summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-03-14 06:34:37 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-03-14 06:34:37 -0400
commit19d9f6905add079be5d80971b97ccf513ddbd1e2 (patch)
tree2ca16b995baed2362785a7d9a3691a9a58ff0f2a
parentgrsecurity-3.1-4.4.5-201603102309 (diff)
downloadhardened-patchset-20160313.tar.gz
hardened-patchset-20160313.tar.bz2
hardened-patchset-20160313.zip
grsecurity-3.1-4.4.5-20160313130520160313
-rw-r--r--4.4.5/0000_README6
-rw-r--r--4.4.5/1004_linux-4.4.5.patch3396
-rw-r--r--4.4.5/4420_grsecurity-3.1-4.4.5-201603131305.patch (renamed from 4.4.5/4420_grsecurity-3.1-4.4.5-201603102309.patch)318
3 files changed, 255 insertions, 3465 deletions
diff --git a/4.4.5/0000_README b/4.4.5/0000_README
index e92303f..c02a112 100644
--- a/4.4.5/0000_README
+++ b/4.4.5/0000_README
@@ -2,11 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1004_linux-4.4.5.patch
-From: https://www.kernel.org/
-Desc: Linux 4.4.5
-
-Patch: 4420_grsecurity-3.1-4.4.5-201603102309.patch
+Patch: 4420_grsecurity-3.1-4.4.5-201603131305.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.4.5/1004_linux-4.4.5.patch b/4.4.5/1004_linux-4.4.5.patch
deleted file mode 100644
index 82135c4..0000000
--- a/4.4.5/1004_linux-4.4.5.patch
+++ /dev/null
@@ -1,3396 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 344bc6f..d13322a 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 4
- PATCHLEVEL = 4
--SUBLEVEL = 4
-+SUBLEVEL = 5
- EXTRAVERSION =
- NAME = Blurry Fish Butt
-
-diff --git a/arch/arm/kvm/guest.c b/arch/arm/kvm/guest.c
-index 96e935b..3705fc2 100644
---- a/arch/arm/kvm/guest.c
-+++ b/arch/arm/kvm/guest.c
-@@ -155,7 +155,7 @@ static int get_timer_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
- u64 val;
-
- val = kvm_arm_timer_get_reg(vcpu, reg->id);
-- return copy_to_user(uaddr, &val, KVM_REG_SIZE(reg->id));
-+ return copy_to_user(uaddr, &val, KVM_REG_SIZE(reg->id)) ? -EFAULT : 0;
- }
-
- static unsigned long num_core_regs(void)
-diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
-index 63f52b5..fc9f7ef 100644
---- a/arch/arm64/include/asm/pgtable.h
-+++ b/arch/arm64/include/asm/pgtable.h
-@@ -34,13 +34,13 @@
- /*
- * VMALLOC and SPARSEMEM_VMEMMAP ranges.
- *
-- * VMEMAP_SIZE: allows the whole VA space to be covered by a struct page array
-+ * VMEMAP_SIZE: allows the whole linear region to be covered by a struct page array
- * (rounded up to PUD_SIZE).
- * VMALLOC_START: beginning of the kernel VA space
- * VMALLOC_END: extends to the available space below vmmemmap, PCI I/O space,
- * fixed mappings and modules
- */
--#define VMEMMAP_SIZE ALIGN((1UL << (VA_BITS - PAGE_SHIFT)) * sizeof(struct page), PUD_SIZE)
-+#define VMEMMAP_SIZE ALIGN((1UL << (VA_BITS - PAGE_SHIFT - 1)) * sizeof(struct page), PUD_SIZE)
-
- #ifndef CONFIG_KASAN
- #define VMALLOC_START (VA_START)
-@@ -51,7 +51,8 @@
-
- #define VMALLOC_END (PAGE_OFFSET - PUD_SIZE - VMEMMAP_SIZE - SZ_64K)
-
--#define vmemmap ((struct page *)(VMALLOC_END + SZ_64K))
-+#define VMEMMAP_START (VMALLOC_END + SZ_64K)
-+#define vmemmap ((struct page *)VMEMMAP_START - (memstart_addr >> PAGE_SHIFT))
-
- #define FIRST_USER_ADDRESS 0UL
-
-diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c
-index d250160..3039f08 100644
---- a/arch/arm64/kvm/guest.c
-+++ b/arch/arm64/kvm/guest.c
-@@ -186,7 +186,7 @@ static int get_timer_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
- u64 val;
-
- val = kvm_arm_timer_get_reg(vcpu, reg->id);
-- return copy_to_user(uaddr, &val, KVM_REG_SIZE(reg->id));
-+ return copy_to_user(uaddr, &val, KVM_REG_SIZE(reg->id)) ? -EFAULT : 0;
- }
-
- /**
-diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
-index 17bf39a..4cb98aa 100644
---- a/arch/arm64/mm/init.c
-+++ b/arch/arm64/mm/init.c
-@@ -319,8 +319,8 @@ void __init mem_init(void)
- #endif
- MLG(VMALLOC_START, VMALLOC_END),
- #ifdef CONFIG_SPARSEMEM_VMEMMAP
-- MLG((unsigned long)vmemmap,
-- (unsigned long)vmemmap + VMEMMAP_SIZE),
-+ MLG(VMEMMAP_START,
-+ VMEMMAP_START + VMEMMAP_SIZE),
- MLM((unsigned long)virt_to_page(PAGE_OFFSET),
- (unsigned long)virt_to_page(high_memory)),
- #endif
-diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
-index 886cb19..ca9a810 100644
---- a/arch/mips/kernel/traps.c
-+++ b/arch/mips/kernel/traps.c
-@@ -690,15 +690,15 @@ static int simulate_sync(struct pt_regs *regs, unsigned int opcode)
- asmlinkage void do_ov(struct pt_regs *regs)
- {
- enum ctx_state prev_state;
-- siginfo_t info;
-+ siginfo_t info = {
-+ .si_signo = SIGFPE,
-+ .si_code = FPE_INTOVF,
-+ .si_addr = (void __user *)regs->cp0_epc,
-+ };
-
- prev_state = exception_enter();
- die_if_kernel("Integer overflow", regs);
-
-- info.si_code = FPE_INTOVF;
-- info.si_signo = SIGFPE;
-- info.si_errno = 0;
-- info.si_addr = (void __user *) regs->cp0_epc;
- force_sig_info(SIGFPE, &info, current);
- exception_exit(prev_state);
- }
-@@ -874,7 +874,7 @@ out:
- void do_trap_or_bp(struct pt_regs *regs, unsigned int code,
- const char *str)
- {
-- siginfo_t info;
-+ siginfo_t info = { 0 };
- char b[40];
-
- #ifdef CONFIG_KGDB_LOW_LEVEL_TRAP
-@@ -903,7 +903,6 @@ void do_trap_or_bp(struct pt_regs *regs, unsigned int code,
- else
- info.si_code = FPE_INTOVF;
- info.si_signo = SIGFPE;
-- info.si_errno = 0;
- info.si_addr = (void __user *) regs->cp0_epc;
- force_sig_info(SIGFPE, &info, current);
- break;
-diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
-index b9b803f..2683d04 100644
---- a/arch/mips/kvm/mips.c
-+++ b/arch/mips/kvm/mips.c
-@@ -702,7 +702,7 @@ static int kvm_mips_get_reg(struct kvm_vcpu *vcpu,
- } else if ((reg->id & KVM_REG_SIZE_MASK) == KVM_REG_SIZE_U128) {
- void __user *uaddr = (void __user *)(long)reg->addr;
-
-- return copy_to_user(uaddr, vs, 16);
-+ return copy_to_user(uaddr, vs, 16) ? -EFAULT : 0;
- } else {
- return -EINVAL;
- }
-@@ -732,7 +732,7 @@ static int kvm_mips_set_reg(struct kvm_vcpu *vcpu,
- } else if ((reg->id & KVM_REG_SIZE_MASK) == KVM_REG_SIZE_U128) {
- void __user *uaddr = (void __user *)(long)reg->addr;
-
-- return copy_from_user(vs, uaddr, 16);
-+ return copy_from_user(vs, uaddr, 16) ? -EFAULT : 0;
- } else {
- return -EINVAL;
- }
-diff --git a/arch/mips/mm/sc-mips.c b/arch/mips/mm/sc-mips.c
-index 3bd0597..ddb8154 100644
---- a/arch/mips/mm/sc-mips.c
-+++ b/arch/mips/mm/sc-mips.c
-@@ -164,11 +164,13 @@ static int __init mips_sc_probe_cm3(void)
-
- sets = cfg & CM_GCR_L2_CONFIG_SET_SIZE_MSK;
- sets >>= CM_GCR_L2_CONFIG_SET_SIZE_SHF;
-- c->scache.sets = 64 << sets;
-+ if (sets)
-+ c->scache.sets = 64 << sets;
-
- line_sz = cfg & CM_GCR_L2_CONFIG_LINE_SIZE_MSK;
- line_sz >>= CM_GCR_L2_CONFIG_LINE_SIZE_SHF;
-- c->scache.linesz = 2 << line_sz;
-+ if (line_sz)
-+ c->scache.linesz = 2 << line_sz;
-
- assoc = cfg & CM_GCR_L2_CONFIG_ASSOC_MSK;
- assoc >>= CM_GCR_L2_CONFIG_ASSOC_SHF;
-@@ -176,9 +178,12 @@ static int __init mips_sc_probe_cm3(void)
- c->scache.waysize = c->scache.sets * c->scache.linesz;
- c->scache.waybit = __ffs(c->scache.waysize);
-
-- c->scache.flags &= ~MIPS_CACHE_NOT_PRESENT;
-+ if (c->scache.linesz) {
-+ c->scache.flags &= ~MIPS_CACHE_NOT_PRESENT;
-+ return 1;
-+ }
-
-- return 1;
-+ return 0;
- }
-
- void __weak platform_early_l2_init(void)
-diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c
-index 9585c81..ce0b2b4 100644
---- a/arch/parisc/kernel/ptrace.c
-+++ b/arch/parisc/kernel/ptrace.c
-@@ -269,14 +269,19 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
-
- long do_syscall_trace_enter(struct pt_regs *regs)
- {
-- long ret = 0;
--
- /* Do the secure computing check first. */
- secure_computing_strict(regs->gr[20]);
-
- if (test_thread_flag(TIF_SYSCALL_TRACE) &&
-- tracehook_report_syscall_entry(regs))
-- ret = -1L;
-+ tracehook_report_syscall_entry(regs)) {
-+ /*
-+ * Tracing decided this syscall should not happen or the
-+ * debugger stored an invalid system call number. Skip
-+ * the system call and the system call restart handling.
-+ */
-+ regs->gr[20] = -1UL;
-+ goto out;
-+ }
-
- #ifdef CONFIG_64BIT
- if (!is_compat_task())
-@@ -290,7 +295,8 @@ long do_syscall_trace_enter(struct pt_regs *regs)
- regs->gr[24] & 0xffffffff,
- regs->gr[23] & 0xffffffff);
-
-- return ret ? : regs->gr[20];
-+out:
-+ return regs->gr[20];
- }
-
- void do_syscall_trace_exit(struct pt_regs *regs)
-diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S
-index 3fbd725..fbafa0d 100644
---- a/arch/parisc/kernel/syscall.S
-+++ b/arch/parisc/kernel/syscall.S
-@@ -343,7 +343,7 @@ tracesys_next:
- #endif
-
- comiclr,>>= __NR_Linux_syscalls, %r20, %r0
-- b,n .Lsyscall_nosys
-+ b,n .Ltracesys_nosys
-
- LDREGX %r20(%r19), %r19
-
-@@ -359,6 +359,9 @@ tracesys_next:
- be 0(%sr7,%r19)
- ldo R%tracesys_exit(%r2),%r2
-
-+.Ltracesys_nosys:
-+ ldo -ENOSYS(%r0),%r28 /* set errno */
-+
- /* Do *not* call this function on the gateway page, because it
- makes a direct call to syscall_trace. */
-
-diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
-index d1daead..adb3eaf 100644
---- a/arch/x86/kernel/acpi/sleep.c
-+++ b/arch/x86/kernel/acpi/sleep.c
-@@ -16,6 +16,7 @@
- #include <asm/cacheflush.h>
- #include <asm/realmode.h>
-
-+#include <linux/ftrace.h>
- #include "../../realmode/rm/wakeup.h"
- #include "sleep.h"
-
-@@ -107,7 +108,13 @@ int x86_acpi_suspend_lowlevel(void)
- saved_magic = 0x123456789abcdef0L;
- #endif /* CONFIG_64BIT */
-
-+ /*
-+ * Pause/unpause graph tracing around do_suspend_lowlevel as it has
-+ * inconsistent call/return info after it jumps to the wakeup vector.
-+ */
-+ pause_graph_tracing();
- do_suspend_lowlevel();
-+ unpause_graph_tracing();
- return 0;
- }
-
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 10e7693..5fd846c 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -595,6 +595,8 @@ struct vcpu_vmx {
- /* Support for PML */
- #define PML_ENTITY_NUM 512
- struct page *pml_pg;
-+
-+ u64 current_tsc_ratio;
- };
-
- enum segment_cache_field {
-@@ -2062,14 +2064,16 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
- rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
- vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
-
-- /* Setup TSC multiplier */
-- if (cpu_has_vmx_tsc_scaling())
-- vmcs_write64(TSC_MULTIPLIER,
-- vcpu->arch.tsc_scaling_ratio);
--
- vmx->loaded_vmcs->cpu = cpu;
- }
-
-+ /* Setup TSC multiplier */
-+ if (kvm_has_tsc_control &&
-+ vmx->current_tsc_ratio != vcpu->arch.tsc_scaling_ratio) {
-+ vmx->current_tsc_ratio = vcpu->arch.tsc_scaling_ratio;
-+ vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio);
-+ }
-+
- vmx_vcpu_pi_load(vcpu, cpu);
- }
-
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 6ef3856..d294502 100644
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -2736,7 +2736,6 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
- }
-
- kvm_make_request(KVM_REQ_STEAL_UPDATE, vcpu);
-- vcpu->arch.switch_db_regs |= KVM_DEBUGREG_RELOAD;
- }
-
- void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu)
-@@ -6545,12 +6544,12 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
- * KVM_DEBUGREG_WONT_EXIT again.
- */
- if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) {
-- int i;
--
- WARN_ON(vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP);
- kvm_x86_ops->sync_dirty_debug_regs(vcpu);
-- for (i = 0; i < KVM_NR_DB_REGS; i++)
-- vcpu->arch.eff_db[i] = vcpu->arch.db[i];
-+ kvm_update_dr0123(vcpu);
-+ kvm_update_dr6(vcpu);
-+ kvm_update_dr7(vcpu);
-+ vcpu->arch.switch_db_regs &= ~KVM_DEBUGREG_RELOAD;
- }
-
- /*
-diff --git a/block/blk-settings.c b/block/blk-settings.c
-index dd49735..c7bb666 100644
---- a/block/blk-settings.c
-+++ b/block/blk-settings.c
-@@ -91,8 +91,8 @@ void blk_set_default_limits(struct queue_limits *lim)
- lim->seg_boundary_mask = BLK_SEG_BOUNDARY_MASK;
- lim->virt_boundary_mask = 0;
- lim->max_segment_size = BLK_MAX_SEGMENT_SIZE;
-- lim->max_sectors = lim->max_dev_sectors = lim->max_hw_sectors =
-- BLK_SAFE_MAX_SECTORS;
-+ lim->max_sectors = lim->max_hw_sectors = BLK_SAFE_MAX_SECTORS;
-+ lim->max_dev_sectors = 0;
- lim->chunk_sectors = 0;
- lim->max_write_same_sectors = 0;
- lim->max_discard_sectors = 0;
-diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
-index 99921aa..60a1583 100644
---- a/drivers/ata/ahci.c
-+++ b/drivers/ata/ahci.c
-@@ -367,15 +367,21 @@ static const struct pci_device_id ahci_pci_tbl[] = {
- { PCI_VDEVICE(INTEL, 0xa107), board_ahci }, /* Sunrise Point-H RAID */
- { PCI_VDEVICE(INTEL, 0xa10f), board_ahci }, /* Sunrise Point-H RAID */
- { PCI_VDEVICE(INTEL, 0x2822), board_ahci }, /* Lewisburg RAID*/
-+ { PCI_VDEVICE(INTEL, 0x2823), board_ahci }, /* Lewisburg AHCI*/
- { PCI_VDEVICE(INTEL, 0x2826), board_ahci }, /* Lewisburg RAID*/
-+ { PCI_VDEVICE(INTEL, 0x2827), board_ahci }, /* Lewisburg RAID*/
- { PCI_VDEVICE(INTEL, 0xa182), board_ahci }, /* Lewisburg AHCI*/
- { PCI_VDEVICE(INTEL, 0xa184), board_ahci }, /* Lewisburg RAID*/
- { PCI_VDEVICE(INTEL, 0xa186), board_ahci }, /* Lewisburg RAID*/
- { PCI_VDEVICE(INTEL, 0xa18e), board_ahci }, /* Lewisburg RAID*/
-+ { PCI_VDEVICE(INTEL, 0xa1d2), board_ahci }, /* Lewisburg RAID*/
-+ { PCI_VDEVICE(INTEL, 0xa1d6), board_ahci }, /* Lewisburg RAID*/
- { PCI_VDEVICE(INTEL, 0xa202), board_ahci }, /* Lewisburg AHCI*/
- { PCI_VDEVICE(INTEL, 0xa204), board_ahci }, /* Lewisburg RAID*/
- { PCI_VDEVICE(INTEL, 0xa206), board_ahci }, /* Lewisburg RAID*/
- { PCI_VDEVICE(INTEL, 0xa20e), board_ahci }, /* Lewisburg RAID*/
-+ { PCI_VDEVICE(INTEL, 0xa252), board_ahci }, /* Lewisburg RAID*/
-+ { PCI_VDEVICE(INTEL, 0xa256), board_ahci }, /* Lewisburg RAID*/
-
- /* JMicron 360/1/3/5/6, match class to avoid IDE function */
- { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
-diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
-index 1f225cc..998c6a8 100644
---- a/drivers/ata/libahci.c
-+++ b/drivers/ata/libahci.c
-@@ -1142,8 +1142,7 @@ static void ahci_port_init(struct device *dev, struct ata_port *ap,
-
- /* mark esata ports */
- tmp = readl(port_mmio + PORT_CMD);
-- if ((tmp & PORT_CMD_HPCP) ||
-- ((tmp & PORT_CMD_ESP) && (hpriv->cap & HOST_CAP_SXS)))
-+ if ((tmp & PORT_CMD_ESP) && (hpriv->cap & HOST_CAP_SXS))
- ap->pflags |= ATA_PFLAG_EXTERNAL;
- }
-
-diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index 7e959f9..e417e1a 100644
---- a/drivers/ata/libata-scsi.c
-+++ b/drivers/ata/libata-scsi.c
-@@ -675,19 +675,18 @@ static int ata_ioc32(struct ata_port *ap)
- int ata_sas_scsi_ioctl(struct ata_port *ap, struct scsi_device *scsidev,
- int cmd, void __user *arg)
- {
-- int val = -EINVAL, rc = -EINVAL;
-+ unsigned long val;
-+ int rc = -EINVAL;
- unsigned long flags;
-
- switch (cmd) {
-- case ATA_IOC_GET_IO32:
-+ case HDIO_GET_32BIT:
- spin_lock_irqsave(ap->lock, flags);
- val = ata_ioc32(ap);
- spin_unlock_irqrestore(ap->lock, flags);
-- if (copy_to_user(arg, &val, 1))
-- return -EFAULT;
-- return 0;
-+ return put_user(val, (unsigned long __user *)arg);
-
-- case ATA_IOC_SET_IO32:
-+ case HDIO_SET_32BIT:
- val = (unsigned long) arg;
- rc = 0;
- spin_lock_irqsave(ap->lock, flags);
-diff --git a/drivers/ata/pata_rb532_cf.c b/drivers/ata/pata_rb532_cf.c
-index 12fe0f3..c8b6a78 100644
---- a/drivers/ata/pata_rb532_cf.c
-+++ b/drivers/ata/pata_rb532_cf.c
-@@ -32,6 +32,8 @@
- #include <linux/libata.h>
- #include <scsi/scsi_host.h>
-
-+#include <asm/mach-rc32434/rb.h>
-+
- #define DRV_NAME "pata-rb532-cf"
- #define DRV_VERSION "0.1.0"
- #define DRV_DESC "PATA driver for RouterBOARD 532 Compact Flash"
-@@ -107,6 +109,7 @@ static int rb532_pata_driver_probe(struct platform_device *pdev)
- int gpio;
- struct resource *res;
- struct ata_host *ah;
-+ struct cf_device *pdata;
- struct rb532_cf_info *info;
- int ret;
-
-@@ -122,7 +125,13 @@ static int rb532_pata_driver_probe(struct platform_device *pdev)
- return -ENOENT;
- }
-
-- gpio = irq_to_gpio(irq);
-+ pdata = dev_get_platdata(&pdev->dev);
-+ if (!pdata) {
-+ dev_err(&pdev->dev, "no platform data specified\n");
-+ return -EINVAL;
-+ }
-+
-+ gpio = pdata->gpio_pin;
- if (gpio < 0) {
- dev_err(&pdev->dev, "no GPIO found for irq%d\n", irq);
- return -ENOENT;
-diff --git a/drivers/dma/pxa_dma.c b/drivers/dma/pxa_dma.c
-index fc4156a..a59061e 100644
---- a/drivers/dma/pxa_dma.c
-+++ b/drivers/dma/pxa_dma.c
-@@ -583,6 +583,8 @@ static void set_updater_desc(struct pxad_desc_sw *sw_desc,
- (PXA_DCMD_LENGTH & sizeof(u32));
- if (flags & DMA_PREP_INTERRUPT)
- updater->dcmd |= PXA_DCMD_ENDIRQEN;
-+ if (sw_desc->cyclic)
-+ sw_desc->hw_desc[sw_desc->nb_desc - 2]->ddadr = sw_desc->first;
- }
-
- static bool is_desc_completed(struct virt_dma_desc *vd)
-@@ -673,6 +675,10 @@ static irqreturn_t pxad_chan_handler(int irq, void *dev_id)
- dev_dbg(&chan->vc.chan.dev->device,
- "%s(): checking txd %p[%x]: completed=%d\n",
- __func__, vd, vd->tx.cookie, is_desc_completed(vd));
-+ if (to_pxad_sw_desc(vd)->cyclic) {
-+ vchan_cyclic_callback(vd);
-+ break;
-+ }
- if (is_desc_completed(vd)) {
- list_del(&vd->node);
- vchan_cookie_complete(vd);
-@@ -1080,7 +1086,7 @@ pxad_prep_dma_cyclic(struct dma_chan *dchan,
- return NULL;
-
- pxad_get_config(chan, dir, &dcmd, &dsadr, &dtadr);
-- dcmd |= PXA_DCMD_ENDIRQEN | (PXA_DCMD_LENGTH | period_len);
-+ dcmd |= PXA_DCMD_ENDIRQEN | (PXA_DCMD_LENGTH & period_len);
- dev_dbg(&chan->vc.chan.dev->device,
- "%s(): buf_addr=0x%lx len=%zu period=%zu dir=%d flags=%lx\n",
- __func__, (unsigned long)buf_addr, len, period_len, dir, flags);
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
-index 89c3dd6..119cdc2 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
-@@ -77,7 +77,7 @@ void amdgpu_connector_hotplug(struct drm_connector *connector)
- } else if (amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) {
- /* Don't try to start link training before we
- * have the dpcd */
-- if (!amdgpu_atombios_dp_get_dpcd(amdgpu_connector))
-+ if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector))
- return;
-
- /* set it to OFF so that drm_helper_connector_dpms()
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
-index a2a16ac..b8fbbd7 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
-@@ -33,6 +33,7 @@
- #include <linux/slab.h>
- #include <drm/drmP.h>
- #include <drm/amdgpu_drm.h>
-+#include <drm/drm_cache.h>
- #include "amdgpu.h"
- #include "amdgpu_trace.h"
-
-@@ -261,6 +262,13 @@ int amdgpu_bo_create_restricted(struct amdgpu_device *adev,
- AMDGPU_GEM_DOMAIN_OA);
-
- bo->flags = flags;
-+
-+ /* For architectures that don't support WC memory,
-+ * mask out the WC flag from the BO
-+ */
-+ if (!drm_arch_can_wc_memory())
-+ bo->flags &= ~AMDGPU_GEM_CREATE_CPU_GTT_USWC;
-+
- amdgpu_fill_placement_to_bo(bo, placement);
- /* Kernel allocation are uninterruptible */
- r = ttm_bo_init(&adev->mman.bdev, &bo->tbo, size, type,
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
-index 03fe251..7ae15fa 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
-@@ -596,9 +596,6 @@ force:
- /* update display watermarks based on new power state */
- amdgpu_display_bandwidth_update(adev);
-
-- adev->pm.dpm.current_active_crtcs = adev->pm.dpm.new_active_crtcs;
-- adev->pm.dpm.current_active_crtc_count = adev->pm.dpm.new_active_crtc_count;
--
- /* wait for the rings to drain */
- for (i = 0; i < AMDGPU_MAX_RINGS; i++) {
- struct amdgpu_ring *ring = adev->rings[i];
-@@ -617,6 +614,9 @@ force:
- /* update displays */
- amdgpu_dpm_display_configuration_changed(adev);
-
-+ adev->pm.dpm.current_active_crtcs = adev->pm.dpm.new_active_crtcs;
-+ adev->pm.dpm.current_active_crtc_count = adev->pm.dpm.new_active_crtc_count;
-+
- if (adev->pm.funcs->force_performance_level) {
- if (adev->pm.dpm.thermal_active) {
- enum amdgpu_dpm_forced_level level = adev->pm.dpm.forced_level;
-diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
-index 39adbb6..8c5ec15 100644
---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
-+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
-@@ -1248,7 +1248,7 @@ int amdgpu_vm_init(struct amdgpu_device *adev, struct amdgpu_vm *vm)
- {
- const unsigned align = min(AMDGPU_VM_PTB_ALIGN_SIZE,
- AMDGPU_VM_PTE_COUNT * 8);
-- unsigned pd_size, pd_entries, pts_size;
-+ unsigned pd_size, pd_entries;
- int i, r;
-
- for (i = 0; i < AMDGPU_MAX_RINGS; ++i) {
-@@ -1266,8 +1266,7 @@ int amdgpu_vm_init(struct amdgpu_device *adev, struct amdgpu_vm *vm)
- pd_entries = amdgpu_vm_num_pdes(adev);
-
- /* allocate page table array */
-- pts_size = pd_entries * sizeof(struct amdgpu_vm_pt);
-- vm->page_tables = kzalloc(pts_size, GFP_KERNEL);
-+ vm->page_tables = drm_calloc_large(pd_entries, sizeof(struct amdgpu_vm_pt));
- if (vm->page_tables == NULL) {
- DRM_ERROR("Cannot allocate memory for page table array\n");
- return -ENOMEM;
-@@ -1327,7 +1326,7 @@ void amdgpu_vm_fini(struct amdgpu_device *adev, struct amdgpu_vm *vm)
-
- for (i = 0; i < amdgpu_vm_num_pdes(adev); i++)
- amdgpu_bo_unref(&vm->page_tables[i].bo);
-- kfree(vm->page_tables);
-+ drm_free_large(vm->page_tables);
-
- amdgpu_bo_unref(&vm->page_directory);
- fence_put(vm->page_directory_fence);
-diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
-index 72793f9..aa49154 100644
---- a/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
-+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c
-@@ -3628,6 +3628,19 @@ static void gfx_v7_0_ring_emit_vm_flush(struct amdgpu_ring *ring,
- unsigned vm_id, uint64_t pd_addr)
- {
- int usepfp = (ring->type == AMDGPU_RING_TYPE_GFX);
-+ uint32_t seq = ring->fence_drv.sync_seq;
-+ uint64_t addr = ring->fence_drv.gpu_addr;
-+
-+ amdgpu_ring_write(ring, PACKET3(PACKET3_WAIT_REG_MEM, 5));
-+ amdgpu_ring_write(ring, (WAIT_REG_MEM_MEM_SPACE(1) | /* memory */
-+ WAIT_REG_MEM_FUNCTION(3) | /* equal */
-+ WAIT_REG_MEM_ENGINE(usepfp))); /* pfp or me */
-+ amdgpu_ring_write(ring, addr & 0xfffffffc);
-+ amdgpu_ring_write(ring, upper_32_bits(addr) & 0xffffffff);
-+ amdgpu_ring_write(ring, seq);
-+ amdgpu_ring_write(ring, 0xffffffff);
-+ amdgpu_ring_write(ring, 4); /* poll interval */
-+
- if (usepfp) {
- /* synce CE with ME to prevent CE fetch CEIB before context switch done */
- amdgpu_ring_write(ring, PACKET3(PACKET3_SWITCH_BUFFER, 0));
-diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
-index 4cb45f4..d105403 100644
---- a/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
-+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c
-@@ -4681,7 +4681,8 @@ static void gfx_v8_0_ring_emit_vm_flush(struct amdgpu_ring *ring,
-
- amdgpu_ring_write(ring, PACKET3(PACKET3_WAIT_REG_MEM, 5));
- amdgpu_ring_write(ring, (WAIT_REG_MEM_MEM_SPACE(1) | /* memory */
-- WAIT_REG_MEM_FUNCTION(3))); /* equal */
-+ WAIT_REG_MEM_FUNCTION(3) | /* equal */
-+ WAIT_REG_MEM_ENGINE(usepfp))); /* pfp or me */
- amdgpu_ring_write(ring, addr & 0xfffffffc);
- amdgpu_ring_write(ring, upper_32_bits(addr) & 0xffffffff);
- amdgpu_ring_write(ring, seq);
-diff --git a/drivers/gpu/drm/amd/amdgpu/vi.c b/drivers/gpu/drm/amd/amdgpu/vi.c
-index 7628eb4..3e9cbe3 100644
---- a/drivers/gpu/drm/amd/amdgpu/vi.c
-+++ b/drivers/gpu/drm/amd/amdgpu/vi.c
-@@ -1082,10 +1082,10 @@ static const struct amdgpu_ip_block_version topaz_ip_blocks[] =
- },
- {
- .type = AMD_IP_BLOCK_TYPE_GMC,
-- .major = 8,
-- .minor = 0,
-+ .major = 7,
-+ .minor = 4,
- .rev = 0,
-- .funcs = &gmc_v8_0_ip_funcs,
-+ .funcs = &gmc_v7_0_ip_funcs,
- },
- {
- .type = AMD_IP_BLOCK_TYPE_IH,
-@@ -1129,10 +1129,10 @@ static const struct amdgpu_ip_block_version tonga_ip_blocks[] =
- },
- {
- .type = AMD_IP_BLOCK_TYPE_GMC,
-- .major = 7,
-- .minor = 4,
-+ .major = 8,
-+ .minor = 0,
- .rev = 0,
-- .funcs = &gmc_v7_0_ip_funcs,
-+ .funcs = &gmc_v8_0_ip_funcs,
- },
- {
- .type = AMD_IP_BLOCK_TYPE_IH,
-diff --git a/drivers/gpu/drm/ast/ast_main.c b/drivers/gpu/drm/ast/ast_main.c
-index 541a610..e0b4586 100644
---- a/drivers/gpu/drm/ast/ast_main.c
-+++ b/drivers/gpu/drm/ast/ast_main.c
-@@ -227,7 +227,7 @@ static int ast_get_dram_info(struct drm_device *dev)
- } while (ast_read32(ast, 0x10000) != 0x01);
- data = ast_read32(ast, 0x10004);
-
-- if (data & 0x400)
-+ if (data & 0x40)
- ast->dram_bus_width = 16;
- else
- ast->dram_bus_width = 32;
-diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
-index 760e0ce..a6ad938 100644
---- a/drivers/gpu/drm/i915/i915_drv.c
-+++ b/drivers/gpu/drm/i915/i915_drv.c
-@@ -531,7 +531,10 @@ void intel_detect_pch(struct drm_device *dev)
- dev_priv->pch_type = PCH_SPT;
- DRM_DEBUG_KMS("Found SunrisePoint LP PCH\n");
- WARN_ON(!IS_SKYLAKE(dev));
-- } else if (id == INTEL_PCH_P2X_DEVICE_ID_TYPE) {
-+ } else if ((id == INTEL_PCH_P2X_DEVICE_ID_TYPE) ||
-+ ((id == INTEL_PCH_QEMU_DEVICE_ID_TYPE) &&
-+ pch->subsystem_vendor == 0x1af4 &&
-+ pch->subsystem_device == 0x1100)) {
- dev_priv->pch_type = intel_virt_detect_pch(dev);
- } else
- continue;
-diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index f4af19a..d3ce4da 100644
---- a/drivers/gpu/drm/i915/i915_drv.h
-+++ b/drivers/gpu/drm/i915/i915_drv.h
-@@ -2614,6 +2614,7 @@ struct drm_i915_cmd_table {
- #define INTEL_PCH_SPT_DEVICE_ID_TYPE 0xA100
- #define INTEL_PCH_SPT_LP_DEVICE_ID_TYPE 0x9D00
- #define INTEL_PCH_P2X_DEVICE_ID_TYPE 0x7100
-+#define INTEL_PCH_QEMU_DEVICE_ID_TYPE 0x2900 /* qemu q35 has 2918 */
-
- #define INTEL_PCH_TYPE(dev) (__I915__(dev)->pch_type)
- #define HAS_PCH_SPT(dev) (INTEL_PCH_TYPE(dev) == PCH_SPT)
-diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
-index 2081a60..1fa8121 100644
---- a/drivers/gpu/drm/radeon/radeon_pm.c
-+++ b/drivers/gpu/drm/radeon/radeon_pm.c
-@@ -1076,10 +1076,6 @@ force:
- /* update display watermarks based on new power state */
- radeon_bandwidth_update(rdev);
-
-- rdev->pm.dpm.current_active_crtcs = rdev->pm.dpm.new_active_crtcs;
-- rdev->pm.dpm.current_active_crtc_count = rdev->pm.dpm.new_active_crtc_count;
-- rdev->pm.dpm.single_display = single_display;
--
- /* wait for the rings to drain */
- for (i = 0; i < RADEON_NUM_RINGS; i++) {
- struct radeon_ring *ring = &rdev->ring[i];
-@@ -1098,6 +1094,10 @@ force:
- /* update displays */
- radeon_dpm_display_configuration_changed(rdev);
-
-+ rdev->pm.dpm.current_active_crtcs = rdev->pm.dpm.new_active_crtcs;
-+ rdev->pm.dpm.current_active_crtc_count = rdev->pm.dpm.new_active_crtc_count;
-+ rdev->pm.dpm.single_display = single_display;
-+
- if (rdev->asic->dpm.force_performance_level) {
- if (rdev->pm.dpm.thermal_active) {
- enum radeon_dpm_forced_level level = rdev->pm.dpm.forced_level;
-diff --git a/drivers/i2c/busses/i2c-brcmstb.c b/drivers/i2c/busses/i2c-brcmstb.c
-index 8e9637e..81115ab 100644
---- a/drivers/i2c/busses/i2c-brcmstb.c
-+++ b/drivers/i2c/busses/i2c-brcmstb.c
-@@ -562,8 +562,7 @@ static int brcmstb_i2c_probe(struct platform_device *pdev)
- if (!dev)
- return -ENOMEM;
-
-- dev->bsc_regmap = devm_kzalloc(&pdev->dev, sizeof(struct bsc_regs *),
-- GFP_KERNEL);
-+ dev->bsc_regmap = devm_kzalloc(&pdev->dev, sizeof(*dev->bsc_regmap), GFP_KERNEL);
- if (!dev->bsc_regmap)
- return -ENOMEM;
-
-diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
-index 013bdff..bf4959f 100644
---- a/drivers/iommu/amd_iommu_init.c
-+++ b/drivers/iommu/amd_iommu_init.c
-@@ -228,6 +228,10 @@ static int amd_iommu_enable_interrupts(void);
- static int __init iommu_go_to_state(enum iommu_init_state state);
- static void init_device_table_dma(void);
-
-+static int iommu_pc_get_set_reg_val(struct amd_iommu *iommu,
-+ u8 bank, u8 cntr, u8 fxn,
-+ u64 *value, bool is_write);
-+
- static inline void update_last_devid(u16 devid)
- {
- if (devid > amd_iommu_last_bdf)
-@@ -1016,6 +1020,34 @@ static void amd_iommu_erratum_746_workaround(struct amd_iommu *iommu)
- }
-
- /*
-+ * Family15h Model 30h-3fh (IOMMU Mishandles ATS Write Permission)
-+ * Workaround:
-+ * BIOS should enable ATS write permission check by setting
-+ * L2_DEBUG_3[AtsIgnoreIWDis](D0F2xF4_x47[0]) = 1b
-+ */
-+static void amd_iommu_ats_write_check_workaround(struct amd_iommu *iommu)
-+{
-+ u32 value;
-+
-+ if ((boot_cpu_data.x86 != 0x15) ||
-+ (boot_cpu_data.x86_model < 0x30) ||
-+ (boot_cpu_data.x86_model > 0x3f))
-+ return;
-+
-+ /* Test L2_DEBUG_3[AtsIgnoreIWDis] == 1 */
-+ value = iommu_read_l2(iommu, 0x47);
-+
-+ if (value & BIT(0))
-+ return;
-+
-+ /* Set L2_DEBUG_3[AtsIgnoreIWDis] = 1 */
-+ iommu_write_l2(iommu, 0x47, value | BIT(0));
-+
-+ pr_info("AMD-Vi: Applying ATS write check workaround for IOMMU at %s\n",
-+ dev_name(&iommu->dev->dev));
-+}
-+
-+/*
- * This function clues the initialization function for one IOMMU
- * together and also allocates the command buffer and programs the
- * hardware. It does NOT enable the IOMMU. This is done afterwards.
-@@ -1142,8 +1174,8 @@ static void init_iommu_perf_ctr(struct amd_iommu *iommu)
- amd_iommu_pc_present = true;
-
- /* Check if the performance counters can be written to */
-- if ((0 != amd_iommu_pc_get_set_reg_val(0, 0, 0, 0, &val, true)) ||
-- (0 != amd_iommu_pc_get_set_reg_val(0, 0, 0, 0, &val2, false)) ||
-+ if ((0 != iommu_pc_get_set_reg_val(iommu, 0, 0, 0, &val, true)) ||
-+ (0 != iommu_pc_get_set_reg_val(iommu, 0, 0, 0, &val2, false)) ||
- (val != val2)) {
- pr_err("AMD-Vi: Unable to write to IOMMU perf counter.\n");
- amd_iommu_pc_present = false;
-@@ -1284,6 +1316,7 @@ static int iommu_init_pci(struct amd_iommu *iommu)
- }
-
- amd_iommu_erratum_746_workaround(iommu);
-+ amd_iommu_ats_write_check_workaround(iommu);
-
- iommu->iommu_dev = iommu_device_create(&iommu->dev->dev, iommu,
- amd_iommu_groups, "ivhd%d",
-@@ -2283,22 +2316,15 @@ u8 amd_iommu_pc_get_max_counters(u16 devid)
- }
- EXPORT_SYMBOL(amd_iommu_pc_get_max_counters);
-
--int amd_iommu_pc_get_set_reg_val(u16 devid, u8 bank, u8 cntr, u8 fxn,
-+static int iommu_pc_get_set_reg_val(struct amd_iommu *iommu,
-+ u8 bank, u8 cntr, u8 fxn,
- u64 *value, bool is_write)
- {
-- struct amd_iommu *iommu;
- u32 offset;
- u32 max_offset_lim;
-
-- /* Make sure the IOMMU PC resource is available */
-- if (!amd_iommu_pc_present)
-- return -ENODEV;
--
-- /* Locate the iommu associated with the device ID */
-- iommu = amd_iommu_rlookup_table[devid];
--
- /* Check for valid iommu and pc register indexing */
-- if (WARN_ON((iommu == NULL) || (fxn > 0x28) || (fxn & 7)))
-+ if (WARN_ON((fxn > 0x28) || (fxn & 7)))
- return -ENODEV;
-
- offset = (u32)(((0x40|bank) << 12) | (cntr << 8) | fxn);
-@@ -2322,3 +2348,16 @@ int amd_iommu_pc_get_set_reg_val(u16 devid, u8 bank, u8 cntr, u8 fxn,
- return 0;
- }
- EXPORT_SYMBOL(amd_iommu_pc_get_set_reg_val);
-+
-+int amd_iommu_pc_get_set_reg_val(u16 devid, u8 bank, u8 cntr, u8 fxn,
-+ u64 *value, bool is_write)
-+{
-+ struct amd_iommu *iommu = amd_iommu_rlookup_table[devid];
-+
-+ /* Make sure the IOMMU PC resource is available */
-+ if (!amd_iommu_pc_present || iommu == NULL)
-+ return -ENODEV;
-+
-+ return iommu_pc_get_set_reg_val(iommu, bank, cntr, fxn,
-+ value, is_write);
-+}
-diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
-index 55a19e4..3821c47 100644
---- a/drivers/iommu/dmar.c
-+++ b/drivers/iommu/dmar.c
-@@ -329,7 +329,8 @@ static int dmar_pci_bus_notifier(struct notifier_block *nb,
- /* Only care about add/remove events for physical functions */
- if (pdev->is_virtfn)
- return NOTIFY_DONE;
-- if (action != BUS_NOTIFY_ADD_DEVICE && action != BUS_NOTIFY_DEL_DEVICE)
-+ if (action != BUS_NOTIFY_ADD_DEVICE &&
-+ action != BUS_NOTIFY_REMOVED_DEVICE)
- return NOTIFY_DONE;
-
- info = dmar_alloc_pci_notify_info(pdev, action);
-@@ -339,7 +340,7 @@ static int dmar_pci_bus_notifier(struct notifier_block *nb,
- down_write(&dmar_global_lock);
- if (action == BUS_NOTIFY_ADD_DEVICE)
- dmar_pci_bus_add_dev(info);
-- else if (action == BUS_NOTIFY_DEL_DEVICE)
-+ else if (action == BUS_NOTIFY_REMOVED_DEVICE)
- dmar_pci_bus_del_dev(info);
- up_write(&dmar_global_lock);
-
-diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
-index 986a53e..a2e1b7f 100644
---- a/drivers/iommu/intel-iommu.c
-+++ b/drivers/iommu/intel-iommu.c
-@@ -4367,7 +4367,7 @@ int dmar_iommu_notify_scope_dev(struct dmar_pci_notify_info *info)
- rmrru->devices_cnt);
- if(ret < 0)
- return ret;
-- } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
-+ } else if (info->event == BUS_NOTIFY_REMOVED_DEVICE) {
- dmar_remove_dev_scope(info, rmrr->segment,
- rmrru->devices, rmrru->devices_cnt);
- }
-@@ -4387,7 +4387,7 @@ int dmar_iommu_notify_scope_dev(struct dmar_pci_notify_info *info)
- break;
- else if(ret < 0)
- return ret;
-- } else if (info->event == BUS_NOTIFY_DEL_DEVICE) {
-+ } else if (info->event == BUS_NOTIFY_REMOVED_DEVICE) {
- if (dmar_remove_dev_scope(info, atsr->segment,
- atsru->devices, atsru->devices_cnt))
- break;
-diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c
-index 5631ec0..01adcdc 100644
---- a/drivers/media/i2c/adv7604.c
-+++ b/drivers/media/i2c/adv7604.c
-@@ -1960,10 +1960,9 @@ static int adv76xx_isr(struct v4l2_subdev *sd, u32 status, bool *handled)
- }
-
- /* tx 5v detect */
-- tx_5v = io_read(sd, 0x70) & info->cable_det_mask;
-+ tx_5v = irq_reg_0x70 & info->cable_det_mask;
- if (tx_5v) {
- v4l2_dbg(1, debug, sd, "%s: tx_5v: 0x%x\n", __func__, tx_5v);
-- io_write(sd, 0x71, tx_5v);
- adv76xx_s_detect_tx_5v_ctrl(sd);
- if (handled)
- *handled = true;
-diff --git a/drivers/misc/cxl/pci.c b/drivers/misc/cxl/pci.c
-index 85761d7..be2c8e24 100644
---- a/drivers/misc/cxl/pci.c
-+++ b/drivers/misc/cxl/pci.c
-@@ -414,7 +414,7 @@ static int cxl_setup_psl_timebase(struct cxl *adapter, struct pci_dev *dev)
- delta = mftb() - psl_tb;
- if (delta < 0)
- delta = -delta;
-- } while (cputime_to_usecs(delta) > 16);
-+ } while (tb_to_ns(delta) > 16000);
-
- return 0;
- }
-diff --git a/drivers/mtd/ubi/upd.c b/drivers/mtd/ubi/upd.c
-index 2a1b6e0..0134ba3 100644
---- a/drivers/mtd/ubi/upd.c
-+++ b/drivers/mtd/ubi/upd.c
-@@ -193,7 +193,7 @@ int ubi_start_leb_change(struct ubi_device *ubi, struct ubi_volume *vol,
- vol->changing_leb = 1;
- vol->ch_lnum = req->lnum;
-
-- vol->upd_buf = vmalloc(req->bytes);
-+ vol->upd_buf = vmalloc(ALIGN((int)req->bytes, ubi->min_io_size));
- if (!vol->upd_buf)
- return -ENOMEM;
-
-diff --git a/drivers/pci/host/pci-keystone-dw.c b/drivers/pci/host/pci-keystone-dw.c
-index ed34c95..6153853 100644
---- a/drivers/pci/host/pci-keystone-dw.c
-+++ b/drivers/pci/host/pci-keystone-dw.c
-@@ -58,11 +58,6 @@
-
- #define to_keystone_pcie(x) container_of(x, struct keystone_pcie, pp)
-
--static inline struct pcie_port *sys_to_pcie(struct pci_sys_data *sys)
--{
-- return sys->private_data;
--}
--
- static inline void update_reg_offset_bit_pos(u32 offset, u32 *reg_offset,
- u32 *bit_pos)
- {
-@@ -108,7 +103,7 @@ static void ks_dw_pcie_msi_irq_ack(struct irq_data *d)
- struct pcie_port *pp;
-
- msi = irq_data_get_msi_desc(d);
-- pp = sys_to_pcie(msi_desc_to_pci_sysdata(msi));
-+ pp = (struct pcie_port *) msi_desc_to_pci_sysdata(msi);
- ks_pcie = to_keystone_pcie(pp);
- offset = d->irq - irq_linear_revmap(pp->irq_domain, 0);
- update_reg_offset_bit_pos(offset, &reg_offset, &bit_pos);
-@@ -146,7 +141,7 @@ static void ks_dw_pcie_msi_irq_mask(struct irq_data *d)
- u32 offset;
-
- msi = irq_data_get_msi_desc(d);
-- pp = sys_to_pcie(msi_desc_to_pci_sysdata(msi));
-+ pp = (struct pcie_port *) msi_desc_to_pci_sysdata(msi);
- ks_pcie = to_keystone_pcie(pp);
- offset = d->irq - irq_linear_revmap(pp->irq_domain, 0);
-
-@@ -167,7 +162,7 @@ static void ks_dw_pcie_msi_irq_unmask(struct irq_data *d)
- u32 offset;
-
- msi = irq_data_get_msi_desc(d);
-- pp = sys_to_pcie(msi_desc_to_pci_sysdata(msi));
-+ pp = (struct pcie_port *) msi_desc_to_pci_sysdata(msi);
- ks_pcie = to_keystone_pcie(pp);
- offset = d->irq - irq_linear_revmap(pp->irq_domain, 0);
-
-diff --git a/drivers/sh/pm_runtime.c b/drivers/sh/pm_runtime.c
-index 91a00301..a9bac3b 100644
---- a/drivers/sh/pm_runtime.c
-+++ b/drivers/sh/pm_runtime.c
-@@ -34,7 +34,7 @@ static struct pm_clk_notifier_block platform_bus_notifier = {
-
- static int __init sh_pm_runtime_init(void)
- {
-- if (IS_ENABLED(CONFIG_ARCH_SHMOBILE)) {
-+ if (IS_ENABLED(CONFIG_OF) && IS_ENABLED(CONFIG_ARCH_SHMOBILE)) {
- if (!of_find_compatible_node(NULL, NULL,
- "renesas,cpg-mstp-clocks"))
- return 0;
-diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 88ea4e4..3436a83 100644
---- a/drivers/target/target_core_device.c
-+++ b/drivers/target/target_core_device.c
-@@ -826,6 +826,49 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
- return dev;
- }
-
-+/*
-+ * Check if the underlying struct block_device request_queue supports
-+ * the QUEUE_FLAG_DISCARD bit for UNMAP/WRITE_SAME in SCSI + TRIM
-+ * in ATA and we need to set TPE=1
-+ */
-+bool target_configure_unmap_from_queue(struct se_dev_attrib *attrib,
-+ struct request_queue *q, int block_size)
-+{
-+ if (!blk_queue_discard(q))
-+ return false;
-+
-+ attrib->max_unmap_lba_count = (q->limits.max_discard_sectors << 9) /
-+ block_size;
-+ /*
-+ * Currently hardcoded to 1 in Linux/SCSI code..
-+ */
-+ attrib->max_unmap_block_desc_count = 1;
-+ attrib->unmap_granularity = q->limits.discard_granularity / block_size;
-+ attrib->unmap_granularity_alignment = q->limits.discard_alignment /
-+ block_size;
-+ return true;
-+}
-+EXPORT_SYMBOL(target_configure_unmap_from_queue);
-+
-+/*
-+ * Convert from blocksize advertised to the initiator to the 512 byte
-+ * units unconditionally used by the Linux block layer.
-+ */
-+sector_t target_to_linux_sector(struct se_device *dev, sector_t lb)
-+{
-+ switch (dev->dev_attrib.block_size) {
-+ case 4096:
-+ return lb << 3;
-+ case 2048:
-+ return lb << 2;
-+ case 1024:
-+ return lb << 1;
-+ default:
-+ return lb;
-+ }
-+}
-+EXPORT_SYMBOL(target_to_linux_sector);
-+
- int target_configure_device(struct se_device *dev)
- {
- struct se_hba *hba = dev->se_hba;
-diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c
-index e319570..75f0f08 100644
---- a/drivers/target/target_core_file.c
-+++ b/drivers/target/target_core_file.c
-@@ -160,25 +160,11 @@ static int fd_configure_device(struct se_device *dev)
- " block_device blocks: %llu logical_block_size: %d\n",
- dev_size, div_u64(dev_size, fd_dev->fd_block_size),
- fd_dev->fd_block_size);
-- /*
-- * Check if the underlying struct block_device request_queue supports
-- * the QUEUE_FLAG_DISCARD bit for UNMAP/WRITE_SAME in SCSI + TRIM
-- * in ATA and we need to set TPE=1
-- */
-- if (blk_queue_discard(q)) {
-- dev->dev_attrib.max_unmap_lba_count =
-- q->limits.max_discard_sectors;
-- /*
-- * Currently hardcoded to 1 in Linux/SCSI code..
-- */
-- dev->dev_attrib.max_unmap_block_desc_count = 1;
-- dev->dev_attrib.unmap_granularity =
-- q->limits.discard_granularity >> 9;
-- dev->dev_attrib.unmap_granularity_alignment =
-- q->limits.discard_alignment;
-+
-+ if (target_configure_unmap_from_queue(&dev->dev_attrib, q,
-+ fd_dev->fd_block_size))
- pr_debug("IFILE: BLOCK Discard support available,"
-- " disabled by default\n");
-- }
-+ " disabled by default\n");
- /*
- * Enable write same emulation for IBLOCK and use 0xFFFF as
- * the smaller WRITE_SAME(10) only has a two-byte block count.
-@@ -490,9 +476,12 @@ fd_execute_unmap(struct se_cmd *cmd, sector_t lba, sector_t nolb)
- if (S_ISBLK(inode->i_mode)) {
- /* The backend is block device, use discard */
- struct block_device *bdev = inode->i_bdev;
-+ struct se_device *dev = cmd->se_dev;
-
-- ret = blkdev_issue_discard(bdev, lba,
-- nolb, GFP_KERNEL, 0);
-+ ret = blkdev_issue_discard(bdev,
-+ target_to_linux_sector(dev, lba),
-+ target_to_linux_sector(dev, nolb),
-+ GFP_KERNEL, 0);
- if (ret < 0) {
- pr_warn("FILEIO: blkdev_issue_discard() failed: %d\n",
- ret);
-diff --git a/drivers/target/target_core_iblock.c b/drivers/target/target_core_iblock.c
-index f29c691..2c53dce 100644
---- a/drivers/target/target_core_iblock.c
-+++ b/drivers/target/target_core_iblock.c
-@@ -121,27 +121,11 @@ static int iblock_configure_device(struct se_device *dev)
- dev->dev_attrib.hw_max_sectors = queue_max_hw_sectors(q);
- dev->dev_attrib.hw_queue_depth = q->nr_requests;
-
-- /*
-- * Check if the underlying struct block_device request_queue supports
-- * the QUEUE_FLAG_DISCARD bit for UNMAP/WRITE_SAME in SCSI + TRIM
-- * in ATA and we need to set TPE=1
-- */
-- if (blk_queue_discard(q)) {
-- dev->dev_attrib.max_unmap_lba_count =
-- q->limits.max_discard_sectors;
--
-- /*
-- * Currently hardcoded to 1 in Linux/SCSI code..
-- */
-- dev->dev_attrib.max_unmap_block_desc_count = 1;
-- dev->dev_attrib.unmap_granularity =
-- q->limits.discard_granularity >> 9;
-- dev->dev_attrib.unmap_granularity_alignment =
-- q->limits.discard_alignment;
--
-+ if (target_configure_unmap_from_queue(&dev->dev_attrib, q,
-+ dev->dev_attrib.hw_block_size))
- pr_debug("IBLOCK: BLOCK Discard support available,"
-- " disabled by default\n");
-- }
-+ " disabled by default\n");
-+
- /*
- * Enable write same emulation for IBLOCK and use 0xFFFF as
- * the smaller WRITE_SAME(10) only has a two-byte block count.
-@@ -413,9 +397,13 @@ static sense_reason_t
- iblock_execute_unmap(struct se_cmd *cmd, sector_t lba, sector_t nolb)
- {
- struct block_device *bdev = IBLOCK_DEV(cmd->se_dev)->ibd_bd;
-+ struct se_device *dev = cmd->se_dev;
- int ret;
-
-- ret = blkdev_issue_discard(bdev, lba, nolb, GFP_KERNEL, 0);
-+ ret = blkdev_issue_discard(bdev,
-+ target_to_linux_sector(dev, lba),
-+ target_to_linux_sector(dev, nolb),
-+ GFP_KERNEL, 0);
- if (ret < 0) {
- pr_err("blkdev_issue_discard() failed: %d\n", ret);
- return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
-@@ -431,8 +419,10 @@ iblock_execute_write_same(struct se_cmd *cmd)
- struct scatterlist *sg;
- struct bio *bio;
- struct bio_list list;
-- sector_t block_lba = cmd->t_task_lba;
-- sector_t sectors = sbc_get_write_same_sectors(cmd);
-+ struct se_device *dev = cmd->se_dev;
-+ sector_t block_lba = target_to_linux_sector(dev, cmd->t_task_lba);
-+ sector_t sectors = target_to_linux_sector(dev,
-+ sbc_get_write_same_sectors(cmd));
-
- if (cmd->prot_op) {
- pr_err("WRITE_SAME: Protection information with IBLOCK"
-@@ -646,12 +636,12 @@ iblock_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
- enum dma_data_direction data_direction)
- {
- struct se_device *dev = cmd->se_dev;
-+ sector_t block_lba = target_to_linux_sector(dev, cmd->t_task_lba);
- struct iblock_req *ibr;
- struct bio *bio, *bio_start;
- struct bio_list list;
- struct scatterlist *sg;
- u32 sg_num = sgl_nents;
-- sector_t block_lba;
- unsigned bio_cnt;
- int rw = 0;
- int i;
-@@ -677,24 +667,6 @@ iblock_execute_rw(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents,
- rw = READ;
- }
-
-- /*
-- * Convert the blocksize advertised to the initiator to the 512 byte
-- * units unconditionally used by the Linux block layer.
-- */
-- if (dev->dev_attrib.block_size == 4096)
-- block_lba = (cmd->t_task_lba << 3);
-- else if (dev->dev_attrib.block_size == 2048)
-- block_lba = (cmd->t_task_lba << 2);
-- else if (dev->dev_attrib.block_size == 1024)
-- block_lba = (cmd->t_task_lba << 1);
-- else if (dev->dev_attrib.block_size == 512)
-- block_lba = cmd->t_task_lba;
-- else {
-- pr_err("Unsupported SCSI -> BLOCK LBA conversion:"
-- " %u\n", dev->dev_attrib.block_size);
-- return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
-- }
--
- ibr = kzalloc(sizeof(struct iblock_req), GFP_KERNEL);
- if (!ibr)
- goto fail;
-diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c
-index e3fbc5a..6ceac4f 100644
---- a/drivers/thermal/cpu_cooling.c
-+++ b/drivers/thermal/cpu_cooling.c
-@@ -377,26 +377,28 @@ static u32 cpu_power_to_freq(struct cpufreq_cooling_device *cpufreq_device,
- * get_load() - get load for a cpu since last updated
- * @cpufreq_device: &struct cpufreq_cooling_device for this cpu
- * @cpu: cpu number
-+ * @cpu_idx: index of the cpu in cpufreq_device->allowed_cpus
- *
- * Return: The average load of cpu @cpu in percentage since this
- * function was last called.
- */
--static u32 get_load(struct cpufreq_cooling_device *cpufreq_device, int cpu)
-+static u32 get_load(struct cpufreq_cooling_device *cpufreq_device, int cpu,
-+ int cpu_idx)
- {
- u32 load;
- u64 now, now_idle, delta_time, delta_idle;
-
- now_idle = get_cpu_idle_time(cpu, &now, 0);
-- delta_idle = now_idle - cpufreq_device->time_in_idle[cpu];
-- delta_time = now - cpufreq_device->time_in_idle_timestamp[cpu];
-+ delta_idle = now_idle - cpufreq_device->time_in_idle[cpu_idx];
-+ delta_time = now - cpufreq_device->time_in_idle_timestamp[cpu_idx];
-
- if (delta_time <= delta_idle)
- load = 0;
- else
- load = div64_u64(100 * (delta_time - delta_idle), delta_time);
-
-- cpufreq_device->time_in_idle[cpu] = now_idle;
-- cpufreq_device->time_in_idle_timestamp[cpu] = now;
-+ cpufreq_device->time_in_idle[cpu_idx] = now_idle;
-+ cpufreq_device->time_in_idle_timestamp[cpu_idx] = now;
-
- return load;
- }
-@@ -598,7 +600,7 @@ static int cpufreq_get_requested_power(struct thermal_cooling_device *cdev,
- u32 load;
-
- if (cpu_online(cpu))
-- load = get_load(cpufreq_device, cpu);
-+ load = get_load(cpufreq_device, cpu, i);
- else
- load = 0;
-
-diff --git a/drivers/usb/chipidea/otg.c b/drivers/usb/chipidea/otg.c
-index 45f86da..03b6743 100644
---- a/drivers/usb/chipidea/otg.c
-+++ b/drivers/usb/chipidea/otg.c
-@@ -158,7 +158,7 @@ static void ci_otg_work(struct work_struct *work)
- int ci_hdrc_otg_init(struct ci_hdrc *ci)
- {
- INIT_WORK(&ci->work, ci_otg_work);
-- ci->wq = create_singlethread_workqueue("ci_otg");
-+ ci->wq = create_freezable_workqueue("ci_otg");
- if (!ci->wq) {
- dev_err(ci->dev, "can't create workqueue\n");
- return -ENODEV;
-diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
-index a7caf53..7a76fe4 100644
---- a/drivers/usb/serial/cp210x.c
-+++ b/drivers/usb/serial/cp210x.c
-@@ -164,6 +164,7 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x18EF, 0xE025) }, /* ELV Marble Sound Board 1 */
- { USB_DEVICE(0x1901, 0x0190) }, /* GE B850 CP2105 Recorder interface */
- { USB_DEVICE(0x1901, 0x0193) }, /* GE B650 CP2104 PMC interface */
-+ { USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */
- { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
- { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
- { USB_DEVICE(0x1BA4, 0x0002) }, /* Silicon Labs 358x factory default */
-diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
-index 8849439a..348e198 100644
---- a/drivers/usb/serial/option.c
-+++ b/drivers/usb/serial/option.c
-@@ -270,6 +270,7 @@ static void option_instat_callback(struct urb *urb);
- #define TELIT_PRODUCT_UE910_V2 0x1012
- #define TELIT_PRODUCT_LE922_USBCFG0 0x1042
- #define TELIT_PRODUCT_LE922_USBCFG3 0x1043
-+#define TELIT_PRODUCT_LE922_USBCFG5 0x1045
- #define TELIT_PRODUCT_LE920 0x1200
- #define TELIT_PRODUCT_LE910 0x1201
-
-@@ -1132,6 +1133,8 @@ static const struct usb_device_id option_ids[] = {
- { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x6613)}, /* Onda H600/ZTE MF330 */
- { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x0023)}, /* ONYX 3G device */
- { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000)}, /* SIMCom SIM5218 */
-+ { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9003), /* Quectel UC20 */
-+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
- { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6001) },
- { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_CMU_300) },
- { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6003),
-@@ -1183,6 +1186,8 @@ static const struct usb_device_id option_ids[] = {
- .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG3),
- .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 },
-+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG5, 0xff),
-+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 },
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910),
- .driver_info = (kernel_ulong_t)&telit_le910_blacklist },
- { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920),
-diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c
-index 9919d2a..1bc6089 100644
---- a/drivers/usb/serial/qcserial.c
-+++ b/drivers/usb/serial/qcserial.c
-@@ -157,14 +157,17 @@ static const struct usb_device_id id_table[] = {
- {DEVICE_SWI(0x1199, 0x9056)}, /* Sierra Wireless Modem */
- {DEVICE_SWI(0x1199, 0x9060)}, /* Sierra Wireless Modem */
- {DEVICE_SWI(0x1199, 0x9061)}, /* Sierra Wireless Modem */
-- {DEVICE_SWI(0x1199, 0x9070)}, /* Sierra Wireless MC74xx/EM74xx */
-- {DEVICE_SWI(0x1199, 0x9071)}, /* Sierra Wireless MC74xx/EM74xx */
-+ {DEVICE_SWI(0x1199, 0x9070)}, /* Sierra Wireless MC74xx */
-+ {DEVICE_SWI(0x1199, 0x9071)}, /* Sierra Wireless MC74xx */
-+ {DEVICE_SWI(0x1199, 0x9078)}, /* Sierra Wireless EM74xx */
-+ {DEVICE_SWI(0x1199, 0x9079)}, /* Sierra Wireless EM74xx */
- {DEVICE_SWI(0x413c, 0x81a2)}, /* Dell Wireless 5806 Gobi(TM) 4G LTE Mobile Broadband Card */
- {DEVICE_SWI(0x413c, 0x81a3)}, /* Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card */
- {DEVICE_SWI(0x413c, 0x81a4)}, /* Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card */
- {DEVICE_SWI(0x413c, 0x81a8)}, /* Dell Wireless 5808 Gobi(TM) 4G LTE Mobile Broadband Card */
- {DEVICE_SWI(0x413c, 0x81a9)}, /* Dell Wireless 5808e Gobi(TM) 4G LTE Mobile Broadband Card */
- {DEVICE_SWI(0x413c, 0x81b1)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card */
-+ {DEVICE_SWI(0x413c, 0x81b3)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */
-
- /* Huawei devices */
- {DEVICE_HWI(0x03f0, 0x581d)}, /* HP lt4112 LTE/HSPA+ Gobi 4G Modem (Huawei me906e) */
-diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c
-index 56bf6db..9982cb1 100644
---- a/drivers/vfio/pci/vfio_pci.c
-+++ b/drivers/vfio/pci/vfio_pci.c
-@@ -446,7 +446,8 @@ static long vfio_pci_ioctl(void *device_data,
- info.num_regions = VFIO_PCI_NUM_REGIONS;
- info.num_irqs = VFIO_PCI_NUM_IRQS;
-
-- return copy_to_user((void __user *)arg, &info, minsz);
-+ return copy_to_user((void __user *)arg, &info, minsz) ?
-+ -EFAULT : 0;
-
- } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) {
- struct pci_dev *pdev = vdev->pdev;
-@@ -520,7 +521,8 @@ static long vfio_pci_ioctl(void *device_data,
- return -EINVAL;
- }
-
-- return copy_to_user((void __user *)arg, &info, minsz);
-+ return copy_to_user((void __user *)arg, &info, minsz) ?
-+ -EFAULT : 0;
-
- } else if (cmd == VFIO_DEVICE_GET_IRQ_INFO) {
- struct vfio_irq_info info;
-@@ -555,7 +557,8 @@ static long vfio_pci_ioctl(void *device_data,
- else
- info.flags |= VFIO_IRQ_INFO_NORESIZE;
-
-- return copy_to_user((void __user *)arg, &info, minsz);
-+ return copy_to_user((void __user *)arg, &info, minsz) ?
-+ -EFAULT : 0;
-
- } else if (cmd == VFIO_DEVICE_SET_IRQS) {
- struct vfio_irq_set hdr;
-diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c
-index 418cdd9..e65b142 100644
---- a/drivers/vfio/platform/vfio_platform_common.c
-+++ b/drivers/vfio/platform/vfio_platform_common.c
-@@ -219,7 +219,8 @@ static long vfio_platform_ioctl(void *device_data,
- info.num_regions = vdev->num_regions;
- info.num_irqs = vdev->num_irqs;
-
-- return copy_to_user((void __user *)arg, &info, minsz);
-+ return copy_to_user((void __user *)arg, &info, minsz) ?
-+ -EFAULT : 0;
-
- } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) {
- struct vfio_region_info info;
-@@ -240,7 +241,8 @@ static long vfio_platform_ioctl(void *device_data,
- info.size = vdev->regions[info.index].size;
- info.flags = vdev->regions[info.index].flags;
-
-- return copy_to_user((void __user *)arg, &info, minsz);
-+ return copy_to_user((void __user *)arg, &info, minsz) ?
-+ -EFAULT : 0;
-
- } else if (cmd == VFIO_DEVICE_GET_IRQ_INFO) {
- struct vfio_irq_info info;
-@@ -259,7 +261,8 @@ static long vfio_platform_ioctl(void *device_data,
- info.flags = vdev->irqs[info.index].flags;
- info.count = vdev->irqs[info.index].count;
-
-- return copy_to_user((void __user *)arg, &info, minsz);
-+ return copy_to_user((void __user *)arg, &info, minsz) ?
-+ -EFAULT : 0;
-
- } else if (cmd == VFIO_DEVICE_SET_IRQS) {
- struct vfio_irq_set hdr;
-diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
-index 59d47cb..ecb826e 100644
---- a/drivers/vfio/vfio_iommu_type1.c
-+++ b/drivers/vfio/vfio_iommu_type1.c
-@@ -999,7 +999,8 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
-
- info.iova_pgsizes = vfio_pgsize_bitmap(iommu);
-
-- return copy_to_user((void __user *)arg, &info, minsz);
-+ return copy_to_user((void __user *)arg, &info, minsz) ?
-+ -EFAULT : 0;
-
- } else if (cmd == VFIO_IOMMU_MAP_DMA) {
- struct vfio_iommu_type1_dma_map map;
-@@ -1032,7 +1033,8 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
- if (ret)
- return ret;
-
-- return copy_to_user((void __user *)arg, &unmap, minsz);
-+ return copy_to_user((void __user *)arg, &unmap, minsz) ?
-+ -EFAULT : 0;
- }
-
- return -ENOTTY;
-diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
-index 92f3949..6e92917 100644
---- a/drivers/video/console/fbcon.c
-+++ b/drivers/video/console/fbcon.c
-@@ -709,6 +709,7 @@ static int con2fb_acquire_newinfo(struct vc_data *vc, struct fb_info *info,
- }
-
- if (!err) {
-+ ops->cur_blink_jiffies = HZ / 5;
- info->fbcon_par = ops;
-
- if (vc)
-@@ -956,6 +957,7 @@ static const char *fbcon_startup(void)
- ops->currcon = -1;
- ops->graphics = 1;
- ops->cur_rotate = -1;
-+ ops->cur_blink_jiffies = HZ / 5;
- info->fbcon_par = ops;
- p->con_rotate = initial_rotation;
- set_blitting_type(vc, info);
-diff --git a/fs/btrfs/async-thread.c b/fs/btrfs/async-thread.c
-index 3e36e4a..9aba42b 100644
---- a/fs/btrfs/async-thread.c
-+++ b/fs/btrfs/async-thread.c
-@@ -328,8 +328,8 @@ static inline void __btrfs_queue_work(struct __btrfs_workqueue *wq,
- list_add_tail(&work->ordered_list, &wq->ordered_list);
- spin_unlock_irqrestore(&wq->list_lock, flags);
- }
-- queue_work(wq->normal_wq, &work->normal_work);
- trace_btrfs_work_queued(work);
-+ queue_work(wq->normal_wq, &work->normal_work);
- }
-
- void btrfs_queue_work(struct btrfs_workqueue *wq,
-diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
-index 35489e7..385b449 100644
---- a/fs/btrfs/ctree.h
-+++ b/fs/btrfs/ctree.h
-@@ -1572,7 +1572,7 @@ struct btrfs_fs_info {
-
- spinlock_t delayed_iput_lock;
- struct list_head delayed_iputs;
-- struct rw_semaphore delayed_iput_sem;
-+ struct mutex cleaner_delayed_iput_mutex;
-
- /* this protects tree_mod_seq_list */
- spinlock_t tree_mod_seq_lock;
-diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
-index 4958360..41fb431 100644
---- a/fs/btrfs/disk-io.c
-+++ b/fs/btrfs/disk-io.c
-@@ -1796,7 +1796,10 @@ static int cleaner_kthread(void *arg)
- goto sleep;
- }
-
-+ mutex_lock(&root->fs_info->cleaner_delayed_iput_mutex);
- btrfs_run_delayed_iputs(root);
-+ mutex_unlock(&root->fs_info->cleaner_delayed_iput_mutex);
-+
- again = btrfs_clean_one_deleted_snapshot(root);
- mutex_unlock(&root->fs_info->cleaner_mutex);
-
-@@ -2556,8 +2559,8 @@ int open_ctree(struct super_block *sb,
- mutex_init(&fs_info->delete_unused_bgs_mutex);
- mutex_init(&fs_info->reloc_mutex);
- mutex_init(&fs_info->delalloc_root_mutex);
-+ mutex_init(&fs_info->cleaner_delayed_iput_mutex);
- seqlock_init(&fs_info->profiles_lock);
-- init_rwsem(&fs_info->delayed_iput_sem);
-
- INIT_LIST_HEAD(&fs_info->dirty_cowonly_roots);
- INIT_LIST_HEAD(&fs_info->space_info);
-diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
-index c4661db..2368cac 100644
---- a/fs/btrfs/extent-tree.c
-+++ b/fs/btrfs/extent-tree.c
-@@ -4086,8 +4086,10 @@ commit_trans:
- !atomic_read(&root->fs_info->open_ioctl_trans)) {
- need_commit--;
-
-- if (need_commit > 0)
-+ if (need_commit > 0) {
-+ btrfs_start_delalloc_roots(fs_info, 0, -1);
- btrfs_wait_ordered_roots(fs_info, -1);
-+ }
-
- trans = btrfs_join_transaction(root);
- if (IS_ERR(trans))
-@@ -4100,11 +4102,12 @@ commit_trans:
- if (ret)
- return ret;
- /*
-- * make sure that all running delayed iput are
-- * done
-+ * The cleaner kthread might still be doing iput
-+ * operations. Wait for it to finish so that
-+ * more space is released.
- */
-- down_write(&root->fs_info->delayed_iput_sem);
-- up_write(&root->fs_info->delayed_iput_sem);
-+ mutex_lock(&root->fs_info->cleaner_delayed_iput_mutex);
-+ mutex_unlock(&root->fs_info->cleaner_delayed_iput_mutex);
- goto again;
- } else {
- btrfs_end_transaction(trans, root);
-diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index 52fc1b5..4bc9dbf 100644
---- a/fs/btrfs/inode.c
-+++ b/fs/btrfs/inode.c
-@@ -3142,8 +3142,6 @@ void btrfs_run_delayed_iputs(struct btrfs_root *root)
- if (empty)
- return;
-
-- down_read(&fs_info->delayed_iput_sem);
--
- spin_lock(&fs_info->delayed_iput_lock);
- list_splice_init(&fs_info->delayed_iputs, &list);
- spin_unlock(&fs_info->delayed_iput_lock);
-@@ -3154,8 +3152,6 @@ void btrfs_run_delayed_iputs(struct btrfs_root *root)
- iput(delayed->inode);
- kfree(delayed);
- }
--
-- up_read(&root->fs_info->delayed_iput_sem);
- }
-
- /*
-diff --git a/fs/btrfs/root-tree.c b/fs/btrfs/root-tree.c
-index 7cf8509..2c849b0 100644
---- a/fs/btrfs/root-tree.c
-+++ b/fs/btrfs/root-tree.c
-@@ -310,8 +310,16 @@ int btrfs_find_orphan_roots(struct btrfs_root *tree_root)
- set_bit(BTRFS_ROOT_ORPHAN_ITEM_INSERTED, &root->state);
-
- err = btrfs_insert_fs_root(root->fs_info, root);
-+ /*
-+ * The root might have been inserted already, as before we look
-+ * for orphan roots, log replay might have happened, which
-+ * triggers a transaction commit and qgroup accounting, which
-+ * in turn reads and inserts fs roots while doing backref
-+ * walking.
-+ */
-+ if (err == -EEXIST)
-+ err = 0;
- if (err) {
-- BUG_ON(err == -EEXIST);
- btrfs_free_fs_root(root);
- break;
- }
-diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h
-index c3cc160..44b3d42 100644
---- a/fs/cifs/cifsfs.h
-+++ b/fs/cifs/cifsfs.h
-@@ -31,19 +31,15 @@
- * so that it will fit. We use hash_64 to convert the value to 31 bits, and
- * then add 1, to ensure that we don't end up with a 0 as the value.
- */
--#if BITS_PER_LONG == 64
- static inline ino_t
- cifs_uniqueid_to_ino_t(u64 fileid)
- {
-+ if ((sizeof(ino_t)) < (sizeof(u64)))
-+ return (ino_t)hash_64(fileid, (sizeof(ino_t) * 8) - 1) + 1;
-+
- return (ino_t)fileid;
-+
- }
--#else
--static inline ino_t
--cifs_uniqueid_to_ino_t(u64 fileid)
--{
-- return (ino_t)hash_64(fileid, (sizeof(ino_t) * 8) - 1) + 1;
--}
--#endif
-
- extern struct file_system_type cifs_fs_type;
- extern const struct address_space_operations cifs_addr_ops;
-diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
-index 90b4f9f..76fcb50 100644
---- a/fs/cifs/cifssmb.c
-+++ b/fs/cifs/cifssmb.c
-@@ -1396,11 +1396,10 @@ openRetry:
- * current bigbuf.
- */
- static int
--cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
-+discard_remaining_data(struct TCP_Server_Info *server)
- {
- unsigned int rfclen = get_rfc1002_length(server->smallbuf);
- int remaining = rfclen + 4 - server->total_read;
-- struct cifs_readdata *rdata = mid->callback_data;
-
- while (remaining > 0) {
- int length;
-@@ -1414,10 +1413,20 @@ cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
- remaining -= length;
- }
-
-- dequeue_mid(mid, rdata->result);
- return 0;
- }
-
-+static int
-+cifs_readv_discard(struct TCP_Server_Info *server, struct mid_q_entry *mid)
-+{
-+ int length;
-+ struct cifs_readdata *rdata = mid->callback_data;
-+
-+ length = discard_remaining_data(server);
-+ dequeue_mid(mid, rdata->result);
-+ return length;
-+}
-+
- int
- cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
- {
-@@ -1446,6 +1455,12 @@ cifs_readv_receive(struct TCP_Server_Info *server, struct mid_q_entry *mid)
- return length;
- server->total_read += length;
-
-+ if (server->ops->is_status_pending &&
-+ server->ops->is_status_pending(buf, server, 0)) {
-+ discard_remaining_data(server);
-+ return -1;
-+ }
-+
- /* Was the SMB read successful? */
- rdata->result = server->ops->map_error(buf, false);
- if (rdata->result != 0) {
-diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
-index 7675555..373b5cd 100644
---- a/fs/cifs/smb2pdu.c
-+++ b/fs/cifs/smb2pdu.c
-@@ -1109,21 +1109,25 @@ parse_lease_state(struct TCP_Server_Info *server, struct smb2_create_rsp *rsp,
- {
- char *data_offset;
- struct create_context *cc;
-- unsigned int next = 0;
-+ unsigned int next;
-+ unsigned int remaining;
- char *name;
-
- data_offset = (char *)rsp + 4 + le32_to_cpu(rsp->CreateContextsOffset);
-+ remaining = le32_to_cpu(rsp->CreateContextsLength);
- cc = (struct create_context *)data_offset;
-- do {
-- cc = (struct create_context *)((char *)cc + next);
-+ while (remaining >= sizeof(struct create_context)) {
- name = le16_to_cpu(cc->NameOffset) + (char *)cc;
-- if (le16_to_cpu(cc->NameLength) != 4 ||
-- strncmp(name, "RqLs", 4)) {
-- next = le32_to_cpu(cc->Next);
-- continue;
-- }
-- return server->ops->parse_lease_buf(cc, epoch);
-- } while (next != 0);
-+ if (le16_to_cpu(cc->NameLength) == 4 &&
-+ strncmp(name, "RqLs", 4) == 0)
-+ return server->ops->parse_lease_buf(cc, epoch);
-+
-+ next = le32_to_cpu(cc->Next);
-+ if (!next)
-+ break;
-+ remaining -= next;
-+ cc = (struct create_context *)((char *)cc + next);
-+ }
-
- return 0;
- }
-diff --git a/fs/dcache.c b/fs/dcache.c
-index 5c33aeb..877bcbb 100644
---- a/fs/dcache.c
-+++ b/fs/dcache.c
-@@ -269,9 +269,6 @@ static inline int dname_external(const struct dentry *dentry)
- return dentry->d_name.name != dentry->d_iname;
- }
-
--/*
-- * Make sure other CPUs see the inode attached before the type is set.
-- */
- static inline void __d_set_inode_and_type(struct dentry *dentry,
- struct inode *inode,
- unsigned type_flags)
-@@ -279,28 +276,18 @@ static inline void __d_set_inode_and_type(struct dentry *dentry,
- unsigned flags;
-
- dentry->d_inode = inode;
-- smp_wmb();
- flags = READ_ONCE(dentry->d_flags);
- flags &= ~(DCACHE_ENTRY_TYPE | DCACHE_FALLTHRU);
- flags |= type_flags;
- WRITE_ONCE(dentry->d_flags, flags);
- }
-
--/*
-- * Ideally, we want to make sure that other CPUs see the flags cleared before
-- * the inode is detached, but this is really a violation of RCU principles
-- * since the ordering suggests we should always set inode before flags.
-- *
-- * We should instead replace or discard the entire dentry - but that sucks
-- * performancewise on mass deletion/rename.
-- */
- static inline void __d_clear_type_and_inode(struct dentry *dentry)
- {
- unsigned flags = READ_ONCE(dentry->d_flags);
-
- flags &= ~(DCACHE_ENTRY_TYPE | DCACHE_FALLTHRU);
- WRITE_ONCE(dentry->d_flags, flags);
-- smp_wmb();
- dentry->d_inode = NULL;
- }
-
-@@ -370,9 +357,11 @@ static void dentry_unlink_inode(struct dentry * dentry)
- __releases(dentry->d_inode->i_lock)
- {
- struct inode *inode = dentry->d_inode;
-+
-+ raw_write_seqcount_begin(&dentry->d_seq);
- __d_clear_type_and_inode(dentry);
- hlist_del_init(&dentry->d_u.d_alias);
-- dentry_rcuwalk_invalidate(dentry);
-+ raw_write_seqcount_end(&dentry->d_seq);
- spin_unlock(&dentry->d_lock);
- spin_unlock(&inode->i_lock);
- if (!inode->i_nlink)
-@@ -1757,8 +1746,9 @@ static void __d_instantiate(struct dentry *dentry, struct inode *inode)
- spin_lock(&dentry->d_lock);
- if (inode)
- hlist_add_head(&dentry->d_u.d_alias, &inode->i_dentry);
-+ raw_write_seqcount_begin(&dentry->d_seq);
- __d_set_inode_and_type(dentry, inode, add_flags);
-- dentry_rcuwalk_invalidate(dentry);
-+ raw_write_seqcount_end(&dentry->d_seq);
- spin_unlock(&dentry->d_lock);
- fsnotify_d_instantiate(dentry, inode);
- }
-diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
-index e5232bb..7a8ea13 100644
---- a/fs/fs-writeback.c
-+++ b/fs/fs-writeback.c
-@@ -223,6 +223,9 @@ static void wb_wait_for_completion(struct backing_dev_info *bdi,
- #define WB_FRN_HIST_MAX_SLOTS (WB_FRN_HIST_THR_SLOTS / 2 + 1)
- /* one round can affect upto 5 slots */
-
-+static atomic_t isw_nr_in_flight = ATOMIC_INIT(0);
-+static struct workqueue_struct *isw_wq;
-+
- void __inode_attach_wb(struct inode *inode, struct page *page)
- {
- struct backing_dev_info *bdi = inode_to_bdi(inode);
-@@ -317,7 +320,6 @@ static void inode_switch_wbs_work_fn(struct work_struct *work)
- struct inode_switch_wbs_context *isw =
- container_of(work, struct inode_switch_wbs_context, work);
- struct inode *inode = isw->inode;
-- struct super_block *sb = inode->i_sb;
- struct address_space *mapping = inode->i_mapping;
- struct bdi_writeback *old_wb = inode->i_wb;
- struct bdi_writeback *new_wb = isw->new_wb;
-@@ -424,8 +426,9 @@ skip_switch:
- wb_put(new_wb);
-
- iput(inode);
-- deactivate_super(sb);
- kfree(isw);
-+
-+ atomic_dec(&isw_nr_in_flight);
- }
-
- static void inode_switch_wbs_rcu_fn(struct rcu_head *rcu_head)
-@@ -435,7 +438,7 @@ static void inode_switch_wbs_rcu_fn(struct rcu_head *rcu_head)
-
- /* needs to grab bh-unsafe locks, bounce to work item */
- INIT_WORK(&isw->work, inode_switch_wbs_work_fn);
-- schedule_work(&isw->work);
-+ queue_work(isw_wq, &isw->work);
- }
-
- /**
-@@ -471,20 +474,20 @@ static void inode_switch_wbs(struct inode *inode, int new_wb_id)
-
- /* while holding I_WB_SWITCH, no one else can update the association */
- spin_lock(&inode->i_lock);
--
-- if (inode->i_state & (I_WB_SWITCH | I_FREEING) ||
-- inode_to_wb(inode) == isw->new_wb)
-- goto out_unlock;
--
-- if (!atomic_inc_not_zero(&inode->i_sb->s_active))
-- goto out_unlock;
--
-+ if (!(inode->i_sb->s_flags & MS_ACTIVE) ||
-+ inode->i_state & (I_WB_SWITCH | I_FREEING) ||
-+ inode_to_wb(inode) == isw->new_wb) {
-+ spin_unlock(&inode->i_lock);
-+ goto out_free;
-+ }
- inode->i_state |= I_WB_SWITCH;
- spin_unlock(&inode->i_lock);
-
- ihold(inode);
- isw->inode = inode;
-
-+ atomic_inc(&isw_nr_in_flight);
-+
- /*
- * In addition to synchronizing among switchers, I_WB_SWITCH tells
- * the RCU protected stat update paths to grab the mapping's
-@@ -494,8 +497,6 @@ static void inode_switch_wbs(struct inode *inode, int new_wb_id)
- call_rcu(&isw->rcu_head, inode_switch_wbs_rcu_fn);
- return;
-
--out_unlock:
-- spin_unlock(&inode->i_lock);
- out_free:
- if (isw->new_wb)
- wb_put(isw->new_wb);
-@@ -849,6 +850,33 @@ restart:
- wb_put(last_wb);
- }
-
-+/**
-+ * cgroup_writeback_umount - flush inode wb switches for umount
-+ *
-+ * This function is called when a super_block is about to be destroyed and
-+ * flushes in-flight inode wb switches. An inode wb switch goes through
-+ * RCU and then workqueue, so the two need to be flushed in order to ensure
-+ * that all previously scheduled switches are finished. As wb switches are
-+ * rare occurrences and synchronize_rcu() can take a while, perform
-+ * flushing iff wb switches are in flight.
-+ */
-+void cgroup_writeback_umount(void)
-+{
-+ if (atomic_read(&isw_nr_in_flight)) {
-+ synchronize_rcu();
-+ flush_workqueue(isw_wq);
-+ }
-+}
-+
-+static int __init cgroup_writeback_init(void)
-+{
-+ isw_wq = alloc_workqueue("inode_switch_wbs", 0, 0);
-+ if (!isw_wq)
-+ return -ENOMEM;
-+ return 0;
-+}
-+fs_initcall(cgroup_writeback_init);
-+
- #else /* CONFIG_CGROUP_WRITEBACK */
-
- static struct bdi_writeback *
-diff --git a/fs/jffs2/README.Locking b/fs/jffs2/README.Locking
-index 3ea3655..8918ac9 100644
---- a/fs/jffs2/README.Locking
-+++ b/fs/jffs2/README.Locking
-@@ -2,10 +2,6 @@
- JFFS2 LOCKING DOCUMENTATION
- ---------------------------
-
--At least theoretically, JFFS2 does not require the Big Kernel Lock
--(BKL), which was always helpfully obtained for it by Linux 2.4 VFS
--code. It has its own locking, as described below.
--
- This document attempts to describe the existing locking rules for
- JFFS2. It is not expected to remain perfectly up to date, but ought to
- be fairly close.
-@@ -69,6 +65,7 @@ Ordering constraints:
- any f->sem held.
- 2. Never attempt to lock two file mutexes in one thread.
- No ordering rules have been made for doing so.
-+ 3. Never lock a page cache page with f->sem held.
-
-
- erase_completion_lock spinlock
-diff --git a/fs/jffs2/build.c b/fs/jffs2/build.c
-index a3750f9..c1f0494 100644
---- a/fs/jffs2/build.c
-+++ b/fs/jffs2/build.c
-@@ -49,7 +49,8 @@ next_inode(int *i, struct jffs2_inode_cache *ic, struct jffs2_sb_info *c)
-
-
- static void jffs2_build_inode_pass1(struct jffs2_sb_info *c,
-- struct jffs2_inode_cache *ic)
-+ struct jffs2_inode_cache *ic,
-+ int *dir_hardlinks)
- {
- struct jffs2_full_dirent *fd;
-
-@@ -68,19 +69,21 @@ static void jffs2_build_inode_pass1(struct jffs2_sb_info *c,
- dbg_fsbuild("child \"%s\" (ino #%u) of dir ino #%u doesn't exist!\n",
- fd->name, fd->ino, ic->ino);
- jffs2_mark_node_obsolete(c, fd->raw);
-+ /* Clear the ic/raw union so it doesn't cause problems later. */
-+ fd->ic = NULL;
- continue;
- }
-
-+ /* From this point, fd->raw is no longer used so we can set fd->ic */
-+ fd->ic = child_ic;
-+ child_ic->pino_nlink++;
-+ /* If we appear (at this stage) to have hard-linked directories,
-+ * set a flag to trigger a scan later */
- if (fd->type == DT_DIR) {
-- if (child_ic->pino_nlink) {
-- JFFS2_ERROR("child dir \"%s\" (ino #%u) of dir ino #%u appears to be a hard link\n",
-- fd->name, fd->ino, ic->ino);
-- /* TODO: What do we do about it? */
-- } else {
-- child_ic->pino_nlink = ic->ino;
-- }
-- } else
-- child_ic->pino_nlink++;
-+ child_ic->flags |= INO_FLAGS_IS_DIR;
-+ if (child_ic->pino_nlink > 1)
-+ *dir_hardlinks = 1;
-+ }
-
- dbg_fsbuild("increased nlink for child \"%s\" (ino #%u)\n", fd->name, fd->ino);
- /* Can't free scan_dents so far. We might need them in pass 2 */
-@@ -94,8 +97,7 @@ static void jffs2_build_inode_pass1(struct jffs2_sb_info *c,
- */
- static int jffs2_build_filesystem(struct jffs2_sb_info *c)
- {
-- int ret;
-- int i;
-+ int ret, i, dir_hardlinks = 0;
- struct jffs2_inode_cache *ic;
- struct jffs2_full_dirent *fd;
- struct jffs2_full_dirent *dead_fds = NULL;
-@@ -119,7 +121,7 @@ static int jffs2_build_filesystem(struct jffs2_sb_info *c)
- /* Now scan the directory tree, increasing nlink according to every dirent found. */
- for_each_inode(i, c, ic) {
- if (ic->scan_dents) {
-- jffs2_build_inode_pass1(c, ic);
-+ jffs2_build_inode_pass1(c, ic, &dir_hardlinks);
- cond_resched();
- }
- }
-@@ -155,6 +157,20 @@ static int jffs2_build_filesystem(struct jffs2_sb_info *c)
- }
-
- dbg_fsbuild("pass 2a complete\n");
-+
-+ if (dir_hardlinks) {
-+ /* If we detected directory hardlinks earlier, *hopefully*
-+ * they are gone now because some of the links were from
-+ * dead directories which still had some old dirents lying
-+ * around and not yet garbage-collected, but which have
-+ * been discarded above. So clear the pino_nlink field
-+ * in each directory, so that the final scan below can
-+ * print appropriate warnings. */
-+ for_each_inode(i, c, ic) {
-+ if (ic->flags & INO_FLAGS_IS_DIR)
-+ ic->pino_nlink = 0;
-+ }
-+ }
- dbg_fsbuild("freeing temporary data structures\n");
-
- /* Finally, we can scan again and free the dirent structs */
-@@ -162,6 +178,33 @@ static int jffs2_build_filesystem(struct jffs2_sb_info *c)
- while(ic->scan_dents) {
- fd = ic->scan_dents;
- ic->scan_dents = fd->next;
-+ /* We do use the pino_nlink field to count nlink of
-+ * directories during fs build, so set it to the
-+ * parent ino# now. Now that there's hopefully only
-+ * one. */
-+ if (fd->type == DT_DIR) {
-+ if (!fd->ic) {
-+ /* We'll have complained about it and marked the coresponding
-+ raw node obsolete already. Just skip it. */
-+ continue;
-+ }
-+
-+ /* We *have* to have set this in jffs2_build_inode_pass1() */
-+ BUG_ON(!(fd->ic->flags & INO_FLAGS_IS_DIR));
-+
-+ /* We clear ic->pino_nlink ∀ directories' ic *only* if dir_hardlinks
-+ * is set. Otherwise, we know this should never trigger anyway, so
-+ * we don't do the check. And ic->pino_nlink still contains the nlink
-+ * value (which is 1). */
-+ if (dir_hardlinks && fd->ic->pino_nlink) {
-+ JFFS2_ERROR("child dir \"%s\" (ino #%u) of dir ino #%u is also hard linked from dir ino #%u\n",
-+ fd->name, fd->ino, ic->ino, fd->ic->pino_nlink);
-+ /* Should we unlink it from its previous parent? */
-+ }
-+
-+ /* For directories, ic->pino_nlink holds that parent inode # */
-+ fd->ic->pino_nlink = ic->ino;
-+ }
- jffs2_free_full_dirent(fd);
- }
- ic->scan_dents = NULL;
-@@ -240,11 +283,7 @@ static void jffs2_build_remove_unlinked_inode(struct jffs2_sb_info *c,
-
- /* Reduce nlink of the child. If it's now zero, stick it on the
- dead_fds list to be cleaned up later. Else just free the fd */
--
-- if (fd->type == DT_DIR)
-- child_ic->pino_nlink = 0;
-- else
-- child_ic->pino_nlink--;
-+ child_ic->pino_nlink--;
-
- if (!child_ic->pino_nlink) {
- dbg_fsbuild("inode #%u (\"%s\") now has no links; adding to dead_fds list.\n",
-diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
-index f509f62..3361979 100644
---- a/fs/jffs2/file.c
-+++ b/fs/jffs2/file.c
-@@ -137,39 +137,33 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
- struct page *pg;
- struct inode *inode = mapping->host;
- struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
-- struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
-- struct jffs2_raw_inode ri;
-- uint32_t alloc_len = 0;
- pgoff_t index = pos >> PAGE_CACHE_SHIFT;
- uint32_t pageofs = index << PAGE_CACHE_SHIFT;
- int ret = 0;
-
-- jffs2_dbg(1, "%s()\n", __func__);
--
-- if (pageofs > inode->i_size) {
-- ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len,
-- ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
-- if (ret)
-- return ret;
-- }
--
-- mutex_lock(&f->sem);
- pg = grab_cache_page_write_begin(mapping, index, flags);
-- if (!pg) {
-- if (alloc_len)
-- jffs2_complete_reservation(c);
-- mutex_unlock(&f->sem);
-+ if (!pg)
- return -ENOMEM;
-- }
- *pagep = pg;
-
-- if (alloc_len) {
-+ jffs2_dbg(1, "%s()\n", __func__);
-+
-+ if (pageofs > inode->i_size) {
- /* Make new hole frag from old EOF to new page */
-+ struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
-+ struct jffs2_raw_inode ri;
- struct jffs2_full_dnode *fn;
-+ uint32_t alloc_len;
-
- jffs2_dbg(1, "Writing new hole frag 0x%x-0x%x between current EOF and new page\n",
- (unsigned int)inode->i_size, pageofs);
-
-+ ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len,
-+ ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
-+ if (ret)
-+ goto out_page;
-+
-+ mutex_lock(&f->sem);
- memset(&ri, 0, sizeof(ri));
-
- ri.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
-@@ -196,6 +190,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
- if (IS_ERR(fn)) {
- ret = PTR_ERR(fn);
- jffs2_complete_reservation(c);
-+ mutex_unlock(&f->sem);
- goto out_page;
- }
- ret = jffs2_add_full_dnode_to_inode(c, f, fn);
-@@ -210,10 +205,12 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
- jffs2_mark_node_obsolete(c, fn->raw);
- jffs2_free_full_dnode(fn);
- jffs2_complete_reservation(c);
-+ mutex_unlock(&f->sem);
- goto out_page;
- }
- jffs2_complete_reservation(c);
- inode->i_size = pageofs;
-+ mutex_unlock(&f->sem);
- }
-
- /*
-@@ -222,18 +219,18 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
- * case of a short-copy.
- */
- if (!PageUptodate(pg)) {
-+ mutex_lock(&f->sem);
- ret = jffs2_do_readpage_nolock(inode, pg);
-+ mutex_unlock(&f->sem);
- if (ret)
- goto out_page;
- }
-- mutex_unlock(&f->sem);
- jffs2_dbg(1, "end write_begin(). pg->flags %lx\n", pg->flags);
- return ret;
-
- out_page:
- unlock_page(pg);
- page_cache_release(pg);
-- mutex_unlock(&f->sem);
- return ret;
- }
-
-diff --git a/fs/jffs2/gc.c b/fs/jffs2/gc.c
-index 5a2dec2..95d5880 100644
---- a/fs/jffs2/gc.c
-+++ b/fs/jffs2/gc.c
-@@ -1296,14 +1296,17 @@ static int jffs2_garbage_collect_dnode(struct jffs2_sb_info *c, struct jffs2_era
- BUG_ON(start > orig_start);
- }
-
-- /* First, use readpage() to read the appropriate page into the page cache */
-- /* Q: What happens if we actually try to GC the _same_ page for which commit_write()
-- * triggered garbage collection in the first place?
-- * A: I _think_ it's OK. read_cache_page shouldn't deadlock, we'll write out the
-- * page OK. We'll actually write it out again in commit_write, which is a little
-- * suboptimal, but at least we're correct.
-- */
-+ /* The rules state that we must obtain the page lock *before* f->sem, so
-+ * drop f->sem temporarily. Since we also hold c->alloc_sem, nothing's
-+ * actually going to *change* so we're safe; we only allow reading.
-+ *
-+ * It is important to note that jffs2_write_begin() will ensure that its
-+ * page is marked Uptodate before allocating space. That means that if we
-+ * end up here trying to GC the *same* page that jffs2_write_begin() is
-+ * trying to write out, read_cache_page() will not deadlock. */
-+ mutex_unlock(&f->sem);
- pg_ptr = jffs2_gc_fetch_page(c, f, start, &pg);
-+ mutex_lock(&f->sem);
-
- if (IS_ERR(pg_ptr)) {
- pr_warn("read_cache_page() returned error: %ld\n",
-diff --git a/fs/jffs2/nodelist.h b/fs/jffs2/nodelist.h
-index fa35ff7..0637271 100644
---- a/fs/jffs2/nodelist.h
-+++ b/fs/jffs2/nodelist.h
-@@ -194,6 +194,7 @@ struct jffs2_inode_cache {
- #define INO_STATE_CLEARING 6 /* In clear_inode() */
-
- #define INO_FLAGS_XATTR_CHECKED 0x01 /* has no duplicate xattr_ref */
-+#define INO_FLAGS_IS_DIR 0x02 /* is a directory */
-
- #define RAWNODE_CLASS_INODE_CACHE 0
- #define RAWNODE_CLASS_XATTR_DATUM 1
-@@ -249,7 +250,10 @@ struct jffs2_readinode_info
-
- struct jffs2_full_dirent
- {
-- struct jffs2_raw_node_ref *raw;
-+ union {
-+ struct jffs2_raw_node_ref *raw;
-+ struct jffs2_inode_cache *ic; /* Just during part of build */
-+ };
- struct jffs2_full_dirent *next;
- uint32_t version;
- uint32_t ino; /* == zero for unlink */
-diff --git a/fs/super.c b/fs/super.c
-index 954aeb8..f5f4b32 100644
---- a/fs/super.c
-+++ b/fs/super.c
-@@ -415,6 +415,7 @@ void generic_shutdown_super(struct super_block *sb)
- sb->s_flags &= ~MS_ACTIVE;
-
- fsnotify_unmount_inodes(sb);
-+ cgroup_writeback_umount();
-
- evict_inodes(sb);
-
-diff --git a/include/linux/ata.h b/include/linux/ata.h
-index d2992bf..c1a2f34 100644
---- a/include/linux/ata.h
-+++ b/include/linux/ata.h
-@@ -487,8 +487,8 @@ enum ata_tf_protocols {
- };
-
- enum ata_ioctls {
-- ATA_IOC_GET_IO32 = 0x309,
-- ATA_IOC_SET_IO32 = 0x324,
-+ ATA_IOC_GET_IO32 = 0x309, /* HDIO_GET_32BIT */
-+ ATA_IOC_SET_IO32 = 0x324, /* HDIO_SET_32BIT */
- };
-
- /* core structures */
-diff --git a/include/linux/bio.h b/include/linux/bio.h
-index b9b6e04..79cfaee 100644
---- a/include/linux/bio.h
-+++ b/include/linux/bio.h
-@@ -310,6 +310,43 @@ static inline void bio_clear_flag(struct bio *bio, unsigned int bit)
- bio->bi_flags &= ~(1U << bit);
- }
-
-+static inline void bio_get_first_bvec(struct bio *bio, struct bio_vec *bv)
-+{
-+ *bv = bio_iovec(bio);
-+}
-+
-+static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv)
-+{
-+ struct bvec_iter iter = bio->bi_iter;
-+ int idx;
-+
-+ if (!bio_flagged(bio, BIO_CLONED)) {
-+ *bv = bio->bi_io_vec[bio->bi_vcnt - 1];
-+ return;
-+ }
-+
-+ if (unlikely(!bio_multiple_segments(bio))) {
-+ *bv = bio_iovec(bio);
-+ return;
-+ }
-+
-+ bio_advance_iter(bio, &iter, iter.bi_size);
-+
-+ if (!iter.bi_bvec_done)
-+ idx = iter.bi_idx - 1;
-+ else /* in the middle of bvec */
-+ idx = iter.bi_idx;
-+
-+ *bv = bio->bi_io_vec[idx];
-+
-+ /*
-+ * iter.bi_bvec_done records actual length of the last bvec
-+ * if this bio ends in the middle of one io vector
-+ */
-+ if (iter.bi_bvec_done)
-+ bv->bv_len = iter.bi_bvec_done;
-+}
-+
- enum bip_flags {
- BIP_BLOCK_INTEGRITY = 1 << 0, /* block layer owns integrity data */
- BIP_MAPPED_INTEGRITY = 1 << 1, /* ref tag has been remapped */
-diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
-index c70e358..1687557 100644
---- a/include/linux/blkdev.h
-+++ b/include/linux/blkdev.h
-@@ -1367,6 +1367,13 @@ static inline void put_dev_sector(Sector p)
- page_cache_release(p.v);
- }
-
-+static inline bool __bvec_gap_to_prev(struct request_queue *q,
-+ struct bio_vec *bprv, unsigned int offset)
-+{
-+ return offset ||
-+ ((bprv->bv_offset + bprv->bv_len) & queue_virt_boundary(q));
-+}
-+
- /*
- * Check if adding a bio_vec after bprv with offset would create a gap in
- * the SG list. Most drivers don't care about this, but some do.
-@@ -1376,18 +1383,22 @@ static inline bool bvec_gap_to_prev(struct request_queue *q,
- {
- if (!queue_virt_boundary(q))
- return false;
-- return offset ||
-- ((bprv->bv_offset + bprv->bv_len) & queue_virt_boundary(q));
-+ return __bvec_gap_to_prev(q, bprv, offset);
- }
-
- static inline bool bio_will_gap(struct request_queue *q, struct bio *prev,
- struct bio *next)
- {
-- if (!bio_has_data(prev))
-- return false;
-+ if (bio_has_data(prev) && queue_virt_boundary(q)) {
-+ struct bio_vec pb, nb;
-+
-+ bio_get_last_bvec(prev, &pb);
-+ bio_get_first_bvec(next, &nb);
-
-- return bvec_gap_to_prev(q, &prev->bi_io_vec[prev->bi_vcnt - 1],
-- next->bi_io_vec[0].bv_offset);
-+ return __bvec_gap_to_prev(q, &pb, nb.bv_offset);
-+ }
-+
-+ return false;
- }
-
- static inline bool req_gap_back_merge(struct request *req, struct bio *bio)
-diff --git a/include/linux/dcache.h b/include/linux/dcache.h
-index d67ae11..8a2e009 100644
---- a/include/linux/dcache.h
-+++ b/include/linux/dcache.h
-@@ -409,9 +409,7 @@ static inline bool d_mountpoint(const struct dentry *dentry)
- */
- static inline unsigned __d_entry_type(const struct dentry *dentry)
- {
-- unsigned type = READ_ONCE(dentry->d_flags);
-- smp_rmb();
-- return type & DCACHE_ENTRY_TYPE;
-+ return dentry->d_flags & DCACHE_ENTRY_TYPE;
- }
-
- static inline bool d_is_miss(const struct dentry *dentry)
-diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 600c1e0..b20a275 100644
---- a/include/linux/libata.h
-+++ b/include/linux/libata.h
-@@ -718,7 +718,7 @@ struct ata_device {
- union {
- u16 id[ATA_ID_WORDS]; /* IDENTIFY xxx DEVICE data */
- u32 gscr[SATA_PMP_GSCR_DWORDS]; /* PMP GSCR block */
-- };
-+ } ____cacheline_aligned;
-
- /* DEVSLP Timing Variables from Identify Device Data Log */
- u8 devslp_timing[ATA_LOG_DEVSLP_SIZE];
-diff --git a/include/linux/module.h b/include/linux/module.h
-index 3a19c79..b229a99 100644
---- a/include/linux/module.h
-+++ b/include/linux/module.h
-@@ -302,6 +302,12 @@ struct mod_tree_node {
- struct latch_tree_node node;
- };
-
-+struct mod_kallsyms {
-+ Elf_Sym *symtab;
-+ unsigned int num_symtab;
-+ char *strtab;
-+};
-+
- struct module {
- enum module_state state;
-
-@@ -411,14 +417,9 @@ struct module {
- #endif
-
- #ifdef CONFIG_KALLSYMS
-- /*
-- * We keep the symbol and string tables for kallsyms.
-- * The core_* fields below are temporary, loader-only (they
-- * could really be discarded after module init).
-- */
-- Elf_Sym *symtab, *core_symtab;
-- unsigned int num_symtab, core_num_syms;
-- char *strtab, *core_strtab;
-+ /* Protected by RCU and/or module_mutex: use rcu_dereference() */
-+ struct mod_kallsyms *kallsyms;
-+ struct mod_kallsyms core_kallsyms;
-
- /* Section attributes */
- struct module_sect_attrs *sect_attrs;
-diff --git a/include/linux/trace_events.h b/include/linux/trace_events.h
-index 429fdfc..925730b 100644
---- a/include/linux/trace_events.h
-+++ b/include/linux/trace_events.h
-@@ -568,6 +568,8 @@ enum {
- FILTER_DYN_STRING,
- FILTER_PTR_STRING,
- FILTER_TRACE_FN,
-+ FILTER_COMM,
-+ FILTER_CPU,
- };
-
- extern int trace_event_raw_init(struct trace_event_call *call);
-diff --git a/include/linux/writeback.h b/include/linux/writeback.h
-index b333c94..d0b5ca5 100644
---- a/include/linux/writeback.h
-+++ b/include/linux/writeback.h
-@@ -198,6 +198,7 @@ void wbc_attach_and_unlock_inode(struct writeback_control *wbc,
- void wbc_detach_inode(struct writeback_control *wbc);
- void wbc_account_io(struct writeback_control *wbc, struct page *page,
- size_t bytes);
-+void cgroup_writeback_umount(void);
-
- /**
- * inode_attach_wb - associate an inode with its wb
-@@ -301,6 +302,10 @@ static inline void wbc_account_io(struct writeback_control *wbc,
- {
- }
-
-+static inline void cgroup_writeback_umount(void)
-+{
-+}
-+
- #endif /* CONFIG_CGROUP_WRITEBACK */
-
- /*
-diff --git a/include/target/target_core_backend.h b/include/target/target_core_backend.h
-index 56cf8e4..28ee5c2 100644
---- a/include/target/target_core_backend.h
-+++ b/include/target/target_core_backend.h
-@@ -94,5 +94,8 @@ sense_reason_t passthrough_parse_cdb(struct se_cmd *cmd,
- sense_reason_t (*exec_cmd)(struct se_cmd *cmd));
-
- bool target_sense_desc_format(struct se_device *dev);
-+sector_t target_to_linux_sector(struct se_device *dev, sector_t lb);
-+bool target_configure_unmap_from_queue(struct se_dev_attrib *attrib,
-+ struct request_queue *q, int block_size);
-
- #endif /* TARGET_CORE_BACKEND_H */
-diff --git a/kernel/module.c b/kernel/module.c
-index 14833e6..0e5c711 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -327,6 +327,9 @@ struct load_info {
- struct _ddebug *debug;
- unsigned int num_debug;
- bool sig_ok;
-+#ifdef CONFIG_KALLSYMS
-+ unsigned long mod_kallsyms_init_off;
-+#endif
- struct {
- unsigned int sym, str, mod, vers, info, pcpu;
- } index;
-@@ -2492,10 +2495,21 @@ static void layout_symtab(struct module *mod, struct load_info *info)
- strsect->sh_flags |= SHF_ALLOC;
- strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
- info->index.str) | INIT_OFFSET_MASK;
-- mod->init_size = debug_align(mod->init_size);
- pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
-+
-+ /* We'll tack temporary mod_kallsyms on the end. */
-+ mod->init_size = ALIGN(mod->init_size,
-+ __alignof__(struct mod_kallsyms));
-+ info->mod_kallsyms_init_off = mod->init_size;
-+ mod->init_size += sizeof(struct mod_kallsyms);
-+ mod->init_size = debug_align(mod->init_size);
- }
-
-+/*
-+ * We use the full symtab and strtab which layout_symtab arranged to
-+ * be appended to the init section. Later we switch to the cut-down
-+ * core-only ones.
-+ */
- static void add_kallsyms(struct module *mod, const struct load_info *info)
- {
- unsigned int i, ndst;
-@@ -2504,28 +2518,33 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
- char *s;
- Elf_Shdr *symsec = &info->sechdrs[info->index.sym];
-
-- mod->symtab = (void *)symsec->sh_addr;
-- mod->num_symtab = symsec->sh_size / sizeof(Elf_Sym);
-+ /* Set up to point into init section. */
-+ mod->kallsyms = mod->module_init + info->mod_kallsyms_init_off;
-+
-+ mod->kallsyms->symtab = (void *)symsec->sh_addr;
-+ mod->kallsyms->num_symtab = symsec->sh_size / sizeof(Elf_Sym);
- /* Make sure we get permanent strtab: don't use info->strtab. */
-- mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
-+ mod->kallsyms->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
-
- /* Set types up while we still have access to sections. */
-- for (i = 0; i < mod->num_symtab; i++)
-- mod->symtab[i].st_info = elf_type(&mod->symtab[i], info);
--
-- mod->core_symtab = dst = mod->module_core + info->symoffs;
-- mod->core_strtab = s = mod->module_core + info->stroffs;
-- src = mod->symtab;
-- for (ndst = i = 0; i < mod->num_symtab; i++) {
-+ for (i = 0; i < mod->kallsyms->num_symtab; i++)
-+ mod->kallsyms->symtab[i].st_info
-+ = elf_type(&mod->kallsyms->symtab[i], info);
-+
-+ /* Now populate the cut down core kallsyms for after init. */
-+ mod->core_kallsyms.symtab = dst = mod->module_core + info->symoffs;
-+ mod->core_kallsyms.strtab = s = mod->module_core + info->stroffs;
-+ src = mod->kallsyms->symtab;
-+ for (ndst = i = 0; i < mod->kallsyms->num_symtab; i++) {
- if (i == 0 ||
- is_core_symbol(src+i, info->sechdrs, info->hdr->e_shnum)) {
- dst[ndst] = src[i];
-- dst[ndst++].st_name = s - mod->core_strtab;
-- s += strlcpy(s, &mod->strtab[src[i].st_name],
-+ dst[ndst++].st_name = s - mod->core_kallsyms.strtab;
-+ s += strlcpy(s, &mod->kallsyms->strtab[src[i].st_name],
- KSYM_NAME_LEN) + 1;
- }
- }
-- mod->core_num_syms = ndst;
-+ mod->core_kallsyms.num_symtab = ndst;
- }
- #else
- static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -3274,9 +3293,8 @@ static noinline int do_init_module(struct module *mod)
- module_put(mod);
- trim_init_extable(mod);
- #ifdef CONFIG_KALLSYMS
-- mod->num_symtab = mod->core_num_syms;
-- mod->symtab = mod->core_symtab;
-- mod->strtab = mod->core_strtab;
-+ /* Switch to core kallsyms now init is done: kallsyms may be walking! */
-+ rcu_assign_pointer(mod->kallsyms, &mod->core_kallsyms);
- #endif
- mod_tree_remove_init(mod);
- unset_module_init_ro_nx(mod);
-@@ -3646,9 +3664,9 @@ static inline int is_arm_mapping_symbol(const char *str)
- && (str[2] == '\0' || str[2] == '.');
- }
-
--static const char *symname(struct module *mod, unsigned int symnum)
-+static const char *symname(struct mod_kallsyms *kallsyms, unsigned int symnum)
- {
-- return mod->strtab + mod->symtab[symnum].st_name;
-+ return kallsyms->strtab + kallsyms->symtab[symnum].st_name;
- }
-
- static const char *get_ksymbol(struct module *mod,
-@@ -3658,6 +3676,7 @@ static const char *get_ksymbol(struct module *mod,
- {
- unsigned int i, best = 0;
- unsigned long nextval;
-+ struct mod_kallsyms *kallsyms = rcu_dereference_sched(mod->kallsyms);
-
- /* At worse, next value is at end of module */
- if (within_module_init(addr, mod))
-@@ -3667,32 +3686,32 @@ static const char *get_ksymbol(struct module *mod,
-
- /* Scan for closest preceding symbol, and next symbol. (ELF
- starts real symbols at 1). */
-- for (i = 1; i < mod->num_symtab; i++) {
-- if (mod->symtab[i].st_shndx == SHN_UNDEF)
-+ for (i = 1; i < kallsyms->num_symtab; i++) {
-+ if (kallsyms->symtab[i].st_shndx == SHN_UNDEF)
- continue;
-
- /* We ignore unnamed symbols: they're uninformative
- * and inserted at a whim. */
-- if (*symname(mod, i) == '\0'
-- || is_arm_mapping_symbol(symname(mod, i)))
-+ if (*symname(kallsyms, i) == '\0'
-+ || is_arm_mapping_symbol(symname(kallsyms, i)))
- continue;
-
-- if (mod->symtab[i].st_value <= addr
-- && mod->symtab[i].st_value > mod->symtab[best].st_value)
-+ if (kallsyms->symtab[i].st_value <= addr
-+ && kallsyms->symtab[i].st_value > kallsyms->symtab[best].st_value)
- best = i;
-- if (mod->symtab[i].st_value > addr
-- && mod->symtab[i].st_value < nextval)
-- nextval = mod->symtab[i].st_value;
-+ if (kallsyms->symtab[i].st_value > addr
-+ && kallsyms->symtab[i].st_value < nextval)
-+ nextval = kallsyms->symtab[i].st_value;
- }
-
- if (!best)
- return NULL;
-
- if (size)
-- *size = nextval - mod->symtab[best].st_value;
-+ *size = nextval - kallsyms->symtab[best].st_value;
- if (offset)
-- *offset = addr - mod->symtab[best].st_value;
-- return symname(mod, best);
-+ *offset = addr - kallsyms->symtab[best].st_value;
-+ return symname(kallsyms, best);
- }
-
- /* For kallsyms to ask for address resolution. NULL means not found. Careful
-@@ -3782,18 +3801,21 @@ int module_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
-
- preempt_disable();
- list_for_each_entry_rcu(mod, &modules, list) {
-+ struct mod_kallsyms *kallsyms;
-+
- if (mod->state == MODULE_STATE_UNFORMED)
- continue;
-- if (symnum < mod->num_symtab) {
-- *value = mod->symtab[symnum].st_value;
-- *type = mod->symtab[symnum].st_info;
-- strlcpy(name, symname(mod, symnum), KSYM_NAME_LEN);
-+ kallsyms = rcu_dereference_sched(mod->kallsyms);
-+ if (symnum < kallsyms->num_symtab) {
-+ *value = kallsyms->symtab[symnum].st_value;
-+ *type = kallsyms->symtab[symnum].st_info;
-+ strlcpy(name, symname(kallsyms, symnum), KSYM_NAME_LEN);
- strlcpy(module_name, mod->name, MODULE_NAME_LEN);
- *exported = is_exported(name, *value, mod);
- preempt_enable();
- return 0;
- }
-- symnum -= mod->num_symtab;
-+ symnum -= kallsyms->num_symtab;
- }
- preempt_enable();
- return -ERANGE;
-@@ -3802,11 +3824,12 @@ int module_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
- static unsigned long mod_find_symname(struct module *mod, const char *name)
- {
- unsigned int i;
-+ struct mod_kallsyms *kallsyms = rcu_dereference_sched(mod->kallsyms);
-
-- for (i = 0; i < mod->num_symtab; i++)
-- if (strcmp(name, symname(mod, i)) == 0 &&
-- mod->symtab[i].st_info != 'U')
-- return mod->symtab[i].st_value;
-+ for (i = 0; i < kallsyms->num_symtab; i++)
-+ if (strcmp(name, symname(kallsyms, i)) == 0 &&
-+ kallsyms->symtab[i].st_info != 'U')
-+ return kallsyms->symtab[i].st_value;
- return 0;
- }
-
-@@ -3845,11 +3868,14 @@ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *,
- module_assert_mutex();
-
- list_for_each_entry(mod, &modules, list) {
-+ /* We hold module_mutex: no need for rcu_dereference_sched */
-+ struct mod_kallsyms *kallsyms = mod->kallsyms;
-+
- if (mod->state == MODULE_STATE_UNFORMED)
- continue;
-- for (i = 0; i < mod->num_symtab; i++) {
-- ret = fn(data, symname(mod, i),
-- mod, mod->symtab[i].st_value);
-+ for (i = 0; i < kallsyms->num_symtab; i++) {
-+ ret = fn(data, symname(kallsyms, i),
-+ mod, kallsyms->symtab[i].st_value);
- if (ret != 0)
- return ret;
- }
-diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
-index debf6e8..d202d99 100644
---- a/kernel/trace/trace_events.c
-+++ b/kernel/trace/trace_events.c
-@@ -97,16 +97,16 @@ trace_find_event_field(struct trace_event_call *call, char *name)
- struct ftrace_event_field *field;
- struct list_head *head;
-
-- field = __find_event_field(&ftrace_generic_fields, name);
-+ head = trace_get_fields(call);
-+ field = __find_event_field(head, name);
- if (field)
- return field;
-
-- field = __find_event_field(&ftrace_common_fields, name);
-+ field = __find_event_field(&ftrace_generic_fields, name);
- if (field)
- return field;
-
-- head = trace_get_fields(call);
-- return __find_event_field(head, name);
-+ return __find_event_field(&ftrace_common_fields, name);
- }
-
- static int __trace_define_field(struct list_head *head, const char *type,
-@@ -171,8 +171,10 @@ static int trace_define_generic_fields(void)
- {
- int ret;
-
-- __generic_field(int, cpu, FILTER_OTHER);
-- __generic_field(char *, comm, FILTER_PTR_STRING);
-+ __generic_field(int, CPU, FILTER_CPU);
-+ __generic_field(int, cpu, FILTER_CPU);
-+ __generic_field(char *, COMM, FILTER_COMM);
-+ __generic_field(char *, comm, FILTER_COMM);
-
- return ret;
- }
-diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
-index f93a219..6816302 100644
---- a/kernel/trace/trace_events_filter.c
-+++ b/kernel/trace/trace_events_filter.c
-@@ -1043,13 +1043,14 @@ static int init_pred(struct filter_parse_state *ps,
- return -EINVAL;
- }
-
-- if (is_string_field(field)) {
-+ if (field->filter_type == FILTER_COMM) {
-+ filter_build_regex(pred);
-+ fn = filter_pred_comm;
-+ pred->regex.field_len = TASK_COMM_LEN;
-+ } else if (is_string_field(field)) {
- filter_build_regex(pred);
-
-- if (!strcmp(field->name, "comm")) {
-- fn = filter_pred_comm;
-- pred->regex.field_len = TASK_COMM_LEN;
-- } else if (field->filter_type == FILTER_STATIC_STRING) {
-+ if (field->filter_type == FILTER_STATIC_STRING) {
- fn = filter_pred_string;
- pred->regex.field_len = field->size;
- } else if (field->filter_type == FILTER_DYN_STRING)
-@@ -1072,7 +1073,7 @@ static int init_pred(struct filter_parse_state *ps,
- }
- pred->val = val;
-
-- if (!strcmp(field->name, "cpu"))
-+ if (field->filter_type == FILTER_CPU)
- fn = filter_pred_cpu;
- else
- fn = select_comparison_fn(pred->op, field->size,
-diff --git a/sound/core/control_compat.c b/sound/core/control_compat.c
-index b9c0910..0608f21 100644
---- a/sound/core/control_compat.c
-+++ b/sound/core/control_compat.c
-@@ -170,6 +170,19 @@ struct snd_ctl_elem_value32 {
- unsigned char reserved[128];
- };
-
-+#ifdef CONFIG_X86_X32
-+/* x32 has a different alignment for 64bit values from ia32 */
-+struct snd_ctl_elem_value_x32 {
-+ struct snd_ctl_elem_id id;
-+ unsigned int indirect; /* bit-field causes misalignment */
-+ union {
-+ s32 integer[128];
-+ unsigned char data[512];
-+ s64 integer64[64];
-+ } value;
-+ unsigned char reserved[128];
-+};
-+#endif /* CONFIG_X86_X32 */
-
- /* get the value type and count of the control */
- static int get_ctl_type(struct snd_card *card, struct snd_ctl_elem_id *id,
-@@ -219,9 +232,11 @@ static int get_elem_size(int type, int count)
-
- static int copy_ctl_value_from_user(struct snd_card *card,
- struct snd_ctl_elem_value *data,
-- struct snd_ctl_elem_value32 __user *data32,
-+ void __user *userdata,
-+ void __user *valuep,
- int *typep, int *countp)
- {
-+ struct snd_ctl_elem_value32 __user *data32 = userdata;
- int i, type, size;
- int uninitialized_var(count);
- unsigned int indirect;
-@@ -239,8 +254,9 @@ static int copy_ctl_value_from_user(struct snd_card *card,
- if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
- type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
- for (i = 0; i < count; i++) {
-+ s32 __user *intp = valuep;
- int val;
-- if (get_user(val, &data32->value.integer[i]))
-+ if (get_user(val, &intp[i]))
- return -EFAULT;
- data->value.integer.value[i] = val;
- }
-@@ -250,8 +266,7 @@ static int copy_ctl_value_from_user(struct snd_card *card,
- dev_err(card->dev, "snd_ioctl32_ctl_elem_value: unknown type %d\n", type);
- return -EINVAL;
- }
-- if (copy_from_user(data->value.bytes.data,
-- data32->value.data, size))
-+ if (copy_from_user(data->value.bytes.data, valuep, size))
- return -EFAULT;
- }
-
-@@ -261,7 +276,8 @@ static int copy_ctl_value_from_user(struct snd_card *card,
- }
-
- /* restore the value to 32bit */
--static int copy_ctl_value_to_user(struct snd_ctl_elem_value32 __user *data32,
-+static int copy_ctl_value_to_user(void __user *userdata,
-+ void __user *valuep,
- struct snd_ctl_elem_value *data,
- int type, int count)
- {
-@@ -270,22 +286,22 @@ static int copy_ctl_value_to_user(struct snd_ctl_elem_value32 __user *data32,
- if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
- type == SNDRV_CTL_ELEM_TYPE_INTEGER) {
- for (i = 0; i < count; i++) {
-+ s32 __user *intp = valuep;
- int val;
- val = data->value.integer.value[i];
-- if (put_user(val, &data32->value.integer[i]))
-+ if (put_user(val, &intp[i]))
- return -EFAULT;
- }
- } else {
- size = get_elem_size(type, count);
-- if (copy_to_user(data32->value.data,
-- data->value.bytes.data, size))
-+ if (copy_to_user(valuep, data->value.bytes.data, size))
- return -EFAULT;
- }
- return 0;
- }
-
--static int snd_ctl_elem_read_user_compat(struct snd_card *card,
-- struct snd_ctl_elem_value32 __user *data32)
-+static int ctl_elem_read_user(struct snd_card *card,
-+ void __user *userdata, void __user *valuep)
- {
- struct snd_ctl_elem_value *data;
- int err, type, count;
-@@ -294,7 +310,9 @@ static int snd_ctl_elem_read_user_compat(struct snd_card *card,
- if (data == NULL)
- return -ENOMEM;
-
-- if ((err = copy_ctl_value_from_user(card, data, data32, &type, &count)) < 0)
-+ err = copy_ctl_value_from_user(card, data, userdata, valuep,
-+ &type, &count);
-+ if (err < 0)
- goto error;
-
- snd_power_lock(card);
-@@ -303,14 +321,15 @@ static int snd_ctl_elem_read_user_compat(struct snd_card *card,
- err = snd_ctl_elem_read(card, data);
- snd_power_unlock(card);
- if (err >= 0)
-- err = copy_ctl_value_to_user(data32, data, type, count);
-+ err = copy_ctl_value_to_user(userdata, valuep, data,
-+ type, count);
- error:
- kfree(data);
- return err;
- }
-
--static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
-- struct snd_ctl_elem_value32 __user *data32)
-+static int ctl_elem_write_user(struct snd_ctl_file *file,
-+ void __user *userdata, void __user *valuep)
- {
- struct snd_ctl_elem_value *data;
- struct snd_card *card = file->card;
-@@ -320,7 +339,9 @@ static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
- if (data == NULL)
- return -ENOMEM;
-
-- if ((err = copy_ctl_value_from_user(card, data, data32, &type, &count)) < 0)
-+ err = copy_ctl_value_from_user(card, data, userdata, valuep,
-+ &type, &count);
-+ if (err < 0)
- goto error;
-
- snd_power_lock(card);
-@@ -329,12 +350,39 @@ static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
- err = snd_ctl_elem_write(card, file, data);
- snd_power_unlock(card);
- if (err >= 0)
-- err = copy_ctl_value_to_user(data32, data, type, count);
-+ err = copy_ctl_value_to_user(userdata, valuep, data,
-+ type, count);
- error:
- kfree(data);
- return err;
- }
-
-+static int snd_ctl_elem_read_user_compat(struct snd_card *card,
-+ struct snd_ctl_elem_value32 __user *data32)
-+{
-+ return ctl_elem_read_user(card, data32, &data32->value);
-+}
-+
-+static int snd_ctl_elem_write_user_compat(struct snd_ctl_file *file,
-+ struct snd_ctl_elem_value32 __user *data32)
-+{
-+ return ctl_elem_write_user(file, data32, &data32->value);
-+}
-+
-+#ifdef CONFIG_X86_X32
-+static int snd_ctl_elem_read_user_x32(struct snd_card *card,
-+ struct snd_ctl_elem_value_x32 __user *data32)
-+{
-+ return ctl_elem_read_user(card, data32, &data32->value);
-+}
-+
-+static int snd_ctl_elem_write_user_x32(struct snd_ctl_file *file,
-+ struct snd_ctl_elem_value_x32 __user *data32)
-+{
-+ return ctl_elem_write_user(file, data32, &data32->value);
-+}
-+#endif /* CONFIG_X86_X32 */
-+
- /* add or replace a user control */
- static int snd_ctl_elem_add_compat(struct snd_ctl_file *file,
- struct snd_ctl_elem_info32 __user *data32,
-@@ -393,6 +441,10 @@ enum {
- SNDRV_CTL_IOCTL_ELEM_WRITE32 = _IOWR('U', 0x13, struct snd_ctl_elem_value32),
- SNDRV_CTL_IOCTL_ELEM_ADD32 = _IOWR('U', 0x17, struct snd_ctl_elem_info32),
- SNDRV_CTL_IOCTL_ELEM_REPLACE32 = _IOWR('U', 0x18, struct snd_ctl_elem_info32),
-+#ifdef CONFIG_X86_X32
-+ SNDRV_CTL_IOCTL_ELEM_READ_X32 = _IOWR('U', 0x12, struct snd_ctl_elem_value_x32),
-+ SNDRV_CTL_IOCTL_ELEM_WRITE_X32 = _IOWR('U', 0x13, struct snd_ctl_elem_value_x32),
-+#endif /* CONFIG_X86_X32 */
- };
-
- static inline long snd_ctl_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
-@@ -431,6 +483,12 @@ static inline long snd_ctl_ioctl_compat(struct file *file, unsigned int cmd, uns
- return snd_ctl_elem_add_compat(ctl, argp, 0);
- case SNDRV_CTL_IOCTL_ELEM_REPLACE32:
- return snd_ctl_elem_add_compat(ctl, argp, 1);
-+#ifdef CONFIG_X86_X32
-+ case SNDRV_CTL_IOCTL_ELEM_READ_X32:
-+ return snd_ctl_elem_read_user_x32(ctl->card, argp);
-+ case SNDRV_CTL_IOCTL_ELEM_WRITE_X32:
-+ return snd_ctl_elem_write_user_x32(ctl, argp);
-+#endif /* CONFIG_X86_X32 */
- }
-
- down_read(&snd_ioctl_rwsem);
-diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
-index 9630e9f..1f64ab0 100644
---- a/sound/core/pcm_compat.c
-+++ b/sound/core/pcm_compat.c
-@@ -183,6 +183,14 @@ static int snd_pcm_ioctl_channel_info_compat(struct snd_pcm_substream *substream
- return err;
- }
-
-+#ifdef CONFIG_X86_X32
-+/* X32 ABI has the same struct as x86-64 for snd_pcm_channel_info */
-+static int snd_pcm_channel_info_user(struct snd_pcm_substream *substream,
-+ struct snd_pcm_channel_info __user *src);
-+#define snd_pcm_ioctl_channel_info_x32(s, p) \
-+ snd_pcm_channel_info_user(s, p)
-+#endif /* CONFIG_X86_X32 */
-+
- struct snd_pcm_status32 {
- s32 state;
- struct compat_timespec trigger_tstamp;
-@@ -243,6 +251,71 @@ static int snd_pcm_status_user_compat(struct snd_pcm_substream *substream,
- return err;
- }
-
-+#ifdef CONFIG_X86_X32
-+/* X32 ABI has 64bit timespec and 64bit alignment */
-+struct snd_pcm_status_x32 {
-+ s32 state;
-+ u32 rsvd; /* alignment */
-+ struct timespec trigger_tstamp;
-+ struct timespec tstamp;
-+ u32 appl_ptr;
-+ u32 hw_ptr;
-+ s32 delay;
-+ u32 avail;
-+ u32 avail_max;
-+ u32 overrange;
-+ s32 suspended_state;
-+ u32 audio_tstamp_data;
-+ struct timespec audio_tstamp;
-+ struct timespec driver_tstamp;
-+ u32 audio_tstamp_accuracy;
-+ unsigned char reserved[52-2*sizeof(struct timespec)];
-+} __packed;
-+
-+#define put_timespec(src, dst) copy_to_user(dst, src, sizeof(*dst))
-+
-+static int snd_pcm_status_user_x32(struct snd_pcm_substream *substream,
-+ struct snd_pcm_status_x32 __user *src,
-+ bool ext)
-+{
-+ struct snd_pcm_status status;
-+ int err;
-+
-+ memset(&status, 0, sizeof(status));
-+ /*
-+ * with extension, parameters are read/write,
-+ * get audio_tstamp_data from user,
-+ * ignore rest of status structure
-+ */
-+ if (ext && get_user(status.audio_tstamp_data,
-+ (u32 __user *)(&src->audio_tstamp_data)))
-+ return -EFAULT;
-+ err = snd_pcm_status(substream, &status);
-+ if (err < 0)
-+ return err;
-+
-+ if (clear_user(src, sizeof(*src)))
-+ return -EFAULT;
-+ if (put_user(status.state, &src->state) ||
-+ put_timespec(&status.trigger_tstamp, &src->trigger_tstamp) ||
-+ put_timespec(&status.tstamp, &src->tstamp) ||
-+ put_user(status.appl_ptr, &src->appl_ptr) ||
-+ put_user(status.hw_ptr, &src->hw_ptr) ||
-+ put_user(status.delay, &src->delay) ||
-+ put_user(status.avail, &src->avail) ||
-+ put_user(status.avail_max, &src->avail_max) ||
-+ put_user(status.overrange, &src->overrange) ||
-+ put_user(status.suspended_state, &src->suspended_state) ||
-+ put_user(status.audio_tstamp_data, &src->audio_tstamp_data) ||
-+ put_timespec(&status.audio_tstamp, &src->audio_tstamp) ||
-+ put_timespec(&status.driver_tstamp, &src->driver_tstamp) ||
-+ put_user(status.audio_tstamp_accuracy, &src->audio_tstamp_accuracy))
-+ return -EFAULT;
-+
-+ return err;
-+}
-+#endif /* CONFIG_X86_X32 */
-+
- /* both for HW_PARAMS and HW_REFINE */
- static int snd_pcm_ioctl_hw_params_compat(struct snd_pcm_substream *substream,
- int refine,
-@@ -469,6 +542,93 @@ static int snd_pcm_ioctl_sync_ptr_compat(struct snd_pcm_substream *substream,
- return 0;
- }
-
-+#ifdef CONFIG_X86_X32
-+/* X32 ABI has 64bit timespec and 64bit alignment */
-+struct snd_pcm_mmap_status_x32 {
-+ s32 state;
-+ s32 pad1;
-+ u32 hw_ptr;
-+ u32 pad2; /* alignment */
-+ struct timespec tstamp;
-+ s32 suspended_state;
-+ struct timespec audio_tstamp;
-+} __packed;
-+
-+struct snd_pcm_mmap_control_x32 {
-+ u32 appl_ptr;
-+ u32 avail_min;
-+};
-+
-+struct snd_pcm_sync_ptr_x32 {
-+ u32 flags;
-+ u32 rsvd; /* alignment */
-+ union {
-+ struct snd_pcm_mmap_status_x32 status;
-+ unsigned char reserved[64];
-+ } s;
-+ union {
-+ struct snd_pcm_mmap_control_x32 control;
-+ unsigned char reserved[64];
-+ } c;
-+} __packed;
-+
-+static int snd_pcm_ioctl_sync_ptr_x32(struct snd_pcm_substream *substream,
-+ struct snd_pcm_sync_ptr_x32 __user *src)
-+{
-+ struct snd_pcm_runtime *runtime = substream->runtime;
-+ volatile struct snd_pcm_mmap_status *status;
-+ volatile struct snd_pcm_mmap_control *control;
-+ u32 sflags;
-+ struct snd_pcm_mmap_control scontrol;
-+ struct snd_pcm_mmap_status sstatus;
-+ snd_pcm_uframes_t boundary;
-+ int err;
-+
-+ if (snd_BUG_ON(!runtime))
-+ return -EINVAL;
-+
-+ if (get_user(sflags, &src->flags) ||
-+ get_user(scontrol.appl_ptr, &src->c.control.appl_ptr) ||
-+ get_user(scontrol.avail_min, &src->c.control.avail_min))
-+ return -EFAULT;
-+ if (sflags & SNDRV_PCM_SYNC_PTR_HWSYNC) {
-+ err = snd_pcm_hwsync(substream);
-+ if (err < 0)
-+ return err;
-+ }
-+ status = runtime->status;
-+ control = runtime->control;
-+ boundary = recalculate_boundary(runtime);
-+ if (!boundary)
-+ boundary = 0x7fffffff;
-+ snd_pcm_stream_lock_irq(substream);
-+ /* FIXME: we should consider the boundary for the sync from app */
-+ if (!(sflags & SNDRV_PCM_SYNC_PTR_APPL))
-+ control->appl_ptr = scontrol.appl_ptr;
-+ else
-+ scontrol.appl_ptr = control->appl_ptr % boundary;
-+ if (!(sflags & SNDRV_PCM_SYNC_PTR_AVAIL_MIN))
-+ control->avail_min = scontrol.avail_min;
-+ else
-+ scontrol.avail_min = control->avail_min;
-+ sstatus.state = status->state;
-+ sstatus.hw_ptr = status->hw_ptr % boundary;
-+ sstatus.tstamp = status->tstamp;
-+ sstatus.suspended_state = status->suspended_state;
-+ sstatus.audio_tstamp = status->audio_tstamp;
-+ snd_pcm_stream_unlock_irq(substream);
-+ if (put_user(sstatus.state, &src->s.status.state) ||
-+ put_user(sstatus.hw_ptr, &src->s.status.hw_ptr) ||
-+ put_timespec(&sstatus.tstamp, &src->s.status.tstamp) ||
-+ put_user(sstatus.suspended_state, &src->s.status.suspended_state) ||
-+ put_timespec(&sstatus.audio_tstamp, &src->s.status.audio_tstamp) ||
-+ put_user(scontrol.appl_ptr, &src->c.control.appl_ptr) ||
-+ put_user(scontrol.avail_min, &src->c.control.avail_min))
-+ return -EFAULT;
-+
-+ return 0;
-+}
-+#endif /* CONFIG_X86_X32 */
-
- /*
- */
-@@ -487,7 +647,12 @@ enum {
- SNDRV_PCM_IOCTL_WRITEN_FRAMES32 = _IOW('A', 0x52, struct snd_xfern32),
- SNDRV_PCM_IOCTL_READN_FRAMES32 = _IOR('A', 0x53, struct snd_xfern32),
- SNDRV_PCM_IOCTL_SYNC_PTR32 = _IOWR('A', 0x23, struct snd_pcm_sync_ptr32),
--
-+#ifdef CONFIG_X86_X32
-+ SNDRV_PCM_IOCTL_CHANNEL_INFO_X32 = _IOR('A', 0x32, struct snd_pcm_channel_info),
-+ SNDRV_PCM_IOCTL_STATUS_X32 = _IOR('A', 0x20, struct snd_pcm_status_x32),
-+ SNDRV_PCM_IOCTL_STATUS_EXT_X32 = _IOWR('A', 0x24, struct snd_pcm_status_x32),
-+ SNDRV_PCM_IOCTL_SYNC_PTR_X32 = _IOWR('A', 0x23, struct snd_pcm_sync_ptr_x32),
-+#endif /* CONFIG_X86_X32 */
- };
-
- static long snd_pcm_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
-@@ -559,6 +724,16 @@ static long snd_pcm_ioctl_compat(struct file *file, unsigned int cmd, unsigned l
- return snd_pcm_ioctl_rewind_compat(substream, argp);
- case SNDRV_PCM_IOCTL_FORWARD32:
- return snd_pcm_ioctl_forward_compat(substream, argp);
-+#ifdef CONFIG_X86_X32
-+ case SNDRV_PCM_IOCTL_STATUS_X32:
-+ return snd_pcm_status_user_x32(substream, argp, false);
-+ case SNDRV_PCM_IOCTL_STATUS_EXT_X32:
-+ return snd_pcm_status_user_x32(substream, argp, true);
-+ case SNDRV_PCM_IOCTL_SYNC_PTR_X32:
-+ return snd_pcm_ioctl_sync_ptr_x32(substream, argp);
-+ case SNDRV_PCM_IOCTL_CHANNEL_INFO_X32:
-+ return snd_pcm_ioctl_channel_info_x32(substream, argp);
-+#endif /* CONFIG_X86_X32 */
- }
-
- return -ENOIOCTLCMD;
-diff --git a/sound/core/rawmidi_compat.c b/sound/core/rawmidi_compat.c
-index 5268c1f..09a8909 100644
---- a/sound/core/rawmidi_compat.c
-+++ b/sound/core/rawmidi_compat.c
-@@ -94,9 +94,58 @@ static int snd_rawmidi_ioctl_status_compat(struct snd_rawmidi_file *rfile,
- return 0;
- }
-
-+#ifdef CONFIG_X86_X32
-+/* X32 ABI has 64bit timespec and 64bit alignment */
-+struct snd_rawmidi_status_x32 {
-+ s32 stream;
-+ u32 rsvd; /* alignment */
-+ struct timespec tstamp;
-+ u32 avail;
-+ u32 xruns;
-+ unsigned char reserved[16];
-+} __attribute__((packed));
-+
-+#define put_timespec(src, dst) copy_to_user(dst, src, sizeof(*dst))
-+
-+static int snd_rawmidi_ioctl_status_x32(struct snd_rawmidi_file *rfile,
-+ struct snd_rawmidi_status_x32 __user *src)
-+{
-+ int err;
-+ struct snd_rawmidi_status status;
-+
-+ if (rfile->output == NULL)
-+ return -EINVAL;
-+ if (get_user(status.stream, &src->stream))
-+ return -EFAULT;
-+
-+ switch (status.stream) {
-+ case SNDRV_RAWMIDI_STREAM_OUTPUT:
-+ err = snd_rawmidi_output_status(rfile->output, &status);
-+ break;
-+ case SNDRV_RAWMIDI_STREAM_INPUT:
-+ err = snd_rawmidi_input_status(rfile->input, &status);
-+ break;
-+ default:
-+ return -EINVAL;
-+ }
-+ if (err < 0)
-+ return err;
-+
-+ if (put_timespec(&status.tstamp, &src->tstamp) ||
-+ put_user(status.avail, &src->avail) ||
-+ put_user(status.xruns, &src->xruns))
-+ return -EFAULT;
-+
-+ return 0;
-+}
-+#endif /* CONFIG_X86_X32 */
-+
- enum {
- SNDRV_RAWMIDI_IOCTL_PARAMS32 = _IOWR('W', 0x10, struct snd_rawmidi_params32),
- SNDRV_RAWMIDI_IOCTL_STATUS32 = _IOWR('W', 0x20, struct snd_rawmidi_status32),
-+#ifdef CONFIG_X86_X32
-+ SNDRV_RAWMIDI_IOCTL_STATUS_X32 = _IOWR('W', 0x20, struct snd_rawmidi_status_x32),
-+#endif /* CONFIG_X86_X32 */
- };
-
- static long snd_rawmidi_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
-@@ -115,6 +164,10 @@ static long snd_rawmidi_ioctl_compat(struct file *file, unsigned int cmd, unsign
- return snd_rawmidi_ioctl_params_compat(rfile, argp);
- case SNDRV_RAWMIDI_IOCTL_STATUS32:
- return snd_rawmidi_ioctl_status_compat(rfile, argp);
-+#ifdef CONFIG_X86_X32
-+ case SNDRV_RAWMIDI_IOCTL_STATUS_X32:
-+ return snd_rawmidi_ioctl_status_x32(rfile, argp);
-+#endif /* CONFIG_X86_X32 */
- }
- return -ENOIOCTLCMD;
- }
-diff --git a/sound/core/seq/oss/seq_oss.c b/sound/core/seq/oss/seq_oss.c
-index 7354b8b..cb23899 100644
---- a/sound/core/seq/oss/seq_oss.c
-+++ b/sound/core/seq/oss/seq_oss.c
-@@ -148,8 +148,6 @@ odev_release(struct inode *inode, struct file *file)
- if ((dp = file->private_data) == NULL)
- return 0;
-
-- snd_seq_oss_drain_write(dp);
--
- mutex_lock(&register_mutex);
- snd_seq_oss_release(dp);
- mutex_unlock(&register_mutex);
-diff --git a/sound/core/seq/oss/seq_oss_device.h b/sound/core/seq/oss/seq_oss_device.h
-index b439243..d7b4d01 100644
---- a/sound/core/seq/oss/seq_oss_device.h
-+++ b/sound/core/seq/oss/seq_oss_device.h
-@@ -127,7 +127,6 @@ int snd_seq_oss_write(struct seq_oss_devinfo *dp, const char __user *buf, int co
- unsigned int snd_seq_oss_poll(struct seq_oss_devinfo *dp, struct file *file, poll_table * wait);
-
- void snd_seq_oss_reset(struct seq_oss_devinfo *dp);
--void snd_seq_oss_drain_write(struct seq_oss_devinfo *dp);
-
- /* */
- void snd_seq_oss_process_queue(struct seq_oss_devinfo *dp, abstime_t time);
-diff --git a/sound/core/seq/oss/seq_oss_init.c b/sound/core/seq/oss/seq_oss_init.c
-index 6779e82b..92c96a9 100644
---- a/sound/core/seq/oss/seq_oss_init.c
-+++ b/sound/core/seq/oss/seq_oss_init.c
-@@ -436,22 +436,6 @@ snd_seq_oss_release(struct seq_oss_devinfo *dp)
-
-
- /*
-- * Wait until the queue is empty (if we don't have nonblock)
-- */
--void
--snd_seq_oss_drain_write(struct seq_oss_devinfo *dp)
--{
-- if (! dp->timer->running)
-- return;
-- if (is_write_mode(dp->file_mode) && !is_nonblock_mode(dp->file_mode) &&
-- dp->writeq) {
-- while (snd_seq_oss_writeq_sync(dp->writeq))
-- ;
-- }
--}
--
--
--/*
- * reset sequencer devices
- */
- void
-diff --git a/sound/core/timer_compat.c b/sound/core/timer_compat.c
-index e05802a..2e90822 100644
---- a/sound/core/timer_compat.c
-+++ b/sound/core/timer_compat.c
-@@ -70,13 +70,14 @@ static int snd_timer_user_status_compat(struct file *file,
- struct snd_timer_status32 __user *_status)
- {
- struct snd_timer_user *tu;
-- struct snd_timer_status status;
-+ struct snd_timer_status32 status;
-
- tu = file->private_data;
- if (snd_BUG_ON(!tu->timeri))
- return -ENXIO;
- memset(&status, 0, sizeof(status));
-- status.tstamp = tu->tstamp;
-+ status.tstamp.tv_sec = tu->tstamp.tv_sec;
-+ status.tstamp.tv_nsec = tu->tstamp.tv_nsec;
- status.resolution = snd_timer_resolution(tu->timeri);
- status.lost = tu->timeri->lost;
- status.overrun = tu->overrun;
-@@ -88,12 +89,21 @@ static int snd_timer_user_status_compat(struct file *file,
- return 0;
- }
-
-+#ifdef CONFIG_X86_X32
-+/* X32 ABI has the same struct as x86-64 */
-+#define snd_timer_user_status_x32(file, s) \
-+ snd_timer_user_status(file, s)
-+#endif /* CONFIG_X86_X32 */
-+
- /*
- */
-
- enum {
- SNDRV_TIMER_IOCTL_INFO32 = _IOR('T', 0x11, struct snd_timer_info32),
- SNDRV_TIMER_IOCTL_STATUS32 = _IOW('T', 0x14, struct snd_timer_status32),
-+#ifdef CONFIG_X86_X32
-+ SNDRV_TIMER_IOCTL_STATUS_X32 = _IOW('T', 0x14, struct snd_timer_status),
-+#endif /* CONFIG_X86_X32 */
- };
-
- static long snd_timer_user_ioctl_compat(struct file *file, unsigned int cmd, unsigned long arg)
-@@ -122,6 +132,10 @@ static long snd_timer_user_ioctl_compat(struct file *file, unsigned int cmd, uns
- return snd_timer_user_info_compat(file, argp);
- case SNDRV_TIMER_IOCTL_STATUS32:
- return snd_timer_user_status_compat(file, argp);
-+#ifdef CONFIG_X86_X32
-+ case SNDRV_TIMER_IOCTL_STATUS_X32:
-+ return snd_timer_user_status_x32(file, argp);
-+#endif /* CONFIG_X86_X32 */
- }
- return -ENOIOCTLCMD;
- }
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index 72fa58d..c2430b3 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -5386,6 +5386,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
- SND_PCI_QUIRK(0x1025, 0x080d, "Acer Aspire V5-122P", ALC269_FIXUP_ASPIRE_HEADSET_MIC),
- SND_PCI_QUIRK(0x1025, 0x0740, "Acer AO725", ALC271_FIXUP_HP_GATE_MIC_JACK),
- SND_PCI_QUIRK(0x1025, 0x0742, "Acer AO756", ALC271_FIXUP_HP_GATE_MIC_JACK),
-+ SND_PCI_QUIRK(0x1025, 0x0762, "Acer Aspire E1-472", ALC271_FIXUP_HP_GATE_MIC_JACK_E1_572),
- SND_PCI_QUIRK(0x1025, 0x0775, "Acer Aspire E1-572", ALC271_FIXUP_HP_GATE_MIC_JACK_E1_572),
- SND_PCI_QUIRK(0x1025, 0x079b, "Acer Aspire V5-573G", ALC282_FIXUP_ASPIRE_V5_PINS),
- SND_PCI_QUIRK(0x1025, 0x106d, "Acer Cloudbook 14", ALC283_FIXUP_CHROME_BOOK),
-diff --git a/sound/pci/rme9652/hdsp.c b/sound/pci/rme9652/hdsp.c
-index 2875b4f..7c8941b 100644
---- a/sound/pci/rme9652/hdsp.c
-+++ b/sound/pci/rme9652/hdsp.c
-@@ -2879,7 +2879,7 @@ static int snd_hdsp_get_dds_offset(struct snd_kcontrol *kcontrol, struct snd_ctl
- {
- struct hdsp *hdsp = snd_kcontrol_chip(kcontrol);
-
-- ucontrol->value.enumerated.item[0] = hdsp_dds_offset(hdsp);
-+ ucontrol->value.integer.value[0] = hdsp_dds_offset(hdsp);
- return 0;
- }
-
-@@ -2891,7 +2891,7 @@ static int snd_hdsp_put_dds_offset(struct snd_kcontrol *kcontrol, struct snd_ctl
-
- if (!snd_hdsp_use_is_exclusive(hdsp))
- return -EBUSY;
-- val = ucontrol->value.enumerated.item[0];
-+ val = ucontrol->value.integer.value[0];
- spin_lock_irq(&hdsp->lock);
- if (val != hdsp_dds_offset(hdsp))
- change = (hdsp_set_dds_offset(hdsp, val) == 0) ? 1 : 0;
-diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
-index 8bc8016..a4a999a 100644
---- a/sound/pci/rme9652/hdspm.c
-+++ b/sound/pci/rme9652/hdspm.c
-@@ -1601,6 +1601,9 @@ static void hdspm_set_dds_value(struct hdspm *hdspm, int rate)
- {
- u64 n;
-
-+ if (snd_BUG_ON(rate <= 0))
-+ return;
-+
- if (rate >= 112000)
- rate /= 4;
- else if (rate >= 56000)
-@@ -2215,6 +2218,8 @@ static int hdspm_get_system_sample_rate(struct hdspm *hdspm)
- } else {
- /* slave mode, return external sample rate */
- rate = hdspm_external_sample_rate(hdspm);
-+ if (!rate)
-+ rate = hdspm->system_sample_rate;
- }
- }
-
-@@ -2260,8 +2265,11 @@ static int snd_hdspm_put_system_sample_rate(struct snd_kcontrol *kcontrol,
- ucontrol)
- {
- struct hdspm *hdspm = snd_kcontrol_chip(kcontrol);
-+ int rate = ucontrol->value.integer.value[0];
-
-- hdspm_set_dds_value(hdspm, ucontrol->value.enumerated.item[0]);
-+ if (rate < 27000 || rate > 207000)
-+ return -EINVAL;
-+ hdspm_set_dds_value(hdspm, ucontrol->value.integer.value[0]);
- return 0;
- }
-
-@@ -4449,7 +4457,7 @@ static int snd_hdspm_get_tco_word_term(struct snd_kcontrol *kcontrol,
- {
- struct hdspm *hdspm = snd_kcontrol_chip(kcontrol);
-
-- ucontrol->value.enumerated.item[0] = hdspm->tco->term;
-+ ucontrol->value.integer.value[0] = hdspm->tco->term;
-
- return 0;
- }
-@@ -4460,8 +4468,8 @@ static int snd_hdspm_put_tco_word_term(struct snd_kcontrol *kcontrol,
- {
- struct hdspm *hdspm = snd_kcontrol_chip(kcontrol);
-
-- if (hdspm->tco->term != ucontrol->value.enumerated.item[0]) {
-- hdspm->tco->term = ucontrol->value.enumerated.item[0];
-+ if (hdspm->tco->term != ucontrol->value.integer.value[0]) {
-+ hdspm->tco->term = ucontrol->value.integer.value[0];
-
- hdspm_tco_write(hdspm);
-
-diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
-index 4f6ce1c..c458d60 100644
---- a/sound/usb/quirks.c
-+++ b/sound/usb/quirks.c
-@@ -1124,6 +1124,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip)
- case USB_ID(0x045E, 0x076F): /* MS Lifecam HD-6000 */
- case USB_ID(0x045E, 0x0772): /* MS Lifecam Studio */
- case USB_ID(0x045E, 0x0779): /* MS Lifecam HD-3000 */
-+ case USB_ID(0x047F, 0xAA05): /* Plantronics DA45 */
- case USB_ID(0x04D8, 0xFEEA): /* Benchmark DAC1 Pre */
- case USB_ID(0x074D, 0x3553): /* Outlaw RR2150 (Micronas UAC3553B) */
- case USB_ID(0x21B4, 0x0081): /* AudioQuest DragonFly */
diff --git a/4.4.5/4420_grsecurity-3.1-4.4.5-201603102309.patch b/4.4.5/4420_grsecurity-3.1-4.4.5-201603131305.patch
index 13412c8..c5fcaad 100644
--- a/4.4.5/4420_grsecurity-3.1-4.4.5-201603102309.patch
+++ b/4.4.5/4420_grsecurity-3.1-4.4.5-201603131305.patch
@@ -448,6 +448,20 @@ index af70d15..ccd3786 100644
modules_disabled:
A toggle value indicating if modules are allowed to be loaded
+diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
+index 3a4d681..b653641 100644
+--- a/Documentation/virtual/kvm/mmu.txt
++++ b/Documentation/virtual/kvm/mmu.txt
+@@ -358,7 +358,8 @@ In the first case there are two additional complications:
+ - if CR4.SMEP is enabled: since we've turned the page into a kernel page,
+ the kernel may now execute it. We handle this by also setting spte.nx.
+ If we get a user fetch or read fault, we'll change spte.u=1 and
+- spte.nx=gpte.nx back.
++ spte.nx=gpte.nx back. For this to work, KVM forces EFER.NX to 1 when
++ shadow paging is in use.
+ - if CR4.SMAP is disabled: since the page has been changed to a kernel
+ page, it can not be reused when CR4.SMAP is enabled. We set
+ CR4.SMAP && !CR0.WP into shadow page's role to avoid this case. Note,
diff --git a/Makefile b/Makefile
index d13322a..6eaab55 100644
--- a/Makefile
@@ -24713,7 +24727,7 @@ index 4d38416..ec7cc4e 100644
unlock_done:
mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
-index d25097c..e2df353 100644
+index d25097c..4c36ff6 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -127,7 +127,7 @@ void __kernel_fpu_end(void)
@@ -24779,7 +24793,19 @@ index d25097c..e2df353 100644
fpu->counter++;
kernel_fpu_enable();
}
-@@ -442,25 +442,25 @@ void fpu__clear(struct fpu *fpu)
+@@ -409,8 +409,10 @@ static inline void copy_init_fpstate_to_fpregs(void)
+ {
+ if (use_xsave())
+ copy_kernel_to_xregs(&init_fpstate.xsave, -1);
+- else
++ else if (static_cpu_has(X86_FEATURE_FXSR))
+ copy_kernel_to_fxregs(&init_fpstate.fxsave);
++ else
++ copy_kernel_to_fregs(&init_fpstate.fsave);
+ }
+
+ /*
+@@ -442,25 +444,25 @@ void fpu__clear(struct fpu *fpu)
static inline unsigned short get_fpu_cwd(struct fpu *fpu)
{
if (cpu_has_fxsr) {
@@ -24811,7 +24837,7 @@ index d25097c..e2df353 100644
return MXCSR_DEFAULT;
}
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
-index be39b5f..b76c3b1 100644
+index be39b5f..1095798 100644
--- a/arch/x86/kernel/fpu/init.c
+++ b/arch/x86/kernel/fpu/init.c
@@ -42,7 +42,7 @@ static void fpu__init_cpu_generic(void)
@@ -24823,6 +24849,15 @@ index be39b5f..b76c3b1 100644
else
#endif
asm volatile ("fninit");
+@@ -129,7 +129,7 @@ static void __init fpu__init_system_generic(void)
+ * Set up the legacy init FPU context. (xstate init might overwrite this
+ * with a more modern format, if the CPU supports it.)
+ */
+- fpstate_init_fxstate(&init_fpstate.fxsave);
++ fpstate_init(&init_fpstate);
+
+ fpu__init_system_mxcsr();
+ }
@@ -143,42 +143,7 @@ static void __init fpu__init_system_generic(void)
unsigned int xstate_size;
EXPORT_SYMBOL_GPL(xstate_size);
@@ -29594,6 +29629,27 @@ index 4d30b86..94115f0 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
+index e7c2c14..8eb8a93 100644
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -3754,13 +3754,15 @@ static void reset_rsvds_bits_mask_ept(struct kvm_vcpu *vcpu,
+ void
+ reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context)
+ {
++ bool uses_nx = context->nx || context->base_role.smep_andnot_wp;
++
+ /*
+ * Passing "true" to the last argument is okay; it adds a check
+ * on bit 8 of the SPTEs which KVM doesn't use anyway.
+ */
+ __reset_rsvds_bits_mask(vcpu, &context->shadow_zero_check,
+ boot_cpu_data.x86_phys_bits,
+- context->shadow_root_level, context->nx,
++ context->shadow_root_level, uses_nx,
+ guest_cpuid_has_gbpages(vcpu), is_pse(vcpu),
+ true);
+ }
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 7be8a25..7d71250 100644
--- a/arch/x86/kvm/paging_tmpl.h
@@ -29644,7 +29700,7 @@ index 899c40f..a114588 100644
.disabled_by_bios = is_disabled,
.hardware_setup = svm_hardware_setup,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 5fd846c..cdf2fca 100644
+index 5fd846c..405597f 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1514,12 +1514,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -29662,7 +29718,7 @@ index 5fd846c..cdf2fca 100644
{
vmcs_writel(field, vmcs_readl(field) | mask);
}
-@@ -1779,7 +1779,11 @@ static void reload_tss(void)
+@@ -1779,32 +1779,41 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
@@ -29674,7 +29730,72 @@ index 5fd846c..cdf2fca 100644
load_TR_desc();
}
-@@ -2061,6 +2065,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)
+ {
+- u64 guest_efer;
+- u64 ignore_bits;
++ u64 guest_efer = vmx->vcpu.arch.efer;
++ u64 ignore_bits = 0;
+
+- guest_efer = vmx->vcpu.arch.efer;
++ if (!enable_ept) {
++ /*
++ * NX is needed to handle CR0.WP=1, CR4.SMEP=1. Testing
++ * host CPUID is more efficient than testing guest CPUID
++ * or CR4. Host SMEP is anyway a requirement for guest SMEP.
++ */
++ if (boot_cpu_has(X86_FEATURE_SMEP))
++ guest_efer |= EFER_NX;
++ else if (!(guest_efer & EFER_NX))
++ ignore_bits |= EFER_NX;
++ }
+
+ /*
+- * NX is emulated; LMA and LME handled by hardware; SCE meaningless
+- * outside long mode
++ * LMA and LME handled by hardware; SCE meaningless outside long mode.
+ */
+- ignore_bits = EFER_NX | EFER_SCE;
++ ignore_bits |= EFER_SCE;
+ #ifdef CONFIG_X86_64
+ ignore_bits |= EFER_LMA | EFER_LME;
+ /* SCE is meaningful only in long mode on Intel */
+ if (guest_efer & EFER_LMA)
+ ignore_bits &= ~(u64)EFER_SCE;
+ #endif
+- guest_efer &= ~ignore_bits;
+- guest_efer |= host_efer & ignore_bits;
+- vmx->guest_msrs[efer_offset].data = guest_efer;
+- vmx->guest_msrs[efer_offset].mask = ~ignore_bits;
+
+ clear_atomic_switch_msr(vmx, MSR_EFER);
+
+@@ -1815,16 +1824,21 @@ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)
+ */
+ if (cpu_has_load_ia32_efer ||
+ (enable_ept && ((vmx->vcpu.arch.efer ^ host_efer) & EFER_NX))) {
+- guest_efer = vmx->vcpu.arch.efer;
+ if (!(guest_efer & EFER_LMA))
+ guest_efer &= ~EFER_LME;
+ if (guest_efer != host_efer)
+ add_atomic_switch_msr(vmx, MSR_EFER,
+ guest_efer, host_efer);
+ return false;
++ } else {
++ guest_efer &= ~ignore_bits;
++ guest_efer |= host_efer & ignore_bits;
++
++ vmx->guest_msrs[efer_offset].data = guest_efer;
++ vmx->guest_msrs[efer_offset].mask = ~ignore_bits;
++
++ return true;
+ }
+-
+- return true;
+ }
+
+ static unsigned long segment_base(u16 selector)
+@@ -2061,6 +2075,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
@@ -29685,7 +29806,7 @@ index 5fd846c..cdf2fca 100644
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
-@@ -2378,7 +2386,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
+@@ -2378,7 +2396,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
* guest_tsc = (host_tsc * tsc multiplier) >> 48 + tsc_offset
* -- Intel TSC Scaling for Virtualization White Paper, sec 1.3
*/
@@ -29694,7 +29815,7 @@ index 5fd846c..cdf2fca 100644
{
u64 host_tsc, tsc_offset;
-@@ -4609,7 +4617,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4609,7 +4627,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
unsigned long cr4;
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
@@ -29705,7 +29826,7 @@ index 5fd846c..cdf2fca 100644
/* Save the most likely value for this task's CR4 in the VMCS. */
cr4 = cr4_read_shadow();
-@@ -4636,7 +4647,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4636,7 +4657,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
vmx->host_idt_base = dt.address;
@@ -29714,7 +29835,7 @@ index 5fd846c..cdf2fca 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6186,11 +6197,17 @@ static __init int hardware_setup(void)
+@@ -6186,11 +6207,17 @@ static __init int hardware_setup(void)
* page upon invalidation. No need to do anything if not
* using the APIC_ACCESS_ADDR VMCS field.
*/
@@ -29734,7 +29855,7 @@ index 5fd846c..cdf2fca 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -6207,6 +6224,7 @@ static __init int hardware_setup(void)
+@@ -6207,6 +6234,7 @@ static __init int hardware_setup(void)
kvm_tsc_scaling_ratio_frac_bits = 48;
}
@@ -29742,7 +29863,7 @@ index 5fd846c..cdf2fca 100644
if (enable_apicv)
kvm_x86_ops->update_cr8_intercept = NULL;
else {
-@@ -6215,6 +6233,7 @@ static __init int hardware_setup(void)
+@@ -6215,6 +6243,7 @@ static __init int hardware_setup(void)
kvm_x86_ops->deliver_posted_interrupt = NULL;
kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy;
}
@@ -29750,7 +29871,7 @@ index 5fd846c..cdf2fca 100644
vmx_disable_intercept_for_msr(MSR_FS_BASE, false);
vmx_disable_intercept_for_msr(MSR_GS_BASE, false);
-@@ -6269,10 +6288,12 @@ static __init int hardware_setup(void)
+@@ -6269,10 +6298,12 @@ static __init int hardware_setup(void)
enable_pml = 0;
if (!enable_pml) {
@@ -29763,7 +29884,7 @@ index 5fd846c..cdf2fca 100644
}
kvm_set_posted_intr_wakeup_handler(wakeup_handler);
-@@ -8584,6 +8605,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8584,6 +8615,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -29776,7 +29897,7 @@ index 5fd846c..cdf2fca 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -8636,6 +8663,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8636,6 +8673,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -29788,7 +29909,7 @@ index 5fd846c..cdf2fca 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -8649,7 +8681,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8649,7 +8691,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -29797,7 +29918,7 @@ index 5fd846c..cdf2fca 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -8658,8 +8690,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8658,8 +8700,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -29818,7 +29939,7 @@ index 5fd846c..cdf2fca 100644
#endif
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
-@@ -10741,7 +10783,7 @@ out:
+@@ -10741,7 +10793,7 @@ out:
return ret;
}
@@ -83375,7 +83496,7 @@ index 14db05d..687f6d8 100644
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index d8ee4da..47a7c9c 100644
+index d8ee4da..dc6d6b5 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -336,17 +336,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -83699,7 +83820,23 @@ index d8ee4da..47a7c9c 100644
audit_inode(nd->name, nd->path.dentry, 0);
if (unlikely(d_is_symlink(nd->path.dentry)) && !(open_flag & O_PATH)) {
error = -ELOOP;
-@@ -3440,9 +3587,11 @@ static struct dentry *filename_create(int dfd, struct filename *name,
+@@ -3351,6 +3498,15 @@ out2:
+ error = -ESTALE;
+ }
+ file = ERR_PTR(error);
++ } else {
++ error = gr_chroot_pathat(nd->dfd, file->f_path.dentry, file->f_path.mnt, flags);
++ if (error == -ECHILD) {
++ fput(file);
++ file = ERR_PTR(error);
++ } else if (!error) {
++ fput(file);
++ file = ERR_PTR(-ENOENT);
++ }
+ }
+ return file;
+ }
+@@ -3440,9 +3596,11 @@ static struct dentry *filename_create(int dfd, struct filename *name,
goto unlock;
error = -EEXIST;
@@ -83713,7 +83850,7 @@ index d8ee4da..47a7c9c 100644
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3496,6 +3645,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname,
+@@ -3496,6 +3654,20 @@ inline struct dentry *user_path_create(int dfd, const char __user *pathname,
}
EXPORT_SYMBOL(user_path_create);
@@ -83734,7 +83871,7 @@ index d8ee4da..47a7c9c 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -3559,6 +3722,17 @@ retry:
+@@ -3559,6 +3731,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -83752,7 +83889,7 @@ index d8ee4da..47a7c9c 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3574,6 +3748,8 @@ retry:
+@@ -3574,6 +3757,8 @@ retry:
error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
break;
}
@@ -83761,7 +83898,7 @@ index d8ee4da..47a7c9c 100644
out:
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
-@@ -3628,9 +3804,16 @@ retry:
+@@ -3628,9 +3813,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -83778,7 +83915,7 @@ index d8ee4da..47a7c9c 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3663,7 +3846,7 @@ void dentry_unhash(struct dentry *dentry)
+@@ -3663,7 +3855,7 @@ void dentry_unhash(struct dentry *dentry)
{
shrink_dcache_parent(dentry);
spin_lock(&dentry->d_lock);
@@ -83787,7 +83924,7 @@ index d8ee4da..47a7c9c 100644
__d_drop(dentry);
spin_unlock(&dentry->d_lock);
}
-@@ -3716,6 +3899,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -3716,6 +3908,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
struct path path;
struct qstr last;
int type;
@@ -83796,7 +83933,7 @@ index d8ee4da..47a7c9c 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname,
-@@ -3748,10 +3933,20 @@ retry:
+@@ -3748,10 +3942,20 @@ retry:
error = -ENOENT;
goto exit3;
}
@@ -83817,7 +83954,7 @@ index d8ee4da..47a7c9c 100644
exit3:
dput(dentry);
exit2:
-@@ -3846,6 +4041,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3846,6 +4050,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
int type;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
@@ -83826,7 +83963,7 @@ index d8ee4da..47a7c9c 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname,
-@@ -3872,10 +4069,21 @@ retry_deleg:
+@@ -3872,10 +4078,21 @@ retry_deleg:
if (d_is_negative(dentry))
goto slashes;
ihold(inode);
@@ -83848,7 +83985,7 @@ index d8ee4da..47a7c9c 100644
exit2:
dput(dentry);
}
-@@ -3964,9 +4172,17 @@ retry:
+@@ -3964,9 +4181,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
@@ -83866,7 +84003,7 @@ index d8ee4da..47a7c9c 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -4070,6 +4286,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -4070,6 +4295,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
struct dentry *new_dentry;
struct path old_path, new_path;
struct inode *delegated_inode = NULL;
@@ -83874,7 +84011,7 @@ index d8ee4da..47a7c9c 100644
int how = 0;
int error;
-@@ -4093,7 +4310,7 @@ retry:
+@@ -4093,7 +4319,7 @@ retry:
if (error)
return error;
@@ -83883,7 +84020,7 @@ index d8ee4da..47a7c9c 100644
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
-@@ -4105,11 +4322,26 @@ retry:
+@@ -4105,11 +4331,26 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
@@ -83910,7 +84047,7 @@ index d8ee4da..47a7c9c 100644
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4424,6 +4656,20 @@ retry_deleg:
+@@ -4424,6 +4665,20 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
@@ -83931,7 +84068,7 @@ index d8ee4da..47a7c9c 100644
error = security_path_rename(&old_path, old_dentry,
&new_path, new_dentry, flags);
if (error)
-@@ -4431,6 +4677,9 @@ retry_deleg:
+@@ -4431,6 +4686,9 @@ retry_deleg:
error = vfs_rename(old_path.dentry->d_inode, old_dentry,
new_path.dentry->d_inode, new_dentry,
&delegated_inode, flags);
@@ -83941,7 +84078,7 @@ index d8ee4da..47a7c9c 100644
exit5:
dput(new_dentry);
exit4:
-@@ -4487,14 +4736,24 @@ EXPORT_SYMBOL(vfs_whiteout);
+@@ -4487,14 +4745,24 @@ EXPORT_SYMBOL(vfs_whiteout);
int readlink_copy(char __user *buffer, int buflen, const char *link)
{
@@ -87895,7 +88032,7 @@ index 119c242..a02e8da 100644
/*
diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
-index e89a0f8..3165b4a 100644
+index e89a0f8f..3165b4a 100644
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -2011,6 +2011,7 @@ xfs_da_grow_inode_int(
@@ -87971,10 +88108,10 @@ index ec0e239..ab85b22 100644
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..354c5a3
+index 0000000..f172760
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1203 @@
+@@ -0,0 +1,1205 @@
+#
+# grecurity configuration
+#
@@ -88543,10 +88680,12 @@ index 0000000..354c5a3
+ help
+ If you say Y here, a well-known method of breaking chroots by fchdir'ing
+ to a file descriptor of the chrooting process that points to a directory
-+ outside the filesystem will be stopped. Additionally, this option prevents
-+ use of the recently-created syscall for opening files by a guessable "file
-+ handle" inside a chroot. If the sysctl option is enabled, a sysctl option
-+ with name "chroot_deny_fchdir" is created.
++ outside the filesystem will be stopped. This option also prevents use of
++ the recently-created syscall for opening files by a guessable "file handle"
++ inside a chroot, as well as accessing relative paths outside of a
++ directory passed in via file descriptor with openat and similar syscalls.
++ If the sysctl option is enabled, a sysctl option with name "chroot_deny_fchdir"
++ is created.
+
+config GRKERNSEC_CHROOT_MKNOD
+ bool "Deny mknod"
@@ -95815,10 +95954,10 @@ index 0000000..bc0be01
+}
diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
new file mode 100644
-index 0000000..652ab45
+index 0000000..aa6fed5
--- /dev/null
+++ b/grsecurity/grsec_chroot.c
-@@ -0,0 +1,467 @@
+@@ -0,0 +1,506 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -95826,6 +95965,7 @@ index 0000000..652ab45
+#include <linux/fs.h>
+#include <linux/mount.h>
+#include <linux/types.h>
++#include <linux/namei.h>
+#include "../fs/mount.h"
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
@@ -96075,6 +96215,44 @@ index 0000000..652ab45
+}
+
+int
++gr_chroot_pathat(int dfd, struct dentry *u_dentry, struct vfsmount *u_mnt, unsigned flags)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
++ struct fd f;
++ struct path fd_path;
++ struct path file_path;
++
++ if (!grsec_enable_chroot_fchdir)
++ return 1;
++
++ if (!proc_is_chrooted(current) || dfd == -1 || dfd == AT_FDCWD)
++ return 1;
++
++ if (flags & LOOKUP_RCU)
++ return -ECHILD;
++
++ f = fdget_raw(dfd);
++ if (!f.file)
++ return 1;
++
++ fd_path = f.file->f_path;
++ path_get(&fd_path);
++ fdput(f);
++
++ file_path.dentry = u_dentry;
++ file_path.mnt = u_mnt;
++
++ if (!gr_is_outside_chroot(u_dentry, u_mnt) && !path_is_under(&file_path, &fd_path)) {
++ path_put(&fd_path);
++ gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_PATHAT_MSG, u_dentry, u_mnt);
++ return 0;
++ }
++ path_put(&fd_path);
++#endif
++ return 1;
++}
++
++int
+gr_chroot_fhandle(void)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
@@ -100175,6 +100353,22 @@ index 576e463..28fd926 100644
extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
+diff --git a/include/linux/bio.h b/include/linux/bio.h
+index 79cfaee..fbe47bc 100644
+--- a/include/linux/bio.h
++++ b/include/linux/bio.h
+@@ -320,11 +320,6 @@ static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv)
+ struct bvec_iter iter = bio->bi_iter;
+ int idx;
+
+- if (!bio_flagged(bio, BIO_CLONED)) {
+- *bv = bio->bi_io_vec[bio->bi_vcnt - 1];
+- return;
+- }
+-
+ if (unlikely(!bio_multiple_segments(bio))) {
+ *bv = bio_iovec(bio);
+ return;
diff --git a/include/linux/bitmap.h b/include/linux/bitmap.h
index 9653fdb..b3d3a17 100644
--- a/include/linux/bitmap.h
@@ -102425,10 +102619,10 @@ index 0000000..1dbf9c8
+#endif
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
new file mode 100644
-index 0000000..12028ce
+index 0000000..94ac4d2
--- /dev/null
+++ b/include/linux/grmsg.h
-@@ -0,0 +1,119 @@
+@@ -0,0 +1,120 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -102476,6 +102670,7 @@ index 0000000..12028ce
+#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
++#define GR_CHROOT_PATHAT_MSG "denied relative path access outside of chroot to %.950s by "
+#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
+#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
+#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
@@ -102550,10 +102745,10 @@ index 0000000..12028ce
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..0166061
+index 0000000..4d5dae0
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,258 @@
+@@ -0,0 +1,259 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -102611,6 +102806,7 @@ index 0000000..0166061
+int gr_handle_chroot_setpriority(struct task_struct *p,
+ const int niceval);
+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
++int gr_chroot_pathat(int dfd, struct dentry *u_dentry, struct vfsmount *u_mnt, unsigned flags);
+int gr_chroot_fhandle(void);
+int gr_handle_chroot_chroot(const struct dentry *dentry,
+ const struct vfsmount *mnt);
@@ -131307,10 +131503,10 @@ index 2628890..1c2f5c6 100755
# Find all available archs
find_all_archs()
diff --git a/security/Kconfig b/security/Kconfig
-index e452378..16eb80f 100644
+index e452378..d8f5de9 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,980 @@
+@@ -4,6 +4,974 @@
menu "Security options"
@@ -131825,21 +132021,15 @@ index e452378..16eb80f 100644
+
+config PAX_MPROTECT_COMPAT
+ bool "Use legacy/compat protection demoting (read help)"
-+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
+ depends on PAX_MPROTECT
++ default n
+ help
+ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
-+ by sending the proper error code to the application. For some broken
-+ userland, this can cause problems with Python or other applications. The
-+ current implementation however allows for applications like clamav to
-+ detect if JIT compilation/execution is allowed and to fall back gracefully
-+ to an interpreter-based mode if it does not. While we encourage everyone
-+ to use the current implementation as-is and push upstream to fix broken
-+ userland (note that the RWX logging option can assist with this), in some
-+ environments this may not be possible. Having to disable MPROTECT
-+ completely on certain binaries reduces the security benefit of PaX,
-+ so this option is provided for those environments to revert to the old
-+ behavior.
++ by sending the proper error code to the application. For some older
++ userland, this can cause problems with applications that assume such
++ allocations will not be prevented by PaX or SELinux and other access
++ control systems and have no fallback mechanisms. For modern distros,
++ this option should generally be set to 'N'.
+
+config PAX_ELFRELOCS
+ bool "Allow ELF text relocations (read help)"
@@ -132291,7 +132481,7 @@ index e452378..16eb80f 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1078,7 @@ config INTEL_TXT
+@@ -104,7 +1072,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX