diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-11-10 16:45:03 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-11-10 16:45:03 -0500 |
| commit | 43a058d7df0e468345a7325a82d45bc5234d641f (patch) | |
| tree | f90e180a34ae65f7c0f595e83daba0a9f1b8ab4b | |
| parent | grsecurity-3.1-4.2.5-201511081815 (diff) | |
| download | hardened-patchset-43a058d7df0e468345a7325a82d45bc5234d641f.tar.gz hardened-patchset-43a058d7df0e468345a7325a82d45bc5234d641f.tar.bz2 hardened-patchset-43a058d7df0e468345a7325a82d45bc5234d641f.zip | |
grsecurity-3.1-4.2.6-20151109204020151109
| -rw-r--r-- | 4.2.6/0000_README (renamed from 4.2.5/0000_README) | 6 | ||||
| -rw-r--r-- | 4.2.6/1005_linux-4.2.6.patch | 3380 | ||||
| -rw-r--r-- | 4.2.6/4420_grsecurity-3.1-4.2.6-201511092040.patch (renamed from 4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch) | 479 | ||||
| -rw-r--r-- | 4.2.6/4425_grsec_remove_EI_PAX.patch (renamed from 4.2.5/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.2.5/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4430_grsec-remove-localversion-grsec.patch (renamed from 4.2.5/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4435_grsec-mute-warnings.patch (renamed from 4.2.5/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4440_grsec-remove-protected-paths.patch (renamed from 4.2.5/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4450_grsec-kconfig-default-gids.patch (renamed from 4.2.5/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.2.5/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4470_disable-compat_vdso.patch (renamed from 4.2.5/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 4.2.6/4475_emutramp_default_on.patch (renamed from 4.2.5/4475_emutramp_default_on.patch) | 0 |
12 files changed, 3628 insertions, 237 deletions
diff --git a/4.2.5/0000_README b/4.2.6/0000_README index 7d29a1e..235ce67 100644 --- a/4.2.5/0000_README +++ b/4.2.6/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.2.5-201511081815.patch +Patch: 1005_linux-4.2.6.patch +From: http://www.kernel.org +Desc: Linux 4.2.6 + +Patch: 4420_grsecurity-3.1-4.2.6-201511092040.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.2.6/1005_linux-4.2.6.patch b/4.2.6/1005_linux-4.2.6.patch new file mode 100644 index 0000000..8a09a7b --- /dev/null +++ b/4.2.6/1005_linux-4.2.6.patch @@ -0,0 +1,3380 @@ +diff --git a/Makefile b/Makefile +index 96076dc..9ef3739 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 2 +-SUBLEVEL = 5 ++SUBLEVEL = 6 + EXTRAVERSION = + NAME = Hurr durr I'ma sheep + +diff --git a/arch/arm/boot/dts/am57xx-beagle-x15.dts b/arch/arm/boot/dts/am57xx-beagle-x15.dts +index a63bf78..03385fa 100644 +--- a/arch/arm/boot/dts/am57xx-beagle-x15.dts ++++ b/arch/arm/boot/dts/am57xx-beagle-x15.dts +@@ -415,11 +415,12 @@ + /* SMPS9 unused */ + + ldo1_reg: ldo1 { +- /* VDD_SD */ ++ /* VDD_SD / VDDSHV8 */ + regulator-name = "ldo1"; + regulator-min-microvolt = <1800000>; + regulator-max-microvolt = <3300000>; + regulator-boot-on; ++ regulator-always-on; + }; + + ldo2_reg: ldo2 { +diff --git a/arch/arm/boot/dts/armada-385-db-ap.dts b/arch/arm/boot/dts/armada-385-db-ap.dts +index 89f5a95..4047621 100644 +--- a/arch/arm/boot/dts/armada-385-db-ap.dts ++++ b/arch/arm/boot/dts/armada-385-db-ap.dts +@@ -46,7 +46,7 @@ + + / { + model = "Marvell Armada 385 Access Point Development Board"; +- compatible = "marvell,a385-db-ap", "marvell,armada385", "marvell,armada38x"; ++ compatible = "marvell,a385-db-ap", "marvell,armada385", "marvell,armada380"; + + chosen { + stdout-path = "serial1:115200n8"; +diff --git a/arch/arm/boot/dts/berlin2q.dtsi b/arch/arm/boot/dts/berlin2q.dtsi +index 63a4849..d4dbd28 100644 +--- a/arch/arm/boot/dts/berlin2q.dtsi ++++ b/arch/arm/boot/dts/berlin2q.dtsi +@@ -152,7 +152,7 @@ + }; + + usb_phy2: phy@a2f400 { +- compatible = "marvell,berlin2-usb-phy"; ++ compatible = "marvell,berlin2cd-usb-phy"; + reg = <0xa2f400 0x128>; + #phy-cells = <0>; + resets = <&chip_rst 0x104 14>; +@@ -170,7 +170,7 @@ + }; + + usb_phy0: phy@b74000 { +- compatible = "marvell,berlin2-usb-phy"; ++ compatible = "marvell,berlin2cd-usb-phy"; + reg = <0xb74000 0x128>; + #phy-cells = <0>; + resets = <&chip_rst 0x104 12>; +@@ -178,7 +178,7 @@ + }; + + usb_phy1: phy@b78000 { +- compatible = "marvell,berlin2-usb-phy"; ++ compatible = "marvell,berlin2cd-usb-phy"; + reg = <0xb78000 0x128>; + #phy-cells = <0>; + resets = <&chip_rst 0x104 13>; +diff --git a/arch/arm/boot/dts/exynos5420-peach-pit.dts b/arch/arm/boot/dts/exynos5420-peach-pit.dts +index 8f4d76c..1b95da7 100644 +--- a/arch/arm/boot/dts/exynos5420-peach-pit.dts ++++ b/arch/arm/boot/dts/exynos5420-peach-pit.dts +@@ -915,6 +915,11 @@ + }; + }; + ++&pmu_system_controller { ++ assigned-clocks = <&pmu_system_controller 0>; ++ assigned-clock-parents = <&clock CLK_FIN_PLL>; ++}; ++ + &rtc { + status = "okay"; + clocks = <&clock CLK_RTC>, <&max77802 MAX77802_CLK_32K_AP>; +diff --git a/arch/arm/boot/dts/exynos5800-peach-pi.dts b/arch/arm/boot/dts/exynos5800-peach-pi.dts +index 7d5b386..8f40c7e 100644 +--- a/arch/arm/boot/dts/exynos5800-peach-pi.dts ++++ b/arch/arm/boot/dts/exynos5800-peach-pi.dts +@@ -878,6 +878,11 @@ + }; + }; + ++&pmu_system_controller { ++ assigned-clocks = <&pmu_system_controller 0>; ++ assigned-clock-parents = <&clock CLK_FIN_PLL>; ++}; ++ + &rtc { + status = "okay"; + clocks = <&clock CLK_RTC>, <&max77802 MAX77802_CLK_32K_AP>; +diff --git a/arch/arm/boot/dts/imx7d.dtsi b/arch/arm/boot/dts/imx7d.dtsi +index c42cf8d..9accbae 100644 +--- a/arch/arm/boot/dts/imx7d.dtsi ++++ b/arch/arm/boot/dts/imx7d.dtsi +@@ -340,10 +340,10 @@ + status = "disabled"; + }; + +- uart2: serial@30870000 { ++ uart2: serial@30890000 { + compatible = "fsl,imx7d-uart", + "fsl,imx6q-uart"; +- reg = <0x30870000 0x10000>; ++ reg = <0x30890000 0x10000>; + interrupts = <GIC_SPI 27 IRQ_TYPE_LEVEL_HIGH>; + clocks = <&clks IMX7D_UART2_ROOT_CLK>, + <&clks IMX7D_UART2_ROOT_CLK>; +diff --git a/arch/arm/boot/dts/ste-hrefv60plus.dtsi b/arch/arm/boot/dts/ste-hrefv60plus.dtsi +index 810cda7..9c2387b 100644 +--- a/arch/arm/boot/dts/ste-hrefv60plus.dtsi ++++ b/arch/arm/boot/dts/ste-hrefv60plus.dtsi +@@ -56,7 +56,7 @@ + /* VMMCI level-shifter enable */ + default_hrefv60_cfg2 { + pins = "GPIO169_D22"; +- ste,config = <&gpio_out_lo>; ++ ste,config = <&gpio_out_hi>; + }; + /* VMMCI level-shifter voltage select */ + default_hrefv60_cfg3 { +diff --git a/arch/arm/kvm/Kconfig b/arch/arm/kvm/Kconfig +index bfb915d..dd5fc1e 100644 +--- a/arch/arm/kvm/Kconfig ++++ b/arch/arm/kvm/Kconfig +@@ -21,6 +21,7 @@ config KVM + depends on MMU && OF + select PREEMPT_NOTIFIERS + select ANON_INODES ++ select ARM_GIC + select HAVE_KVM_CPU_RELAX_INTERCEPT + select HAVE_KVM_ARCH_TLB_FLUSH_ALL + select KVM_MMIO +diff --git a/arch/arm/mach-exynos/pm_domains.c b/arch/arm/mach-exynos/pm_domains.c +index 4a87e86..7c21760 100644 +--- a/arch/arm/mach-exynos/pm_domains.c ++++ b/arch/arm/mach-exynos/pm_domains.c +@@ -200,15 +200,15 @@ no_clk: + args.args_count = 0; + child_domain = of_genpd_get_from_provider(&args); + if (IS_ERR(child_domain)) +- goto next_pd; ++ continue; + + if (of_parse_phandle_with_args(np, "power-domains", + "#power-domain-cells", 0, &args) != 0) +- goto next_pd; ++ continue; + + parent_domain = of_genpd_get_from_provider(&args); + if (IS_ERR(parent_domain)) +- goto next_pd; ++ continue; + + if (pm_genpd_add_subdomain(parent_domain, child_domain)) + pr_warn("%s failed to add subdomain: %s\n", +@@ -216,8 +216,6 @@ no_clk: + else + pr_info("%s has as child subdomain: %s.\n", + parent_domain->name, child_domain->name); +-next_pd: +- of_node_put(np); + } + + return 0; +diff --git a/arch/arm/plat-orion/common.c b/arch/arm/plat-orion/common.c +index 2235081..8861c36 100644 +--- a/arch/arm/plat-orion/common.c ++++ b/arch/arm/plat-orion/common.c +@@ -495,7 +495,7 @@ void __init orion_ge00_switch_init(struct dsa_platform_data *d, int irq) + + d->netdev = &orion_ge00.dev; + for (i = 0; i < d->nr_chips; i++) +- d->chip[i].host_dev = &orion_ge00_shared.dev; ++ d->chip[i].host_dev = &orion_ge_mvmdio.dev; + orion_switch_device.dev.platform_data = d; + + platform_device_register(&orion_switch_device); +diff --git a/arch/arm/vdso/vdsomunge.c b/arch/arm/vdso/vdsomunge.c +index aedec81..f645527 100644 +--- a/arch/arm/vdso/vdsomunge.c ++++ b/arch/arm/vdso/vdsomunge.c +@@ -45,7 +45,6 @@ + * it does. + */ + +-#include <byteswap.h> + #include <elf.h> + #include <errno.h> + #include <fcntl.h> +@@ -59,6 +58,16 @@ + #include <sys/types.h> + #include <unistd.h> + ++#define swab16(x) \ ++ ((((x) & 0x00ff) << 8) | \ ++ (((x) & 0xff00) >> 8)) ++ ++#define swab32(x) \ ++ ((((x) & 0x000000ff) << 24) | \ ++ (((x) & 0x0000ff00) << 8) | \ ++ (((x) & 0x00ff0000) >> 8) | \ ++ (((x) & 0xff000000) >> 24)) ++ + #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + #define HOST_ORDER ELFDATA2LSB + #elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +@@ -104,17 +113,17 @@ static void cleanup(void) + + static Elf32_Word read_elf_word(Elf32_Word word, bool swap) + { +- return swap ? bswap_32(word) : word; ++ return swap ? swab32(word) : word; + } + + static Elf32_Half read_elf_half(Elf32_Half half, bool swap) + { +- return swap ? bswap_16(half) : half; ++ return swap ? swab16(half) : half; + } + + static void write_elf_word(Elf32_Word val, Elf32_Word *dst, bool swap) + { +- *dst = swap ? bswap_32(val) : val; ++ *dst = swap ? swab32(val) : val; + } + + int main(int argc, char **argv) +diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c +index 7922c2e..7ac3920 100644 +--- a/arch/arm64/kernel/armv8_deprecated.c ++++ b/arch/arm64/kernel/armv8_deprecated.c +@@ -279,22 +279,24 @@ static void register_insn_emulation_sysctl(struct ctl_table *table) + */ + #define __user_swpX_asm(data, addr, res, temp, B) \ + __asm__ __volatile__( \ +- " mov %w2, %w1\n" \ +- "0: ldxr"B" %w1, [%3]\n" \ +- "1: stxr"B" %w0, %w2, [%3]\n" \ ++ "0: ldxr"B" %w2, [%3]\n" \ ++ "1: stxr"B" %w0, %w1, [%3]\n" \ + " cbz %w0, 2f\n" \ + " mov %w0, %w4\n" \ ++ " b 3f\n" \ + "2:\n" \ ++ " mov %w1, %w2\n" \ ++ "3:\n" \ + " .pushsection .fixup,\"ax\"\n" \ + " .align 2\n" \ +- "3: mov %w0, %w5\n" \ +- " b 2b\n" \ ++ "4: mov %w0, %w5\n" \ ++ " b 3b\n" \ + " .popsection" \ + " .pushsection __ex_table,\"a\"\n" \ + " .align 3\n" \ +- " .quad 0b, 3b\n" \ +- " .quad 1b, 3b\n" \ +- " .popsection" \ ++ " .quad 0b, 4b\n" \ ++ " .quad 1b, 4b\n" \ ++ " .popsection\n" \ + : "=&r" (res), "+r" (data), "=&r" (temp) \ + : "r" (addr), "i" (-EAGAIN), "i" (-EFAULT) \ + : "memory") +diff --git a/arch/arm64/kernel/stacktrace.c b/arch/arm64/kernel/stacktrace.c +index 407991b..ccb6078 100644 +--- a/arch/arm64/kernel/stacktrace.c ++++ b/arch/arm64/kernel/stacktrace.c +@@ -48,11 +48,7 @@ int notrace unwind_frame(struct stackframe *frame) + + frame->sp = fp + 0x10; + frame->fp = *(unsigned long *)(fp); +- /* +- * -4 here because we care about the PC at time of bl, +- * not where the return will go. +- */ +- frame->pc = *(unsigned long *)(fp + 8) - 4; ++ frame->pc = *(unsigned long *)(fp + 8); + + return 0; + } +diff --git a/arch/arm64/kernel/suspend.c b/arch/arm64/kernel/suspend.c +index 8297d50..44ca414 100644 +--- a/arch/arm64/kernel/suspend.c ++++ b/arch/arm64/kernel/suspend.c +@@ -80,17 +80,21 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + if (ret == 0) { + /* + * We are resuming from reset with TTBR0_EL1 set to the +- * idmap to enable the MMU; restore the active_mm mappings in +- * TTBR0_EL1 unless the active_mm == &init_mm, in which case +- * the thread entered cpu_suspend with TTBR0_EL1 set to +- * reserved TTBR0 page tables and should be restored as such. ++ * idmap to enable the MMU; set the TTBR0 to the reserved ++ * page tables to prevent speculative TLB allocations, flush ++ * the local tlb and set the default tcr_el1.t0sz so that ++ * the TTBR0 address space set-up is properly restored. ++ * If the current active_mm != &init_mm we entered cpu_suspend ++ * with mappings in TTBR0 that must be restored, so we switch ++ * them back to complete the address space configuration ++ * restoration before returning. + */ +- if (mm == &init_mm) +- cpu_set_reserved_ttbr0(); +- else +- cpu_switch_mm(mm->pgd, mm); +- ++ cpu_set_reserved_ttbr0(); + flush_tlb_all(); ++ cpu_set_default_tcr_t0sz(); ++ ++ if (mm != &init_mm) ++ cpu_switch_mm(mm->pgd, mm); + + /* + * Restore per-cpu offset before any kernel +diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c +index caffb10..5607693 100644 +--- a/arch/powerpc/kernel/rtas.c ++++ b/arch/powerpc/kernel/rtas.c +@@ -1041,6 +1041,9 @@ asmlinkage int ppc_rtas(struct rtas_args __user *uargs) + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + ++ if (!rtas.entry) ++ return -EINVAL; ++ + if (copy_from_user(&args, uargs, 3 * sizeof(u32)) != 0) + return -EFAULT; + +diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c +index 557232f..5610b18 100644 +--- a/arch/um/kernel/trap.c ++++ b/arch/um/kernel/trap.c +@@ -220,7 +220,7 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user, + show_regs(container_of(regs, struct pt_regs, regs)); + panic("Segfault with no mm"); + } +- else if (!is_user && address < TASK_SIZE) { ++ else if (!is_user && address > PAGE_SIZE && address < TASK_SIZE) { + show_regs(container_of(regs, struct pt_regs, regs)); + panic("Kernel tried to access user memory at addr 0x%lx, ip 0x%lx", + address, ip); +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index 7d69afd..16edc0f 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -667,6 +667,7 @@ setup_gop32(struct screen_info *si, efi_guid_t *proto, + bool conout_found = false; + void *dummy = NULL; + u32 h = handles[i]; ++ u32 current_fb_base; + + status = efi_call_early(handle_protocol, h, + proto, (void **)&gop32); +@@ -678,7 +679,7 @@ setup_gop32(struct screen_info *si, efi_guid_t *proto, + if (status == EFI_SUCCESS) + conout_found = true; + +- status = __gop_query32(gop32, &info, &size, &fb_base); ++ status = __gop_query32(gop32, &info, &size, ¤t_fb_base); + if (status == EFI_SUCCESS && (!first_gop || conout_found)) { + /* + * Systems that use the UEFI Console Splitter may +@@ -692,6 +693,7 @@ setup_gop32(struct screen_info *si, efi_guid_t *proto, + pixel_format = info->pixel_format; + pixel_info = info->pixel_information; + pixels_per_scan_line = info->pixels_per_scan_line; ++ fb_base = current_fb_base; + + /* + * Once we've found a GOP supporting ConOut, +@@ -770,6 +772,7 @@ setup_gop64(struct screen_info *si, efi_guid_t *proto, + bool conout_found = false; + void *dummy = NULL; + u64 h = handles[i]; ++ u32 current_fb_base; + + status = efi_call_early(handle_protocol, h, + proto, (void **)&gop64); +@@ -781,7 +784,7 @@ setup_gop64(struct screen_info *si, efi_guid_t *proto, + if (status == EFI_SUCCESS) + conout_found = true; + +- status = __gop_query64(gop64, &info, &size, &fb_base); ++ status = __gop_query64(gop64, &info, &size, ¤t_fb_base); + if (status == EFI_SUCCESS && (!first_gop || conout_found)) { + /* + * Systems that use the UEFI Console Splitter may +@@ -795,6 +798,7 @@ setup_gop64(struct screen_info *si, efi_guid_t *proto, + pixel_format = info->pixel_format; + pixel_info = info->pixel_information; + pixels_per_scan_line = info->pixels_per_scan_line; ++ fb_base = current_fb_base; + + /* + * Once we've found a GOP supporting ConOut, +diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c +index 5880b48..11b46d9 100644 +--- a/arch/x86/kernel/apic/io_apic.c ++++ b/arch/x86/kernel/apic/io_apic.c +@@ -2547,7 +2547,9 @@ void __init setup_ioapic_dest(void) + mask = apic->target_cpus(); + + chip = irq_data_get_irq_chip(idata); +- chip->irq_set_affinity(idata, mask, false); ++ /* Might be lapic_chip for irq 0 */ ++ if (chip->irq_set_affinity) ++ chip->irq_set_affinity(idata, mask, false); + } + } + #endif +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c +index 777ad2f..3cebc65 100644 +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -33,7 +33,7 @@ + #include <linux/memblock.h> + #include <linux/edd.h> + +-#ifdef CONFIG_KEXEC_CORE ++#ifdef CONFIG_KEXEC + #include <linux/kexec.h> + #endif + +@@ -1804,7 +1804,7 @@ static struct notifier_block xen_hvm_cpu_notifier = { + .notifier_call = xen_hvm_cpu_notify, + }; + +-#ifdef CONFIG_KEXEC_CORE ++#ifdef CONFIG_KEXEC + static void xen_hvm_shutdown(void) + { + native_machine_shutdown(); +@@ -1838,7 +1838,7 @@ static void __init xen_hvm_guest_init(void) + x86_init.irqs.intr_init = xen_init_IRQ; + xen_hvm_init_time_ops(); + xen_hvm_init_mmu_ops(); +-#ifdef CONFIG_KEXEC_CORE ++#ifdef CONFIG_KEXEC + machine_ops.shutdown = xen_hvm_shutdown; + machine_ops.crash_shutdown = xen_hvm_crash_shutdown; + #endif +diff --git a/block/blk-core.c b/block/blk-core.c +index 627ed0c..1955ed3 100644 +--- a/block/blk-core.c ++++ b/block/blk-core.c +@@ -578,7 +578,7 @@ void blk_cleanup_queue(struct request_queue *q) + q->queue_lock = &q->__queue_lock; + spin_unlock_irq(lock); + +- bdi_destroy(&q->backing_dev_info); ++ bdi_unregister(&q->backing_dev_info); + + /* @q is and will stay empty, shutdown and put */ + blk_put_queue(q); +diff --git a/block/blk-mq-tag.c b/block/blk-mq-tag.c +index 9115c6d..2735198 100644 +--- a/block/blk-mq-tag.c ++++ b/block/blk-mq-tag.c +@@ -628,6 +628,7 @@ void blk_mq_free_tags(struct blk_mq_tags *tags) + { + bt_free(&tags->bitmap_tags); + bt_free(&tags->breserved_tags); ++ free_cpumask_var(tags->cpumask); + kfree(tags); + } + +diff --git a/block/blk-mq.c b/block/blk-mq.c +index c699026..4d6ff52 100644 +--- a/block/blk-mq.c ++++ b/block/blk-mq.c +@@ -2263,10 +2263,8 @@ void blk_mq_free_tag_set(struct blk_mq_tag_set *set) + int i; + + for (i = 0; i < set->nr_hw_queues; i++) { +- if (set->tags[i]) { ++ if (set->tags[i]) + blk_mq_free_rq_map(set, set->tags[i], i); +- free_cpumask_var(set->tags[i]->cpumask); +- } + } + + kfree(set->tags); +diff --git a/block/blk-sysfs.c b/block/blk-sysfs.c +index 6264b38..145ddb6 100644 +--- a/block/blk-sysfs.c ++++ b/block/blk-sysfs.c +@@ -502,6 +502,7 @@ static void blk_release_queue(struct kobject *kobj) + struct request_queue *q = + container_of(kobj, struct request_queue, kobj); + ++ bdi_exit(&q->backing_dev_info); + blkcg_exit_queue(q); + + if (q->elevator) { +diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c +index b788f16..b4ffc5b 100644 +--- a/crypto/ablkcipher.c ++++ b/crypto/ablkcipher.c +@@ -706,7 +706,7 @@ struct crypto_ablkcipher *crypto_alloc_ablkcipher(const char *alg_name, + err: + if (err != -EAGAIN) + break; +- if (signal_pending(current)) { ++ if (fatal_signal_pending(current)) { + err = -EINTR; + break; + } +diff --git a/crypto/algapi.c b/crypto/algapi.c +index 3c079b7..b603b34 100644 +--- a/crypto/algapi.c ++++ b/crypto/algapi.c +@@ -335,7 +335,7 @@ static void crypto_wait_for_test(struct crypto_larval *larval) + crypto_alg_tested(larval->alg.cra_driver_name, 0); + } + +- err = wait_for_completion_interruptible(&larval->completion); ++ err = wait_for_completion_killable(&larval->completion); + WARN_ON(err); + + out: +diff --git a/crypto/api.c b/crypto/api.c +index afe4610..bbc147c 100644 +--- a/crypto/api.c ++++ b/crypto/api.c +@@ -172,7 +172,7 @@ static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg) + struct crypto_larval *larval = (void *)alg; + long timeout; + +- timeout = wait_for_completion_interruptible_timeout( ++ timeout = wait_for_completion_killable_timeout( + &larval->completion, 60 * HZ); + + alg = larval->adult; +@@ -445,7 +445,7 @@ struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask) + err: + if (err != -EAGAIN) + break; +- if (signal_pending(current)) { ++ if (fatal_signal_pending(current)) { + err = -EINTR; + break; + } +@@ -562,7 +562,7 @@ void *crypto_alloc_tfm(const char *alg_name, + err: + if (err != -EAGAIN) + break; +- if (signal_pending(current)) { ++ if (fatal_signal_pending(current)) { + err = -EINTR; + break; + } +diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c +index 08ea286..d59fb4e 100644 +--- a/crypto/crypto_user.c ++++ b/crypto/crypto_user.c +@@ -376,7 +376,7 @@ static struct crypto_alg *crypto_user_skcipher_alg(const char *name, u32 type, + err = PTR_ERR(alg); + if (err != -EAGAIN) + break; +- if (signal_pending(current)) { ++ if (fatal_signal_pending(current)) { + err = -EINTR; + break; + } +diff --git a/drivers/block/nvme-core.c b/drivers/block/nvme-core.c +index 7920c27..cf91c11 100644 +--- a/drivers/block/nvme-core.c ++++ b/drivers/block/nvme-core.c +@@ -597,6 +597,7 @@ static void req_completion(struct nvme_queue *nvmeq, void *ctx, + struct nvme_iod *iod = ctx; + struct request *req = iod_get_private(iod); + struct nvme_cmd_info *cmd_rq = blk_mq_rq_to_pdu(req); ++ bool requeue = false; + + u16 status = le16_to_cpup(&cqe->status) >> 1; + +@@ -605,12 +606,13 @@ static void req_completion(struct nvme_queue *nvmeq, void *ctx, + && (jiffies - req->start_time) < req->timeout) { + unsigned long flags; + ++ requeue = true; + blk_mq_requeue_request(req); + spin_lock_irqsave(req->q->queue_lock, flags); + if (!blk_queue_stopped(req->q)) + blk_mq_kick_requeue_list(req->q); + spin_unlock_irqrestore(req->q->queue_lock, flags); +- return; ++ goto release_iod; + } + if (req->cmd_type == REQ_TYPE_DRV_PRIV) { + if (cmd_rq->ctx == CMD_CTX_CANCELLED) +@@ -631,7 +633,7 @@ static void req_completion(struct nvme_queue *nvmeq, void *ctx, + dev_warn(nvmeq->dev->dev, + "completing aborted command with status:%04x\n", + status); +- ++ release_iod: + if (iod->nents) { + dma_unmap_sg(nvmeq->dev->dev, iod->sg, iod->nents, + rq_data_dir(req) ? DMA_TO_DEVICE : DMA_FROM_DEVICE); +@@ -644,7 +646,8 @@ static void req_completion(struct nvme_queue *nvmeq, void *ctx, + } + nvme_free_iod(nvmeq->dev, iod); + +- blk_mq_complete_request(req); ++ if (likely(!requeue)) ++ blk_mq_complete_request(req); + } + + /* length is in bytes. gfp flags indicates whether we may sleep. */ +@@ -1764,7 +1767,7 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio) + + length = (io.nblocks + 1) << ns->lba_shift; + meta_len = (io.nblocks + 1) * ns->ms; +- metadata = (void __user *)(unsigned long)io.metadata; ++ metadata = (void __user *)(uintptr_t)io.metadata; + write = io.opcode & 1; + + if (ns->ext) { +@@ -1804,7 +1807,7 @@ static int nvme_submit_io(struct nvme_ns *ns, struct nvme_user_io __user *uio) + c.rw.metadata = cpu_to_le64(meta_dma); + + status = __nvme_submit_sync_cmd(ns->queue, &c, NULL, +- (void __user *)io.addr, length, NULL, 0); ++ (void __user *)(uintptr_t)io.addr, length, NULL, 0); + unmap: + if (meta) { + if (status == NVME_SC_SUCCESS && !write) { +@@ -1846,7 +1849,7 @@ static int nvme_user_cmd(struct nvme_dev *dev, struct nvme_ns *ns, + timeout = msecs_to_jiffies(cmd.timeout_ms); + + status = __nvme_submit_sync_cmd(ns ? ns->queue : dev->admin_q, &c, +- NULL, (void __user *)cmd.addr, cmd.data_len, ++ NULL, (void __user *)(uintptr_t)cmd.addr, cmd.data_len, + &cmd.result, timeout); + if (status >= 0) { + if (put_user(cmd.result, &ucmd->result)) +diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c +index 324bf35..017b7d5 100644 +--- a/drivers/block/rbd.c ++++ b/drivers/block/rbd.c +@@ -96,6 +96,8 @@ static int atomic_dec_return_safe(atomic_t *v) + #define RBD_MINORS_PER_MAJOR 256 + #define RBD_SINGLE_MAJOR_PART_SHIFT 4 + ++#define RBD_MAX_PARENT_CHAIN_LEN 16 ++ + #define RBD_SNAP_DEV_NAME_PREFIX "snap_" + #define RBD_MAX_SNAP_NAME_LEN \ + (NAME_MAX - (sizeof (RBD_SNAP_DEV_NAME_PREFIX) - 1)) +@@ -426,7 +428,7 @@ static ssize_t rbd_add_single_major(struct bus_type *bus, const char *buf, + size_t count); + static ssize_t rbd_remove_single_major(struct bus_type *bus, const char *buf, + size_t count); +-static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping); ++static int rbd_dev_image_probe(struct rbd_device *rbd_dev, int depth); + static void rbd_spec_put(struct rbd_spec *spec); + + static int rbd_dev_id_to_minor(int dev_id) +@@ -3819,6 +3821,9 @@ static int rbd_init_disk(struct rbd_device *rbd_dev) + q->limits.discard_zeroes_data = 1; + + blk_queue_merge_bvec(q, rbd_merge_bvec); ++ if (!ceph_test_opt(rbd_dev->rbd_client->client, NOCRC)) ++ q->backing_dev_info.capabilities |= BDI_CAP_STABLE_WRITES; ++ + disk->queue = q; + + q->queuedata = rbd_dev; +@@ -5169,44 +5174,51 @@ out_err: + return ret; + } + +-static int rbd_dev_probe_parent(struct rbd_device *rbd_dev) ++/* ++ * @depth is rbd_dev_image_probe() -> rbd_dev_probe_parent() -> ++ * rbd_dev_image_probe() recursion depth, which means it's also the ++ * length of the already discovered part of the parent chain. ++ */ ++static int rbd_dev_probe_parent(struct rbd_device *rbd_dev, int depth) + { + struct rbd_device *parent = NULL; +- struct rbd_spec *parent_spec; +- struct rbd_client *rbdc; + int ret; + + if (!rbd_dev->parent_spec) + return 0; +- /* +- * We need to pass a reference to the client and the parent +- * spec when creating the parent rbd_dev. Images related by +- * parent/child relationships always share both. +- */ +- parent_spec = rbd_spec_get(rbd_dev->parent_spec); +- rbdc = __rbd_get_client(rbd_dev->rbd_client); + +- ret = -ENOMEM; +- parent = rbd_dev_create(rbdc, parent_spec, NULL); +- if (!parent) ++ if (++depth > RBD_MAX_PARENT_CHAIN_LEN) { ++ pr_info("parent chain is too long (%d)\n", depth); ++ ret = -EINVAL; + goto out_err; ++ } + +- ret = rbd_dev_image_probe(parent, false); ++ parent = rbd_dev_create(rbd_dev->rbd_client, rbd_dev->parent_spec, ++ NULL); ++ if (!parent) { ++ ret = -ENOMEM; ++ goto out_err; ++ } ++ ++ /* ++ * Images related by parent/child relationships always share ++ * rbd_client and spec/parent_spec, so bump their refcounts. ++ */ ++ __rbd_get_client(rbd_dev->rbd_client); ++ rbd_spec_get(rbd_dev->parent_spec); ++ ++ ret = rbd_dev_image_probe(parent, depth); + if (ret < 0) + goto out_err; ++ + rbd_dev->parent = parent; + atomic_set(&rbd_dev->parent_ref, 1); +- + return 0; ++ + out_err: +- if (parent) { +- rbd_dev_unparent(rbd_dev); ++ rbd_dev_unparent(rbd_dev); ++ if (parent) + rbd_dev_destroy(parent); +- } else { +- rbd_put_client(rbdc); +- rbd_spec_put(parent_spec); +- } +- + return ret; + } + +@@ -5324,7 +5336,7 @@ static void rbd_dev_image_release(struct rbd_device *rbd_dev) + * parent), initiate a watch on its header object before using that + * object to get detailed information about the rbd image. + */ +-static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping) ++static int rbd_dev_image_probe(struct rbd_device *rbd_dev, int depth) + { + int ret; + +@@ -5342,7 +5354,7 @@ static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping) + if (ret) + goto err_out_format; + +- if (mapping) { ++ if (!depth) { + ret = rbd_dev_header_watch_sync(rbd_dev); + if (ret) { + if (ret == -ENOENT) +@@ -5363,7 +5375,7 @@ static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping) + * Otherwise this is a parent image, identified by pool, image + * and snap ids - need to fill in names for those ids. + */ +- if (mapping) ++ if (!depth) + ret = rbd_spec_fill_snap_id(rbd_dev); + else + ret = rbd_spec_fill_names(rbd_dev); +@@ -5385,12 +5397,12 @@ static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping) + * Need to warn users if this image is the one being + * mapped and has a parent. + */ +- if (mapping && rbd_dev->parent_spec) ++ if (!depth && rbd_dev->parent_spec) + rbd_warn(rbd_dev, + "WARNING: kernel layering is EXPERIMENTAL!"); + } + +- ret = rbd_dev_probe_parent(rbd_dev); ++ ret = rbd_dev_probe_parent(rbd_dev, depth); + if (ret) + goto err_out_probe; + +@@ -5401,7 +5413,7 @@ static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping) + err_out_probe: + rbd_dev_unprobe(rbd_dev); + err_out_watch: +- if (mapping) ++ if (!depth) + rbd_dev_header_unwatch_sync(rbd_dev); + out_header_name: + kfree(rbd_dev->header_name); +@@ -5464,7 +5476,7 @@ static ssize_t do_rbd_add(struct bus_type *bus, + spec = NULL; /* rbd_dev now owns this */ + rbd_opts = NULL; /* rbd_dev now owns this */ + +- rc = rbd_dev_image_probe(rbd_dev, true); ++ rc = rbd_dev_image_probe(rbd_dev, 0); + if (rc < 0) + goto err_out_rbd_dev; + +diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c +index 7a8a73f..d68b08a 100644 +--- a/drivers/block/xen-blkfront.c ++++ b/drivers/block/xen-blkfront.c +@@ -1984,7 +1984,8 @@ static void blkback_changed(struct xenbus_device *dev, + break; + /* Missed the backend's Closing state -- fallthrough */ + case XenbusStateClosing: +- blkfront_closing(info); ++ if (info) ++ blkfront_closing(info); + break; + } + } +diff --git a/drivers/bus/arm-ccn.c b/drivers/bus/arm-ccn.c +index 7d9879e..395cb7f 100644 +--- a/drivers/bus/arm-ccn.c ++++ b/drivers/bus/arm-ccn.c +@@ -1188,7 +1188,8 @@ static int arm_ccn_pmu_cpu_notifier(struct notifier_block *nb, + break; + perf_pmu_migrate_context(&dt->pmu, cpu, target); + cpumask_set_cpu(target, &dt->cpu); +- WARN_ON(irq_set_affinity(ccn->irq, &dt->cpu) != 0); ++ if (ccn->irq) ++ WARN_ON(irq_set_affinity(ccn->irq, &dt->cpu) != 0); + default: + break; + } +diff --git a/drivers/clk/clkdev.c b/drivers/clk/clkdev.c +index c0eaf09..779b6ff 100644 +--- a/drivers/clk/clkdev.c ++++ b/drivers/clk/clkdev.c +@@ -333,7 +333,8 @@ int clk_add_alias(const char *alias, const char *alias_dev_name, + if (IS_ERR(r)) + return PTR_ERR(r); + +- l = clkdev_create(r, alias, "%s", alias_dev_name); ++ l = clkdev_create(r, alias, alias_dev_name ? "%s" : NULL, ++ alias_dev_name); + clk_put(r); + + return l ? 0 : -ENODEV; +diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c +index fcb929e..aba2117 100644 +--- a/drivers/cpufreq/intel_pstate.c ++++ b/drivers/cpufreq/intel_pstate.c +@@ -766,6 +766,11 @@ static inline void intel_pstate_sample(struct cpudata *cpu) + local_irq_save(flags); + rdmsrl(MSR_IA32_APERF, aperf); + rdmsrl(MSR_IA32_MPERF, mperf); ++ if (cpu->prev_mperf == mperf) { ++ local_irq_restore(flags); ++ return; ++ } ++ + tsc = native_read_tsc(); + local_irq_restore(flags); + +diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c +index ca78311..91cf710 100644 +--- a/drivers/edac/sb_edac.c ++++ b/drivers/edac/sb_edac.c +@@ -1648,6 +1648,7 @@ static int sbridge_mci_bind_devs(struct mem_ctl_info *mci, + { + struct sbridge_pvt *pvt = mci->pvt_info; + struct pci_dev *pdev; ++ u8 saw_chan_mask = 0; + int i; + + for (i = 0; i < sbridge_dev->n_devs; i++) { +@@ -1681,6 +1682,7 @@ static int sbridge_mci_bind_devs(struct mem_ctl_info *mci, + { + int id = pdev->device - PCI_DEVICE_ID_INTEL_SBRIDGE_IMC_TAD0; + pvt->pci_tad[id] = pdev; ++ saw_chan_mask |= 1 << id; + } + break; + case PCI_DEVICE_ID_INTEL_SBRIDGE_IMC_DDRIO: +@@ -1701,10 +1703,8 @@ static int sbridge_mci_bind_devs(struct mem_ctl_info *mci, + !pvt-> pci_tad || !pvt->pci_ras || !pvt->pci_ta) + goto enodev; + +- for (i = 0; i < NUM_CHANNELS; i++) { +- if (!pvt->pci_tad[i]) +- goto enodev; +- } ++ if (saw_chan_mask != 0x0f) ++ goto enodev; + return 0; + + enodev: +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h +index f7b49d5c..e3305a5 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h +@@ -1583,6 +1583,7 @@ struct amdgpu_pm { + u8 fan_max_rpm; + /* dpm */ + bool dpm_enabled; ++ bool sysfs_initialized; + struct amdgpu_dpm dpm; + const struct firmware *fw; /* SMC firmware */ + uint32_t fw_version; +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c +index ed13baa..91c7556 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c +@@ -693,6 +693,9 @@ int amdgpu_pm_sysfs_init(struct amdgpu_device *adev) + { + int ret; + ++ if (adev->pm.sysfs_initialized) ++ return 0; ++ + if (adev->pm.funcs->get_temperature == NULL) + return 0; + adev->pm.int_hwmon_dev = hwmon_device_register_with_groups(adev->dev, +@@ -721,6 +724,8 @@ int amdgpu_pm_sysfs_init(struct amdgpu_device *adev) + return ret; + } + ++ adev->pm.sysfs_initialized = true; ++ + return 0; + } + +diff --git a/drivers/gpu/drm/amd/amdgpu/kv_dpm.c b/drivers/gpu/drm/amd/amdgpu/kv_dpm.c +index 9745ed3..7e9154c 100644 +--- a/drivers/gpu/drm/amd/amdgpu/kv_dpm.c ++++ b/drivers/gpu/drm/amd/amdgpu/kv_dpm.c +@@ -2997,6 +2997,9 @@ static int kv_dpm_late_init(void *handle) + struct amdgpu_device *adev = (struct amdgpu_device *)handle; + int ret; + ++ if (!amdgpu_dpm) ++ return 0; ++ + /* init the sysfs and debugfs files late */ + ret = amdgpu_pm_sysfs_init(adev); + if (ret) +diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c +index fed7483..4e8d72d 100644 +--- a/drivers/gpu/drm/drm_crtc.c ++++ b/drivers/gpu/drm/drm_crtc.c +@@ -4221,7 +4221,7 @@ drm_property_create_blob(struct drm_device *dev, size_t length, + struct drm_property_blob *blob; + int ret; + +- if (!length) ++ if (!length || length > ULONG_MAX - sizeof(struct drm_property_blob)) + return ERR_PTR(-EINVAL); + + blob = kzalloc(sizeof(struct drm_property_blob)+length, GFP_KERNEL); +@@ -4573,7 +4573,7 @@ int drm_mode_createblob_ioctl(struct drm_device *dev, + * not associated with any file_priv. */ + mutex_lock(&dev->mode_config.blob_lock); + out_resp->blob_id = blob->base.id; +- list_add_tail(&file_priv->blobs, &blob->head_file); ++ list_add_tail(&blob->head_file, &file_priv->blobs); + mutex_unlock(&dev->mode_config.blob_lock); + + return 0; +diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c +index 27a2426..1f94219 100644 +--- a/drivers/gpu/drm/drm_dp_mst_topology.c ++++ b/drivers/gpu/drm/drm_dp_mst_topology.c +@@ -1193,17 +1193,18 @@ static struct drm_dp_mst_branch *drm_dp_get_mst_branch_device(struct drm_dp_mst_ + + list_for_each_entry(port, &mstb->ports, next) { + if (port->port_num == port_num) { +- if (!port->mstb) { ++ mstb = port->mstb; ++ if (!mstb) { + DRM_ERROR("failed to lookup MSTB with lct %d, rad %02x\n", lct, rad[0]); +- return NULL; ++ goto out; + } + +- mstb = port->mstb; + break; + } + } + } + kref_get(&mstb->kref); ++out: + mutex_unlock(&mgr->lock); + return mstb; + } +diff --git a/drivers/gpu/drm/i915/i915_gem_userptr.c b/drivers/gpu/drm/i915/i915_gem_userptr.c +index 8fd431b..a96b900 100644 +--- a/drivers/gpu/drm/i915/i915_gem_userptr.c ++++ b/drivers/gpu/drm/i915/i915_gem_userptr.c +@@ -804,7 +804,10 @@ static const struct drm_i915_gem_object_ops i915_gem_userptr_ops = { + * Also note, that the object created here is not currently a "first class" + * object, in that several ioctls are banned. These are the CPU access + * ioctls: mmap(), pwrite and pread. In practice, you are expected to use +- * direct access via your pointer rather than use those ioctls. ++ * direct access via your pointer rather than use those ioctls. Another ++ * restriction is that we do not allow userptr surfaces to be pinned to the ++ * hardware and so we reject any attempt to create a framebuffer out of a ++ * userptr. + * + * If you think this is a good interface to use to pass GPU memory between + * drivers, please use dma-buf instead. In fact, wherever possible use +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c +index 107c6c0..10b1b65 100644 +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -1729,6 +1729,8 @@ static void i9xx_enable_pll(struct intel_crtc *crtc) + I915_READ(DPLL(!crtc->pipe)) | DPLL_DVO_2X_MODE); + } + ++ I915_WRITE(reg, dpll); ++ + /* Wait for the clocks to stabilize. */ + POSTING_READ(reg); + udelay(150); +@@ -14070,6 +14072,11 @@ static int intel_user_framebuffer_create_handle(struct drm_framebuffer *fb, + struct intel_framebuffer *intel_fb = to_intel_framebuffer(fb); + struct drm_i915_gem_object *obj = intel_fb->obj; + ++ if (obj->userptr.mm) { ++ DRM_DEBUG("attempting to use a userptr for a framebuffer, denied\n"); ++ return -EINVAL; ++ } ++ + return drm_gem_handle_create(file, &obj->base, handle); + } + +diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c +index 7f2161a..504728b 100644 +--- a/drivers/gpu/drm/i915/intel_lrc.c ++++ b/drivers/gpu/drm/i915/intel_lrc.c +@@ -1250,6 +1250,7 @@ static int gen8_emit_flush_render(struct intel_ringbuffer *ringbuf, + if (flush_domains) { + flags |= PIPE_CONTROL_RENDER_TARGET_CACHE_FLUSH; + flags |= PIPE_CONTROL_DEPTH_CACHE_FLUSH; ++ flags |= PIPE_CONTROL_FLUSH_ENABLE; + } + + if (invalidate_domains) { +diff --git a/drivers/gpu/drm/i915/intel_ringbuffer.c b/drivers/gpu/drm/i915/intel_ringbuffer.c +index 3817a6f..ba672aa 100644 +--- a/drivers/gpu/drm/i915/intel_ringbuffer.c ++++ b/drivers/gpu/drm/i915/intel_ringbuffer.c +@@ -342,6 +342,7 @@ gen7_render_ring_flush(struct intel_engine_cs *ring, + if (flush_domains) { + flags |= PIPE_CONTROL_RENDER_TARGET_CACHE_FLUSH; + flags |= PIPE_CONTROL_DEPTH_CACHE_FLUSH; ++ flags |= PIPE_CONTROL_FLUSH_ENABLE; + } + if (invalidate_domains) { + flags |= PIPE_CONTROL_TLB_INVALIDATE; +@@ -412,6 +413,7 @@ gen8_render_ring_flush(struct intel_engine_cs *ring, + if (flush_domains) { + flags |= PIPE_CONTROL_RENDER_TARGET_CACHE_FLUSH; + flags |= PIPE_CONTROL_DEPTH_CACHE_FLUSH; ++ flags |= PIPE_CONTROL_FLUSH_ENABLE; + } + if (invalidate_domains) { + flags |= PIPE_CONTROL_TLB_INVALIDATE; +diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c +index af1ee51..0b22394 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_gem.c ++++ b/drivers/gpu/drm/nouveau/nouveau_gem.c +@@ -227,11 +227,12 @@ nouveau_gem_info(struct drm_file *file_priv, struct drm_gem_object *gem, + struct nouveau_bo *nvbo = nouveau_gem_object(gem); + struct nvkm_vma *vma; + +- if (nvbo->bo.mem.mem_type == TTM_PL_TT) ++ if (is_power_of_2(nvbo->valid_domains)) ++ rep->domain = nvbo->valid_domains; ++ else if (nvbo->bo.mem.mem_type == TTM_PL_TT) + rep->domain = NOUVEAU_GEM_DOMAIN_GART; + else + rep->domain = NOUVEAU_GEM_DOMAIN_VRAM; +- + rep->offset = nvbo->bo.offset; + if (cli->vm) { + vma = nouveau_bo_vma_find(nvbo, cli->vm); +diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c +index 65adb9c..bb29214 100644 +--- a/drivers/gpu/drm/radeon/atombios_encoders.c ++++ b/drivers/gpu/drm/radeon/atombios_encoders.c +@@ -237,6 +237,7 @@ void radeon_atom_backlight_init(struct radeon_encoder *radeon_encoder, + backlight_update_status(bd); + + DRM_INFO("radeon atom DIG backlight initialized\n"); ++ rdev->mode_info.bl_encoder = radeon_encoder; + + return; + +@@ -1624,9 +1625,14 @@ radeon_atom_encoder_dpms_avivo(struct drm_encoder *encoder, int mode) + } else + atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args); + if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) { +- struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv; ++ if (rdev->mode_info.bl_encoder) { ++ struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv; + +- atombios_set_backlight_level(radeon_encoder, dig->backlight_level); ++ atombios_set_backlight_level(radeon_encoder, dig->backlight_level); ++ } else { ++ args.ucAction = ATOM_LCD_BLON; ++ atom_execute_table(rdev->mode_info.atom_context, index, (uint32_t *)&args); ++ } + } + break; + case DRM_MODE_DPMS_STANDBY: +@@ -1706,8 +1712,13 @@ radeon_atom_encoder_dpms_dig(struct drm_encoder *encoder, int mode) + if (ASIC_IS_DCE4(rdev)) + atombios_dig_encoder_setup(encoder, ATOM_ENCODER_CMD_DP_VIDEO_ON, 0); + } +- if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) +- atombios_set_backlight_level(radeon_encoder, dig->backlight_level); ++ if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) { ++ if (rdev->mode_info.bl_encoder) ++ atombios_set_backlight_level(radeon_encoder, dig->backlight_level); ++ else ++ atombios_dig_transmitter_setup(encoder, ++ ATOM_TRANSMITTER_ACTION_LCD_BLON, 0, 0); ++ } + if (ext_encoder) + atombios_external_encoder_setup(encoder, ext_encoder, ATOM_ENABLE); + break; +diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h +index f03b7eb..b6cbd81 100644 +--- a/drivers/gpu/drm/radeon/radeon.h ++++ b/drivers/gpu/drm/radeon/radeon.h +@@ -1658,6 +1658,7 @@ struct radeon_pm { + u8 fan_max_rpm; + /* dpm */ + bool dpm_enabled; ++ bool sysfs_initialized; + struct radeon_dpm dpm; + }; + +diff --git a/drivers/gpu/drm/radeon/radeon_encoders.c b/drivers/gpu/drm/radeon/radeon_encoders.c +index ef99917..c6ee802 100644 +--- a/drivers/gpu/drm/radeon/radeon_encoders.c ++++ b/drivers/gpu/drm/radeon/radeon_encoders.c +@@ -194,7 +194,6 @@ static void radeon_encoder_add_backlight(struct radeon_encoder *radeon_encoder, + radeon_atom_backlight_init(radeon_encoder, connector); + else + radeon_legacy_backlight_init(radeon_encoder, connector); +- rdev->mode_info.bl_encoder = radeon_encoder; + } + } + +diff --git a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c +index 4571530..30de433 100644 +--- a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c ++++ b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c +@@ -441,6 +441,7 @@ void radeon_legacy_backlight_init(struct radeon_encoder *radeon_encoder, + backlight_update_status(bd); + + DRM_INFO("radeon legacy LVDS backlight initialized\n"); ++ rdev->mode_info.bl_encoder = radeon_encoder; + + return; + +diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c +index 948c331..9176432 100644 +--- a/drivers/gpu/drm/radeon/radeon_pm.c ++++ b/drivers/gpu/drm/radeon/radeon_pm.c +@@ -720,10 +720,14 @@ static umode_t hwmon_attributes_visible(struct kobject *kobj, + struct radeon_device *rdev = dev_get_drvdata(dev); + umode_t effective_mode = attr->mode; + +- /* Skip limit attributes if DPM is not enabled */ ++ /* Skip attributes if DPM is not enabled */ + if (rdev->pm.pm_method != PM_METHOD_DPM && + (attr == &sensor_dev_attr_temp1_crit.dev_attr.attr || +- attr == &sensor_dev_attr_temp1_crit_hyst.dev_attr.attr)) ++ attr == &sensor_dev_attr_temp1_crit_hyst.dev_attr.attr || ++ attr == &sensor_dev_attr_pwm1.dev_attr.attr || ++ attr == &sensor_dev_attr_pwm1_enable.dev_attr.attr || ++ attr == &sensor_dev_attr_pwm1_max.dev_attr.attr || ++ attr == &sensor_dev_attr_pwm1_min.dev_attr.attr)) + return 0; + + /* Skip fan attributes if fan is not present */ +@@ -1529,19 +1533,23 @@ int radeon_pm_late_init(struct radeon_device *rdev) + + if (rdev->pm.pm_method == PM_METHOD_DPM) { + if (rdev->pm.dpm_enabled) { +- ret = device_create_file(rdev->dev, &dev_attr_power_dpm_state); +- if (ret) +- DRM_ERROR("failed to create device file for dpm state\n"); +- ret = device_create_file(rdev->dev, &dev_attr_power_dpm_force_performance_level); +- if (ret) +- DRM_ERROR("failed to create device file for dpm state\n"); +- /* XXX: these are noops for dpm but are here for backwards compat */ +- ret = device_create_file(rdev->dev, &dev_attr_power_profile); +- if (ret) +- DRM_ERROR("failed to create device file for power profile\n"); +- ret = device_create_file(rdev->dev, &dev_attr_power_method); +- if (ret) +- DRM_ERROR("failed to create device file for power method\n"); ++ if (!rdev->pm.sysfs_initialized) { ++ ret = device_create_file(rdev->dev, &dev_attr_power_dpm_state); ++ if (ret) ++ DRM_ERROR("failed to create device file for dpm state\n"); ++ ret = device_create_file(rdev->dev, &dev_attr_power_dpm_force_performance_level); ++ if (ret) ++ DRM_ERROR("failed to create device file for dpm state\n"); ++ /* XXX: these are noops for dpm but are here for backwards compat */ ++ ret = device_create_file(rdev->dev, &dev_attr_power_profile); ++ if (ret) ++ DRM_ERROR("failed to create device file for power profile\n"); ++ ret = device_create_file(rdev->dev, &dev_attr_power_method); ++ if (ret) ++ DRM_ERROR("failed to create device file for power method\n"); ++ if (!ret) ++ rdev->pm.sysfs_initialized = true; ++ } + + mutex_lock(&rdev->pm.mutex); + ret = radeon_dpm_late_enable(rdev); +@@ -1557,7 +1565,8 @@ int radeon_pm_late_init(struct radeon_device *rdev) + } + } + } else { +- if (rdev->pm.num_power_states > 1) { ++ if ((rdev->pm.num_power_states > 1) && ++ (!rdev->pm.sysfs_initialized)) { + /* where's the best place to put these? */ + ret = device_create_file(rdev->dev, &dev_attr_power_profile); + if (ret) +@@ -1565,6 +1574,8 @@ int radeon_pm_late_init(struct radeon_device *rdev) + ret = device_create_file(rdev->dev, &dev_attr_power_method); + if (ret) + DRM_ERROR("failed to create device file for power method\n"); ++ if (!ret) ++ rdev->pm.sysfs_initialized = true; + } + } + return ret; +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +index 620bb5c..15a8d77 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +@@ -1458,6 +1458,9 @@ static void __exit vmwgfx_exit(void) + drm_pci_exit(&driver, &vmw_pci_driver); + } + ++MODULE_INFO(vmw_patch, "ed7d78b2"); ++MODULE_INFO(vmw_patch, "54c12bc3"); ++ + module_init(vmwgfx_init); + module_exit(vmwgfx_exit); + +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +index d26a6da..d8896ed 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +@@ -636,7 +636,8 @@ extern int vmw_user_dmabuf_alloc(struct vmw_private *dev_priv, + uint32_t size, + bool shareable, + uint32_t *handle, +- struct vmw_dma_buffer **p_dma_buf); ++ struct vmw_dma_buffer **p_dma_buf, ++ struct ttm_base_object **p_base); + extern int vmw_user_dmabuf_reference(struct ttm_object_file *tfile, + struct vmw_dma_buffer *dma_buf, + uint32_t *handle); +@@ -650,7 +651,8 @@ extern uint32_t vmw_dmabuf_validate_node(struct ttm_buffer_object *bo, + uint32_t cur_validate_node); + extern void vmw_dmabuf_validate_clear(struct ttm_buffer_object *bo); + extern int vmw_user_dmabuf_lookup(struct ttm_object_file *tfile, +- uint32_t id, struct vmw_dma_buffer **out); ++ uint32_t id, struct vmw_dma_buffer **out, ++ struct ttm_base_object **base); + extern int vmw_stream_claim_ioctl(struct drm_device *dev, void *data, + struct drm_file *file_priv); + extern int vmw_stream_unref_ioctl(struct drm_device *dev, void *data, +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +index 97ad3bc..aee1c6c 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +@@ -887,7 +887,8 @@ static int vmw_translate_mob_ptr(struct vmw_private *dev_priv, + struct vmw_relocation *reloc; + int ret; + +- ret = vmw_user_dmabuf_lookup(sw_context->fp->tfile, handle, &vmw_bo); ++ ret = vmw_user_dmabuf_lookup(sw_context->fp->tfile, handle, &vmw_bo, ++ NULL); + if (unlikely(ret != 0)) { + DRM_ERROR("Could not find or use MOB buffer.\n"); + ret = -EINVAL; +@@ -949,7 +950,8 @@ static int vmw_translate_guest_ptr(struct vmw_private *dev_priv, + struct vmw_relocation *reloc; + int ret; + +- ret = vmw_user_dmabuf_lookup(sw_context->fp->tfile, handle, &vmw_bo); ++ ret = vmw_user_dmabuf_lookup(sw_context->fp->tfile, handle, &vmw_bo, ++ NULL); + if (unlikely(ret != 0)) { + DRM_ERROR("Could not find or use GMR region.\n"); + ret = -EINVAL; +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c b/drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c +index 87e39f6..e189898 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c +@@ -484,7 +484,7 @@ int vmw_overlay_ioctl(struct drm_device *dev, void *data, + goto out_unlock; + } + +- ret = vmw_user_dmabuf_lookup(tfile, arg->handle, &buf); ++ ret = vmw_user_dmabuf_lookup(tfile, arg->handle, &buf, NULL); + if (ret) + goto out_unlock; + +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +index 210ef15..c5b4c47 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +@@ -356,7 +356,7 @@ int vmw_user_lookup_handle(struct vmw_private *dev_priv, + } + + *out_surf = NULL; +- ret = vmw_user_dmabuf_lookup(tfile, handle, out_buf); ++ ret = vmw_user_dmabuf_lookup(tfile, handle, out_buf, NULL); + return ret; + } + +@@ -483,7 +483,8 @@ int vmw_user_dmabuf_alloc(struct vmw_private *dev_priv, + uint32_t size, + bool shareable, + uint32_t *handle, +- struct vmw_dma_buffer **p_dma_buf) ++ struct vmw_dma_buffer **p_dma_buf, ++ struct ttm_base_object **p_base) + { + struct vmw_user_dma_buffer *user_bo; + struct ttm_buffer_object *tmp; +@@ -517,6 +518,10 @@ int vmw_user_dmabuf_alloc(struct vmw_private *dev_priv, + } + + *p_dma_buf = &user_bo->dma; ++ if (p_base) { ++ *p_base = &user_bo->prime.base; ++ kref_get(&(*p_base)->refcount); ++ } + *handle = user_bo->prime.base.hash.key; + + out_no_base_object: +@@ -633,6 +638,7 @@ int vmw_user_dmabuf_synccpu_ioctl(struct drm_device *dev, void *data, + struct vmw_dma_buffer *dma_buf; + struct vmw_user_dma_buffer *user_bo; + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; ++ struct ttm_base_object *buffer_base; + int ret; + + if ((arg->flags & (drm_vmw_synccpu_read | drm_vmw_synccpu_write)) == 0 +@@ -645,7 +651,8 @@ int vmw_user_dmabuf_synccpu_ioctl(struct drm_device *dev, void *data, + + switch (arg->op) { + case drm_vmw_synccpu_grab: +- ret = vmw_user_dmabuf_lookup(tfile, arg->handle, &dma_buf); ++ ret = vmw_user_dmabuf_lookup(tfile, arg->handle, &dma_buf, ++ &buffer_base); + if (unlikely(ret != 0)) + return ret; + +@@ -653,6 +660,7 @@ int vmw_user_dmabuf_synccpu_ioctl(struct drm_device *dev, void *data, + dma); + ret = vmw_user_dmabuf_synccpu_grab(user_bo, tfile, arg->flags); + vmw_dmabuf_unreference(&dma_buf); ++ ttm_base_object_unref(&buffer_base); + if (unlikely(ret != 0 && ret != -ERESTARTSYS && + ret != -EBUSY)) { + DRM_ERROR("Failed synccpu grab on handle 0x%08x.\n", +@@ -694,7 +702,8 @@ int vmw_dmabuf_alloc_ioctl(struct drm_device *dev, void *data, + return ret; + + ret = vmw_user_dmabuf_alloc(dev_priv, vmw_fpriv(file_priv)->tfile, +- req->size, false, &handle, &dma_buf); ++ req->size, false, &handle, &dma_buf, ++ NULL); + if (unlikely(ret != 0)) + goto out_no_dmabuf; + +@@ -723,7 +732,8 @@ int vmw_dmabuf_unref_ioctl(struct drm_device *dev, void *data, + } + + int vmw_user_dmabuf_lookup(struct ttm_object_file *tfile, +- uint32_t handle, struct vmw_dma_buffer **out) ++ uint32_t handle, struct vmw_dma_buffer **out, ++ struct ttm_base_object **p_base) + { + struct vmw_user_dma_buffer *vmw_user_bo; + struct ttm_base_object *base; +@@ -745,7 +755,10 @@ int vmw_user_dmabuf_lookup(struct ttm_object_file *tfile, + vmw_user_bo = container_of(base, struct vmw_user_dma_buffer, + prime.base); + (void)ttm_bo_reference(&vmw_user_bo->dma.base); +- ttm_base_object_unref(&base); ++ if (p_base) ++ *p_base = base; ++ else ++ ttm_base_object_unref(&base); + *out = &vmw_user_bo->dma; + + return 0; +@@ -1006,7 +1019,7 @@ int vmw_dumb_create(struct drm_file *file_priv, + + ret = vmw_user_dmabuf_alloc(dev_priv, vmw_fpriv(file_priv)->tfile, + args->size, false, &args->handle, +- &dma_buf); ++ &dma_buf, NULL); + if (unlikely(ret != 0)) + goto out_no_dmabuf; + +@@ -1034,7 +1047,7 @@ int vmw_dumb_map_offset(struct drm_file *file_priv, + struct vmw_dma_buffer *out_buf; + int ret; + +- ret = vmw_user_dmabuf_lookup(tfile, handle, &out_buf); ++ ret = vmw_user_dmabuf_lookup(tfile, handle, &out_buf, NULL); + if (ret != 0) + return -EINVAL; + +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_shader.c b/drivers/gpu/drm/vmwgfx/vmwgfx_shader.c +index 6a4584a..d2751ad 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_shader.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_shader.c +@@ -470,7 +470,7 @@ int vmw_shader_define_ioctl(struct drm_device *dev, void *data, + + if (arg->buffer_handle != SVGA3D_INVALID_ID) { + ret = vmw_user_dmabuf_lookup(tfile, arg->buffer_handle, +- &buffer); ++ &buffer, NULL); + if (unlikely(ret != 0)) { + DRM_ERROR("Could not find buffer for shader " + "creation.\n"); +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +index 4ecdbf3..17a4107 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +@@ -43,6 +43,7 @@ struct vmw_user_surface { + struct vmw_surface srf; + uint32_t size; + struct drm_master *master; ++ struct ttm_base_object *backup_base; + }; + + /** +@@ -652,6 +653,8 @@ static void vmw_user_surface_base_release(struct ttm_base_object **p_base) + struct vmw_resource *res = &user_srf->srf.res; + + *p_base = NULL; ++ if (user_srf->backup_base) ++ ttm_base_object_unref(&user_srf->backup_base); + vmw_resource_unreference(&res); + } + +@@ -846,7 +849,8 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, + res->backup_size, + true, + &backup_handle, +- &res->backup); ++ &res->backup, ++ &user_srf->backup_base); + if (unlikely(ret != 0)) { + vmw_resource_unreference(&res); + goto out_unlock; +@@ -1309,7 +1313,8 @@ int vmw_gb_surface_define_ioctl(struct drm_device *dev, void *data, + + if (req->buffer_handle != SVGA3D_INVALID_ID) { + ret = vmw_user_dmabuf_lookup(tfile, req->buffer_handle, +- &res->backup); ++ &res->backup, ++ &user_srf->backup_base); + } else if (req->drm_surface_flags & + drm_vmw_surface_flag_create_buffer) + ret = vmw_user_dmabuf_alloc(dev_priv, tfile, +@@ -1317,7 +1322,8 @@ int vmw_gb_surface_define_ioctl(struct drm_device *dev, void *data, + req->drm_surface_flags & + drm_vmw_surface_flag_shareable, + &backup_handle, +- &res->backup); ++ &res->backup, ++ &user_srf->backup_base); + + if (unlikely(ret != 0)) { + vmw_resource_unreference(&res); +diff --git a/drivers/i2c/busses/i2c-mv64xxx.c b/drivers/i2c/busses/i2c-mv64xxx.c +index 30059c1..5801227 100644 +--- a/drivers/i2c/busses/i2c-mv64xxx.c ++++ b/drivers/i2c/busses/i2c-mv64xxx.c +@@ -669,8 +669,6 @@ mv64xxx_i2c_can_offload(struct mv64xxx_i2c_data *drv_data) + struct i2c_msg *msgs = drv_data->msgs; + int num = drv_data->num_msgs; + +- return false; +- + if (!drv_data->offload_enabled) + return false; + +diff --git a/drivers/iio/accel/st_accel_core.c b/drivers/iio/accel/st_accel_core.c +index 4002e64..c472477 100644 +--- a/drivers/iio/accel/st_accel_core.c ++++ b/drivers/iio/accel/st_accel_core.c +@@ -149,8 +149,6 @@ + #define ST_ACCEL_4_BDU_MASK 0x40 + #define ST_ACCEL_4_DRDY_IRQ_ADDR 0x21 + #define ST_ACCEL_4_DRDY_IRQ_INT1_MASK 0x04 +-#define ST_ACCEL_4_IG1_EN_ADDR 0x21 +-#define ST_ACCEL_4_IG1_EN_MASK 0x08 + #define ST_ACCEL_4_MULTIREAD_BIT true + + /* CUSTOM VALUES FOR SENSOR 5 */ +@@ -484,10 +482,6 @@ static const struct st_sensor_settings st_accel_sensors_settings[] = { + .drdy_irq = { + .addr = ST_ACCEL_4_DRDY_IRQ_ADDR, + .mask_int1 = ST_ACCEL_4_DRDY_IRQ_INT1_MASK, +- .ig1 = { +- .en_addr = ST_ACCEL_4_IG1_EN_ADDR, +- .en_mask = ST_ACCEL_4_IG1_EN_MASK, +- }, + }, + .multi_read_bit = ST_ACCEL_4_MULTIREAD_BIT, + .bootime = 2, /* guess */ +diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c +index 3a972eb..8be7352 100644 +--- a/drivers/infiniband/core/cm.c ++++ b/drivers/infiniband/core/cm.c +@@ -873,6 +873,11 @@ retest: + case IB_CM_SIDR_REQ_RCVD: + spin_unlock_irq(&cm_id_priv->lock); + cm_reject_sidr_req(cm_id_priv, IB_SIDR_REJECT); ++ spin_lock_irq(&cm.lock); ++ if (!RB_EMPTY_NODE(&cm_id_priv->sidr_id_node)) ++ rb_erase(&cm_id_priv->sidr_id_node, ++ &cm.remote_sidr_table); ++ spin_unlock_irq(&cm.lock); + break; + case IB_CM_REQ_SENT: + case IB_CM_MRA_REQ_RCVD: +@@ -3112,7 +3117,10 @@ int ib_send_cm_sidr_rep(struct ib_cm_id *cm_id, + spin_unlock_irqrestore(&cm_id_priv->lock, flags); + + spin_lock_irqsave(&cm.lock, flags); +- rb_erase(&cm_id_priv->sidr_id_node, &cm.remote_sidr_table); ++ if (!RB_EMPTY_NODE(&cm_id_priv->sidr_id_node)) { ++ rb_erase(&cm_id_priv->sidr_id_node, &cm.remote_sidr_table); ++ RB_CLEAR_NODE(&cm_id_priv->sidr_id_node); ++ } + spin_unlock_irqrestore(&cm.lock, flags); + return 0; + +diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c +index 4d24686..41e6cb5 100644 +--- a/drivers/input/mouse/alps.c ++++ b/drivers/input/mouse/alps.c +@@ -100,7 +100,7 @@ static const struct alps_nibble_commands alps_v6_nibble_commands[] = { + #define ALPS_FOUR_BUTTONS 0x40 /* 4 direction button present */ + #define ALPS_PS2_INTERLEAVED 0x80 /* 3-byte PS/2 packet interleaved with + 6-byte ALPS packet */ +-#define ALPS_DELL 0x100 /* device is a Dell laptop */ ++#define ALPS_STICK_BITS 0x100 /* separate stick button bits */ + #define ALPS_BUTTONPAD 0x200 /* device is a clickpad */ + + static const struct alps_model_info alps_model_data[] = { +@@ -159,6 +159,43 @@ static const struct alps_protocol_info alps_v8_protocol_data = { + ALPS_PROTO_V8, 0x18, 0x18, 0 + }; + ++/* ++ * Some v2 models report the stick buttons in separate bits ++ */ ++static const struct dmi_system_id alps_dmi_has_separate_stick_buttons[] = { ++#if defined(CONFIG_DMI) && defined(CONFIG_X86) ++ { ++ /* Extrapolated from other entries */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Latitude D420"), ++ }, ++ }, ++ { ++ /* Reported-by: Hans de Bruin <jmdebruin@xmsnet.nl> */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Latitude D430"), ++ }, ++ }, ++ { ++ /* Reported-by: Hans de Goede <hdegoede@redhat.com> */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Latitude D620"), ++ }, ++ }, ++ { ++ /* Extrapolated from other entries */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Latitude D630"), ++ }, ++ }, ++#endif ++ { } ++}; ++ + static void alps_set_abs_params_st(struct alps_data *priv, + struct input_dev *dev1); + static void alps_set_abs_params_semi_mt(struct alps_data *priv, +@@ -253,9 +290,8 @@ static void alps_process_packet_v1_v2(struct psmouse *psmouse) + return; + } + +- /* Dell non interleaved V2 dualpoint has separate stick button bits */ +- if (priv->proto_version == ALPS_PROTO_V2 && +- priv->flags == (ALPS_DELL | ALPS_PASS | ALPS_DUALPOINT)) { ++ /* Some models have separate stick button bits */ ++ if (priv->flags & ALPS_STICK_BITS) { + left |= packet[0] & 1; + right |= packet[0] & 2; + middle |= packet[0] & 4; +@@ -2552,8 +2588,6 @@ static int alps_set_protocol(struct psmouse *psmouse, + priv->byte0 = protocol->byte0; + priv->mask0 = protocol->mask0; + priv->flags = protocol->flags; +- if (dmi_name_in_vendors("Dell")) +- priv->flags |= ALPS_DELL; + + priv->x_max = 2000; + priv->y_max = 1400; +@@ -2568,6 +2602,8 @@ static int alps_set_protocol(struct psmouse *psmouse, + priv->set_abs_params = alps_set_abs_params_st; + priv->x_max = 1023; + priv->y_max = 767; ++ if (dmi_check_system(alps_dmi_has_separate_stick_buttons)) ++ priv->flags |= ALPS_STICK_BITS; + break; + + case ALPS_PROTO_V3: +diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c +index 658ee39..1b10e5fd 100644 +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -1974,8 +1974,8 @@ static void set_dte_entry(u16 devid, struct protection_domain *domain, bool ats) + static void clear_dte_entry(u16 devid) + { + /* remove entry from the device table seen by the hardware */ +- amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV; +- amd_iommu_dev_table[devid].data[1] = 0; ++ amd_iommu_dev_table[devid].data[0] = IOMMU_PTE_P | IOMMU_PTE_TV; ++ amd_iommu_dev_table[devid].data[1] &= DTE_FLAG_MASK; + + amd_iommu_apply_erratum_63(devid); + } +diff --git a/drivers/iommu/amd_iommu_types.h b/drivers/iommu/amd_iommu_types.h +index f659088..c9b6472 100644 +--- a/drivers/iommu/amd_iommu_types.h ++++ b/drivers/iommu/amd_iommu_types.h +@@ -295,6 +295,7 @@ + #define IOMMU_PTE_IR (1ULL << 61) + #define IOMMU_PTE_IW (1ULL << 62) + ++#define DTE_FLAG_MASK (0x3ffULL << 32) + #define DTE_FLAG_IOTLB (0x01UL << 32) + #define DTE_FLAG_GV (0x01ULL << 55) + #define DTE_GLX_SHIFT (56) +diff --git a/drivers/iommu/amd_iommu_v2.c b/drivers/iommu/amd_iommu_v2.c +index f7b875b..c3b8a5b 100644 +--- a/drivers/iommu/amd_iommu_v2.c ++++ b/drivers/iommu/amd_iommu_v2.c +@@ -516,6 +516,13 @@ static void do_fault(struct work_struct *work) + goto out; + } + ++ if (!(vma->vm_flags & (VM_READ | VM_EXEC | VM_WRITE))) { ++ /* handle_mm_fault would BUG_ON() */ ++ up_read(&mm->mmap_sem); ++ handle_fault_error(fault); ++ goto out; ++ } ++ + ret = handle_mm_fault(mm, vma, address, write); + if (ret & VM_FAULT_ERROR) { + /* failed to service fault */ +diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c +index 7553cb9..bd1b8ad 100644 +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -2109,15 +2109,19 @@ static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn, + return -ENOMEM; + /* It is large page*/ + if (largepage_lvl > 1) { ++ unsigned long nr_superpages, end_pfn; ++ + pteval |= DMA_PTE_LARGE_PAGE; + lvl_pages = lvl_to_nr_pages(largepage_lvl); ++ ++ nr_superpages = sg_res / lvl_pages; ++ end_pfn = iov_pfn + nr_superpages * lvl_pages - 1; ++ + /* + * Ensure that old small page tables are +- * removed to make room for superpage, +- * if they exist. ++ * removed to make room for superpage(s). + */ +- dma_pte_free_pagetable(domain, iov_pfn, +- iov_pfn + lvl_pages - 1); ++ dma_pte_free_pagetable(domain, iov_pfn, end_pfn); + } else { + pteval &= ~(uint64_t)DMA_PTE_LARGE_PAGE; + } +diff --git a/drivers/irqchip/irq-tegra.c b/drivers/irqchip/irq-tegra.c +index f67bbd8..ab5353a 100644 +--- a/drivers/irqchip/irq-tegra.c ++++ b/drivers/irqchip/irq-tegra.c +@@ -215,6 +215,7 @@ static struct irq_chip tegra_ictlr_chip = { + .irq_unmask = tegra_unmask, + .irq_retrigger = tegra_retrigger, + .irq_set_wake = tegra_set_wake, ++ .irq_set_type = irq_chip_set_type_parent, + .flags = IRQCHIP_MASK_ON_SUSPEND, + #ifdef CONFIG_SMP + .irq_set_affinity = irq_chip_set_affinity_parent, +diff --git a/drivers/md/dm-cache-metadata.c b/drivers/md/dm-cache-metadata.c +index 20cc36b..0a17d1b 100644 +--- a/drivers/md/dm-cache-metadata.c ++++ b/drivers/md/dm-cache-metadata.c +@@ -634,10 +634,10 @@ static int __commit_transaction(struct dm_cache_metadata *cmd, + + disk_super = dm_block_data(sblock); + ++ disk_super->flags = cpu_to_le32(cmd->flags); + if (mutator) + update_flags(disk_super, mutator); + +- disk_super->flags = cpu_to_le32(cmd->flags); + disk_super->mapping_root = cpu_to_le64(cmd->root); + disk_super->hint_root = cpu_to_le64(cmd->hint_root); + disk_super->discard_root = cpu_to_le64(cmd->discard_root); +diff --git a/drivers/md/md.c b/drivers/md/md.c +index e25f00f..95e7b72 100644 +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -8030,8 +8030,7 @@ static int remove_and_add_spares(struct mddev *mddev, + !test_bit(Bitmap_sync, &rdev->flags))) + continue; + +- if (rdev->saved_raid_disk < 0) +- rdev->recovery_offset = 0; ++ rdev->recovery_offset = 0; + if (mddev->pers-> + hot_add_disk(mddev, rdev) == 0) { + if (sysfs_link_rdev(mddev, rdev)) +diff --git a/drivers/md/persistent-data/dm-btree-remove.c b/drivers/md/persistent-data/dm-btree-remove.c +index 4222f77..1dac15d 100644 +--- a/drivers/md/persistent-data/dm-btree-remove.c ++++ b/drivers/md/persistent-data/dm-btree-remove.c +@@ -301,11 +301,16 @@ static void redistribute3(struct dm_btree_info *info, struct btree_node *parent, + { + int s; + uint32_t max_entries = le32_to_cpu(left->header.max_entries); +- unsigned target = (nr_left + nr_center + nr_right) / 3; +- BUG_ON(target > max_entries); ++ unsigned total = nr_left + nr_center + nr_right; ++ unsigned target_right = total / 3; ++ unsigned remainder = (target_right * 3) != total; ++ unsigned target_left = target_right + remainder; ++ ++ BUG_ON(target_left > max_entries); ++ BUG_ON(target_right > max_entries); + + if (nr_left < nr_right) { +- s = nr_left - target; ++ s = nr_left - target_left; + + if (s < 0 && nr_center < -s) { + /* not enough in central node */ +@@ -316,10 +321,10 @@ static void redistribute3(struct dm_btree_info *info, struct btree_node *parent, + } else + shift(left, center, s); + +- shift(center, right, target - nr_right); ++ shift(center, right, target_right - nr_right); + + } else { +- s = target - nr_right; ++ s = target_right - nr_right; + if (s > 0 && nr_center < s) { + /* not enough in central node */ + shift(center, right, nr_center); +@@ -329,7 +334,7 @@ static void redistribute3(struct dm_btree_info *info, struct btree_node *parent, + } else + shift(center, right, s); + +- shift(left, center, nr_left - target); ++ shift(left, center, nr_left - target_left); + } + + *key_ptr(parent, c->index) = center->keys[0]; +diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c +index c7726ce..d6e4703 100644 +--- a/drivers/md/persistent-data/dm-btree.c ++++ b/drivers/md/persistent-data/dm-btree.c +@@ -523,7 +523,7 @@ static int btree_split_beneath(struct shadow_spine *s, uint64_t key) + + r = new_block(s->info, &right); + if (r < 0) { +- /* FIXME: put left */ ++ unlock_block(s->info, left); + return r; + } + +diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c +index 967a4ed..d10d300 100644 +--- a/drivers/md/raid1.c ++++ b/drivers/md/raid1.c +@@ -2249,7 +2249,7 @@ static int narrow_write_error(struct r1bio *r1_bio, int i) + bio_trim(wbio, sector - r1_bio->sector, sectors); + wbio->bi_iter.bi_sector += rdev->data_offset; + wbio->bi_bdev = rdev->bdev; +- if (submit_bio_wait(WRITE, wbio) == 0) ++ if (submit_bio_wait(WRITE, wbio) < 0) + /* failure! */ + ok = rdev_set_badblocks(rdev, sector, + sectors, 0) +diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c +index 38c58e1..d4b70d9 100644 +--- a/drivers/md/raid10.c ++++ b/drivers/md/raid10.c +@@ -2580,7 +2580,7 @@ static int narrow_write_error(struct r10bio *r10_bio, int i) + choose_data_offset(r10_bio, rdev) + + (sector - r10_bio->sector)); + wbio->bi_bdev = rdev->bdev; +- if (submit_bio_wait(WRITE, wbio) == 0) ++ if (submit_bio_wait(WRITE, wbio) < 0) + /* Failure! */ + ok = rdev_set_badblocks(rdev, sector, + sectors, 0) +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index f757023..0d4f7b1 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -3505,6 +3505,7 @@ returnbi: + } + if (!discard_pending && + test_bit(R5_Discard, &sh->dev[sh->pd_idx].flags)) { ++ int hash; + clear_bit(R5_Discard, &sh->dev[sh->pd_idx].flags); + clear_bit(R5_UPTODATE, &sh->dev[sh->pd_idx].flags); + if (sh->qd_idx >= 0) { +@@ -3518,16 +3519,17 @@ returnbi: + * no updated data, so remove it from hash list and the stripe + * will be reinitialized + */ +- spin_lock_irq(&conf->device_lock); + unhash: ++ hash = sh->hash_lock_index; ++ spin_lock_irq(conf->hash_locks + hash); + remove_hash(sh); ++ spin_unlock_irq(conf->hash_locks + hash); + if (head_sh->batch_head) { + sh = list_first_entry(&sh->batch_list, + struct stripe_head, batch_list); + if (sh != head_sh) + goto unhash; + } +- spin_unlock_irq(&conf->device_lock); + sh = head_sh; + + if (test_bit(STRIPE_SYNC_REQUESTED, &sh->state)) +diff --git a/drivers/media/dvb-frontends/m88ds3103.c b/drivers/media/dvb-frontends/m88ds3103.c +index e9b2d2b..377fb69 100644 +--- a/drivers/media/dvb-frontends/m88ds3103.c ++++ b/drivers/media/dvb-frontends/m88ds3103.c +@@ -18,6 +18,27 @@ + + static struct dvb_frontend_ops m88ds3103_ops; + ++/* write single register with mask */ ++static int m88ds3103_update_bits(struct m88ds3103_dev *dev, ++ u8 reg, u8 mask, u8 val) ++{ ++ int ret; ++ u8 tmp; ++ ++ /* no need for read if whole reg is written */ ++ if (mask != 0xff) { ++ ret = regmap_bulk_read(dev->regmap, reg, &tmp, 1); ++ if (ret) ++ return ret; ++ ++ val &= mask; ++ tmp &= ~mask; ++ val |= tmp; ++ } ++ ++ return regmap_bulk_write(dev->regmap, reg, &val, 1); ++} ++ + /* write reg val table using reg addr auto increment */ + static int m88ds3103_wr_reg_val_tab(struct m88ds3103_dev *dev, + const struct m88ds3103_reg_val *tab, int tab_len) +@@ -394,10 +415,10 @@ static int m88ds3103_set_frontend(struct dvb_frontend *fe) + u8tmp2 = 0x00; /* 0b00 */ + break; + } +- ret = regmap_update_bits(dev->regmap, 0x22, 0xc0, u8tmp1 << 6); ++ ret = m88ds3103_update_bits(dev, 0x22, 0xc0, u8tmp1 << 6); + if (ret) + goto err; +- ret = regmap_update_bits(dev->regmap, 0x24, 0xc0, u8tmp2 << 6); ++ ret = m88ds3103_update_bits(dev, 0x24, 0xc0, u8tmp2 << 6); + if (ret) + goto err; + } +@@ -455,13 +476,13 @@ static int m88ds3103_set_frontend(struct dvb_frontend *fe) + if (ret) + goto err; + } +- ret = regmap_update_bits(dev->regmap, 0x9d, 0x08, 0x08); ++ ret = m88ds3103_update_bits(dev, 0x9d, 0x08, 0x08); + if (ret) + goto err; + ret = regmap_write(dev->regmap, 0xf1, 0x01); + if (ret) + goto err; +- ret = regmap_update_bits(dev->regmap, 0x30, 0x80, 0x80); ++ ret = m88ds3103_update_bits(dev, 0x30, 0x80, 0x80); + if (ret) + goto err; + } +@@ -498,7 +519,7 @@ static int m88ds3103_set_frontend(struct dvb_frontend *fe) + switch (dev->cfg->ts_mode) { + case M88DS3103_TS_SERIAL: + case M88DS3103_TS_SERIAL_D7: +- ret = regmap_update_bits(dev->regmap, 0x29, 0x20, u8tmp1); ++ ret = m88ds3103_update_bits(dev, 0x29, 0x20, u8tmp1); + if (ret) + goto err; + u8tmp1 = 0; +@@ -567,11 +588,11 @@ static int m88ds3103_set_frontend(struct dvb_frontend *fe) + if (ret) + goto err; + +- ret = regmap_update_bits(dev->regmap, 0x4d, 0x02, dev->cfg->spec_inv << 1); ++ ret = m88ds3103_update_bits(dev, 0x4d, 0x02, dev->cfg->spec_inv << 1); + if (ret) + goto err; + +- ret = regmap_update_bits(dev->regmap, 0x30, 0x10, dev->cfg->agc_inv << 4); ++ ret = m88ds3103_update_bits(dev, 0x30, 0x10, dev->cfg->agc_inv << 4); + if (ret) + goto err; + +@@ -625,13 +646,13 @@ static int m88ds3103_init(struct dvb_frontend *fe) + dev->warm = false; + + /* wake up device from sleep */ +- ret = regmap_update_bits(dev->regmap, 0x08, 0x01, 0x01); ++ ret = m88ds3103_update_bits(dev, 0x08, 0x01, 0x01); + if (ret) + goto err; +- ret = regmap_update_bits(dev->regmap, 0x04, 0x01, 0x00); ++ ret = m88ds3103_update_bits(dev, 0x04, 0x01, 0x00); + if (ret) + goto err; +- ret = regmap_update_bits(dev->regmap, 0x23, 0x10, 0x00); ++ ret = m88ds3103_update_bits(dev, 0x23, 0x10, 0x00); + if (ret) + goto err; + +@@ -749,18 +770,18 @@ static int m88ds3103_sleep(struct dvb_frontend *fe) + utmp = 0x29; + else + utmp = 0x27; +- ret = regmap_update_bits(dev->regmap, utmp, 0x01, 0x00); ++ ret = m88ds3103_update_bits(dev, utmp, 0x01, 0x00); + if (ret) + goto err; + + /* sleep */ +- ret = regmap_update_bits(dev->regmap, 0x08, 0x01, 0x00); ++ ret = m88ds3103_update_bits(dev, 0x08, 0x01, 0x00); + if (ret) + goto err; +- ret = regmap_update_bits(dev->regmap, 0x04, 0x01, 0x01); ++ ret = m88ds3103_update_bits(dev, 0x04, 0x01, 0x01); + if (ret) + goto err; +- ret = regmap_update_bits(dev->regmap, 0x23, 0x10, 0x10); ++ ret = m88ds3103_update_bits(dev, 0x23, 0x10, 0x10); + if (ret) + goto err; + +@@ -992,12 +1013,12 @@ static int m88ds3103_set_tone(struct dvb_frontend *fe, + } + + utmp = tone << 7 | dev->cfg->envelope_mode << 5; +- ret = regmap_update_bits(dev->regmap, 0xa2, 0xe0, utmp); ++ ret = m88ds3103_update_bits(dev, 0xa2, 0xe0, utmp); + if (ret) + goto err; + + utmp = 1 << 2; +- ret = regmap_update_bits(dev->regmap, 0xa1, reg_a1_mask, utmp); ++ ret = m88ds3103_update_bits(dev, 0xa1, reg_a1_mask, utmp); + if (ret) + goto err; + +@@ -1047,7 +1068,7 @@ static int m88ds3103_set_voltage(struct dvb_frontend *fe, + voltage_dis ^= dev->cfg->lnb_en_pol; + + utmp = voltage_dis << 1 | voltage_sel << 0; +- ret = regmap_update_bits(dev->regmap, 0xa2, 0x03, utmp); ++ ret = m88ds3103_update_bits(dev, 0xa2, 0x03, utmp); + if (ret) + goto err; + +@@ -1080,7 +1101,7 @@ static int m88ds3103_diseqc_send_master_cmd(struct dvb_frontend *fe, + } + + utmp = dev->cfg->envelope_mode << 5; +- ret = regmap_update_bits(dev->regmap, 0xa2, 0xe0, utmp); ++ ret = m88ds3103_update_bits(dev, 0xa2, 0xe0, utmp); + if (ret) + goto err; + +@@ -1115,12 +1136,12 @@ static int m88ds3103_diseqc_send_master_cmd(struct dvb_frontend *fe, + } else { + dev_dbg(&client->dev, "diseqc tx timeout\n"); + +- ret = regmap_update_bits(dev->regmap, 0xa1, 0xc0, 0x40); ++ ret = m88ds3103_update_bits(dev, 0xa1, 0xc0, 0x40); + if (ret) + goto err; + } + +- ret = regmap_update_bits(dev->regmap, 0xa2, 0xc0, 0x80); ++ ret = m88ds3103_update_bits(dev, 0xa2, 0xc0, 0x80); + if (ret) + goto err; + +@@ -1152,7 +1173,7 @@ static int m88ds3103_diseqc_send_burst(struct dvb_frontend *fe, + } + + utmp = dev->cfg->envelope_mode << 5; +- ret = regmap_update_bits(dev->regmap, 0xa2, 0xe0, utmp); ++ ret = m88ds3103_update_bits(dev, 0xa2, 0xe0, utmp); + if (ret) + goto err; + +@@ -1194,12 +1215,12 @@ static int m88ds3103_diseqc_send_burst(struct dvb_frontend *fe, + } else { + dev_dbg(&client->dev, "diseqc tx timeout\n"); + +- ret = regmap_update_bits(dev->regmap, 0xa1, 0xc0, 0x40); ++ ret = m88ds3103_update_bits(dev, 0xa1, 0xc0, 0x40); + if (ret) + goto err; + } + +- ret = regmap_update_bits(dev->regmap, 0xa2, 0xc0, 0x80); ++ ret = m88ds3103_update_bits(dev, 0xa2, 0xc0, 0x80); + if (ret) + goto err; + +@@ -1435,13 +1456,13 @@ static int m88ds3103_probe(struct i2c_client *client, + goto err_kfree; + + /* sleep */ +- ret = regmap_update_bits(dev->regmap, 0x08, 0x01, 0x00); ++ ret = m88ds3103_update_bits(dev, 0x08, 0x01, 0x00); + if (ret) + goto err_kfree; +- ret = regmap_update_bits(dev->regmap, 0x04, 0x01, 0x01); ++ ret = m88ds3103_update_bits(dev, 0x04, 0x01, 0x01); + if (ret) + goto err_kfree; +- ret = regmap_update_bits(dev->regmap, 0x23, 0x10, 0x10); ++ ret = m88ds3103_update_bits(dev, 0x23, 0x10, 0x10); + if (ret) + goto err_kfree; + +diff --git a/drivers/media/dvb-frontends/si2168.c b/drivers/media/dvb-frontends/si2168.c +index 25e238c..cb6a49b 100644 +--- a/drivers/media/dvb-frontends/si2168.c ++++ b/drivers/media/dvb-frontends/si2168.c +@@ -502,6 +502,10 @@ static int si2168_init(struct dvb_frontend *fe) + /* firmware is in the new format */ + for (remaining = fw->size; remaining > 0; remaining -= 17) { + len = fw->data[fw->size - remaining]; ++ if (len > SI2168_ARGLEN) { ++ ret = -EINVAL; ++ break; ++ } + memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len); + cmd.wlen = len; + cmd.rlen = 1; +diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c +index a6245ef..416c865 100644 +--- a/drivers/media/tuners/si2157.c ++++ b/drivers/media/tuners/si2157.c +@@ -166,6 +166,10 @@ static int si2157_init(struct dvb_frontend *fe) + + for (remaining = fw->size; remaining > 0; remaining -= 17) { + len = fw->data[fw->size - remaining]; ++ if (len > SI2157_ARGLEN) { ++ dev_err(&client->dev, "Bad firmware length\n"); ++ goto err_release_firmware; ++ } + memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len); + cmd.wlen = len; + cmd.rlen = 1; +diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +index c3cac4c..197a4f2 100644 +--- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c ++++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +@@ -34,6 +34,14 @@ static int rtl28xxu_ctrl_msg(struct dvb_usb_device *d, struct rtl28xxu_req *req) + unsigned int pipe; + u8 requesttype; + ++ mutex_lock(&d->usb_mutex); ++ ++ if (req->size > sizeof(dev->buf)) { ++ dev_err(&d->intf->dev, "too large message %u\n", req->size); ++ ret = -EINVAL; ++ goto err_mutex_unlock; ++ } ++ + if (req->index & CMD_WR_FLAG) { + /* write */ + memcpy(dev->buf, req->data, req->size); +@@ -50,14 +58,17 @@ static int rtl28xxu_ctrl_msg(struct dvb_usb_device *d, struct rtl28xxu_req *req) + dvb_usb_dbg_usb_control_msg(d->udev, 0, requesttype, req->value, + req->index, dev->buf, req->size); + if (ret < 0) +- goto err; ++ goto err_mutex_unlock; + + /* read request, copy returned data to return buf */ + if (requesttype == (USB_TYPE_VENDOR | USB_DIR_IN)) + memcpy(req->data, dev->buf, req->size); + ++ mutex_unlock(&d->usb_mutex); ++ + return 0; +-err: ++err_mutex_unlock: ++ mutex_unlock(&d->usb_mutex); + dev_dbg(&d->intf->dev, "failed=%d\n", ret); + return ret; + } +diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.h b/drivers/media/usb/dvb-usb-v2/rtl28xxu.h +index 9f6115a..1380629 100644 +--- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.h ++++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.h +@@ -71,7 +71,7 @@ + + + struct rtl28xxu_dev { +- u8 buf[28]; ++ u8 buf[128]; + u8 chip_id; + u8 tuner; + char *tuner_name; +diff --git a/drivers/mmc/card/mmc_test.c b/drivers/mmc/card/mmc_test.c +index b78cf5d..7fc9174 100644 +--- a/drivers/mmc/card/mmc_test.c ++++ b/drivers/mmc/card/mmc_test.c +@@ -2263,15 +2263,12 @@ static int mmc_test_profile_sglen_r_nonblock_perf(struct mmc_test_card *test) + /* + * eMMC hardware reset. + */ +-static int mmc_test_hw_reset(struct mmc_test_card *test) ++static int mmc_test_reset(struct mmc_test_card *test) + { + struct mmc_card *card = test->card; + struct mmc_host *host = card->host; + int err; + +- if (!mmc_card_mmc(card) || !mmc_can_reset(card)) +- return RESULT_UNSUP_CARD; +- + err = mmc_hw_reset(host); + if (!err) + return RESULT_OK; +@@ -2605,8 +2602,8 @@ static const struct mmc_test_case mmc_test_cases[] = { + }, + + { +- .name = "eMMC hardware reset", +- .run = mmc_test_hw_reset, ++ .name = "Reset test", ++ .run = mmc_test_reset, + }, + }; + +diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c +index e726903..f6cd995 100644 +--- a/drivers/mmc/core/mmc.c ++++ b/drivers/mmc/core/mmc.c +@@ -1924,7 +1924,6 @@ EXPORT_SYMBOL(mmc_can_reset); + static int mmc_reset(struct mmc_host *host) + { + struct mmc_card *card = host->card; +- u32 status; + + if (!(host->caps & MMC_CAP_HW_RESET) || !host->ops->hw_reset) + return -EOPNOTSUPP; +@@ -1937,12 +1936,6 @@ static int mmc_reset(struct mmc_host *host) + + host->ops->hw_reset(host); + +- /* If the reset has happened, then a status command will fail */ +- if (!mmc_send_status(card, &status)) { +- mmc_host_clk_release(host); +- return -ENOSYS; +- } +- + /* Set initial state and call mmc_set_ios */ + mmc_set_initial_state(host); + mmc_host_clk_release(host); +diff --git a/drivers/net/wireless/ath/ath9k/init.c b/drivers/net/wireless/ath/ath9k/init.c +index eff0e53..bfddc9e 100644 +--- a/drivers/net/wireless/ath/ath9k/init.c ++++ b/drivers/net/wireless/ath/ath9k/init.c +@@ -874,6 +874,7 @@ static void ath9k_set_hw_capab(struct ath_softc *sc, struct ieee80211_hw *hw) + hw->max_rate_tries = 10; + hw->sta_data_size = sizeof(struct ath_node); + hw->vif_data_size = sizeof(struct ath_vif); ++ hw->extra_tx_headroom = 4; + + hw->wiphy->available_antennas_rx = BIT(ah->caps.max_rxchains) - 1; + hw->wiphy->available_antennas_tx = BIT(ah->caps.max_txchains) - 1; +diff --git a/drivers/net/wireless/iwlwifi/dvm/lib.c b/drivers/net/wireless/iwlwifi/dvm/lib.c +index 1d2223d..e7d3566 100644 +--- a/drivers/net/wireless/iwlwifi/dvm/lib.c ++++ b/drivers/net/wireless/iwlwifi/dvm/lib.c +@@ -1022,7 +1022,7 @@ static void iwlagn_wowlan_program_keys(struct ieee80211_hw *hw, + u8 *pn = seq.ccmp.pn; + + ieee80211_get_key_rx_seq(key, i, &seq); +- aes_sc->pn = cpu_to_le64( ++ aes_sc[i].pn = cpu_to_le64( + (u64)pn[5] | + ((u64)pn[4] << 8) | + ((u64)pn[3] << 16) | +diff --git a/drivers/net/wireless/iwlwifi/iwl-7000.c b/drivers/net/wireless/iwlwifi/iwl-7000.c +index cc35f79..d7acbd1 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-7000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-7000.c +@@ -348,6 +348,6 @@ const struct iwl_cfg iwl7265d_n_cfg = { + }; + + MODULE_FIRMWARE(IWL7260_MODULE_FIRMWARE(IWL7260_UCODE_API_OK)); +-MODULE_FIRMWARE(IWL3160_MODULE_FIRMWARE(IWL3160_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL3160_MODULE_FIRMWARE(IWL7260_UCODE_API_OK)); + MODULE_FIRMWARE(IWL7265_MODULE_FIRMWARE(IWL7260_UCODE_API_OK)); + MODULE_FIRMWARE(IWL7265D_MODULE_FIRMWARE(IWL7260_UCODE_API_OK)); +diff --git a/drivers/net/wireless/iwlwifi/mvm/d3.c b/drivers/net/wireless/iwlwifi/mvm/d3.c +index 4165d10..f60b89b 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/d3.c ++++ b/drivers/net/wireless/iwlwifi/mvm/d3.c +@@ -274,18 +274,13 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw, + break; + case WLAN_CIPHER_SUITE_CCMP: + if (sta) { +- u8 *pn = seq.ccmp.pn; ++ u64 pn64; + + aes_sc = data->rsc_tsc->all_tsc_rsc.aes.unicast_rsc; + aes_tx_sc = &data->rsc_tsc->all_tsc_rsc.aes.tsc; + +- ieee80211_get_key_tx_seq(key, &seq); +- aes_tx_sc->pn = cpu_to_le64((u64)pn[5] | +- ((u64)pn[4] << 8) | +- ((u64)pn[3] << 16) | +- ((u64)pn[2] << 24) | +- ((u64)pn[1] << 32) | +- ((u64)pn[0] << 40)); ++ pn64 = atomic64_read(&key->tx_pn); ++ aes_tx_sc->pn = cpu_to_le64(pn64); + } else { + aes_sc = data->rsc_tsc->all_tsc_rsc.aes.multicast_rsc; + } +@@ -298,12 +293,12 @@ static void iwl_mvm_wowlan_program_keys(struct ieee80211_hw *hw, + u8 *pn = seq.ccmp.pn; + + ieee80211_get_key_rx_seq(key, i, &seq); +- aes_sc->pn = cpu_to_le64((u64)pn[5] | +- ((u64)pn[4] << 8) | +- ((u64)pn[3] << 16) | +- ((u64)pn[2] << 24) | +- ((u64)pn[1] << 32) | +- ((u64)pn[0] << 40)); ++ aes_sc[i].pn = cpu_to_le64((u64)pn[5] | ++ ((u64)pn[4] << 8) | ++ ((u64)pn[3] << 16) | ++ ((u64)pn[2] << 24) | ++ ((u64)pn[1] << 32) | ++ ((u64)pn[0] << 40)); + } + data->use_rsc_tsc = true; + break; +@@ -1446,15 +1441,15 @@ static void iwl_mvm_d3_update_gtks(struct ieee80211_hw *hw, + + switch (key->cipher) { + case WLAN_CIPHER_SUITE_CCMP: +- iwl_mvm_aes_sc_to_seq(&sc->aes.tsc, &seq); + iwl_mvm_set_aes_rx_seq(sc->aes.unicast_rsc, key); ++ atomic64_set(&key->tx_pn, le64_to_cpu(sc->aes.tsc.pn)); + break; + case WLAN_CIPHER_SUITE_TKIP: + iwl_mvm_tkip_sc_to_seq(&sc->tkip.tsc, &seq); + iwl_mvm_set_tkip_rx_seq(sc->tkip.unicast_rsc, key); ++ ieee80211_set_key_tx_seq(key, &seq); + break; + } +- ieee80211_set_key_tx_seq(key, &seq); + + /* that's it for this key */ + return; +diff --git a/drivers/net/wireless/iwlwifi/mvm/fw.c b/drivers/net/wireless/iwlwifi/mvm/fw.c +index eb10c5e..b49367e 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/fw.c ++++ b/drivers/net/wireless/iwlwifi/mvm/fw.c +@@ -364,7 +364,7 @@ int iwl_run_init_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm) + * abort after reading the nvm in case RF Kill is on, we will complete + * the init seq later when RF kill will switch to off + */ +- if (iwl_mvm_is_radio_killed(mvm)) { ++ if (iwl_mvm_is_radio_hw_killed(mvm)) { + IWL_DEBUG_RF_KILL(mvm, + "jump over all phy activities due to RF kill\n"); + iwl_remove_notification(&mvm->notif_wait, &calib_wait); +@@ -397,7 +397,7 @@ int iwl_run_init_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm) + ret = iwl_wait_notification(&mvm->notif_wait, &calib_wait, + MVM_UCODE_CALIB_TIMEOUT); + +- if (ret && iwl_mvm_is_radio_killed(mvm)) { ++ if (ret && iwl_mvm_is_radio_hw_killed(mvm)) { + IWL_DEBUG_RF_KILL(mvm, "RFKILL while calibrating.\n"); + ret = 1; + } +diff --git a/drivers/net/wireless/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/iwlwifi/mvm/mac80211.c +index dfdab38..f82019c 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/mac80211.c ++++ b/drivers/net/wireless/iwlwifi/mvm/mac80211.c +@@ -2373,6 +2373,7 @@ static void iwl_mvm_stop_ap_ibss(struct ieee80211_hw *hw, + iwl_mvm_remove_time_event(mvm, mvmvif, + &mvmvif->time_event_data); + RCU_INIT_POINTER(mvm->csa_vif, NULL); ++ mvmvif->csa_countdown = false; + } + + if (rcu_access_pointer(mvm->csa_tx_blocked_vif) == vif) { +diff --git a/drivers/net/wireless/iwlwifi/mvm/mvm.h b/drivers/net/wireless/iwlwifi/mvm/mvm.h +index 2d4bad5..4a6f162 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/mvm.h ++++ b/drivers/net/wireless/iwlwifi/mvm/mvm.h +@@ -848,6 +848,11 @@ static inline bool iwl_mvm_is_radio_killed(struct iwl_mvm *mvm) + test_bit(IWL_MVM_STATUS_HW_CTKILL, &mvm->status); + } + ++static inline bool iwl_mvm_is_radio_hw_killed(struct iwl_mvm *mvm) ++{ ++ return test_bit(IWL_MVM_STATUS_HW_RFKILL, &mvm->status); ++} ++ + /* Must be called with rcu_read_lock() held and it can only be + * released when mvmsta is not needed anymore. + */ +diff --git a/drivers/net/wireless/iwlwifi/mvm/ops.c b/drivers/net/wireless/iwlwifi/mvm/ops.c +index e4fa500..61c2b0a 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/ops.c ++++ b/drivers/net/wireless/iwlwifi/mvm/ops.c +@@ -582,6 +582,7 @@ iwl_op_mode_mvm_start(struct iwl_trans *trans, const struct iwl_cfg *cfg, + ieee80211_unregister_hw(mvm->hw); + iwl_mvm_leds_exit(mvm); + out_free: ++ flush_delayed_work(&mvm->fw_dump_wk); + iwl_phy_db_free(mvm->phy_db); + kfree(mvm->scan_cmd); + if (!cfg->no_power_up_nic_in_init || !mvm->nvm_file_name) +diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c +index 9f65c1c..865d578d 100644 +--- a/drivers/net/wireless/iwlwifi/pcie/drv.c ++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c +@@ -414,6 +414,11 @@ static const struct pci_device_id iwl_hw_card_ids[] = { + {IWL_PCI_DEVICE(0x095A, 0x5590, iwl7265_2ac_cfg)}, + {IWL_PCI_DEVICE(0x095B, 0x5290, iwl7265_2ac_cfg)}, + {IWL_PCI_DEVICE(0x095A, 0x5490, iwl7265_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x095A, 0x5F10, iwl7265_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x095B, 0x5212, iwl7265_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x095B, 0x520A, iwl7265_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x095A, 0x9000, iwl7265_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x095A, 0x9400, iwl7265_2ac_cfg)}, + + /* 8000 Series */ + {IWL_PCI_DEVICE(0x24F3, 0x0010, iwl8260_2ac_cfg)}, +diff --git a/drivers/net/wireless/rtlwifi/pci.h b/drivers/net/wireless/rtlwifi/pci.h +index d4567d1..5da6703 100644 +--- a/drivers/net/wireless/rtlwifi/pci.h ++++ b/drivers/net/wireless/rtlwifi/pci.h +@@ -247,6 +247,8 @@ struct rtl_pci { + /* MSI support */ + bool msi_support; + bool using_msi; ++ /* interrupt clear before set */ ++ bool int_clear; + }; + + struct mp_adapter { +diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c +index b7f18e21..6e9418e 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c ++++ b/drivers/net/wireless/rtlwifi/rtl8821ae/hw.c +@@ -2253,11 +2253,28 @@ void rtl8821ae_set_qos(struct ieee80211_hw *hw, int aci) + } + } + ++static void rtl8821ae_clear_interrupt(struct ieee80211_hw *hw) ++{ ++ struct rtl_priv *rtlpriv = rtl_priv(hw); ++ u32 tmp = rtl_read_dword(rtlpriv, REG_HISR); ++ ++ rtl_write_dword(rtlpriv, REG_HISR, tmp); ++ ++ tmp = rtl_read_dword(rtlpriv, REG_HISRE); ++ rtl_write_dword(rtlpriv, REG_HISRE, tmp); ++ ++ tmp = rtl_read_dword(rtlpriv, REG_HSISR); ++ rtl_write_dword(rtlpriv, REG_HSISR, tmp); ++} ++ + void rtl8821ae_enable_interrupt(struct ieee80211_hw *hw) + { + struct rtl_priv *rtlpriv = rtl_priv(hw); + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); + ++ if (!rtlpci->int_clear) ++ rtl8821ae_clear_interrupt(hw);/*clear it here first*/ ++ + rtl_write_dword(rtlpriv, REG_HIMR, rtlpci->irq_mask[0] & 0xFFFFFFFF); + rtl_write_dword(rtlpriv, REG_HIMRE, rtlpci->irq_mask[1] & 0xFFFFFFFF); + rtlpci->irq_enabled = true; +diff --git a/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c b/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c +index a4988121..8ee141a 100644 +--- a/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c ++++ b/drivers/net/wireless/rtlwifi/rtl8821ae/sw.c +@@ -96,6 +96,7 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw) + + rtl8821ae_bt_reg_init(hw); + rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support; ++ rtlpci->int_clear = rtlpriv->cfg->mod_params->int_clear; + rtlpriv->btcoexist.btc_ops = rtl_btc_get_ops_pointer(); + + rtlpriv->dm.dm_initialgain_enable = 1; +@@ -167,6 +168,7 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw) + rtlpriv->psc.swctrl_lps = rtlpriv->cfg->mod_params->swctrl_lps; + rtlpriv->psc.fwctrl_lps = rtlpriv->cfg->mod_params->fwctrl_lps; + rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support; ++ rtlpci->msi_support = rtlpriv->cfg->mod_params->int_clear; + if (rtlpriv->cfg->mod_params->disable_watchdog) + pr_info("watchdog disabled\n"); + rtlpriv->psc.reg_fwctrl_lps = 3; +@@ -308,6 +310,7 @@ static struct rtl_mod_params rtl8821ae_mod_params = { + .swctrl_lps = false, + .fwctrl_lps = true, + .msi_support = true, ++ .int_clear = true, + .debug = DBG_EMERG, + .disable_watchdog = 0, + }; +@@ -437,6 +440,7 @@ module_param_named(fwlps, rtl8821ae_mod_params.fwctrl_lps, bool, 0444); + module_param_named(msi, rtl8821ae_mod_params.msi_support, bool, 0444); + module_param_named(disable_watchdog, rtl8821ae_mod_params.disable_watchdog, + bool, 0444); ++module_param_named(int_clear, rtl8821ae_mod_params.int_clear, bool, 0444); + MODULE_PARM_DESC(swenc, "Set to 1 for software crypto (default 0)\n"); + MODULE_PARM_DESC(ips, "Set to 0 to not use link power save (default 1)\n"); + MODULE_PARM_DESC(swlps, "Set to 1 to use SW control power save (default 0)\n"); +@@ -444,6 +448,7 @@ MODULE_PARM_DESC(fwlps, "Set to 1 to use FW control power save (default 1)\n"); + MODULE_PARM_DESC(msi, "Set to 1 to use MSI interrupts mode (default 1)\n"); + MODULE_PARM_DESC(debug, "Set debug level (0-5) (default 0)"); + MODULE_PARM_DESC(disable_watchdog, "Set to 1 to disable the watchdog (default 0)\n"); ++MODULE_PARM_DESC(int_clear, "Set to 1 to disable interrupt clear before set (default 0)\n"); + + static SIMPLE_DEV_PM_OPS(rtlwifi_pm_ops, rtl_pci_suspend, rtl_pci_resume); + +diff --git a/drivers/net/wireless/rtlwifi/wifi.h b/drivers/net/wireless/rtlwifi/wifi.h +index 2b770b5..0a3570a 100644 +--- a/drivers/net/wireless/rtlwifi/wifi.h ++++ b/drivers/net/wireless/rtlwifi/wifi.h +@@ -2234,6 +2234,9 @@ struct rtl_mod_params { + + /* default 0: 1 means disable */ + bool disable_watchdog; ++ ++ /* default 0: 1 means do not disable interrupts */ ++ bool int_clear; + }; + + struct rtl_hal_usbint_cfg { +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c +index 312f23a..9261868 100644 +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev, + if (ret) + return ret; + +- if (!node_online(node)) ++ if (node >= MAX_NUMNODES || !node_online(node)) + return -EINVAL; + + add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK); +diff --git a/drivers/pinctrl/intel/pinctrl-baytrail.c b/drivers/pinctrl/intel/pinctrl-baytrail.c +index 2062c22..b260221 100644 +--- a/drivers/pinctrl/intel/pinctrl-baytrail.c ++++ b/drivers/pinctrl/intel/pinctrl-baytrail.c +@@ -146,7 +146,7 @@ struct byt_gpio_pin_context { + struct byt_gpio { + struct gpio_chip chip; + struct platform_device *pdev; +- spinlock_t lock; ++ raw_spinlock_t lock; + void __iomem *reg_base; + struct pinctrl_gpio_range *range; + struct byt_gpio_pin_context *saved_context; +@@ -174,11 +174,11 @@ static void byt_gpio_clear_triggering(struct byt_gpio *vg, unsigned offset) + unsigned long flags; + u32 value; + +- spin_lock_irqsave(&vg->lock, flags); ++ raw_spin_lock_irqsave(&vg->lock, flags); + value = readl(reg); + value &= ~(BYT_TRIG_POS | BYT_TRIG_NEG | BYT_TRIG_LVL); + writel(value, reg); +- spin_unlock_irqrestore(&vg->lock, flags); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); + } + + static u32 byt_get_gpio_mux(struct byt_gpio *vg, unsigned offset) +@@ -201,6 +201,9 @@ static int byt_gpio_request(struct gpio_chip *chip, unsigned offset) + struct byt_gpio *vg = to_byt_gpio(chip); + void __iomem *reg = byt_gpio_reg(chip, offset, BYT_CONF0_REG); + u32 value, gpio_mux; ++ unsigned long flags; ++ ++ raw_spin_lock_irqsave(&vg->lock, flags); + + /* + * In most cases, func pin mux 000 means GPIO function. +@@ -214,18 +217,16 @@ static int byt_gpio_request(struct gpio_chip *chip, unsigned offset) + value = readl(reg) & BYT_PIN_MUX; + gpio_mux = byt_get_gpio_mux(vg, offset); + if (WARN_ON(gpio_mux != value)) { +- unsigned long flags; +- +- spin_lock_irqsave(&vg->lock, flags); + value = readl(reg) & ~BYT_PIN_MUX; + value |= gpio_mux; + writel(value, reg); +- spin_unlock_irqrestore(&vg->lock, flags); + + dev_warn(&vg->pdev->dev, + "pin %u forcibly re-configured as GPIO\n", offset); + } + ++ raw_spin_unlock_irqrestore(&vg->lock, flags); ++ + pm_runtime_get(&vg->pdev->dev); + + return 0; +@@ -250,7 +251,7 @@ static int byt_irq_type(struct irq_data *d, unsigned type) + if (offset >= vg->chip.ngpio) + return -EINVAL; + +- spin_lock_irqsave(&vg->lock, flags); ++ raw_spin_lock_irqsave(&vg->lock, flags); + value = readl(reg); + + WARN(value & BYT_DIRECT_IRQ_EN, +@@ -269,7 +270,7 @@ static int byt_irq_type(struct irq_data *d, unsigned type) + else if (type & IRQ_TYPE_LEVEL_MASK) + __irq_set_handler_locked(d->irq, handle_level_irq); + +- spin_unlock_irqrestore(&vg->lock, flags); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); + + return 0; + } +@@ -277,7 +278,15 @@ static int byt_irq_type(struct irq_data *d, unsigned type) + static int byt_gpio_get(struct gpio_chip *chip, unsigned offset) + { + void __iomem *reg = byt_gpio_reg(chip, offset, BYT_VAL_REG); +- return readl(reg) & BYT_LEVEL; ++ struct byt_gpio *vg = to_byt_gpio(chip); ++ unsigned long flags; ++ u32 val; ++ ++ raw_spin_lock_irqsave(&vg->lock, flags); ++ val = readl(reg); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); ++ ++ return val & BYT_LEVEL; + } + + static void byt_gpio_set(struct gpio_chip *chip, unsigned offset, int value) +@@ -287,7 +296,7 @@ static void byt_gpio_set(struct gpio_chip *chip, unsigned offset, int value) + unsigned long flags; + u32 old_val; + +- spin_lock_irqsave(&vg->lock, flags); ++ raw_spin_lock_irqsave(&vg->lock, flags); + + old_val = readl(reg); + +@@ -296,7 +305,7 @@ static void byt_gpio_set(struct gpio_chip *chip, unsigned offset, int value) + else + writel(old_val & ~BYT_LEVEL, reg); + +- spin_unlock_irqrestore(&vg->lock, flags); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); + } + + static int byt_gpio_direction_input(struct gpio_chip *chip, unsigned offset) +@@ -306,13 +315,13 @@ static int byt_gpio_direction_input(struct gpio_chip *chip, unsigned offset) + unsigned long flags; + u32 value; + +- spin_lock_irqsave(&vg->lock, flags); ++ raw_spin_lock_irqsave(&vg->lock, flags); + + value = readl(reg) | BYT_DIR_MASK; + value &= ~BYT_INPUT_EN; /* active low */ + writel(value, reg); + +- spin_unlock_irqrestore(&vg->lock, flags); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); + + return 0; + } +@@ -326,7 +335,7 @@ static int byt_gpio_direction_output(struct gpio_chip *chip, + unsigned long flags; + u32 reg_val; + +- spin_lock_irqsave(&vg->lock, flags); ++ raw_spin_lock_irqsave(&vg->lock, flags); + + /* + * Before making any direction modifications, do a check if gpio +@@ -345,7 +354,7 @@ static int byt_gpio_direction_output(struct gpio_chip *chip, + else + writel(reg_val & ~BYT_LEVEL, reg); + +- spin_unlock_irqrestore(&vg->lock, flags); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); + + return 0; + } +@@ -354,18 +363,19 @@ static void byt_gpio_dbg_show(struct seq_file *s, struct gpio_chip *chip) + { + struct byt_gpio *vg = to_byt_gpio(chip); + int i; +- unsigned long flags; + u32 conf0, val, offs; + +- spin_lock_irqsave(&vg->lock, flags); +- + for (i = 0; i < vg->chip.ngpio; i++) { + const char *pull_str = NULL; + const char *pull = NULL; ++ unsigned long flags; + const char *label; + offs = vg->range->pins[i] * 16; ++ ++ raw_spin_lock_irqsave(&vg->lock, flags); + conf0 = readl(vg->reg_base + offs + BYT_CONF0_REG); + val = readl(vg->reg_base + offs + BYT_VAL_REG); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); + + label = gpiochip_is_requested(chip, i); + if (!label) +@@ -418,7 +428,6 @@ static void byt_gpio_dbg_show(struct seq_file *s, struct gpio_chip *chip) + + seq_puts(s, "\n"); + } +- spin_unlock_irqrestore(&vg->lock, flags); + } + + static void byt_gpio_irq_handler(unsigned irq, struct irq_desc *desc) +@@ -450,8 +459,10 @@ static void byt_irq_ack(struct irq_data *d) + unsigned offset = irqd_to_hwirq(d); + void __iomem *reg; + ++ raw_spin_lock(&vg->lock); + reg = byt_gpio_reg(&vg->chip, offset, BYT_INT_STAT_REG); + writel(BIT(offset % 32), reg); ++ raw_spin_unlock(&vg->lock); + } + + static void byt_irq_unmask(struct irq_data *d) +@@ -463,9 +474,9 @@ static void byt_irq_unmask(struct irq_data *d) + void __iomem *reg; + u32 value; + +- spin_lock_irqsave(&vg->lock, flags); +- + reg = byt_gpio_reg(&vg->chip, offset, BYT_CONF0_REG); ++ ++ raw_spin_lock_irqsave(&vg->lock, flags); + value = readl(reg); + + switch (irqd_get_trigger_type(d)) { +@@ -486,7 +497,7 @@ static void byt_irq_unmask(struct irq_data *d) + + writel(value, reg); + +- spin_unlock_irqrestore(&vg->lock, flags); ++ raw_spin_unlock_irqrestore(&vg->lock, flags); + } + + static void byt_irq_mask(struct irq_data *d) +@@ -578,7 +589,7 @@ static int byt_gpio_probe(struct platform_device *pdev) + if (IS_ERR(vg->reg_base)) + return PTR_ERR(vg->reg_base); + +- spin_lock_init(&vg->lock); ++ raw_spin_lock_init(&vg->lock); + + gc = &vg->chip; + gc->label = dev_name(&pdev->dev); +diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c +index 454536c..9c78074 100644 +--- a/drivers/scsi/mvsas/mv_sas.c ++++ b/drivers/scsi/mvsas/mv_sas.c +@@ -887,6 +887,8 @@ static void mvs_slot_free(struct mvs_info *mvi, u32 rx_desc) + static void mvs_slot_task_free(struct mvs_info *mvi, struct sas_task *task, + struct mvs_slot_info *slot, u32 slot_idx) + { ++ if (!slot) ++ return; + if (!slot->task) + return; + if (!sas_protocol_ata(task->task_proto)) +diff --git a/drivers/staging/iio/accel/sca3000_ring.c b/drivers/staging/iio/accel/sca3000_ring.c +index 23685e7..bd2c69f 100644 +--- a/drivers/staging/iio/accel/sca3000_ring.c ++++ b/drivers/staging/iio/accel/sca3000_ring.c +@@ -116,7 +116,7 @@ static int sca3000_read_first_n_hw_rb(struct iio_buffer *r, + if (ret) + goto error_ret; + +- for (i = 0; i < num_read; i++) ++ for (i = 0; i < num_read / sizeof(u16); i++) + *(((u16 *)rx) + i) = be16_to_cpup((__be16 *)rx + i); + + if (copy_to_user(buf, rx, num_read)) +diff --git a/drivers/staging/iio/adc/mxs-lradc.c b/drivers/staging/iio/adc/mxs-lradc.c +index d7c5223..2931ea9 100644 +--- a/drivers/staging/iio/adc/mxs-lradc.c ++++ b/drivers/staging/iio/adc/mxs-lradc.c +@@ -919,11 +919,12 @@ static int mxs_lradc_read_raw(struct iio_dev *iio_dev, + case IIO_CHAN_INFO_OFFSET: + if (chan->type == IIO_TEMP) { + /* The calculated value from the ADC is in Kelvin, we +- * want Celsius for hwmon so the offset is +- * -272.15 * scale ++ * want Celsius for hwmon so the offset is -273.15 ++ * The offset is applied before scaling so it is ++ * actually -213.15 * 4 / 1.012 = -1079.644268 + */ +- *val = -1075; +- *val2 = 691699; ++ *val = -1079; ++ *val2 = 644268; + + return IIO_VAL_INT_PLUS_MICRO; + } +diff --git a/drivers/thermal/samsung/exynos_tmu.c b/drivers/thermal/samsung/exynos_tmu.c +index c96ff10..af68d06 100644 +--- a/drivers/thermal/samsung/exynos_tmu.c ++++ b/drivers/thermal/samsung/exynos_tmu.c +@@ -933,7 +933,7 @@ static void exynos4412_tmu_set_emulation(struct exynos_tmu_data *data, + + if (data->soc == SOC_ARCH_EXYNOS5260) + emul_con = EXYNOS5260_EMUL_CON; +- if (data->soc == SOC_ARCH_EXYNOS5433) ++ else if (data->soc == SOC_ARCH_EXYNOS5433) + emul_con = EXYNOS5433_TMU_EMUL_CON; + else if (data->soc == SOC_ARCH_EXYNOS7) + emul_con = EXYNOS7_TMU_REG_EMUL_CON; +diff --git a/drivers/tty/serial/8250/8250_dma.c b/drivers/tty/serial/8250/8250_dma.c +index 21d01a4..e508939 100644 +--- a/drivers/tty/serial/8250/8250_dma.c ++++ b/drivers/tty/serial/8250/8250_dma.c +@@ -80,10 +80,6 @@ int serial8250_tx_dma(struct uart_8250_port *p) + return 0; + + dma->tx_size = CIRC_CNT_TO_END(xmit->head, xmit->tail, UART_XMIT_SIZE); +- if (dma->tx_size < p->port.fifosize) { +- ret = -EINVAL; +- goto err; +- } + + desc = dmaengine_prep_slave_single(dma->txchan, + dma->tx_addr + xmit->tail, +diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c +index c79d336..c47d3e4 100644 +--- a/drivers/usb/host/xhci-pci.c ++++ b/drivers/usb/host/xhci-pci.c +@@ -147,6 +147,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI) { + xhci->quirks |= XHCI_SPURIOUS_REBOOT; ++ xhci->quirks |= XHCI_SPURIOUS_WAKEUP; + } + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + (pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c +index 8aadf3d..63041c1 100644 +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -2239,6 +2239,7 @@ static int handle_tx_event(struct xhci_hcd *xhci, + u32 trb_comp_code; + int ret = 0; + int td_num = 0; ++ bool handling_skipped_tds = false; + + slot_id = TRB_TO_SLOT_ID(le32_to_cpu(event->flags)); + xdev = xhci->devs[slot_id]; +@@ -2372,6 +2373,10 @@ static int handle_tx_event(struct xhci_hcd *xhci, + ep->skip = true; + xhci_dbg(xhci, "Miss service interval error, set skip flag\n"); + goto cleanup; ++ case COMP_PING_ERR: ++ ep->skip = true; ++ xhci_dbg(xhci, "No Ping response error, Skip one Isoc TD\n"); ++ goto cleanup; + default: + if (xhci_is_vendor_info_code(xhci, trb_comp_code)) { + status = 0; +@@ -2508,13 +2513,18 @@ static int handle_tx_event(struct xhci_hcd *xhci, + ep, &status); + + cleanup: ++ ++ ++ handling_skipped_tds = ep->skip && ++ trb_comp_code != COMP_MISSED_INT && ++ trb_comp_code != COMP_PING_ERR; ++ + /* +- * Do not update event ring dequeue pointer if ep->skip is set. +- * Will roll back to continue process missed tds. ++ * Do not update event ring dequeue pointer if we're in a loop ++ * processing missed tds. + */ +- if (trb_comp_code == COMP_MISSED_INT || !ep->skip) { ++ if (!handling_skipped_tds) + inc_deq(xhci, xhci->event_ring); +- } + + if (ret) { + urb = td->urb; +@@ -2549,7 +2559,7 @@ cleanup: + * Process them as short transfer until reach the td pointed by + * the event. + */ +- } while (ep->skip && trb_comp_code != COMP_MISSED_INT); ++ } while (handling_skipped_tds); + + return 0; + } +diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c +index ebcec8c..f49d262 100644 +--- a/drivers/usb/serial/qcserial.c ++++ b/drivers/usb/serial/qcserial.c +@@ -153,6 +153,8 @@ static const struct usb_device_id id_table[] = { + {DEVICE_SWI(0x1199, 0x9056)}, /* Sierra Wireless Modem */ + {DEVICE_SWI(0x1199, 0x9060)}, /* Sierra Wireless Modem */ + {DEVICE_SWI(0x1199, 0x9061)}, /* Sierra Wireless Modem */ ++ {DEVICE_SWI(0x1199, 0x9070)}, /* Sierra Wireless MC74xx/EM74xx */ ++ {DEVICE_SWI(0x1199, 0x9071)}, /* Sierra Wireless MC74xx/EM74xx */ + {DEVICE_SWI(0x413c, 0x81a2)}, /* Dell Wireless 5806 Gobi(TM) 4G LTE Mobile Broadband Card */ + {DEVICE_SWI(0x413c, 0x81a3)}, /* Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card */ + {DEVICE_SWI(0x413c, 0x81a4)}, /* Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card */ +diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c +index 1aaf893..92f3949 100644 +--- a/drivers/video/console/fbcon.c ++++ b/drivers/video/console/fbcon.c +@@ -1093,6 +1093,7 @@ static void fbcon_init(struct vc_data *vc, int init) + con_copy_unimap(vc, svc); + + ops = info->fbcon_par; ++ ops->cur_blink_jiffies = msecs_to_jiffies(vc->vc_cur_blink_ms); + p->con_rotate = initial_rotation; + set_blitting_type(vc, info); + +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c +index f490b61..641d3dc 100644 +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -4649,7 +4649,7 @@ locked: + + if (bctl->flags & ~(BTRFS_BALANCE_ARGS_MASK | BTRFS_BALANCE_TYPE_MASK)) { + ret = -EINVAL; +- goto out_bargs; ++ goto out_bctl; + } + + do_balance: +@@ -4663,12 +4663,15 @@ do_balance: + need_unlock = false; + + ret = btrfs_balance(bctl, bargs); ++ bctl = NULL; + + if (arg) { + if (copy_to_user(arg, bargs, sizeof(*bargs))) + ret = -EFAULT; + } + ++out_bctl: ++ kfree(bctl); + out_bargs: + kfree(bargs); + out_unlock: +diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c +index 84d693d..871fcb6 100644 +--- a/fs/overlayfs/copy_up.c ++++ b/fs/overlayfs/copy_up.c +@@ -81,11 +81,11 @@ static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len) + if (len == 0) + return 0; + +- old_file = ovl_path_open(old, O_RDONLY); ++ old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY); + if (IS_ERR(old_file)) + return PTR_ERR(old_file); + +- new_file = ovl_path_open(new, O_WRONLY); ++ new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY); + if (IS_ERR(new_file)) { + error = PTR_ERR(new_file); + goto out_fput; +@@ -267,7 +267,7 @@ out: + + out_cleanup: + ovl_cleanup(wdir, newdentry); +- goto out; ++ goto out2; + } + + /* +diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c +index d9da5a4..ec0c2a0 100644 +--- a/fs/overlayfs/inode.c ++++ b/fs/overlayfs/inode.c +@@ -363,6 +363,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) + ovl_path_upper(dentry, &realpath); + } + ++ if (realpath.dentry->d_flags & DCACHE_OP_SELECT_INODE) ++ return realpath.dentry->d_op->d_select_inode(realpath.dentry, file_flags); ++ + return d_backing_inode(realpath.dentry); + } + +diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c +index 79073d6..e38ee0f 100644 +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -544,6 +544,7 @@ static void ovl_put_super(struct super_block *sb) + mntput(ufs->upper_mnt); + for (i = 0; i < ufs->numlower; i++) + mntput(ufs->lower_mnt[i]); ++ kfree(ufs->lower_mnt); + + kfree(ufs->config.lowerdir); + kfree(ufs->config.upperdir); +@@ -1048,6 +1049,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) + oe->lowerstack[i].dentry = stack[i].dentry; + oe->lowerstack[i].mnt = ufs->lower_mnt[i]; + } ++ kfree(stack); + + root_dentry->d_fsdata = oe; + +diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h +index 0fe9df9..fe0ab98 100644 +--- a/include/linux/backing-dev.h ++++ b/include/linux/backing-dev.h +@@ -18,13 +18,17 @@ + #include <linux/slab.h> + + int __must_check bdi_init(struct backing_dev_info *bdi); +-void bdi_destroy(struct backing_dev_info *bdi); ++void bdi_exit(struct backing_dev_info *bdi); + + __printf(3, 4) + int bdi_register(struct backing_dev_info *bdi, struct device *parent, + const char *fmt, ...); + int bdi_register_dev(struct backing_dev_info *bdi, dev_t dev); ++void bdi_unregister(struct backing_dev_info *bdi); ++ + int __must_check bdi_setup_and_register(struct backing_dev_info *, char *); ++void bdi_destroy(struct backing_dev_info *bdi); ++ + void wb_start_writeback(struct bdi_writeback *wb, long nr_pages, + bool range_cyclic, enum wb_reason reason); + void wb_start_background_writeback(struct bdi_writeback *wb); +diff --git a/include/linux/omap-dma.h b/include/linux/omap-dma.h +index e5a7013..88fa8af 100644 +--- a/include/linux/omap-dma.h ++++ b/include/linux/omap-dma.h +@@ -17,7 +17,7 @@ + + #include <linux/platform_device.h> + +-#define INT_DMA_LCD 25 ++#define INT_DMA_LCD (NR_IRQS_LEGACY + 25) + + #define OMAP1_DMA_TOUT_IRQ (1 << 0) + #define OMAP_DMA_DROP_IRQ (1 << 1) +diff --git a/include/sound/soc.h b/include/sound/soc.h +index 93df8bf..334d0d2 100644 +--- a/include/sound/soc.h ++++ b/include/sound/soc.h +@@ -86,7 +86,7 @@ + .access = SNDRV_CTL_ELEM_ACCESS_TLV_READ | \ + SNDRV_CTL_ELEM_ACCESS_READWRITE, \ + .tlv.p = (tlv_array),\ +- .info = snd_soc_info_volsw, \ ++ .info = snd_soc_info_volsw_sx, \ + .get = snd_soc_get_volsw_sx,\ + .put = snd_soc_put_volsw_sx, \ + .private_value = (unsigned long)&(struct soc_mixer_control) \ +@@ -156,7 +156,7 @@ + .access = SNDRV_CTL_ELEM_ACCESS_TLV_READ | \ + SNDRV_CTL_ELEM_ACCESS_READWRITE, \ + .tlv.p = (tlv_array), \ +- .info = snd_soc_info_volsw, \ ++ .info = snd_soc_info_volsw_sx, \ + .get = snd_soc_get_volsw_sx, \ + .put = snd_soc_put_volsw_sx, \ + .private_value = (unsigned long)&(struct soc_mixer_control) \ +@@ -573,6 +573,8 @@ int snd_soc_put_enum_double(struct snd_kcontrol *kcontrol, + struct snd_ctl_elem_value *ucontrol); + int snd_soc_info_volsw(struct snd_kcontrol *kcontrol, + struct snd_ctl_elem_info *uinfo); ++int snd_soc_info_volsw_sx(struct snd_kcontrol *kcontrol, ++ struct snd_ctl_elem_info *uinfo); + #define snd_soc_info_bool_ext snd_ctl_boolean_mono_info + int snd_soc_get_volsw(struct snd_kcontrol *kcontrol, + struct snd_ctl_elem_value *ucontrol); +diff --git a/include/sound/wm8904.h b/include/sound/wm8904.h +index 898be3a..6d8f8fb 100644 +--- a/include/sound/wm8904.h ++++ b/include/sound/wm8904.h +@@ -119,7 +119,7 @@ + #define WM8904_MIC_REGS 2 + #define WM8904_GPIO_REGS 4 + #define WM8904_DRC_REGS 4 +-#define WM8904_EQ_REGS 25 ++#define WM8904_EQ_REGS 24 + + /** + * DRC configurations are specified with a label and a set of register +diff --git a/kernel/module.c b/kernel/module.c +index b86b7bf..8f051a1 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -1063,11 +1063,15 @@ void symbol_put_addr(void *addr) + if (core_kernel_text(a)) + return; + +- /* module_text_address is safe here: we're supposed to have reference +- * to module from symbol_get, so it can't go away. */ ++ /* ++ * Even though we hold a reference on the module; we still need to ++ * disable preemption in order to safely traverse the data structure. ++ */ ++ preempt_disable(); + modaddr = __module_text_address(a); + BUG_ON(!modaddr); + module_put(modaddr); ++ preempt_enable(); + } + EXPORT_SYMBOL_GPL(symbol_put_addr); + +diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c +index 0a17af35..da7f826 100644 +--- a/kernel/sched/deadline.c ++++ b/kernel/sched/deadline.c +@@ -1066,8 +1066,9 @@ select_task_rq_dl(struct task_struct *p, int cpu, int sd_flag, int flags) + int target = find_later_rq(p); + + if (target != -1 && +- dl_time_before(p->dl.deadline, +- cpu_rq(target)->dl.earliest_dl.curr)) ++ (dl_time_before(p->dl.deadline, ++ cpu_rq(target)->dl.earliest_dl.curr) || ++ (cpu_rq(target)->dl.dl_nr_running == 0))) + cpu = target; + } + rcu_read_unlock(); +@@ -1417,7 +1418,8 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq) + + later_rq = cpu_rq(cpu); + +- if (!dl_time_before(task->dl.deadline, ++ if (later_rq->dl.dl_nr_running && ++ !dl_time_before(task->dl.deadline, + later_rq->dl.earliest_dl.curr)) { + /* + * Target rq has tasks of equal or earlier deadline, +diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c +index 3f34496..9696901 100644 +--- a/kernel/trace/trace_stack.c ++++ b/kernel/trace/trace_stack.c +@@ -94,6 +94,12 @@ check_stack(unsigned long ip, unsigned long *stack) + local_irq_save(flags); + arch_spin_lock(&max_stack_lock); + ++ /* ++ * RCU may not be watching, make it see us. ++ * The stack trace code uses rcu_sched. ++ */ ++ rcu_irq_enter(); ++ + /* In case another CPU set the tracer_frame on us */ + if (unlikely(!frame_size)) + this_size -= tracer_frame; +@@ -174,6 +180,7 @@ check_stack(unsigned long ip, unsigned long *stack) + } + + out: ++ rcu_irq_exit(); + arch_spin_unlock(&max_stack_lock); + local_irq_restore(flags); + } +diff --git a/lib/fault-inject.c b/lib/fault-inject.c +index f1cdeb0..6a823a5 100644 +--- a/lib/fault-inject.c ++++ b/lib/fault-inject.c +@@ -44,7 +44,7 @@ static void fail_dump(struct fault_attr *attr) + printk(KERN_NOTICE "FAULT_INJECTION: forcing a failure.\n" + "name %pd, interval %lu, probability %lu, " + "space %d, times %d\n", attr->dname, +- attr->probability, attr->interval, ++ attr->interval, attr->probability, + atomic_read(&attr->space), + atomic_read(&attr->times)); + if (attr->verbose > 1) +diff --git a/mm/backing-dev.c b/mm/backing-dev.c +index dac5bf5..dc07d88 100644 +--- a/mm/backing-dev.c ++++ b/mm/backing-dev.c +@@ -823,7 +823,7 @@ static void bdi_remove_from_list(struct backing_dev_info *bdi) + synchronize_rcu_expedited(); + } + +-void bdi_destroy(struct backing_dev_info *bdi) ++void bdi_unregister(struct backing_dev_info *bdi) + { + /* make sure nobody finds us on the bdi_list anymore */ + bdi_remove_from_list(bdi); +@@ -835,9 +835,19 @@ void bdi_destroy(struct backing_dev_info *bdi) + device_unregister(bdi->dev); + bdi->dev = NULL; + } ++} + ++void bdi_exit(struct backing_dev_info *bdi) ++{ ++ WARN_ON_ONCE(bdi->dev); + wb_exit(&bdi->wb); + } ++ ++void bdi_destroy(struct backing_dev_info *bdi) ++{ ++ bdi_unregister(bdi); ++ bdi_exit(bdi); ++} + EXPORT_SYMBOL(bdi_destroy); + + /* +diff --git a/mm/filemap.c b/mm/filemap.c +index 1283fc8..3fd68ee 100644 +--- a/mm/filemap.c ++++ b/mm/filemap.c +@@ -2488,6 +2488,11 @@ again: + break; + } + ++ if (fatal_signal_pending(current)) { ++ status = -EINTR; ++ break; ++ } ++ + status = a_ops->write_begin(file, mapping, pos, bytes, flags, + &page, &fsdata); + if (unlikely(status < 0)) +@@ -2525,10 +2530,6 @@ again: + written += copied; + + balance_dirty_pages_ratelimited(mapping); +- if (fatal_signal_pending(current)) { +- status = -EINTR; +- break; +- } + } while (iov_iter_count(i)); + + return written ? written : status; +diff --git a/mm/huge_memory.c b/mm/huge_memory.c +index 097c7a4..da0ac6a 100644 +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -2132,7 +2132,8 @@ static int __collapse_huge_page_isolate(struct vm_area_struct *vma, + for (_pte = pte; _pte < pte+HPAGE_PMD_NR; + _pte++, address += PAGE_SIZE) { + pte_t pteval = *_pte; +- if (pte_none(pteval) || is_zero_pfn(pte_pfn(pteval))) { ++ if (pte_none(pteval) || (pte_present(pteval) && ++ is_zero_pfn(pte_pfn(pteval)))) { + if (++none_or_zero <= khugepaged_max_ptes_none) + continue; + else +diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c +index 3ea8b7d..58d9a81 100644 +--- a/net/mac80211/debugfs.c ++++ b/net/mac80211/debugfs.c +@@ -148,7 +148,7 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf, + + for (i = 0; i < NUM_IEEE80211_HW_FLAGS; i++) { + if (test_bit(i, local->hw.flags)) +- pos += scnprintf(pos, end - pos, "%s", ++ pos += scnprintf(pos, end - pos, "%s\n", + hw_flag_names[i]); + } + +diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c +index a1fe537..5a30ce6 100644 +--- a/net/netfilter/ipset/ip_set_list_set.c ++++ b/net/netfilter/ipset/ip_set_list_set.c +@@ -297,7 +297,7 @@ list_set_uadd(struct ip_set *set, void *value, const struct ip_set_ext *ext, + ip_set_timeout_expired(ext_timeout(n, set)))) + n = NULL; + +- e = kzalloc(set->dsize, GFP_KERNEL); ++ e = kzalloc(set->dsize, GFP_ATOMIC); + if (!e) + return -ENOMEM; + e->id = d->id; +diff --git a/sound/hda/ext/hdac_ext_bus.c b/sound/hda/ext/hdac_ext_bus.c +index 0aa5d9e..d85aa1a 100644 +--- a/sound/hda/ext/hdac_ext_bus.c ++++ b/sound/hda/ext/hdac_ext_bus.c +@@ -19,6 +19,7 @@ + + #include <linux/module.h> + #include <linux/slab.h> ++#include <linux/io.h> + #include <sound/hdaudio_ext.h> + + MODULE_DESCRIPTION("HDA extended core"); +diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c +index d1a2cb6..ca37446 100644 +--- a/sound/pci/hda/hda_codec.c ++++ b/sound/pci/hda/hda_codec.c +@@ -3438,10 +3438,8 @@ int snd_hda_codec_build_pcms(struct hda_codec *codec) + int dev, err; + + err = snd_hda_codec_parse_pcms(codec); +- if (err < 0) { +- snd_hda_codec_reset(codec); ++ if (err < 0) + return err; +- } + + /* attach a new PCM streams */ + list_for_each_entry(cpcm, &codec->pcm_list_head, list) { +diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c +index ca03c40..2f0ec7c 100644 +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -819,6 +819,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { + SND_PCI_QUIRK(0x17aa, 0x21da, "Lenovo X220", CXT_PINCFG_LENOVO_TP410), + SND_PCI_QUIRK(0x17aa, 0x21db, "Lenovo X220-tablet", CXT_PINCFG_LENOVO_TP410), + SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo IdeaPad Z560", CXT_FIXUP_MUTE_LED_EAPD), ++ SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC), + SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC), + SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC), + SND_PCI_QUIRK(0x17aa, 0x397b, "Lenovo S205", CXT_FIXUP_STEREO_DMIC), +diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c +index 100d92b..05977ae 100644 +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -207,6 +207,34 @@ int snd_soc_info_volsw(struct snd_kcontrol *kcontrol, + EXPORT_SYMBOL_GPL(snd_soc_info_volsw); + + /** ++ * snd_soc_info_volsw_sx - Mixer info callback for SX TLV controls ++ * @kcontrol: mixer control ++ * @uinfo: control element information ++ * ++ * Callback to provide information about a single mixer control, or a double ++ * mixer control that spans 2 registers of the SX TLV type. SX TLV controls ++ * have a range that represents both positive and negative values either side ++ * of zero but without a sign bit. ++ * ++ * Returns 0 for success. ++ */ ++int snd_soc_info_volsw_sx(struct snd_kcontrol *kcontrol, ++ struct snd_ctl_elem_info *uinfo) ++{ ++ struct soc_mixer_control *mc = ++ (struct soc_mixer_control *)kcontrol->private_value; ++ ++ snd_soc_info_volsw(kcontrol, uinfo); ++ /* Max represents the number of levels in an SX control not the ++ * maximum value, so add the minimum value back on ++ */ ++ uinfo->value.integer.max += mc->min; ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(snd_soc_info_volsw_sx); ++ ++/** + * snd_soc_get_volsw - single mixer get callback + * @kcontrol: mixer control + * @ucontrol: control element information +diff --git a/virt/kvm/irqchip.c b/virt/kvm/irqchip.c +index 21c1424..d7ea8e2 100644 +--- a/virt/kvm/irqchip.c ++++ b/virt/kvm/irqchip.c +@@ -213,11 +213,15 @@ int kvm_set_irq_routing(struct kvm *kvm, + goto out; + + r = -EINVAL; +- if (ue->flags) ++ if (ue->flags) { ++ kfree(e); + goto out; ++ } + r = setup_routing_entry(new, e, ue); +- if (r) ++ if (r) { ++ kfree(e); + goto out; ++ } + ++ue; + } + diff --git a/4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch b/4.2.6/4420_grsecurity-3.1-4.2.6-201511092040.patch index ca4df8f..e91c83d 100644 --- a/4.2.5/4420_grsecurity-3.1-4.2.5-201511081815.patch +++ b/4.2.6/4420_grsecurity-3.1-4.2.6-201511092040.patch @@ -406,7 +406,7 @@ index 6fccb69..60c7c7a 100644 A toggle value indicating if modules are allowed to be loaded diff --git a/Makefile b/Makefile -index 96076dc..451272d 100644 +index 9ef3739..20b7716 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -23331,7 +23331,7 @@ index 25f9093..21d2827 100644 bp_int3_handler = handler; bp_int3_addr = (u8 *)addr + sizeof(int3); diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 307a498..783e96a 100644 +index 307a498..a7ffc39 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -171,7 +171,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR; @@ -23352,6 +23352,17 @@ index 307a498..783e96a 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x", smp_processor_id(), v); +@@ -2143,7 +2143,9 @@ void __init apic_set_eoi_write(void (*eoi_write)(u32 reg, u32 v)) + for (drv = __apicdrivers; drv < __apicdrivers_end; drv++) { + /* Should happen once for each apic */ + WARN_ON((*drv)->eoi_write == eoi_write); +- (*drv)->eoi_write = eoi_write; ++ pax_open_kernel(); ++ *(void **)&(*drv)->eoi_write = eoi_write; ++ pax_close_kernel(); + } + } + diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c index de918c4..32eed23 100644 --- a/arch/x86/kernel/apic/apic_flat_64.c @@ -23401,7 +23412,7 @@ index c4a8d63..fe893ac 100644 .name = "bigsmp", .probe = probe_bigsmp, diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index 5880b48..5085f3e 100644 +index 11b46d9..e2bc827 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -1682,7 +1682,7 @@ static unsigned int startup_ioapic_irq(struct irq_data *data) @@ -28062,7 +28073,7 @@ index f73c962..6589332 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index a90ac95..9f5135e 100644 +index a90ac95..c285bd5 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -157,9 +157,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, @@ -28123,6 +28134,26 @@ index a90ac95..9f5135e 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps */ +@@ -522,9 +532,7 @@ unsigned long get_wchan(struct task_struct *p) + * PADDING + * ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING + * stack +- * ----------- bottom = start + sizeof(thread_info) +- * thread_info +- * ----------- start ++ * ----------- bottom = start + * + * The tasks stack pointer points at the location where the + * framepointer is stored. The data on the stack is: +@@ -535,7 +543,7 @@ unsigned long get_wchan(struct task_struct *p) + */ + top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; + top -= 2 * sizeof(unsigned long); +- bottom = start + sizeof(struct thread_info); ++ bottom = start; + + sp = READ_ONCE(p->thread.sp); + if (sp < bottom || sp > top) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index 9be72bc..f4329c5 100644 --- a/arch/x86/kernel/ptrace.c @@ -29723,6 +29754,29 @@ index 00bf300..03e1c3b 100644 "kernel image bigger than KERNEL_IMAGE_SIZE"); #ifdef CONFIG_SMP +diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c +index b034b1b..32462af 100644 +--- a/arch/x86/kernel/vsmp_64.c ++++ b/arch/x86/kernel/vsmp_64.c +@@ -224,10 +224,15 @@ static void fill_vector_allocation_domain(int cpu, struct cpumask *retmask, + static void vsmp_apic_post_init(void) + { + /* need to update phys_pkg_id */ +- apic->phys_pkg_id = apicid_phys_pkg_id; ++ pax_open_kernel(); ++ *(void **)&apic->phys_pkg_id = apicid_phys_pkg_id; ++ pax_close_kernel(); + +- if (!irq_routing_comply) +- apic->vector_allocation_domain = fill_vector_allocation_domain; ++ if (!irq_routing_comply) { ++ pax_open_kernel(); ++ *(void **)&apic->vector_allocation_domain = fill_vector_allocation_domain; ++ pax_close_kernel(); ++ } + } + + void __init vsmp_init(void) diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c index a0695be..33e180c 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c @@ -36775,7 +36829,7 @@ index 4841453..d59a203 100644 This is the Linux Xen port. Enabling this will allow the kernel to boot in a paravirtualized environment under the diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 777ad2f..fa43e03 100644 +index 3cebc65..2789b02 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -129,8 +129,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -37331,63 +37385,6 @@ index dda653c..028a13ee 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c -index b788f16..b4ffc5b 100644 ---- a/crypto/ablkcipher.c -+++ b/crypto/ablkcipher.c -@@ -706,7 +706,7 @@ struct crypto_ablkcipher *crypto_alloc_ablkcipher(const char *alg_name, - err: - if (err != -EAGAIN) - break; -- if (signal_pending(current)) { -+ if (fatal_signal_pending(current)) { - err = -EINTR; - break; - } -diff --git a/crypto/algapi.c b/crypto/algapi.c -index 3c079b7..b603b34 100644 ---- a/crypto/algapi.c -+++ b/crypto/algapi.c -@@ -335,7 +335,7 @@ static void crypto_wait_for_test(struct crypto_larval *larval) - crypto_alg_tested(larval->alg.cra_driver_name, 0); - } - -- err = wait_for_completion_interruptible(&larval->completion); -+ err = wait_for_completion_killable(&larval->completion); - WARN_ON(err); - - out: -diff --git a/crypto/api.c b/crypto/api.c -index afe4610..bbc147c 100644 ---- a/crypto/api.c -+++ b/crypto/api.c -@@ -172,7 +172,7 @@ static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg) - struct crypto_larval *larval = (void *)alg; - long timeout; - -- timeout = wait_for_completion_interruptible_timeout( -+ timeout = wait_for_completion_killable_timeout( - &larval->completion, 60 * HZ); - - alg = larval->adult; -@@ -445,7 +445,7 @@ struct crypto_tfm *crypto_alloc_base(const char *alg_name, u32 type, u32 mask) - err: - if (err != -EAGAIN) - break; -- if (signal_pending(current)) { -+ if (fatal_signal_pending(current)) { - err = -EINTR; - break; - } -@@ -562,7 +562,7 @@ void *crypto_alloc_tfm(const char *alg_name, - err: - if (err != -EAGAIN) - break; -- if (signal_pending(current)) { -+ if (fatal_signal_pending(current)) { - err = -EINTR; - break; - } diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 22ba81f..1acac67 100644 --- a/crypto/cryptd.c @@ -37410,19 +37407,6 @@ index 22ba81f..1acac67 100644 static void cryptd_queue_worker(struct work_struct *work); -diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c -index 08ea286..d59fb4e 100644 ---- a/crypto/crypto_user.c -+++ b/crypto/crypto_user.c -@@ -376,7 +376,7 @@ static struct crypto_alg *crypto_user_skcipher_alg(const char *name, u32 type, - err = PTR_ERR(alg); - if (err != -EAGAIN) - break; -- if (signal_pending(current)) { -+ if (fatal_signal_pending(current)) { - err = -EINTR; - break; - } diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c index 45e7d51..2967121 100644 --- a/crypto/pcrypt.c @@ -37765,7 +37749,7 @@ index 6d4e44e..44fb839 100644 * Award BIOS on this AOpen makes thermal control almost worthless. * http://bugzilla.kernel.org/show_bug.cgi?id=8842 diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c -index 2922f1f..26b0c03 100644 +index 2922f1f..6c2fdaf 100644 --- a/drivers/acpi/video_detect.c +++ b/drivers/acpi/video_detect.c @@ -41,7 +41,6 @@ ACPI_MODULE_NAME("video"); @@ -37780,7 +37764,7 @@ index 2922f1f..26b0c03 100644 return NOTIFY_OK; } -+static const struct notifier_block backlight_nb = { ++static struct notifier_block backlight_nb = { + .notifier_call = acpi_video_backlight_notify, +}; + @@ -39730,7 +39714,7 @@ index 4c20c22..caef1eb 100644 if (ti.nwa_v) { pd->nwa = be32_to_cpu(ti.next_writable); diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c -index 324bf35..02b54e6 100644 +index 017b7d5..6845b91 100644 --- a/drivers/block/rbd.c +++ b/drivers/block/rbd.c @@ -64,7 +64,7 @@ @@ -40764,7 +40748,7 @@ index 3c1e10f..02f17af 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index fcb929e..e628818 100644 +index aba2117..4b187c8 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -137,10 +137,10 @@ struct pstate_funcs { @@ -40806,7 +40790,7 @@ index fcb929e..e628818 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate, false); } -@@ -1070,15 +1070,15 @@ static unsigned int force_load; +@@ -1075,15 +1075,15 @@ static unsigned int force_load; static int intel_pstate_msrs_not_valid(void) { @@ -40826,7 +40810,7 @@ index fcb929e..e628818 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -1090,12 +1090,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -1095,12 +1095,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -42292,7 +42276,7 @@ index 9b23525..65f4110 100644 dev->driver->context_dtor(dev, ctx->handle); drm_legacy_ctxbitmap_free(dev, ctx->handle); diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index fed7483..5bc0335 100644 +index 4e8d72d4..ca1459a 100644 --- a/drivers/gpu/drm/drm_crtc.c +++ b/drivers/gpu/drm/drm_crtc.c @@ -4174,7 +4174,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, @@ -42870,10 +42854,10 @@ index 23aa04c..1d25960 100644 ret = drm_ioctl(filp, cmd, arg); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 107c6c0..e1926b0 100644 +index 10b1b65..4891a7e 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -14501,13 +14501,13 @@ struct intel_quirk { +@@ -14508,13 +14508,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -42889,7 +42873,7 @@ index 107c6c0..e1926b0 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -14515,18 +14515,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -14522,18 +14522,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -44065,7 +44049,7 @@ index b092d7b..3bbecd9 100644 static int virtio_gpu_init_mem_type(struct ttm_bo_device *bdev, uint32_t type, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index d26a6da..5fa41ed 100644 +index d8896ed..f5ca485 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -447,7 +447,7 @@ struct vmw_private { @@ -44763,7 +44747,7 @@ index b13936d..65322b2 100644 if (chipset >= AK_MAX_TYPE) { diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index 3a972eb..4126183 100644 +index 8be7352..02f9653 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -115,7 +115,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] @@ -44775,7 +44759,7 @@ index 3a972eb..4126183 100644 }; struct cm_counter_attribute { -@@ -1411,7 +1411,7 @@ static void cm_dup_req_handler(struct cm_work *work, +@@ -1416,7 +1416,7 @@ static void cm_dup_req_handler(struct cm_work *work, struct ib_mad_send_buf *msg = NULL; int ret; @@ -44784,7 +44768,7 @@ index 3a972eb..4126183 100644 counter[CM_REQ_COUNTER]); /* Quick state check to discard duplicate REQs. */ -@@ -1798,7 +1798,7 @@ static void cm_dup_rep_handler(struct cm_work *work) +@@ -1803,7 +1803,7 @@ static void cm_dup_rep_handler(struct cm_work *work) if (!cm_id_priv) return; @@ -44793,7 +44777,7 @@ index 3a972eb..4126183 100644 counter[CM_REP_COUNTER]); ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg); if (ret) -@@ -1965,7 +1965,7 @@ static int cm_rtu_handler(struct cm_work *work) +@@ -1970,7 +1970,7 @@ static int cm_rtu_handler(struct cm_work *work) if (cm_id_priv->id.state != IB_CM_REP_SENT && cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) { spin_unlock_irq(&cm_id_priv->lock); @@ -44802,7 +44786,7 @@ index 3a972eb..4126183 100644 counter[CM_RTU_COUNTER]); goto out; } -@@ -2148,7 +2148,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2153,7 +2153,7 @@ static int cm_dreq_handler(struct cm_work *work) cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id, dreq_msg->local_comm_id); if (!cm_id_priv) { @@ -44811,7 +44795,7 @@ index 3a972eb..4126183 100644 counter[CM_DREQ_COUNTER]); cm_issue_drep(work->port, work->mad_recv_wc); return -EINVAL; -@@ -2173,7 +2173,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2178,7 +2178,7 @@ static int cm_dreq_handler(struct cm_work *work) case IB_CM_MRA_REP_RCVD: break; case IB_CM_TIMEWAIT: @@ -44820,7 +44804,7 @@ index 3a972eb..4126183 100644 counter[CM_DREQ_COUNTER]); if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) goto unlock; -@@ -2187,7 +2187,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2192,7 +2192,7 @@ static int cm_dreq_handler(struct cm_work *work) cm_free_msg(msg); goto deref; case IB_CM_DREQ_RCVD: @@ -44829,7 +44813,7 @@ index 3a972eb..4126183 100644 counter[CM_DREQ_COUNTER]); goto unlock; default: -@@ -2554,7 +2554,7 @@ static int cm_mra_handler(struct cm_work *work) +@@ -2559,7 +2559,7 @@ static int cm_mra_handler(struct cm_work *work) ib_modify_mad(cm_id_priv->av.port->mad_agent, cm_id_priv->msg, timeout)) { if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD) @@ -44838,7 +44822,7 @@ index 3a972eb..4126183 100644 counter_group[CM_RECV_DUPLICATES]. counter[CM_MRA_COUNTER]); goto out; -@@ -2563,7 +2563,7 @@ static int cm_mra_handler(struct cm_work *work) +@@ -2568,7 +2568,7 @@ static int cm_mra_handler(struct cm_work *work) break; case IB_CM_MRA_REQ_RCVD: case IB_CM_MRA_REP_RCVD: @@ -44847,7 +44831,7 @@ index 3a972eb..4126183 100644 counter[CM_MRA_COUNTER]); /* fall through */ default: -@@ -2725,7 +2725,7 @@ static int cm_lap_handler(struct cm_work *work) +@@ -2730,7 +2730,7 @@ static int cm_lap_handler(struct cm_work *work) case IB_CM_LAP_IDLE: break; case IB_CM_MRA_LAP_SENT: @@ -44856,7 +44840,7 @@ index 3a972eb..4126183 100644 counter[CM_LAP_COUNTER]); if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) goto unlock; -@@ -2741,7 +2741,7 @@ static int cm_lap_handler(struct cm_work *work) +@@ -2746,7 +2746,7 @@ static int cm_lap_handler(struct cm_work *work) cm_free_msg(msg); goto deref; case IB_CM_LAP_RCVD: @@ -44865,7 +44849,7 @@ index 3a972eb..4126183 100644 counter[CM_LAP_COUNTER]); goto unlock; default: -@@ -3025,7 +3025,7 @@ static int cm_sidr_req_handler(struct cm_work *work) +@@ -3030,7 +3030,7 @@ static int cm_sidr_req_handler(struct cm_work *work) cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv); if (cur_cm_id_priv) { spin_unlock_irq(&cm.lock); @@ -44874,7 +44858,7 @@ index 3a972eb..4126183 100644 counter[CM_SIDR_REQ_COUNTER]); goto out; /* Duplicate message. */ } -@@ -3237,10 +3237,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent, +@@ -3245,10 +3245,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent, if (!msg->context[0] && (attr_index != CM_REJ_COUNTER)) msg->retries = 1; @@ -44887,7 +44871,7 @@ index 3a972eb..4126183 100644 &port->counter_group[CM_XMIT_RETRIES]. counter[attr_index]); -@@ -3466,7 +3466,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent, +@@ -3474,7 +3474,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent, } attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id); @@ -44896,7 +44880,7 @@ index 3a972eb..4126183 100644 counter[attr_id - CM_ATTR_ID_OFFSET]); work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths, -@@ -3709,7 +3709,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr, +@@ -3717,7 +3717,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr, cm_attr = container_of(attr, struct cm_counter_attribute, attr); return sprintf(buf, "%ld\n", @@ -45861,7 +45845,7 @@ index f1fb1d3..82257cc 100644 This option enables code in the AMD IOMMU driver to collect various statistics about whats happening in the driver and exports that diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c -index 658ee39..6fde5be 100644 +index 1b10e5fd..9eddba7 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -794,11 +794,21 @@ static void copy_cmd_to_buffer(struct amd_iommu *iommu, @@ -46995,7 +46979,7 @@ index 52c4382..09e0c7c 100644 { struct dsp_conf *conf; diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index 312ffd3..9263d05 100644 +index 312ffd3..d060510 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c @@ -96,9 +96,17 @@ static __init int map_switcher(void) @@ -47021,7 +47005,7 @@ index 312ffd3..9263d05 100644 * Copy in the compiled-in Switcher code (from x86/switcher_32.S). */ - memcpy(switcher_vma->addr, start_switcher_text, -+ memcpy(switcher_vma->addr, ktla_ktva(start_switcher_text), ++ memcpy(switcher_vma->addr, (void *)ktla_ktva((unsigned long)start_switcher_text), end_switcher_text - start_switcher_text); printk(KERN_INFO "lguest: mapped switcher at %p\n", @@ -47441,7 +47425,7 @@ index 3e32f4e..01e0a7f 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index e25f00f..12caa60 100644 +index 95e7b72..11002b9 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -197,10 +197,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -47613,7 +47597,7 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 967a4ed..002d339 100644 +index d10d300..6169233 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1937,7 +1937,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) @@ -47635,7 +47619,7 @@ index 967a4ed..002d339 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 38c58e1..89c3e0f 100644 +index d4b70d9..3e3bbb8 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -1934,7 +1934,7 @@ static void end_sync_read(struct bio *bio, int error) @@ -47698,7 +47682,7 @@ index 38c58e1..89c3e0f 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index f757023..f958632 100644 +index 0d4f7b1..86ea615 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1119,23 +1119,23 @@ async_copy_data(int frombio, struct bio *bio, struct page **page, @@ -53018,19 +53002,22 @@ index f66be86..6cbcabb 100644 /** diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 312f23a..8b7d036 100644 +index 9261868..a403263 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c -@@ -216,7 +216,7 @@ static ssize_t numa_node_store(struct device *dev, +@@ -216,7 +216,10 @@ static ssize_t numa_node_store(struct device *dev, if (ret) return ret; -- if (!node_online(node)) -+ if (node < 0 || node >= MAX_NUMNODES || !node_online(node)) +- if (node >= MAX_NUMNODES || !node_online(node)) ++ if (node < NUMA_NO_NODE || node >= MAX_NUMNODES) ++ return -EINVAL; ++ ++ if (node != NUMA_NO_NODE && !node_online(node)) return -EINVAL; add_taint(TAINT_FIRMWARE_WORKAROUND, LOCKDEP_STILL_OK); -@@ -1140,7 +1140,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) +@@ -1140,7 +1143,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) { /* allocate attribute structure, piggyback attribute name */ int name_len = write_combine ? 13 : 10; @@ -53039,7 +53026,7 @@ index 312f23a..8b7d036 100644 int retval; res_attr = kzalloc(sizeof(*res_attr) + name_len, GFP_ATOMIC); -@@ -1317,7 +1317,7 @@ static struct device_attribute reset_attr = __ATTR(reset, 0200, NULL, reset_stor +@@ -1317,7 +1320,7 @@ static struct device_attribute reset_attr = __ATTR(reset, 0200, NULL, reset_stor static int pci_create_capabilities_sysfs(struct pci_dev *dev) { int retval; @@ -53048,7 +53035,7 @@ index 312f23a..8b7d036 100644 /* If the device has VPD, try to expose it in sysfs. */ if (dev->vpd) { -@@ -1364,7 +1364,7 @@ int __must_check pci_create_sysfs_dev_files(struct pci_dev *pdev) +@@ -1364,7 +1367,7 @@ int __must_check pci_create_sysfs_dev_files(struct pci_dev *pdev) { int retval; int rom_size = 0; @@ -58086,7 +58073,7 @@ index a7de8e8..e1ef134 100644 spin_lock_init(&uhci->lock); setup_timer(&uhci->fsbr_timer, uhci_fsbr_timeout, diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c -index c79d336..8fe41af 100644 +index c47d3e4..35bcc1e 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -30,7 +30,7 @@ @@ -58417,7 +58404,7 @@ index 84a110a..96312c3 100644 .ident = "Sahara Touch-iT", .matches = { diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c -index 1aaf893..da2885a 100644 +index 92f3949..7bb0e86 100644 --- a/drivers/video/console/fbcon.c +++ b/drivers/video/console/fbcon.c @@ -106,7 +106,7 @@ static int fbcon_softback_size = 32768; @@ -75533,6 +75520,79 @@ index f70119f..ab5894d 100644 delayed_root->nodes = 0; spin_lock_init(&delayed_root->lock); init_waitqueue_head(&delayed_root->wait); +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index b823fac..c5155de 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1868,8 +1868,13 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) + struct btrfs_log_ctx ctx; + int ret = 0; + bool full_sync = 0; +- const u64 len = end - start + 1; ++ u64 len; + ++ /* ++ * The range length can be represented by u64, we have to do the typecasts ++ * to avoid signed overflow if it's [0, LLONG_MAX] eg. from fsync() ++ */ ++ len = (u64)end - (u64)start + 1; + trace_btrfs_sync_file(file, datasync); + + /* +@@ -2057,8 +2062,7 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) + } + } + if (!full_sync) { +- ret = btrfs_wait_ordered_range(inode, start, +- end - start + 1); ++ ret = btrfs_wait_ordered_range(inode, start, len); + if (ret) { + btrfs_end_transaction(trans, root); + goto out; +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index b54e630..a1c76da 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -5632,6 +5632,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) + char *name_ptr; + int name_len; + int is_curr = 0; /* ctx->pos points to the current index? */ ++ bool emitted; + + /* FIXME, use a real flag for deciding about the key type */ + if (root->fs_info->tree_root == root) +@@ -5660,6 +5661,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) + if (ret < 0) + goto err; + ++ emitted = false; + while (1) { + leaf = path->nodes[0]; + slot = path->slots[0]; +@@ -5739,6 +5741,7 @@ skip: + + if (over) + goto nopos; ++ emitted = true; + di_len = btrfs_dir_name_len(leaf, di) + + btrfs_dir_data_len(leaf, di) + sizeof(*di); + di_cur += di_len; +@@ -5756,6 +5759,15 @@ next: + goto nopos; + } + ++ /* ++ * If we haven't emitted any dir entry, we must not touch ctx->pos as ++ * it was was set to the termination value in previous call. We assume ++ * that "." and ".." were emitted if we reach this point and set the ++ * termination value as well for an empty directory. ++ */ ++ if (ctx->pos > 2 && !emitted) ++ goto nopos; ++ + /* Reached end of directory/root. Bump pos past the last item. */ + ctx->pos++; + diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index cd7ef34..1e31ae3 100644 --- a/fs/btrfs/super.c @@ -81550,35 +81610,8 @@ index e33dab2..cdbdad9 100644 } } putname(tmp); -diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c -index 84d693d..871fcb6 100644 ---- a/fs/overlayfs/copy_up.c -+++ b/fs/overlayfs/copy_up.c -@@ -81,11 +81,11 @@ static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len) - if (len == 0) - return 0; - -- old_file = ovl_path_open(old, O_RDONLY); -+ old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY); - if (IS_ERR(old_file)) - return PTR_ERR(old_file); - -- new_file = ovl_path_open(new, O_WRONLY); -+ new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY); - if (IS_ERR(new_file)) { - error = PTR_ERR(new_file); - goto out_fput; -@@ -267,7 +267,7 @@ out: - - out_cleanup: - ovl_cleanup(wdir, newdentry); -- goto out; -+ goto out2; - } - - /* diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c -index d9da5a4..f9b5b82 100644 +index ec0c2a0..f9b5b82 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -346,6 +346,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) @@ -81591,18 +81624,8 @@ index d9da5a4..f9b5b82 100644 type = ovl_path_real(dentry, &realpath); if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) { err = ovl_want_write(dentry); -@@ -363,6 +366,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) - ovl_path_upper(dentry, &realpath); - } - -+ if (realpath.dentry->d_flags & DCACHE_OP_SELECT_INODE) -+ return realpath.dentry->d_op->d_select_inode(realpath.dentry, file_flags); -+ - return d_backing_inode(realpath.dentry); - } - diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c -index 79073d6..6fc10e4 100644 +index e38ee0f..6fc10e4 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -172,7 +172,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path) @@ -81614,15 +81637,7 @@ index 79073d6..6fc10e4 100644 } int ovl_want_write(struct dentry *dentry) -@@ -544,6 +544,7 @@ static void ovl_put_super(struct super_block *sb) - mntput(ufs->upper_mnt); - for (i = 0; i < ufs->numlower; i++) - mntput(ufs->lower_mnt[i]); -+ kfree(ufs->lower_mnt); - - kfree(ufs->config.lowerdir); - kfree(ufs->config.upperdir); -@@ -879,8 +880,8 @@ static unsigned int ovl_split_lowerdirs(char *str) +@@ -880,8 +880,8 @@ static unsigned int ovl_split_lowerdirs(char *str) static int ovl_fill_super(struct super_block *sb, void *data, int silent) { @@ -81633,14 +81648,6 @@ index 79073d6..6fc10e4 100644 struct dentry *root_dentry; struct ovl_entry *oe; struct ovl_fs *ufs; -@@ -1048,6 +1049,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) - oe->lowerstack[i].dentry = stack[i].dentry; - oe->lowerstack[i].mnt = ufs->lower_mnt[i]; - } -+ kfree(stack); - - root_dentry->d_fsdata = oe; - diff --git a/fs/pipe.c b/fs/pipe.c index 8865f79..bd2c79b 100644 --- a/fs/pipe.c @@ -103974,10 +103981,10 @@ index fa1d055..3647940 100644 /** * struct snd_compr: Compressed device diff --git a/include/sound/soc.h b/include/sound/soc.h -index 93df8bf..c84577b 100644 +index 334d0d2..a4327ba 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -883,7 +883,7 @@ struct snd_soc_codec_driver { +@@ -885,7 +885,7 @@ struct snd_soc_codec_driver { enum snd_soc_dapm_type, int); bool ignore_pmdown_time; /* Doesn't benefit from pmdown delay */ @@ -103986,7 +103993,7 @@ index 93df8bf..c84577b 100644 /* SoC platform interface */ struct snd_soc_platform_driver { -@@ -910,7 +910,7 @@ struct snd_soc_platform_driver { +@@ -912,7 +912,7 @@ struct snd_soc_platform_driver { const struct snd_compr_ops *compr_ops; int (*bespoke_trigger)(struct snd_pcm_substream *, int); @@ -107372,7 +107379,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index b86b7bf..f5eaa56 100644 +index 8f051a1..07da01a 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -59,6 +59,7 @@ @@ -107584,7 +107591,7 @@ index b86b7bf..f5eaa56 100644 pr_warn("%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align = PAGE_SIZE; -@@ -1210,7 +1247,7 @@ struct module_attribute module_uevent = +@@ -1214,7 +1251,7 @@ struct module_attribute module_uevent = static ssize_t show_coresize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -107593,7 +107600,7 @@ index b86b7bf..f5eaa56 100644 } static struct module_attribute modinfo_coresize = -@@ -1219,7 +1256,7 @@ static struct module_attribute modinfo_coresize = +@@ -1223,7 +1260,7 @@ static struct module_attribute modinfo_coresize = static ssize_t show_initsize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -107602,7 +107609,7 @@ index b86b7bf..f5eaa56 100644 } static struct module_attribute modinfo_initsize = -@@ -1311,12 +1348,29 @@ static int check_version(Elf_Shdr *sechdrs, +@@ -1315,12 +1352,29 @@ static int check_version(Elf_Shdr *sechdrs, goto bad_version; } @@ -107632,7 +107639,7 @@ index b86b7bf..f5eaa56 100644 return 0; } -@@ -1444,7 +1498,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1448,7 +1502,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -107641,7 +107648,7 @@ index b86b7bf..f5eaa56 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1582,7 +1636,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) +@@ -1586,7 +1640,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) { unsigned int notes, loaded, i; struct module_notes_attrs *notes_attrs; @@ -107650,7 +107657,7 @@ index b86b7bf..f5eaa56 100644 /* failed to create section attributes, so can't create notes */ if (!mod->sect_attrs) -@@ -1694,7 +1748,7 @@ static void del_usage_links(struct module *mod) +@@ -1698,7 +1752,7 @@ static void del_usage_links(struct module *mod) static int module_add_modinfo_attrs(struct module *mod) { struct module_attribute *attr; @@ -107659,7 +107666,7 @@ index b86b7bf..f5eaa56 100644 int error = 0; int i; -@@ -1911,21 +1965,21 @@ static void set_section_ro_nx(void *base, +@@ -1915,21 +1969,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -107689,7 +107696,7 @@ index b86b7bf..f5eaa56 100644 set_memory_rw); } -@@ -1938,14 +1992,14 @@ void set_all_modules_text_rw(void) +@@ -1942,14 +1996,14 @@ void set_all_modules_text_rw(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -107710,7 +107717,7 @@ index b86b7bf..f5eaa56 100644 set_memory_rw); } } -@@ -1961,14 +2015,14 @@ void set_all_modules_text_ro(void) +@@ -1965,14 +2019,14 @@ void set_all_modules_text_ro(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -107731,7 +107738,7 @@ index b86b7bf..f5eaa56 100644 set_memory_ro); } } -@@ -1977,7 +2031,15 @@ void set_all_modules_text_ro(void) +@@ -1981,7 +2035,15 @@ void set_all_modules_text_ro(void) #else static inline void set_section_ro_nx(void *base, unsigned long text_size, unsigned long ro_size, unsigned long total_size) { } static void unset_module_core_ro_nx(struct module *mod) { } @@ -107748,7 +107755,7 @@ index b86b7bf..f5eaa56 100644 #endif void __weak module_memfree(void *module_region) -@@ -2032,16 +2094,19 @@ static void free_module(struct module *mod) +@@ -2036,16 +2098,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); module_arch_freeing_init(mod); @@ -107771,7 +107778,7 @@ index b86b7bf..f5eaa56 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -2110,9 +2175,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2114,9 +2179,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -107803,7 +107810,7 @@ index b86b7bf..f5eaa56 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* Ignore common symbols */ -@@ -2137,7 +2224,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2141,7 +2228,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -107813,7 +107820,7 @@ index b86b7bf..f5eaa56 100644 break; } -@@ -2156,11 +2245,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2160,11 +2249,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -107834,7 +107841,7 @@ index b86b7bf..f5eaa56 100644 return ret; } -@@ -2244,22 +2342,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2248,22 +2346,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -107861,7 +107868,7 @@ index b86b7bf..f5eaa56 100644 } pr_debug("Init section allocation order:\n"); -@@ -2273,23 +2361,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2277,23 +2365,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -107890,7 +107897,7 @@ index b86b7bf..f5eaa56 100644 } } -@@ -2462,7 +2540,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2466,7 +2544,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -107899,7 +107906,7 @@ index b86b7bf..f5eaa56 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2479,16 +2557,16 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2483,16 +2561,16 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -107922,7 +107929,7 @@ index b86b7bf..f5eaa56 100644 pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2505,12 +2583,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2509,12 +2587,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -107939,7 +107946,7 @@ index b86b7bf..f5eaa56 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2522,6 +2602,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2526,6 +2606,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -107948,7 +107955,7 @@ index b86b7bf..f5eaa56 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2821,7 +2903,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2825,7 +2907,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -107964,7 +107971,7 @@ index b86b7bf..f5eaa56 100644 return ERR_PTR(-ENOEXEC); } -@@ -2837,8 +2927,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2841,8 +2931,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -107979,7 +107986,7 @@ index b86b7bf..f5eaa56 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2863,7 +2959,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2867,7 +2963,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -107988,7 +107995,7 @@ index b86b7bf..f5eaa56 100644 return 0; } -@@ -2960,7 +3056,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2964,7 +3060,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -107997,7 +108004,7 @@ index b86b7bf..f5eaa56 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2970,11 +3066,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2974,11 +3070,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -108013,7 +108020,7 @@ index b86b7bf..f5eaa56 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2983,13 +3079,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2987,13 +3083,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -108063,7 +108070,7 @@ index b86b7bf..f5eaa56 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -3000,16 +3128,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -3004,16 +3132,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -108116,7 +108123,7 @@ index b86b7bf..f5eaa56 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -3066,12 +3223,12 @@ static void flush_module_icache(const struct module *mod) +@@ -3070,12 +3227,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -108135,7 +108142,7 @@ index b86b7bf..f5eaa56 100644 set_fs(old_fs); } -@@ -3129,8 +3286,10 @@ static void module_deallocate(struct module *mod, struct load_info *info) +@@ -3133,8 +3290,10 @@ static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); module_arch_freeing_init(mod); @@ -108148,7 +108155,7 @@ index b86b7bf..f5eaa56 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -3143,7 +3302,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -3147,7 +3306,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -108158,7 +108165,7 @@ index b86b7bf..f5eaa56 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3191,13 +3352,15 @@ static void do_mod_ctors(struct module *mod) +@@ -3195,13 +3356,15 @@ static void do_mod_ctors(struct module *mod) /* For freeing module_init on success, in case kallsyms traversing */ struct mod_initfree { struct rcu_head rcu; @@ -108176,7 +108183,7 @@ index b86b7bf..f5eaa56 100644 kfree(m); } -@@ -3217,7 +3380,8 @@ static noinline int do_init_module(struct module *mod) +@@ -3221,7 +3384,8 @@ static noinline int do_init_module(struct module *mod) ret = -ENOMEM; goto fail; } @@ -108186,7 +108193,7 @@ index b86b7bf..f5eaa56 100644 /* * We want to find out whether @mod uses async during init. Clear -@@ -3277,10 +3441,10 @@ static noinline int do_init_module(struct module *mod) +@@ -3281,10 +3445,10 @@ static noinline int do_init_module(struct module *mod) mod_tree_remove_init(mod); unset_module_init_ro_nx(mod); module_arch_freeing_init(mod); @@ -108201,7 +108208,7 @@ index b86b7bf..f5eaa56 100644 /* * We want to free module_init, but be aware that kallsyms may be * walking this with preempt disabled. In all the failure paths, we -@@ -3370,16 +3534,16 @@ static int complete_formation(struct module *mod, struct load_info *info) +@@ -3374,16 +3538,16 @@ static int complete_formation(struct module *mod, struct load_info *info) module_bug_finalize(info->hdr, info->sechdrs, mod); /* Set RO and NX regions for core */ @@ -108226,7 +108233,7 @@ index b86b7bf..f5eaa56 100644 /* Mark state as coming so strong_try_module_get() ignores us, * but kallsyms etc. can see us. */ -@@ -3474,9 +3638,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3478,9 +3642,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -108265,7 +108272,7 @@ index b86b7bf..f5eaa56 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3492,13 +3685,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3496,13 +3689,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -108279,7 +108286,7 @@ index b86b7bf..f5eaa56 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3550,11 +3736,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3554,11 +3740,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -108292,7 +108299,7 @@ index b86b7bf..f5eaa56 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3568,7 +3753,8 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3572,7 +3757,8 @@ static int load_module(struct load_info *info, const char __user *uargs, mutex_unlock(&module_mutex); free_module: /* Free lock-classes; relies on the preceding sync_rcu() */ @@ -108302,7 +108309,7 @@ index b86b7bf..f5eaa56 100644 module_deallocate(mod, info); free_copy: -@@ -3645,10 +3831,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3649,10 +3835,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -108322,7 +108329,7 @@ index b86b7bf..f5eaa56 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3895,7 +4087,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3899,7 +4091,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -108331,7 +108338,7 @@ index b86b7bf..f5eaa56 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3904,7 +4096,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3908,7 +4100,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading" : "Live"); /* Used by oprofile and other similar tools. */ @@ -108340,7 +108347,7 @@ index b86b7bf..f5eaa56 100644 /* Taints info */ if (mod->taints) -@@ -3940,7 +4132,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3944,7 +4136,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -108358,7 +108365,7 @@ index b86b7bf..f5eaa56 100644 return 0; } module_init(proc_modules_init); -@@ -4001,7 +4203,8 @@ struct module *__module_address(unsigned long addr) +@@ -4005,7 +4207,8 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -108368,7 +108375,7 @@ index b86b7bf..f5eaa56 100644 return NULL; module_assert_mutex_or_preempt(); -@@ -4044,11 +4247,20 @@ bool is_module_text_address(unsigned long addr) +@@ -4048,11 +4251,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -111422,7 +111429,7 @@ index e694c9f..6775a38 100644 if (unlikely(seq_buf_has_overflowed(&s->seq))) { s->seq.len = save_len; diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index 3f34496..0492d95 100644 +index 9696901..e0b7372 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c @@ -88,7 +88,7 @@ check_stack(unsigned long ip, unsigned long *stack) @@ -112570,7 +112577,7 @@ index 957d3da..1d34e20 100644 depends on !KMEMCHECK select PAGE_EXTENSION diff --git a/mm/backing-dev.c b/mm/backing-dev.c -index dac5bf5..d8c02ce 100644 +index dc07d88..3929c29 100644 --- a/mm/backing-dev.c +++ b/mm/backing-dev.c @@ -12,7 +12,7 @@ @@ -112582,7 +112589,7 @@ index dac5bf5..d8c02ce 100644 struct backing_dev_info noop_backing_dev_info = { .name = "noop", -@@ -855,7 +855,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name) +@@ -865,7 +865,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name) return err; err = bdi_register(bdi, NULL, "%.28s-%ld", name, @@ -112605,7 +112612,7 @@ index fd5fe43..39ea317 100644 } return NULL; diff --git a/mm/filemap.c b/mm/filemap.c -index 1283fc8..a0347d5 100644 +index 3fd68ee..3d8d6de 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2122,7 +2122,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) @@ -127400,7 +127407,7 @@ index 213a416..aeab5c9 100644 list_add(&s->list, &cs4297a_devs); diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index d1a2cb6..8b3ff00 100644 +index ca37446..cb7fbcb 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c @@ -1857,7 +1857,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec, @@ -132159,10 +132166,10 @@ index 0000000..4c7f7c6 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 -index 0000000..776e6ad +index 0000000..0adc842 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data -@@ -0,0 +1,12411 @@ +@@ -0,0 +1,12414 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -143895,7 +143902,8 @@ index 0000000..776e6ad +disable_so_qla2x00_issue_iocb_timeout_fndecl_61848 qla2x00_issue_iocb_timeout fndecl 0-3-5 61848 NULL +disable_so_afs_vlocation_timeout_vardecl_vlocation_c_61850 afs_vlocation_timeout vardecl_vlocation.c 0 61850 NULL +disable_so_dev_addr__drm_via_descriptor_61860 dev_addr _drm_via_descriptor 0 61860 NULL -+disable_so_inet_confirm_addr_fndecl_61869 inet_confirm_addr fndecl 0 61869 NULL ++disable_so_inet_confirm_addr_fndecl_61869 inet_confirm_addr fndecl 0 61869 NULL nohasharray ++enable_so__eip_x86_emulate_ctxt_61869 _eip x86_emulate_ctxt 0 61869 &disable_so_inet_confirm_addr_fndecl_61869 +disable_so_ethtool_get_perm_addr_fndecl_61870 ethtool_get_perm_addr fndecl 0 61870 NULL +disable_so_sctp_ulpevent_make_peer_addr_change_fndecl_61876 sctp_ulpevent_make_peer_addr_change fndecl 6 61876 NULL nohasharray +disable_so_calc_lanman_hash_fndecl_61876 calc_lanman_hash fndecl 0 61876 &disable_so_sctp_ulpevent_make_peer_addr_change_fndecl_61876 @@ -144574,6 +144582,8 @@ index 0000000..776e6ad +enable_so_max_sectors_per_req_megasas_instance_56408 max_sectors_per_req megasas_instance 0 56408 NULL +enable_so_max_mfi_cmds_megasas_instance_19731 max_mfi_cmds megasas_instance 0 19731 NULL +enable_so_read_fw_status_reg_megasas_instance_template_13572 read_fw_status_reg megasas_instance_template 0 13572 NULL ++enable_so_eip_x86_emulate_ctxt_12354 eip x86_emulate_ctxt 0 12354 NULL ++enable_so_next_rip_x86_instruction_info_56868 next_rip x86_instruction_info 0 56868 NULL diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d @@ -146731,10 +146741,10 @@ index 0000000..ab2d25a +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..70b78f9 +index 0000000..a883e73 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,20746 @@ +@@ -0,0 +1,20743 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL @@ -150585,7 +150595,6 @@ index 0000000..70b78f9 +enable_so_dccps_iss_dccp_sock_12346 dccps_iss dccp_sock 0 12346 NULL +enable_so_max_buf_size_tegra_slink_data_12348 max_buf_size tegra_slink_data 0 12348 NULL +enable_so_ocfs2_symlink_get_block_fndecl_12352 ocfs2_symlink_get_block fndecl 2 12352 NULL -+enable_so_eip_x86_emulate_ctxt_12354 eip x86_emulate_ctxt 0 12354 NULL +enable_so_td_done_fndecl_12358 td_done fndecl 0 12358 NULL +enable_so_reserve_additional_memory_fndecl_12359 reserve_additional_memory fndecl 1 12359 NULL nohasharray +enable_so_limit_scaled_size_lock_fndecl_12359 limit_scaled_size_lock fndecl 5-6 12359 &enable_so_reserve_additional_memory_fndecl_12359 nohasharray @@ -164757,8 +164766,7 @@ index 0000000..70b78f9 +enable_so_blocks_mmc_test_area_56853 blocks mmc_test_area 0 56853 NULL +enable_so_transfer_one_spi_master_56858 transfer_one spi_master 0 56858 NULL +enable_so_dup_array_fndecl_56860 dup_array fndecl 3 56860 NULL -+enable_so_next_rip_x86_instruction_info_56868 next_rip x86_instruction_info 0 56868 NULL nohasharray -+enable_so_max_cq_sz_mlx4_dev_cap_56868 max_cq_sz mlx4_dev_cap 0 56868 &enable_so_next_rip_x86_instruction_info_56868 nohasharray ++enable_so_max_cq_sz_mlx4_dev_cap_56868 max_cq_sz mlx4_dev_cap 0 56868 NULL nohasharray +enable_so_count_subheaders_fndecl_56868 count_subheaders fndecl 0 56868 &enable_so_max_cq_sz_mlx4_dev_cap_56868 +enable_so_status_pipe_uas_dev_info_56869 status_pipe uas_dev_info 0 56869 NULL +enable_so_combined_count_ethtool_channels_56871 combined_count ethtool_channels 0 56871 NULL @@ -166325,8 +166333,7 @@ index 0000000..70b78f9 +enable_so_dma_len_rx_fst_card_info_61862 dma_len_rx fst_card_info 0 61862 NULL +enable_so_num_mpts_mlx4_caps_61866 num_mpts mlx4_caps 0 61866 NULL +enable_so_f_read_portcntrs_qib_devdata_61868 f_read_portcntrs qib_devdata 0 61868 NULL -+enable_so___section_nr_fndecl_61869 __section_nr fndecl 0 61869 NULL nohasharray -+enable_so__eip_x86_emulate_ctxt_61869 _eip x86_emulate_ctxt 0 61869 &enable_so___section_nr_fndecl_61869 ++enable_so___section_nr_fndecl_61869 __section_nr fndecl 0 61869 NULL +enable_so_nfs4_file_fsync_fndecl_61872 nfs4_file_fsync fndecl 2-3 61872 NULL +enable_so_handle_eviocgbit_fndecl_61874 handle_eviocgbit fndecl 3 61874 NULL +enable_so_wm5100_set_fll_fndecl_61876 wm5100_set_fll fndecl 4-5 61876 NULL nohasharray diff --git a/4.2.5/4425_grsec_remove_EI_PAX.patch b/4.2.6/4425_grsec_remove_EI_PAX.patch index 2a1aa6c..2a1aa6c 100644 --- a/4.2.5/4425_grsec_remove_EI_PAX.patch +++ b/4.2.6/4425_grsec_remove_EI_PAX.patch diff --git a/4.2.5/4427_force_XATTR_PAX_tmpfs.patch b/4.2.6/4427_force_XATTR_PAX_tmpfs.patch index 9157231..9157231 100644 --- a/4.2.5/4427_force_XATTR_PAX_tmpfs.patch +++ b/4.2.6/4427_force_XATTR_PAX_tmpfs.patch diff --git a/4.2.5/4430_grsec-remove-localversion-grsec.patch b/4.2.6/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/4.2.5/4430_grsec-remove-localversion-grsec.patch +++ b/4.2.6/4430_grsec-remove-localversion-grsec.patch diff --git a/4.2.5/4435_grsec-mute-warnings.patch b/4.2.6/4435_grsec-mute-warnings.patch index b7564e4..b7564e4 100644 --- a/4.2.5/4435_grsec-mute-warnings.patch +++ b/4.2.6/4435_grsec-mute-warnings.patch diff --git a/4.2.5/4440_grsec-remove-protected-paths.patch b/4.2.6/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/4.2.5/4440_grsec-remove-protected-paths.patch +++ b/4.2.6/4440_grsec-remove-protected-paths.patch diff --git a/4.2.5/4450_grsec-kconfig-default-gids.patch b/4.2.6/4450_grsec-kconfig-default-gids.patch index 9524b1f..9524b1f 100644 --- a/4.2.5/4450_grsec-kconfig-default-gids.patch +++ b/4.2.6/4450_grsec-kconfig-default-gids.patch diff --git a/4.2.5/4465_selinux-avc_audit-log-curr_ip.patch b/4.2.6/4465_selinux-avc_audit-log-curr_ip.patch index ba89596..ba89596 100644 --- a/4.2.5/4465_selinux-avc_audit-log-curr_ip.patch +++ b/4.2.6/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/4.2.5/4470_disable-compat_vdso.patch b/4.2.6/4470_disable-compat_vdso.patch index 7f84a27..7f84a27 100644 --- a/4.2.5/4470_disable-compat_vdso.patch +++ b/4.2.6/4470_disable-compat_vdso.patch diff --git a/4.2.5/4475_emutramp_default_on.patch b/4.2.6/4475_emutramp_default_on.patch index afd6019..afd6019 100644 --- a/4.2.5/4475_emutramp_default_on.patch +++ b/4.2.6/4475_emutramp_default_on.patch |