diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2013-12-06 17:38:10 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2013-12-06 17:38:10 -0500 |
| commit | 48c70d56815977f0429afa91f6401d35c43a482e (patch) | |
| tree | f1ad69e35a57266c57786bcd2ec857dd1238ff29 | |
| parent | Grsec/PaX: 3.0-{3.2.53,3.12.2}-201312011111 (diff) | |
| download | hardened-patchset-48c70d56815977f0429afa91f6401d35c43a482e.tar.gz hardened-patchset-48c70d56815977f0429afa91f6401d35c43a482e.tar.bz2 hardened-patchset-48c70d56815977f0429afa91f6401d35c43a482e.zip | |
Grsec/PaX: 3.0-{3.2.53,3.12.2}-20131203214520131203
| -rw-r--r-- | 3.12.2/0000_README | 6 | ||||
| -rw-r--r-- | 3.12.2/1001_linux-3.12.2.patch | 3790 | ||||
| -rw-r--r-- | 3.12.2/4420_grsecurity-3.0-3.12.2-201312032145.patch (renamed from 3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch) | 221 | ||||
| -rw-r--r-- | 3.12.2/4450_grsec-kconfig-default-gids.patch | 12 | ||||
| -rw-r--r-- | 3.12.2/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 3.12.2/4470_disable-compat_vdso.patch | 2 | ||||
| -rw-r--r-- | 3.2.53/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.53/4420_grsecurity-3.0-3.2.53-201312021727.patch (renamed from 3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch) | 20 |
8 files changed, 182 insertions, 3873 deletions
diff --git a/3.12.2/0000_README b/3.12.2/0000_README index 21d2546..ec3c3a9 100644 --- a/3.12.2/0000_README +++ b/3.12.2/0000_README @@ -2,11 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1001_linux-3.12.2.patch -From: http://www.kernel.org -Desc: Linux 3.12.2 - -Patch: 4420_grsecurity-3.0-3.12.2-201312011111.patch +Patch: 4420_grsecurity-3.0-3.12.2-201312032145.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.12.2/1001_linux-3.12.2.patch b/3.12.2/1001_linux-3.12.2.patch deleted file mode 100644 index 8b40733..0000000 --- a/3.12.2/1001_linux-3.12.2.patch +++ /dev/null @@ -1,3790 +0,0 @@ -diff --git a/Makefile b/Makefile -index eb29ec7..e6e72b6 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 12 --SUBLEVEL = 1 -+SUBLEVEL = 2 - EXTRAVERSION = - NAME = One Giant Leap for Frogkind - -diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c -index b0de86b..cb79a5d 100644 ---- a/arch/arm/kvm/mmu.c -+++ b/arch/arm/kvm/mmu.c -@@ -307,6 +307,17 @@ out: - return err; - } - -+static phys_addr_t kvm_kaddr_to_phys(void *kaddr) -+{ -+ if (!is_vmalloc_addr(kaddr)) { -+ BUG_ON(!virt_addr_valid(kaddr)); -+ return __pa(kaddr); -+ } else { -+ return page_to_phys(vmalloc_to_page(kaddr)) + -+ offset_in_page(kaddr); -+ } -+} -+ - /** - * create_hyp_mappings - duplicate a kernel virtual address range in Hyp mode - * @from: The virtual kernel start address of the range -@@ -318,16 +329,27 @@ out: - */ - int create_hyp_mappings(void *from, void *to) - { -- unsigned long phys_addr = virt_to_phys(from); -+ phys_addr_t phys_addr; -+ unsigned long virt_addr; - unsigned long start = KERN_TO_HYP((unsigned long)from); - unsigned long end = KERN_TO_HYP((unsigned long)to); - -- /* Check for a valid kernel memory mapping */ -- if (!virt_addr_valid(from) || !virt_addr_valid(to - 1)) -- return -EINVAL; -+ start = start & PAGE_MASK; -+ end = PAGE_ALIGN(end); - -- return __create_hyp_mappings(hyp_pgd, start, end, -- __phys_to_pfn(phys_addr), PAGE_HYP); -+ for (virt_addr = start; virt_addr < end; virt_addr += PAGE_SIZE) { -+ int err; -+ -+ phys_addr = kvm_kaddr_to_phys(from + virt_addr - start); -+ err = __create_hyp_mappings(hyp_pgd, virt_addr, -+ virt_addr + PAGE_SIZE, -+ __phys_to_pfn(phys_addr), -+ PAGE_HYP); -+ if (err) -+ return err; -+ } -+ -+ return 0; - } - - /** -diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index d9ee0ff..3d5db8c 100644 ---- a/arch/arm/mach-omap2/omap_hwmod.c -+++ b/arch/arm/mach-omap2/omap_hwmod.c -@@ -2361,21 +2361,23 @@ static struct device_node *of_dev_hwmod_lookup(struct device_node *np, - * Cache the virtual address used by the MPU to access this IP block's - * registers. This address is needed early so the OCP registers that - * are part of the device's address space can be ioremapped properly. -- * No return value. -+ * -+ * Returns 0 on success, -EINVAL if an invalid hwmod is passed, and -+ * -ENXIO on absent or invalid register target address space. - */ --static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) -+static int __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) - { - struct omap_hwmod_addr_space *mem; - void __iomem *va_start = NULL; - struct device_node *np; - - if (!oh) -- return; -+ return -EINVAL; - - _save_mpu_port_index(oh); - - if (oh->_int_flags & _HWMOD_NO_MPU_PORT) -- return; -+ return -ENXIO; - - mem = _find_mpu_rt_addr_space(oh); - if (!mem) { -@@ -2384,7 +2386,7 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) - - /* Extract the IO space from device tree blob */ - if (!of_have_populated_dt()) -- return; -+ return -ENXIO; - - np = of_dev_hwmod_lookup(of_find_node_by_name(NULL, "ocp"), oh); - if (np) -@@ -2395,13 +2397,14 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) - - if (!va_start) { - pr_err("omap_hwmod: %s: Could not ioremap\n", oh->name); -- return; -+ return -ENXIO; - } - - pr_debug("omap_hwmod: %s: MPU register target at va %p\n", - oh->name, va_start); - - oh->_mpu_rt_va = va_start; -+ return 0; - } - - /** -@@ -2414,8 +2417,8 @@ static void __init _init_mpu_rt_base(struct omap_hwmod *oh, void *data) - * registered at this point. This is the first of two phases for - * hwmod initialization. Code called here does not touch any hardware - * registers, it simply prepares internal data structures. Returns 0 -- * upon success or if the hwmod isn't registered, or -EINVAL upon -- * failure. -+ * upon success or if the hwmod isn't registered or if the hwmod's -+ * address space is not defined, or -EINVAL upon failure. - */ - static int __init _init(struct omap_hwmod *oh, void *data) - { -@@ -2424,8 +2427,14 @@ static int __init _init(struct omap_hwmod *oh, void *data) - if (oh->_state != _HWMOD_STATE_REGISTERED) - return 0; - -- if (oh->class->sysc) -- _init_mpu_rt_base(oh, NULL); -+ if (oh->class->sysc) { -+ r = _init_mpu_rt_base(oh, NULL); -+ if (r < 0) { -+ WARN(1, "omap_hwmod: %s: doesn't have mpu register target base\n", -+ oh->name); -+ return 0; -+ } -+ } - - r = _init_clocks(oh, NULL); - if (r < 0) { -diff --git a/arch/cris/include/asm/io.h b/arch/cris/include/asm/io.h -index 5d3047e..4353cf2 100644 ---- a/arch/cris/include/asm/io.h -+++ b/arch/cris/include/asm/io.h -@@ -3,6 +3,7 @@ - - #include <asm/page.h> /* for __va, __pa */ - #include <arch/io.h> -+#include <asm-generic/iomap.h> - #include <linux/kernel.h> - - struct cris_io_operations -diff --git a/arch/ia64/include/asm/processor.h b/arch/ia64/include/asm/processor.h -index e0a899a..5a84b3a 100644 ---- a/arch/ia64/include/asm/processor.h -+++ b/arch/ia64/include/asm/processor.h -@@ -319,7 +319,7 @@ struct thread_struct { - regs->loadrs = 0; \ - regs->r8 = get_dumpable(current->mm); /* set "don't zap registers" flag */ \ - regs->r12 = new_sp - 16; /* allocate 16 byte scratch area */ \ -- if (unlikely(!get_dumpable(current->mm))) { \ -+ if (unlikely(get_dumpable(current->mm) != SUID_DUMP_USER)) { \ - /* \ - * Zap scratch regs to avoid leaking bits between processes with different \ - * uid/privileges. \ -diff --git a/arch/powerpc/kernel/eeh.c b/arch/powerpc/kernel/eeh.c -index 55593ee..c766cf5 100644 ---- a/arch/powerpc/kernel/eeh.c -+++ b/arch/powerpc/kernel/eeh.c -@@ -687,6 +687,15 @@ void eeh_save_bars(struct eeh_dev *edev) - - for (i = 0; i < 16; i++) - eeh_ops->read_config(dn, i * 4, 4, &edev->config_space[i]); -+ -+ /* -+ * For PCI bridges including root port, we need enable bus -+ * master explicitly. Otherwise, it can't fetch IODA table -+ * entries correctly. So we cache the bit in advance so that -+ * we can restore it after reset, either PHB range or PE range. -+ */ -+ if (edev->mode & EEH_DEV_BRIDGE) -+ edev->config_space[1] |= PCI_COMMAND_MASTER; - } - - /** -diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index bebdf1a..36d49e6 100644 ---- a/arch/powerpc/kernel/signal_32.c -+++ b/arch/powerpc/kernel/signal_32.c -@@ -457,7 +457,15 @@ static int save_user_regs(struct pt_regs *regs, struct mcontext __user *frame, - if (copy_vsx_to_user(&frame->mc_vsregs, current)) - return 1; - msr |= MSR_VSX; -- } -+ } else if (!ctx_has_vsx_region) -+ /* -+ * With a small context structure we can't hold the VSX -+ * registers, hence clear the MSR value to indicate the state -+ * was not saved. -+ */ -+ msr &= ~MSR_VSX; -+ -+ - #endif /* CONFIG_VSX */ - #ifdef CONFIG_SPE - /* save spe registers */ -diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c -index 192b051..b3b1441 100644 ---- a/arch/powerpc/kernel/time.c -+++ b/arch/powerpc/kernel/time.c -@@ -213,8 +213,6 @@ static u64 scan_dispatch_log(u64 stop_tb) - if (i == be64_to_cpu(vpa->dtl_idx)) - return 0; - while (i < be64_to_cpu(vpa->dtl_idx)) { -- if (dtl_consumer) -- dtl_consumer(dtl, i); - dtb = be64_to_cpu(dtl->timebase); - tb_delta = be32_to_cpu(dtl->enqueue_to_dispatch_time) + - be32_to_cpu(dtl->ready_to_enqueue_time); -@@ -227,6 +225,8 @@ static u64 scan_dispatch_log(u64 stop_tb) - } - if (dtb > stop_tb) - break; -+ if (dtl_consumer) -+ dtl_consumer(dtl, i); - stolen += tb_delta; - ++i; - ++dtl; -diff --git a/arch/powerpc/kernel/vio.c b/arch/powerpc/kernel/vio.c -index d38cc08..cb92d82 100644 ---- a/arch/powerpc/kernel/vio.c -+++ b/arch/powerpc/kernel/vio.c -@@ -1531,12 +1531,12 @@ static ssize_t modalias_show(struct device *dev, struct device_attribute *attr, - - dn = dev->of_node; - if (!dn) { -- strcat(buf, "\n"); -+ strcpy(buf, "\n"); - return strlen(buf); - } - cp = of_get_property(dn, "compatible", NULL); - if (!cp) { -- strcat(buf, "\n"); -+ strcpy(buf, "\n"); - return strlen(buf); - } - -diff --git a/arch/powerpc/mm/gup.c b/arch/powerpc/mm/gup.c -index 6936547..c5f734e 100644 ---- a/arch/powerpc/mm/gup.c -+++ b/arch/powerpc/mm/gup.c -@@ -123,6 +123,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, - struct mm_struct *mm = current->mm; - unsigned long addr, len, end; - unsigned long next; -+ unsigned long flags; - pgd_t *pgdp; - int nr = 0; - -@@ -156,7 +157,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, - * So long as we atomically load page table pointers versus teardown, - * we can follow the address down to the the page and take a ref on it. - */ -- local_irq_disable(); -+ local_irq_save(flags); - - pgdp = pgd_offset(mm, addr); - do { -@@ -179,7 +180,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, - break; - } while (pgdp++, addr = next, addr != end); - -- local_irq_enable(); -+ local_irq_restore(flags); - - return nr; - } -diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 3e99c14..7ce9cf3 100644 ---- a/arch/powerpc/mm/slice.c -+++ b/arch/powerpc/mm/slice.c -@@ -258,7 +258,7 @@ static bool slice_scan_available(unsigned long addr, - slice = GET_HIGH_SLICE_INDEX(addr); - *boundary_addr = (slice + end) ? - ((slice + end) << SLICE_HIGH_SHIFT) : SLICE_LOW_TOP; -- return !!(available.high_slices & (1u << slice)); -+ return !!(available.high_slices & (1ul << slice)); - } - } - -diff --git a/arch/powerpc/platforms/512x/mpc512x_shared.c b/arch/powerpc/platforms/512x/mpc512x_shared.c -index a82a41b..1a7b1d0 100644 ---- a/arch/powerpc/platforms/512x/mpc512x_shared.c -+++ b/arch/powerpc/platforms/512x/mpc512x_shared.c -@@ -303,6 +303,9 @@ void __init mpc512x_setup_diu(void) - diu_ops.release_bootmem = mpc512x_release_bootmem; - } - -+#else -+void __init mpc512x_setup_diu(void) { /* EMPTY */ } -+void __init mpc512x_init_diu(void) { /* EMPTY */ } - #endif - - void __init mpc512x_init_IRQ(void) -diff --git a/arch/powerpc/platforms/52xx/Kconfig b/arch/powerpc/platforms/52xx/Kconfig -index 90f4496..af54174 100644 ---- a/arch/powerpc/platforms/52xx/Kconfig -+++ b/arch/powerpc/platforms/52xx/Kconfig -@@ -57,5 +57,5 @@ config PPC_MPC5200_BUGFIX - - config PPC_MPC5200_LPBFIFO - tristate "MPC5200 LocalPlus bus FIFO driver" -- depends on PPC_MPC52xx -+ depends on PPC_MPC52xx && PPC_BESTCOMM - select PPC_BESTCOMM_GEN_BD -diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c -index 74a5a57..930e1fe 100644 ---- a/arch/powerpc/platforms/powernv/pci-ioda.c -+++ b/arch/powerpc/platforms/powernv/pci-ioda.c -@@ -153,13 +153,23 @@ static int pnv_ioda_configure_pe(struct pnv_phb *phb, struct pnv_ioda_pe *pe) - rid_end = pe->rid + 1; - } - -- /* Associate PE in PELT */ -+ /* -+ * Associate PE in PELT. We need add the PE into the -+ * corresponding PELT-V as well. Otherwise, the error -+ * originated from the PE might contribute to other -+ * PEs. -+ */ - rc = opal_pci_set_pe(phb->opal_id, pe->pe_number, pe->rid, - bcomp, dcomp, fcomp, OPAL_MAP_PE); - if (rc) { - pe_err(pe, "OPAL error %ld trying to setup PELT table\n", rc); - return -ENXIO; - } -+ -+ rc = opal_pci_set_peltv(phb->opal_id, pe->pe_number, -+ pe->pe_number, OPAL_ADD_PE_TO_DOMAIN); -+ if (rc) -+ pe_warn(pe, "OPAL error %d adding self to PELTV\n", rc); - opal_pci_eeh_freeze_clear(phb->opal_id, pe->pe_number, - OPAL_EEH_ACTION_CLEAR_FREEZE_ALL); - -diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c -index b4dbade..2e4b5be 100644 ---- a/arch/s390/crypto/aes_s390.c -+++ b/arch/s390/crypto/aes_s390.c -@@ -35,7 +35,6 @@ static u8 *ctrblk; - static char keylen_flag; - - struct s390_aes_ctx { -- u8 iv[AES_BLOCK_SIZE]; - u8 key[AES_MAX_KEY_SIZE]; - long enc; - long dec; -@@ -441,30 +440,36 @@ static int cbc_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, - return aes_set_key(tfm, in_key, key_len); - } - --static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, void *param, -+static int cbc_aes_crypt(struct blkcipher_desc *desc, long func, - struct blkcipher_walk *walk) - { -+ struct s390_aes_ctx *sctx = crypto_blkcipher_ctx(desc->tfm); - int ret = blkcipher_walk_virt(desc, walk); - unsigned int nbytes = walk->nbytes; -+ struct { -+ u8 iv[AES_BLOCK_SIZE]; -+ u8 key[AES_MAX_KEY_SIZE]; -+ } param; - - if (!nbytes) - goto out; - -- memcpy(param, walk->iv, AES_BLOCK_SIZE); -+ memcpy(param.iv, walk->iv, AES_BLOCK_SIZE); -+ memcpy(param.key, sctx->key, sctx->key_len); - do { - /* only use complete blocks */ - unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); - u8 *out = walk->dst.virt.addr; - u8 *in = walk->src.virt.addr; - -- ret = crypt_s390_kmc(func, param, out, in, n); -+ ret = crypt_s390_kmc(func, ¶m, out, in, n); - if (ret < 0 || ret != n) - return -EIO; - - nbytes &= AES_BLOCK_SIZE - 1; - ret = blkcipher_walk_done(desc, walk, nbytes); - } while ((nbytes = walk->nbytes)); -- memcpy(walk->iv, param, AES_BLOCK_SIZE); -+ memcpy(walk->iv, param.iv, AES_BLOCK_SIZE); - - out: - return ret; -@@ -481,7 +486,7 @@ static int cbc_aes_encrypt(struct blkcipher_desc *desc, - return fallback_blk_enc(desc, dst, src, nbytes); - - blkcipher_walk_init(&walk, dst, src, nbytes); -- return cbc_aes_crypt(desc, sctx->enc, sctx->iv, &walk); -+ return cbc_aes_crypt(desc, sctx->enc, &walk); - } - - static int cbc_aes_decrypt(struct blkcipher_desc *desc, -@@ -495,7 +500,7 @@ static int cbc_aes_decrypt(struct blkcipher_desc *desc, - return fallback_blk_dec(desc, dst, src, nbytes); - - blkcipher_walk_init(&walk, dst, src, nbytes); -- return cbc_aes_crypt(desc, sctx->dec, sctx->iv, &walk); -+ return cbc_aes_crypt(desc, sctx->dec, &walk); - } - - static struct crypto_alg cbc_aes_alg = { -diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h -index 819b94d..8beee1c 100644 ---- a/arch/s390/include/asm/timex.h -+++ b/arch/s390/include/asm/timex.h -@@ -71,9 +71,11 @@ static inline void local_tick_enable(unsigned long long comp) - - typedef unsigned long long cycles_t; - --static inline void get_tod_clock_ext(char *clk) -+static inline void get_tod_clock_ext(char clk[16]) - { -- asm volatile("stcke %0" : "=Q" (*clk) : : "cc"); -+ typedef struct { char _[sizeof(clk)]; } addrtype; -+ -+ asm volatile("stcke %0" : "=Q" (*(addrtype *) clk) : : "cc"); - } - - static inline unsigned long long get_tod_clock(void) -diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c -index 1a4313a..93439cd 100644 ---- a/arch/s390/kernel/smp.c -+++ b/arch/s390/kernel/smp.c -@@ -929,7 +929,7 @@ static ssize_t show_idle_count(struct device *dev, - idle_count = ACCESS_ONCE(idle->idle_count); - if (ACCESS_ONCE(idle->clock_idle_enter)) - idle_count++; -- } while ((sequence & 1) || (idle->sequence != sequence)); -+ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); - return sprintf(buf, "%llu\n", idle_count); - } - static DEVICE_ATTR(idle_count, 0444, show_idle_count, NULL); -@@ -947,7 +947,7 @@ static ssize_t show_idle_time(struct device *dev, - idle_time = ACCESS_ONCE(idle->idle_time); - idle_enter = ACCESS_ONCE(idle->clock_idle_enter); - idle_exit = ACCESS_ONCE(idle->clock_idle_exit); -- } while ((sequence & 1) || (idle->sequence != sequence)); -+ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); - idle_time += idle_enter ? ((idle_exit ? : now) - idle_enter) : 0; - return sprintf(buf, "%llu\n", idle_time >> 12); - } -diff --git a/arch/s390/kernel/vtime.c b/arch/s390/kernel/vtime.c -index abcfab5..bb06a76 100644 ---- a/arch/s390/kernel/vtime.c -+++ b/arch/s390/kernel/vtime.c -@@ -191,7 +191,7 @@ cputime64_t s390_get_idle_time(int cpu) - sequence = ACCESS_ONCE(idle->sequence); - idle_enter = ACCESS_ONCE(idle->clock_idle_enter); - idle_exit = ACCESS_ONCE(idle->clock_idle_exit); -- } while ((sequence & 1) || (idle->sequence != sequence)); -+ } while ((sequence & 1) || (ACCESS_ONCE(idle->sequence) != sequence)); - return idle_enter ? ((idle_exit ?: now) - idle_enter) : 0; - } - -diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c -index e0e0841..18677a9 100644 ---- a/arch/x86/kernel/crash.c -+++ b/arch/x86/kernel/crash.c -@@ -127,12 +127,12 @@ void native_machine_crash_shutdown(struct pt_regs *regs) - cpu_emergency_vmxoff(); - cpu_emergency_svm_disable(); - -- lapic_shutdown(); - #ifdef CONFIG_X86_IO_APIC - /* Prevent crash_kexec() from deadlocking on ioapic_lock. */ - ioapic_zap_locks(); - disable_IO_APIC(); - #endif -+ lapic_shutdown(); - #ifdef CONFIG_HPET_TIMER - hpet_disable(); - #endif -diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c -index 42a392a..d4bdd25 100644 ---- a/arch/x86/kernel/ftrace.c -+++ b/arch/x86/kernel/ftrace.c -@@ -248,6 +248,15 @@ int ftrace_update_ftrace_func(ftrace_func_t func) - return ret; - } - -+static int is_ftrace_caller(unsigned long ip) -+{ -+ if (ip == (unsigned long)(&ftrace_call) || -+ ip == (unsigned long)(&ftrace_regs_call)) -+ return 1; -+ -+ return 0; -+} -+ - /* - * A breakpoint was added to the code address we are about to - * modify, and this is the handle that will just skip over it. -@@ -257,10 +266,13 @@ int ftrace_update_ftrace_func(ftrace_func_t func) - */ - int ftrace_int3_handler(struct pt_regs *regs) - { -+ unsigned long ip; -+ - if (WARN_ON_ONCE(!regs)) - return 0; - -- if (!ftrace_location(regs->ip - 1)) -+ ip = regs->ip - 1; -+ if (!ftrace_location(ip) && !is_ftrace_caller(ip)) - return 0; - - regs->ip += MCOUNT_INSN_SIZE - 1; -diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c -index af99f71..c3d4cc9 100644 ---- a/arch/x86/kernel/microcode_amd.c -+++ b/arch/x86/kernel/microcode_amd.c -@@ -431,7 +431,7 @@ static enum ucode_state request_microcode_amd(int cpu, struct device *device, - snprintf(fw_name, sizeof(fw_name), "amd-ucode/microcode_amd_fam%.2xh.bin", c->x86); - - if (request_firmware(&fw, (const char *)fw_name, device)) { -- pr_err("failed to load file %s\n", fw_name); -+ pr_debug("failed to load file %s\n", fw_name); - goto out; - } - -diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index c83516b..3fb8d95 100644 ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -391,9 +391,9 @@ static void amd_e400_idle(void) - * The switch back from broadcast mode needs to be - * called with interrupts disabled. - */ -- local_irq_disable(); -- clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu); -- local_irq_enable(); -+ local_irq_disable(); -+ clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_EXIT, &cpu); -+ local_irq_enable(); - } else - default_idle(); - } -diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 7e920bf..618ce26 100644 ---- a/arch/x86/kernel/reboot.c -+++ b/arch/x86/kernel/reboot.c -@@ -550,6 +550,10 @@ static void native_machine_emergency_restart(void) - void native_machine_shutdown(void) - { - /* Stop the cpus and apics */ -+#ifdef CONFIG_X86_IO_APIC -+ disable_IO_APIC(); -+#endif -+ - #ifdef CONFIG_SMP - /* - * Stop all of the others. Also disable the local irq to -@@ -562,10 +566,6 @@ void native_machine_shutdown(void) - - lapic_shutdown(); - --#ifdef CONFIG_X86_IO_APIC -- disable_IO_APIC(); --#endif -- - #ifdef CONFIG_HPET_TIMER - hpet_disable(); - #endif -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index ddc3f3d..92e6f4a 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -4040,7 +4040,10 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op, - case OpMem8: - ctxt->memop.bytes = 1; - if (ctxt->memop.type == OP_REG) { -- ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, 1); -+ int highbyte_regs = ctxt->rex_prefix == 0; -+ -+ ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, -+ highbyte_regs); - fetch_register_operand(&ctxt->memop); - } - goto mem_common; -diff --git a/block/blk-core.c b/block/blk-core.c -index 0a00e4e..5e00b5a 100644 ---- a/block/blk-core.c -+++ b/block/blk-core.c -@@ -2227,6 +2227,7 @@ void blk_start_request(struct request *req) - if (unlikely(blk_bidi_rq(req))) - req->next_rq->resid_len = blk_rq_bytes(req->next_rq); - -+ BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags)); - blk_add_timer(req); - } - EXPORT_SYMBOL(blk_start_request); -diff --git a/block/blk-settings.c b/block/blk-settings.c -index c50ecf0..5330933 100644 ---- a/block/blk-settings.c -+++ b/block/blk-settings.c -@@ -144,6 +144,7 @@ void blk_set_stacking_limits(struct queue_limits *lim) - lim->discard_zeroes_data = 1; - lim->max_segments = USHRT_MAX; - lim->max_hw_sectors = UINT_MAX; -+ lim->max_segment_size = UINT_MAX; - lim->max_sectors = UINT_MAX; - lim->max_write_same_sectors = UINT_MAX; - } -diff --git a/block/blk-timeout.c b/block/blk-timeout.c -index 65f1035..655ba90 100644 ---- a/block/blk-timeout.c -+++ b/block/blk-timeout.c -@@ -91,8 +91,8 @@ static void blk_rq_timed_out(struct request *req) - __blk_complete_request(req); - break; - case BLK_EH_RESET_TIMER: -- blk_clear_rq_complete(req); - blk_add_timer(req); -+ blk_clear_rq_complete(req); - break; - case BLK_EH_NOT_HANDLED: - /* -@@ -174,7 +174,6 @@ void blk_add_timer(struct request *req) - return; - - BUG_ON(!list_empty(&req->timeout_list)); -- BUG_ON(test_bit(REQ_ATOM_COMPLETE, &req->atomic_flags)); - - /* - * Some LLDs, like scsi, peek at the timeout to prevent a -diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c -index c0bb377..666f196 100644 ---- a/crypto/ansi_cprng.c -+++ b/crypto/ansi_cprng.c -@@ -230,11 +230,11 @@ remainder: - */ - if (byte_count < DEFAULT_BLK_SZ) { - empty_rbuf: -- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ; -- ctx->rand_data_valid++) { -+ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) { - *ptr = ctx->rand_data[ctx->rand_data_valid]; - ptr++; - byte_count--; -+ ctx->rand_data_valid++; - if (byte_count == 0) - goto done; - } -diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c -index a06d983..15986f3 100644 ---- a/drivers/acpi/ec.c -+++ b/drivers/acpi/ec.c -@@ -175,9 +175,10 @@ static void start_transaction(struct acpi_ec *ec) - static void advance_transaction(struct acpi_ec *ec, u8 status) - { - unsigned long flags; -- struct transaction *t = ec->curr; -+ struct transaction *t; - - spin_lock_irqsave(&ec->lock, flags); -+ t = ec->curr; - if (!t) - goto unlock; - if (t->wlen > t->wi) { -diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c -index d3874f4..d7e53ea 100644 ---- a/drivers/acpi/pci_root.c -+++ b/drivers/acpi/pci_root.c -@@ -608,9 +608,12 @@ static void handle_root_bridge_removal(struct acpi_device *device) - ej_event->device = device; - ej_event->event = ACPI_NOTIFY_EJECT_REQUEST; - -+ get_device(&device->dev); - status = acpi_os_hotplug_execute(acpi_bus_hot_remove_device, ej_event); -- if (ACPI_FAILURE(status)) -+ if (ACPI_FAILURE(status)) { -+ put_device(&device->dev); - kfree(ej_event); -+ } - } - - static void _handle_hotplug_event_root(struct work_struct *work) -diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index f98dd00..c7414a5 100644 ---- a/drivers/acpi/processor_idle.c -+++ b/drivers/acpi/processor_idle.c -@@ -119,17 +119,10 @@ static struct dmi_system_id processor_power_dmi_table[] = { - */ - static void acpi_safe_halt(void) - { -- current_thread_info()->status &= ~TS_POLLING; -- /* -- * TS_POLLING-cleared state must be visible before we -- * test NEED_RESCHED: -- */ -- smp_mb(); -- if (!need_resched()) { -+ if (!tif_need_resched()) { - safe_halt(); - local_irq_disable(); - } -- current_thread_info()->status |= TS_POLLING; - } - - #ifdef ARCH_APICTIMER_STOPS_ON_C3 -@@ -737,6 +730,11 @@ static int acpi_idle_enter_c1(struct cpuidle_device *dev, - if (unlikely(!pr)) - return -EINVAL; - -+ if (cx->entry_method == ACPI_CSTATE_FFH) { -+ if (current_set_polling_and_test()) -+ return -EINVAL; -+ } -+ - lapic_timer_state_broadcast(pr, cx, 1); - acpi_idle_do_entry(cx); - -@@ -790,18 +788,9 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev, - if (unlikely(!pr)) - return -EINVAL; - -- if (cx->entry_method != ACPI_CSTATE_FFH) { -- current_thread_info()->status &= ~TS_POLLING; -- /* -- * TS_POLLING-cleared state must be visible before we test -- * NEED_RESCHED: -- */ -- smp_mb(); -- -- if (unlikely(need_resched())) { -- current_thread_info()->status |= TS_POLLING; -+ if (cx->entry_method == ACPI_CSTATE_FFH) { -+ if (current_set_polling_and_test()) - return -EINVAL; -- } - } - - /* -@@ -819,9 +808,6 @@ static int acpi_idle_enter_simple(struct cpuidle_device *dev, - - sched_clock_idle_wakeup_event(0); - -- if (cx->entry_method != ACPI_CSTATE_FFH) -- current_thread_info()->status |= TS_POLLING; -- - lapic_timer_state_broadcast(pr, cx, 0); - return index; - } -@@ -858,18 +844,9 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev, - } - } - -- if (cx->entry_method != ACPI_CSTATE_FFH) { -- current_thread_info()->status &= ~TS_POLLING; -- /* -- * TS_POLLING-cleared state must be visible before we test -- * NEED_RESCHED: -- */ -- smp_mb(); -- -- if (unlikely(need_resched())) { -- current_thread_info()->status |= TS_POLLING; -+ if (cx->entry_method == ACPI_CSTATE_FFH) { -+ if (current_set_polling_and_test()) - return -EINVAL; -- } - } - - acpi_unlazy_tlb(smp_processor_id()); -@@ -915,9 +892,6 @@ static int acpi_idle_enter_bm(struct cpuidle_device *dev, - - sched_clock_idle_wakeup_event(0); - -- if (cx->entry_method != ACPI_CSTATE_FFH) -- current_thread_info()->status |= TS_POLLING; -- - lapic_timer_state_broadcast(pr, cx, 0); - return index; - } -diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c -index fee8a29..3601738 100644 ---- a/drivers/acpi/scan.c -+++ b/drivers/acpi/scan.c -@@ -331,8 +331,6 @@ static void acpi_scan_bus_device_check(acpi_handle handle, u32 ost_source) - goto out; - } - } -- acpi_evaluate_hotplug_ost(handle, ost_source, -- ACPI_OST_SC_INSERT_IN_PROGRESS, NULL); - error = acpi_bus_scan(handle); - if (error) { - acpi_handle_warn(handle, "Namespace scan failure\n"); -diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c -index aebcf63..f193285 100644 ---- a/drivers/acpi/video.c -+++ b/drivers/acpi/video.c -@@ -832,7 +832,7 @@ acpi_video_init_brightness(struct acpi_video_device *device) - for (i = 2; i < br->count; i++) - if (level_old == br->levels[i]) - break; -- if (i == br->count) -+ if (i == br->count || !level) - level = max_level; - } - -diff --git a/drivers/block/brd.c b/drivers/block/brd.c -index 9bf4371..d91f1a5 100644 ---- a/drivers/block/brd.c -+++ b/drivers/block/brd.c -@@ -545,7 +545,7 @@ static struct kobject *brd_probe(dev_t dev, int *part, void *data) - - mutex_lock(&brd_devices_mutex); - brd = brd_init_one(MINOR(dev) >> part_shift); -- kobj = brd ? get_disk(brd->brd_disk) : ERR_PTR(-ENOMEM); -+ kobj = brd ? get_disk(brd->brd_disk) : NULL; - mutex_unlock(&brd_devices_mutex); - - *part = 0; -diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 40e7155..2f036ca 100644 ---- a/drivers/block/loop.c -+++ b/drivers/block/loop.c -@@ -1741,7 +1741,7 @@ static struct kobject *loop_probe(dev_t dev, int *part, void *data) - if (err < 0) - err = loop_add(&lo, MINOR(dev) >> part_shift); - if (err < 0) -- kobj = ERR_PTR(err); -+ kobj = NULL; - else - kobj = get_disk(lo->lo_disk); - mutex_unlock(&loop_index_mutex); -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c -index f3dfc0a..d593c99 100644 ---- a/drivers/bluetooth/btusb.c -+++ b/drivers/bluetooth/btusb.c -@@ -1628,7 +1628,6 @@ static struct usb_driver btusb_driver = { - #ifdef CONFIG_PM - .suspend = btusb_suspend, - .resume = btusb_resume, -- .reset_resume = btusb_resume, - #endif - .id_table = btusb_table, - .supports_autosuspend = 1, -diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c -index e5be3ee..71b4283 100644 ---- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c -+++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvc1.c -@@ -587,6 +587,7 @@ nvc1_grctx_init_unk58xx[] = { - { 0x405870, 4, 0x04, 0x00000001 }, - { 0x405a00, 2, 0x04, 0x00000000 }, - { 0x405a18, 1, 0x04, 0x00000000 }, -+ {} - }; - - static struct nvc0_graph_init -@@ -598,6 +599,7 @@ nvc1_grctx_init_rop[] = { - { 0x408904, 1, 0x04, 0x62000001 }, - { 0x408908, 1, 0x04, 0x00c80929 }, - { 0x408980, 1, 0x04, 0x0000011d }, -+ {} - }; - - static struct nvc0_graph_init -@@ -671,6 +673,7 @@ nvc1_grctx_init_gpc_0[] = { - { 0x419000, 1, 0x04, 0x00000780 }, - { 0x419004, 2, 0x04, 0x00000000 }, - { 0x419014, 1, 0x04, 0x00000004 }, -+ {} - }; - - static struct nvc0_graph_init -@@ -717,6 +720,7 @@ nvc1_grctx_init_tpc[] = { - { 0x419e98, 1, 0x04, 0x00000000 }, - { 0x419ee0, 1, 0x04, 0x00011110 }, - { 0x419f30, 11, 0x04, 0x00000000 }, -+ {} - }; - - void -diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c -index 438e784..c4740d5 100644 ---- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c -+++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd7.c -@@ -258,6 +258,7 @@ nvd7_grctx_init_hub[] = { - nvc0_grctx_init_unk78xx, - nvc0_grctx_init_unk80xx, - nvd9_grctx_init_rop, -+ NULL - }; - - struct nvc0_graph_init * -diff --git a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c -index 818a475..a1102cb 100644 ---- a/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c -+++ b/drivers/gpu/drm/nouveau/core/engine/graph/ctxnvd9.c -@@ -466,6 +466,7 @@ nvd9_grctx_init_hub[] = { - nvc0_grctx_init_unk78xx, - nvc0_grctx_init_unk80xx, - nvd9_grctx_init_rop, -+ NULL - }; - - struct nvc0_graph_init * -diff --git a/drivers/gpu/drm/shmobile/Kconfig b/drivers/gpu/drm/shmobile/Kconfig -index ca498d1..5240690 100644 ---- a/drivers/gpu/drm/shmobile/Kconfig -+++ b/drivers/gpu/drm/shmobile/Kconfig -@@ -1,6 +1,7 @@ - config DRM_SHMOBILE - tristate "DRM Support for SH Mobile" - depends on DRM && (ARM || SUPERH) -+ select BACKLIGHT_CLASS_DEVICE - select DRM_KMS_HELPER - select DRM_KMS_CMA_HELPER - select DRM_GEM_CMA_HELPER -diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c -index bbff5f2..fa92046 100644 ---- a/drivers/hv/channel_mgmt.c -+++ b/drivers/hv/channel_mgmt.c -@@ -203,7 +203,8 @@ static void vmbus_process_rescind_offer(struct work_struct *work) - struct vmbus_channel *primary_channel; - struct vmbus_channel_relid_released msg; - -- vmbus_device_unregister(channel->device_obj); -+ if (channel->device_obj) -+ vmbus_device_unregister(channel->device_obj); - memset(&msg, 0, sizeof(struct vmbus_channel_relid_released)); - msg.child_relid = channel->offermsg.child_relid; - msg.header.msgtype = CHANNELMSG_RELID_RELEASED; -@@ -216,7 +217,7 @@ static void vmbus_process_rescind_offer(struct work_struct *work) - } else { - primary_channel = channel->primary_channel; - spin_lock_irqsave(&primary_channel->sc_lock, flags); -- list_del(&channel->listentry); -+ list_del(&channel->sc_list); - spin_unlock_irqrestore(&primary_channel->sc_lock, flags); - } - free_channel(channel); -diff --git a/drivers/hwmon/lm90.c b/drivers/hwmon/lm90.c -index cdff742..14e36c1 100644 ---- a/drivers/hwmon/lm90.c -+++ b/drivers/hwmon/lm90.c -@@ -278,7 +278,7 @@ static const struct lm90_params lm90_params[] = { - [max6696] = { - .flags = LM90_HAVE_EMERGENCY - | LM90_HAVE_EMERGENCY_ALARM | LM90_HAVE_TEMP3, -- .alert_alarms = 0x187c, -+ .alert_alarms = 0x1c7c, - .max_convrate = 6, - .reg_local_ext = MAX6657_REG_R_LOCAL_TEMPL, - }, -@@ -1500,19 +1500,22 @@ static void lm90_alert(struct i2c_client *client, unsigned int flag) - if ((alarms & 0x7f) == 0 && (alarms2 & 0xfe) == 0) { - dev_info(&client->dev, "Everything OK\n"); - } else { -- if (alarms & 0x61) -+ if ((alarms & 0x61) || (alarms2 & 0x80)) - dev_warn(&client->dev, - "temp%d out of range, please check!\n", 1); -- if (alarms & 0x1a) -+ if ((alarms & 0x1a) || (alarms2 & 0x20)) - dev_warn(&client->dev, - "temp%d out of range, please check!\n", 2); - if (alarms & 0x04) - dev_warn(&client->dev, - "temp%d diode open, please check!\n", 2); - -- if (alarms2 & 0x18) -+ if (alarms2 & 0x5a) - dev_warn(&client->dev, - "temp%d out of range, please check!\n", 3); -+ if (alarms2 & 0x04) -+ dev_warn(&client->dev, -+ "temp%d diode open, please check!\n", 3); - - /* - * Disable ALERT# output, because these chips don't implement -diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c -index fa6964d..f116d66 100644 ---- a/drivers/idle/intel_idle.c -+++ b/drivers/idle/intel_idle.c -@@ -359,7 +359,7 @@ static int intel_idle(struct cpuidle_device *dev, - if (!(lapic_timer_reliable_states & (1 << (cstate)))) - clockevents_notify(CLOCK_EVT_NOTIFY_BROADCAST_ENTER, &cpu); - -- if (!need_resched()) { -+ if (!current_set_polling_and_test()) { - - __monitor((void *)¤t_thread_info()->flags, 0, 0); - smp_mb(); -diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c -index 08e7023..9188ef5 100644 ---- a/drivers/memstick/core/ms_block.c -+++ b/drivers/memstick/core/ms_block.c -@@ -401,7 +401,7 @@ again: - sizeof(struct ms_status_register))) - return 0; - -- msb->state = MSB_RP_RECEIVE_OOB_READ; -+ msb->state = MSB_RP_RECIVE_STATUS_REG; - return 0; - - case MSB_RP_RECIVE_STATUS_REG: -diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c -index 2fc0586..9cbd037 100644 ---- a/drivers/misc/lkdtm.c -+++ b/drivers/misc/lkdtm.c -@@ -297,6 +297,14 @@ static void do_nothing(void) - return; - } - -+static noinline void corrupt_stack(void) -+{ -+ /* Use default char array length that triggers stack protection. */ -+ char data[8]; -+ -+ memset((void *)data, 0, 64); -+} -+ - static void execute_location(void *dst) - { - void (*func)(void) = dst; -@@ -327,13 +335,9 @@ static void lkdtm_do_action(enum ctype which) - case CT_OVERFLOW: - (void) recursive_loop(0); - break; -- case CT_CORRUPT_STACK: { -- /* Make sure the compiler creates and uses an 8 char array. */ -- volatile char data[8]; -- -- memset((void *)data, 0, 64); -+ case CT_CORRUPT_STACK: -+ corrupt_stack(); - break; -- } - case CT_UNALIGNED_LOAD_STORE_WRITE: { - static u8 data[5] __attribute__((aligned(4))) = {1, 2, - 3, 4, 5}; -diff --git a/drivers/misc/mei/nfc.c b/drivers/misc/mei/nfc.c -index d0c6907..994ca4a 100644 ---- a/drivers/misc/mei/nfc.c -+++ b/drivers/misc/mei/nfc.c -@@ -485,8 +485,11 @@ int mei_nfc_host_init(struct mei_device *dev) - if (ndev->cl_info) - return 0; - -- cl_info = mei_cl_allocate(dev); -- cl = mei_cl_allocate(dev); -+ ndev->cl_info = mei_cl_allocate(dev); -+ ndev->cl = mei_cl_allocate(dev); -+ -+ cl = ndev->cl; -+ cl_info = ndev->cl_info; - - if (!cl || !cl_info) { - ret = -ENOMEM; -@@ -527,10 +530,9 @@ int mei_nfc_host_init(struct mei_device *dev) - - cl->device_uuid = mei_nfc_guid; - -+ - list_add_tail(&cl->device_link, &dev->device_list); - -- ndev->cl_info = cl_info; -- ndev->cl = cl; - ndev->req_id = 1; - - INIT_WORK(&ndev->init_work, mei_nfc_init); -diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c -index a668cd4..e3fc07c 100644 ---- a/drivers/net/can/c_can/c_can.c -+++ b/drivers/net/can/c_can/c_can.c -@@ -814,9 +814,6 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota) - msg_ctrl_save = priv->read_reg(priv, - C_CAN_IFACE(MSGCTRL_REG, 0)); - -- if (msg_ctrl_save & IF_MCONT_EOB) -- return num_rx_pkts; -- - if (msg_ctrl_save & IF_MCONT_MSGLST) { - c_can_handle_lost_msg_obj(dev, 0, msg_obj); - num_rx_pkts++; -@@ -824,6 +821,9 @@ static int c_can_do_rx_poll(struct net_device *dev, int quota) - continue; - } - -+ if (msg_ctrl_save & IF_MCONT_EOB) -+ return num_rx_pkts; -+ - if (!(msg_ctrl_save & IF_MCONT_NEWDAT)) - continue; - -diff --git a/drivers/net/can/usb/kvaser_usb.c b/drivers/net/can/usb/kvaser_usb.c -index 3b95465..4b2d5ed 100644 ---- a/drivers/net/can/usb/kvaser_usb.c -+++ b/drivers/net/can/usb/kvaser_usb.c -@@ -1544,9 +1544,9 @@ static int kvaser_usb_init_one(struct usb_interface *intf, - return 0; - } - --static void kvaser_usb_get_endpoints(const struct usb_interface *intf, -- struct usb_endpoint_descriptor **in, -- struct usb_endpoint_descriptor **out) -+static int kvaser_usb_get_endpoints(const struct usb_interface *intf, -+ struct usb_endpoint_descriptor **in, -+ struct usb_endpoint_descriptor **out) - { - const struct usb_host_interface *iface_desc; - struct usb_endpoint_descriptor *endpoint; -@@ -1557,12 +1557,18 @@ static void kvaser_usb_get_endpoints(const struct usb_interface *intf, - for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) { - endpoint = &iface_desc->endpoint[i].desc; - -- if (usb_endpoint_is_bulk_in(endpoint)) -+ if (!*in && usb_endpoint_is_bulk_in(endpoint)) - *in = endpoint; - -- if (usb_endpoint_is_bulk_out(endpoint)) -+ if (!*out && usb_endpoint_is_bulk_out(endpoint)) - *out = endpoint; -+ -+ /* use first bulk endpoint for in and out */ -+ if (*in && *out) -+ return 0; - } -+ -+ return -ENODEV; - } - - static int kvaser_usb_probe(struct usb_interface *intf, -@@ -1576,8 +1582,8 @@ static int kvaser_usb_probe(struct usb_interface *intf, - if (!dev) - return -ENOMEM; - -- kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out); -- if (!dev->bulk_in || !dev->bulk_out) { -+ err = kvaser_usb_get_endpoints(intf, &dev->bulk_in, &dev->bulk_out); -+ if (err) { - dev_err(&intf->dev, "Cannot get usb endpoint(s)"); - return err; - } -diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c -index fc95b23..6305a5d 100644 ---- a/drivers/net/ethernet/atheros/alx/main.c -+++ b/drivers/net/ethernet/atheros/alx/main.c -@@ -1389,6 +1389,9 @@ static int alx_resume(struct device *dev) - { - struct pci_dev *pdev = to_pci_dev(dev); - struct alx_priv *alx = pci_get_drvdata(pdev); -+ struct alx_hw *hw = &alx->hw; -+ -+ alx_reset_phy(hw); - - if (!netif_running(alx->dev)) - return 0; -diff --git a/drivers/net/wireless/libertas/debugfs.c b/drivers/net/wireless/libertas/debugfs.c -index 668dd27..cc6a0a5 100644 ---- a/drivers/net/wireless/libertas/debugfs.c -+++ b/drivers/net/wireless/libertas/debugfs.c -@@ -913,7 +913,10 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf, - char *p2; - struct debug_data *d = f->private_data; - -- pdata = kmalloc(cnt, GFP_KERNEL); -+ if (cnt == 0) -+ return 0; -+ -+ pdata = kmalloc(cnt + 1, GFP_KERNEL); - if (pdata == NULL) - return 0; - -@@ -922,6 +925,7 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf, - kfree(pdata); - return 0; - } -+ pdata[cnt] = '\0'; - - p0 = pdata; - for (i = 0; i < num_of_items; i++) { -diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c -index 88ce656..1400787 100644 ---- a/drivers/net/wireless/rt2x00/rt2800lib.c -+++ b/drivers/net/wireless/rt2x00/rt2800lib.c -@@ -4461,10 +4461,13 @@ void rt2800_link_tuner(struct rt2x00_dev *rt2x00dev, struct link_qual *qual, - - vgc = rt2800_get_default_vgc(rt2x00dev); - -- if (rt2x00_rt(rt2x00dev, RT5592) && qual->rssi > -65) -- vgc += 0x20; -- else if (qual->rssi > -80) -- vgc += 0x10; -+ if (rt2x00_rt(rt2x00dev, RT5592)) { -+ if (qual->rssi > -65) -+ vgc += 0x20; -+ } else { -+ if (qual->rssi > -80) -+ vgc += 0x10; -+ } - - rt2800_set_vgc(rt2x00dev, qual, vgc); - } -diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c -index 96961b9..4feb35a 100644 ---- a/drivers/net/wireless/rt2x00/rt2800usb.c -+++ b/drivers/net/wireless/rt2x00/rt2800usb.c -@@ -148,6 +148,8 @@ static bool rt2800usb_txstatus_timeout(struct rt2x00_dev *rt2x00dev) - return false; - } - -+#define TXSTATUS_READ_INTERVAL 1000000 -+ - static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev, - int urb_status, u32 tx_status) - { -@@ -176,8 +178,9 @@ static bool rt2800usb_tx_sta_fifo_read_completed(struct rt2x00_dev *rt2x00dev, - queue_work(rt2x00dev->workqueue, &rt2x00dev->txdone_work); - - if (rt2800usb_txstatus_pending(rt2x00dev)) { -- /* Read register after 250 us */ -- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 250000), -+ /* Read register after 1 ms */ -+ hrtimer_start(&rt2x00dev->txstatus_timer, -+ ktime_set(0, TXSTATUS_READ_INTERVAL), - HRTIMER_MODE_REL); - return false; - } -@@ -202,8 +205,9 @@ static void rt2800usb_async_read_tx_status(struct rt2x00_dev *rt2x00dev) - if (test_and_set_bit(TX_STATUS_READING, &rt2x00dev->flags)) - return; - -- /* Read TX_STA_FIFO register after 500 us */ -- hrtimer_start(&rt2x00dev->txstatus_timer, ktime_set(0, 500000), -+ /* Read TX_STA_FIFO register after 2 ms */ -+ hrtimer_start(&rt2x00dev->txstatus_timer, -+ ktime_set(0, 2*TXSTATUS_READ_INTERVAL), - HRTIMER_MODE_REL); - } - -diff --git a/drivers/net/wireless/rt2x00/rt2x00dev.c b/drivers/net/wireless/rt2x00/rt2x00dev.c -index 712eea9..f12e909 100644 ---- a/drivers/net/wireless/rt2x00/rt2x00dev.c -+++ b/drivers/net/wireless/rt2x00/rt2x00dev.c -@@ -181,6 +181,7 @@ static void rt2x00lib_autowakeup(struct work_struct *work) - static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac, - struct ieee80211_vif *vif) - { -+ struct ieee80211_tx_control control = {}; - struct rt2x00_dev *rt2x00dev = data; - struct sk_buff *skb; - -@@ -195,7 +196,7 @@ static void rt2x00lib_bc_buffer_iter(void *data, u8 *mac, - */ - skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); - while (skb) { -- rt2x00mac_tx(rt2x00dev->hw, NULL, skb); -+ rt2x00mac_tx(rt2x00dev->hw, &control, skb); - skb = ieee80211_get_buffered_bc(rt2x00dev->hw, vif); - } - } -diff --git a/drivers/net/wireless/rt2x00/rt2x00lib.h b/drivers/net/wireless/rt2x00/rt2x00lib.h -index a093598..7f40ab8 100644 ---- a/drivers/net/wireless/rt2x00/rt2x00lib.h -+++ b/drivers/net/wireless/rt2x00/rt2x00lib.h -@@ -146,7 +146,7 @@ void rt2x00queue_remove_l2pad(struct sk_buff *skb, unsigned int header_length); - * @local: frame is not from mac80211 - */ - int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, -- bool local); -+ struct ieee80211_sta *sta, bool local); - - /** - * rt2x00queue_update_beacon - Send new beacon from mac80211 -diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c -index f883802..f8cff1f 100644 ---- a/drivers/net/wireless/rt2x00/rt2x00mac.c -+++ b/drivers/net/wireless/rt2x00/rt2x00mac.c -@@ -90,7 +90,7 @@ static int rt2x00mac_tx_rts_cts(struct rt2x00_dev *rt2x00dev, - frag_skb->data, data_length, tx_info, - (struct ieee80211_rts *)(skb->data)); - -- retval = rt2x00queue_write_tx_frame(queue, skb, true); -+ retval = rt2x00queue_write_tx_frame(queue, skb, NULL, true); - if (retval) { - dev_kfree_skb_any(skb); - rt2x00_warn(rt2x00dev, "Failed to send RTS/CTS frame\n"); -@@ -151,7 +151,7 @@ void rt2x00mac_tx(struct ieee80211_hw *hw, - goto exit_fail; - } - -- if (unlikely(rt2x00queue_write_tx_frame(queue, skb, false))) -+ if (unlikely(rt2x00queue_write_tx_frame(queue, skb, control->sta, false))) - goto exit_fail; - - /* -@@ -754,6 +754,9 @@ void rt2x00mac_flush(struct ieee80211_hw *hw, u32 queues, bool drop) - struct rt2x00_dev *rt2x00dev = hw->priv; - struct data_queue *queue; - -+ if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags)) -+ return; -+ - tx_queue_for_each(rt2x00dev, queue) - rt2x00queue_flush_queue(queue, drop); - } -diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index 6c8a33b..66a2db8 100644 ---- a/drivers/net/wireless/rt2x00/rt2x00queue.c -+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -635,7 +635,7 @@ static void rt2x00queue_bar_check(struct queue_entry *entry) - } - - int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, -- bool local) -+ struct ieee80211_sta *sta, bool local) - { - struct ieee80211_tx_info *tx_info; - struct queue_entry *entry; -@@ -649,7 +649,7 @@ int rt2x00queue_write_tx_frame(struct data_queue *queue, struct sk_buff *skb, - * after that we are free to use the skb->cb array - * for our information. - */ -- rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, NULL); -+ rt2x00queue_create_tx_descriptor(queue->rt2x00dev, skb, &txdesc, sta); - - /* - * All information is retrieved from the skb->cb array, -diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index 03ca6c1..4e86e97 100644 ---- a/drivers/platform/x86/thinkpad_acpi.c -+++ b/drivers/platform/x86/thinkpad_acpi.c -@@ -6420,7 +6420,12 @@ static struct ibm_struct brightness_driver_data = { - #define TPACPI_ALSA_SHRTNAME "ThinkPad Console Audio Control" - #define TPACPI_ALSA_MIXERNAME TPACPI_ALSA_SHRTNAME - --static int alsa_index = ~((1 << (SNDRV_CARDS - 3)) - 1); /* last three slots */ -+#if SNDRV_CARDS <= 32 -+#define DEFAULT_ALSA_IDX ~((1 << (SNDRV_CARDS - 3)) - 1) -+#else -+#define DEFAULT_ALSA_IDX ~((1 << (32 - 3)) - 1) -+#endif -+static int alsa_index = DEFAULT_ALSA_IDX; /* last three slots */ - static char *alsa_id = "ThinkPadEC"; - static bool alsa_enable = SNDRV_DEFAULT_ENABLE1; - -diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c -index d85ac1a..fbcd48d 100644 ---- a/drivers/scsi/aacraid/commctrl.c -+++ b/drivers/scsi/aacraid/commctrl.c -@@ -511,7 +511,8 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) - goto cleanup; - } - -- if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) { -+ if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct user_sgentry))) || -+ (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr)))) { - rcode = -EINVAL; - goto cleanup; - } -diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c -index 8e76ddc..5a5e9c9 100644 ---- a/drivers/staging/android/ashmem.c -+++ b/drivers/staging/android/ashmem.c -@@ -706,7 +706,7 @@ static long ashmem_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - .gfp_mask = GFP_KERNEL, - .nr_to_scan = LONG_MAX, - }; -- -+ ret = ashmem_shrink_count(&ashmem_shrinker, &sc); - nodes_setall(sc.nodes_to_scan); - ashmem_shrink_scan(&ashmem_shrinker, &sc); - } -diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c -index 1636c7c..a3af469 100644 ---- a/drivers/staging/comedi/comedi_fops.c -+++ b/drivers/staging/comedi/comedi_fops.c -@@ -543,7 +543,7 @@ void *comedi_alloc_spriv(struct comedi_subdevice *s, size_t size) - { - s->private = kzalloc(size, GFP_KERNEL); - if (s->private) -- comedi_set_subdevice_runflags(s, ~0, SRF_FREE_SPRIV); -+ s->runflags |= SRF_FREE_SPRIV; - return s->private; - } - EXPORT_SYMBOL_GPL(comedi_alloc_spriv); -@@ -1485,7 +1485,8 @@ static int do_cmd_ioctl(struct comedi_device *dev, - if (async->cmd.flags & TRIG_WAKE_EOS) - async->cb_mask |= COMEDI_CB_EOS; - -- comedi_set_subdevice_runflags(s, ~0, SRF_USER | SRF_RUNNING); -+ comedi_set_subdevice_runflags(s, SRF_USER | SRF_ERROR | SRF_RUNNING, -+ SRF_USER | SRF_RUNNING); - - /* set s->busy _after_ setting SRF_RUNNING flag to avoid race with - * comedi_read() or comedi_write() */ -diff --git a/drivers/staging/rtl8188eu/os_dep/os_intfs.c b/drivers/staging/rtl8188eu/os_dep/os_intfs.c -index 63bc913..8b2b4a8 100644 ---- a/drivers/staging/rtl8188eu/os_dep/os_intfs.c -+++ b/drivers/staging/rtl8188eu/os_dep/os_intfs.c -@@ -707,6 +707,10 @@ int rtw_init_netdev_name(struct net_device *pnetdev, const char *ifname) - return 0; - } - -+static const struct device_type wlan_type = { -+ .name = "wlan", -+}; -+ - struct net_device *rtw_init_netdev(struct adapter *old_padapter) - { - struct adapter *padapter; -@@ -722,6 +726,7 @@ struct net_device *rtw_init_netdev(struct adapter *old_padapter) - if (!pnetdev) - return NULL; - -+ pnetdev->dev.type = &wlan_type; - padapter = rtw_netdev_priv(pnetdev); - padapter->pnetdev = pnetdev; - DBG_88E("register rtw_netdev_ops to netdev_ops\n"); -diff --git a/drivers/staging/zram/zram_drv.c b/drivers/staging/zram/zram_drv.c -index 2c4ed52..012ba15 100644 ---- a/drivers/staging/zram/zram_drv.c -+++ b/drivers/staging/zram/zram_drv.c -@@ -648,6 +648,9 @@ static ssize_t reset_store(struct device *dev, - zram = dev_to_zram(dev); - bdev = bdget_disk(zram->disk, 0); - -+ if (!bdev) -+ return -ENOMEM; -+ - /* Do not reset an active device! */ - if (bdev->bd_holders) - return -EBUSY; -@@ -660,8 +663,7 @@ static ssize_t reset_store(struct device *dev, - return -EINVAL; - - /* Make sure all pending I/O is finished */ -- if (bdev) -- fsync_bdev(bdev); -+ fsync_bdev(bdev); - - zram_reset_device(zram, true); - return len; -diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c -index f7841d4..689433c 100644 ---- a/drivers/usb/core/driver.c -+++ b/drivers/usb/core/driver.c -@@ -1790,6 +1790,9 @@ int usb_set_usb2_hardware_lpm(struct usb_device *udev, int enable) - struct usb_hcd *hcd = bus_to_hcd(udev->bus); - int ret = -EPERM; - -+ if (enable && !udev->usb2_hw_lpm_allowed) -+ return 0; -+ - if (hcd->driver->set_usb2_hw_lpm) { - ret = hcd->driver->set_usb2_hw_lpm(hcd, udev, enable); - if (!ret) -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 879651c..243c672 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -1135,6 +1135,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) - usb_clear_port_feature(hub->hdev, port1, - USB_PORT_FEAT_C_ENABLE); - } -+ if (portchange & USB_PORT_STAT_C_RESET) { -+ need_debounce_delay = true; -+ usb_clear_port_feature(hub->hdev, port1, -+ USB_PORT_FEAT_C_RESET); -+ } - if ((portchange & USB_PORT_STAT_C_BH_RESET) && - hub_is_superspeed(hub->hdev)) { - need_debounce_delay = true; -@@ -3954,6 +3959,32 @@ static int hub_set_address(struct usb_device *udev, int devnum) - return retval; - } - -+/* -+ * There are reports of USB 3.0 devices that say they support USB 2.0 Link PM -+ * when they're plugged into a USB 2.0 port, but they don't work when LPM is -+ * enabled. -+ * -+ * Only enable USB 2.0 Link PM if the port is internal (hardwired), or the -+ * device says it supports the new USB 2.0 Link PM errata by setting the BESL -+ * support bit in the BOS descriptor. -+ */ -+static void hub_set_initial_usb2_lpm_policy(struct usb_device *udev) -+{ -+ int connect_type; -+ -+ if (!udev->usb2_hw_lpm_capable) -+ return; -+ -+ connect_type = usb_get_hub_port_connect_type(udev->parent, -+ udev->portnum); -+ -+ if ((udev->bos->ext_cap->bmAttributes & USB_BESL_SUPPORT) || -+ connect_type == USB_PORT_CONNECT_TYPE_HARD_WIRED) { -+ udev->usb2_hw_lpm_allowed = 1; -+ usb_set_usb2_hardware_lpm(udev, 1); -+ } -+} -+ - /* Reset device, (re)assign address, get device descriptor. - * Device connection must be stable, no more debouncing needed. - * Returns device in USB_STATE_ADDRESS, except on error. -@@ -4247,6 +4278,7 @@ hub_port_init (struct usb_hub *hub, struct usb_device *udev, int port1, - /* notify HCD that we have a device connected and addressed */ - if (hcd->driver->update_device) - hcd->driver->update_device(hcd, udev); -+ hub_set_initial_usb2_lpm_policy(udev); - fail: - if (retval) { - hub_port_disable(hub, port1, 0); -@@ -5091,6 +5123,12 @@ static int usb_reset_and_verify_device(struct usb_device *udev) - } - parent_hub = usb_hub_to_struct_hub(parent_hdev); - -+ /* Disable USB2 hardware LPM. -+ * It will be re-enabled by the enumeration process. -+ */ -+ if (udev->usb2_hw_lpm_enabled == 1) -+ usb_set_usb2_hardware_lpm(udev, 0); -+ - bos = udev->bos; - udev->bos = NULL; - -@@ -5198,6 +5236,7 @@ static int usb_reset_and_verify_device(struct usb_device *udev) - - done: - /* Now that the alt settings are re-installed, enable LTM and LPM. */ -+ usb_set_usb2_hardware_lpm(udev, 1); - usb_unlocked_enable_lpm(udev); - usb_enable_ltm(udev); - usb_release_bos_descriptor(udev); -diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c -index 6d2c8ed..ca516ac 100644 ---- a/drivers/usb/core/sysfs.c -+++ b/drivers/usb/core/sysfs.c -@@ -449,7 +449,7 @@ static ssize_t usb2_hardware_lpm_show(struct device *dev, - struct usb_device *udev = to_usb_device(dev); - const char *p; - -- if (udev->usb2_hw_lpm_enabled == 1) -+ if (udev->usb2_hw_lpm_allowed == 1) - p = "enabled"; - else - p = "disabled"; -@@ -469,8 +469,10 @@ static ssize_t usb2_hardware_lpm_store(struct device *dev, - - ret = strtobool(buf, &value); - -- if (!ret) -+ if (!ret) { -+ udev->usb2_hw_lpm_allowed = value; - ret = usb_set_usb2_hardware_lpm(udev, value); -+ } - - usb_unlock_device(udev); - -diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c -index 83bcd13..49b8bd0 100644 ---- a/drivers/usb/host/xhci-mem.c -+++ b/drivers/usb/host/xhci-mem.c -@@ -1693,9 +1693,7 @@ void xhci_free_command(struct xhci_hcd *xhci, - void xhci_mem_cleanup(struct xhci_hcd *xhci) - { - struct pci_dev *pdev = to_pci_dev(xhci_to_hcd(xhci)->self.controller); -- struct dev_info *dev_info, *next; - struct xhci_cd *cur_cd, *next_cd; -- unsigned long flags; - int size; - int i, j, num_ports; - -@@ -1756,13 +1754,6 @@ void xhci_mem_cleanup(struct xhci_hcd *xhci) - - scratchpad_free(xhci); - -- spin_lock_irqsave(&xhci->lock, flags); -- list_for_each_entry_safe(dev_info, next, &xhci->lpm_failed_devs, list) { -- list_del(&dev_info->list); -- kfree(dev_info); -- } -- spin_unlock_irqrestore(&xhci->lock, flags); -- - if (!xhci->rh_bw) - goto no_bw; - -@@ -2231,7 +2222,6 @@ int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags) - u32 page_size, temp; - int i; - -- INIT_LIST_HEAD(&xhci->lpm_failed_devs); - INIT_LIST_HEAD(&xhci->cancel_cmd_list); - - page_size = xhci_readl(xhci, &xhci->op_regs->page_size); -diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c -index 6e0d886..ed6c186 100644 ---- a/drivers/usb/host/xhci.c -+++ b/drivers/usb/host/xhci.c -@@ -4025,133 +4025,6 @@ static int xhci_calculate_usb2_hw_lpm_params(struct usb_device *udev) - return PORT_BESLD(besld) | PORT_L1_TIMEOUT(l1) | PORT_HIRDM(hirdm); - } - --static int xhci_usb2_software_lpm_test(struct usb_hcd *hcd, -- struct usb_device *udev) --{ -- struct xhci_hcd *xhci = hcd_to_xhci(hcd); -- struct dev_info *dev_info; -- __le32 __iomem **port_array; -- __le32 __iomem *addr, *pm_addr; -- u32 temp, dev_id; -- unsigned int port_num; -- unsigned long flags; -- int hird; -- int ret; -- -- if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support || -- !udev->lpm_capable) -- return -EINVAL; -- -- /* we only support lpm for non-hub device connected to root hub yet */ -- if (!udev->parent || udev->parent->parent || -- udev->descriptor.bDeviceClass == USB_CLASS_HUB) -- return -EINVAL; -- -- spin_lock_irqsave(&xhci->lock, flags); -- -- /* Look for devices in lpm_failed_devs list */ -- dev_id = le16_to_cpu(udev->descriptor.idVendor) << 16 | -- le16_to_cpu(udev->descriptor.idProduct); -- list_for_each_entry(dev_info, &xhci->lpm_failed_devs, list) { -- if (dev_info->dev_id == dev_id) { -- ret = -EINVAL; -- goto finish; -- } -- } -- -- port_array = xhci->usb2_ports; -- port_num = udev->portnum - 1; -- -- if (port_num > HCS_MAX_PORTS(xhci->hcs_params1)) { -- xhci_dbg(xhci, "invalid port number %d\n", udev->portnum); -- ret = -EINVAL; -- goto finish; -- } -- -- /* -- * Test USB 2.0 software LPM. -- * FIXME: some xHCI 1.0 hosts may implement a new register to set up -- * hardware-controlled USB 2.0 LPM. See section 5.4.11 and 4.23.5.1.1.1 -- * in the June 2011 errata release. -- */ -- xhci_dbg(xhci, "test port %d software LPM\n", port_num); -- /* -- * Set L1 Device Slot and HIRD/BESL. -- * Check device's USB 2.0 extension descriptor to determine whether -- * HIRD or BESL shoule be used. See USB2.0 LPM errata. -- */ -- pm_addr = port_array[port_num] + PORTPMSC; -- hird = xhci_calculate_hird_besl(xhci, udev); -- temp = PORT_L1DS(udev->slot_id) | PORT_HIRD(hird); -- xhci_writel(xhci, temp, pm_addr); -- -- /* Set port link state to U2(L1) */ -- addr = port_array[port_num]; -- xhci_set_link_state(xhci, port_array, port_num, XDEV_U2); -- -- /* wait for ACK */ -- spin_unlock_irqrestore(&xhci->lock, flags); -- msleep(10); -- spin_lock_irqsave(&xhci->lock, flags); -- -- /* Check L1 Status */ -- ret = xhci_handshake(xhci, pm_addr, -- PORT_L1S_MASK, PORT_L1S_SUCCESS, 125); -- if (ret != -ETIMEDOUT) { -- /* enter L1 successfully */ -- temp = xhci_readl(xhci, addr); -- xhci_dbg(xhci, "port %d entered L1 state, port status 0x%x\n", -- port_num, temp); -- ret = 0; -- } else { -- temp = xhci_readl(xhci, pm_addr); -- xhci_dbg(xhci, "port %d software lpm failed, L1 status %d\n", -- port_num, temp & PORT_L1S_MASK); -- ret = -EINVAL; -- } -- -- /* Resume the port */ -- xhci_set_link_state(xhci, port_array, port_num, XDEV_U0); -- -- spin_unlock_irqrestore(&xhci->lock, flags); -- msleep(10); -- spin_lock_irqsave(&xhci->lock, flags); -- -- /* Clear PLC */ -- xhci_test_and_clear_bit(xhci, port_array, port_num, PORT_PLC); -- -- /* Check PORTSC to make sure the device is in the right state */ -- if (!ret) { -- temp = xhci_readl(xhci, addr); -- xhci_dbg(xhci, "resumed port %d status 0x%x\n", port_num, temp); -- if (!(temp & PORT_CONNECT) || !(temp & PORT_PE) || -- (temp & PORT_PLS_MASK) != XDEV_U0) { -- xhci_dbg(xhci, "port L1 resume fail\n"); -- ret = -EINVAL; -- } -- } -- -- if (ret) { -- /* Insert dev to lpm_failed_devs list */ -- xhci_warn(xhci, "device LPM test failed, may disconnect and " -- "re-enumerate\n"); -- dev_info = kzalloc(sizeof(struct dev_info), GFP_ATOMIC); -- if (!dev_info) { -- ret = -ENOMEM; -- goto finish; -- } -- dev_info->dev_id = dev_id; -- INIT_LIST_HEAD(&dev_info->list); -- list_add(&dev_info->list, &xhci->lpm_failed_devs); -- } else { -- xhci_ring_device(xhci, udev->slot_id); -- } -- --finish: -- spin_unlock_irqrestore(&xhci->lock, flags); -- return ret; --} -- - int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd, - struct usb_device *udev, int enable) - { -@@ -4228,7 +4101,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd, - } - - pm_val &= ~PORT_HIRD_MASK; -- pm_val |= PORT_HIRD(hird) | PORT_RWE; -+ pm_val |= PORT_HIRD(hird) | PORT_RWE | PORT_L1DS(udev->slot_id); - xhci_writel(xhci, pm_val, pm_addr); - pm_val = xhci_readl(xhci, pm_addr); - pm_val |= PORT_HLE; -@@ -4236,7 +4109,7 @@ int xhci_set_usb2_hardware_lpm(struct usb_hcd *hcd, - /* flush write */ - xhci_readl(xhci, pm_addr); - } else { -- pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK); -+ pm_val &= ~(PORT_HLE | PORT_RWE | PORT_HIRD_MASK | PORT_L1DS_MASK); - xhci_writel(xhci, pm_val, pm_addr); - /* flush write */ - xhci_readl(xhci, pm_addr); -@@ -4279,24 +4152,26 @@ static int xhci_check_usb2_port_capability(struct xhci_hcd *xhci, int port, - int xhci_update_device(struct usb_hcd *hcd, struct usb_device *udev) - { - struct xhci_hcd *xhci = hcd_to_xhci(hcd); -- int ret; - int portnum = udev->portnum - 1; - -- ret = xhci_usb2_software_lpm_test(hcd, udev); -- if (!ret) { -- xhci_dbg(xhci, "software LPM test succeed\n"); -- if (xhci->hw_lpm_support == 1 && -- xhci_check_usb2_port_capability(xhci, portnum, XHCI_HLC)) { -- udev->usb2_hw_lpm_capable = 1; -- udev->l1_params.timeout = XHCI_L1_TIMEOUT; -- udev->l1_params.besl = XHCI_DEFAULT_BESL; -- if (xhci_check_usb2_port_capability(xhci, portnum, -- XHCI_BLC)) -- udev->usb2_hw_lpm_besl_capable = 1; -- ret = xhci_set_usb2_hardware_lpm(hcd, udev, 1); -- if (!ret) -- udev->usb2_hw_lpm_enabled = 1; -- } -+ if (hcd->speed == HCD_USB3 || !xhci->sw_lpm_support || -+ !udev->lpm_capable) -+ return 0; -+ -+ /* we only support lpm for non-hub device connected to root hub yet */ -+ if (!udev->parent || udev->parent->parent || -+ udev->descriptor.bDeviceClass == USB_CLASS_HUB) -+ return 0; -+ -+ if (xhci->hw_lpm_support == 1 && -+ xhci_check_usb2_port_capability( -+ xhci, portnum, XHCI_HLC)) { -+ udev->usb2_hw_lpm_capable = 1; -+ udev->l1_params.timeout = XHCI_L1_TIMEOUT; -+ udev->l1_params.besl = XHCI_DEFAULT_BESL; -+ if (xhci_check_usb2_port_capability(xhci, portnum, -+ XHCI_BLC)) -+ udev->usb2_hw_lpm_besl_capable = 1; - } - - return 0; -diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h -index 941d5f5..ed3a425 100644 ---- a/drivers/usb/host/xhci.h -+++ b/drivers/usb/host/xhci.h -@@ -383,6 +383,7 @@ struct xhci_op_regs { - #define PORT_RWE (1 << 3) - #define PORT_HIRD(p) (((p) & 0xf) << 4) - #define PORT_HIRD_MASK (0xf << 4) -+#define PORT_L1DS_MASK (0xff << 8) - #define PORT_L1DS(p) (((p) & 0xff) << 8) - #define PORT_HLE (1 << 16) - -diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c -index cd70cc8..0d0d118 100644 ---- a/drivers/usb/musb/musb_core.c -+++ b/drivers/usb/musb/musb_core.c -@@ -1809,6 +1809,7 @@ static void musb_free(struct musb *musb) - disable_irq_wake(musb->nIrq); - free_irq(musb->nIrq, musb); - } -+ cancel_work_sync(&musb->irq_work); - if (musb->dma_controller) - dma_controller_destroy(musb->dma_controller); - -@@ -1946,6 +1947,8 @@ musb_init_controller(struct device *dev, int nIrq, void __iomem *ctrl) - if (status < 0) - goto fail3; - status = musb_gadget_setup(musb); -+ if (status) -+ musb_host_cleanup(musb); - break; - default: - dev_err(dev, "unsupported port mode %d\n", musb->port_mode); -@@ -1972,6 +1975,7 @@ fail5: - - fail4: - musb_gadget_cleanup(musb); -+ musb_host_cleanup(musb); - - fail3: - if (musb->dma_controller) -diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c -index bd4138d..1edee79 100644 ---- a/drivers/usb/musb/musb_dsps.c -+++ b/drivers/usb/musb/musb_dsps.c -@@ -121,6 +121,7 @@ struct dsps_glue { - unsigned long last_timer; /* last timer data for each instance */ - }; - -+static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout); - /** - * dsps_musb_enable - enable interrupts - */ -@@ -143,6 +144,7 @@ static void dsps_musb_enable(struct musb *musb) - /* Force the DRVVBUS IRQ so we can start polling for ID change. */ - dsps_writel(reg_base, wrp->coreintr_set, - (1 << wrp->drvvbus) << wrp->usb_shift); -+ dsps_musb_try_idle(musb, 0); - } - - /** -@@ -171,6 +173,7 @@ static void otg_timer(unsigned long _musb) - const struct dsps_musb_wrapper *wrp = glue->wrp; - u8 devctl; - unsigned long flags; -+ int skip_session = 0; - - /* - * We poll because DSPS IP's won't expose several OTG-critical -@@ -183,10 +186,12 @@ static void otg_timer(unsigned long _musb) - spin_lock_irqsave(&musb->lock, flags); - switch (musb->xceiv->state) { - case OTG_STATE_A_WAIT_BCON: -- devctl &= ~MUSB_DEVCTL_SESSION; -- dsps_writeb(musb->mregs, MUSB_DEVCTL, devctl); -+ dsps_writeb(musb->mregs, MUSB_DEVCTL, 0); -+ skip_session = 1; -+ /* fall */ - -- devctl = dsps_readb(musb->mregs, MUSB_DEVCTL); -+ case OTG_STATE_A_IDLE: -+ case OTG_STATE_B_IDLE: - if (devctl & MUSB_DEVCTL_BDEVICE) { - musb->xceiv->state = OTG_STATE_B_IDLE; - MUSB_DEV_MODE(musb); -@@ -194,20 +199,15 @@ static void otg_timer(unsigned long _musb) - musb->xceiv->state = OTG_STATE_A_IDLE; - MUSB_HST_MODE(musb); - } -+ if (!(devctl & MUSB_DEVCTL_SESSION) && !skip_session) -+ dsps_writeb(mregs, MUSB_DEVCTL, MUSB_DEVCTL_SESSION); -+ mod_timer(&glue->timer, jiffies + wrp->poll_seconds * HZ); - break; - case OTG_STATE_A_WAIT_VFALL: - musb->xceiv->state = OTG_STATE_A_WAIT_VRISE; - dsps_writel(musb->ctrl_base, wrp->coreintr_set, - MUSB_INTR_VBUSERROR << wrp->usb_shift); - break; -- case OTG_STATE_B_IDLE: -- devctl = dsps_readb(mregs, MUSB_DEVCTL); -- if (devctl & MUSB_DEVCTL_BDEVICE) -- mod_timer(&glue->timer, -- jiffies + wrp->poll_seconds * HZ); -- else -- musb->xceiv->state = OTG_STATE_A_IDLE; -- break; - default: - break; - } -@@ -234,6 +234,9 @@ static void dsps_musb_try_idle(struct musb *musb, unsigned long timeout) - if (musb->port_mode == MUSB_PORT_MODE_HOST) - return; - -+ if (!musb->g.dev.driver) -+ return; -+ - if (time_after(glue->last_timer, timeout) && - timer_pending(&glue->timer)) { - dev_dbg(musb->controller, -diff --git a/drivers/usb/musb/musb_virthub.c b/drivers/usb/musb/musb_virthub.c -index d1d6b83..9af6bba 100644 ---- a/drivers/usb/musb/musb_virthub.c -+++ b/drivers/usb/musb/musb_virthub.c -@@ -220,6 +220,23 @@ int musb_hub_status_data(struct usb_hcd *hcd, char *buf) - return retval; - } - -+static int musb_has_gadget(struct musb *musb) -+{ -+ /* -+ * In host-only mode we start a connection right away. In OTG mode -+ * we have to wait until we loaded a gadget. We don't really need a -+ * gadget if we operate as a host but we should not start a session -+ * as a device without a gadget or else we explode. -+ */ -+#ifdef CONFIG_USB_MUSB_HOST -+ return 1; -+#else -+ if (musb->port_mode == MUSB_PORT_MODE_HOST) -+ return 1; -+ return musb->g.dev.driver != NULL; -+#endif -+} -+ - int musb_hub_control( - struct usb_hcd *hcd, - u16 typeReq, -@@ -362,7 +379,7 @@ int musb_hub_control( - * initialization logic, e.g. for OTG, or change any - * logic relating to VBUS power-up. - */ -- if (!hcd->self.is_b_host) -+ if (!hcd->self.is_b_host && musb_has_gadget(musb)) - musb_start(musb); - break; - case USB_PORT_FEAT_RESET: -diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c -index fdf9535..e5bdd98 100644 ---- a/drivers/usb/serial/mos7840.c -+++ b/drivers/usb/serial/mos7840.c -@@ -1532,7 +1532,11 @@ static int mos7840_tiocmget(struct tty_struct *tty) - return -ENODEV; - - status = mos7840_get_uart_reg(port, MODEM_STATUS_REGISTER, &msr); -+ if (status != 1) -+ return -EIO; - status = mos7840_get_uart_reg(port, MODEM_CONTROL_REGISTER, &mcr); -+ if (status != 1) -+ return -EIO; - result = ((mcr & MCR_DTR) ? TIOCM_DTR : 0) - | ((mcr & MCR_RTS) ? TIOCM_RTS : 0) - | ((mcr & MCR_LOOPBACK) ? TIOCM_LOOP : 0) -diff --git a/drivers/usb/wusbcore/wa-rpipe.c b/drivers/usb/wusbcore/wa-rpipe.c -index fd4f1ce..b5e4fc1 100644 ---- a/drivers/usb/wusbcore/wa-rpipe.c -+++ b/drivers/usb/wusbcore/wa-rpipe.c -@@ -333,7 +333,10 @@ static int rpipe_aim(struct wa_rpipe *rpipe, struct wahc *wa, - /* FIXME: compute so seg_size > ep->maxpktsize */ - rpipe->descr.wBlocks = cpu_to_le16(16); /* given */ - /* ep0 maxpktsize is 0x200 (WUSB1.0[4.8.1]) */ -- rpipe->descr.wMaxPacketSize = cpu_to_le16(ep->desc.wMaxPacketSize); -+ if (usb_endpoint_xfer_isoc(&ep->desc)) -+ rpipe->descr.wMaxPacketSize = epcd->wOverTheAirPacketSize; -+ else -+ rpipe->descr.wMaxPacketSize = ep->desc.wMaxPacketSize; - - rpipe->descr.hwa_bMaxBurst = max(min_t(unsigned int, - epcd->bMaxBurst, 16U), 1U); -diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c -index 4a35572..26450d8 100644 ---- a/fs/btrfs/relocation.c -+++ b/fs/btrfs/relocation.c -@@ -4481,6 +4481,7 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len) - struct btrfs_root *root = BTRFS_I(inode)->root; - int ret; - u64 disk_bytenr; -+ u64 new_bytenr; - LIST_HEAD(list); - - ordered = btrfs_lookup_ordered_extent(inode, file_pos); -@@ -4492,13 +4493,24 @@ int btrfs_reloc_clone_csums(struct inode *inode, u64 file_pos, u64 len) - if (ret) - goto out; - -- disk_bytenr = ordered->start; - while (!list_empty(&list)) { - sums = list_entry(list.next, struct btrfs_ordered_sum, list); - list_del_init(&sums->list); - -- sums->bytenr = disk_bytenr; -- disk_bytenr += sums->len; -+ /* -+ * We need to offset the new_bytenr based on where the csum is. -+ * We need to do this because we will read in entire prealloc -+ * extents but we may have written to say the middle of the -+ * prealloc extent, so we need to make sure the csum goes with -+ * the right disk offset. -+ * -+ * We can do this because the data reloc inode refers strictly -+ * to the on disk bytes, so we don't have to worry about -+ * disk_len vs real len like with real inodes since it's all -+ * disk length. -+ */ -+ new_bytenr = ordered->start + (sums->bytenr - disk_bytenr); -+ sums->bytenr = new_bytenr; - - btrfs_add_ordered_sum(inode, ordered, sums); - } -diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c -index 277bd1b..511d415 100644 ---- a/fs/configfs/dir.c -+++ b/fs/configfs/dir.c -@@ -56,10 +56,19 @@ static void configfs_d_iput(struct dentry * dentry, - struct configfs_dirent *sd = dentry->d_fsdata; - - if (sd) { -- BUG_ON(sd->s_dentry != dentry); - /* Coordinate with configfs_readdir */ - spin_lock(&configfs_dirent_lock); -- sd->s_dentry = NULL; -+ /* Coordinate with configfs_attach_attr where will increase -+ * sd->s_count and update sd->s_dentry to new allocated one. -+ * Only set sd->dentry to null when this dentry is the only -+ * sd owner. -+ * If not do so, configfs_d_iput may run just after -+ * configfs_attach_attr and set sd->s_dentry to null -+ * even it's still in use. -+ */ -+ if (atomic_read(&sd->s_count) <= 2) -+ sd->s_dentry = NULL; -+ - spin_unlock(&configfs_dirent_lock); - configfs_put(sd); - } -@@ -426,8 +435,11 @@ static int configfs_attach_attr(struct configfs_dirent * sd, struct dentry * den - struct configfs_attribute * attr = sd->s_element; - int error; - -+ spin_lock(&configfs_dirent_lock); - dentry->d_fsdata = configfs_get(sd); - sd->s_dentry = dentry; -+ spin_unlock(&configfs_dirent_lock); -+ - error = configfs_create(dentry, (attr->ca_mode & S_IALLUGO) | S_IFREG, - configfs_init_file); - if (error) { -diff --git a/fs/dcache.c b/fs/dcache.c -index ae6ebb8..89f9671 100644 ---- a/fs/dcache.c -+++ b/fs/dcache.c -@@ -2881,9 +2881,9 @@ static int prepend_path(const struct path *path, - const struct path *root, - char **buffer, int *buflen) - { -- struct dentry *dentry = path->dentry; -- struct vfsmount *vfsmnt = path->mnt; -- struct mount *mnt = real_mount(vfsmnt); -+ struct dentry *dentry; -+ struct vfsmount *vfsmnt; -+ struct mount *mnt; - int error = 0; - unsigned seq = 0; - char *bptr; -@@ -2893,6 +2893,9 @@ static int prepend_path(const struct path *path, - restart: - bptr = *buffer; - blen = *buflen; -+ dentry = path->dentry; -+ vfsmnt = path->mnt; -+ mnt = real_mount(vfsmnt); - read_seqbegin_or_lock(&rename_lock, &seq); - while (dentry != root->dentry || vfsmnt != root->mnt) { - struct dentry * parent; -diff --git a/fs/exec.c b/fs/exec.c -index 8875dd1..bb8afc1 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -1668,6 +1668,12 @@ int __get_dumpable(unsigned long mm_flags) - return (ret > SUID_DUMP_USER) ? SUID_DUMP_ROOT : ret; - } - -+/* -+ * This returns the actual value of the suid_dumpable flag. For things -+ * that are using this for checking for privilege transitions, it must -+ * test against SUID_DUMP_USER rather than treating it as a boolean -+ * value. -+ */ - int get_dumpable(struct mm_struct *mm) - { - return __get_dumpable(mm->flags); -diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index ced3257..968d4c56 100644 ---- a/fs/gfs2/inode.c -+++ b/fs/gfs2/inode.c -@@ -584,17 +584,17 @@ static int gfs2_create_inode(struct inode *dir, struct dentry *dentry, - if (!IS_ERR(inode)) { - d = d_splice_alias(inode, dentry); - error = 0; -- if (file && !IS_ERR(d)) { -- if (d == NULL) -- d = dentry; -- if (S_ISREG(inode->i_mode)) -- error = finish_open(file, d, gfs2_open_common, opened); -- else -+ if (file) { -+ if (S_ISREG(inode->i_mode)) { -+ WARN_ON(d != NULL); -+ error = finish_open(file, dentry, gfs2_open_common, opened); -+ } else { - error = finish_no_open(file, d); -+ } -+ } else { -+ dput(d); - } - gfs2_glock_dq_uninit(ghs); -- if (IS_ERR(d)) -- return PTR_ERR(d); - return error; - } else if (error != -ENOENT) { - goto fail_gunlock; -@@ -781,8 +781,10 @@ static struct dentry *__gfs2_lookup(struct inode *dir, struct dentry *dentry, - error = finish_open(file, dentry, gfs2_open_common, opened); - - gfs2_glock_dq_uninit(&gh); -- if (error) -+ if (error) { -+ dput(d); - return ERR_PTR(error); -+ } - return d; - } - -@@ -1163,14 +1165,16 @@ static int gfs2_atomic_open(struct inode *dir, struct dentry *dentry, - d = __gfs2_lookup(dir, dentry, file, opened); - if (IS_ERR(d)) - return PTR_ERR(d); -- if (d == NULL) -- d = dentry; -- if (d->d_inode) { -+ if (d != NULL) -+ dentry = d; -+ if (dentry->d_inode) { - if (!(*opened & FILE_OPENED)) -- return finish_no_open(file, d); -+ return finish_no_open(file, dentry); -+ dput(d); - return 0; - } - -+ BUG_ON(d != NULL); - if (!(flags & O_CREAT)) - return -ENOENT; - -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index d53d678..3b11565 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -1318,21 +1318,14 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data) - int ret; - - if (!data->rpc_done) { -- ret = data->rpc_status; -- goto err; -+ if (data->rpc_status) { -+ ret = data->rpc_status; -+ goto err; -+ } -+ /* cached opens have already been processed */ -+ goto update; - } - -- ret = -ESTALE; -- if (!(data->f_attr.valid & NFS_ATTR_FATTR_TYPE) || -- !(data->f_attr.valid & NFS_ATTR_FATTR_FILEID) || -- !(data->f_attr.valid & NFS_ATTR_FATTR_CHANGE)) -- goto err; -- -- ret = -ENOMEM; -- state = nfs4_get_open_state(inode, data->owner); -- if (state == NULL) -- goto err; -- - ret = nfs_refresh_inode(inode, &data->f_attr); - if (ret) - goto err; -@@ -1341,8 +1334,10 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data) - - if (data->o_res.delegation_type != 0) - nfs4_opendata_check_deleg(data, state); -+update: - update_open_stateid(state, &data->o_res.stateid, NULL, - data->o_arg.fmode); -+ atomic_inc(&state->count); - - return state; - err: -@@ -4575,7 +4570,7 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf, - struct nfs4_label label = {0, 0, buflen, buf}; - - u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL }; -- struct nfs4_getattr_arg args = { -+ struct nfs4_getattr_arg arg = { - .fh = NFS_FH(inode), - .bitmask = bitmask, - }; -@@ -4586,14 +4581,14 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf, - }; - struct rpc_message msg = { - .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_GETATTR], -- .rpc_argp = &args, -+ .rpc_argp = &arg, - .rpc_resp = &res, - }; - int ret; - - nfs_fattr_init(&fattr); - -- ret = rpc_call_sync(server->client, &msg, 0); -+ ret = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 0); - if (ret) - return ret; - if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL)) -@@ -4630,7 +4625,7 @@ static int _nfs4_do_set_security_label(struct inode *inode, - struct iattr sattr = {0}; - struct nfs_server *server = NFS_SERVER(inode); - const u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL }; -- struct nfs_setattrargs args = { -+ struct nfs_setattrargs arg = { - .fh = NFS_FH(inode), - .iap = &sattr, - .server = server, -@@ -4644,14 +4639,14 @@ static int _nfs4_do_set_security_label(struct inode *inode, - }; - struct rpc_message msg = { - .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_SETATTR], -- .rpc_argp = &args, -+ .rpc_argp = &arg, - .rpc_resp = &res, - }; - int status; - -- nfs4_stateid_copy(&args.stateid, &zero_stateid); -+ nfs4_stateid_copy(&arg.stateid, &zero_stateid); - -- status = rpc_call_sync(server->client, &msg, 0); -+ status = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 1); - if (status) - dprintk("%s failed: %d\n", __func__, status); - -@@ -5106,6 +5101,7 @@ static int _nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock - status = 0; - } - request->fl_ops->fl_release_private(request); -+ request->fl_ops = NULL; - out: - return status; - } -diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c -index cc14cbb..ebced8d 100644 ---- a/fs/nfs/nfs4state.c -+++ b/fs/nfs/nfs4state.c -@@ -1422,7 +1422,7 @@ restart: - if (status >= 0) { - status = nfs4_reclaim_locks(state, ops); - if (status >= 0) { -- if (test_bit(NFS_DELEGATED_STATE, &state->flags) != 0) { -+ if (!test_bit(NFS_DELEGATED_STATE, &state->flags)) { - spin_lock(&state->state_lock); - list_for_each_entry(lock, &state->lock_states, ls_locks) { - if (!test_bit(NFS_LOCK_INITIALIZED, &lock->ls_flags)) -@@ -1881,10 +1881,15 @@ again: - nfs4_root_machine_cred(clp); - goto again; - } -- if (i > 2) -+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) - break; - case -NFS4ERR_CLID_INUSE: - case -NFS4ERR_WRONGSEC: -+ /* No point in retrying if we already used RPC_AUTH_UNIX */ -+ if (clnt->cl_auth->au_flavor == RPC_AUTH_UNIX) { -+ status = -EPERM; -+ break; -+ } - clnt = rpc_clone_client_set_auth(clnt, RPC_AUTH_UNIX); - if (IS_ERR(clnt)) { - status = PTR_ERR(clnt); -diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c -index 5f38ea3..af51cf9 100644 ---- a/fs/nfsd/export.c -+++ b/fs/nfsd/export.c -@@ -536,16 +536,12 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) - if (err) - goto out3; - exp.ex_anon_uid= make_kuid(&init_user_ns, an_int); -- if (!uid_valid(exp.ex_anon_uid)) -- goto out3; - - /* anon gid */ - err = get_int(&mesg, &an_int); - if (err) - goto out3; - exp.ex_anon_gid= make_kgid(&init_user_ns, an_int); -- if (!gid_valid(exp.ex_anon_gid)) -- goto out3; - - /* fsid */ - err = get_int(&mesg, &an_int); -@@ -583,6 +579,17 @@ static int svc_export_parse(struct cache_detail *cd, char *mesg, int mlen) - exp.ex_uuid); - if (err) - goto out4; -+ /* -+ * For some reason exportfs has been passing down an -+ * invalid (-1) uid & gid on the "dummy" export which it -+ * uses to test export support. To make sure exportfs -+ * sees errors from check_export we therefore need to -+ * delay these checks till after check_export: -+ */ -+ if (!uid_valid(exp.ex_anon_uid)) -+ goto out4; -+ if (!gid_valid(exp.ex_anon_gid)) -+ goto out4; - } - - expp = svc_export_lookup(&exp); -diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index d9454fe..ecc735e 100644 ---- a/fs/nfsd/nfs4xdr.c -+++ b/fs/nfsd/nfs4xdr.c -@@ -141,8 +141,8 @@ xdr_error: \ - - static void next_decode_page(struct nfsd4_compoundargs *argp) - { -- argp->pagelist++; - argp->p = page_address(argp->pagelist[0]); -+ argp->pagelist++; - if (argp->pagelen < PAGE_SIZE) { - argp->end = argp->p + (argp->pagelen>>2); - argp->pagelen = 0; -@@ -411,6 +411,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, - label->data = kzalloc(dummy32 + 1, GFP_KERNEL); - if (!label->data) - return nfserr_jukebox; -+ label->len = dummy32; - defer_free(argp, kfree, label->data); - memcpy(label->data, buf, dummy32); - } -@@ -1208,6 +1209,7 @@ nfsd4_decode_write(struct nfsd4_compoundargs *argp, struct nfsd4_write *write) - len -= pages * PAGE_SIZE; - - argp->p = (__be32 *)page_address(argp->pagelist[0]); -+ argp->pagelist++; - argp->end = argp->p + XDR_QUADLEN(PAGE_SIZE); - } - argp->p += XDR_QUADLEN(len); -diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index c827acb..72cb28e 100644 ---- a/fs/nfsd/vfs.c -+++ b/fs/nfsd/vfs.c -@@ -298,41 +298,12 @@ commit_metadata(struct svc_fh *fhp) - } - - /* -- * Set various file attributes. -- * N.B. After this call fhp needs an fh_put -+ * Go over the attributes and take care of the small differences between -+ * NFS semantics and what Linux expects. - */ --__be32 --nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, -- int check_guard, time_t guardtime) -+static void -+nfsd_sanitize_attrs(struct inode *inode, struct iattr *iap) - { -- struct dentry *dentry; -- struct inode *inode; -- int accmode = NFSD_MAY_SATTR; -- umode_t ftype = 0; -- __be32 err; -- int host_err; -- int size_change = 0; -- -- if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) -- accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; -- if (iap->ia_valid & ATTR_SIZE) -- ftype = S_IFREG; -- -- /* Get inode */ -- err = fh_verify(rqstp, fhp, ftype, accmode); -- if (err) -- goto out; -- -- dentry = fhp->fh_dentry; -- inode = dentry->d_inode; -- -- /* Ignore any mode updates on symlinks */ -- if (S_ISLNK(inode->i_mode)) -- iap->ia_valid &= ~ATTR_MODE; -- -- if (!iap->ia_valid) -- goto out; -- - /* - * NFSv2 does not differentiate between "set-[ac]time-to-now" - * which only requires access, and "set-[ac]time-to-X" which -@@ -342,8 +313,7 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, - * convert to "set to now" instead of "set to explicit time" - * - * We only call inode_change_ok as the last test as technically -- * it is not an interface that we should be using. It is only -- * valid if the filesystem does not define it's own i_op->setattr. -+ * it is not an interface that we should be using. - */ - #define BOTH_TIME_SET (ATTR_ATIME_SET | ATTR_MTIME_SET) - #define MAX_TOUCH_TIME_ERROR (30*60) -@@ -369,30 +339,6 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, - iap->ia_valid &= ~BOTH_TIME_SET; - } - } -- -- /* -- * The size case is special. -- * It changes the file as well as the attributes. -- */ -- if (iap->ia_valid & ATTR_SIZE) { -- if (iap->ia_size < inode->i_size) { -- err = nfsd_permission(rqstp, fhp->fh_export, dentry, -- NFSD_MAY_TRUNC|NFSD_MAY_OWNER_OVERRIDE); -- if (err) -- goto out; -- } -- -- host_err = get_write_access(inode); -- if (host_err) -- goto out_nfserr; -- -- size_change = 1; -- host_err = locks_verify_truncate(inode, NULL, iap->ia_size); -- if (host_err) { -- put_write_access(inode); -- goto out_nfserr; -- } -- } - - /* sanitize the mode change */ - if (iap->ia_valid & ATTR_MODE) { -@@ -415,32 +361,111 @@ nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, - iap->ia_valid |= (ATTR_KILL_SUID | ATTR_KILL_SGID); - } - } -+} - -- /* Change the attributes. */ -+static __be32 -+nfsd_get_write_access(struct svc_rqst *rqstp, struct svc_fh *fhp, -+ struct iattr *iap) -+{ -+ struct inode *inode = fhp->fh_dentry->d_inode; -+ int host_err; - -- iap->ia_valid |= ATTR_CTIME; -+ if (iap->ia_size < inode->i_size) { -+ __be32 err; - -- err = nfserr_notsync; -- if (!check_guard || guardtime == inode->i_ctime.tv_sec) { -- host_err = nfsd_break_lease(inode); -- if (host_err) -- goto out_nfserr; -- fh_lock(fhp); -+ err = nfsd_permission(rqstp, fhp->fh_export, fhp->fh_dentry, -+ NFSD_MAY_TRUNC | NFSD_MAY_OWNER_OVERRIDE); -+ if (err) -+ return err; -+ } - -- host_err = notify_change(dentry, iap); -- err = nfserrno(host_err); -- fh_unlock(fhp); -+ host_err = get_write_access(inode); -+ if (host_err) -+ goto out_nfserrno; -+ -+ host_err = locks_verify_truncate(inode, NULL, iap->ia_size); -+ if (host_err) -+ goto out_put_write_access; -+ return 0; -+ -+out_put_write_access: -+ put_write_access(inode); -+out_nfserrno: -+ return nfserrno(host_err); -+} -+ -+/* -+ * Set various file attributes. After this call fhp needs an fh_put. -+ */ -+__be32 -+nfsd_setattr(struct svc_rqst *rqstp, struct svc_fh *fhp, struct iattr *iap, -+ int check_guard, time_t guardtime) -+{ -+ struct dentry *dentry; -+ struct inode *inode; -+ int accmode = NFSD_MAY_SATTR; -+ umode_t ftype = 0; -+ __be32 err; -+ int host_err; -+ int size_change = 0; -+ -+ if (iap->ia_valid & (ATTR_ATIME | ATTR_MTIME | ATTR_SIZE)) -+ accmode |= NFSD_MAY_WRITE|NFSD_MAY_OWNER_OVERRIDE; -+ if (iap->ia_valid & ATTR_SIZE) -+ ftype = S_IFREG; -+ -+ /* Get inode */ -+ err = fh_verify(rqstp, fhp, ftype, accmode); -+ if (err) -+ goto out; -+ -+ dentry = fhp->fh_dentry; -+ inode = dentry->d_inode; -+ -+ /* Ignore any mode updates on symlinks */ -+ if (S_ISLNK(inode->i_mode)) -+ iap->ia_valid &= ~ATTR_MODE; -+ -+ if (!iap->ia_valid) -+ goto out; -+ -+ nfsd_sanitize_attrs(inode, iap); -+ -+ /* -+ * The size case is special, it changes the file in addition to the -+ * attributes. -+ */ -+ if (iap->ia_valid & ATTR_SIZE) { -+ err = nfsd_get_write_access(rqstp, fhp, iap); -+ if (err) -+ goto out; -+ size_change = 1; - } -+ -+ iap->ia_valid |= ATTR_CTIME; -+ -+ if (check_guard && guardtime != inode->i_ctime.tv_sec) { -+ err = nfserr_notsync; -+ goto out_put_write_access; -+ } -+ -+ host_err = nfsd_break_lease(inode); -+ if (host_err) -+ goto out_put_write_access_nfserror; -+ -+ fh_lock(fhp); -+ host_err = notify_change(dentry, iap); -+ fh_unlock(fhp); -+ -+out_put_write_access_nfserror: -+ err = nfserrno(host_err); -+out_put_write_access: - if (size_change) - put_write_access(inode); - if (!err) - commit_metadata(fhp); - out: - return err; -- --out_nfserr: -- err = nfserrno(host_err); -- goto out; - } - - #if defined(CONFIG_NFSD_V2_ACL) || \ -diff --git a/fs/xfs/xfs_sb.c b/fs/xfs/xfs_sb.c -index a5b59d9..0397081 100644 ---- a/fs/xfs/xfs_sb.c -+++ b/fs/xfs/xfs_sb.c -@@ -596,6 +596,11 @@ xfs_sb_verify( - * single bit error could clear the feature bit and unused parts of the - * superblock are supposed to be zero. Hence a non-null crc field indicates that - * we've potentially lost a feature bit and we should check it anyway. -+ * -+ * However, past bugs (i.e. in growfs) left non-zeroed regions beyond the -+ * last field in V4 secondary superblocks. So for secondary superblocks, -+ * we are more forgiving, and ignore CRC failures if the primary doesn't -+ * indicate that the fs version is V5. - */ - static void - xfs_sb_read_verify( -@@ -616,8 +621,12 @@ xfs_sb_read_verify( - - if (!xfs_verify_cksum(bp->b_addr, be16_to_cpu(dsb->sb_sectsize), - offsetof(struct xfs_sb, sb_crc))) { -- error = EFSCORRUPTED; -- goto out_error; -+ /* Only fail bad secondaries on a known V5 filesystem */ -+ if (bp->b_bn != XFS_SB_DADDR && -+ xfs_sb_version_hascrc(&mp->m_sb)) { -+ error = EFSCORRUPTED; -+ goto out_error; -+ } - } - } - error = xfs_sb_verify(bp, true); -diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index e8112ae..7554fd4 100644 ---- a/include/linux/binfmts.h -+++ b/include/linux/binfmts.h -@@ -99,9 +99,6 @@ extern void setup_new_exec(struct linux_binprm * bprm); - extern void would_dump(struct linux_binprm *, struct file *); - - extern int suid_dumpable; --#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ --#define SUID_DUMP_USER 1 /* Dump as user of process */ --#define SUID_DUMP_ROOT 2 /* Dump as root */ - - /* Stack area protections */ - #define EXSTACK_DEFAULT 0 /* Whatever the arch defaults to */ -diff --git a/include/linux/nfs4.h b/include/linux/nfs4.h -index e36dee5..3859ddb 100644 ---- a/include/linux/nfs4.h -+++ b/include/linux/nfs4.h -@@ -395,7 +395,7 @@ enum lock_type4 { - #define FATTR4_WORD1_FS_LAYOUT_TYPES (1UL << 30) - #define FATTR4_WORD2_LAYOUT_BLKSIZE (1UL << 1) - #define FATTR4_WORD2_MDSTHRESHOLD (1UL << 4) --#define FATTR4_WORD2_SECURITY_LABEL (1UL << 17) -+#define FATTR4_WORD2_SECURITY_LABEL (1UL << 16) - - /* MDS threshold bitmap bits */ - #define THRESHOLD_RD (1UL << 0) -diff --git a/include/linux/sched.h b/include/linux/sched.h -index e27baee..b1e963e 100644 ---- a/include/linux/sched.h -+++ b/include/linux/sched.h -@@ -322,6 +322,10 @@ static inline void arch_pick_mmap_layout(struct mm_struct *mm) {} - extern void set_dumpable(struct mm_struct *mm, int value); - extern int get_dumpable(struct mm_struct *mm); - -+#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ -+#define SUID_DUMP_USER 1 /* Dump as user of process */ -+#define SUID_DUMP_ROOT 2 /* Dump as root */ -+ - /* mm flags */ - /* dumpable bits */ - #define MMF_DUMPABLE 0 /* core dump is permitted */ -@@ -2474,34 +2478,98 @@ static inline int tsk_is_polling(struct task_struct *p) - { - return task_thread_info(p)->status & TS_POLLING; - } --static inline void current_set_polling(void) -+static inline void __current_set_polling(void) - { - current_thread_info()->status |= TS_POLLING; - } - --static inline void current_clr_polling(void) -+static inline bool __must_check current_set_polling_and_test(void) -+{ -+ __current_set_polling(); -+ -+ /* -+ * Polling state must be visible before we test NEED_RESCHED, -+ * paired by resched_task() -+ */ -+ smp_mb(); -+ -+ return unlikely(tif_need_resched()); -+} -+ -+static inline void __current_clr_polling(void) - { - current_thread_info()->status &= ~TS_POLLING; -- smp_mb__after_clear_bit(); -+} -+ -+static inline bool __must_check current_clr_polling_and_test(void) -+{ -+ __current_clr_polling(); -+ -+ /* -+ * Polling state must be visible before we test NEED_RESCHED, -+ * paired by resched_task() -+ */ -+ smp_mb(); -+ -+ return unlikely(tif_need_resched()); - } - #elif defined(TIF_POLLING_NRFLAG) - static inline int tsk_is_polling(struct task_struct *p) - { - return test_tsk_thread_flag(p, TIF_POLLING_NRFLAG); - } --static inline void current_set_polling(void) -+ -+static inline void __current_set_polling(void) - { - set_thread_flag(TIF_POLLING_NRFLAG); - } - --static inline void current_clr_polling(void) -+static inline bool __must_check current_set_polling_and_test(void) -+{ -+ __current_set_polling(); -+ -+ /* -+ * Polling state must be visible before we test NEED_RESCHED, -+ * paired by resched_task() -+ * -+ * XXX: assumes set/clear bit are identical barrier wise. -+ */ -+ smp_mb__after_clear_bit(); -+ -+ return unlikely(tif_need_resched()); -+} -+ -+static inline void __current_clr_polling(void) - { - clear_thread_flag(TIF_POLLING_NRFLAG); - } -+ -+static inline bool __must_check current_clr_polling_and_test(void) -+{ -+ __current_clr_polling(); -+ -+ /* -+ * Polling state must be visible before we test NEED_RESCHED, -+ * paired by resched_task() -+ */ -+ smp_mb__after_clear_bit(); -+ -+ return unlikely(tif_need_resched()); -+} -+ - #else - static inline int tsk_is_polling(struct task_struct *p) { return 0; } --static inline void current_set_polling(void) { } --static inline void current_clr_polling(void) { } -+static inline void __current_set_polling(void) { } -+static inline void __current_clr_polling(void) { } -+ -+static inline bool __must_check current_set_polling_and_test(void) -+{ -+ return unlikely(tif_need_resched()); -+} -+static inline bool __must_check current_clr_polling_and_test(void) -+{ -+ return unlikely(tif_need_resched()); -+} - #endif - - /* -diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h -index e7e0473..4ae6f32 100644 ---- a/include/linux/thread_info.h -+++ b/include/linux/thread_info.h -@@ -107,6 +107,8 @@ static inline int test_ti_thread_flag(struct thread_info *ti, int flag) - #define set_need_resched() set_thread_flag(TIF_NEED_RESCHED) - #define clear_need_resched() clear_thread_flag(TIF_NEED_RESCHED) - -+#define tif_need_resched() test_thread_flag(TIF_NEED_RESCHED) -+ - #if defined TIF_RESTORE_SIGMASK && !defined HAVE_SET_RESTORE_SIGMASK - /* - * An arch can define its own version of set_restore_sigmask() to get the -diff --git a/include/linux/usb.h b/include/linux/usb.h -index 001629c..39cfa0a 100644 ---- a/include/linux/usb.h -+++ b/include/linux/usb.h -@@ -475,7 +475,8 @@ struct usb3_lpm_parameters { - * @lpm_capable: device supports LPM - * @usb2_hw_lpm_capable: device can perform USB2 hardware LPM - * @usb2_hw_lpm_besl_capable: device can perform USB2 hardware BESL LPM -- * @usb2_hw_lpm_enabled: USB2 hardware LPM enabled -+ * @usb2_hw_lpm_enabled: USB2 hardware LPM is enabled -+ * @usb2_hw_lpm_allowed: Userspace allows USB 2.0 LPM to be enabled - * @usb3_lpm_enabled: USB3 hardware LPM enabled - * @string_langid: language ID for strings - * @product: iProduct string, if present (static) -@@ -548,6 +549,7 @@ struct usb_device { - unsigned usb2_hw_lpm_capable:1; - unsigned usb2_hw_lpm_besl_capable:1; - unsigned usb2_hw_lpm_enabled:1; -+ unsigned usb2_hw_lpm_allowed:1; - unsigned usb3_lpm_enabled:1; - int string_langid; - -diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h -index 9031a26..ae6c3b8 100644 ---- a/include/sound/compress_driver.h -+++ b/include/sound/compress_driver.h -@@ -171,4 +171,13 @@ static inline void snd_compr_fragment_elapsed(struct snd_compr_stream *stream) - wake_up(&stream->runtime->sleep); - } - -+static inline void snd_compr_drain_notify(struct snd_compr_stream *stream) -+{ -+ if (snd_BUG_ON(!stream)) -+ return; -+ -+ stream->runtime->state = SNDRV_PCM_STATE_SETUP; -+ wake_up(&stream->runtime->sleep); -+} -+ - #endif -diff --git a/ipc/shm.c b/ipc/shm.c -index d697396..7a51443 100644 ---- a/ipc/shm.c -+++ b/ipc/shm.c -@@ -208,15 +208,18 @@ static void shm_open(struct vm_area_struct *vma) - */ - static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp) - { -+ struct file *shm_file; -+ -+ shm_file = shp->shm_file; -+ shp->shm_file = NULL; - ns->shm_tot -= (shp->shm_segsz + PAGE_SIZE - 1) >> PAGE_SHIFT; - shm_rmid(ns, shp); - shm_unlock(shp); -- if (!is_file_hugepages(shp->shm_file)) -- shmem_lock(shp->shm_file, 0, shp->mlock_user); -+ if (!is_file_hugepages(shm_file)) -+ shmem_lock(shm_file, 0, shp->mlock_user); - else if (shp->mlock_user) -- user_shm_unlock(file_inode(shp->shm_file)->i_size, -- shp->mlock_user); -- fput (shp->shm_file); -+ user_shm_unlock(file_inode(shm_file)->i_size, shp->mlock_user); -+ fput(shm_file); - ipc_rcu_putref(shp, shm_rcu_free); - } - -@@ -974,15 +977,25 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf) - ipc_lock_object(&shp->shm_perm); - if (!ns_capable(ns->user_ns, CAP_IPC_LOCK)) { - kuid_t euid = current_euid(); -- err = -EPERM; - if (!uid_eq(euid, shp->shm_perm.uid) && -- !uid_eq(euid, shp->shm_perm.cuid)) -+ !uid_eq(euid, shp->shm_perm.cuid)) { -+ err = -EPERM; - goto out_unlock0; -- if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) -+ } -+ if (cmd == SHM_LOCK && !rlimit(RLIMIT_MEMLOCK)) { -+ err = -EPERM; - goto out_unlock0; -+ } - } - - shm_file = shp->shm_file; -+ -+ /* check if shm_destroy() is tearing down shp */ -+ if (shm_file == NULL) { -+ err = -EIDRM; -+ goto out_unlock0; -+ } -+ - if (is_file_hugepages(shm_file)) - goto out_unlock0; - -@@ -1101,6 +1114,14 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, - goto out_unlock; - - ipc_lock_object(&shp->shm_perm); -+ -+ /* check if shm_destroy() is tearing down shp */ -+ if (shp->shm_file == NULL) { -+ ipc_unlock_object(&shp->shm_perm); -+ err = -EIDRM; -+ goto out_unlock; -+ } -+ - path = shp->shm_file->f_path; - path_get(&path); - shp->shm_nattch++; -diff --git a/kernel/cpu/idle.c b/kernel/cpu/idle.c -index e695c0a..c261409 100644 ---- a/kernel/cpu/idle.c -+++ b/kernel/cpu/idle.c -@@ -44,7 +44,7 @@ static inline int cpu_idle_poll(void) - rcu_idle_enter(); - trace_cpu_idle_rcuidle(0, smp_processor_id()); - local_irq_enable(); -- while (!need_resched()) -+ while (!tif_need_resched()) - cpu_relax(); - trace_cpu_idle_rcuidle(PWR_EVENT_EXIT, smp_processor_id()); - rcu_idle_exit(); -@@ -92,8 +92,7 @@ static void cpu_idle_loop(void) - if (cpu_idle_force_poll || tick_check_broadcast_expired()) { - cpu_idle_poll(); - } else { -- current_clr_polling(); -- if (!need_resched()) { -+ if (!current_clr_polling_and_test()) { - stop_critical_timings(); - rcu_idle_enter(); - arch_cpu_idle(); -@@ -103,7 +102,7 @@ static void cpu_idle_loop(void) - } else { - local_irq_enable(); - } -- current_set_polling(); -+ __current_set_polling(); - } - arch_cpu_idle_exit(); - } -@@ -129,7 +128,7 @@ void cpu_startup_entry(enum cpuhp_state state) - */ - boot_init_stack_canary(); - #endif -- current_set_polling(); -+ __current_set_polling(); - arch_cpu_idle_prepare(); - cpu_idle_loop(); - } -diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index dd562e9..1f4bcb3 100644 ---- a/kernel/ptrace.c -+++ b/kernel/ptrace.c -@@ -257,7 +257,8 @@ ok: - if (task->mm) - dumpable = get_dumpable(task->mm); - rcu_read_lock(); -- if (!dumpable && !ptrace_has_cap(__task_cred(task)->user_ns, mode)) { -+ if (dumpable != SUID_DUMP_USER && -+ !ptrace_has_cap(__task_cred(task)->user_ns, mode)) { - rcu_read_unlock(); - return -EPERM; - } -diff --git a/kernel/trace/trace_event_perf.c b/kernel/trace/trace_event_perf.c -index 80c36bc..78e27e3 100644 ---- a/kernel/trace/trace_event_perf.c -+++ b/kernel/trace/trace_event_perf.c -@@ -26,7 +26,7 @@ static int perf_trace_event_perm(struct ftrace_event_call *tp_event, - { - /* The ftrace function trace is allowed only for root. */ - if (ftrace_event_is_function(tp_event) && -- perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) -+ perf_paranoid_tracepoint_raw() && !capable(CAP_SYS_ADMIN)) - return -EPERM; - - /* No tracing, just counting, so no obvious leak */ -diff --git a/mm/slub.c b/mm/slub.c -index c3eb3d3..96f2169 100644 ---- a/mm/slub.c -+++ b/mm/slub.c -@@ -1217,8 +1217,8 @@ static unsigned long kmem_cache_flags(unsigned long object_size, - /* - * Enable debugging if selected on the kernel commandline. - */ -- if (slub_debug && (!slub_debug_slabs || -- !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs)))) -+ if (slub_debug && (!slub_debug_slabs || (name && -+ !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs))))) - flags |= slub_debug; - - return flags; -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 0846566..cc24323 100644 ---- a/net/sunrpc/auth_gss/auth_gss.c -+++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -482,6 +482,7 @@ gss_alloc_msg(struct gss_auth *gss_auth, - switch (vers) { - case 0: - gss_encode_v0_msg(gss_msg); -+ break; - default: - gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name); - }; -diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 7747960..941d19f 100644 ---- a/net/sunrpc/clnt.c -+++ b/net/sunrpc/clnt.c -@@ -656,14 +656,16 @@ EXPORT_SYMBOL_GPL(rpc_shutdown_client); - /* - * Free an RPC client - */ --static void -+static struct rpc_clnt * - rpc_free_client(struct rpc_clnt *clnt) - { -+ struct rpc_clnt *parent = NULL; -+ - dprintk_rcu("RPC: destroying %s client for %s\n", - clnt->cl_program->name, - rcu_dereference(clnt->cl_xprt)->servername); - if (clnt->cl_parent != clnt) -- rpc_release_client(clnt->cl_parent); -+ parent = clnt->cl_parent; - rpc_clnt_remove_pipedir(clnt); - rpc_unregister_client(clnt); - rpc_free_iostats(clnt->cl_metrics); -@@ -672,18 +674,17 @@ rpc_free_client(struct rpc_clnt *clnt) - rpciod_down(); - rpc_free_clid(clnt); - kfree(clnt); -+ return parent; - } - - /* - * Free an RPC client - */ --static void -+static struct rpc_clnt * - rpc_free_auth(struct rpc_clnt *clnt) - { -- if (clnt->cl_auth == NULL) { -- rpc_free_client(clnt); -- return; -- } -+ if (clnt->cl_auth == NULL) -+ return rpc_free_client(clnt); - - /* - * Note: RPCSEC_GSS may need to send NULL RPC calls in order to -@@ -694,7 +695,8 @@ rpc_free_auth(struct rpc_clnt *clnt) - rpcauth_release(clnt->cl_auth); - clnt->cl_auth = NULL; - if (atomic_dec_and_test(&clnt->cl_count)) -- rpc_free_client(clnt); -+ return rpc_free_client(clnt); -+ return NULL; - } - - /* -@@ -705,10 +707,13 @@ rpc_release_client(struct rpc_clnt *clnt) - { - dprintk("RPC: rpc_release_client(%p)\n", clnt); - -- if (list_empty(&clnt->cl_tasks)) -- wake_up(&destroy_wait); -- if (atomic_dec_and_test(&clnt->cl_count)) -- rpc_free_auth(clnt); -+ do { -+ if (list_empty(&clnt->cl_tasks)) -+ wake_up(&destroy_wait); -+ if (!atomic_dec_and_test(&clnt->cl_count)) -+ break; -+ clnt = rpc_free_auth(clnt); -+ } while (clnt != NULL); - } - EXPORT_SYMBOL_GPL(rpc_release_client); - -diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c -index ee03d35..b752e1d 100644 ---- a/net/sunrpc/xprtsock.c -+++ b/net/sunrpc/xprtsock.c -@@ -393,8 +393,10 @@ static int xs_send_kvec(struct socket *sock, struct sockaddr *addr, int addrlen, - return kernel_sendmsg(sock, &msg, NULL, 0, 0); - } - --static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more) -+static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned int base, int more, bool zerocopy) - { -+ ssize_t (*do_sendpage)(struct socket *sock, struct page *page, -+ int offset, size_t size, int flags); - struct page **ppage; - unsigned int remainder; - int err, sent = 0; -@@ -403,6 +405,9 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i - base += xdr->page_base; - ppage = xdr->pages + (base >> PAGE_SHIFT); - base &= ~PAGE_MASK; -+ do_sendpage = sock->ops->sendpage; -+ if (!zerocopy) -+ do_sendpage = sock_no_sendpage; - for(;;) { - unsigned int len = min_t(unsigned int, PAGE_SIZE - base, remainder); - int flags = XS_SENDMSG_FLAGS; -@@ -410,7 +415,7 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i - remainder -= len; - if (remainder != 0 || more) - flags |= MSG_MORE; -- err = sock->ops->sendpage(sock, *ppage, base, len, flags); -+ err = do_sendpage(sock, *ppage, base, len, flags); - if (remainder == 0 || err != len) - break; - sent += err; -@@ -431,9 +436,10 @@ static int xs_send_pagedata(struct socket *sock, struct xdr_buf *xdr, unsigned i - * @addrlen: UDP only -- length of destination address - * @xdr: buffer containing this request - * @base: starting position in the buffer -+ * @zerocopy: true if it is safe to use sendpage() - * - */ --static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base) -+static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, struct xdr_buf *xdr, unsigned int base, bool zerocopy) - { - unsigned int remainder = xdr->len - base; - int err, sent = 0; -@@ -461,7 +467,7 @@ static int xs_sendpages(struct socket *sock, struct sockaddr *addr, int addrlen, - if (base < xdr->page_len) { - unsigned int len = xdr->page_len - base; - remainder -= len; -- err = xs_send_pagedata(sock, xdr, base, remainder != 0); -+ err = xs_send_pagedata(sock, xdr, base, remainder != 0, zerocopy); - if (remainder == 0 || err != len) - goto out; - sent += err; -@@ -564,7 +570,7 @@ static int xs_local_send_request(struct rpc_task *task) - req->rq_svec->iov_base, req->rq_svec->iov_len); - - status = xs_sendpages(transport->sock, NULL, 0, -- xdr, req->rq_bytes_sent); -+ xdr, req->rq_bytes_sent, true); - dprintk("RPC: %s(%u) = %d\n", - __func__, xdr->len - req->rq_bytes_sent, status); - if (likely(status >= 0)) { -@@ -620,7 +626,7 @@ static int xs_udp_send_request(struct rpc_task *task) - status = xs_sendpages(transport->sock, - xs_addr(xprt), - xprt->addrlen, xdr, -- req->rq_bytes_sent); -+ req->rq_bytes_sent, true); - - dprintk("RPC: xs_udp_send_request(%u) = %d\n", - xdr->len - req->rq_bytes_sent, status); -@@ -693,6 +699,7 @@ static int xs_tcp_send_request(struct rpc_task *task) - struct rpc_xprt *xprt = req->rq_xprt; - struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); - struct xdr_buf *xdr = &req->rq_snd_buf; -+ bool zerocopy = true; - int status; - - xs_encode_stream_record_marker(&req->rq_snd_buf); -@@ -700,13 +707,20 @@ static int xs_tcp_send_request(struct rpc_task *task) - xs_pktdump("packet data:", - req->rq_svec->iov_base, - req->rq_svec->iov_len); -+ /* Don't use zero copy if this is a resend. If the RPC call -+ * completes while the socket holds a reference to the pages, -+ * then we may end up resending corrupted data. -+ */ -+ if (task->tk_flags & RPC_TASK_SENT) -+ zerocopy = false; - - /* Continue transmitting the packet/record. We must be careful - * to cope with writespace callbacks arriving _after_ we have - * called sendmsg(). */ - while (1) { - status = xs_sendpages(transport->sock, -- NULL, 0, xdr, req->rq_bytes_sent); -+ NULL, 0, xdr, req->rq_bytes_sent, -+ zerocopy); - - dprintk("RPC: xs_tcp_send_request(%u) = %d\n", - xdr->len - req->rq_bytes_sent, status); -diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c -index 399433a..a9c3d3c 100644 ---- a/security/integrity/ima/ima_policy.c -+++ b/security/integrity/ima/ima_policy.c -@@ -73,7 +73,6 @@ static struct ima_rule_entry default_rules[] = { - {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, - {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, - {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, -- {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC}, - {.action = DONT_MEASURE,.fsmagic = DEVPTS_SUPER_MAGIC,.flags = IMA_FSMAGIC}, - {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, - {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, -diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c -index bea523a..d9af638 100644 ---- a/sound/core/compress_offload.c -+++ b/sound/core/compress_offload.c -@@ -680,14 +680,48 @@ static int snd_compr_stop(struct snd_compr_stream *stream) - return -EPERM; - retval = stream->ops->trigger(stream, SNDRV_PCM_TRIGGER_STOP); - if (!retval) { -- stream->runtime->state = SNDRV_PCM_STATE_SETUP; -- wake_up(&stream->runtime->sleep); -+ snd_compr_drain_notify(stream); - stream->runtime->total_bytes_available = 0; - stream->runtime->total_bytes_transferred = 0; - } - return retval; - } - -+static int snd_compress_wait_for_drain(struct snd_compr_stream *stream) -+{ -+ int ret; -+ -+ /* -+ * We are called with lock held. So drop the lock while we wait for -+ * drain complete notfication from the driver -+ * -+ * It is expected that driver will notify the drain completion and then -+ * stream will be moved to SETUP state, even if draining resulted in an -+ * error. We can trigger next track after this. -+ */ -+ stream->runtime->state = SNDRV_PCM_STATE_DRAINING; -+ mutex_unlock(&stream->device->lock); -+ -+ /* we wait for drain to complete here, drain can return when -+ * interruption occurred, wait returned error or success. -+ * For the first two cases we don't do anything different here and -+ * return after waking up -+ */ -+ -+ ret = wait_event_interruptible(stream->runtime->sleep, -+ (stream->runtime->state != SNDRV_PCM_STATE_DRAINING)); -+ if (ret == -ERESTARTSYS) -+ pr_debug("wait aborted by a signal"); -+ else if (ret) -+ pr_debug("wait for drain failed with %d\n", ret); -+ -+ -+ wake_up(&stream->runtime->sleep); -+ mutex_lock(&stream->device->lock); -+ -+ return ret; -+} -+ - static int snd_compr_drain(struct snd_compr_stream *stream) - { - int retval; -@@ -695,12 +729,15 @@ static int snd_compr_drain(struct snd_compr_stream *stream) - if (stream->runtime->state == SNDRV_PCM_STATE_PREPARED || - stream->runtime->state == SNDRV_PCM_STATE_SETUP) - return -EPERM; -+ - retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_DRAIN); -- if (!retval) { -- stream->runtime->state = SNDRV_PCM_STATE_DRAINING; -+ if (retval) { -+ pr_debug("SND_COMPR_TRIGGER_DRAIN failed %d\n", retval); - wake_up(&stream->runtime->sleep); -+ return retval; - } -- return retval; -+ -+ return snd_compress_wait_for_drain(stream); - } - - static int snd_compr_next_track(struct snd_compr_stream *stream) -@@ -736,9 +773,14 @@ static int snd_compr_partial_drain(struct snd_compr_stream *stream) - return -EPERM; - - retval = stream->ops->trigger(stream, SND_COMPR_TRIGGER_PARTIAL_DRAIN); -+ if (retval) { -+ pr_debug("Partial drain returned failure\n"); -+ wake_up(&stream->runtime->sleep); -+ return retval; -+ } - - stream->next_track = false; -- return retval; -+ return snd_compress_wait_for_drain(stream); - } - - static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg) -diff --git a/sound/drivers/pcsp/pcsp.c b/sound/drivers/pcsp/pcsp.c -index 1c19cd7..83b8a9a 100644 ---- a/sound/drivers/pcsp/pcsp.c -+++ b/sound/drivers/pcsp/pcsp.c -@@ -187,8 +187,8 @@ static int pcsp_probe(struct platform_device *dev) - static int pcsp_remove(struct platform_device *dev) - { - struct snd_pcsp *chip = platform_get_drvdata(dev); -- alsa_card_pcsp_exit(chip); - pcspkr_input_remove(chip->input_dev); -+ alsa_card_pcsp_exit(chip); - return 0; - } - -diff --git a/sound/isa/msnd/msnd_pinnacle.c b/sound/isa/msnd/msnd_pinnacle.c -index 81aeb93..0a90bd6 100644 ---- a/sound/isa/msnd/msnd_pinnacle.c -+++ b/sound/isa/msnd/msnd_pinnacle.c -@@ -73,9 +73,11 @@ - #ifdef MSND_CLASSIC - # include "msnd_classic.h" - # define LOGNAME "msnd_classic" -+# define DEV_NAME "msnd-classic" - #else - # include "msnd_pinnacle.h" - # define LOGNAME "snd_msnd_pinnacle" -+# define DEV_NAME "msnd-pinnacle" - #endif - - static void set_default_audio_parameters(struct snd_msnd *chip) -@@ -1067,8 +1069,6 @@ static int snd_msnd_isa_remove(struct device *pdev, unsigned int dev) - return 0; - } - --#define DEV_NAME "msnd-pinnacle" -- - static struct isa_driver snd_msnd_driver = { - .match = snd_msnd_isa_match, - .probe = snd_msnd_isa_probe, -diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index 748c6a9..e938a68 100644 ---- a/sound/pci/hda/hda_codec.c -+++ b/sound/pci/hda/hda_codec.c -@@ -2579,9 +2579,6 @@ int snd_hda_codec_reset(struct hda_codec *codec) - cancel_delayed_work_sync(&codec->jackpoll_work); - #ifdef CONFIG_PM - cancel_delayed_work_sync(&codec->power_work); -- codec->power_on = 0; -- codec->power_transition = 0; -- codec->power_jiffies = jiffies; - flush_workqueue(bus->workq); - #endif - snd_hda_ctls_clear(codec); -@@ -3991,6 +3988,10 @@ static void hda_call_codec_resume(struct hda_codec *codec) - * in the resume / power-save sequence - */ - hda_keep_power_on(codec); -+ if (codec->pm_down_notified) { -+ codec->pm_down_notified = 0; -+ hda_call_pm_notify(codec->bus, true); -+ } - hda_set_power_state(codec, AC_PWRST_D0); - restore_shutup_pins(codec); - hda_exec_init_verbs(codec); -diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c -index b7c89df..3067ed4 100644 ---- a/sound/pci/hda/hda_generic.c -+++ b/sound/pci/hda/hda_generic.c -@@ -549,11 +549,15 @@ static hda_nid_t look_for_out_mute_nid(struct hda_codec *codec, - static hda_nid_t look_for_out_vol_nid(struct hda_codec *codec, - struct nid_path *path) - { -+ struct hda_gen_spec *spec = codec->spec; - int i; - - for (i = path->depth - 1; i >= 0; i--) { -- if (nid_has_volume(codec, path->path[i], HDA_OUTPUT)) -- return path->path[i]; -+ hda_nid_t nid = path->path[i]; -+ if ((spec->out_vol_mask >> nid) & 1) -+ continue; -+ if (nid_has_volume(codec, nid, HDA_OUTPUT)) -+ return nid; - } - return 0; - } -@@ -792,10 +796,10 @@ static void set_pin_eapd(struct hda_codec *codec, hda_nid_t pin, bool enable) - if (spec->own_eapd_ctl || - !(snd_hda_query_pin_caps(codec, pin) & AC_PINCAP_EAPD)) - return; -- if (codec->inv_eapd) -- enable = !enable; - if (spec->keep_eapd_on && !enable) - return; -+ if (codec->inv_eapd) -+ enable = !enable; - snd_hda_codec_update_cache(codec, pin, 0, - AC_VERB_SET_EAPD_BTLENABLE, - enable ? 0x02 : 0x00); -diff --git a/sound/pci/hda/hda_generic.h b/sound/pci/hda/hda_generic.h -index 48d4402..7e45cb4 100644 ---- a/sound/pci/hda/hda_generic.h -+++ b/sound/pci/hda/hda_generic.h -@@ -242,6 +242,9 @@ struct hda_gen_spec { - /* additional mute flags (only effective with auto_mute_via_amp=1) */ - u64 mute_bits; - -+ /* bitmask for skipping volume controls */ -+ u64 out_vol_mask; -+ - /* badness tables for output path evaluations */ - const struct badness_table *main_out_badness; - const struct badness_table *extra_out_badness; -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c -index 6e61a01..a63aff2 100644 ---- a/sound/pci/hda/hda_intel.c -+++ b/sound/pci/hda/hda_intel.c -@@ -612,6 +612,11 @@ enum { - #define AZX_DCAPS_INTEL_PCH \ - (AZX_DCAPS_INTEL_PCH_NOPM | AZX_DCAPS_PM_RUNTIME) - -+#define AZX_DCAPS_INTEL_HASWELL \ -+ (AZX_DCAPS_SCH_SNOOP | AZX_DCAPS_ALIGN_BUFSIZE | \ -+ AZX_DCAPS_COUNT_LPIB_DELAY | AZX_DCAPS_PM_RUNTIME | \ -+ AZX_DCAPS_I915_POWERWELL) -+ - /* quirks for ATI SB / AMD Hudson */ - #define AZX_DCAPS_PRESET_ATI_SB \ - (AZX_DCAPS_ATI_SNOOP | AZX_DCAPS_NO_TCSEL | \ -@@ -3987,14 +3992,11 @@ static DEFINE_PCI_DEVICE_TABLE(azx_ids) = { - .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_PCH }, - /* Haswell */ - { PCI_DEVICE(0x8086, 0x0a0c), -- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH | -- AZX_DCAPS_I915_POWERWELL }, -+ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL }, - { PCI_DEVICE(0x8086, 0x0c0c), -- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH | -- AZX_DCAPS_I915_POWERWELL }, -+ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL }, - { PCI_DEVICE(0x8086, 0x0d0c), -- .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH | -- AZX_DCAPS_I915_POWERWELL }, -+ .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_HASWELL }, - /* 5 Series/3400 */ - { PCI_DEVICE(0x8086, 0x3b56), - .driver_data = AZX_DRIVER_SCH | AZX_DCAPS_INTEL_PCH_NOPM }, -diff --git a/sound/pci/hda/patch_analog.c b/sound/pci/hda/patch_analog.c -index 2aa2f57..a52d2a1 100644 ---- a/sound/pci/hda/patch_analog.c -+++ b/sound/pci/hda/patch_analog.c -@@ -219,8 +219,12 @@ static int alloc_ad_spec(struct hda_codec *codec) - static void ad_fixup_inv_jack_detect(struct hda_codec *codec, - const struct hda_fixup *fix, int action) - { -- if (action == HDA_FIXUP_ACT_PRE_PROBE) -+ struct ad198x_spec *spec = codec->spec; -+ -+ if (action == HDA_FIXUP_ACT_PRE_PROBE) { - codec->inv_jack_detect = 1; -+ spec->gen.keep_eapd_on = 1; -+ } - } - - enum { -diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c -index 18d9725..072755c 100644 ---- a/sound/pci/hda/patch_cirrus.c -+++ b/sound/pci/hda/patch_cirrus.c -@@ -597,6 +597,7 @@ static int patch_cs420x(struct hda_codec *codec) - * Its layout is no longer compatible with CS4206/CS4207 - */ - enum { -+ CS4208_MAC_AUTO, - CS4208_MBA6, - CS4208_GPIO0, - }; -@@ -608,7 +609,12 @@ static const struct hda_model_fixup cs4208_models[] = { - }; - - static const struct snd_pci_quirk cs4208_fixup_tbl[] = { -- /* codec SSID */ -+ SND_PCI_QUIRK_VENDOR(0x106b, "Apple", CS4208_MAC_AUTO), -+ {} /* terminator */ -+}; -+ -+/* codec SSID matching */ -+static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = { - SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6), - SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6), - {} /* terminator */ -@@ -626,6 +632,20 @@ static void cs4208_fixup_gpio0(struct hda_codec *codec, - } - } - -+static const struct hda_fixup cs4208_fixups[]; -+ -+/* remap the fixup from codec SSID and apply it */ -+static void cs4208_fixup_mac(struct hda_codec *codec, -+ const struct hda_fixup *fix, int action) -+{ -+ if (action != HDA_FIXUP_ACT_PRE_PROBE) -+ return; -+ snd_hda_pick_fixup(codec, NULL, cs4208_mac_fixup_tbl, cs4208_fixups); -+ if (codec->fixup_id < 0 || codec->fixup_id == CS4208_MAC_AUTO) -+ codec->fixup_id = CS4208_GPIO0; /* default fixup */ -+ snd_hda_apply_fixup(codec, action); -+} -+ - static const struct hda_fixup cs4208_fixups[] = { - [CS4208_MBA6] = { - .type = HDA_FIXUP_PINS, -@@ -637,6 +657,10 @@ static const struct hda_fixup cs4208_fixups[] = { - .type = HDA_FIXUP_FUNC, - .v.func = cs4208_fixup_gpio0, - }, -+ [CS4208_MAC_AUTO] = { -+ .type = HDA_FIXUP_FUNC, -+ .v.func = cs4208_fixup_mac, -+ }, - }; - - /* correct the 0dB offset of input pins */ -@@ -660,6 +684,8 @@ static int patch_cs4208(struct hda_codec *codec) - return -ENOMEM; - - spec->gen.automute_hook = cs_automute; -+ /* exclude NID 0x10 (HP) from output volumes due to different steps */ -+ spec->gen.out_vol_mask = 1ULL << 0x10; - - snd_hda_pick_fixup(codec, cs4208_models, cs4208_fixup_tbl, - cs4208_fixups); -diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c -index ec68eae..96f07ce 100644 ---- a/sound/pci/hda/patch_conexant.c -+++ b/sound/pci/hda/patch_conexant.c -@@ -3568,6 +3568,8 @@ static const struct hda_codec_preset snd_hda_preset_conexant[] = { - .patch = patch_conexant_auto }, - { .id = 0x14f15115, .name = "CX20757", - .patch = patch_conexant_auto }, -+ { .id = 0x14f151d7, .name = "CX20952", -+ .patch = patch_conexant_auto }, - {} /* terminator */ - }; - -@@ -3594,6 +3596,7 @@ MODULE_ALIAS("snd-hda-codec-id:14f15111"); - MODULE_ALIAS("snd-hda-codec-id:14f15113"); - MODULE_ALIAS("snd-hda-codec-id:14f15114"); - MODULE_ALIAS("snd-hda-codec-id:14f15115"); -+MODULE_ALIAS("snd-hda-codec-id:14f151d7"); - - MODULE_LICENSE("GPL"); - MODULE_DESCRIPTION("Conexant HD-audio codec"); -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index 8ad5543..2f39631 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -1043,6 +1043,7 @@ enum { - ALC880_FIXUP_UNIWILL, - ALC880_FIXUP_UNIWILL_DIG, - ALC880_FIXUP_Z71V, -+ ALC880_FIXUP_ASUS_W5A, - ALC880_FIXUP_3ST_BASE, - ALC880_FIXUP_3ST, - ALC880_FIXUP_3ST_DIG, -@@ -1213,6 +1214,26 @@ static const struct hda_fixup alc880_fixups[] = { - { } - } - }, -+ [ALC880_FIXUP_ASUS_W5A] = { -+ .type = HDA_FIXUP_PINS, -+ .v.pins = (const struct hda_pintbl[]) { -+ /* set up the whole pins as BIOS is utterly broken */ -+ { 0x14, 0x0121411f }, /* HP */ -+ { 0x15, 0x411111f0 }, /* N/A */ -+ { 0x16, 0x411111f0 }, /* N/A */ -+ { 0x17, 0x411111f0 }, /* N/A */ -+ { 0x18, 0x90a60160 }, /* mic */ -+ { 0x19, 0x411111f0 }, /* N/A */ -+ { 0x1a, 0x411111f0 }, /* N/A */ -+ { 0x1b, 0x411111f0 }, /* N/A */ -+ { 0x1c, 0x411111f0 }, /* N/A */ -+ { 0x1d, 0x411111f0 }, /* N/A */ -+ { 0x1e, 0xb743111e }, /* SPDIF out */ -+ { } -+ }, -+ .chained = true, -+ .chain_id = ALC880_FIXUP_GPIO1, -+ }, - [ALC880_FIXUP_3ST_BASE] = { - .type = HDA_FIXUP_PINS, - .v.pins = (const struct hda_pintbl[]) { -@@ -1334,6 +1355,7 @@ static const struct hda_fixup alc880_fixups[] = { - - static const struct snd_pci_quirk alc880_fixup_tbl[] = { - SND_PCI_QUIRK(0x1019, 0x0f69, "Coeus G610P", ALC880_FIXUP_W810), -+ SND_PCI_QUIRK(0x1043, 0x10c3, "ASUS W5A", ALC880_FIXUP_ASUS_W5A), - SND_PCI_QUIRK(0x1043, 0x1964, "ASUS Z71V", ALC880_FIXUP_Z71V), - SND_PCI_QUIRK_VENDOR(0x1043, "ASUS", ALC880_FIXUP_GPIO1), - SND_PCI_QUIRK(0x1558, 0x5401, "Clevo GPIO2", ALC880_FIXUP_GPIO2), -@@ -1479,6 +1501,7 @@ enum { - ALC260_FIXUP_KN1, - ALC260_FIXUP_FSC_S7020, - ALC260_FIXUP_FSC_S7020_JWSE, -+ ALC260_FIXUP_VAIO_PINS, - }; - - static void alc260_gpio1_automute(struct hda_codec *codec) -@@ -1619,6 +1642,24 @@ static const struct hda_fixup alc260_fixups[] = { - .chained = true, - .chain_id = ALC260_FIXUP_FSC_S7020, - }, -+ [ALC260_FIXUP_VAIO_PINS] = { -+ .type = HDA_FIXUP_PINS, -+ .v.pins = (const struct hda_pintbl[]) { -+ /* Pin configs are missing completely on some VAIOs */ -+ { 0x0f, 0x01211020 }, -+ { 0x10, 0x0001003f }, -+ { 0x11, 0x411111f0 }, -+ { 0x12, 0x01a15930 }, -+ { 0x13, 0x411111f0 }, -+ { 0x14, 0x411111f0 }, -+ { 0x15, 0x411111f0 }, -+ { 0x16, 0x411111f0 }, -+ { 0x17, 0x411111f0 }, -+ { 0x18, 0x411111f0 }, -+ { 0x19, 0x411111f0 }, -+ { } -+ } -+ }, - }; - - static const struct snd_pci_quirk alc260_fixup_tbl[] = { -@@ -1627,6 +1668,8 @@ static const struct snd_pci_quirk alc260_fixup_tbl[] = { - SND_PCI_QUIRK(0x1025, 0x008f, "Acer", ALC260_FIXUP_GPIO1), - SND_PCI_QUIRK(0x103c, 0x280a, "HP dc5750", ALC260_FIXUP_HP_DC5750), - SND_PCI_QUIRK(0x103c, 0x30ba, "HP Presario B1900", ALC260_FIXUP_HP_B1900), -+ SND_PCI_QUIRK(0x104d, 0x81bb, "Sony VAIO", ALC260_FIXUP_VAIO_PINS), -+ SND_PCI_QUIRK(0x104d, 0x81e2, "Sony VAIO TX", ALC260_FIXUP_HP_PIN_0F), - SND_PCI_QUIRK(0x10cf, 0x1326, "FSC LifeBook S7020", ALC260_FIXUP_FSC_S7020), - SND_PCI_QUIRK(0x1509, 0x4540, "Favorit 100XS", ALC260_FIXUP_GPIO1), - SND_PCI_QUIRK(0x152d, 0x0729, "Quanta KN1", ALC260_FIXUP_KN1), -@@ -2388,6 +2431,7 @@ static const struct hda_verb alc268_beep_init_verbs[] = { - enum { - ALC268_FIXUP_INV_DMIC, - ALC268_FIXUP_HP_EAPD, -+ ALC268_FIXUP_SPDIF, - }; - - static const struct hda_fixup alc268_fixups[] = { -@@ -2402,6 +2446,13 @@ static const struct hda_fixup alc268_fixups[] = { - {} - } - }, -+ [ALC268_FIXUP_SPDIF] = { -+ .type = HDA_FIXUP_PINS, -+ .v.pins = (const struct hda_pintbl[]) { -+ { 0x1e, 0x014b1180 }, /* enable SPDIF out */ -+ {} -+ } -+ }, - }; - - static const struct hda_model_fixup alc268_fixup_models[] = { -@@ -2411,6 +2462,7 @@ static const struct hda_model_fixup alc268_fixup_models[] = { - }; - - static const struct snd_pci_quirk alc268_fixup_tbl[] = { -+ SND_PCI_QUIRK(0x1025, 0x0139, "Acer TravelMate 6293", ALC268_FIXUP_SPDIF), - SND_PCI_QUIRK(0x1025, 0x015b, "Acer AOA 150 (ZG5)", ALC268_FIXUP_INV_DMIC), - /* below is codec SSID since multiple Toshiba laptops have the - * same PCI SSID 1179:ff00 -@@ -2540,6 +2592,7 @@ enum { - ALC269_TYPE_ALC283, - ALC269_TYPE_ALC284, - ALC269_TYPE_ALC286, -+ ALC269_TYPE_ALC255, - }; - - /* -@@ -2565,6 +2618,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec) - case ALC269_TYPE_ALC282: - case ALC269_TYPE_ALC283: - case ALC269_TYPE_ALC286: -+ case ALC269_TYPE_ALC255: - ssids = alc269_ssids; - break; - default: -@@ -2944,6 +2998,23 @@ static void alc269_fixup_mic_mute_hook(void *private_data, int enabled) - snd_hda_set_pin_ctl_cache(codec, spec->mute_led_nid, pinval); - } - -+/* Make sure the led works even in runtime suspend */ -+static unsigned int led_power_filter(struct hda_codec *codec, -+ hda_nid_t nid, -+ unsigned int power_state) -+{ -+ struct alc_spec *spec = codec->spec; -+ -+ if (power_state != AC_PWRST_D3 || nid != spec->mute_led_nid) -+ return power_state; -+ -+ /* Set pin ctl again, it might have just been set to 0 */ -+ snd_hda_set_pin_ctl(codec, nid, -+ snd_hda_codec_get_pin_target(codec, nid)); -+ -+ return AC_PWRST_D0; -+} -+ - static void alc269_fixup_hp_mute_led(struct hda_codec *codec, - const struct hda_fixup *fix, int action) - { -@@ -2963,6 +3034,7 @@ static void alc269_fixup_hp_mute_led(struct hda_codec *codec, - spec->mute_led_nid = pin - 0x0a + 0x18; - spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook; - spec->gen.vmaster_mute_enum = 1; -+ codec->power_filter = led_power_filter; - snd_printd("Detected mute LED for %x:%d\n", spec->mute_led_nid, - spec->mute_led_polarity); - break; -@@ -2978,6 +3050,7 @@ static void alc269_fixup_hp_mute_led_mic1(struct hda_codec *codec, - spec->mute_led_nid = 0x18; - spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook; - spec->gen.vmaster_mute_enum = 1; -+ codec->power_filter = led_power_filter; - } - } - -@@ -2990,6 +3063,7 @@ static void alc269_fixup_hp_mute_led_mic2(struct hda_codec *codec, - spec->mute_led_nid = 0x19; - spec->gen.vmaster_mute.hook = alc269_fixup_mic_mute_hook; - spec->gen.vmaster_mute_enum = 1; -+ codec->power_filter = led_power_filter; - } - } - -@@ -3230,8 +3304,10 @@ static void alc_update_headset_mode(struct hda_codec *codec) - else - new_headset_mode = ALC_HEADSET_MODE_HEADPHONE; - -- if (new_headset_mode == spec->current_headset_mode) -+ if (new_headset_mode == spec->current_headset_mode) { -+ snd_hda_gen_update_outputs(codec); - return; -+ } - - switch (new_headset_mode) { - case ALC_HEADSET_MODE_UNPLUGGED: -@@ -3895,6 +3971,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { - SND_PCI_QUIRK(0x1028, 0x0608, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), - SND_PCI_QUIRK(0x1028, 0x0609, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), - SND_PCI_QUIRK(0x1028, 0x0613, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), -+ SND_PCI_QUIRK(0x1028, 0x0614, "Dell Inspiron 3135", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE), - SND_PCI_QUIRK(0x1028, 0x0616, "Dell Vostro 5470", ALC290_FIXUP_MONO_SPEAKERS), - SND_PCI_QUIRK(0x1028, 0x15cc, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE), - SND_PCI_QUIRK(0x1028, 0x15cd, "Dell X5 Precision", ALC269_FIXUP_DELL2_MIC_NO_PRESENCE), -@@ -4128,6 +4205,9 @@ static int patch_alc269(struct hda_codec *codec) - case 0x10ec0286: - spec->codec_variant = ALC269_TYPE_ALC286; - break; -+ case 0x10ec0255: -+ spec->codec_variant = ALC269_TYPE_ALC255; -+ break; - } - - if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) { -@@ -4842,6 +4922,7 @@ static int patch_alc680(struct hda_codec *codec) - static const struct hda_codec_preset snd_hda_preset_realtek[] = { - { .id = 0x10ec0221, .name = "ALC221", .patch = patch_alc269 }, - { .id = 0x10ec0233, .name = "ALC233", .patch = patch_alc269 }, -+ { .id = 0x10ec0255, .name = "ALC255", .patch = patch_alc269 }, - { .id = 0x10ec0260, .name = "ALC260", .patch = patch_alc260 }, - { .id = 0x10ec0262, .name = "ALC262", .patch = patch_alc262 }, - { .id = 0x10ec0267, .name = "ALC267", .patch = patch_alc268 }, -diff --git a/sound/usb/6fire/chip.c b/sound/usb/6fire/chip.c -index c39c779..66edc4a 100644 ---- a/sound/usb/6fire/chip.c -+++ b/sound/usb/6fire/chip.c -@@ -101,7 +101,7 @@ static int usb6fire_chip_probe(struct usb_interface *intf, - usb_set_intfdata(intf, chips[i]); - mutex_unlock(®ister_mutex); - return 0; -- } else if (regidx < 0) -+ } else if (!devices[i] && regidx < 0) - regidx = i; - } - if (regidx < 0) { -diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c -index 72a130b..c329c8f 100644 ---- a/virt/kvm/iommu.c -+++ b/virt/kvm/iommu.c -@@ -103,6 +103,10 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) - while ((gfn << PAGE_SHIFT) & (page_size - 1)) - page_size >>= 1; - -+ /* Make sure hva is aligned to the page size we want to map */ -+ while (__gfn_to_hva_memslot(slot, gfn) & (page_size - 1)) -+ page_size >>= 1; -+ - /* - * Pin all pages we are about to map in memory. This is - * important because we unmap and unpin in 4kb steps later. diff --git a/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch b/3.12.2/4420_grsecurity-3.0-3.12.2-201312032145.patch index 284b9ed..f703780 100644 --- a/3.12.2/4420_grsecurity-3.0-3.12.2-201312011111.patch +++ b/3.12.2/4420_grsecurity-3.0-3.12.2-201312032145.patch @@ -829,7 +829,7 @@ index 98838a0..b304fb4 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 1ad6fb6..4e7fae5 100644 +index 1ad6fb6..9406b3d 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1832,7 +1832,7 @@ config ALIGNMENT_TRAP @@ -841,6 +841,14 @@ index 1ad6fb6..4e7fae5 100644 default y if CPU_FEROCEON help Implement faster copy_to_user and clear_user methods for CPU +@@ -2097,6 +2097,7 @@ config XIP_PHYS_ADDR + config KEXEC + bool "Kexec system call (EXPERIMENTAL)" + depends on (!SMP || PM_SLEEP_SMP) ++ depends on !GRKERNSEC_KMEM + help + kexec is a system call that implements the ability to shutdown your + current kernel, and to start another kernel. It is like a reboot diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h index da1c77d..2ee6056 100644 --- a/arch/arm/include/asm/atomic.h @@ -4824,6 +4832,18 @@ index f4ca594..adc72fd6 100644 #define __cacheline_aligned __aligned(L1_CACHE_BYTES) #define ____cacheline_aligned __aligned(L1_CACHE_BYTES) +diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig +index 7740ab1..17fa8c5 100644 +--- a/arch/ia64/Kconfig ++++ b/arch/ia64/Kconfig +@@ -554,6 +554,7 @@ source "drivers/sn/Kconfig" + config KEXEC + bool "kexec system call" + depends on !IA64_HP_SIM && (!SMP || HOTPLUG_CPU) ++ depends on !GRKERNSEC_KMEM + help + kexec is a system call that implements the ability to shutdown your + current kernel, and to start another kernel. It is like a reboot diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h index 6e6fe18..a6ae668 100644 --- a/arch/ia64/include/asm/atomic.h @@ -5354,6 +5374,18 @@ index 4efe96a..60e8699 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig +index f75ab4a..adc6968 100644 +--- a/arch/mips/Kconfig ++++ b/arch/mips/Kconfig +@@ -2283,6 +2283,7 @@ source "kernel/Kconfig.preempt" + + config KEXEC + bool "Kexec system call" ++ depends on !GRKERNSEC_KMEM + help + kexec is a system call that implements the ability to shutdown your + current kernel, and to start another kernel. It is like a reboot diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h index 08b6079..8b554d2 100644 --- a/arch/mips/include/asm/atomic.h @@ -7458,6 +7490,18 @@ index 0293588..3b229aa 100644 /* * If for any reason at all we couldn't handle the fault, make +diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig +index 38f3b7e..7e485c0 100644 +--- a/arch/powerpc/Kconfig ++++ b/arch/powerpc/Kconfig +@@ -378,6 +378,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE + config KEXEC + bool "kexec system call" + depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP)) ++ depends on !GRKERNSEC_KMEM + help + kexec is a system call that implements the ability to shutdown your + current kernel, and to start another kernel. It is like a reboot diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h index e3b1d41..8e81edf 100644 --- a/arch/powerpc/include/asm/atomic.h @@ -11336,6 +11380,18 @@ index ed82eda..0d80e77 100644 #endif /* CONFIG_SMP */ #endif /* CONFIG_DEBUG_DCFLUSH */ } +diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig +index d45a2c4..3c05a78 100644 +--- a/arch/tile/Kconfig ++++ b/arch/tile/Kconfig +@@ -185,6 +185,7 @@ source "kernel/Kconfig.hz" + + config KEXEC + bool "kexec system call" ++ depends on !GRKERNSEC_KMEM + ---help--- + kexec is a system call that implements the ability to shutdown your + current kernel, and to start another kernel. It is like a reboot diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h index ad220ee..2f537b3 100644 --- a/arch/tile/include/asm/atomic_64.h @@ -11541,7 +11597,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index f67e839..419b5f7 100644 +index f67e839..bfd4748 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -247,7 +247,7 @@ config X86_HT @@ -11596,7 +11652,15 @@ index f67e839..419b5f7 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1733,6 +1735,8 @@ config X86_NEED_RELOCS +@@ -1632,6 +1634,7 @@ source kernel/Kconfig.hz + + config KEXEC + bool "kexec system call" ++ depends on !GRKERNSEC_KMEM + ---help--- + kexec is a system call that implements the ability to shutdown your + current kernel, and to start another kernel. It is like a reboot +@@ -1733,6 +1736,8 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" default "0x1000000" @@ -11605,7 +11669,7 @@ index f67e839..419b5f7 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1812,9 +1816,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1812,9 +1817,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -14207,7 +14271,7 @@ index 722aa3b..3a0bb27 100644 /* Atomic operations are already serializing on x86 */ #define smp_mb__before_atomic_dec() barrier() diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h -index b154de7..aadebd8 100644 +index b154de7..a7cef48 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -12,6 +12,14 @@ typedef struct { @@ -14279,7 +14343,7 @@ index b154de7..aadebd8 100644 * atomic64_xchg - xchg atomic64 variable * @v: pointer to type atomic64_t * @n: value to assign -@@ -112,6 +145,22 @@ static inline void atomic64_set(atomic64_t *v, long long i) +@@ -112,12 +145,41 @@ static inline void atomic64_set(atomic64_t *v, long long i) } /** @@ -14302,16 +14366,10 @@ index b154de7..aadebd8 100644 * atomic64_read - read atomic64 variable * @v: pointer to type atomic64_t * -@@ -125,6 +174,19 @@ static inline long long atomic64_read(const atomic64_t *v) - } - - /** -+ * atomic64_read_unchecked - read atomic64 variable -+ * @v: pointer to type atomic64_unchecked_t -+ * -+ * Atomically reads the value of @v and returns it. -+ */ -+static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v) + * Atomically reads the value of @v and returns it. + */ +-static inline long long atomic64_read(const atomic64_t *v) ++static inline long long __intentional_overflow(-1) atomic64_read(const atomic64_t *v) +{ + long long r; + alternative_atomic64(read, "=&A" (r), "c" (v) : "memory"); @@ -14319,9 +14377,15 @@ index b154de7..aadebd8 100644 + } + +/** - * atomic64_add_return - add and return - * @i: integer value to add - * @v: pointer to type atomic64_t ++ * atomic64_read_unchecked - read atomic64 variable ++ * @v: pointer to type atomic64_unchecked_t ++ * ++ * Atomically reads the value of @v and returns it. ++ */ ++static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v) + { + long long r; + alternative_atomic64(read, "=&A" (r), "c" (v) : "memory"); @@ -139,6 +201,21 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v) return i; } @@ -14382,12 +14446,15 @@ index b154de7..aadebd8 100644 * @i: integer value to subtract * @v: pointer to type atomic64_t diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h -index 0e1cbfc..5623683 100644 +index 0e1cbfc..adf5aa7 100644 --- a/arch/x86/include/asm/atomic64_64.h +++ b/arch/x86/include/asm/atomic64_64.h -@@ -18,7 +18,19 @@ +@@ -16,9 +16,21 @@ + * Atomically reads the value of @v. + * Doesn't imply a read memory barrier. */ - static inline long atomic64_read(const atomic64_t *v) +-static inline long atomic64_read(const atomic64_t *v) ++static inline long __intentional_overflow(-1) atomic64_read(const atomic64_t *v) { - return (*(volatile long *)&(v)->counter); + return (*(volatile const long *)&(v)->counter); @@ -23385,7 +23452,7 @@ index a979b5b..1d6db75 100644 .callback = dmi_io_delay_0xed_port, .ident = "Compaq Presario V6000", diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c -index 4ddaf66..6292f4e 100644 +index 4ddaf66..49d5c18 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -6,6 +6,7 @@ @@ -23396,19 +23463,19 @@ index 4ddaf66..6292f4e 100644 #include <linux/errno.h> #include <linux/types.h> #include <linux/ioport.h> -@@ -28,6 +29,12 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) - - if ((from + num <= from) || (from + num > IO_BITMAP_BITS)) +@@ -30,6 +31,12 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) return -EINVAL; + if (turn_on && !capable(CAP_SYS_RAWIO)) + return -EPERM; +#ifdef CONFIG_GRKERNSEC_IO + if (turn_on && grsec_disable_privio) { + gr_handle_ioperm(); -+ return -EPERM; ++ return -ENODEV; + } +#endif - if (turn_on && !capable(CAP_SYS_RAWIO)) - return -EPERM; + /* + * If it's the first ioperm() call in this thread's lifetime, set the @@ -54,7 +61,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on) * because the ->io_bitmap_max value must match the bitmap * contents: @@ -23418,19 +23485,19 @@ index 4ddaf66..6292f4e 100644 if (turn_on) bitmap_clear(t->io_bitmap_ptr, from, num); -@@ -103,6 +110,12 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) - return -EINVAL; - /* Trying to gain more privileges? */ +@@ -105,6 +112,12 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) if (level > old) { + if (!capable(CAP_SYS_RAWIO)) + return -EPERM; +#ifdef CONFIG_GRKERNSEC_IO + if (grsec_disable_privio) { + gr_handle_iopl(); -+ return -EPERM; ++ return -ENODEV; + } +#endif - if (!capable(CAP_SYS_RAWIO)) - return -EPERM; } + regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); + t->iopl = level << 12; diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c index 22d0687..e07b2a5 100644 --- a/arch/x86/kernel/irq.c @@ -61557,10 +61624,10 @@ index 2b8952d..a60c6be 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..6d22fbe +index 0000000..a78d810 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1112 @@ +@@ -0,0 +1,1107 @@ +# +# grecurity configuration +# @@ -61574,21 +61641,15 @@ index 0000000..6d22fbe + help + If you say Y here, /dev/kmem and /dev/mem won't be allowed to + be written to or read from to modify or leak the contents of the running -+ kernel. /dev/port will also not be allowed to be opened and support -+ for /dev/cpu/*/msr will be removed. If you have module -+ support disabled, enabling this will close up five ways that are -+ currently used to insert malicious code into the running kernel. ++ kernel. /dev/port will also not be allowed to be opened, and support ++ for /dev/cpu/*/msr and kexec will be removed. If you have module ++ support disabled, enabling this will close up six ways that are ++ currently used to insert malicious code into the running kernel. + -+ Even with all these features enabled, we still highly recommend that ++ Even with this feature enabled, we still highly recommend that + you use the RBAC system, as it is still possible for an attacker to -+ modify the running kernel through privileged I/O granted by ioperm/iopl. -+ -+ If you are not using XFree86, you may be able to stop this additional -+ case by enabling the 'Disable privileged I/O' option. Though nothing -+ legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem, -+ but only to video memory, which is the only writing we allow in this -+ case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will -+ not be allowed to mprotect it with PROT_WRITE later. ++ modify the running kernel through other more obscure methods. ++ + Enabling this feature will prevent the "cpupower" and "powertop" tools + from working. + @@ -61624,10 +61685,11 @@ index 0000000..6d22fbe + the most notable of which are XFree86 and hwclock. hwclock can be + remedied by having RTC support in the kernel, so real-time + clock support is enabled if this option is enabled, to ensure -+ that hwclock operates correctly. XFree86 still will not -+ operate correctly with this option enabled, so DO NOT CHOOSE Y -+ IF YOU USE XFree86. If you use XFree86 and you still want to -+ protect your kernel against modification, use the RBAC system. ++ that hwclock operates correctly. ++ ++ If you're using XFree86 or a version of Xorg from 2012 or earlier, ++ you may not be able to boot into a graphical environment with this ++ option enabled. In this case, you should use the RBAC system instead. + +config GRKERNSEC_JIT_HARDEN + bool "Harden BPF JIT against spray attacks" @@ -80032,7 +80094,7 @@ index a67ef9d..2d17ed9 100644 #ifdef CONFIG_BLK_DEV_RAM int fd; diff --git a/init/main.c b/init/main.c -index 63d3e8f..291fa8a 100644 +index 63d3e8f..50bd5f8 100644 --- a/init/main.c +++ b/init/main.c @@ -103,6 +103,8 @@ static inline void mark_rodata_ro(void) { } @@ -80044,7 +80106,7 @@ index 63d3e8f..291fa8a 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -156,6 +158,74 @@ static int __init set_reset_devices(char *str) +@@ -156,6 +158,75 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -80088,6 +80150,7 @@ index 63d3e8f..291fa8a 100644 + clone_pgd_mask = ~(pgdval_t)0UL; + pax_user_shadow_base = 0UL; + setup_clear_cpu_cap(X86_FEATURE_PCID); ++ setup_clear_cpu_cap(X86_FEATURE_INVPCID); +#endif + + return 0; @@ -80119,7 +80182,7 @@ index 63d3e8f..291fa8a 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -682,25 +752,24 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -682,25 +753,24 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -80150,7 +80213,7 @@ index 63d3e8f..291fa8a 100644 return ret; } -@@ -807,10 +876,14 @@ static int run_init_process(const char *init_filename) +@@ -807,10 +877,14 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(init_filename, @@ -80167,7 +80230,7 @@ index 63d3e8f..291fa8a 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -831,6 +904,11 @@ static int __ref kernel_init(void *unused) +@@ -831,6 +905,11 @@ static int __ref kernel_init(void *unused) pr_err("Failed to execute %s\n", ramdisk_execute_command); } @@ -80179,7 +80242,7 @@ index 63d3e8f..291fa8a 100644 /* * We try each of these until one succeeds. * -@@ -885,7 +963,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -885,7 +964,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -80188,7 +80251,7 @@ index 63d3e8f..291fa8a 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -898,11 +976,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -898,11 +977,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -84241,7 +84304,7 @@ index 5f97eab..db8f687 100644 unsigned long jiffies_force_qs; /* Time at which to invoke */ /* force_quiescent_state(). */ diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index 130c97b..da2e5fc 100644 +index 130c97b..33c0d3d 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h @@ -900,7 +900,7 @@ void synchronize_rcu_expedited(void) @@ -84316,9 +84379,12 @@ index 130c97b..da2e5fc 100644 } } -@@ -2425,9 +2425,9 @@ static void rcu_sysidle_enter(struct rcu_dynticks *rdtp, int irq) +@@ -2423,11 +2423,11 @@ static void rcu_sysidle_enter(struct rcu_dynticks *rdtp, int irq) + + /* Record start of fully idle period. */ j = jiffies; - ACCESS_ONCE(rdtp->dynticks_idle_jiffies) = j; +- ACCESS_ONCE(rdtp->dynticks_idle_jiffies) = j; ++ ACCESS_ONCE_RW(rdtp->dynticks_idle_jiffies) = j; smp_mb__before_atomic_inc(); - atomic_inc(&rdtp->dynticks_idle); + atomic_inc_unchecked(&rdtp->dynticks_idle); @@ -84349,6 +84415,33 @@ index 130c97b..da2e5fc 100644 if (cur & 0x1) { *isidle = false; /* We are not idle! */ return; +@@ -2598,7 +2598,7 @@ static void rcu_sysidle(unsigned long j) + case RCU_SYSIDLE_NOT: + + /* First time all are idle, so note a short idle period. */ +- ACCESS_ONCE(full_sysidle_state) = RCU_SYSIDLE_SHORT; ++ ACCESS_ONCE_RW(full_sysidle_state) = RCU_SYSIDLE_SHORT; + break; + + case RCU_SYSIDLE_SHORT: +@@ -2635,7 +2635,7 @@ static void rcu_sysidle(unsigned long j) + static void rcu_sysidle_cancel(void) + { + smp_mb(); +- ACCESS_ONCE(full_sysidle_state) = RCU_SYSIDLE_NOT; ++ ACCESS_ONCE_RW(full_sysidle_state) = RCU_SYSIDLE_NOT; + } + + /* +@@ -2683,7 +2683,7 @@ static void rcu_sysidle_cb(struct rcu_head *rhp) + smp_mb(); /* grace period precedes setting inuse. */ + + rshp = container_of(rhp, struct rcu_sysidle_head, rh); +- ACCESS_ONCE(rshp->inuse) = 0; ++ ACCESS_ONCE_RW(rshp->inuse) = 0; + } + + /* diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c index cf6c174..a8f4b50 100644 --- a/kernel/rcutree_trace.c diff --git a/3.12.2/4450_grsec-kconfig-default-gids.patch b/3.12.2/4450_grsec-kconfig-default-gids.patch index b50114e..aa9d567 100644 --- a/3.12.2/4450_grsec-kconfig-default-gids.patch +++ b/3.12.2/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -626,7 +626,7 @@ +@@ -621,7 +621,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -853,7 +853,7 @@ +@@ -848,7 +848,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -862,7 +862,7 @@ +@@ -857,7 +857,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -955,7 +955,7 @@ +@@ -950,7 +950,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -976,7 +976,7 @@ +@@ -971,7 +971,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -994,7 +994,7 @@ +@@ -989,7 +989,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch index b26c0b4..6490fca 100644 --- a/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.12.2/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1089,6 +1089,27 @@ +@@ -1084,6 +1084,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.12.2/4470_disable-compat_vdso.patch b/3.12.2/4470_disable-compat_vdso.patch index a9b2b0f..209dfae 100644 --- a/3.12.2/4470_disable-compat_vdso.patch +++ b/3.12.2/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1817,17 +1817,8 @@ +@@ -1818,17 +1818,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.2.53/0000_README b/3.2.53/0000_README index 8426af2..9af2616 100644 --- a/3.2.53/0000_README +++ b/3.2.53/0000_README @@ -130,7 +130,7 @@ Patch: 1052_linux-3.2.53.patch From: http://www.kernel.org Desc: Linux 3.2.53 -Patch: 4420_grsecurity-3.0-3.2.53-201312011108.patch +Patch: 4420_grsecurity-3.0-3.2.53-201312021727.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch b/3.2.53/4420_grsecurity-3.0-3.2.53-201312021727.patch index 15444aa..0b81548 100644 --- a/3.2.53/4420_grsecurity-3.0-3.2.53-201312011108.patch +++ b/3.2.53/4420_grsecurity-3.0-3.2.53-201312021727.patch @@ -11516,7 +11516,7 @@ index 58cb6d4..a4b806c 100644 /* Atomic operations are already serializing on x86 */ #define smp_mb__before_atomic_dec() barrier() diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h -index 24098aa..1e37723 100644 +index 24098aa..820ea9d 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -12,6 +12,14 @@ typedef struct { @@ -11556,7 +11556,7 @@ index 24098aa..1e37723 100644 * atomic64_xchg - xchg atomic64 variable * @v: pointer to type atomic64_t * @n: value to assign -@@ -77,6 +100,24 @@ static inline void atomic64_set(atomic64_t *v, long long i) +@@ -77,12 +100,30 @@ static inline void atomic64_set(atomic64_t *v, long long i) } /** @@ -11581,6 +11581,13 @@ index 24098aa..1e37723 100644 * atomic64_read - read atomic64 variable * @v: pointer to type atomic64_t * + * Atomically reads the value of @v and returns it. + */ +-static inline long long atomic64_read(atomic64_t *v) ++static inline long long __intentional_overflow(-1) atomic64_read(atomic64_t *v) + { + long long r; + asm volatile(ATOMIC64_ALTERNATIVE(read) @@ -93,6 +134,22 @@ static inline long long atomic64_read(atomic64_t *v) } @@ -11669,12 +11676,15 @@ index 24098aa..1e37723 100644 * @i: integer value to subtract * @v: pointer to type atomic64_t diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h -index 0e1cbfc..5623683 100644 +index 0e1cbfc..adf5aa7 100644 --- a/arch/x86/include/asm/atomic64_64.h +++ b/arch/x86/include/asm/atomic64_64.h -@@ -18,7 +18,19 @@ +@@ -16,9 +16,21 @@ + * Atomically reads the value of @v. + * Doesn't imply a read memory barrier. */ - static inline long atomic64_read(const atomic64_t *v) +-static inline long atomic64_read(const atomic64_t *v) ++static inline long __intentional_overflow(-1) atomic64_read(const atomic64_t *v) { - return (*(volatile long *)&(v)->counter); + return (*(volatile const long *)&(v)->counter); |