + usb_serial_handle_break(port); +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + + tty = tty_port_tty_get(&port->port); + if (!tty) +@@ -784,7 +785,7 @@ static void pl2303_process_read_urb(struct urb *urb) + line_status = priv->line_status; + priv->line_status &= ~UART_STATE_TRANSIENT_MASK; + spin_unlock_irqrestore(&priv->lock, flags); +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + + if (!urb->actual_length) + return; +diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c +index a8d5110..9f34c99 100644 +--- a/drivers/usb/serial/quatech2.c ++++ b/drivers/usb/serial/quatech2.c +@@ -128,7 +128,6 @@ struct qt2_port_private { + u8 shadowLSR; + u8 shadowMSR; + +- wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */ + struct async_icount icount; + + struct usb_serial_port *port; +@@ -506,8 +505,9 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + spin_unlock_irqrestore(&priv->lock, flags); + + while (1) { +- wait_event_interruptible(priv->delta_msr_wait, +- ((priv->icount.rng != prev.rng) || ++ wait_event_interruptible(port->delta_msr_wait, ++ (port->serial->disconnected || ++ (priv->icount.rng != prev.rng) || + (priv->icount.dsr != prev.dsr) || + (priv->icount.dcd != prev.dcd) || + (priv->icount.cts != prev.cts))); +@@ -515,6 +515,9 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + if (signal_pending(current)) + return -ERESTARTSYS; + ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&priv->lock, flags); + cur = priv->icount; + spin_unlock_irqrestore(&priv->lock, flags); +@@ -841,7 +844,6 @@ static int qt2_port_probe(struct usb_serial_port *port) + + spin_lock_init(&port_priv->lock); + spin_lock_init(&port_priv->urb_lock); +- init_waitqueue_head(&port_priv->delta_msr_wait); + port_priv->port = port; + + port_priv->write_urb = usb_alloc_urb(0, GFP_KERNEL); +@@ -984,7 +986,7 @@ static void qt2_update_msr(struct usb_serial_port *port, unsigned char *ch) + if (newMSR & UART_MSR_TERI) + port_priv->icount.rng++; + +- wake_up_interruptible(&port_priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + } + } + +diff --git a/drivers/usb/serial/spcp8x5.c b/drivers/usb/serial/spcp8x5.c +index a42536a..85de44d 100644 +--- a/drivers/usb/serial/spcp8x5.c ++++ b/drivers/usb/serial/spcp8x5.c +@@ -149,7 +149,6 @@ enum spcp8x5_type { + struct spcp8x5_private { + spinlock_t lock; + enum spcp8x5_type type; +- wait_queue_head_t delta_msr_wait; + u8 line_control; + u8 line_status; + }; +@@ -179,7 +178,6 @@ static int spcp8x5_port_probe(struct usb_serial_port *port) + return -ENOMEM; + + spin_lock_init(&priv->lock); +- init_waitqueue_head(&priv->delta_msr_wait); + priv->type = type; + + usb_set_serial_port_data(port , priv); +@@ -476,7 +474,7 @@ static void spcp8x5_process_read_urb(struct urb *urb) + priv->line_status &= ~UART_STATE_TRANSIENT_MASK; + spin_unlock_irqrestore(&priv->lock, flags); + /* wake up the wait for termios */ +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + + if (!urb->actual_length) + return; +@@ -526,12 +524,15 @@ static int spcp8x5_wait_modem_info(struct usb_serial_port *port, + + while (1) { + /* wake up in bulk read */ +- interruptible_sleep_on(&priv->delta_msr_wait); ++ interruptible_sleep_on(&port->delta_msr_wait); + + /* see if a signal did it */ + if (signal_pending(current)) + return -ERESTARTSYS; + ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&priv->lock, flags); + status = priv->line_status; + spin_unlock_irqrestore(&priv->lock, flags); +diff --git a/drivers/usb/serial/ssu100.c b/drivers/usb/serial/ssu100.c +index d938396..44d5949 100644 +--- a/drivers/usb/serial/ssu100.c ++++ b/drivers/usb/serial/ssu100.c +@@ -61,7 +61,6 @@ struct ssu100_port_private { + spinlock_t status_lock; + u8 shadowLSR; + u8 shadowMSR; +- wait_queue_head_t delta_msr_wait; /* Used for TIOCMIWAIT */ + struct async_icount icount; + }; + +@@ -355,8 +354,9 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + spin_unlock_irqrestore(&priv->status_lock, flags); + + while (1) { +- wait_event_interruptible(priv->delta_msr_wait, +- ((priv->icount.rng != prev.rng) || ++ wait_event_interruptible(port->delta_msr_wait, ++ (port->serial->disconnected || ++ (priv->icount.rng != prev.rng) || + (priv->icount.dsr != prev.dsr) || + (priv->icount.dcd != prev.dcd) || + (priv->icount.cts != prev.cts))); +@@ -364,6 +364,9 @@ static int wait_modem_info(struct usb_serial_port *port, unsigned int arg) + if (signal_pending(current)) + return -ERESTARTSYS; + ++ if (port->serial->disconnected) ++ return -EIO; ++ + spin_lock_irqsave(&priv->status_lock, flags); + cur = priv->icount; + spin_unlock_irqrestore(&priv->status_lock, flags); +@@ -445,7 +448,6 @@ static int ssu100_port_probe(struct usb_serial_port *port) + return -ENOMEM; + + spin_lock_init(&priv->status_lock); +- init_waitqueue_head(&priv->delta_msr_wait); + + usb_set_serial_port_data(port, priv); + +@@ -537,7 +539,7 @@ static void ssu100_update_msr(struct usb_serial_port *port, u8 msr) + priv->icount.dcd++; + if (msr & UART_MSR_TERI) + priv->icount.rng++; +- wake_up_interruptible(&priv->delta_msr_wait); ++ wake_up_interruptible(&port->delta_msr_wait); + } + } + +diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c +index f2530d2..4a8b685 100644 +--- a/drivers/usb/serial/ti_usb_3410_5052.c ++++ b/drivers/usb/serial/ti_usb_3410_5052.c +@@ -74,7 +74,6 @@ struct ti_port { + int tp_flags; + int tp_closing_wait;/* in .01 secs */ + struct async_icount tp_icount; +- wait_queue_head_t tp_msr_wait; /* wait for msr change */ + wait_queue_head_t tp_write_wait; + struct ti_device *tp_tdev; + struct usb_serial_port *tp_port; +@@ -432,7 +431,6 @@ static int ti_port_probe(struct usb_serial_port *port) + else + tport->tp_uart_base_addr = TI_UART2_BASE_ADDR; + tport->tp_closing_wait = closing_wait; +- init_waitqueue_head(&tport->tp_msr_wait); + init_waitqueue_head(&tport->tp_write_wait); + if (kfifo_alloc(&tport->write_fifo, TI_WRITE_BUF_SIZE, GFP_KERNEL)) { + kfree(tport); +@@ -784,9 +782,13 @@ static int ti_ioctl(struct tty_struct *tty, + dev_dbg(&port->dev, "%s - TIOCMIWAIT\n", __func__); + cprev = tport->tp_icount; + while (1) { +- interruptible_sleep_on(&tport->tp_msr_wait); ++ interruptible_sleep_on(&port->delta_msr_wait); + if (signal_pending(current)) + return -ERESTARTSYS; ++ ++ if (port->serial->disconnected) ++ return -EIO; ++ + cnow = tport->tp_icount; + if (cnow.rng == cprev.rng && cnow.dsr == cprev.dsr && + cnow.dcd == cprev.dcd && cnow.cts == cprev.cts) +@@ -1400,7 +1402,7 @@ static void ti_handle_new_msr(struct ti_port *tport, __u8 msr) + icount->dcd++; + if (msr & TI_MSR_DELTA_RI) + icount->rng++; +- wake_up_interruptible(&tport->tp_msr_wait); ++ wake_up_interruptible(&tport->tp_port->delta_msr_wait); + spin_unlock_irqrestore(&tport->tp_lock, flags); + } + +diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c +index 3dc3ad2..dec95e8 100644 +--- a/drivers/usb/serial/usb-serial.c ++++ b/drivers/usb/serial/usb-serial.c +@@ -897,6 +897,7 @@ static int usb_serial_probe(struct usb_interface *interface, + port->port.ops = &serial_port_ops; + port->serial = serial; + spin_lock_init(&port->lock); ++ init_waitqueue_head(&port->delta_msr_wait); + /* Keep this for private driver use for the moment but + should probably go away */ + INIT_WORK(&port->work, usb_serial_port_work); +diff --git a/drivers/xen/events.c b/drivers/xen/events.c +index 74d77df..8aa3867 100644 +--- a/drivers/xen/events.c ++++ b/drivers/xen/events.c +@@ -388,11 +388,23 @@ static void unmask_evtchn(int port) + + if (unlikely((cpu != cpu_from_evtchn(port)))) + do_hypercall = 1; +- else ++ else { ++ /* ++ * Need to clear the mask before checking pending to ++ * avoid a race with an event becoming pending. ++ * ++ * EVTCHNOP_unmask will only trigger an upcall if the ++ * mask bit was set, so if a hypercall is needed ++ * remask the event. ++ */ ++ sync_clear_bit(port, &s->evtchn_mask[0]); + evtchn_pending = sync_test_bit(port, &s->evtchn_pending[0]); + +- if (unlikely(evtchn_pending && xen_hvm_domain())) +- do_hypercall = 1; ++ if (unlikely(evtchn_pending && xen_hvm_domain())) { ++ sync_set_bit(port, &s->evtchn_mask[0]); ++ do_hypercall = 1; ++ } ++ } + + /* Slow path (hypercall) if this is a non-local port or if this is + * an hvm domain and an event is pending (hvm domains don't have +@@ -403,8 +415,6 @@ static void unmask_evtchn(int port) + } else { + struct vcpu_info *vcpu_info = __this_cpu_read(xen_vcpu); + +- sync_clear_bit(port, &s->evtchn_mask[0]); +- + /* + * The following is basically the equivalent of + * 'hw_resend_irq'. Just like a real IO-APIC we 'lose +diff --git a/drivers/xen/fallback.c b/drivers/xen/fallback.c +index 0ef7c4d..b04fb64 100644 +--- a/drivers/xen/fallback.c ++++ b/drivers/xen/fallback.c +@@ -44,7 +44,7 @@ int xen_event_channel_op_compat(int cmd, void *arg) + } + EXPORT_SYMBOL_GPL(xen_event_channel_op_compat); + +-int HYPERVISOR_physdev_op_compat(int cmd, void *arg) ++int xen_physdev_op_compat(int cmd, void *arg) + { + struct physdev_op op; + int rc; +@@ -78,3 +78,4 @@ int HYPERVISOR_physdev_op_compat(int cmd, void *arg) + + return rc; + } ++EXPORT_SYMBOL_GPL(xen_physdev_op_compat); +diff --git a/drivers/xen/xen-pciback/pci_stub.c b/drivers/xen/xen-pciback/pci_stub.c +index 9204126..a2278ba 100644 +--- a/drivers/xen/xen-pciback/pci_stub.c ++++ b/drivers/xen/xen-pciback/pci_stub.c +@@ -17,6 +17,7 @@ + #include <xen/events.h> + #include <asm/xen/pci.h> + #include <asm/xen/hypervisor.h> ++#include <xen/interface/physdev.h> + #include "pciback.h" + #include "conf_space.h" + #include "conf_space_quirks.h" +@@ -85,37 +86,52 @@ static struct pcistub_device *pcistub_device_alloc(struct pci_dev *dev) + static void pcistub_device_release(struct kref *kref) + { + struct pcistub_device *psdev; ++ struct pci_dev *dev; + struct xen_pcibk_dev_data *dev_data; + + psdev = container_of(kref, struct pcistub_device, kref); +- dev_data = pci_get_drvdata(psdev->dev); ++ dev = psdev->dev; ++ dev_data = pci_get_drvdata(dev); + +- dev_dbg(&psdev->dev->dev, "pcistub_device_release\n"); ++ dev_dbg(&dev->dev, "pcistub_device_release\n"); + +- xen_unregister_device_domain_owner(psdev->dev); ++ xen_unregister_device_domain_owner(dev); + + /* Call the reset function which does not take lock as this + * is called from "unbind" which takes a device_lock mutex. + */ +- __pci_reset_function_locked(psdev->dev); +- if (pci_load_and_free_saved_state(psdev->dev, +- &dev_data->pci_saved_state)) { +- dev_dbg(&psdev->dev->dev, "Could not reload PCI state\n"); +- } else +- pci_restore_state(psdev->dev); ++ __pci_reset_function_locked(dev); ++ if (pci_load_and_free_saved_state(dev, &dev_data->pci_saved_state)) ++ dev_dbg(&dev->dev, "Could not reload PCI state\n"); ++ else ++ pci_restore_state(dev); ++ ++ if (pci_find_capability(dev, PCI_CAP_ID_MSIX)) { ++ struct physdev_pci_device ppdev = { ++ .seg = pci_domain_nr(dev->bus), ++ .bus = dev->bus->number, ++ .devfn = dev->devfn ++ }; ++ int err = HYPERVISOR_physdev_op(PHYSDEVOP_release_msix, ++ &ppdev); ++ ++ if (err) ++ dev_warn(&dev->dev, "MSI-X release failed (%d)\n", ++ err); ++ } + + /* Disable the device */ +- xen_pcibk_reset_device(psdev->dev); ++ xen_pcibk_reset_device(dev); + + kfree(dev_data); +- pci_set_drvdata(psdev->dev, NULL); ++ pci_set_drvdata(dev, NULL); + + /* Clean-up the device */ +- xen_pcibk_config_free_dyn_fields(psdev->dev); +- xen_pcibk_config_free_dev(psdev->dev); ++ xen_pcibk_config_free_dyn_fields(dev); ++ xen_pcibk_config_free_dev(dev); + +- psdev->dev->dev_flags &= ~PCI_DEV_FLAGS_ASSIGNED; +- pci_dev_put(psdev->dev); ++ dev->dev_flags &= ~PCI_DEV_FLAGS_ASSIGNED; ++ pci_dev_put(dev); + + kfree(psdev); + } +@@ -355,6 +371,19 @@ static int pcistub_init_device(struct pci_dev *dev) + if (err) + goto config_release; + ++ if (pci_find_capability(dev, PCI_CAP_ID_MSIX)) { ++ struct physdev_pci_device ppdev = { ++ .seg = pci_domain_nr(dev->bus), ++ .bus = dev->bus->number, ++ .devfn = dev->devfn ++ }; ++ ++ err = HYPERVISOR_physdev_op(PHYSDEVOP_prepare_msix, &ppdev); ++ if (err) ++ dev_err(&dev->dev, "MSI-X preparation failed (%d)\n", ++ err); ++ } ++ + /* We need the device active to save the state. */ + dev_dbg(&dev->dev, "save state of device\n"); + pci_save_state(dev); +diff --git a/fs/block_dev.c b/fs/block_dev.c +index 78edf76..883dc49 100644 +--- a/fs/block_dev.c ++++ b/fs/block_dev.c +@@ -551,6 +551,7 @@ struct block_device *bdgrab(struct block_device *bdev) + ihold(bdev->bd_inode); + return bdev; + } ++EXPORT_SYMBOL(bdgrab); + + long nr_blockdev_pages(void) + { +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c +index eea5da7..ce1c169 100644 +--- a/fs/btrfs/ctree.c ++++ b/fs/btrfs/ctree.c +@@ -651,6 +651,8 @@ tree_mod_log_insert_root(struct btrfs_fs_info *fs_info, + if (tree_mod_dont_log(fs_info, NULL)) + return 0; + ++ __tree_mod_log_free_eb(fs_info, old_root); ++ + ret = tree_mod_alloc(fs_info, flags, &tm); + if (ret < 0) + goto out; +@@ -736,7 +738,7 @@ tree_mod_log_search(struct btrfs_fs_info *fs_info, u64 start, u64 min_seq) + static noinline void + tree_mod_log_eb_copy(struct btrfs_fs_info *fs_info, struct extent_buffer *dst, + struct extent_buffer *src, unsigned long dst_offset, +- unsigned long src_offset, int nr_items) ++ unsigned long src_offset, int nr_items, int log_removal) + { + int ret; + int i; +@@ -750,10 +752,12 @@ tree_mod_log_eb_copy(struct btrfs_fs_info *fs_info, struct extent_buffer *dst, + } + + for (i = 0; i < nr_items; i++) { +- ret = tree_mod_log_insert_key_locked(fs_info, src, +- i + src_offset, +- MOD_LOG_KEY_REMOVE); +- BUG_ON(ret < 0); ++ if (log_removal) { ++ ret = tree_mod_log_insert_key_locked(fs_info, src, ++ i + src_offset, ++ MOD_LOG_KEY_REMOVE); ++ BUG_ON(ret < 0); ++ } + ret = tree_mod_log_insert_key_locked(fs_info, dst, + i + dst_offset, + MOD_LOG_KEY_ADD); +@@ -927,7 +931,6 @@ static noinline int update_ref_for_cow(struct btrfs_trans_handle *trans, + ret = btrfs_dec_ref(trans, root, buf, 1, 1); + BUG_ON(ret); /* -ENOMEM */ + } +- tree_mod_log_free_eb(root->fs_info, buf); + clean_tree_block(trans, root, buf); + *last_ref = 1; + } +@@ -1046,6 +1049,7 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, + btrfs_set_node_ptr_generation(parent, parent_slot, + trans->transid); + btrfs_mark_buffer_dirty(parent); ++ tree_mod_log_free_eb(root->fs_info, buf); + btrfs_free_tree_block(trans, root, buf, parent_start, + last_ref); + } +@@ -1755,7 +1759,6 @@ static noinline int balance_level(struct btrfs_trans_handle *trans, + goto enospc; + } + +- tree_mod_log_free_eb(root->fs_info, root->node); + tree_mod_log_set_root_pointer(root, child); + rcu_assign_pointer(root->node, child); + +@@ -3000,7 +3003,7 @@ static int push_node_left(struct btrfs_trans_handle *trans, + push_items = min(src_nritems - 8, push_items); + + tree_mod_log_eb_copy(root->fs_info, dst, src, dst_nritems, 0, +- push_items); ++ push_items, 1); + copy_extent_buffer(dst, src, + btrfs_node_key_ptr_offset(dst_nritems), + btrfs_node_key_ptr_offset(0), +@@ -3071,7 +3074,7 @@ static int balance_node_right(struct btrfs_trans_handle *trans, + sizeof(struct btrfs_key_ptr)); + + tree_mod_log_eb_copy(root->fs_info, dst, src, 0, +- src_nritems - push_items, push_items); ++ src_nritems - push_items, push_items, 1); + copy_extent_buffer(dst, src, + btrfs_node_key_ptr_offset(0), + btrfs_node_key_ptr_offset(src_nritems - push_items), +@@ -3223,12 +3226,18 @@ static noinline int split_node(struct btrfs_trans_handle *trans, + int mid; + int ret; + u32 c_nritems; ++ int tree_mod_log_removal = 1; + + c = path->nodes[level]; + WARN_ON(btrfs_header_generation(c) != trans->transid); + if (c == root->node) { + /* trying to split the root, lets make a new one */ + ret = insert_new_root(trans, root, path, level + 1); ++ /* ++ * removal of root nodes has been logged by ++ * tree_mod_log_set_root_pointer due to locking ++ */ ++ tree_mod_log_removal = 0; + if (ret) + return ret; + } else { +@@ -3266,7 +3275,8 @@ static noinline int split_node(struct btrfs_trans_handle *trans, + (unsigned long)btrfs_header_chunk_tree_uuid(split), + BTRFS_UUID_SIZE); + +- tree_mod_log_eb_copy(root->fs_info, split, c, 0, mid, c_nritems - mid); ++ tree_mod_log_eb_copy(root->fs_info, split, c, 0, mid, c_nritems - mid, ++ tree_mod_log_removal); + copy_extent_buffer(split, c, + btrfs_node_key_ptr_offset(0), + btrfs_node_key_ptr_offset(mid), +diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c +index 5a3327b..d170412 100644 +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -4308,7 +4308,7 @@ static void update_global_block_rsv(struct btrfs_fs_info *fs_info) + spin_lock(&sinfo->lock); + spin_lock(&block_rsv->lock); + +- block_rsv->size = num_bytes; ++ block_rsv->size = min_t(u64, num_bytes, 512 * 1024 * 1024); + + num_bytes = sinfo->bytes_used + sinfo->bytes_pinned + + sinfo->bytes_reserved + sinfo->bytes_readonly + +@@ -4601,14 +4601,49 @@ int btrfs_delalloc_reserve_metadata(struct inode *inode, u64 num_bytes) + * If the inodes csum_bytes is the same as the original + * csum_bytes then we know we haven't raced with any free()ers + * so we can just reduce our inodes csum bytes and carry on. +- * Otherwise we have to do the normal free thing to account for +- * the case that the free side didn't free up its reserve +- * because of this outstanding reservation. + */ +- if (BTRFS_I(inode)->csum_bytes == csum_bytes) ++ if (BTRFS_I(inode)->csum_bytes == csum_bytes) { + calc_csum_metadata_size(inode, num_bytes, 0); +- else +- to_free = calc_csum_metadata_size(inode, num_bytes, 0); ++ } else { ++ u64 orig_csum_bytes = BTRFS_I(inode)->csum_bytes; ++ u64 bytes; ++ ++ /* ++ * This is tricky, but first we need to figure out how much we ++ * free'd from any free-ers that occured during this ++ * reservation, so we reset ->csum_bytes to the csum_bytes ++ * before we dropped our lock, and then call the free for the ++ * number of bytes that were freed while we were trying our ++ * reservation. ++ */ ++ bytes = csum_bytes - BTRFS_I(inode)->csum_bytes; ++ BTRFS_I(inode)->csum_bytes = csum_bytes; ++ to_free = calc_csum_metadata_size(inode, bytes, 0); ++ ++ ++ /* ++ * Now we need to see how much we would have freed had we not ++ * been making this reservation and our ->csum_bytes were not ++ * artificially inflated. ++ */ ++ BTRFS_I(inode)->csum_bytes = csum_bytes - num_bytes; ++ bytes = csum_bytes - orig_csum_bytes; ++ bytes = calc_csum_metadata_size(inode, bytes, 0); ++ ++ /* ++ * Now reset ->csum_bytes to what it should be. If bytes is ++ * more than to_free then we would have free'd more space had we ++ * not had an artificially high ->csum_bytes, so we need to free ++ * the remainder. If bytes is the same or less then we don't ++ * need to do anything, the other free-ers did the correct ++ * thing. ++ */ ++ BTRFS_I(inode)->csum_bytes = orig_csum_bytes - num_bytes; ++ if (bytes > to_free) ++ to_free = bytes - to_free; ++ else ++ to_free = 0; ++ } + spin_unlock(&BTRFS_I(inode)->lock); + if (dropped) + to_free += btrfs_calc_trans_metadata_size(root, dropped); +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c +index 1b319df..125397e 100644 +--- a/fs/btrfs/extent_io.c ++++ b/fs/btrfs/extent_io.c +@@ -1258,6 +1258,39 @@ int unlock_extent(struct extent_io_tree *tree, u64 start, u64 end) + GFP_NOFS); + } + ++int extent_range_clear_dirty_for_io(struct inode *inode, u64 start, u64 end) ++{ ++ unsigned long index = start >> PAGE_CACHE_SHIFT; ++ unsigned long end_index = end >> PAGE_CACHE_SHIFT; ++ struct page *page; ++ ++ while (index <= end_index) { ++ page = find_get_page(inode->i_mapping, index); ++ BUG_ON(!page); /* Pages should be in the extent_io_tree */ ++ clear_page_dirty_for_io(page); ++ page_cache_release(page); ++ index++; ++ } ++ return 0; ++} ++ ++int extent_range_redirty_for_io(struct inode *inode, u64 start, u64 end) ++{ ++ unsigned long index = start >> PAGE_CACHE_SHIFT; ++ unsigned long end_index = end >> PAGE_CACHE_SHIFT; ++ struct page *page; ++ ++ while (index <= end_index) { ++ page = find_get_page(inode->i_mapping, index); ++ BUG_ON(!page); /* Pages should be in the extent_io_tree */ ++ account_page_redirty(page); ++ __set_page_dirty_nobuffers(page); ++ page_cache_release(page); ++ index++; ++ } ++ return 0; ++} ++ + /* + * helper function to set both pages and extents in the tree writeback + */ +diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h +index 2eacfab..715b474 100644 +--- a/fs/btrfs/extent_io.h ++++ b/fs/btrfs/extent_io.h +@@ -329,6 +329,8 @@ int map_private_extent_buffer(struct extent_buffer *eb, unsigned long offset, + unsigned long *map_len); + int extent_range_uptodate(struct extent_io_tree *tree, + u64 start, u64 end); ++int extent_range_clear_dirty_for_io(struct inode *inode, u64 start, u64 end); ++int extent_range_redirty_for_io(struct inode *inode, u64 start, u64 end); + int extent_clear_unlock_delalloc(struct inode *inode, + struct extent_io_tree *tree, + u64 start, u64 end, struct page *locked_page, +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index 659ea81..7c4e6cc 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -352,6 +352,7 @@ static noinline int compress_file_range(struct inode *inode, + int i; + int will_compress; + int compress_type = root->fs_info->compress_type; ++ int redirty = 0; + + /* if this is a small write inside eof, kick off a defrag */ + if ((end - start + 1) < 16 * 1024 && +@@ -414,6 +415,17 @@ again: + if (BTRFS_I(inode)->force_compress) + compress_type = BTRFS_I(inode)->force_compress; + ++ /* ++ * we need to call clear_page_dirty_for_io on each ++ * page in the range. Otherwise applications with the file ++ * mmap'd can wander in and change the page contents while ++ * we are compressing them. ++ * ++ * If the compression fails for any reason, we set the pages ++ * dirty again later on. ++ */ ++ extent_range_clear_dirty_for_io(inode, start, end); ++ redirty = 1; + ret = btrfs_compress_pages(compress_type, + inode->i_mapping, start, + total_compressed, pages, +@@ -555,6 +567,8 @@ cleanup_and_bail_uncompressed: + __set_page_dirty_nobuffers(locked_page); + /* unlocked later on in the async handlers */ + } ++ if (redirty) ++ extent_range_redirty_for_io(inode, start, end); + add_async_extent(async_cow, start, end - start + 1, + 0, NULL, 0, BTRFS_COMPRESS_NONE); + *num_added += 1; +diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c +index 67783e0..48761b6 100644 +--- a/fs/btrfs/scrub.c ++++ b/fs/btrfs/scrub.c +@@ -541,7 +541,6 @@ static void scrub_print_warning(const char *errstr, struct scrub_block *sblock) + eb = path->nodes[0]; + ei = btrfs_item_ptr(eb, path->slots[0], struct btrfs_extent_item); + item_size = btrfs_item_size_nr(eb, path->slots[0]); +- btrfs_release_path(path); + + if (flags & BTRFS_EXTENT_FLAG_TREE_BLOCK) { + do { +@@ -557,7 +556,9 @@ static void scrub_print_warning(const char *errstr, struct scrub_block *sblock) + ret < 0 ? -1 : ref_level, + ret < 0 ? -1 : ref_root); + } while (ret != 1); ++ btrfs_release_path(path); + } else { ++ btrfs_release_path(path); + swarn.path = path; + swarn.dev = dev; + iterate_extent_inodes(fs_info, found_key.objectid, +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c +index b6818ee..744a69b 100644 +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -1384,7 +1384,10 @@ static noinline int link_to_fixup_dir(struct btrfs_trans_handle *trans, + + btrfs_release_path(path); + if (ret == 0) { +- btrfs_inc_nlink(inode); ++ if (!inode->i_nlink) ++ set_nlink(inode, 1); ++ else ++ btrfs_inc_nlink(inode); + ret = btrfs_update_inode(trans, root, inode); + } else if (ret == -EEXIST) { + ret = 0; +diff --git a/fs/dcache.c b/fs/dcache.c +index 19153a0..c3bbf85 100644 +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -2552,7 +2552,6 @@ static int prepend_path(const struct path *path, + bool slash = false; + int error = 0; + +- br_read_lock(&vfsmount_lock); + while (dentry != root->dentry || vfsmnt != root->mnt) { + struct dentry * parent; + +@@ -2582,8 +2581,6 @@ static int prepend_path(const struct path *path, + if (!error && !slash) + error = prepend(buffer, buflen, "/", 1); + +-out: +- br_read_unlock(&vfsmount_lock); + return error; + + global_root: +@@ -2600,7 +2597,7 @@ global_root: + error = prepend(buffer, buflen, "/", 1); + if (!error) + error = is_mounted(vfsmnt) ? 1 : 2; +- goto out; ++ return error; + } + + /** +@@ -2627,9 +2624,11 @@ char *__d_path(const struct path *path, + int error; + + prepend(&res, &buflen, "\0", 1); ++ br_read_lock(&vfsmount_lock); + write_seqlock(&rename_lock); + error = prepend_path(path, root, &res, &buflen); + write_sequnlock(&rename_lock); ++ br_read_unlock(&vfsmount_lock); + + if (error < 0) + return ERR_PTR(error); +@@ -2646,9 +2645,11 @@ char *d_absolute_path(const struct path *path, + int error; + + prepend(&res, &buflen, "\0", 1); ++ br_read_lock(&vfsmount_lock); + write_seqlock(&rename_lock); + error = prepend_path(path, &root, &res, &buflen); + write_sequnlock(&rename_lock); ++ br_read_unlock(&vfsmount_lock); + + if (error > 1) + error = -EINVAL; +@@ -2712,11 +2713,13 @@ char *d_path(const struct path *path, char *buf, int buflen) + return path->dentry->d_op->d_dname(path->dentry, buf, buflen); + + get_fs_root(current->fs, &root); ++ br_read_lock(&vfsmount_lock); + write_seqlock(&rename_lock); + error = path_with_deleted(path, &root, &res, &buflen); ++ write_sequnlock(&rename_lock); ++ br_read_unlock(&vfsmount_lock); + if (error < 0) + res = ERR_PTR(error); +- write_sequnlock(&rename_lock); + path_put(&root); + return res; + } +@@ -2871,6 +2874,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) + get_fs_root_and_pwd(current->fs, &root, &pwd); + + error = -ENOENT; ++ br_read_lock(&vfsmount_lock); + write_seqlock(&rename_lock); + if (!d_unlinked(pwd.dentry)) { + unsigned long len; +@@ -2880,6 +2884,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) + prepend(&cwd, &buflen, "\0", 1); + error = prepend_path(&pwd, &root, &cwd, &buflen); + write_sequnlock(&rename_lock); ++ br_read_unlock(&vfsmount_lock); + + if (error < 0) + goto out; +@@ -2900,6 +2905,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) + } + } else { + write_sequnlock(&rename_lock); ++ br_read_unlock(&vfsmount_lock); + } + + out: +diff --git a/fs/namespace.c b/fs/namespace.c +index a51054f..5dd7709 100644 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -798,6 +798,10 @@ static struct mount *clone_mnt(struct mount *old, struct dentry *root, + } + + mnt->mnt.mnt_flags = old->mnt.mnt_flags & ~MNT_WRITE_HOLD; ++ /* Don't allow unprivileged users to change mount flags */ ++ if ((flag & CL_UNPRIVILEGED) && (mnt->mnt.mnt_flags & MNT_READONLY)) ++ mnt->mnt.mnt_flags |= MNT_LOCK_READONLY; ++ + atomic_inc(&sb->s_active); + mnt->mnt.mnt_sb = sb; + mnt->mnt.mnt_root = dget(root); +@@ -1736,6 +1740,9 @@ static int change_mount_flags(struct vfsmount *mnt, int ms_flags) + if (readonly_request == __mnt_is_readonly(mnt)) + return 0; + ++ if (mnt->mnt_flags & MNT_LOCK_READONLY) ++ return -EPERM; ++ + if (readonly_request) + error = mnt_make_readonly(real_mount(mnt)); + else +@@ -2365,7 +2372,7 @@ static struct mnt_namespace *dup_mnt_ns(struct mnt_namespace *mnt_ns, + /* First pass: copy the tree topology */ + copy_flags = CL_COPY_ALL | CL_EXPIRE; + if (user_ns != mnt_ns->user_ns) +- copy_flags |= CL_SHARED_TO_SLAVE; ++ copy_flags |= CL_SHARED_TO_SLAVE | CL_UNPRIVILEGED; + new = copy_tree(old, old->mnt.mnt_root, copy_flags); + if (IS_ERR(new)) { + up_write(&namespace_sem); +@@ -2758,6 +2765,51 @@ bool our_mnt(struct vfsmount *mnt) + return check_mnt(real_mount(mnt)); + } + ++bool current_chrooted(void) ++{ ++ /* Does the current process have a non-standard root */ ++ struct path ns_root; ++ struct path fs_root; ++ bool chrooted; ++ ++ /* Find the namespace root */ ++ ns_root.mnt = ¤t->nsproxy->mnt_ns->root->mnt; ++ ns_root.dentry = ns_root.mnt->mnt_root; ++ path_get(&ns_root); ++ while (d_mountpoint(ns_root.dentry) && follow_down_one(&ns_root)) ++ ; ++ ++ get_fs_root(current->fs, &fs_root); ++ ++ chrooted = !path_equal(&fs_root, &ns_root); ++ ++ path_put(&fs_root); ++ path_put(&ns_root); ++ ++ return chrooted; ++} ++ ++void update_mnt_policy(struct user_namespace *userns) ++{ ++ struct mnt_namespace *ns = current->nsproxy->mnt_ns; ++ struct mount *mnt; ++ ++ down_read(&namespace_sem); ++ list_for_each_entry(mnt, &ns->list, mnt_list) { ++ switch (mnt->mnt.mnt_sb->s_magic) { ++ case SYSFS_MAGIC: ++ userns->may_mount_sysfs = true; ++ break; ++ case PROC_SUPER_MAGIC: ++ userns->may_mount_proc = true; ++ break; ++ } ++ if (userns->may_mount_sysfs && userns->may_mount_proc) ++ break; ++ } ++ up_read(&namespace_sem); ++} ++ + static void *mntns_get(struct task_struct *task) + { + struct mnt_namespace *ns = NULL; +diff --git a/fs/nfs/blocklayout/blocklayoutdm.c b/fs/nfs/blocklayout/blocklayoutdm.c +index 737d839..6fc7b5c 100644 +--- a/fs/nfs/blocklayout/blocklayoutdm.c ++++ b/fs/nfs/blocklayout/blocklayoutdm.c +@@ -55,7 +55,8 @@ static void dev_remove(struct net *net, dev_t dev) + + bl_pipe_msg.bl_wq = &nn->bl_wq; + memset(msg, 0, sizeof(*msg)); +- msg->data = kzalloc(1 + sizeof(bl_umount_request), GFP_NOFS); ++ msg->len = sizeof(bl_msg) + bl_msg.totallen; ++ msg->data = kzalloc(msg->len, GFP_NOFS); + if (!msg->data) + goto out; + +@@ -66,7 +67,6 @@ static void dev_remove(struct net *net, dev_t dev) + memcpy(msg->data, &bl_msg, sizeof(bl_msg)); + dataptr = (uint8_t *) msg->data; + memcpy(&dataptr[sizeof(bl_msg)], &bl_umount_request, sizeof(bl_umount_request)); +- msg->len = sizeof(bl_msg) + bl_msg.totallen; + + add_wait_queue(&nn->bl_wq, &wq); + if (rpc_queue_upcall(nn->bl_device_pipe, msg) < 0) { +diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c +index bc3968f..cf4ed87 100644 +--- a/fs/nfs/idmap.c ++++ b/fs/nfs/idmap.c +@@ -725,9 +725,9 @@ out1: + return ret; + } + +-static int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data) ++static int nfs_idmap_instantiate(struct key *key, struct key *authkey, char *data, size_t datalen) + { +- return key_instantiate_and_link(key, data, strlen(data) + 1, ++ return key_instantiate_and_link(key, data, datalen, + id_resolver_cache->thread_keyring, + authkey); + } +@@ -737,6 +737,7 @@ static int nfs_idmap_read_and_verify_message(struct idmap_msg *im, + struct key *key, struct key *authkey) + { + char id_str[NFS_UINT_MAXLEN]; ++ size_t len; + int ret = -ENOKEY; + + /* ret = -ENOKEY */ +@@ -746,13 +747,15 @@ static int nfs_idmap_read_and_verify_message(struct idmap_msg *im, + case IDMAP_CONV_NAMETOID: + if (strcmp(upcall->im_name, im->im_name) != 0) + break; +- sprintf(id_str, "%d", im->im_id); +- ret = nfs_idmap_instantiate(key, authkey, id_str); ++ /* Note: here we store the NUL terminator too */ ++ len = sprintf(id_str, "%d", im->im_id) + 1; ++ ret = nfs_idmap_instantiate(key, authkey, id_str, len); + break; + case IDMAP_CONV_IDTONAME: + if (upcall->im_id != im->im_id) + break; +- ret = nfs_idmap_instantiate(key, authkey, im->im_name); ++ len = strlen(im->im_name); ++ ret = nfs_idmap_instantiate(key, authkey, im->im_name, len); + break; + default: + ret = -EINVAL; +diff --git a/fs/nfs/nfs4filelayout.c b/fs/nfs/nfs4filelayout.c +index 49eeb04..4fb234d 100644 +--- a/fs/nfs/nfs4filelayout.c ++++ b/fs/nfs/nfs4filelayout.c +@@ -129,7 +129,6 @@ static void filelayout_fenceme(struct inode *inode, struct pnfs_layout_hdr *lo) + { + if (!test_and_clear_bit(NFS_LAYOUT_RETURN, &lo->plh_flags)) + return; +- clear_bit(NFS_INO_LAYOUTCOMMIT, &NFS_I(inode)->flags); + pnfs_return_layout(inode); + } + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 3cb5e77..3d905e3 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -6366,22 +6366,8 @@ nfs4_layoutcommit_done(struct rpc_task *task, void *calldata) + static void nfs4_layoutcommit_release(void *calldata) + { + struct nfs4_layoutcommit_data *data = calldata; +- struct pnfs_layout_segment *lseg, *tmp; +- unsigned long *bitlock = &NFS_I(data->args.inode)->flags; + + pnfs_cleanup_layoutcommit(data); +- /* Matched by references in pnfs_set_layoutcommit */ +- list_for_each_entry_safe(lseg, tmp, &data->lseg_list, pls_lc_list) { +- list_del_init(&lseg->pls_lc_list); +- if (test_and_clear_bit(NFS_LSEG_LAYOUTCOMMIT, +- &lseg->pls_flags)) +- pnfs_put_lseg(lseg); +- } +- +- clear_bit_unlock(NFS_INO_LAYOUTCOMMITTING, bitlock); +- smp_mb__after_clear_bit(); +- wake_up_bit(bitlock, NFS_INO_LAYOUTCOMMITTING); +- + put_rpccred(data->cred); + kfree(data); + } +diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c +index 97767c8..3b71623 100644 +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -417,6 +417,16 @@ should_free_lseg(struct pnfs_layout_range *lseg_range, + lo_seg_intersecting(lseg_range, recall_range); + } + ++static bool pnfs_lseg_dec_and_remove_zero(struct pnfs_layout_segment *lseg, ++ struct list_head *tmp_list) ++{ ++ if (!atomic_dec_and_test(&lseg->pls_refcount)) ++ return false; ++ pnfs_layout_remove_lseg(lseg->pls_layout, lseg); ++ list_add(&lseg->pls_list, tmp_list); ++ return true; ++} ++ + /* Returns 1 if lseg is removed from list, 0 otherwise */ + static int mark_lseg_invalid(struct pnfs_layout_segment *lseg, + struct list_head *tmp_list) +@@ -430,11 +440,8 @@ static int mark_lseg_invalid(struct pnfs_layout_segment *lseg, + */ + dprintk("%s: lseg %p ref %d\n", __func__, lseg, + atomic_read(&lseg->pls_refcount)); +- if (atomic_dec_and_test(&lseg->pls_refcount)) { +- pnfs_layout_remove_lseg(lseg->pls_layout, lseg); +- list_add(&lseg->pls_list, tmp_list); ++ if (pnfs_lseg_dec_and_remove_zero(lseg, tmp_list)) + rv = 1; +- } + } + return rv; + } +@@ -777,6 +784,21 @@ send_layoutget(struct pnfs_layout_hdr *lo, + return lseg; + } + ++static void pnfs_clear_layoutcommit(struct inode *inode, ++ struct list_head *head) ++{ ++ struct nfs_inode *nfsi = NFS_I(inode); ++ struct pnfs_layout_segment *lseg, *tmp; ++ ++ if (!test_and_clear_bit(NFS_INO_LAYOUTCOMMIT, &nfsi->flags)) ++ return; ++ list_for_each_entry_safe(lseg, tmp, &nfsi->layout->plh_segs, pls_list) { ++ if (!test_and_clear_bit(NFS_LSEG_LAYOUTCOMMIT, &lseg->pls_flags)) ++ continue; ++ pnfs_lseg_dec_and_remove_zero(lseg, head); ++ } ++} ++ + /* + * Initiates a LAYOUTRETURN(FILE), and removes the pnfs_layout_hdr + * when the layout segment list is empty. +@@ -808,6 +830,7 @@ _pnfs_return_layout(struct inode *ino) + /* Reference matched in nfs4_layoutreturn_release */ + pnfs_get_layout_hdr(lo); + empty = list_empty(&lo->plh_segs); ++ pnfs_clear_layoutcommit(ino, &tmp_list); + pnfs_mark_matching_lsegs_invalid(lo, &tmp_list, NULL); + /* Don't send a LAYOUTRETURN if list was initially empty */ + if (empty) { +@@ -820,8 +843,6 @@ _pnfs_return_layout(struct inode *ino) + spin_unlock(&ino->i_lock); + pnfs_free_lseg_list(&tmp_list); + +- WARN_ON(test_bit(NFS_INO_LAYOUTCOMMIT, &nfsi->flags)); +- + lrp = kzalloc(sizeof(*lrp), GFP_KERNEL); + if (unlikely(lrp == NULL)) { + status = -ENOMEM; +@@ -1459,7 +1480,6 @@ static void pnfs_ld_handle_write_error(struct nfs_write_data *data) + dprintk("pnfs write error = %d\n", hdr->pnfs_error); + if (NFS_SERVER(hdr->inode)->pnfs_curr_ld->flags & + PNFS_LAYOUTRET_ON_ERROR) { +- clear_bit(NFS_INO_LAYOUTCOMMIT, &NFS_I(hdr->inode)->flags); + pnfs_return_layout(hdr->inode); + } + if (!test_and_set_bit(NFS_IOHDR_REDO, &hdr->flags)) +@@ -1614,7 +1634,6 @@ static void pnfs_ld_handle_read_error(struct nfs_read_data *data) + dprintk("pnfs read error = %d\n", hdr->pnfs_error); + if (NFS_SERVER(hdr->inode)->pnfs_curr_ld->flags & + PNFS_LAYOUTRET_ON_ERROR) { +- clear_bit(NFS_INO_LAYOUTCOMMIT, &NFS_I(hdr->inode)->flags); + pnfs_return_layout(hdr->inode); + } + if (!test_and_set_bit(NFS_IOHDR_REDO, &hdr->flags)) +@@ -1747,11 +1766,27 @@ static void pnfs_list_write_lseg(struct inode *inode, struct list_head *listp) + + list_for_each_entry(lseg, &NFS_I(inode)->layout->plh_segs, pls_list) { + if (lseg->pls_range.iomode == IOMODE_RW && +- test_bit(NFS_LSEG_LAYOUTCOMMIT, &lseg->pls_flags)) ++ test_and_clear_bit(NFS_LSEG_LAYOUTCOMMIT, &lseg->pls_flags)) + list_add(&lseg->pls_lc_list, listp); + } + } + ++static void pnfs_list_write_lseg_done(struct inode *inode, struct list_head *listp) ++{ ++ struct pnfs_layout_segment *lseg, *tmp; ++ unsigned long *bitlock = &NFS_I(inode)->flags; ++ ++ /* Matched by references in pnfs_set_layoutcommit */ ++ list_for_each_entry_safe(lseg, tmp, listp, pls_lc_list) { ++ list_del_init(&lseg->pls_lc_list); ++ pnfs_put_lseg(lseg); ++ } ++ ++ clear_bit_unlock(NFS_INO_LAYOUTCOMMITTING, bitlock); ++ smp_mb__after_clear_bit(); ++ wake_up_bit(bitlock, NFS_INO_LAYOUTCOMMITTING); ++} ++ + void pnfs_set_lo_fail(struct pnfs_layout_segment *lseg) + { + pnfs_layout_io_set_failed(lseg->pls_layout, lseg->pls_range.iomode); +@@ -1796,6 +1831,7 @@ void pnfs_cleanup_layoutcommit(struct nfs4_layoutcommit_data *data) + + if (nfss->pnfs_curr_ld->cleanup_layoutcommit) + nfss->pnfs_curr_ld->cleanup_layoutcommit(data); ++ pnfs_list_write_lseg_done(data->args.inode, &data->lseg_list); + } + + /* +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index 0dc1158..d1dd710 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -264,7 +264,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, + iattr->ia_valid |= ATTR_SIZE; + } + if (bmval[0] & FATTR4_WORD0_ACL) { +- int nace; ++ u32 nace; + struct nfs4_ace *ace; + + READ_BUF(4); len += 4; +diff --git a/fs/pnode.c b/fs/pnode.c +index 3e000a5..8b29d21 100644 +--- a/fs/pnode.c ++++ b/fs/pnode.c +@@ -9,6 +9,7 @@ + #include <linux/mnt_namespace.h> + #include <linux/mount.h> + #include <linux/fs.h> ++#include <linux/nsproxy.h> + #include "internal.h" + #include "pnode.h" + +@@ -220,6 +221,7 @@ static struct mount *get_source(struct mount *dest, + int propagate_mnt(struct mount *dest_mnt, struct dentry *dest_dentry, + struct mount *source_mnt, struct list_head *tree_list) + { ++ struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns; + struct mount *m, *child; + int ret = 0; + struct mount *prev_dest_mnt = dest_mnt; +@@ -237,6 +239,10 @@ int propagate_mnt(struct mount *dest_mnt, struct dentry *dest_dentry, + + source = get_source(m, prev_dest_mnt, prev_src_mnt, &type); + ++ /* Notice when we are propagating across user namespaces */ ++ if (m->mnt_ns->user_ns != user_ns) ++ type |= CL_UNPRIVILEGED; ++ + child = copy_tree(source, source->mnt.mnt_root, type); + if (IS_ERR(child)) { + ret = PTR_ERR(child); +diff --git a/fs/pnode.h b/fs/pnode.h +index 19b853a3..a0493d5 100644 +--- a/fs/pnode.h ++++ b/fs/pnode.h +@@ -23,6 +23,7 @@ + #define CL_MAKE_SHARED 0x08 + #define CL_PRIVATE 0x10 + #define CL_SHARED_TO_SLAVE 0x20 ++#define CL_UNPRIVILEGED 0x40 + + static inline void set_mnt_shared(struct mount *mnt) + { +diff --git a/fs/proc/root.c b/fs/proc/root.c +index c6e9fac..9c7fab1 100644 +--- a/fs/proc/root.c ++++ b/fs/proc/root.c +@@ -16,6 +16,7 @@ + #include <linux/sched.h> + #include <linux/module.h> + #include <linux/bitops.h> ++#include <linux/user_namespace.h> + #include <linux/mount.h> + #include <linux/pid_namespace.h> + #include <linux/parser.h> +@@ -108,6 +109,9 @@ static struct dentry *proc_mount(struct file_system_type *fs_type, + } else { + ns = task_active_pid_ns(current); + options = data; ++ ++ if (!current_user_ns()->may_mount_proc) ++ return ERR_PTR(-EPERM); + } + + sb = sget(fs_type, proc_test_super, proc_set_super, flags, ns); +diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c +index 2fbdff6..1f8c823 100644 +--- a/fs/sysfs/dir.c ++++ b/fs/sysfs/dir.c +@@ -1020,6 +1020,8 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) + ino = parent_sd->s_ino; + if (filldir(dirent, ".", 1, filp->f_pos, ino, DT_DIR) == 0) + filp->f_pos++; ++ else ++ return 0; + } + if (filp->f_pos == 1) { + if (parent_sd->s_parent) +@@ -1028,6 +1030,8 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) + ino = parent_sd->s_ino; + if (filldir(dirent, "..", 2, filp->f_pos, ino, DT_DIR) == 0) + filp->f_pos++; ++ else ++ return 0; + } + mutex_lock(&sysfs_mutex); + for (pos = sysfs_dir_pos(ns, parent_sd, filp->f_pos, pos); +@@ -1058,10 +1062,21 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) + return 0; + } + ++static loff_t sysfs_dir_llseek(struct file *file, loff_t offset, int whence) ++{ ++ struct inode *inode = file->f_path.dentry->d_inode; ++ loff_t ret; ++ ++ mutex_lock(&inode->i_mutex); ++ ret = generic_file_llseek(file, offset, whence); ++ mutex_unlock(&inode->i_mutex); ++ ++ return ret; ++} + + const struct file_operations sysfs_dir_operations = { + .read = generic_read_dir, + .readdir = sysfs_readdir, + .release = sysfs_dir_release, +- .llseek = generic_file_llseek, ++ .llseek = sysfs_dir_llseek, + }; +diff --git a/fs/sysfs/mount.c b/fs/sysfs/mount.c +index db940a9..fb328d1 100644 +--- a/fs/sysfs/mount.c ++++ b/fs/sysfs/mount.c +@@ -19,6 +19,7 @@ + #include <linux/module.h> + #include <linux/magic.h> + #include <linux/slab.h> ++#include <linux/user_namespace.h> + + #include "sysfs.h" + +@@ -111,6 +112,9 @@ static struct dentry *sysfs_mount(struct file_system_type *fs_type, + struct super_block *sb; + int error; + ++ if (!(flags & MS_KERNMOUNT) && !current_user_ns()->may_mount_sysfs) ++ return ERR_PTR(-EPERM); ++ + info = kzalloc(sizeof(*info), GFP_KERNEL); + if (!info) + return ERR_PTR(-ENOMEM); +diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h +index d0ae3a8..324f931 100644 +--- a/include/linux/fs_struct.h ++++ b/include/linux/fs_struct.h +@@ -50,4 +50,6 @@ static inline void get_fs_root_and_pwd(struct fs_struct *fs, struct path *root, + spin_unlock(&fs->lock); + } + ++extern bool current_chrooted(void); ++ + #endif /* _LINUX_FS_STRUCT_H */ +diff --git a/include/linux/mount.h b/include/linux/mount.h +index d7029f4..73005f9 100644 +--- a/include/linux/mount.h ++++ b/include/linux/mount.h +@@ -47,6 +47,8 @@ struct mnt_namespace; + + #define MNT_INTERNAL 0x4000 + ++#define MNT_LOCK_READONLY 0x400000 ++ + struct vfsmount { + struct dentry *mnt_root; /* root of the mounted tree */ + struct super_block *mnt_sb; /* pointer to superblock */ +diff --git a/include/linux/thermal.h b/include/linux/thermal.h +index fe82022..90a8dfa 100644 +--- a/include/linux/thermal.h ++++ b/include/linux/thermal.h +@@ -44,7 +44,7 @@ + /* Adding event notification support elements */ + #define THERMAL_GENL_FAMILY_NAME "thermal_event" + #define THERMAL_GENL_VERSION 0x01 +-#define THERMAL_GENL_MCAST_GROUP_NAME "thermal_mc_group" ++#define THERMAL_GENL_MCAST_GROUP_NAME "thermal_mc_grp" + + /* Default Thermal Governor */ + #if defined(CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE) +diff --git a/include/linux/usb/serial.h b/include/linux/usb/serial.h +index ef9be7e..1819b59 100644 +--- a/include/linux/usb/serial.h ++++ b/include/linux/usb/serial.h +@@ -66,6 +66,7 @@ + * port. + * @flags: usb serial port flags + * @write_wait: a wait_queue_head_t used by the port. ++ * @delta_msr_wait: modem-status-change wait queue + * @work: work queue entry for the line discipline waking up. + * @throttled: nonzero if the read urb is inactive to throttle the device + * @throttle_req: nonzero if the tty wants to throttle us +@@ -112,6 +113,7 @@ struct usb_serial_port { + + unsigned long flags; + wait_queue_head_t write_wait; ++ wait_queue_head_t delta_msr_wait; + struct work_struct work; + char throttled; + char throttle_req; +diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h +index b9bd2e6..5209cfe 100644 +--- a/include/linux/user_namespace.h ++++ b/include/linux/user_namespace.h +@@ -26,6 +26,8 @@ struct user_namespace { + kuid_t owner; + kgid_t group; + unsigned int proc_inum; ++ bool may_mount_sysfs; ++ bool may_mount_proc; + }; + + extern struct user_namespace init_user_ns; +@@ -82,4 +84,6 @@ static inline void put_user_ns(struct user_namespace *ns) + + #endif + ++void update_mnt_policy(struct user_namespace *userns); ++ + #endif /* _LINUX_USER_H */ +diff --git a/include/uapi/asm-generic/signal.h b/include/uapi/asm-generic/signal.h +index 6fae30f..8cc2850 100644 +--- a/include/uapi/asm-generic/signal.h ++++ b/include/uapi/asm-generic/signal.h +@@ -93,6 +93,10 @@ typedef unsigned long old_sigset_t; + + #include <asm-generic/signal-defs.h> + ++#ifdef SA_RESTORER ++#define __ARCH_HAS_SA_RESTORER ++#endif ++ + struct sigaction { + __sighandler_t sa_handler; + unsigned long sa_flags; +diff --git a/include/uapi/linux/packet_diag.h b/include/uapi/linux/packet_diag.h +index 93f5fa9..afafd70 100644 +--- a/include/uapi/linux/packet_diag.h ++++ b/include/uapi/linux/packet_diag.h +@@ -33,9 +33,11 @@ enum { + PACKET_DIAG_TX_RING, + PACKET_DIAG_FANOUT, + +- PACKET_DIAG_MAX, ++ __PACKET_DIAG_MAX, + }; + ++#define PACKET_DIAG_MAX (__PACKET_DIAG_MAX - 1) ++ + struct packet_diag_info { + __u32 pdi_index; + __u32 pdi_version; +diff --git a/include/uapi/linux/unix_diag.h b/include/uapi/linux/unix_diag.h +index b8a2494..b9e2a6a 100644 +--- a/include/uapi/linux/unix_diag.h ++++ b/include/uapi/linux/unix_diag.h +@@ -39,9 +39,11 @@ enum { + UNIX_DIAG_MEMINFO, + UNIX_DIAG_SHUTDOWN, + +- UNIX_DIAG_MAX, ++ __UNIX_DIAG_MAX, + }; + ++#define UNIX_DIAG_MAX (__UNIX_DIAG_MAX - 1) ++ + struct unix_diag_vfs { + __u32 udiag_vfs_ino; + __u32 udiag_vfs_dev; +diff --git a/include/xen/interface/io/blkif.h b/include/xen/interface/io/blkif.h +index 01c3d62..ffd4652 100644 +--- a/include/xen/interface/io/blkif.h ++++ b/include/xen/interface/io/blkif.h +@@ -138,11 +138,21 @@ struct blkif_request_discard { + uint8_t _pad3; + } __attribute__((__packed__)); + ++struct blkif_request_other { ++ uint8_t _pad1; ++ blkif_vdev_t _pad2; /* only for read/write requests */ ++#ifdef CONFIG_X86_64 ++ uint32_t _pad3; /* offsetof(blkif_req..,u.other.id)==8*/ ++#endif ++ uint64_t id; /* private guest value, echoed in resp */ ++} __attribute__((__packed__)); ++ + struct blkif_request { + uint8_t operation; /* BLKIF_OP_??? */ + union { + struct blkif_request_rw rw; + struct blkif_request_discard discard; ++ struct blkif_request_other other; + } u; + } __attribute__((__packed__)); + +diff --git a/include/xen/interface/physdev.h b/include/xen/interface/physdev.h +index 1844d31..7000bb1 100644 +--- a/include/xen/interface/physdev.h ++++ b/include/xen/interface/physdev.h +@@ -251,6 +251,12 @@ struct physdev_pci_device_add { + + #define PHYSDEVOP_pci_device_remove 26 + #define PHYSDEVOP_restore_msi_ext 27 ++/* ++ * Dom0 should use these two to announce MMIO resources assigned to ++ * MSI-X capable devices won't (prepare) or may (release) change. ++ */ ++#define PHYSDEVOP_prepare_msix 30 ++#define PHYSDEVOP_release_msix 31 + struct physdev_pci_device { + /* IN */ + uint16_t seg; +diff --git a/ipc/mqueue.c b/ipc/mqueue.c +index 6ebfbf5..f3f40dc 100644 +--- a/ipc/mqueue.c ++++ b/ipc/mqueue.c +@@ -330,8 +330,16 @@ static struct dentry *mqueue_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, + void *data) + { +- if (!(flags & MS_KERNMOUNT)) +- data = current->nsproxy->ipc_ns; ++ if (!(flags & MS_KERNMOUNT)) { ++ struct ipc_namespace *ns = current->nsproxy->ipc_ns; ++ /* Don't allow mounting unless the caller has CAP_SYS_ADMIN ++ * over the ipc namespace. ++ */ ++ if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ ++ data = ns; ++ } + return mount_ns(fs_type, flags, data, mqueue_fill_super); + } + +diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c +index c1c3dc1..bea15bd 100644 +--- a/kernel/pid_namespace.c ++++ b/kernel/pid_namespace.c +@@ -181,6 +181,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) + int nr; + int rc; + struct task_struct *task, *me = current; ++ int init_pids = thread_group_leader(me) ? 1 : 2; + + /* Don't allow any more processes into the pid namespace */ + disable_pid_allocation(pid_ns); +@@ -230,7 +231,7 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) + */ + for (;;) { + set_current_state(TASK_UNINTERRUPTIBLE); +- if (pid_ns->nr_hashed == 1) ++ if (pid_ns->nr_hashed == init_pids) + break; + schedule(); + } +diff --git a/kernel/signal.c b/kernel/signal.c +index 7591ccc..dec9c30 100644 +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -485,7 +485,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) + if (force_default || ka->sa.sa_handler != SIG_IGN) + ka->sa.sa_handler = SIG_DFL; + ka->sa.sa_flags = 0; +-#ifdef SA_RESTORER ++#ifdef __ARCH_HAS_SA_RESTORER + ka->sa.sa_restorer = NULL; + #endif + sigemptyset(&ka->sa.sa_mask); +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 2ffbc24..fe1d581 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -2836,11 +2836,25 @@ static int set_tracer_option(struct tracer *trace, char *cmp, int neg) + return -EINVAL; + } + +-static void set_tracer_flags(unsigned int mask, int enabled) ++/* Some tracers require overwrite to stay enabled */ ++int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) ++{ ++ if (tracer->enabled && (mask & TRACE_ITER_OVERWRITE) && !set) ++ return -1; ++ ++ return 0; ++} ++ ++int set_tracer_flag(unsigned int mask, int enabled) + { + /* do nothing if flag is already set */ + if (!!(trace_flags & mask) == !!enabled) +- return; ++ return 0; ++ ++ /* Give the tracer a chance to approve the change */ ++ if (current_trace->flag_changed) ++ if (current_trace->flag_changed(current_trace, mask, !!enabled)) ++ return -EINVAL; + + if (enabled) + trace_flags |= mask; +@@ -2859,13 +2873,15 @@ static void set_tracer_flags(unsigned int mask, int enabled) + + if (mask == TRACE_ITER_PRINTK) + trace_printk_start_stop_comm(enabled); ++ ++ return 0; + } + + static int trace_set_options(char *option) + { + char *cmp; + int neg = 0; +- int ret = 0; ++ int ret = -ENODEV; + int i; + + cmp = strstrip(option); +@@ -2879,7 +2895,7 @@ static int trace_set_options(char *option) + + for (i = 0; trace_options[i]; i++) { + if (strcmp(cmp, trace_options[i]) == 0) { +- set_tracer_flags(1 << i, !neg); ++ ret = set_tracer_flag(1 << i, !neg); + break; + } + } +@@ -2898,6 +2914,7 @@ tracing_trace_options_write(struct file *filp, const char __user *ubuf, + size_t cnt, loff_t *ppos) + { + char buf[64]; ++ int ret; + + if (cnt >= sizeof(buf)) + return -EINVAL; +@@ -2907,7 +2924,9 @@ tracing_trace_options_write(struct file *filp, const char __user *ubuf, + + buf[cnt] = 0; + +- trace_set_options(buf); ++ ret = trace_set_options(buf); ++ if (ret < 0) ++ return ret; + + *ppos += cnt; + +@@ -3213,6 +3232,9 @@ static int tracing_set_tracer(const char *buf) + goto out; + + trace_branch_disable(); ++ ++ current_trace->enabled = false; ++ + if (current_trace && current_trace->reset) + current_trace->reset(tr); + if (current_trace && current_trace->use_max_tr) { +@@ -3244,6 +3266,7 @@ static int tracing_set_tracer(const char *buf) + } + + current_trace = t; ++ current_trace->enabled = true; + trace_branch_enable(tr); + out: + mutex_unlock(&trace_types_lock); +@@ -4648,9 +4671,12 @@ trace_options_core_write(struct file *filp, const char __user *ubuf, size_t cnt, + return -EINVAL; + + mutex_lock(&trace_types_lock); +- set_tracer_flags(1 << index, val); ++ ret = set_tracer_flag(1 << index, val); + mutex_unlock(&trace_types_lock); + ++ if (ret < 0) ++ return ret; ++ + *ppos += cnt; + + return cnt; +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h +index c75d798..23f1d2c 100644 +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -283,10 +283,14 @@ struct tracer { + enum print_line_t (*print_line)(struct trace_iterator *iter); + /* If you handled the flag setting, return 0 */ + int (*set_flag)(u32 old_flags, u32 bit, int set); ++ /* Return 0 if OK with change, else return non-zero */ ++ int (*flag_changed)(struct tracer *tracer, ++ u32 mask, int set); + struct tracer *next; + struct tracer_flags *flags; + bool print_max; + bool use_max_tr; ++ bool enabled; + }; + + +@@ -835,6 +839,8 @@ extern const char *__stop___trace_bprintk_fmt[]; + + void trace_printk_init_buffers(void); + void trace_printk_start_comm(void); ++int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set); ++int set_tracer_flag(unsigned int mask, int enabled); + + #undef FTRACE_ENTRY + #define FTRACE_ENTRY(call, struct_name, id, tstruct, print, filter) \ +diff --git a/kernel/trace/trace_irqsoff.c b/kernel/trace/trace_irqsoff.c +index 713a2ca..443b25b 100644 +--- a/kernel/trace/trace_irqsoff.c ++++ b/kernel/trace/trace_irqsoff.c +@@ -32,7 +32,7 @@ enum { + + static int trace_type __read_mostly; + +-static int save_lat_flag; ++static int save_flags; + + static void stop_irqsoff_tracer(struct trace_array *tr, int graph); + static int start_irqsoff_tracer(struct trace_array *tr, int graph); +@@ -558,8 +558,11 @@ static void stop_irqsoff_tracer(struct trace_array *tr, int graph) + + static void __irqsoff_tracer_init(struct trace_array *tr) + { +- save_lat_flag = trace_flags & TRACE_ITER_LATENCY_FMT; +- trace_flags |= TRACE_ITER_LATENCY_FMT; ++ save_flags = trace_flags; ++ ++ /* non overwrite screws up the latency tracers */ ++ set_tracer_flag(TRACE_ITER_OVERWRITE, 1); ++ set_tracer_flag(TRACE_ITER_LATENCY_FMT, 1); + + tracing_max_latency = 0; + irqsoff_trace = tr; +@@ -573,10 +576,13 @@ static void __irqsoff_tracer_init(struct trace_array *tr) + + static void irqsoff_tracer_reset(struct trace_array *tr) + { ++ int lat_flag = save_flags & TRACE_ITER_LATENCY_FMT; ++ int overwrite_flag = save_flags & TRACE_ITER_OVERWRITE; ++ + stop_irqsoff_tracer(tr, is_graph()); + +- if (!save_lat_flag) +- trace_flags &= ~TRACE_ITER_LATENCY_FMT; ++ set_tracer_flag(TRACE_ITER_LATENCY_FMT, lat_flag); ++ set_tracer_flag(TRACE_ITER_OVERWRITE, overwrite_flag); + } + + static void irqsoff_tracer_start(struct trace_array *tr) +@@ -609,6 +615,7 @@ static struct tracer irqsoff_tracer __read_mostly = + .print_line = irqsoff_print_line, + .flags = &tracer_flags, + .set_flag = irqsoff_set_flag, ++ .flag_changed = trace_keep_overwrite, + #ifdef CONFIG_FTRACE_SELFTEST + .selftest = trace_selftest_startup_irqsoff, + #endif +@@ -642,6 +649,7 @@ static struct tracer preemptoff_tracer __read_mostly = + .print_line = irqsoff_print_line, + .flags = &tracer_flags, + .set_flag = irqsoff_set_flag, ++ .flag_changed = trace_keep_overwrite, + #ifdef CONFIG_FTRACE_SELFTEST + .selftest = trace_selftest_startup_preemptoff, + #endif +@@ -677,6 +685,7 @@ static struct tracer preemptirqsoff_tracer __read_mostly = + .print_line = irqsoff_print_line, + .flags = &tracer_flags, + .set_flag = irqsoff_set_flag, ++ .flag_changed = trace_keep_overwrite, + #ifdef CONFIG_FTRACE_SELFTEST + .selftest = trace_selftest_startup_preemptirqsoff, + #endif +diff --git a/kernel/trace/trace_sched_wakeup.c b/kernel/trace/trace_sched_wakeup.c +index 9fe45fc..17bfec6 100644 +--- a/kernel/trace/trace_sched_wakeup.c ++++ b/kernel/trace/trace_sched_wakeup.c +@@ -36,7 +36,7 @@ static void __wakeup_reset(struct trace_array *tr); + static int wakeup_graph_entry(struct ftrace_graph_ent *trace); + static void wakeup_graph_return(struct ftrace_graph_ret *trace); + +-static int save_lat_flag; ++static int save_flags; + + #define TRACE_DISPLAY_GRAPH 1 + +@@ -540,8 +540,11 @@ static void stop_wakeup_tracer(struct trace_array *tr) + + static int __wakeup_tracer_init(struct trace_array *tr) + { +- save_lat_flag = trace_flags & TRACE_ITER_LATENCY_FMT; +- trace_flags |= TRACE_ITER_LATENCY_FMT; ++ save_flags = trace_flags; ++ ++ /* non overwrite screws up the latency tracers */ ++ set_tracer_flag(TRACE_ITER_OVERWRITE, 1); ++ set_tracer_flag(TRACE_ITER_LATENCY_FMT, 1); + + tracing_max_latency = 0; + wakeup_trace = tr; +@@ -563,12 +566,15 @@ static int wakeup_rt_tracer_init(struct trace_array *tr) + + static void wakeup_tracer_reset(struct trace_array *tr) + { ++ int lat_flag = save_flags & TRACE_ITER_LATENCY_FMT; ++ int overwrite_flag = save_flags & TRACE_ITER_OVERWRITE; ++ + stop_wakeup_tracer(tr); + /* make sure we put back any tasks we are tracing */ + wakeup_reset(tr); + +- if (!save_lat_flag) +- trace_flags &= ~TRACE_ITER_LATENCY_FMT; ++ set_tracer_flag(TRACE_ITER_LATENCY_FMT, lat_flag); ++ set_tracer_flag(TRACE_ITER_OVERWRITE, overwrite_flag); + } + + static void wakeup_tracer_start(struct trace_array *tr) +@@ -594,6 +600,7 @@ static struct tracer wakeup_tracer __read_mostly = + .print_line = wakeup_print_line, + .flags = &tracer_flags, + .set_flag = wakeup_set_flag, ++ .flag_changed = trace_keep_overwrite, + #ifdef CONFIG_FTRACE_SELFTEST + .selftest = trace_selftest_startup_wakeup, + #endif +@@ -615,6 +622,7 @@ static struct tracer wakeup_rt_tracer __read_mostly = + .print_line = wakeup_print_line, + .flags = &tracer_flags, + .set_flag = wakeup_set_flag, ++ .flag_changed = trace_keep_overwrite, + #ifdef CONFIG_FTRACE_SELFTEST + .selftest = trace_selftest_startup_wakeup, + #endif +diff --git a/kernel/user.c b/kernel/user.c +index 33acb5e..7f6ff2b 100644 +--- a/kernel/user.c ++++ b/kernel/user.c +@@ -53,6 +53,8 @@ struct user_namespace init_user_ns = { + .owner = GLOBAL_ROOT_UID, + .group = GLOBAL_ROOT_GID, + .proc_inum = PROC_USER_INIT_INO, ++ .may_mount_sysfs = true, ++ .may_mount_proc = true, + }; + EXPORT_SYMBOL_GPL(init_user_ns); + +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index dbfe36a7..f45e128 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -61,6 +61,15 @@ int create_user_ns(struct cred *new) + kgid_t group = new->egid; + int ret; + ++ /* ++ * Verify that we can not violate the policy of which files ++ * may be accessed that is specified by the root directory, ++ * by verifing that the root directory is at the root of the ++ * mount namespace which allows all files to be accessed. ++ */ ++ if (current_chrooted()) ++ return -EPERM; ++ + /* The creator needs a mapping in the parent user namespace + * or else we won't be able to reasonably tell userspace who + * created a user_namespace. +@@ -87,6 +96,8 @@ int create_user_ns(struct cred *new) + + set_cred_user_ns(new, ns); + ++ update_mnt_policy(ns); ++ + return 0; + } + +diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c +index a292e80..acc74ad 100644 +--- a/net/8021q/vlan.c ++++ b/net/8021q/vlan.c +@@ -86,13 +86,6 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head) + + grp = &vlan_info->grp; + +- /* Take it out of our own structures, but be sure to interlock with +- * HW accelerating devices or SW vlan input packet processing if +- * VLAN is not 0 (leave it there for 802.1p). +- */ +- if (vlan_id) +- vlan_vid_del(real_dev, vlan_id); +- + grp->nr_vlan_devs--; + + if (vlan->flags & VLAN_FLAG_GVRP) +@@ -108,6 +101,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head) + if (grp->nr_vlan_devs == 0) + vlan_gvrp_uninit_applicant(real_dev); + ++ /* Take it out of our own structures, but be sure to interlock with ++ * HW accelerating devices or SW vlan input packet processing if ++ * VLAN is not 0 (leave it there for 802.1p). ++ */ ++ if (vlan_id) ++ vlan_vid_del(real_dev, vlan_id); ++ + /* Get rid of the vlan's reference to real_dev */ + dev_put(real_dev); + } +diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c +index 57f250c..aaf1957 100644 +--- a/net/bluetooth/sco.c ++++ b/net/bluetooth/sco.c +@@ -361,6 +361,7 @@ static void __sco_sock_close(struct sock *sk) + sco_chan_del(sk, ECONNRESET); + break; + ++ case BT_CONNECT2: + case BT_CONNECT: + case BT_DISCONN: + sco_chan_del(sk, ECONNRESET); +diff --git a/net/core/dev.c b/net/core/dev.c +index 1339f77..5d9c43d 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -1591,7 +1591,6 @@ void net_enable_timestamp(void) + return; + } + #endif +- WARN_ON(in_interrupt()); + static_key_slow_inc(&netstamp_needed); + } + EXPORT_SYMBOL(net_enable_timestamp); +@@ -3277,6 +3276,7 @@ int netdev_rx_handler_register(struct net_device *dev, + if (dev->rx_handler) + return -EBUSY; + ++ /* Note: rx_handler_data must be set before rx_handler */ + rcu_assign_pointer(dev->rx_handler_data, rx_handler_data); + rcu_assign_pointer(dev->rx_handler, rx_handler); + +@@ -3297,6 +3297,11 @@ void netdev_rx_handler_unregister(struct net_device *dev) + + ASSERT_RTNL(); + RCU_INIT_POINTER(dev->rx_handler, NULL); ++ /* a reader seeing a non NULL rx_handler in a rcu_read_lock() ++ * section has a guarantee to see a non NULL rx_handler_data ++ * as well. ++ */ ++ synchronize_net(); + RCU_INIT_POINTER(dev->rx_handler_data, NULL); + } + EXPORT_SYMBOL_GPL(netdev_rx_handler_unregister); +diff --git a/net/core/flow.c b/net/core/flow.c +index b0901ee..3bad824 100644 +--- a/net/core/flow.c ++++ b/net/core/flow.c +@@ -329,7 +329,7 @@ static void flow_cache_flush_per_cpu(void *data) + struct flow_flush_info *info = data; + struct tasklet_struct *tasklet; + +- tasklet = this_cpu_ptr(&info->cache->percpu->flush_tasklet); ++ tasklet = &this_cpu_ptr(info->cache->percpu)->flush_tasklet; + tasklet->data = (unsigned long)info; + tasklet_schedule(tasklet); + } +diff --git a/net/core/scm.c b/net/core/scm.c +index 905dcc6..2dc6cda 100644 +--- a/net/core/scm.c ++++ b/net/core/scm.c +@@ -24,6 +24,7 @@ + #include <linux/interrupt.h> + #include <linux/netdevice.h> + #include <linux/security.h> ++#include <linux/pid_namespace.h> + #include <linux/pid.h> + #include <linux/nsproxy.h> + #include <linux/slab.h> +@@ -52,7 +53,8 @@ static __inline__ int scm_check_creds(struct ucred *creds) + if (!uid_valid(uid) || !gid_valid(gid)) + return -EINVAL; + +- if ((creds->pid == task_tgid_vnr(current) || nsown_capable(CAP_SYS_ADMIN)) && ++ if ((creds->pid == task_tgid_vnr(current) || ++ ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) && + ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || + uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && + ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index 66702d3..9841a71 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -2064,11 +2064,8 @@ void tcp_enter_loss(struct sock *sk, int how) + if (tcp_is_reno(tp)) + tcp_reset_reno_sack(tp); + +- if (!how) { +- /* Push undo marker, if it was plain RTO and nothing +- * was retransmitted. */ +- tp->undo_marker = tp->snd_una; +- } else { ++ tp->undo_marker = tp->snd_una; ++ if (how) { + tp->sacked_out = 0; + tp->fackets_out = 0; + } +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c +index c36c6c2..17d659e 100644 +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -1809,8 +1809,11 @@ static bool tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb) + goto send_now; + } + +- /* Ok, it looks like it is advisable to defer. */ +- tp->tso_deferred = 1 | (jiffies << 1); ++ /* Ok, it looks like it is advisable to defer. ++ * Do not rearm the timer if already set to not break TCP ACK clocking. ++ */ ++ if (!tp->tso_deferred) ++ tp->tso_deferred = 1 | (jiffies << 1); + + return true; + +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c +index 1b5d8cb..a36d17e 100644 +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -4787,26 +4787,20 @@ static void addrconf_sysctl_unregister(struct inet6_dev *idev) + + static int __net_init addrconf_init_net(struct net *net) + { +- int err; ++ int err = -ENOMEM; + struct ipv6_devconf *all, *dflt; + +- err = -ENOMEM; +- all = &ipv6_devconf; +- dflt = &ipv6_devconf_dflt; ++ all = kmemdup(&ipv6_devconf, sizeof(ipv6_devconf), GFP_KERNEL); ++ if (all == NULL) ++ goto err_alloc_all; + +- if (!net_eq(net, &init_net)) { +- all = kmemdup(all, sizeof(ipv6_devconf), GFP_KERNEL); +- if (all == NULL) +- goto err_alloc_all; ++ dflt = kmemdup(&ipv6_devconf_dflt, sizeof(ipv6_devconf_dflt), GFP_KERNEL); ++ if (dflt == NULL) ++ goto err_alloc_dflt; + +- dflt = kmemdup(dflt, sizeof(ipv6_devconf_dflt), GFP_KERNEL); +- if (dflt == NULL) +- goto err_alloc_dflt; +- } else { +- /* these will be inherited by all namespaces */ +- dflt->autoconf = ipv6_defaults.autoconf; +- dflt->disable_ipv6 = ipv6_defaults.disable_ipv6; +- } ++ /* these will be inherited by all namespaces */ ++ dflt->autoconf = ipv6_defaults.autoconf; ++ dflt->disable_ipv6 = ipv6_defaults.disable_ipv6; + + net->ipv6.devconf_all = all; + net->ipv6.devconf_dflt = dflt; +diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c +index b196852..dee9964 100644 +--- a/net/ipv6/ip6_input.c ++++ b/net/ipv6/ip6_input.c +@@ -118,6 +118,27 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt + ipv6_addr_loopback(&hdr->daddr)) + goto err; + ++ /* RFC4291 Errata ID: 3480 ++ * Interface-Local scope spans only a single interface on a ++ * node and is useful only for loopback transmission of ++ * multicast. Packets with interface-local scope received ++ * from another node must be discarded. ++ */ ++ if (!(skb->pkt_type == PACKET_LOOPBACK || ++ dev->flags & IFF_LOOPBACK) && ++ ipv6_addr_is_multicast(&hdr->daddr) && ++ IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 1) ++ goto err; ++ ++ /* RFC4291 2.7 ++ * Nodes must not originate a packet to a multicast address whose scope ++ * field contains the reserved value 0; if such a packet is received, it ++ * must be silently dropped. ++ */ ++ if (ipv6_addr_is_multicast(&hdr->daddr) && ++ IPV6_ADDR_MC_SCOPE(&hdr->daddr) == 0) ++ goto err; ++ + /* + * RFC4291 2.7 + * Multicast addresses must not be used as source addresses in IPv6 +diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c +index b833677..4d04105 100644 +--- a/net/irda/af_irda.c ++++ b/net/irda/af_irda.c +@@ -2584,8 +2584,10 @@ bed: + NULL, NULL, NULL); + + /* Check if the we got some results */ +- if (!self->cachedaddr) +- return -EAGAIN; /* Didn't find any devices */ ++ if (!self->cachedaddr) { ++ err = -EAGAIN; /* Didn't find any devices */ ++ goto out; ++ } + daddr = self->cachedaddr; + /* Cleanup */ + self->cachedaddr = 0; +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c +index 9979bf8..e14e676 100644 +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -3401,6 +3401,10 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata, + ret = 0; + + out: ++ /* don't print the message below for VHT mismatch if VHT is disabled */ ++ if (ret & IEEE80211_STA_DISABLE_VHT) ++ vht_chandef = *chandef; ++ + while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef, + IEEE80211_CHAN_DISABLED)) { + if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) { +diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c +index ca9fde1..c8b32a0 100644 +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -756,6 +756,7 @@ int __must_check __sta_info_destroy(struct sta_info *sta) + struct ieee80211_local *local; + struct ieee80211_sub_if_data *sdata; + int ret, i; ++ bool have_key = false; + + might_sleep(); + +@@ -783,12 +784,19 @@ int __must_check __sta_info_destroy(struct sta_info *sta) + list_del_rcu(&sta->list); + + mutex_lock(&local->key_mtx); +- for (i = 0; i < NUM_DEFAULT_KEYS; i++) ++ for (i = 0; i < NUM_DEFAULT_KEYS; i++) { + __ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i])); +- if (sta->ptk) ++ have_key = true; ++ } ++ if (sta->ptk) { + __ieee80211_key_free(key_mtx_dereference(local, sta->ptk)); ++ have_key = true; ++ } + mutex_unlock(&local->key_mtx); + ++ if (!have_key) ++ synchronize_net(); ++ + sta->dead = true; + + local->num_sta--; +diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c +index f2aabb6..5a55be3 100644 +--- a/net/netlink/genetlink.c ++++ b/net/netlink/genetlink.c +@@ -142,6 +142,7 @@ int genl_register_mc_group(struct genl_family *family, + int err = 0; + + BUG_ON(grp->name[0] == '\0'); ++ BUG_ON(memchr(grp->name, '\0', GENL_NAMSIZ) == NULL); + + genl_lock(); + +diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c +index 4e606fc..5578628 100644 +--- a/net/sched/sch_fq_codel.c ++++ b/net/sched/sch_fq_codel.c +@@ -195,7 +195,7 @@ static int fq_codel_enqueue(struct sk_buff *skb, struct Qdisc *sch) + flow->deficit = q->quantum; + flow->dropped = 0; + } +- if (++sch->q.qlen < sch->limit) ++ if (++sch->q.qlen <= sch->limit) + return NET_XMIT_SUCCESS; + + q->drop_overlimit++; +diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c +index fb20f25..f8529fc 100644 +--- a/net/sunrpc/sched.c ++++ b/net/sunrpc/sched.c +@@ -180,6 +180,8 @@ static void __rpc_add_wait_queue(struct rpc_wait_queue *queue, + list_add_tail(&task->u.tk_wait.list, &queue->tasks[0]); + task->tk_waitqueue = queue; + queue->qlen++; ++ /* barrier matches the read in rpc_wake_up_task_queue_locked() */ ++ smp_wmb(); + rpc_set_queued(task); + + dprintk("RPC: %5u added to queue %p \"%s\"\n", +@@ -430,8 +432,11 @@ static void __rpc_do_wake_up_task(struct rpc_wait_queue *queue, struct rpc_task + */ + static void rpc_wake_up_task_queue_locked(struct rpc_wait_queue *queue, struct rpc_task *task) + { +- if (RPC_IS_QUEUED(task) && task->tk_waitqueue == queue) +- __rpc_do_wake_up_task(queue, task); ++ if (RPC_IS_QUEUED(task)) { ++ smp_rmb(); ++ if (task->tk_waitqueue == queue) ++ __rpc_do_wake_up_task(queue, task); ++ } + } + + /* +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index 5b5c876..b45eb65 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -384,7 +384,7 @@ static void unix_sock_destructor(struct sock *sk) + #endif + } + +-static int unix_release_sock(struct sock *sk, int embrion) ++static void unix_release_sock(struct sock *sk, int embrion) + { + struct unix_sock *u = unix_sk(sk); + struct path path; +@@ -453,8 +453,6 @@ static int unix_release_sock(struct sock *sk, int embrion) + + if (unix_tot_inflight) + unix_gc(); /* Garbage collect fds */ +- +- return 0; + } + + static void init_peercred(struct sock *sk) +@@ -701,9 +699,10 @@ static int unix_release(struct socket *sock) + if (!sk) + return 0; + ++ unix_release_sock(sk, 0); + sock->sk = NULL; + +- return unix_release_sock(sk, 0); ++ return 0; + } + + static int unix_autobind(struct socket *sock) diff --git a/3.8.5/4420_grsecurity-2.9.1-3.8.5-201303292018.patch b/3.8.6/4420_grsecurity-2.9.1-3.8.6-201304052305.patch index 1affb1b..6870621 100644 --- a/3.8.5/4420_grsecurity-2.9.1-3.8.5-201303292018.patch +++ b/3.8.6/4420_grsecurity-2.9.1-3.8.6-201304052305.patch @@ -259,7 +259,7 @@ index 986614d..e8bfedc 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 14b38cf..90b3a74 100644 +index 10075d6..dcb3e14 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -806,10 +806,27 @@ index 0c4132d..88f0d53 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 67874b8..0e40765 100644 +index 67874b8..9aa2d62 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1813,7 +1813,7 @@ config ALIGNMENT_TRAP +@@ -1427,6 +1427,16 @@ config ARM_ERRATA_775420 + to deadlock. This workaround puts DSB before executing ISB if + an abort may occur on cache maintenance. + ++config ARM_ERRATA_798181 ++ bool "ARM errata: TLBI/DSB failure on Cortex-A15" ++ depends on CPU_V7 && SMP ++ help ++ On Cortex-A15 (r0p0..r3p2) the TLBI*IS/DSB operations are not ++ adequately shooting down all use of the old entries. This ++ option enables the Linux kernel workaround for this erratum ++ which sends an IPI to the CPUs that are running the same ASID ++ as the one being invalidated. ++ + endmenu + + source "arch/arm/common/Kconfig" +@@ -1813,7 +1823,7 @@ config ALIGNMENT_TRAP config UACCESS_WITH_MEMCPY bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" @@ -1745,6 +1762,24 @@ index 4b1ce6c..bea3f73 100644 void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, u32 offset, struct device_node *); +diff --git a/arch/arm/include/asm/highmem.h b/arch/arm/include/asm/highmem.h +index 8c5e828..91b99ab 100644 +--- a/arch/arm/include/asm/highmem.h ++++ b/arch/arm/include/asm/highmem.h +@@ -41,6 +41,13 @@ extern void kunmap_high(struct page *page); + #endif + #endif + ++/* ++ * Needed to be able to broadcast the TLB invalidation for kmap. ++ */ ++#ifdef CONFIG_ARM_ERRATA_798181 ++#undef ARCH_NEEDS_KMAP_HIGH_GET ++#endif ++ + #ifdef ARCH_NEEDS_KMAP_HIGH_GET + extern void *kmap_high_get(struct page *page); + #else diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h index 83eb2f7..ed77159 100644 --- a/arch/arm/include/asm/kmap_types.h @@ -1793,6 +1828,19 @@ index 2fe141f..192dc01 100644 #ifdef CONFIG_MMU extern void iotable_init(struct map_desc *, int); +diff --git a/arch/arm/include/asm/mmu_context.h b/arch/arm/include/asm/mmu_context.h +index 863a661..a7b85e0 100644 +--- a/arch/arm/include/asm/mmu_context.h ++++ b/arch/arm/include/asm/mmu_context.h +@@ -27,6 +27,8 @@ void __check_vmalloc_seq(struct mm_struct *mm); + void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk); + #define init_new_context(tsk,mm) ({ atomic64_set(&mm->context.id, 0); 0; }) + ++DECLARE_PER_CPU(atomic64_t, active_asids); ++ + #else /* !CONFIG_CPU_HAS_ASID */ + + #ifdef CONFIG_MMU diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h index 53426c6..c7baff3 100644 --- a/arch/arm/include/asm/outercache.h @@ -2159,6 +2207,32 @@ index cddda1f..ff357f7 100644 /* * Change these and you break ASM code in entry-common.S +diff --git a/arch/arm/include/asm/tlbflush.h b/arch/arm/include/asm/tlbflush.h +index 6e924d3..a9f3ddf 100644 +--- a/arch/arm/include/asm/tlbflush.h ++++ b/arch/arm/include/asm/tlbflush.h +@@ -430,6 +430,21 @@ static inline void local_flush_tlb_kernel_page(unsigned long kaddr) + } + } + ++#ifdef CONFIG_ARM_ERRATA_798181 ++static inline void dummy_flush_tlb_a15_erratum(void) ++{ ++ /* ++ * Dummy TLBIMVAIS. Using the unmapped address 0 and ASID 0. ++ */ ++ asm("mcr p15, 0, %0, c8, c3, 1" : : "r" (0)); ++ dsb(); ++} ++#else ++static inline void dummy_flush_tlb_a15_erratum(void) ++{ ++} ++#endif ++ + /* + * flush_pmd_entry + * diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 7e1f760..752fcb7 100644 --- a/arch/arm/include/asm/uaccess.h @@ -2726,7 +2800,7 @@ index 2adda11..7fbe958 100644 flush_icache_range(0xffff001c, 0xffff001c + length); if (!vectors_high()) diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S -index e0eb9a1..c7d74a3 100644 +index e0eb9a1..caee108 100644 --- a/arch/arm/kernel/head.S +++ b/arch/arm/kernel/head.S @@ -52,7 +52,9 @@ @@ -2740,6 +2814,15 @@ index e0eb9a1..c7d74a3 100644 .endm /* +@@ -267,7 +269,7 @@ __create_page_tables: + addne r6, r6, #1 << SECTION_SHIFT + strne r6, [r3] + +-#if defined(CONFIG_LPAE) && defined(CONFIG_CPU_ENDIAN_BE8) ++#if defined(CONFIG_ARM_LPAE) && defined(CONFIG_CPU_ENDIAN_BE8) + sub r4, r4, #4 @ Fixup page table pointer + @ for 64-bit descriptors + #endif @@ -434,7 +436,7 @@ __enable_mmu: mov r5, #(domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ @@ -2924,7 +3007,7 @@ index 03deeff..741ce88 100644 if (secure_computing(scno) == -1) return -1; diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index 3f6cbb2..6d856f5 100644 +index 3f6cbb2..39305c7 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c @@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high); @@ -2981,6 +3064,15 @@ index 3f6cbb2..6d856f5 100644 #endif #ifdef MULTI_TLB cpu_tlb = *list->tlb; +@@ -524,7 +530,7 @@ int __init arm_add_memory(phys_addr_t start, phys_addr_t size) + size -= start & ~PAGE_MASK; + bank->start = PAGE_ALIGN(start); + +-#ifndef CONFIG_LPAE ++#ifndef CONFIG_ARM_LPAE + if (bank->start + size < bank->start) { + printk(KERN_CRIT "Truncating memory at 0x%08llx to fit in " + "32-bit physical address space\n", (long long)start); diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index 56f72d2..6924200 100644 --- a/arch/arm/kernel/signal.c @@ -3028,6 +3120,130 @@ index 58af91c..343ce99 100644 void __init smp_set_ops(struct smp_operations *ops) { +diff --git a/arch/arm/kernel/smp_tlb.c b/arch/arm/kernel/smp_tlb.c +index 02c5d2c..e5695ad 100644 +--- a/arch/arm/kernel/smp_tlb.c ++++ b/arch/arm/kernel/smp_tlb.c +@@ -12,6 +12,7 @@ + + #include <asm/smp_plat.h> + #include <asm/tlbflush.h> ++#include <asm/mmu_context.h> + + /**********************************************************************/ + +@@ -64,12 +65,72 @@ static inline void ipi_flush_tlb_kernel_range(void *arg) + local_flush_tlb_kernel_range(ta->ta_start, ta->ta_end); + } + ++#ifdef CONFIG_ARM_ERRATA_798181 ++static int erratum_a15_798181(void) ++{ ++ unsigned int midr = read_cpuid_id(); ++ ++ /* Cortex-A15 r0p0..r3p2 affected */ ++ if ((midr & 0xff0ffff0) != 0x410fc0f0 || midr > 0x413fc0f2) ++ return 0; ++ return 1; ++} ++#else ++static int erratum_a15_798181(void) ++{ ++ return 0; ++} ++#endif ++ ++static void ipi_flush_tlb_a15_erratum(void *arg) ++{ ++ dmb(); ++} ++ ++static void broadcast_tlb_a15_erratum(void) ++{ ++ if (!erratum_a15_798181()) ++ return; ++ ++ dummy_flush_tlb_a15_erratum(); ++ smp_call_function_many(cpu_online_mask, ipi_flush_tlb_a15_erratum, ++ NULL, 1); ++} ++ ++static void broadcast_tlb_mm_a15_erratum(struct mm_struct *mm) ++{ ++ int cpu; ++ cpumask_t mask = { CPU_BITS_NONE }; ++ ++ if (!erratum_a15_798181()) ++ return; ++ ++ dummy_flush_tlb_a15_erratum(); ++ for_each_online_cpu(cpu) { ++ if (cpu == smp_processor_id()) ++ continue; ++ /* ++ * We only need to send an IPI if the other CPUs are running ++ * the same ASID as the one being invalidated. There is no ++ * need for locking around the active_asids check since the ++ * switch_mm() function has at least one dmb() (as required by ++ * this workaround) in case a context switch happens on ++ * another CPU after the condition below. ++ */ ++ if (atomic64_read(&mm->context.id) == ++ atomic64_read(&per_cpu(active_asids, cpu))) ++ cpumask_set_cpu(cpu, &mask); ++ } ++ smp_call_function_many(&mask, ipi_flush_tlb_a15_erratum, NULL, 1); ++} ++ + void flush_tlb_all(void) + { + if (tlb_ops_need_broadcast()) + on_each_cpu(ipi_flush_tlb_all, NULL, 1); + else + local_flush_tlb_all(); ++ broadcast_tlb_a15_erratum(); + } + + void flush_tlb_mm(struct mm_struct *mm) +@@ -78,6 +139,7 @@ void flush_tlb_mm(struct mm_struct *mm) + on_each_cpu_mask(mm_cpumask(mm), ipi_flush_tlb_mm, mm, 1); + else + local_flush_tlb_mm(mm); ++ broadcast_tlb_mm_a15_erratum(mm); + } + + void flush_tlb_page(struct vm_area_struct *vma, unsigned long uaddr) +@@ -90,6 +152,7 @@ void flush_tlb_page(struct vm_area_struct *vma, unsigned long uaddr) + &ta, 1); + } else + local_flush_tlb_page(vma, uaddr); ++ broadcast_tlb_mm_a15_erratum(vma->vm_mm); + } + + void flush_tlb_kernel_page(unsigned long kaddr) +@@ -100,6 +163,7 @@ void flush_tlb_kernel_page(unsigned long kaddr) + on_each_cpu(ipi_flush_tlb_kernel_page, &ta, 1); + } else + local_flush_tlb_kernel_page(kaddr); ++ broadcast_tlb_a15_erratum(); + } + + void flush_tlb_range(struct vm_area_struct *vma, +@@ -114,6 +178,7 @@ void flush_tlb_range(struct vm_area_struct *vma, + &ta, 1); + } else + local_flush_tlb_range(vma, start, end); ++ broadcast_tlb_mm_a15_erratum(vma->vm_mm); + } + + void flush_tlb_kernel_range(unsigned long start, unsigned long end) +@@ -125,5 +190,6 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end) + on_each_cpu(ipi_flush_tlb_kernel_range, &ta, 1); + } else + local_flush_tlb_kernel_range(start, end); ++ broadcast_tlb_a15_erratum(); + } + diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c index b0179b8..829510e 100644 --- a/arch/arm/kernel/traps.c @@ -3610,6 +3826,31 @@ index db26e2e..ee44569 100644 if (err) \ goto fault; \ } while (0) +diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c +index d07df17..59d5493 100644 +--- a/arch/arm/mm/context.c ++++ b/arch/arm/mm/context.c +@@ -45,7 +45,7 @@ static DEFINE_RAW_SPINLOCK(cpu_asid_lock); + static atomic64_t asid_generation = ATOMIC64_INIT(ASID_FIRST_VERSION); + static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS); + +-static DEFINE_PER_CPU(atomic64_t, active_asids); ++DEFINE_PER_CPU(atomic64_t, active_asids); + static DEFINE_PER_CPU(u64, reserved_asids); + static cpumask_t tlb_flush_pending; + +@@ -209,8 +209,10 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) + atomic64_set(&mm->context.id, asid); + } + +- if (cpumask_test_and_clear_cpu(cpu, &tlb_flush_pending)) ++ if (cpumask_test_and_clear_cpu(cpu, &tlb_flush_pending)) { + local_flush_tlb_all(); ++ dummy_flush_tlb_a15_erratum(); ++ } + + atomic64_set(&per_cpu(active_asids, cpu), asid); + cpumask_set_cpu(cpu, mm_cpumask(mm)); diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index 5dbf13f..1a60561 100644 --- a/arch/arm/mm/fault.c @@ -7213,6 +7454,22 @@ index cf9dada..241529f 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c +index 0cfece4..2f1a0e5 100644 +--- a/arch/powerpc/platforms/cell/spufs/file.c ++++ b/arch/powerpc/platforms/cell/spufs/file.c +@@ -281,9 +281,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf) + return VM_FAULT_NOPAGE; + } + +-static int spufs_mem_mmap_access(struct vm_area_struct *vma, ++static ssize_t spufs_mem_mmap_access(struct vm_area_struct *vma, + unsigned long address, +- void *buf, int len, int write) ++ void *buf, size_t len, int write) + { + struct spu_context *ctx = vma->vm_file->private_data; + unsigned long offset = address - vma->vm_start; diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c index bdb738a..49c9f95 100644 --- a/arch/powerpc/platforms/powermac/smp.c @@ -15948,7 +16205,7 @@ index 7f760a9..04b1c65 100644 } diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 142810c..747941a 100644 +index 142810c..1f2a0a7 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -15989,16 +16246,16 @@ index 142810c..747941a 100644 } +static __always_inline __must_check unsigned long -+__copy_to_user(void __user *to, const void *from, unsigned long len) __size_overflow(3); ++__copy_to_user(void __user *to, const void *from, unsigned long len); +static __always_inline __must_check unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long len) __size_overflow(3); ++__copy_from_user(void *to, const void __user *from, unsigned long len); __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned len); -__must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned len); -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); -+copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3); ++copy_in_user(void __user *to, const void __user *from, unsigned long len); + +extern void copy_to_user_overflow(void) +#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS @@ -33473,7 +33730,7 @@ index a9eccfc..f5efe87 100644 static struct asender_cmd asender_tbl[] = { [P_PING] = { 0, got_Ping }, diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 8bc6d39..f492563 100644 +index f74f2c0..bb668af 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, @@ -34063,10 +34320,10 @@ index 84ddc55..1d32f1e 100644 return 0; } diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index ee4dbea..69c817b 100644 +index a4b7aa0..2faa0bc 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c -@@ -681,7 +681,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, +@@ -685,7 +685,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, if (to_user) { ssize_t ret; @@ -34075,7 +34332,7 @@ index ee4dbea..69c817b 100644 if (ret) return -EFAULT; } else { -@@ -780,7 +780,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, +@@ -784,7 +784,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, if (!port_has_data(port) && !port->host_connected) return 0; @@ -34600,7 +34857,7 @@ index 4cd392d..4b629e1 100644 iounmap(buf); return 0; diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index e1d6253..bd00f91 100644 +index b07cb37..2a51037 100644 --- a/drivers/firmware/efivars.c +++ b/drivers/firmware/efivars.c @@ -138,7 +138,7 @@ struct efivar_attribute { @@ -34612,7 +34869,7 @@ index e1d6253..bd00f91 100644 #define PSTORE_EFI_ATTRIBUTES \ (EFI_VARIABLE_NON_VOLATILE | \ -@@ -1787,7 +1787,7 @@ efivar_create_sysfs_entry(struct efivars *efivars, +@@ -1834,7 +1834,7 @@ efivar_create_sysfs_entry(struct efivars *efivars, static int create_efivars_bin_attributes(struct efivars *efivars) { @@ -35255,7 +35512,7 @@ index fe84338..a863190 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 80aa1fc..85cfce3 100644 +index e6e4df7..6a9a1bd 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2255,7 +2255,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) @@ -35277,7 +35534,7 @@ index 80aa1fc..85cfce3 100644 wake_up(&dev_priv->pending_flip_queue); queue_work(dev_priv->wq, &work->work); -@@ -7490,7 +7489,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7486,7 +7485,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -35286,16 +35543,16 @@ index 80aa1fc..85cfce3 100644 atomic_inc(&intel_crtc->unpin_work_count); ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); -@@ -7507,7 +7506,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, - +@@ -7504,7 +7503,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, cleanup_pending: atomic_dec(&intel_crtc->unpin_work_count); + crtc->fb = old_fb; - atomic_sub(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); + atomic_sub_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); drm_gem_object_unreference(&work->old_fb_obj->base); drm_gem_object_unreference(&obj->base); mutex_unlock(&dev->struct_mutex); -@@ -8849,13 +8848,13 @@ struct intel_quirk { +@@ -8846,13 +8845,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -35311,7 +35568,7 @@ index 80aa1fc..85cfce3 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -8863,18 +8862,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -8860,18 +8859,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -38131,6 +38388,23 @@ index 404f63a..4796533 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, +diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c +index bc78354..42c9459 100644 +--- a/drivers/media/pci/cx88/cx88-video.c ++++ b/drivers/media/pci/cx88/cx88-video.c +@@ -50,9 +50,9 @@ MODULE_VERSION(CX88_VERSION); + + /* ------------------------------------------------------------------ */ + +-static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; +-static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; +-static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; ++static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; ++static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; ++static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; + + module_param_array(video_nr, int, NULL, 0444); + module_param_array(vbi_nr, int, NULL, 0444); diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c index 8e9a668..78d6310 100644 --- a/drivers/media/platform/omap/omap_vout.c @@ -39205,10 +39479,10 @@ index 8dd6ba5..419cc1d 100644 struct sm_sysfs_attribute *vendor_attribute; diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index 272f81a..c3d767c 100644 +index 27cdf1f..8c37357 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c -@@ -4860,7 +4860,7 @@ static unsigned int bond_get_num_tx_queues(void) +@@ -4859,7 +4859,7 @@ static unsigned int bond_get_num_tx_queues(void) return tx_queues; } @@ -39217,6 +39491,16 @@ index 272f81a..c3d767c 100644 .kind = "bond", .priv_size = sizeof(struct bonding), .setup = bond_setup, +@@ -4975,8 +4975,8 @@ static void __exit bonding_exit(void) + + bond_destroy_debugfs(); + +- rtnl_link_unregister(&bond_link_ops); + unregister_pernet_subsys(&bond_net_ops); ++ rtnl_link_unregister(&bond_link_ops); + + #ifdef CONFIG_NET_POLL_CONTROLLER + /* diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c index 70dba5d..11a0919 100644 --- a/drivers/net/ethernet/8390/ax88796.c @@ -39247,6 +39531,79 @@ index 0991534..8098e92 100644 /* multicast configuration controlling object */ bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid, +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c +index 10bc093..a2fb42a 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c +@@ -2136,12 +2136,12 @@ static u8 bnx2x_dcbnl_get_cap(struct net_device *netdev, int capid, u8 *cap) + break; + default: + BNX2X_ERR("Non valid capability ID\n"); +- rval = -EINVAL; ++ rval = 1; + break; + } + } else { + DP(BNX2X_MSG_DCB, "DCB disabled\n"); +- rval = -EINVAL; ++ rval = 1; + } + + DP(BNX2X_MSG_DCB, "capid %d:%x\n", capid, *cap); +@@ -2167,12 +2167,12 @@ static int bnx2x_dcbnl_get_numtcs(struct net_device *netdev, int tcid, u8 *num) + break; + default: + BNX2X_ERR("Non valid TC-ID\n"); +- rval = -EINVAL; ++ rval = 1; + break; + } + } else { + DP(BNX2X_MSG_DCB, "DCB disabled\n"); +- rval = -EINVAL; ++ rval = 1; + } + + return rval; +@@ -2185,7 +2185,7 @@ static int bnx2x_dcbnl_set_numtcs(struct net_device *netdev, int tcid, u8 num) + return -EINVAL; + } + +-static u8 bnx2x_dcbnl_get_pfc_state(struct net_device *netdev) ++static u8 bnx2x_dcbnl_get_pfc_state(struct net_device *netdev) + { + struct bnx2x *bp = netdev_priv(netdev); + DP(BNX2X_MSG_DCB, "state = %d\n", bp->dcbx_local_feat.pfc.enabled); +@@ -2387,12 +2387,12 @@ static u8 bnx2x_dcbnl_get_featcfg(struct net_device *netdev, int featid, + break; + default: + BNX2X_ERR("Non valid featrue-ID\n"); +- rval = -EINVAL; ++ rval = 1; + break; + } + } else { + DP(BNX2X_MSG_DCB, "DCB disabled\n"); +- rval = -EINVAL; ++ rval = 1; + } + + return rval; +@@ -2428,12 +2428,12 @@ static u8 bnx2x_dcbnl_set_featcfg(struct net_device *netdev, int featid, + break; + default: + BNX2X_ERR("Non valid featrue-ID\n"); +- rval = -EINVAL; ++ rval = 1; + break; + } + } else { + DP(BNX2X_MSG_DCB, "dcbnl call not valid\n"); +- rval = -EINVAL; ++ rval = 1; + } + + return rval; diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c index 09b625e..15b16fe 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c @@ -39286,23 +39643,6 @@ index adbd91b..58ec94a 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. -diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c -index 3ec98f2..b9980e0 100644 ---- a/drivers/net/ethernet/broadcom/tg3.c -+++ b/drivers/net/ethernet/broadcom/tg3.c -@@ -14403,8 +14403,10 @@ static void tg3_read_vpd(struct tg3 *tp) - if (j + len > block_end) - goto partno; - -- memcpy(tp->fw_ver, &vpd_data[j], len); -- strncat(tp->fw_ver, " bc ", vpdlen - len - 1); -+ if (len >= sizeof(tp->fw_ver)) -+ len = sizeof(tp->fw_ver) - 1; -+ memset(tp->fw_ver, 0, sizeof(tp->fw_ver)); -+ snprintf(tp->fw_ver, sizeof(tp->fw_ver), "%.*s bc ", len, &vpd_data[j]); - } - - partno: diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h index d330e81..ce1fb9a 100644 --- a/drivers/net/ethernet/broadcom/tg3.h @@ -39402,6 +39742,19 @@ index bb9256a..56d8752 100644 smp_mb(); /* need lock to prevent incorrect read while modifying cyclecounter */ +diff --git a/drivers/net/ethernet/lantiq_etop.c b/drivers/net/ethernet/lantiq_etop.c +index c124e67..db9b897 100644 +--- a/drivers/net/ethernet/lantiq_etop.c ++++ b/drivers/net/ethernet/lantiq_etop.c +@@ -769,7 +769,7 @@ ltq_etop_probe(struct platform_device *pdev) + return 0; + + err_free: +- kfree(dev); ++ free_netdev(dev); + err_out: + return err; + } diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c index fbe5363..266b4e3 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -40198,6 +40551,20 @@ index ff90855..e46d223 100644 } spin_lock_init(&hwsim_radio_lock); +diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c +index cdb11b3..3eca710 100644 +--- a/drivers/net/wireless/mwifiex/cfg80211.c ++++ b/drivers/net/wireless/mwifiex/cfg80211.c +@@ -1846,7 +1846,8 @@ mwifiex_cfg80211_scan(struct wiphy *wiphy, + } + } + +- for (i = 0; i < request->n_channels; i++) { ++ for (i = 0; i < min_t(u32, request->n_channels, ++ MWIFIEX_USER_SCAN_CHAN_MAX); i++) { + chan = request->channels[i]; + priv->user_scan_cfg->chan_list[i].chan_number = chan->hw_value; + priv->user_scan_cfg->chan_list[i].radio_type = chan->band; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c index abe1d03..fb02c22 100644 --- a/drivers/net/wireless/rndis_wlan.c @@ -42623,7 +42990,7 @@ index 96f4981..4daaa7e 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index bd587b7..173daf3 100644 +index fcf880f..a4d1e8f 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1077,7 +1077,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) @@ -48832,10 +49199,10 @@ index b96fc6c..431d628 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index 78edf76..da14f3f 100644 +index 883dc49..f27794a 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c -@@ -651,7 +651,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, +@@ -652,7 +652,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, else if (bdev->bd_contains == bdev) return true; /* is a whole device which isn't held */ @@ -48845,10 +49212,10 @@ index 78edf76..da14f3f 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index eea5da7..88fead70 100644 +index ce1c169..1ef484f 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c -@@ -1033,9 +1033,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, +@@ -1036,9 +1036,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, free_extent_buffer(buf); add_root_to_dirty_list(root); } else { @@ -48865,10 +49232,10 @@ index eea5da7..88fead70 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 659ea81..0f63c1a 100644 +index 7c4e6cc..27bd5c2 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -7300,7 +7300,7 @@ fail: +@@ -7314,7 +7314,7 @@ fail: return -ENOMEM; } @@ -48877,7 +49244,7 @@ index 659ea81..0f63c1a 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -7314,6 +7314,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -7328,6 +7328,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -49937,99 +50304,10 @@ index 1774932..5812106 100644 EXPORT_SYMBOL(dump_write); diff --git a/fs/dcache.c b/fs/dcache.c -index 19153a0..5b71101 100644 +index c3bbf85..5b71101 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -2552,7 +2552,6 @@ static int prepend_path(const struct path *path, - bool slash = false; - int error = 0; - -- br_read_lock(&vfsmount_lock); - while (dentry != root->dentry || vfsmnt != root->mnt) { - struct dentry * parent; - -@@ -2582,8 +2581,6 @@ static int prepend_path(const struct path *path, - if (!error && !slash) - error = prepend(buffer, buflen, "/", 1); - --out: -- br_read_unlock(&vfsmount_lock); - return error; - - global_root: -@@ -2600,7 +2597,7 @@ global_root: - error = prepend(buffer, buflen, "/", 1); - if (!error) - error = is_mounted(vfsmnt) ? 1 : 2; -- goto out; -+ return error; - } - - /** -@@ -2627,9 +2624,11 @@ char *__d_path(const struct path *path, - int error; - - prepend(&res, &buflen, "\0", 1); -+ br_read_lock(&vfsmount_lock); - write_seqlock(&rename_lock); - error = prepend_path(path, root, &res, &buflen); - write_sequnlock(&rename_lock); -+ br_read_unlock(&vfsmount_lock); - - if (error < 0) - return ERR_PTR(error); -@@ -2646,9 +2645,11 @@ char *d_absolute_path(const struct path *path, - int error; - - prepend(&res, &buflen, "\0", 1); -+ br_read_lock(&vfsmount_lock); - write_seqlock(&rename_lock); - error = prepend_path(path, &root, &res, &buflen); - write_sequnlock(&rename_lock); -+ br_read_unlock(&vfsmount_lock); - - if (error > 1) - error = -EINVAL; -@@ -2712,11 +2713,13 @@ char *d_path(const struct path *path, char *buf, int buflen) - return path->dentry->d_op->d_dname(path->dentry, buf, buflen); - - get_fs_root(current->fs, &root); -+ br_read_lock(&vfsmount_lock); - write_seqlock(&rename_lock); - error = path_with_deleted(path, &root, &res, &buflen); -+ write_sequnlock(&rename_lock); -+ br_read_unlock(&vfsmount_lock); - if (error < 0) - res = ERR_PTR(error); -- write_sequnlock(&rename_lock); - path_put(&root); - return res; - } -@@ -2871,6 +2874,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) - get_fs_root_and_pwd(current->fs, &root, &pwd); - - error = -ENOENT; -+ br_read_lock(&vfsmount_lock); - write_seqlock(&rename_lock); - if (!d_unlinked(pwd.dentry)) { - unsigned long len; -@@ -2880,6 +2884,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) - prepend(&cwd, &buflen, "\0", 1); - error = prepend_path(&pwd, &root, &cwd, &buflen); - write_sequnlock(&rename_lock); -+ br_read_unlock(&vfsmount_lock); - - if (error < 0) - goto out; -@@ -2900,6 +2905,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) - } - } else { - write_sequnlock(&rename_lock); -+ br_read_unlock(&vfsmount_lock); - } - - out: -@@ -3133,7 +3139,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3139,7 +3139,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -53519,10 +53797,10 @@ index ec97aef..e67718d 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index a51054f..f9b53e5 100644 +index 5dd7709..0002ebe 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1215,6 +1215,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1219,6 +1219,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -53532,7 +53810,7 @@ index a51054f..f9b53e5 100644 return retval; } -@@ -1234,6 +1237,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1238,6 +1241,9 @@ static int do_umount(struct mount *mnt, int flags) br_write_unlock(&vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -53542,7 +53820,7 @@ index a51054f..f9b53e5 100644 return retval; } -@@ -2287,6 +2293,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2294,6 +2300,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -53559,7 +53837,7 @@ index a51054f..f9b53e5 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2301,6 +2317,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2308,6 +2324,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -53569,7 +53847,7 @@ index a51054f..f9b53e5 100644 return retval; } -@@ -2587,6 +2606,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2594,6 +2613,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -53581,7 +53859,7 @@ index a51054f..f9b53e5 100644 get_fs_root(current->fs, &root); error = lock_mount(&old); if (error) -@@ -2790,7 +2814,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2842,7 +2866,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !nsown_capable(CAP_SYS_ADMIN)) return -EPERM; @@ -53641,18 +53919,9 @@ index 9d1c5db..1e13db8 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index 0dc1158..32ac0e8 100644 +index d1dd710..32ac0e8 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -264,7 +264,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, - iattr->ia_valid |= ATTR_SIZE; - } - if (bmval[0] & FATTR4_WORD0_ACL) { -- int nace; -+ u32 nace; - struct nfs4_ace *ace; - - READ_BUF(4); len += 4; @@ -1456,7 +1456,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -54412,7 +54681,7 @@ index 6a91e6f..e54dbc14 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 9b43ff77..ba3e990 100644 +index 9b43ff77..0fa9564 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -111,6 +111,14 @@ struct pid_entry { @@ -54606,6 +54875,15 @@ index 9b43ff77..ba3e990 100644 if (!mm) return 0; +@@ -722,7 +801,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, + goto free; + + while (count > 0) { +- int this_len = min_t(int, count, PAGE_SIZE); ++ ssize_t this_len = min_t(ssize_t, count, PAGE_SIZE); + + if (write && copy_from_user(page, buf, this_len)) { + copied = -EFAULT; @@ -814,6 +893,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -54620,6 +54898,15 @@ index 9b43ff77..ba3e990 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; +@@ -823,7 +909,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, + goto free; + while (count > 0) { + size_t this_len, max_len; +- int retval; ++ ssize_t retval; + + if (src >= (mm->env_end - mm->env_start)) + break; @@ -1429,7 +1515,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; @@ -55251,10 +55538,10 @@ index 1827d88..43b0279 100644 kfree(ctl_table_arg); goto out; diff --git a/fs/proc/root.c b/fs/proc/root.c -index c6e9fac..a740964 100644 +index 9c7fab1..ed1c8e0 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -176,7 +176,15 @@ void __init proc_root_init(void) +@@ -180,7 +180,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -55698,6 +55985,21 @@ index 157e474..65a6114 100644 #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen) #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ +diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c +index c196369..4cce1d9 100644 +--- a/fs/reiserfs/xattr.c ++++ b/fs/reiserfs/xattr.c +@@ -187,8 +187,8 @@ fill_with_dentries(void *buf, const char *name, int namelen, loff_t offset, + if (dbuf->count == ARRAY_SIZE(dbuf->dentries)) + return -ENOSPC; + +- if (name[0] == '.' && (name[1] == '\0' || +- (name[1] == '.' && name[2] == '\0'))) ++ if (name[0] == '.' && (namelen < 2 || ++ (namelen == 2 && name[1] == '.'))) + return 0; + + dentry = lookup_one_len(name, dbuf->xadir, namelen); diff --git a/fs/select.c b/fs/select.c index 2ef72d9..f213b17 100644 --- a/fs/select.c @@ -55964,10 +56266,40 @@ index 14f4545..9b7f55b 100644 generic_fillattr(inode, stat); return 0; +diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c +index 614b2b5..4d321e6 100644 +--- a/fs/sysfs/bin.c ++++ b/fs/sysfs/bin.c +@@ -235,13 +235,13 @@ static int bin_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) + return ret; + } + +-static int bin_access(struct vm_area_struct *vma, unsigned long addr, +- void *buf, int len, int write) ++static ssize_t bin_access(struct vm_area_struct *vma, unsigned long addr, ++ void *buf, size_t len, int write) + { + struct file *file = vma->vm_file; + struct bin_buffer *bb = file->private_data; + struct sysfs_dirent *attr_sd = file->f_path.dentry->d_fsdata; +- int ret; ++ ssize_t ret; + + if (!bb->vm_ops) + return -EINVAL; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index 2fbdff6..5530a61 100644 +index 1f8c823..ed57cfe 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c +@@ -40,7 +40,7 @@ static DEFINE_IDA(sysfs_ino_ida); + * + * Returns 31 bit hash of ns + name (so it fits in an off_t ) + */ +-static unsigned int sysfs_name_hash(const void *ns, const char *name) ++static unsigned int sysfs_name_hash(const void *ns, const unsigned char *name) + { + unsigned long hash = init_name_hash(); + unsigned int len = strlen(name); @@ -685,6 +685,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, struct sysfs_dirent *sd; int rc; @@ -67685,7 +68017,7 @@ index 7617ee0..b575199 100644 + #endif /* _LINUX_FS_H */ diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h -index d0ae3a8..0244b34 100644 +index 324f931..f292b65 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -6,7 +6,7 @@ @@ -69406,7 +69738,7 @@ index b8ba855..0148090 100644 u32 remainder; return div_u64_rem(dividend, divisor, &remainder); diff --git a/include/linux/mm.h b/include/linux/mm.h -index 66e2f7c..a398fb2 100644 +index 66e2f7c..b916b9a 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); @@ -69421,6 +69753,17 @@ index 66e2f7c..a398fb2 100644 #define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */ #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ +@@ -200,8 +205,8 @@ struct vm_operations_struct { + /* called by access_process_vm when get_user_pages() fails, typically + * for use by special VMAs that can switch between memory and hardware + */ +- int (*access)(struct vm_area_struct *vma, unsigned long addr, +- void *buf, int len, int write); ++ ssize_t (*access)(struct vm_area_struct *vma, unsigned long addr, ++ void *buf, size_t len, int write); + #ifdef CONFIG_NUMA + /* + * set_policy() op must add a reference to any non-NULL @new mempolicy @@ -231,6 +236,7 @@ struct vm_operations_struct { int (*remap_pages)(struct vm_area_struct *vma, unsigned long addr, unsigned long size, pgoff_t pgoff); @@ -69429,6 +69772,32 @@ index 66e2f7c..a398fb2 100644 struct mmu_gather; struct inode; +@@ -995,8 +1001,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, + unsigned long *pfn); + int follow_phys(struct vm_area_struct *vma, unsigned long address, + unsigned int flags, unsigned long *prot, resource_size_t *phys); +-int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, +- void *buf, int len, int write); ++ssize_t generic_access_phys(struct vm_area_struct *vma, unsigned long addr, ++ void *buf, size_t len, int write); + + static inline void unmap_shared_mapping_range(struct address_space *mapping, + loff_t const holebegin, loff_t const holelen) +@@ -1035,10 +1041,10 @@ static inline int fixup_user_fault(struct task_struct *tsk, + } + #endif + +-extern int make_pages_present(unsigned long addr, unsigned long end); +-extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write); +-extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, +- void *buf, int len, int write); ++extern ssize_t make_pages_present(unsigned long addr, unsigned long end); ++extern ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, size_t len, int write); ++extern ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr, ++ void *buf, size_t len, int write); + + int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, + unsigned long start, int len, unsigned int foll_flags, @@ -1068,34 +1074,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -69835,22 +70204,19 @@ index 1375ee3..ced8177 100644 /* Search for module by name: must hold module_mutex. */ diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index 560ca53..5ee8d73 100644 +index 560ca53..ef621ef 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h -@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); - - /* Allocator used for allocating struct module, core sections and init +@@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); sections. Returns NULL on failure. */ --void *module_alloc(unsigned long size); -+void *module_alloc(unsigned long size) __size_overflow(1); -+ + void *module_alloc(unsigned long size); + +#ifdef CONFIG_PAX_KERNEXEC -+void *module_alloc_exec(unsigned long size) __size_overflow(1); ++void *module_alloc_exec(unsigned long size); +#else +#define module_alloc_exec(x) module_alloc(x) +#endif - ++ /* Free memory returned from module_alloc. */ void module_free(struct module *mod, void *module_region); @@ -70760,7 +71126,7 @@ index 429c199..4d42e38 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 98399e2..6e225e9 100644 +index 98399e2..7c74c41 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -70817,6 +71183,16 @@ index 98399e2..6e225e9 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, +@@ -2595,6 +2595,9 @@ static inline void nf_reset(struct sk_buff *skb) + nf_bridge_put(skb->nf_bridge); + skb->nf_bridge = NULL; + #endif ++#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) ++ skb->nf_trace = 0; ++#endif + } + + /* Note: This doesn't put any conntrack and bridge info in dst. */ diff --git a/include/linux/slab.h b/include/linux/slab.h index 5d168d7..720bff3 100644 --- a/include/linux/slab.h @@ -71289,20 +71665,18 @@ index 381f06d..dc16cc7 100644 /** * sysfs_bin_attr_init - initialize a dynamically allocated bin_attribute diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h -index 7faf933..4657127 100644 +index 7faf933..9b85a0c 100644 --- a/include/linux/sysrq.h +++ b/include/linux/sysrq.h -@@ -15,7 +15,9 @@ - #define _LINUX_SYSRQ_H +@@ -16,6 +16,7 @@ #include <linux/errno.h> -+#include <linux/compiler.h> #include <linux/types.h> +#include <linux/compiler.h> /* Enable/disable SYSRQ support by default (0==no, 1==yes). */ #define SYSRQ_DEFAULT_ENABLE 1 -@@ -36,7 +38,7 @@ struct sysrq_key_op { +@@ -36,7 +37,7 @@ struct sysrq_key_op { char *help_msg; char *action_msg; int enable_mask; @@ -71530,7 +71904,7 @@ index c5d36c6..108f4f9 100644 /* * callback functions for platform diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index b9bd2e6..4ce0093 100644 +index 5209cfe..b6b215f 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -21,7 +21,7 @@ struct user_namespace { @@ -71542,7 +71916,7 @@ index b9bd2e6..4ce0093 100644 struct user_namespace *parent; kuid_t owner; kgid_t group; -@@ -35,18 +35,18 @@ extern struct user_namespace init_user_ns; +@@ -37,18 +37,18 @@ extern struct user_namespace init_user_ns; static inline struct user_namespace *get_user_ns(struct user_namespace *ns) { if (ns) @@ -72090,7 +72464,7 @@ index 0dab173..1b76af0 100644 struct pneigh_entry { struct pneigh_entry *next; diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h -index de644bc..351fd4e 100644 +index de644bc..dfbcc4c 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -115,7 +115,7 @@ struct net { @@ -72102,7 +72476,19 @@ index de644bc..351fd4e 100644 }; /* -@@ -282,7 +282,7 @@ struct pernet_operations { +@@ -272,7 +272,11 @@ static inline struct net *read_pnet(struct net * const *pnet) + #define __net_init __init + #define __net_exit __exit_refok + #define __net_initdata __initdata ++#ifdef CONSTIFY_PLUGIN + #define __net_initconst __initconst ++#else ++#define __net_initconst __initdata ++#endif + #endif + + struct pernet_operations { +@@ -282,7 +286,7 @@ struct pernet_operations { void (*exit_batch)(struct list_head *net_exit_list); int *id; size_t size; @@ -72111,7 +72497,7 @@ index de644bc..351fd4e 100644 /* * Use these carefully. If you implement a network device and it -@@ -330,12 +330,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) +@@ -330,12 +334,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) static inline int rt_genid(struct net *net) { @@ -73403,7 +73789,7 @@ index 383d638..943fdbb 100644 mq_table.data = get_mq(table); diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index 6ebfbf5..c750fff 100644 +index f3f40dc..ffe5a3a 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -278,6 +278,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, @@ -73415,7 +73801,7 @@ index 6ebfbf5..c750fff 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index 31cd1bf..362ea07 100644 +index 31cd1bf..9778e0f8 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) @@ -73443,6 +73829,14 @@ index 31cd1bf..362ea07 100644 msg_params.key = key; msg_params.flg = msgflg; +@@ -872,6 +873,7 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, + goto out_unlock; + break; + } ++ msg = ERR_PTR(-EAGAIN); + } else + break; + msg_counter++; diff --git a/ipc/sem.c b/ipc/sem.c index 58d31f1..cce7a55 100644 --- a/ipc/sem.c @@ -76258,10 +76652,10 @@ index f2c6a68..4922d97 100644 { struct pid *pid; diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c -index c1c3dc1..bbeaf31 100644 +index bea15bd..789f3d0 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c -@@ -248,7 +248,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, +@@ -249,7 +249,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { struct pid_namespace *pid_ns = task_active_pid_ns(current); @@ -77644,7 +78038,7 @@ index 81fa536..6ccf96a 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 7591ccc..8988390 100644 +index dec9c30..d1da15b 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -78992,10 +79386,10 @@ index ce8514f..8233573 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 2ffbc24..76105a2 100644 +index fe1d581..43a0f38 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -4471,10 +4471,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4494,10 +4494,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -79007,7 +79401,7 @@ index 2ffbc24..76105a2 100644 static int once; if (d_tracer) -@@ -4494,10 +4493,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4517,10 +4516,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -79157,7 +79551,7 @@ index 42ca822..cdcacc6 100644 local_irq_save(flags); diff --git a/kernel/user.c b/kernel/user.c -index 33acb5e..57ebfd4 100644 +index 7f6ff2b..1ac8f18 100644 --- a/kernel/user.c +++ b/kernel/user.c @@ -47,9 +47,7 @@ struct user_namespace init_user_ns = { @@ -79172,10 +79566,10 @@ index 33acb5e..57ebfd4 100644 .group = GLOBAL_ROOT_GID, .proc_inum = PROC_USER_INIT_INO, diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index dbfe36a7..2a3c1df 100644 +index f45e128..a5a5fb6 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -79,7 +79,7 @@ int create_user_ns(struct cred *new) +@@ -88,7 +88,7 @@ int create_user_ns(struct cred *new) return ret; } @@ -79184,7 +79578,7 @@ index dbfe36a7..2a3c1df 100644 /* Leave the new->user_ns reference with the new user namespace. */ ns->parent = parent_ns; ns->owner = owner; -@@ -105,15 +105,16 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) +@@ -116,15 +116,16 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) return create_user_ns(cred); } @@ -79208,7 +79602,7 @@ index dbfe36a7..2a3c1df 100644 } EXPORT_SYMBOL(free_user_ns); -@@ -804,7 +805,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) +@@ -815,7 +816,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) if (atomic_read(¤t->mm->mm_users) > 1) return -EINVAL; @@ -80331,7 +80725,7 @@ index c6e4dd3..1f41988 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index bb1369f..efb96b5 100644 +index bb1369f..b9631d2 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -433,6 +433,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -80932,7 +81326,7 @@ index bb1369f..efb96b5 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3819,6 +4077,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3819,11 +4077,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -80962,7 +81356,14 @@ index bb1369f..efb96b5 100644 +} #endif /* __PAGETABLE_PMD_FOLDED */ - int make_pages_present(unsigned long addr, unsigned long end) +-int make_pages_present(unsigned long addr, unsigned long end) ++ssize_t make_pages_present(unsigned long addr, unsigned long end) + { +- int ret, len, write; ++ ssize_t ret, len, write; + struct vm_area_struct * vma; + + vma = find_vma(current->mm, addr); @@ -3856,7 +4138,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; @@ -80972,6 +81373,63 @@ index bb1369f..efb96b5 100644 return 0; } +@@ -3990,8 +4272,8 @@ out: + return ret; + } + +-int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, +- void *buf, int len, int write) ++ssize_t generic_access_phys(struct vm_area_struct *vma, unsigned long addr, ++ void *buf, size_t len, int write) + { + resource_size_t phys_addr; + unsigned long prot = 0; +@@ -4016,8 +4298,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, + * Access another process' address space as given in mm. If non-NULL, use the + * given task for page fault accounting. + */ +-static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +- unsigned long addr, void *buf, int len, int write) ++static ssize_t __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, ++ unsigned long addr, void *buf, size_t len, int write) + { + struct vm_area_struct *vma; + void *old_buf = buf; +@@ -4025,7 +4307,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, + down_read(&mm->mmap_sem); + /* ignore errors, just check how much was successfully transferred */ + while (len) { +- int bytes, ret, offset; ++ ssize_t bytes, ret, offset; + void *maddr; + struct page *page = NULL; + +@@ -4084,8 +4366,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, + * + * The caller must hold a reference on @mm. + */ +-int access_remote_vm(struct mm_struct *mm, unsigned long addr, +- void *buf, int len, int write) ++ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr, ++ void *buf, size_t len, int write) + { + return __access_remote_vm(NULL, mm, addr, buf, len, write); + } +@@ -4095,11 +4377,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, + * Source/target buffer must be kernel space, + * Do not walk the page table directly, use get_user_pages + */ +-int access_process_vm(struct task_struct *tsk, unsigned long addr, +- void *buf, int len, int write) ++ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr, ++ void *buf, size_t len, int write) + { + struct mm_struct *mm; +- int ret; ++ ssize_t ret; + + mm = get_task_mm(tsk); + if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 3df6d12..a11056a 100644 --- a/mm/mempolicy.c @@ -81139,7 +81597,7 @@ index c9bd528..da8d069 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 8832b87..4bbb1b2 100644 +index 8832b87..04240d1 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -32,6 +32,7 @@ @@ -81722,6 +82180,15 @@ index 8832b87..4bbb1b2 100644 } unsigned long +@@ -1922,7 +2172,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) + + /* Check the cache first. */ + /* (Cache hit rate is typically around 35%.) */ +- vma = mm->mmap_cache; ++ vma = ACCESS_ONCE(mm->mmap_cache); + if (!(vma && vma->vm_end > addr && vma->vm_start <= addr)) { + struct rb_node *rb_node; + @@ -1974,6 +2224,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -82681,7 +83148,7 @@ index e1031e1..1f2a0a1 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 79c3cac..4d357e0 100644 +index 79c3cac..b2601ea 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -82692,6 +83159,15 @@ index 79c3cac..4d357e0 100644 atomic_long_t mmap_pages_allocated; +@@ -819,7 +818,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) + struct vm_area_struct *vma; + + /* check the cache first */ +- vma = mm->mmap_cache; ++ vma = ACCESS_ONCE(mm->mmap_cache); + if (vma && vma->vm_start <= addr && vma->vm_end > addr) + return vma; + @@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); @@ -82716,6 +83192,37 @@ index 79c3cac..4d357e0 100644 *region = *vma->vm_region; new->vm_region = region; +@@ -1975,8 +1966,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, + } + EXPORT_SYMBOL(generic_file_remap_pages); + +-static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +- unsigned long addr, void *buf, int len, int write) ++static ssize_t __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, ++ unsigned long addr, void *buf, size_t len, int write) + { + struct vm_area_struct *vma; + +@@ -2017,8 +2008,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, + * + * The caller must hold a reference on @mm. + */ +-int access_remote_vm(struct mm_struct *mm, unsigned long addr, +- void *buf, int len, int write) ++ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr, ++ void *buf, size_t len, int write) + { + return __access_remote_vm(NULL, mm, addr, buf, len, write); + } +@@ -2027,7 +2018,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, + * Access another process' address space. + * - source/target buffer must be kernel space + */ +-int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write) ++ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, size_t len, int write) + { + struct mm_struct *mm; + diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 0713bfb..b95bb87 100644 --- a/mm/page-writeback.c @@ -84374,10 +84881,24 @@ index 9800306..76b4b27 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index a292e80..785ee68 100644 +index acc74ad..be02639 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -485,7 +485,7 @@ out: +@@ -108,6 +108,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head) + if (vlan_id) + vlan_vid_del(real_dev, vlan_id); + ++ /* Take it out of our own structures, but be sure to interlock with ++ * HW accelerating devices or SW vlan input packet processing if ++ * VLAN is not 0 (leave it there for 802.1p). ++ */ ++ if (vlan_id) ++ vlan_vid_del(real_dev, vlan_id); ++ + /* Get rid of the vlan's reference to real_dev */ + dev_put(real_dev); + } +@@ -485,7 +492,7 @@ out: return NOTIFY_DONE; } @@ -84386,7 +84907,7 @@ index a292e80..785ee68 100644 .notifier_call = vlan_device_event, }; -@@ -560,8 +560,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -560,8 +567,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; @@ -84800,6 +85321,19 @@ index bd6fd0f..6492cba 100644 spin_unlock_irqrestore(&dev->port.lock, flags); if (dev->tty_dev->parent) device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); +diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c +index d9576e6..85f4f4e 100644 +--- a/net/bridge/br_fdb.c ++++ b/net/bridge/br_fdb.c +@@ -386,7 +386,7 @@ static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source, + return 0; + br_warn(br, "adding interface %s with same address " + "as a received packet\n", +- source->dev->name); ++ source ? source->dev->name : br->dev->name); + fdb_delete(br, fdb); + } + diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 5fe2ff3..121d696 100644 --- a/net/bridge/netfilter/ebtables.c @@ -85072,7 +85606,7 @@ index 368f9c3..f82d4a3 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 1339f77..6fd27dc 100644 +index 5d9c43d..b471558 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name) @@ -85089,7 +85623,7 @@ index 1339f77..6fd27dc 100644 } } EXPORT_SYMBOL(dev_load); -@@ -1715,7 +1719,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1714,7 +1718,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -85098,7 +85632,7 @@ index 1339f77..6fd27dc 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1725,7 +1729,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1724,7 +1728,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) nf_reset(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -85107,7 +85641,7 @@ index 1339f77..6fd27dc 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2180,7 +2184,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2179,7 +2183,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -85116,7 +85650,7 @@ index 1339f77..6fd27dc 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -3053,7 +3057,7 @@ enqueue: +@@ -3052,7 +3056,7 @@ enqueue: local_irq_restore(flags); @@ -85125,7 +85659,7 @@ index 1339f77..6fd27dc 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3125,7 +3129,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3124,7 +3128,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -85134,7 +85668,7 @@ index 1339f77..6fd27dc 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3457,7 +3461,7 @@ ncls: +@@ -3462,7 +3466,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -85143,7 +85677,7 @@ index 1339f77..6fd27dc 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -4040,7 +4044,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4045,7 +4049,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -85152,7 +85686,7 @@ index 1339f77..6fd27dc 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4524,8 +4528,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) +@@ -4529,8 +4533,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) else seq_printf(seq, "%04x", ntohs(pt->type)); @@ -85166,7 +85700,7 @@ index 1339f77..6fd27dc 100644 } return 0; -@@ -6097,7 +6106,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -6102,7 +6111,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -85176,7 +85710,7 @@ index 1339f77..6fd27dc 100644 } EXPORT_SYMBOL(dev_get_stats); diff --git a/net/core/flow.c b/net/core/flow.c -index b0901ee..7d3c2ca 100644 +index 3bad824..2071a55 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -61,7 +61,7 @@ struct flow_cache { @@ -85343,10 +85877,10 @@ index 6212ec9..dd4ad3b 100644 EXPORT_SYMBOL_GPL(__rtnl_link_unregister); diff --git a/net/core/scm.c b/net/core/scm.c -index 905dcc6..14ee2d6 100644 +index 2dc6cda..2159524 100644 --- a/net/core/scm.c +++ b/net/core/scm.c -@@ -224,7 +224,7 @@ EXPORT_SYMBOL(__scm_send); +@@ -226,7 +226,7 @@ EXPORT_SYMBOL(__scm_send); int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm @@ -85355,7 +85889,7 @@ index 905dcc6..14ee2d6 100644 struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); int err; -@@ -247,7 +247,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) +@@ -249,7 +249,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; @@ -85364,7 +85898,7 @@ index 905dcc6..14ee2d6 100644 goto out; cmlen = CMSG_SPACE(len); if (msg->msg_controllen < cmlen) -@@ -263,7 +263,7 @@ EXPORT_SYMBOL(put_cmsg); +@@ -265,7 +265,7 @@ EXPORT_SYMBOL(put_cmsg); void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) { struct cmsghdr __user *cm @@ -85373,7 +85907,7 @@ index 905dcc6..14ee2d6 100644 int fdmax = 0; int fdnum = scm->fp->count; -@@ -283,7 +283,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) +@@ -285,7 +285,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) if (fdnum < fdmax) fdmax = fdnum; @@ -85962,7 +86496,7 @@ index a85062b..2958a9b 100644 .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index d9c4f11..02b82db 100644 +index d9c4f11..02b82dbc 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -1152,7 +1152,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, @@ -86435,10 +86969,10 @@ index d84400b..62e066e 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 66702d3..31ff8f9 100644 +index 9841a71..ef60409 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4733,7 +4733,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4730,7 +4730,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -86447,7 +86981,7 @@ index 66702d3..31ff8f9 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5850,6 +5850,7 @@ discard: +@@ -5847,6 +5847,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -86455,7 +86989,7 @@ index 66702d3..31ff8f9 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5900,6 +5901,7 @@ discard: +@@ -5897,6 +5898,7 @@ discard: goto discard; #endif } @@ -86463,7 +86997,7 @@ index 66702d3..31ff8f9 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5944,7 +5946,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5941,7 +5943,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -86719,7 +87253,7 @@ index 1f4d405..3524677 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 1b5d8cb..ffb0833 100644 +index a36d17e..96d099f 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) @@ -86886,6 +87420,19 @@ index 125a90d..2a11f36 100644 break; case IP6T_SO_GET_ENTRIES: +diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c +index 83acc14..0ea43c7 100644 +--- a/net/ipv6/netfilter/ip6t_NPT.c ++++ b/net/ipv6/netfilter/ip6t_NPT.c +@@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, + if (pfx_len - i >= 32) + mask = 0; + else +- mask = htonl(~((1 << (pfx_len - i)) - 1)); ++ mask = htonl((1 << (i - pfx_len + 32)) - 1); + + idx = i / 32; + addr->s6_addr32[idx] &= mask; diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 2f3a018..8bca195 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -87222,23 +87769,6 @@ index fb08329..2d6919e 100644 } int udp6_seq_show(struct seq_file *seq, void *v) -diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c -index b833677..4d04105 100644 ---- a/net/irda/af_irda.c -+++ b/net/irda/af_irda.c -@@ -2584,8 +2584,10 @@ bed: - NULL, NULL, NULL); - - /* Check if the we got some results */ -- if (!self->cachedaddr) -- return -EAGAIN; /* Didn't find any devices */ -+ if (!self->cachedaddr) { -+ err = -EAGAIN; /* Didn't find any devices */ -+ goto out; -+ } - daddr = self->cachedaddr; - /* Cleanup */ - self->cachedaddr = 0; diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c index a68c88c..d55b0c5 100644 --- a/net/irda/ircomm/ircomm_tty.c @@ -87382,7 +87912,7 @@ index 5b426a6..970032b 100644 return res; } diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index 0479c64..d031db6 100644 +index 0479c64..9e72ff4 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, @@ -87394,7 +87924,34 @@ index 0479c64..d031db6 100644 local->_oper_channel = chandef->chan; local->_oper_channel_type = cfg80211_get_chandef_type(chandef); ieee80211_hw_config(local, 0); -@@ -2716,7 +2716,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, +@@ -2499,7 +2499,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, + list_del(&dep->list); + mutex_unlock(&local->mtx); + +- ieee80211_roc_notify_destroy(dep); ++ ieee80211_roc_notify_destroy(dep, true); + return 0; + } + +@@ -2539,7 +2539,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, + ieee80211_start_next_roc(local); + mutex_unlock(&local->mtx); + +- ieee80211_roc_notify_destroy(found); ++ ieee80211_roc_notify_destroy(found, true); + } else { + /* work may be pending so use it all the time */ + found->abort = true; +@@ -2549,6 +2549,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, + + /* work will clean up etc */ + flush_delayed_work(&found->work); ++ WARN_ON(!found->to_be_freed); ++ kfree(found); + } + + return 0; +@@ -2716,7 +2718,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, else local->probe_req_reg--; @@ -87404,7 +87961,7 @@ index 0479c64..d031db6 100644 ieee80211_queue_work(&local->hw, &local->reconfig_filter); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 2ed065c..948177f 100644 +index 2ed065c..bec0c2b 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -87415,7 +87972,15 @@ index 2ed065c..948177f 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -909,7 +910,7 @@ struct ieee80211_local { +@@ -346,6 +347,7 @@ struct ieee80211_roc_work { + struct ieee80211_channel *chan; + + bool started, abort, hw_begun, notified; ++ bool to_be_freed; + + unsigned long hw_start_time; + +@@ -909,7 +911,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -87424,6 +87989,15 @@ index 2ed065c..948177f 100644 int monitors, cooked_mntrs; /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, +@@ -1363,7 +1365,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local); + void ieee80211_roc_setup(struct ieee80211_local *local); + void ieee80211_start_next_roc(struct ieee80211_local *local); + void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); +-void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc); ++void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free); + void ieee80211_sw_roc_work(struct work_struct *work); + void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); + diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 8be854e..ad72a69 100644 --- a/net/mac80211/iface.c @@ -87504,6 +88078,84 @@ index 1b087ff..bf600e9 100644 ret = drv_config(local, changed); /* * Goal: +diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c +index a3ad4c3..7acbdaa 100644 +--- a/net/mac80211/offchannel.c ++++ b/net/mac80211/offchannel.c +@@ -299,10 +299,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) + } + } + +-void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) ++void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free) + { + struct ieee80211_roc_work *dep, *tmp; + ++ if (WARN_ON(roc->to_be_freed)) ++ return; ++ + /* was never transmitted */ + if (roc->frame) { + cfg80211_mgmt_tx_status(&roc->sdata->wdev, +@@ -318,9 +321,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) + GFP_KERNEL); + + list_for_each_entry_safe(dep, tmp, &roc->dependents, list) +- ieee80211_roc_notify_destroy(dep); ++ ieee80211_roc_notify_destroy(dep, true); + +- kfree(roc); ++ if (free) ++ kfree(roc); ++ else ++ roc->to_be_freed = true; + } + + void ieee80211_sw_roc_work(struct work_struct *work) +@@ -333,6 +339,9 @@ void ieee80211_sw_roc_work(struct work_struct *work) + + mutex_lock(&local->mtx); + ++ if (roc->to_be_freed) ++ goto out_unlock; ++ + if (roc->abort) + goto finish; + +@@ -372,7 +381,7 @@ void ieee80211_sw_roc_work(struct work_struct *work) + finish: + list_del(&roc->list); + started = roc->started; +- ieee80211_roc_notify_destroy(roc); ++ ieee80211_roc_notify_destroy(roc, !roc->abort); + + if (started) { + drv_flush(local, false); +@@ -412,7 +421,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work) + + list_del(&roc->list); + +- ieee80211_roc_notify_destroy(roc); ++ ieee80211_roc_notify_destroy(roc, true); + + /* if there's another roc, start it now */ + ieee80211_start_next_roc(local); +@@ -462,12 +471,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata) + list_for_each_entry_safe(roc, tmp, &tmp_list, list) { + if (local->ops->remain_on_channel) { + list_del(&roc->list); +- ieee80211_roc_notify_destroy(roc); ++ ieee80211_roc_notify_destroy(roc, true); + } else { + ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); + + /* work will clean up etc */ + flush_delayed_work(&roc->work); ++ WARN_ON(!roc->to_be_freed); ++ kfree(roc); + } + } + diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c index 79a48f3..5e185c9 100644 --- a/net/mac80211/pm.c @@ -87979,6 +88631,19 @@ index f042ae5..30ea486 100644 mutex_unlock(&nf_sockopt_mutex); } EXPORT_SYMBOL(nf_unregister_sockopt); +diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c +index 589d686..dc3fd5d 100644 +--- a/net/netfilter/nfnetlink_acct.c ++++ b/net/netfilter/nfnetlink_acct.c +@@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb, + return -EINVAL; + + acct_name = nla_data(tb[NFACCT_NAME]); ++ if (strlen(acct_name) == 0) ++ return -EINVAL; + + list_for_each_entry(nfacct, &nfnl_acct_list, head) { + if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 92fd8ec..3f6ea4b 100644 --- a/net/netfilter/nfnetlink_log.c @@ -88001,6 +88666,22 @@ index 92fd8ec..3f6ea4b 100644 goto nla_put_failure; if (data_len) { +diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c +index 3158d87..39006c9 100644 +--- a/net/netfilter/nfnetlink_queue_core.c ++++ b/net/netfilter/nfnetlink_queue_core.c +@@ -1064,8 +1064,10 @@ static int __init nfnetlink_queue_init(void) + + #ifdef CONFIG_PROC_FS + if (!proc_create("nfnetlink_queue", 0440, +- proc_net_netfilter, &nfqnl_file_ops)) ++ proc_net_netfilter, &nfqnl_file_ops)) { ++ status = -ENOMEM; + goto cleanup_subsys; ++ } + #endif + + register_netdevice_notifier(&nfqnl_dev_notifier); diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c new file mode 100644 index 0000000..c566332 @@ -88115,10 +88796,10 @@ index c0353d5..fcb0270 100644 ); diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c -index f2aabb6..2e5e66e 100644 +index 5a55be3..7630745 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c -@@ -295,18 +295,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops) +@@ -296,18 +296,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops) goto errout; } @@ -88144,7 +88825,7 @@ index f2aabb6..2e5e66e 100644 err = 0; errout: return err; -@@ -336,9 +338,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops) +@@ -337,9 +339,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops) genl_lock(); list_for_each_entry(rc, &family->ops_list, ops_list) { if (rc == ops) { @@ -89281,10 +89962,10 @@ index 507b5e8..049e64a 100644 task->tk_action = call_reserve; } diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index fb20f25..e3ba316 100644 +index f8529fc..ce8c643 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c -@@ -259,9 +259,9 @@ static int rpc_wait_bit_killable(void *word) +@@ -261,9 +261,9 @@ static int rpc_wait_bit_killable(void *word) #ifdef RPC_DEBUG static void rpc_task_set_debuginfo(struct rpc_task *task) { @@ -89586,10 +90267,10 @@ index 6b42d47..2ac24d5 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 5b5c876..6713b81 100644 +index b45eb65..bb4b223 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -786,6 +786,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -785,6 +785,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -89602,7 +90283,7 @@ index 5b5c876..6713b81 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -806,6 +812,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -805,6 +811,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->path.dentry; @@ -89616,7 +90297,7 @@ index 5b5c876..6713b81 100644 if (dentry) touch_atime(&unix_sk(u)->path); } else -@@ -839,12 +852,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) +@@ -838,12 +851,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) */ err = security_path_mknod(&path, dentry, mode, 0); if (!err) { @@ -89635,7 +90316,16 @@ index 5b5c876..6713b81 100644 done_path_create(&path, dentry); return err; } -@@ -2326,9 +2345,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -1995,7 +2014,7 @@ again: + if ((UNIXCB(skb).pid != siocb->scm->pid) || + (UNIXCB(skb).cred != siocb->scm->cred)) + break; +- } else { ++ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { + /* Copy credentials */ + scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); + check_creds = 1; +@@ -2325,9 +2344,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -89650,7 +90340,7 @@ index 5b5c876..6713b81 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2355,8 +2378,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2354,8 +2377,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -89676,6 +90366,20 @@ index 8800604..0526440 100644 table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL); if (table == NULL) +diff --git a/net/wireless/trace.h b/net/wireless/trace.h +index 2134576..5d71a5a 100644 +--- a/net/wireless/trace.h ++++ b/net/wireless/trace.h +@@ -27,7 +27,8 @@ + #define WIPHY_PR_ARG __entry->wiphy_name + + #define WDEV_ENTRY __field(u32, id) +-#define WDEV_ASSIGN (__entry->id) = (wdev ? wdev->identifier : 0) ++#define WDEV_ASSIGN (__entry->id) = (!IS_ERR_OR_NULL(wdev) \ ++ ? wdev->identifier : 0) + #define WDEV_PR_FMT "wdev(%u)" + #define WDEV_PR_ARG (__entry->id) + diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c index c8717c1..08539f5 100644 --- a/net/wireless/wext-core.c @@ -90087,6 +90791,18 @@ index 0000000..5e0222d + [[ "$plugincc" =~ "$1" ]] && echo "$1" + [[ "$plugincc" =~ "$2" ]] && echo "$2" +fi +diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl +index 581ca99..a6ff02e 100644 +--- a/scripts/headers_install.pl ++++ b/scripts/headers_install.pl +@@ -35,6 +35,7 @@ foreach my $filename (@files) { + $line =~ s/([\s(])__user\s/$1/g; + $line =~ s/([\s(])__force\s/$1/g; + $line =~ s/([\s(])__iomem\s/$1/g; ++ $line =~ s/(\s?)__intentional_overflow\([-\d\s,]*\)\s?/$1/g; + $line =~ s/\s__attribute_const__\s/ /g; + $line =~ s/\s__attribute_const__$//g; + $line =~ s/\b__packed\b/__attribute__((packed))/g; diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index b3d907e..a4782ab 100644 --- a/scripts/link-vmlinux.sh @@ -91696,10 +92412,22 @@ index 20ef514..4182bed 100644 select SECURITY_PATH default n diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c -index 23414b9..b92b314 100644 +index 23414b9..f8c115e 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c -@@ -367,7 +367,7 @@ int yama_ptrace_traceme(struct task_struct *parent) +@@ -347,10 +347,8 @@ int yama_ptrace_traceme(struct task_struct *parent) + /* Only disallow PTRACE_TRACEME on more aggressive settings. */ + switch (ptrace_scope) { + case YAMA_SCOPE_CAPABILITY: +- rcu_read_lock(); +- if (!ns_capable(__task_cred(parent)->user_ns, CAP_SYS_PTRACE)) ++ if (!has_ns_capability(parent, current_user_ns(), CAP_SYS_PTRACE)) + rc = -EPERM; +- rcu_read_unlock(); + break; + case YAMA_SCOPE_NO_ATTACH: + rc = -EPERM; +@@ -367,7 +365,7 @@ int yama_ptrace_traceme(struct task_struct *parent) } #ifndef CONFIG_SECURITY_YAMA_STACKED @@ -91708,7 +92436,7 @@ index 23414b9..b92b314 100644 .name = "yama", .ptrace_access_check = yama_ptrace_access_check, -@@ -378,28 +378,24 @@ static struct security_operations yama_ops = { +@@ -378,28 +376,24 @@ static struct security_operations yama_ops = { #endif #ifdef CONFIG_SYSCTL @@ -94247,10 +94975,10 @@ index 0000000..b5395ba +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..5ac778be +index 0000000..ddd5b2e --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,5862 @@ +@@ -0,0 +1,5876 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +batadv_orig_node_del_if_4 batadv_orig_node_del_if 2 4 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -94852,8 +95580,8 @@ index 0000000..5ac778be +lp_compat_ioctl_7098 lp_compat_ioctl 3 7098 NULL +pipeline_enc_rx_stat_fifo_int_read_7107 pipeline_enc_rx_stat_fifo_int_read 3 7107 NULL +check_header_7108 check_header 0 7108 NULL -+__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL nohasharray -+utf16_strsize_7203 utf16_strsize 0 7203 &__alloc_objio_seg_7203 ++utf16_strsize_7203 utf16_strsize 0 7203 NULL nohasharray ++__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 &utf16_strsize_7203 +sys32_ipc_7238 sys32_ipc 3-5-6-4 7238 NULL +get_param_h_7247 get_param_h 0 7247 NULL +vm_mmap_pgoff_7259 vm_mmap_pgoff 0 7259 NULL @@ -95013,8 +95741,8 @@ index 0000000..5ac778be +usb_allocate_stream_buffers_8964 usb_allocate_stream_buffers 3 8964 NULL +qib_qsfp_dump_8966 qib_qsfp_dump 0-3 8966 NULL +venus_mkdir_8967 venus_mkdir 4 8967 NULL -+seq_open_net_8968 seq_open_net 4 8968 NULL nohasharray -+vol_cdev_read_8968 vol_cdev_read 3 8968 &seq_open_net_8968 ++vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray ++seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968 +bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL +btrfs_alloc_free_block_8986 btrfs_alloc_free_block 3 8986 NULL +palmas_ldo_write_9012 palmas_ldo_write 2 9012 NULL @@ -95044,6 +95772,7 @@ index 0000000..5ac778be +tcf_csum_ipv4_icmp_9258 tcf_csum_ipv4_icmp 3 9258 NULL +sparse_early_usemaps_alloc_node_9269 sparse_early_usemaps_alloc_node 4 9269 NULL +hdpvr_read_9273 hdpvr_read 3 9273 NULL ++flakey_status_9274 flakey_status 5 9274 NULL +qla82xx_pci_set_window_9303 qla82xx_pci_set_window 0-2 9303 NULL +iwl_dbgfs_stations_read_9309 iwl_dbgfs_stations_read 3 9309 NULL +ceph_sync_setxattr_9310 ceph_sync_setxattr 4 9310 NULL @@ -95060,7 +95789,8 @@ index 0000000..5ac778be +ext3_xattr_set_acl_9467 ext3_xattr_set_acl 4 9467 NULL +agp_generic_alloc_user_9470 agp_generic_alloc_user 1 9470 NULL +rbd_coll_end_req_9472 rbd_coll_end_req 3 9472 NULL -+__alloc_preds_9492 __alloc_preds 2 9492 NULL ++__alloc_preds_9492 __alloc_preds 2 9492 NULL nohasharray ++crypt_status_9492 crypt_status 5 9492 &__alloc_preds_9492 +lp_write_9511 lp_write 3 9511 NULL +scsi_tgt_kspace_exec_9522 scsi_tgt_kspace_exec 8 9522 NULL +lm3533_update_9529 lm3533_update 2 9529 NULL @@ -95086,8 +95816,8 @@ index 0000000..5ac778be +dns_query_9676 dns_query 3 9676 &ks8842_read16_9676 +qib_7322_handle_hwerrors_9678 qib_7322_handle_hwerrors 3 9678 NULL +__erst_read_from_storage_9690 __erst_read_from_storage 0 9690 NULL -+is_hole_9694 is_hole 2 9694 NULL nohasharray -+x25_asy_compat_ioctl_9694 x25_asy_compat_ioctl 4 9694 &is_hole_9694 ++x25_asy_compat_ioctl_9694 x25_asy_compat_ioctl 4 9694 NULL nohasharray ++is_hole_9694 is_hole 2 9694 &x25_asy_compat_ioctl_9694 +fnb_9703 fnb 2-3 9703 NULL +ieee80211_if_read_aid_9705 ieee80211_if_read_aid 3 9705 NULL +ieee80211_if_fmt_num_mcast_sta_9738 ieee80211_if_fmt_num_mcast_sta 3 9738 NULL @@ -95338,8 +96068,8 @@ index 0000000..5ac778be +shash_compat_setkey_12267 shash_compat_setkey 3 12267 NULL +add_sctp_bind_addr_12269 add_sctp_bind_addr 3 12269 NULL +note_last_dentry_12285 note_last_dentry 3 12285 NULL -+il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 NULL nohasharray -+roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 &il_dbgfs_nvm_read_12288 ++roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 NULL nohasharray ++il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 &roundup_to_multiple_of_64_12288 +vxge_get_num_vfs_12302 vxge_get_num_vfs 0 12302 NULL +split_bvec_12312 split_bvec 6 12312 NULL +tipc_msg_build_12326 tipc_msg_build 4 12326 NULL @@ -95384,8 +96114,8 @@ index 0000000..5ac778be +xfs_inumbers_fmt_12817 xfs_inumbers_fmt 3 12817 NULL +readq_12825 readq 0 12825 NULL +TSS_authhmac_12839 TSS_authhmac 3 12839 NULL -+spidev_sync_12842 spidev_sync 0 12842 NULL nohasharray -+ath6kl_wmi_add_wow_pattern_cmd_12842 ath6kl_wmi_add_wow_pattern_cmd 4 12842 &spidev_sync_12842 ++ath6kl_wmi_add_wow_pattern_cmd_12842 ath6kl_wmi_add_wow_pattern_cmd 4 12842 NULL nohasharray ++spidev_sync_12842 spidev_sync 0 12842 &ath6kl_wmi_add_wow_pattern_cmd_12842 +spidev_ioctl_12846 spidev_ioctl 2 12846 NULL +get_leb_cnt_12892 get_leb_cnt 0-2 12892 NULL +ocfs2_hamming_encode_block_12904 ocfs2_hamming_encode_block 2 12904 NULL @@ -95540,8 +96270,8 @@ index 0000000..5ac778be +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL +stripe_status_14506 stripe_status 5 14506 NULL +ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL -+ep0_write_14536 ep0_write 3 14536 NULL nohasharray -+dataflash_read_user_otp_14536 dataflash_read_user_otp 2-3 14536 &ep0_write_14536 ++dataflash_read_user_otp_14536 dataflash_read_user_otp 2-3 14536 NULL nohasharray ++ep0_write_14536 ep0_write 3 14536 &dataflash_read_user_otp_14536 +picolcd_debug_eeprom_read_14549 picolcd_debug_eeprom_read 3 14549 NULL +drm_vmalloc_dma_14550 drm_vmalloc_dma 1 14550 NULL +usb_dump_desc_14553 usb_dump_desc 0 14553 NULL @@ -95563,8 +96293,8 @@ index 0000000..5ac778be +lm3533_als_get_hysteresis_14776 lm3533_als_get_hysteresis 2 14776 NULL +sta_dev_read_14782 sta_dev_read 3 14782 NULL +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL -+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 NULL nohasharray -+hpet_readl_14801 hpet_readl 0 14801 &snd_als300_gcr_read_14801 ++hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray ++snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801 +bcma_scan_read32_14802 bcma_scan_read32 0 14802 NULL +do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL +__mutex_fastpath_lock_retval_14844 __mutex_fastpath_lock_retval 0 14844 NULL @@ -95704,7 +96434,8 @@ index 0000000..5ac778be +ocfs2_xattr_bucket_value_truncate_16279 ocfs2_xattr_bucket_value_truncate 4 16279 NULL +drbd_setsockopt_16280 drbd_setsockopt 5 16280 NULL nohasharray +nand_bch_init_16280 nand_bch_init 3-2 16280 &drbd_setsockopt_16280 -+account_16283 account 0-2-4 16283 NULL ++account_16283 account 0-2-4 16283 NULL nohasharray ++mirror_status_16283 mirror_status 5 16283 &account_16283 +stk_allocate_buffers_16291 stk_allocate_buffers 2 16291 NULL +rbd_segment_offset_16293 rbd_segment_offset 0-2 16293 NULL +rsc_mgr_init_16299 rsc_mgr_init 3 16299 NULL @@ -96145,6 +96876,7 @@ index 0000000..5ac778be +proc_fault_inject_write_21058 proc_fault_inject_write 3 21058 NULL +event_calibration_read_21083 event_calibration_read 3 21083 NULL +compat_sock_ioctl_trans_21092 compat_sock_ioctl_trans 4 21092 NULL ++multipath_status_21094 multipath_status 5 21094 NULL +__cfg80211_send_disassoc_21096 __cfg80211_send_disassoc 3 21096 NULL +ext2_valid_block_bitmap_21101 ext2_valid_block_bitmap 3 21101 NULL +ath6kl_send_go_probe_resp_21113 ath6kl_send_go_probe_resp 3 21113 NULL @@ -96429,6 +97161,7 @@ index 0000000..5ac778be +mei_amthif_read_24224 mei_amthif_read 4 24224 &pcpu_embed_first_chunk_24224 +pci_num_vf_24235 pci_num_vf 0 24235 NULL +sel_read_bool_24236 sel_read_bool 3 24236 NULL ++thin_status_24278 thin_status 5 24278 NULL +compat_sys_preadv64_24283 compat_sys_preadv64 3 24283 NULL +msg_size_24288 msg_size 0 24288 NULL +ext2_free_blocks_24292 ext2_free_blocks 2-3 24292 NULL @@ -96514,6 +97247,7 @@ index 0000000..5ac778be +mon_stat_read_25238 mon_stat_read 3 25238 NULL +tcf_csum_ipv6_udp_25241 tcf_csum_ipv6_udp 4 25241 NULL +nilfs_palloc_find_available_slot_25245 nilfs_palloc_find_available_slot 3-5 25245 NULL ++stripe_status_25259 stripe_status 5 25259 NULL +snd_pcm_start_25273 snd_pcm_start 0 25273 NULL +crypto_alloc_instance2_25277 crypto_alloc_instance2 3 25277 NULL +vfs_writev_25278 vfs_writev 3 25278 NULL @@ -96521,6 +97255,7 @@ index 0000000..5ac778be +snd_seq_ioctl_compat_25307 snd_seq_ioctl_compat 3 25307 NULL +help_25316 help 5 25316 NULL nohasharray +ath9k_debugfs_read_buf_25316 ath9k_debugfs_read_buf 3 25316 &help_25316 ++rng_buffer_size_25348 rng_buffer_size 0 25348 NULL +i915_gem_execbuffer_relocate_slow_25355 i915_gem_execbuffer_relocate_slow 7 25355 NULL +rio_destid_next_25368 rio_destid_next 2 25368 NULL nohasharray +unix_mkname_25368 unix_mkname 0-2 25368 &rio_destid_next_25368 @@ -96596,8 +97331,8 @@ index 0000000..5ac778be +usb_dump_device_strings_26146 usb_dump_device_strings 0 26146 NULL +__fswab64_26155 __fswab64 0 26155 NULL +copy_oldmem_page_26164 copy_oldmem_page 3-1 26164 NULL -+ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 NULL nohasharray -+gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 &ath6kl_roam_table_read_26166 ++gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 NULL nohasharray ++ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 &gfs2_xattr_acl_get_26166 +mid_get_vbt_data_r1_26170 mid_get_vbt_data_r1 2 26170 NULL +disk_devt_26180 disk_devt 0 26180 NULL +get_registers_26187 get_registers 3 26187 NULL @@ -96760,6 +97495,7 @@ index 0000000..5ac778be +sctp_setsockopt_maxburst_28041 sctp_setsockopt_maxburst 3 28041 NULL +rts51x_xd_rw_28046 rts51x_xd_rw 3-4 28046 NULL +cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 3-2 28053 NULL ++pool_status_28055 pool_status 5 28055 NULL +lpfc_idiag_mbxacc_read_28061 lpfc_idiag_mbxacc_read 3 28061 NULL +tx_frag_bad_mblk_num_read_28064 tx_frag_bad_mblk_num_read 3 28064 NULL +ext4_read_block_bitmap_nowait_28078 ext4_read_block_bitmap_nowait 2 28078 NULL @@ -96997,6 +97733,7 @@ index 0000000..5ac778be +dccp_setsockopt_ccid_30701 dccp_setsockopt_ccid 4 30701 NULL +lbs_debugfs_read_30721 lbs_debugfs_read 3 30721 NULL +snd_nm256_playback_silence_30727 snd_nm256_playback_silence 4-3 30727 NULL ++snapshot_status_30744 snapshot_status 5 30744 NULL +max77693_update_reg_30747 max77693_update_reg 2 30747 NULL +tcf_csum_ipv4_udp_30777 tcf_csum_ipv4_udp 4 30777 NULL +wm8350_read_auxadc_30780 wm8350_read_auxadc 2 30780 NULL @@ -97327,8 +98064,8 @@ index 0000000..5ac778be +av7110_vbi_write_34384 av7110_vbi_write 3 34384 NULL +usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL +read_rbu_image_type_34387 read_rbu_image_type 6 34387 NULL -+iwl_calib_set_34400 iwl_calib_set 3 34400 NULL nohasharray -+ivtv_read_pos_34400 ivtv_read_pos 3 34400 &iwl_calib_set_34400 ++ivtv_read_pos_34400 ivtv_read_pos 3 34400 NULL nohasharray ++iwl_calib_set_34400 iwl_calib_set 3 34400 &ivtv_read_pos_34400 +nl80211_send_disassoc_34424 nl80211_send_disassoc 4 34424 NULL +usbtest_alloc_urb_34446 usbtest_alloc_urb 3-5 34446 NULL +mwifiex_regrdwr_read_34472 mwifiex_regrdwr_read 3 34472 NULL @@ -97670,8 +98407,8 @@ index 0000000..5ac778be +ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268 +verity_status_38273 verity_status 5 38273 NULL -+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 NULL nohasharray -+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 &xfs_bmdr_to_bmbt_38275 ++xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray ++xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275 +zd_mac_rx_38296 zd_mac_rx 3 38296 NULL +ieee80211_send_probe_req_38307 ieee80211_send_probe_req 6-4 38307 NULL +isr_rx_headers_read_38325 isr_rx_headers_read 3 38325 NULL @@ -97797,8 +98534,8 @@ index 0000000..5ac778be +ext_depth_39607 ext_depth 0 39607 NULL +nfs_idmap_get_key_39616 nfs_idmap_get_key 2 39616 NULL +sdio_readb_39618 sdio_readb 0 39618 NULL -+dm_exception_table_init_39645 dm_exception_table_init 2 39645 NULL nohasharray -+set_dev_class_39645 set_dev_class 4 39645 &dm_exception_table_init_39645 ++set_dev_class_39645 set_dev_class 4 39645 NULL nohasharray ++dm_exception_table_init_39645 dm_exception_table_init 2 39645 &set_dev_class_39645 +snd_rme32_capture_copy_39653 snd_rme32_capture_copy 5 39653 NULL +tcp_try_rmem_schedule_39657 tcp_try_rmem_schedule 3 39657 NULL nohasharray +prism2_info_hostscanresults_39657 prism2_info_hostscanresults 3 39657 &tcp_try_rmem_schedule_39657 @@ -98138,12 +98875,12 @@ index 0000000..5ac778be +__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL +gart_free_coherent_43362 gart_free_coherent 4-2 43362 NULL +xenfb_write_43412 xenfb_write 3 43412 NULL -+__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL nohasharray -+gdm_wimax_netif_rx_43423 gdm_wimax_netif_rx 3 43423 &__alloc_bootmem_low_43423 ++gdm_wimax_netif_rx_43423 gdm_wimax_netif_rx 3 43423 NULL nohasharray ++__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 &gdm_wimax_netif_rx_43423 +usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL +ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL -+usb_string_43443 usb_string 0 43443 NULL nohasharray -+usemap_size_43443 usemap_size 0-2-1 43443 &usb_string_43443 ++usemap_size_43443 usemap_size 0-2-1 43443 NULL nohasharray ++usb_string_43443 usb_string 0 43443 &usemap_size_43443 +alloc_new_reservation_43480 alloc_new_reservation 4 43480 NULL +tx_tx_data_prepared_read_43497 tx_tx_data_prepared_read 3 43497 NULL +ieee80211_if_fmt_dot11MeshHWMPnetDiameterTraversalTime_43505 ieee80211_if_fmt_dot11MeshHWMPnetDiameterTraversalTime 3 43505 NULL @@ -98268,8 +99005,8 @@ index 0000000..5ac778be +ptrace_writedata_45021 ptrace_writedata 4-3 45021 &read_block_bitmap_45021 +vhci_get_user_45039 vhci_get_user 3 45039 NULL +sel_write_user_45060 sel_write_user 3 45060 NULL -+do_video_ioctl_45069 do_video_ioctl 3 45069 NULL nohasharray -+snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 &do_video_ioctl_45069 ++snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 NULL nohasharray ++do_video_ioctl_45069 do_video_ioctl 3 45069 &snd_mixart_BA0_read_45069 +kvm_mmu_page_get_gfn_45110 kvm_mmu_page_get_gfn 0-2 45110 NULL +pwr_missing_bcns_cnt_read_45113 pwr_missing_bcns_cnt_read 3 45113 NULL +usbdev_read_45114 usbdev_read 3 45114 NULL @@ -98369,8 +99106,8 @@ index 0000000..5ac778be +ata_host_alloc_46094 ata_host_alloc 2 46094 NULL +arizona_set_irq_wake_46101 arizona_set_irq_wake 2 46101 NULL +pkt_ctl_compat_ioctl_46110 pkt_ctl_compat_ioctl 3 46110 NULL -+il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 NULL nohasharray -+memcg_update_array_size_46111 memcg_update_array_size 1 46111 &il3945_ucode_general_stats_read_46111 ++memcg_update_array_size_46111 memcg_update_array_size 1 46111 NULL nohasharray ++il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 &memcg_update_array_size_46111 +mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL +__netlink_change_ngroups_46156 __netlink_change_ngroups 2 46156 NULL +qlcnic_alloc_msix_entries_46160 qlcnic_alloc_msix_entries 2 46160 NULL @@ -98961,6 +99698,7 @@ index 0000000..5ac778be +aac_rx_ioremap_52410 aac_rx_ioremap 2 52410 NULL +cgroup_file_write_52417 cgroup_file_write 3 52417 NULL +line6_midibuf_init_52425 line6_midibuf_init 2 52425 NULL ++delay_status_52431 delay_status 5 52431 NULL +ieee80211_if_fmt_num_sta_ps_52438 ieee80211_if_fmt_num_sta_ps 3 52438 NULL +nl80211_send_mgmt_tx_status_52445 nl80211_send_mgmt_tx_status 5 52445 NULL +ieee80211_alloc_txb_52477 ieee80211_alloc_txb 1-2 52477 NULL @@ -99009,6 +99747,7 @@ index 0000000..5ac778be +cfi_read_query_53066 cfi_read_query 0 53066 NULL +mwifiex_debug_read_53074 mwifiex_debug_read 3 53074 NULL +qib_resize_cq_53090 qib_resize_cq 2 53090 NULL ++verity_status_53120 verity_status 5 53120 NULL +line6_dumpreq_initbuf_53123 line6_dumpreq_initbuf 3 53123 NULL +brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL +ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL @@ -99051,8 +99790,8 @@ index 0000000..5ac778be +_preload_range_53676 _preload_range 2-3 53676 NULL +fuse_fill_write_pages_53682 fuse_fill_write_pages 4 53682 NULL +v4l2_event_subscribe_53687 v4l2_event_subscribe 3 53687 NULL -+bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 NULL nohasharray -+igb_alloc_q_vector_53690 igb_alloc_q_vector 4-6 53690 &bdev_logical_block_size_53690 ++igb_alloc_q_vector_53690 igb_alloc_q_vector 4-6 53690 NULL nohasharray ++bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 &igb_alloc_q_vector_53690 +find_overflow_devnum_53711 find_overflow_devnum 0 53711 NULL +bio_integrity_split_53714 bio_integrity_split 3 53714 NULL +__ocfs2_resv_find_window_53721 __ocfs2_resv_find_window 3 53721 NULL @@ -99112,8 +99851,8 @@ index 0000000..5ac778be +irq_domain_associate_many_54307 irq_domain_associate_many 2 54307 NULL +br_fdb_fillbuf_54339 br_fdb_fillbuf 0 54339 NULL +__alloc_dev_table_54343 __alloc_dev_table 2 54343 NULL -+_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 NULL nohasharray -+__get_free_pages_54352 __get_free_pages 0 54352 &_osd_realloc_seg_54352 ++__get_free_pages_54352 __get_free_pages 0 54352 NULL nohasharray ++_osd_realloc_seg_54352 _osd_realloc_seg 3 54352 &__get_free_pages_54352 +tcf_hash_create_54360 tcf_hash_create 4 54360 NULL +read_file_credit_dist_stats_54367 read_file_credit_dist_stats 3 54367 NULL +vfs_readlink_54368 vfs_readlink 3 54368 NULL @@ -99418,6 +100157,7 @@ index 0000000..5ac778be +ocfs2_write_cluster_57483 ocfs2_write_cluster 8-2-9 57483 NULL +bnad_debugfs_write_regwr_57500 bnad_debugfs_write_regwr 3 57500 NULL +skb_headlen_57501 skb_headlen 0 57501 NULL ++copy_in_user_57502 copy_in_user 3 57502 NULL +ks8842_read32_57505 ks8842_read32 0 57505 NULL nohasharray +ckhdid_printf_57505 ckhdid_printf 2 57505 &ks8842_read32_57505 +init_tag_map_57515 init_tag_map 3 57515 NULL @@ -99644,8 +100384,8 @@ index 0000000..5ac778be +ffs_prepare_buffer_59892 ffs_prepare_buffer 2 59892 NULL +il_dbgfs_rxon_flags_read_59950 il_dbgfs_rxon_flags_read 3 59950 NULL nohasharray +dapm_widget_power_read_file_59950 dapm_widget_power_read_file 3 59950 &il_dbgfs_rxon_flags_read_59950 -+il_dbgfs_missed_beacon_read_59956 il_dbgfs_missed_beacon_read 3 59956 NULL nohasharray -+compat_ipmi_ioctl_59956 compat_ipmi_ioctl 3 59956 &il_dbgfs_missed_beacon_read_59956 ++compat_ipmi_ioctl_59956 compat_ipmi_ioctl 3 59956 NULL nohasharray ++il_dbgfs_missed_beacon_read_59956 il_dbgfs_missed_beacon_read 3 59956 &compat_ipmi_ioctl_59956 +fb_getput_cmap_59971 fb_getput_cmap 3 59971 NULL +__arch_hweight16_59975 __arch_hweight16 0 59975 NULL +osd_req_read_kern_59990 osd_req_read_kern 5 59990 NULL @@ -99659,8 +100399,8 @@ index 0000000..5ac778be +ceph_calc_raw_layout_60035 ceph_calc_raw_layout 4 60035 NULL +bio_integrity_hw_sectors_60039 bio_integrity_hw_sectors 0-2 60039 NULL +do_ip6t_set_ctl_60040 do_ip6t_set_ctl 4 60040 NULL -+vcs_size_60050 vcs_size 0 60050 NULL nohasharray -+pin_2_irq_60050 pin_2_irq 0-3 60050 &vcs_size_60050 ++pin_2_irq_60050 pin_2_irq 0-3 60050 NULL nohasharray ++vcs_size_60050 vcs_size 0 60050 &pin_2_irq_60050 +load_module_60056 load_module 2 60056 NULL nohasharray +gru_alloc_gts_60056 gru_alloc_gts 3-2 60056 &load_module_60056 +compat_writev_60063 compat_writev 3 60063 NULL @@ -99719,6 +100459,7 @@ index 0000000..5ac778be +read_vbt_r10_60679 read_vbt_r10 1 60679 NULL +init_data_container_60709 init_data_container 1 60709 NULL +snd_ice1712_ds_read_60754 snd_ice1712_ds_read 0 60754 NULL ++raid_status_60755 raid_status 5 60755 NULL +sel_write_checkreqprot_60774 sel_write_checkreqprot 3 60774 NULL +opticon_write_60775 opticon_write 4 60775 NULL +acl_alloc_num_60778 acl_alloc_num 1-2 60778 NULL @@ -99893,8 +100634,8 @@ index 0000000..5ac778be +xlog_recover_add_to_trans_62839 xlog_recover_add_to_trans 4 62839 NULL +rx_fcs_err_read_62844 rx_fcs_err_read 3 62844 NULL +hpi_read_word_62862 hpi_read_word 0 62862 NULL -+em28xx_init_isoc_62883 em28xx_init_isoc 4 62883 NULL nohasharray -+aoechr_write_62883 aoechr_write 3 62883 &em28xx_init_isoc_62883 ++aoechr_write_62883 aoechr_write 3 62883 NULL nohasharray ++em28xx_init_isoc_62883 em28xx_init_isoc 4 62883 &aoechr_write_62883 +resize_info_buffer_62889 resize_info_buffer 2 62889 NULL +if_spi_host_to_card_62890 if_spi_host_to_card 4 62890 NULL +mempool_create_slab_pool_62907 mempool_create_slab_pool 1 62907 NULL @@ -99941,6 +100682,7 @@ index 0000000..5ac778be +ocfs2_calc_trunc_pos_63576 ocfs2_calc_trunc_pos 4 63576 NULL +rproc_alloc_63577 rproc_alloc 5 63577 NULL +ext3_clear_blocks_63597 ext3_clear_blocks 4-5 63597 NULL ++module_alloc_63630 module_alloc 1 63630 NULL +ntfs_malloc_nofs_nofail_63631 ntfs_malloc_nofs_nofail 1 63631 NULL +symbol_build_supp_rates_63634 symbol_build_supp_rates 0 63634 NULL +_ubh_find_next_zero_bit__63640 _ubh_find_next_zero_bit_ 4-5-3 63640 NULL diff --git a/3.8.5/4425_grsec_remove_EI_PAX.patch b/3.8.6/4425_grsec_remove_EI_PAX.patch index 97e6951..97e6951 100644 --- a/3.8.5/4425_grsec_remove_EI_PAX.patch +++ b/3.8.6/4425_grsec_remove_EI_PAX.patch diff --git a/3.8.5/4430_grsec-remove-localversion-grsec.patch b/3.8.6/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.8.5/4430_grsec-remove-localversion-grsec.patch +++ b/3.8.6/4430_grsec-remove-localversion-grsec.patch diff --git a/3.8.5/4435_grsec-mute-warnings.patch b/3.8.6/4435_grsec-mute-warnings.patch index e1a7a3c..e1a7a3c 100644 --- a/3.8.5/4435_grsec-mute-warnings.patch +++ b/3.8.6/4435_grsec-mute-warnings.patch diff --git a/3.8.5/4440_grsec-remove-protected-paths.patch b/3.8.6/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.8.5/4440_grsec-remove-protected-paths.patch +++ b/3.8.6/4440_grsec-remove-protected-paths.patch diff --git a/3.8.5/4450_grsec-kconfig-default-gids.patch b/3.8.6/4450_grsec-kconfig-default-gids.patch index 3dfdc8f..3dfdc8f 100644 --- a/3.8.5/4450_grsec-kconfig-default-gids.patch +++ b/3.8.6/4450_grsec-kconfig-default-gids.patch diff --git a/3.8.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.8.6/4465_selinux-avc_audit-log-curr_ip.patch index 5b614b1..5b614b1 100644 --- a/3.8.5/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.8.6/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.8.5/4470_disable-compat_vdso.patch b/3.8.6/4470_disable-compat_vdso.patch index 1037ba9..1037ba9 100644 --- a/3.8.5/4470_disable-compat_vdso.patch +++ b/3.8.6/4470_disable-compat_vdso.patch |