diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2017-04-22 12:08:04 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2017-04-22 12:08:04 -0400 |
commit | a6383ddcf48aac166b64e6008cbceb4476975279 (patch) | |
tree | 378807c872bdda51eaeff69ff7752e95142c8710 | |
parent | grsecurity-3.1-4.9.23-201704181901 (diff) | |
download | hardened-patchset-master.tar.gz hardened-patchset-master.tar.bz2 hardened-patchset-master.zip |
-rw-r--r-- | 4.9.23/1022_linux-4.9.23.patch | 1236 | ||||
-rw-r--r-- | 4.9.24/0000_README (renamed from 4.9.23/0000_README) | 6 | ||||
-rw-r--r-- | 4.9.24/1023_linux-4.9.24.patch | 3261 | ||||
-rw-r--r-- | 4.9.24/4420_grsecurity-3.1-4.9.24-201704220732.patch (renamed from 4.9.23/4420_grsecurity-3.1-4.9.23-201704181901.patch) | 492 | ||||
-rw-r--r-- | 4.9.24/4425_grsec_remove_EI_PAX.patch (renamed from 4.9.23/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4426_default_XATTR_PAX_FLAGS.patch (renamed from 4.9.23/4426_default_XATTR_PAX_FLAGS.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.9.23/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4430_grsec-remove-localversion-grsec.patch (renamed from 4.9.23/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4435_grsec-mute-warnings.patch (renamed from 4.9.23/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4440_grsec-remove-protected-paths.patch (renamed from 4.9.23/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4450_grsec-kconfig-default-gids.patch (renamed from 4.9.23/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.9.23/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4470_disable-compat_vdso.patch (renamed from 4.9.23/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 4.9.24/4475_emutramp_default_on.patch (renamed from 4.9.23/4475_emutramp_default_on.patch) | 0 |
14 files changed, 3536 insertions, 1459 deletions
diff --git a/4.9.23/1022_linux-4.9.23.patch b/4.9.23/1022_linux-4.9.23.patch deleted file mode 100644 index c547029..0000000 --- a/4.9.23/1022_linux-4.9.23.patch +++ /dev/null @@ -1,1236 +0,0 @@ -diff --git a/Makefile b/Makefile -index 4bf4648..0de7597 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 4 - PATCHLEVEL = 9 --SUBLEVEL = 22 -+SUBLEVEL = 23 - EXTRAVERSION = - NAME = Roaring Lionus - -diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig -index 9a6e11b6..5a4f2eb 100644 ---- a/arch/mips/Kconfig -+++ b/arch/mips/Kconfig -@@ -9,6 +9,7 @@ config MIPS - select HAVE_CONTEXT_TRACKING - select HAVE_GENERIC_DMA_COHERENT - select HAVE_IDE -+ select HAVE_IRQ_EXIT_ON_IRQ_STACK - select HAVE_OPROFILE - select HAVE_PERF_EVENTS - select PERF_USE_VMALLOC -diff --git a/arch/mips/include/asm/irq.h b/arch/mips/include/asm/irq.h -index 6bf10e7..956db6e 100644 ---- a/arch/mips/include/asm/irq.h -+++ b/arch/mips/include/asm/irq.h -@@ -17,6 +17,18 @@ - - #include <irq.h> - -+#define IRQ_STACK_SIZE THREAD_SIZE -+ -+extern void *irq_stack[NR_CPUS]; -+ -+static inline bool on_irq_stack(int cpu, unsigned long sp) -+{ -+ unsigned long low = (unsigned long)irq_stack[cpu]; -+ unsigned long high = low + IRQ_STACK_SIZE; -+ -+ return (low <= sp && sp <= high); -+} -+ - #ifdef CONFIG_I8259 - static inline int irq_canonicalize(int irq) - { -diff --git a/arch/mips/include/asm/stackframe.h b/arch/mips/include/asm/stackframe.h -index eebf395..2f182bd 100644 ---- a/arch/mips/include/asm/stackframe.h -+++ b/arch/mips/include/asm/stackframe.h -@@ -216,12 +216,19 @@ - LONG_S $25, PT_R25(sp) - LONG_S $28, PT_R28(sp) - LONG_S $31, PT_R31(sp) -+ -+ /* Set thread_info if we're coming from user mode */ -+ mfc0 k0, CP0_STATUS -+ sll k0, 3 /* extract cu0 bit */ -+ bltz k0, 9f -+ - ori $28, sp, _THREAD_MASK - xori $28, _THREAD_MASK - #ifdef CONFIG_CPU_CAVIUM_OCTEON - .set mips64 - pref 0, 0($28) /* Prefetch the current pointer */ - #endif -+9: - .set pop - .endm - -diff --git a/arch/mips/kernel/asm-offsets.c b/arch/mips/kernel/asm-offsets.c -index fae2f94..4be2763 100644 ---- a/arch/mips/kernel/asm-offsets.c -+++ b/arch/mips/kernel/asm-offsets.c -@@ -102,6 +102,7 @@ void output_thread_info_defines(void) - OFFSET(TI_REGS, thread_info, regs); - DEFINE(_THREAD_SIZE, THREAD_SIZE); - DEFINE(_THREAD_MASK, THREAD_MASK); -+ DEFINE(_IRQ_STACK_SIZE, IRQ_STACK_SIZE); - BLANK(); - } - -diff --git a/arch/mips/kernel/genex.S b/arch/mips/kernel/genex.S -index 52a4fdf..2ac6c26 100644 ---- a/arch/mips/kernel/genex.S -+++ b/arch/mips/kernel/genex.S -@@ -187,9 +187,44 @@ NESTED(handle_int, PT_SIZE, sp) - - LONG_L s0, TI_REGS($28) - LONG_S sp, TI_REGS($28) -- PTR_LA ra, ret_from_irq -- PTR_LA v0, plat_irq_dispatch -- jr v0 -+ -+ /* -+ * SAVE_ALL ensures we are using a valid kernel stack for the thread. -+ * Check if we are already using the IRQ stack. -+ */ -+ move s1, sp # Preserve the sp -+ -+ /* Get IRQ stack for this CPU */ -+ ASM_CPUID_MFC0 k0, ASM_SMP_CPUID_REG -+#if defined(CONFIG_32BIT) || defined(KBUILD_64BIT_SYM32) -+ lui k1, %hi(irq_stack) -+#else -+ lui k1, %highest(irq_stack) -+ daddiu k1, %higher(irq_stack) -+ dsll k1, 16 -+ daddiu k1, %hi(irq_stack) -+ dsll k1, 16 -+#endif -+ LONG_SRL k0, SMP_CPUID_PTRSHIFT -+ LONG_ADDU k1, k0 -+ LONG_L t0, %lo(irq_stack)(k1) -+ -+ # Check if already on IRQ stack -+ PTR_LI t1, ~(_THREAD_SIZE-1) -+ and t1, t1, sp -+ beq t0, t1, 2f -+ -+ /* Switch to IRQ stack */ -+ li t1, _IRQ_STACK_SIZE -+ PTR_ADD sp, t0, t1 -+ -+2: -+ jal plat_irq_dispatch -+ -+ /* Restore sp */ -+ move sp, s1 -+ -+ j ret_from_irq - #ifdef CONFIG_CPU_MICROMIPS - nop - #endif -@@ -262,8 +297,44 @@ NESTED(except_vec_vi_handler, 0, sp) - - LONG_L s0, TI_REGS($28) - LONG_S sp, TI_REGS($28) -- PTR_LA ra, ret_from_irq -- jr v0 -+ -+ /* -+ * SAVE_ALL ensures we are using a valid kernel stack for the thread. -+ * Check if we are already using the IRQ stack. -+ */ -+ move s1, sp # Preserve the sp -+ -+ /* Get IRQ stack for this CPU */ -+ ASM_CPUID_MFC0 k0, ASM_SMP_CPUID_REG -+#if defined(CONFIG_32BIT) || defined(KBUILD_64BIT_SYM32) -+ lui k1, %hi(irq_stack) -+#else -+ lui k1, %highest(irq_stack) -+ daddiu k1, %higher(irq_stack) -+ dsll k1, 16 -+ daddiu k1, %hi(irq_stack) -+ dsll k1, 16 -+#endif -+ LONG_SRL k0, SMP_CPUID_PTRSHIFT -+ LONG_ADDU k1, k0 -+ LONG_L t0, %lo(irq_stack)(k1) -+ -+ # Check if already on IRQ stack -+ PTR_LI t1, ~(_THREAD_SIZE-1) -+ and t1, t1, sp -+ beq t0, t1, 2f -+ -+ /* Switch to IRQ stack */ -+ li t1, _IRQ_STACK_SIZE -+ PTR_ADD sp, t0, t1 -+ -+2: -+ jalr v0 -+ -+ /* Restore sp */ -+ move sp, s1 -+ -+ j ret_from_irq - END(except_vec_vi_handler) - - /* -diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c -index f25f7ea..2b0a371 100644 ---- a/arch/mips/kernel/irq.c -+++ b/arch/mips/kernel/irq.c -@@ -25,6 +25,8 @@ - #include <linux/atomic.h> - #include <asm/uaccess.h> - -+void *irq_stack[NR_CPUS]; -+ - /* - * 'what should we do if we get a hw irq event on an illegal vector'. - * each architecture has to answer this themselves. -@@ -58,6 +60,15 @@ void __init init_IRQ(void) - clear_c0_status(ST0_IM); - - arch_init_irq(); -+ -+ for_each_possible_cpu(i) { -+ int irq_pages = IRQ_STACK_SIZE / PAGE_SIZE; -+ void *s = (void *)__get_free_pages(GFP_KERNEL, irq_pages); -+ -+ irq_stack[i] = s; -+ pr_debug("CPU%d IRQ stack at 0x%p - 0x%p\n", i, -+ irq_stack[i], irq_stack[i] + IRQ_STACK_SIZE); -+ } - } - - #ifdef CONFIG_DEBUG_STACKOVERFLOW -diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index 1652f36..fbbf5fc 100644 ---- a/arch/mips/kernel/process.c -+++ b/arch/mips/kernel/process.c -@@ -33,6 +33,7 @@ - #include <asm/dsemul.h> - #include <asm/dsp.h> - #include <asm/fpu.h> -+#include <asm/irq.h> - #include <asm/msa.h> - #include <asm/pgtable.h> - #include <asm/mipsregs.h> -@@ -556,7 +557,19 @@ EXPORT_SYMBOL(unwind_stack_by_address); - unsigned long unwind_stack(struct task_struct *task, unsigned long *sp, - unsigned long pc, unsigned long *ra) - { -- unsigned long stack_page = (unsigned long)task_stack_page(task); -+ unsigned long stack_page = 0; -+ int cpu; -+ -+ for_each_possible_cpu(cpu) { -+ if (on_irq_stack(cpu, *sp)) { -+ stack_page = (unsigned long)irq_stack[cpu]; -+ break; -+ } -+ } -+ -+ if (!stack_page) -+ stack_page = (unsigned long)task_stack_page(task); -+ - return unwind_stack_by_address(stack_page, sp, pc, ra); - } - #endif -diff --git a/block/blk-mq.c b/block/blk-mq.c -index ee54ad0..7b597ec 100644 ---- a/block/blk-mq.c -+++ b/block/blk-mq.c -@@ -1474,7 +1474,7 @@ static struct blk_mq_tags *blk_mq_init_rq_map(struct blk_mq_tag_set *set, - INIT_LIST_HEAD(&tags->page_list); - - tags->rqs = kzalloc_node(set->queue_depth * sizeof(struct request *), -- GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY, -+ GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY, - set->numa_node); - if (!tags->rqs) { - blk_mq_free_tags(tags); -@@ -1500,7 +1500,7 @@ static struct blk_mq_tags *blk_mq_init_rq_map(struct blk_mq_tag_set *set, - - do { - page = alloc_pages_node(set->numa_node, -- GFP_KERNEL | __GFP_NOWARN | __GFP_NORETRY | __GFP_ZERO, -+ GFP_NOIO | __GFP_NOWARN | __GFP_NORETRY | __GFP_ZERO, - this_order); - if (page) - break; -@@ -1521,7 +1521,7 @@ static struct blk_mq_tags *blk_mq_init_rq_map(struct blk_mq_tag_set *set, - * Allow kmemleak to scan these pages as they contain pointers - * to additional allocations like via ops->init_request(). - */ -- kmemleak_alloc(p, order_to_size(this_order), 1, GFP_KERNEL); -+ kmemleak_alloc(p, order_to_size(this_order), 1, GFP_NOIO); - entries_per_page = order_to_size(this_order) / rq_size; - to_do = min(entries_per_page, set->queue_depth - i); - left -= to_do * rq_size; -diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c -index 851015e..354a16a 100644 ---- a/drivers/crypto/caam/caampkc.c -+++ b/drivers/crypto/caam/caampkc.c -@@ -506,7 +506,7 @@ static int caam_rsa_init_tfm(struct crypto_akcipher *tfm) - ctx->dev = caam_jr_alloc(); - - if (IS_ERR(ctx->dev)) { -- dev_err(ctx->dev, "Job Ring Device allocation for transform failed\n"); -+ pr_err("Job Ring Device allocation for transform failed\n"); - return PTR_ERR(ctx->dev); - } - -diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c -index e483b78..98468b9 100644 ---- a/drivers/crypto/caam/ctrl.c -+++ b/drivers/crypto/caam/ctrl.c -@@ -282,7 +282,8 @@ static int deinstantiate_rng(struct device *ctrldev, int state_handle_mask) - /* Try to run it through DECO0 */ - ret = run_descriptor_deco0(ctrldev, desc, &status); - -- if (ret || status) { -+ if (ret || -+ (status && status != JRSTA_SSRC_JUMP_HALT_CC)) { - dev_err(ctrldev, - "Failed to deinstantiate RNG4 SH%d\n", - sh_idx); -diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c -index cf04d24..6b54e02 100644 ---- a/drivers/dma-buf/dma-buf.c -+++ b/drivers/dma-buf/dma-buf.c -@@ -303,6 +303,9 @@ static const struct file_operations dma_buf_fops = { - .llseek = dma_buf_llseek, - .poll = dma_buf_poll, - .unlocked_ioctl = dma_buf_ioctl, -+#ifdef CONFIG_COMPAT -+ .compat_ioctl = dma_buf_ioctl, -+#endif - }; - - /* -diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c -index 670beeb..923150d 100644 ---- a/drivers/gpu/drm/i915/i915_drv.c -+++ b/drivers/gpu/drm/i915/i915_drv.c -@@ -240,6 +240,7 @@ static int i915_getparam(struct drm_device *dev, void *data, - case I915_PARAM_IRQ_ACTIVE: - case I915_PARAM_ALLOW_BATCHBUFFER: - case I915_PARAM_LAST_DISPATCH: -+ case I915_PARAM_HAS_EXEC_CONSTANTS: - /* Reject all old ums/dri params. */ - return -ENODEV; - case I915_PARAM_CHIPSET_ID: -@@ -266,9 +267,6 @@ static int i915_getparam(struct drm_device *dev, void *data, - case I915_PARAM_HAS_BSD2: - value = intel_engine_initialized(&dev_priv->engine[VCS2]); - break; -- case I915_PARAM_HAS_EXEC_CONSTANTS: -- value = INTEL_GEN(dev_priv) >= 4; -- break; - case I915_PARAM_HAS_LLC: - value = HAS_LLC(dev_priv); - break; -diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index da832d3..e0d7245 100644 ---- a/drivers/gpu/drm/i915/i915_drv.h -+++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -1225,7 +1225,7 @@ struct intel_gen6_power_mgmt { - unsigned boosts; - - /* manual wa residency calculations */ -- struct intel_rps_ei up_ei, down_ei; -+ struct intel_rps_ei ei; - - /* - * Protects RPS/RC6 register access and PCU communication. -@@ -1751,8 +1751,6 @@ struct drm_i915_private { - - const struct intel_device_info info; - -- int relative_constants_mode; -- - void __iomem *regs; - - struct intel_uncore uncore; -diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c -index 00eb481..7b203092 100644 ---- a/drivers/gpu/drm/i915/i915_gem.c -+++ b/drivers/gpu/drm/i915/i915_gem.c -@@ -4587,8 +4587,6 @@ i915_gem_load_init(struct drm_device *dev) - init_waitqueue_head(&dev_priv->gpu_error.wait_queue); - init_waitqueue_head(&dev_priv->gpu_error.reset_queue); - -- dev_priv->relative_constants_mode = I915_EXEC_CONSTANTS_REL_GENERAL; -- - init_waitqueue_head(&dev_priv->pending_flip_queue); - - dev_priv->mm.interruptible = true; -diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 0c400f8..2117f17 100644 ---- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c -+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -1454,10 +1454,7 @@ execbuf_submit(struct i915_execbuffer_params *params, - struct drm_i915_gem_execbuffer2 *args, - struct list_head *vmas) - { -- struct drm_i915_private *dev_priv = params->request->i915; - u64 exec_start, exec_len; -- int instp_mode; -- u32 instp_mask; - int ret; - - ret = i915_gem_execbuffer_move_to_gpu(params->request, vmas); -@@ -1468,56 +1465,11 @@ execbuf_submit(struct i915_execbuffer_params *params, - if (ret) - return ret; - -- instp_mode = args->flags & I915_EXEC_CONSTANTS_MASK; -- instp_mask = I915_EXEC_CONSTANTS_MASK; -- switch (instp_mode) { -- case I915_EXEC_CONSTANTS_REL_GENERAL: -- case I915_EXEC_CONSTANTS_ABSOLUTE: -- case I915_EXEC_CONSTANTS_REL_SURFACE: -- if (instp_mode != 0 && params->engine->id != RCS) { -- DRM_DEBUG("non-0 rel constants mode on non-RCS\n"); -- return -EINVAL; -- } -- -- if (instp_mode != dev_priv->relative_constants_mode) { -- if (INTEL_INFO(dev_priv)->gen < 4) { -- DRM_DEBUG("no rel constants on pre-gen4\n"); -- return -EINVAL; -- } -- -- if (INTEL_INFO(dev_priv)->gen > 5 && -- instp_mode == I915_EXEC_CONSTANTS_REL_SURFACE) { -- DRM_DEBUG("rel surface constants mode invalid on gen5+\n"); -- return -EINVAL; -- } -- -- /* The HW changed the meaning on this bit on gen6 */ -- if (INTEL_INFO(dev_priv)->gen >= 6) -- instp_mask &= ~I915_EXEC_CONSTANTS_REL_SURFACE; -- } -- break; -- default: -- DRM_DEBUG("execbuf with unknown constants: %d\n", instp_mode); -+ if (args->flags & I915_EXEC_CONSTANTS_MASK) { -+ DRM_DEBUG("I915_EXEC_CONSTANTS_* unsupported\n"); - return -EINVAL; - } - -- if (params->engine->id == RCS && -- instp_mode != dev_priv->relative_constants_mode) { -- struct intel_ring *ring = params->request->ring; -- -- ret = intel_ring_begin(params->request, 4); -- if (ret) -- return ret; -- -- intel_ring_emit(ring, MI_NOOP); -- intel_ring_emit(ring, MI_LOAD_REGISTER_IMM(1)); -- intel_ring_emit_reg(ring, INSTPM); -- intel_ring_emit(ring, instp_mask << 16 | instp_mode); -- intel_ring_advance(ring); -- -- dev_priv->relative_constants_mode = instp_mode; -- } -- - if (args->flags & I915_EXEC_GEN7_SOL_RESET) { - ret = i915_reset_gen7_sol_offsets(params->request); - if (ret) -diff --git a/drivers/gpu/drm/i915/i915_gem_shrinker.c b/drivers/gpu/drm/i915/i915_gem_shrinker.c -index 1c237d0..755d788 100644 ---- a/drivers/gpu/drm/i915/i915_gem_shrinker.c -+++ b/drivers/gpu/drm/i915/i915_gem_shrinker.c -@@ -233,7 +233,7 @@ unsigned long i915_gem_shrink_all(struct drm_i915_private *dev_priv) - I915_SHRINK_BOUND | - I915_SHRINK_UNBOUND | - I915_SHRINK_ACTIVE); -- rcu_barrier(); /* wait until our RCU delayed slab frees are completed */ -+ synchronize_rcu(); /* wait for our earlier RCU delayed slab frees */ - - return freed; - } -diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 3fc286c..02908e3 100644 ---- a/drivers/gpu/drm/i915/i915_irq.c -+++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -990,68 +990,51 @@ static void vlv_c0_read(struct drm_i915_private *dev_priv, - ei->media_c0 = I915_READ(VLV_MEDIA_C0_COUNT); - } - --static bool vlv_c0_above(struct drm_i915_private *dev_priv, -- const struct intel_rps_ei *old, -- const struct intel_rps_ei *now, -- int threshold) --{ -- u64 time, c0; -- unsigned int mul = 100; -- -- if (old->cz_clock == 0) -- return false; -- -- if (I915_READ(VLV_COUNTER_CONTROL) & VLV_COUNT_RANGE_HIGH) -- mul <<= 8; -- -- time = now->cz_clock - old->cz_clock; -- time *= threshold * dev_priv->czclk_freq; -- -- /* Workload can be split between render + media, e.g. SwapBuffers -- * being blitted in X after being rendered in mesa. To account for -- * this we need to combine both engines into our activity counter. -- */ -- c0 = now->render_c0 - old->render_c0; -- c0 += now->media_c0 - old->media_c0; -- c0 *= mul * VLV_CZ_CLOCK_TO_MILLI_SEC; -- -- return c0 >= time; --} -- - void gen6_rps_reset_ei(struct drm_i915_private *dev_priv) - { -- vlv_c0_read(dev_priv, &dev_priv->rps.down_ei); -- dev_priv->rps.up_ei = dev_priv->rps.down_ei; -+ memset(&dev_priv->rps.ei, 0, sizeof(dev_priv->rps.ei)); - } - - static u32 vlv_wa_c0_ei(struct drm_i915_private *dev_priv, u32 pm_iir) - { -+ const struct intel_rps_ei *prev = &dev_priv->rps.ei; - struct intel_rps_ei now; - u32 events = 0; - -- if ((pm_iir & (GEN6_PM_RP_DOWN_EI_EXPIRED | GEN6_PM_RP_UP_EI_EXPIRED)) == 0) -+ if ((pm_iir & GEN6_PM_RP_UP_EI_EXPIRED) == 0) - return 0; - - vlv_c0_read(dev_priv, &now); - if (now.cz_clock == 0) - return 0; - -- if (pm_iir & GEN6_PM_RP_DOWN_EI_EXPIRED) { -- if (!vlv_c0_above(dev_priv, -- &dev_priv->rps.down_ei, &now, -- dev_priv->rps.down_threshold)) -- events |= GEN6_PM_RP_DOWN_THRESHOLD; -- dev_priv->rps.down_ei = now; -- } -+ if (prev->cz_clock) { -+ u64 time, c0; -+ unsigned int mul; -+ -+ mul = VLV_CZ_CLOCK_TO_MILLI_SEC * 100; /* scale to threshold% */ -+ if (I915_READ(VLV_COUNTER_CONTROL) & VLV_COUNT_RANGE_HIGH) -+ mul <<= 8; - -- if (pm_iir & GEN6_PM_RP_UP_EI_EXPIRED) { -- if (vlv_c0_above(dev_priv, -- &dev_priv->rps.up_ei, &now, -- dev_priv->rps.up_threshold)) -- events |= GEN6_PM_RP_UP_THRESHOLD; -- dev_priv->rps.up_ei = now; -+ time = now.cz_clock - prev->cz_clock; -+ time *= dev_priv->czclk_freq; -+ -+ /* Workload can be split between render + media, -+ * e.g. SwapBuffers being blitted in X after being rendered in -+ * mesa. To account for this we need to combine both engines -+ * into our activity counter. -+ */ -+ c0 = now.render_c0 - prev->render_c0; -+ c0 += now.media_c0 - prev->media_c0; -+ c0 *= mul; -+ -+ if (c0 > time * dev_priv->rps.up_threshold) -+ events = GEN6_PM_RP_UP_THRESHOLD; -+ else if (c0 < time * dev_priv->rps.down_threshold) -+ events = GEN6_PM_RP_DOWN_THRESHOLD; - } - -+ dev_priv->rps.ei = now; - return events; - } - -@@ -4490,7 +4473,7 @@ void intel_irq_init(struct drm_i915_private *dev_priv) - /* Let's track the enabled rps events */ - if (IS_VALLEYVIEW(dev_priv)) - /* WaGsvRC0ResidencyMethod:vlv */ -- dev_priv->pm_rps_events = GEN6_PM_RP_DOWN_EI_EXPIRED | GEN6_PM_RP_UP_EI_EXPIRED; -+ dev_priv->pm_rps_events = GEN6_PM_RP_UP_EI_EXPIRED; - else - dev_priv->pm_rps_events = GEN6_PM_RPS_EVENTS; - -@@ -4531,6 +4514,16 @@ void intel_irq_init(struct drm_i915_private *dev_priv) - if (!IS_GEN2(dev_priv)) - dev->vblank_disable_immediate = true; - -+ /* Most platforms treat the display irq block as an always-on -+ * power domain. vlv/chv can disable it at runtime and need -+ * special care to avoid writing any of the display block registers -+ * outside of the power domain. We defer setting up the display irqs -+ * in this case to the runtime pm. -+ */ -+ dev_priv->display_irqs_enabled = true; -+ if (IS_VALLEYVIEW(dev_priv) || IS_CHERRYVIEW(dev_priv)) -+ dev_priv->display_irqs_enabled = false; -+ - dev->driver->get_vblank_timestamp = i915_get_vblank_timestamp; - dev->driver->get_scanout_position = i915_get_crtc_scanoutpos; - -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index b9be8a6..5dc6082 100644 ---- a/drivers/gpu/drm/i915/intel_display.c -+++ b/drivers/gpu/drm/i915/intel_display.c -@@ -3696,10 +3696,6 @@ static void intel_update_pipe_config(struct intel_crtc *crtc, - /* drm_atomic_helper_update_legacy_modeset_state might not be called. */ - crtc->base.mode = crtc->base.state->mode; - -- DRM_DEBUG_KMS("Updating pipe size %ix%i -> %ix%i\n", -- old_crtc_state->pipe_src_w, old_crtc_state->pipe_src_h, -- pipe_config->pipe_src_w, pipe_config->pipe_src_h); -- - /* - * Update pipe size and adjust fitter if needed: the reason for this is - * that in compute_mode_changes we check the native mode (not the pfit -@@ -4832,23 +4828,17 @@ static void skylake_pfit_enable(struct intel_crtc *crtc) - struct intel_crtc_scaler_state *scaler_state = - &crtc->config->scaler_state; - -- DRM_DEBUG_KMS("for crtc_state = %p\n", crtc->config); -- - if (crtc->config->pch_pfit.enabled) { - int id; - -- if (WARN_ON(crtc->config->scaler_state.scaler_id < 0)) { -- DRM_ERROR("Requesting pfit without getting a scaler first\n"); -+ if (WARN_ON(crtc->config->scaler_state.scaler_id < 0)) - return; -- } - - id = scaler_state->scaler_id; - I915_WRITE(SKL_PS_CTRL(pipe, id), PS_SCALER_EN | - PS_FILTER_MEDIUM | scaler_state->scalers[id].mode); - I915_WRITE(SKL_PS_WIN_POS(pipe, id), crtc->config->pch_pfit.pos); - I915_WRITE(SKL_PS_WIN_SZ(pipe, id), crtc->config->pch_pfit.size); -- -- DRM_DEBUG_KMS("for crtc_state = %p scaler_id = %d\n", crtc->config, id); - } - } - -diff --git a/drivers/gpu/drm/i915/intel_hotplug.c b/drivers/gpu/drm/i915/intel_hotplug.c -index 334d47b..db3afdf 100644 ---- a/drivers/gpu/drm/i915/intel_hotplug.c -+++ b/drivers/gpu/drm/i915/intel_hotplug.c -@@ -219,7 +219,7 @@ static void intel_hpd_irq_storm_reenable_work(struct work_struct *work) - } - } - } -- if (dev_priv->display.hpd_irq_setup) -+ if (dev_priv->display_irqs_enabled && dev_priv->display.hpd_irq_setup) - dev_priv->display.hpd_irq_setup(dev_priv); - spin_unlock_irq(&dev_priv->irq_lock); - -@@ -425,7 +425,7 @@ void intel_hpd_irq_handler(struct drm_i915_private *dev_priv, - } - } - -- if (storm_detected) -+ if (storm_detected && dev_priv->display_irqs_enabled) - dev_priv->display.hpd_irq_setup(dev_priv); - spin_unlock(&dev_priv->irq_lock); - -@@ -471,10 +471,12 @@ void intel_hpd_init(struct drm_i915_private *dev_priv) - * Interrupt setup is already guaranteed to be single-threaded, this is - * just to make the assert_spin_locked checks happy. - */ -- spin_lock_irq(&dev_priv->irq_lock); -- if (dev_priv->display.hpd_irq_setup) -- dev_priv->display.hpd_irq_setup(dev_priv); -- spin_unlock_irq(&dev_priv->irq_lock); -+ if (dev_priv->display_irqs_enabled && dev_priv->display.hpd_irq_setup) { -+ spin_lock_irq(&dev_priv->irq_lock); -+ if (dev_priv->display_irqs_enabled) -+ dev_priv->display.hpd_irq_setup(dev_priv); -+ spin_unlock_irq(&dev_priv->irq_lock); -+ } - } - - static void i915_hpd_poll_init_work(struct work_struct *work) -diff --git a/drivers/gpu/drm/i915/intel_lrc.c b/drivers/gpu/drm/i915/intel_lrc.c -index 4147e51..67db157 100644 ---- a/drivers/gpu/drm/i915/intel_lrc.c -+++ b/drivers/gpu/drm/i915/intel_lrc.c -@@ -2152,42 +2152,30 @@ static int execlists_context_deferred_alloc(struct i915_gem_context *ctx, - - void intel_lr_context_resume(struct drm_i915_private *dev_priv) - { -+ struct i915_gem_context *ctx = dev_priv->kernel_context; - struct intel_engine_cs *engine; -- struct i915_gem_context *ctx; -- -- /* Because we emit WA_TAIL_DWORDS there may be a disparity -- * between our bookkeeping in ce->ring->head and ce->ring->tail and -- * that stored in context. As we only write new commands from -- * ce->ring->tail onwards, everything before that is junk. If the GPU -- * starts reading from its RING_HEAD from the context, it may try to -- * execute that junk and die. -- * -- * So to avoid that we reset the context images upon resume. For -- * simplicity, we just zero everything out. -- */ -- list_for_each_entry(ctx, &dev_priv->context_list, link) { -- for_each_engine(engine, dev_priv) { -- struct intel_context *ce = &ctx->engine[engine->id]; -- u32 *reg; - -- if (!ce->state) -- continue; -+ for_each_engine(engine, dev_priv) { -+ struct intel_context *ce = &ctx->engine[engine->id]; -+ void *vaddr; -+ uint32_t *reg_state; - -- reg = i915_gem_object_pin_map(ce->state->obj, -- I915_MAP_WB); -- if (WARN_ON(IS_ERR(reg))) -- continue; -+ if (!ce->state) -+ continue; - -- reg += LRC_STATE_PN * PAGE_SIZE / sizeof(*reg); -- reg[CTX_RING_HEAD+1] = 0; -- reg[CTX_RING_TAIL+1] = 0; -+ vaddr = i915_gem_object_pin_map(ce->state->obj, I915_MAP_WB); -+ if (WARN_ON(IS_ERR(vaddr))) -+ continue; - -- ce->state->obj->dirty = true; -- i915_gem_object_unpin_map(ce->state->obj); -+ reg_state = vaddr + LRC_STATE_PN * PAGE_SIZE; - -- ce->ring->head = ce->ring->tail = 0; -- ce->ring->last_retired_head = -1; -- intel_ring_update_space(ce->ring); -- } -+ reg_state[CTX_RING_HEAD+1] = 0; -+ reg_state[CTX_RING_TAIL+1] = 0; -+ -+ ce->state->obj->dirty = true; -+ i915_gem_object_unpin_map(ce->state->obj); -+ -+ ce->ring->head = 0; -+ ce->ring->tail = 0; - } - } -diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c -index e559a45..2c6d59d 100644 ---- a/drivers/gpu/drm/i915/intel_pm.c -+++ b/drivers/gpu/drm/i915/intel_pm.c -@@ -4903,6 +4903,12 @@ static void gen6_set_rps_thresholds(struct drm_i915_private *dev_priv, u8 val) - break; - } - -+ /* When byt can survive without system hang with dynamic -+ * sw freq adjustments, this restriction can be lifted. -+ */ -+ if (IS_VALLEYVIEW(dev_priv)) -+ goto skip_hw_write; -+ - I915_WRITE(GEN6_RP_UP_EI, - GT_INTERVAL_FROM_US(dev_priv, ei_up)); - I915_WRITE(GEN6_RP_UP_THRESHOLD, -@@ -4923,6 +4929,7 @@ static void gen6_set_rps_thresholds(struct drm_i915_private *dev_priv, u8 val) - GEN6_RP_UP_BUSY_AVG | - GEN6_RP_DOWN_IDLE_AVG); - -+skip_hw_write: - dev_priv->rps.power = new_power; - dev_priv->rps.up_threshold = threshold_up; - dev_priv->rps.down_threshold = threshold_down; -@@ -4933,8 +4940,9 @@ static u32 gen6_rps_pm_mask(struct drm_i915_private *dev_priv, u8 val) - { - u32 mask = 0; - -+ /* We use UP_EI_EXPIRED interupts for both up/down in manual mode */ - if (val > dev_priv->rps.min_freq_softlimit) -- mask |= GEN6_PM_RP_DOWN_EI_EXPIRED | GEN6_PM_RP_DOWN_THRESHOLD | GEN6_PM_RP_DOWN_TIMEOUT; -+ mask |= GEN6_PM_RP_UP_EI_EXPIRED | GEN6_PM_RP_DOWN_THRESHOLD | GEN6_PM_RP_DOWN_TIMEOUT; - if (val < dev_priv->rps.max_freq_softlimit) - mask |= GEN6_PM_RP_UP_EI_EXPIRED | GEN6_PM_RP_UP_THRESHOLD; - -@@ -5034,7 +5042,7 @@ void gen6_rps_busy(struct drm_i915_private *dev_priv) - { - mutex_lock(&dev_priv->rps.hw_lock); - if (dev_priv->rps.enabled) { -- if (dev_priv->pm_rps_events & (GEN6_PM_RP_DOWN_EI_EXPIRED | GEN6_PM_RP_UP_EI_EXPIRED)) -+ if (dev_priv->pm_rps_events & GEN6_PM_RP_UP_EI_EXPIRED) - gen6_rps_reset_ei(dev_priv); - I915_WRITE(GEN6_PMINTRMSK, - gen6_rps_pm_mask(dev_priv, dev_priv->rps.cur_freq)); -@@ -7960,10 +7968,10 @@ static bool skl_pcode_try_request(struct drm_i915_private *dev_priv, u32 mbox, - * @timeout_base_ms: timeout for polling with preemption enabled - * - * Keep resending the @request to @mbox until PCODE acknowledges it, PCODE -- * reports an error or an overall timeout of @timeout_base_ms+10 ms expires. -+ * reports an error or an overall timeout of @timeout_base_ms+50 ms expires. - * The request is acknowledged once the PCODE reply dword equals @reply after - * applying @reply_mask. Polling is first attempted with preemption enabled -- * for @timeout_base_ms and if this times out for another 10 ms with -+ * for @timeout_base_ms and if this times out for another 50 ms with - * preemption disabled. - * - * Returns 0 on success, %-ETIMEDOUT in case of a timeout, <0 in case of some -@@ -7999,14 +8007,15 @@ int skl_pcode_request(struct drm_i915_private *dev_priv, u32 mbox, u32 request, - * worst case) _and_ PCODE was busy for some reason even after a - * (queued) request and @timeout_base_ms delay. As a workaround retry - * the poll with preemption disabled to maximize the number of -- * requests. Increase the timeout from @timeout_base_ms to 10ms to -+ * requests. Increase the timeout from @timeout_base_ms to 50ms to - * account for interrupts that could reduce the number of these -- * requests. -+ * requests, and for any quirks of the PCODE firmware that delays -+ * the request completion. - */ - DRM_DEBUG_KMS("PCODE timeout, retrying with preemption disabled\n"); - WARN_ON_ONCE(timeout_base_ms > 3); - preempt_disable(); -- ret = wait_for_atomic(COND, 10); -+ ret = wait_for_atomic(COND, 50); - preempt_enable(); - - out: -diff --git a/drivers/i2c/busses/i2c-bcm2835.c b/drivers/i2c/busses/i2c-bcm2835.c -index d4f3239..f283b71 100644 ---- a/drivers/i2c/busses/i2c-bcm2835.c -+++ b/drivers/i2c/busses/i2c-bcm2835.c -@@ -64,6 +64,7 @@ struct bcm2835_i2c_dev { - int irq; - struct i2c_adapter adapter; - struct completion completion; -+ struct i2c_msg *curr_msg; - u32 msg_err; - u8 *msg_buf; - size_t msg_buf_remaining; -@@ -126,14 +127,13 @@ static irqreturn_t bcm2835_i2c_isr(int this_irq, void *data) - return IRQ_HANDLED; - } - -- if (val & BCM2835_I2C_S_RXD) { -- bcm2835_drain_rxfifo(i2c_dev); -- if (!(val & BCM2835_I2C_S_DONE)) -- return IRQ_HANDLED; -- } -- - if (val & BCM2835_I2C_S_DONE) { -- if (i2c_dev->msg_buf_remaining) -+ if (i2c_dev->curr_msg->flags & I2C_M_RD) { -+ bcm2835_drain_rxfifo(i2c_dev); -+ val = bcm2835_i2c_readl(i2c_dev, BCM2835_I2C_S); -+ } -+ -+ if ((val & BCM2835_I2C_S_RXD) || i2c_dev->msg_buf_remaining) - i2c_dev->msg_err = BCM2835_I2C_S_LEN; - else - i2c_dev->msg_err = 0; -@@ -141,11 +141,16 @@ static irqreturn_t bcm2835_i2c_isr(int this_irq, void *data) - return IRQ_HANDLED; - } - -- if (val & BCM2835_I2C_S_TXD) { -+ if (val & BCM2835_I2C_S_TXW) { - bcm2835_fill_txfifo(i2c_dev); - return IRQ_HANDLED; - } - -+ if (val & BCM2835_I2C_S_RXR) { -+ bcm2835_drain_rxfifo(i2c_dev); -+ return IRQ_HANDLED; -+ } -+ - return IRQ_NONE; - } - -@@ -155,6 +160,7 @@ static int bcm2835_i2c_xfer_msg(struct bcm2835_i2c_dev *i2c_dev, - u32 c; - unsigned long time_left; - -+ i2c_dev->curr_msg = msg; - i2c_dev->msg_buf = msg->buf; - i2c_dev->msg_buf_remaining = msg->len; - reinit_completion(&i2c_dev->completion); -diff --git a/drivers/mtd/bcm47xxpart.c b/drivers/mtd/bcm47xxpart.c -index 3779475..283ff7e 100644 ---- a/drivers/mtd/bcm47xxpart.c -+++ b/drivers/mtd/bcm47xxpart.c -@@ -229,12 +229,10 @@ static int bcm47xxpart_parse(struct mtd_info *master, - - last_trx_part = curr_part - 1; - -- /* -- * We have whole TRX scanned, skip to the next part. Use -- * roundown (not roundup), as the loop will increase -- * offset in next step. -- */ -- offset = rounddown(offset + trx->length, blocksize); -+ /* Jump to the end of TRX */ -+ offset = roundup(offset + trx->length, blocksize); -+ /* Next loop iteration will increase the offset */ -+ offset -= blocksize; - continue; - } - -diff --git a/drivers/net/ethernet/mellanox/mlx4/cq.c b/drivers/net/ethernet/mellanox/mlx4/cq.c -index a849da9..6b86353 100644 ---- a/drivers/net/ethernet/mellanox/mlx4/cq.c -+++ b/drivers/net/ethernet/mellanox/mlx4/cq.c -@@ -101,13 +101,19 @@ void mlx4_cq_completion(struct mlx4_dev *dev, u32 cqn) - { - struct mlx4_cq *cq; - -+ rcu_read_lock(); - cq = radix_tree_lookup(&mlx4_priv(dev)->cq_table.tree, - cqn & (dev->caps.num_cqs - 1)); -+ rcu_read_unlock(); -+ - if (!cq) { - mlx4_dbg(dev, "Completion event for bogus CQ %08x\n", cqn); - return; - } - -+ /* Acessing the CQ outside of rcu_read_lock is safe, because -+ * the CQ is freed only after interrupt handling is completed. -+ */ - ++cq->arm_sn; - - cq->comp(cq); -@@ -118,23 +124,19 @@ void mlx4_cq_event(struct mlx4_dev *dev, u32 cqn, int event_type) - struct mlx4_cq_table *cq_table = &mlx4_priv(dev)->cq_table; - struct mlx4_cq *cq; - -- spin_lock(&cq_table->lock); -- -+ rcu_read_lock(); - cq = radix_tree_lookup(&cq_table->tree, cqn & (dev->caps.num_cqs - 1)); -- if (cq) -- atomic_inc(&cq->refcount); -- -- spin_unlock(&cq_table->lock); -+ rcu_read_unlock(); - - if (!cq) { -- mlx4_warn(dev, "Async event for bogus CQ %08x\n", cqn); -+ mlx4_dbg(dev, "Async event for bogus CQ %08x\n", cqn); - return; - } - -+ /* Acessing the CQ outside of rcu_read_lock is safe, because -+ * the CQ is freed only after interrupt handling is completed. -+ */ - cq->event(cq, event_type); -- -- if (atomic_dec_and_test(&cq->refcount)) -- complete(&cq->free); - } - - static int mlx4_SW2HW_CQ(struct mlx4_dev *dev, struct mlx4_cmd_mailbox *mailbox, -@@ -301,9 +303,9 @@ int mlx4_cq_alloc(struct mlx4_dev *dev, int nent, - if (err) - return err; - -- spin_lock_irq(&cq_table->lock); -+ spin_lock(&cq_table->lock); - err = radix_tree_insert(&cq_table->tree, cq->cqn, cq); -- spin_unlock_irq(&cq_table->lock); -+ spin_unlock(&cq_table->lock); - if (err) - goto err_icm; - -@@ -349,9 +351,9 @@ int mlx4_cq_alloc(struct mlx4_dev *dev, int nent, - return 0; - - err_radix: -- spin_lock_irq(&cq_table->lock); -+ spin_lock(&cq_table->lock); - radix_tree_delete(&cq_table->tree, cq->cqn); -- spin_unlock_irq(&cq_table->lock); -+ spin_unlock(&cq_table->lock); - - err_icm: - mlx4_cq_free_icm(dev, cq->cqn); -@@ -370,15 +372,15 @@ void mlx4_cq_free(struct mlx4_dev *dev, struct mlx4_cq *cq) - if (err) - mlx4_warn(dev, "HW2SW_CQ failed (%d) for CQN %06x\n", err, cq->cqn); - -+ spin_lock(&cq_table->lock); -+ radix_tree_delete(&cq_table->tree, cq->cqn); -+ spin_unlock(&cq_table->lock); -+ - synchronize_irq(priv->eq_table.eq[MLX4_CQ_TO_EQ_VECTOR(cq->vector)].irq); - if (priv->eq_table.eq[MLX4_CQ_TO_EQ_VECTOR(cq->vector)].irq != - priv->eq_table.eq[MLX4_EQ_ASYNC].irq) - synchronize_irq(priv->eq_table.eq[MLX4_EQ_ASYNC].irq); - -- spin_lock_irq(&cq_table->lock); -- radix_tree_delete(&cq_table->tree, cq->cqn); -- spin_unlock_irq(&cq_table->lock); -- - if (atomic_dec_and_test(&cq->refcount)) - complete(&cq->free); - wait_for_completion(&cq->free); -diff --git a/drivers/net/ethernet/mellanox/mlx4/en_rx.c b/drivers/net/ethernet/mellanox/mlx4/en_rx.c -index 4d3ddc2..5d48458 100644 ---- a/drivers/net/ethernet/mellanox/mlx4/en_rx.c -+++ b/drivers/net/ethernet/mellanox/mlx4/en_rx.c -@@ -444,8 +444,14 @@ int mlx4_en_activate_rx_rings(struct mlx4_en_priv *priv) - ring->cqn = priv->rx_cq[ring_ind]->mcq.cqn; - - ring->stride = stride; -- if (ring->stride <= TXBB_SIZE) -+ if (ring->stride <= TXBB_SIZE) { -+ /* Stamp first unused send wqe */ -+ __be32 *ptr = (__be32 *)ring->buf; -+ __be32 stamp = cpu_to_be32(1 << STAMP_SHIFT); -+ *ptr = stamp; -+ /* Move pointer to start of rx section */ - ring->buf += TXBB_SIZE; -+ } - - ring->log_stride = ffs(ring->stride) - 1; - ring->buf_size = ring->size * ring->stride; -diff --git a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c -index c548bea..32f76bf 100644 ---- a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c -+++ b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c -@@ -2980,6 +2980,9 @@ int mlx4_RST2INIT_QP_wrapper(struct mlx4_dev *dev, int slave, - put_res(dev, slave, srqn, RES_SRQ); - qp->srq = srq; - } -+ -+ /* Save param3 for dynamic changes from VST back to VGT */ -+ qp->param3 = qpc->param3; - put_res(dev, slave, rcqn, RES_CQ); - put_res(dev, slave, mtt_base, RES_MTT); - res_end_move(dev, slave, RES_QP, qpn); -@@ -3772,7 +3775,6 @@ int mlx4_INIT2RTR_QP_wrapper(struct mlx4_dev *dev, int slave, - int qpn = vhcr->in_modifier & 0x7fffff; - struct res_qp *qp; - u8 orig_sched_queue; -- __be32 orig_param3 = qpc->param3; - u8 orig_vlan_control = qpc->pri_path.vlan_control; - u8 orig_fvl_rx = qpc->pri_path.fvl_rx; - u8 orig_pri_path_fl = qpc->pri_path.fl; -@@ -3814,7 +3816,6 @@ int mlx4_INIT2RTR_QP_wrapper(struct mlx4_dev *dev, int slave, - */ - if (!err) { - qp->sched_queue = orig_sched_queue; -- qp->param3 = orig_param3; - qp->vlan_control = orig_vlan_control; - qp->fvl_rx = orig_fvl_rx; - qp->pri_path_fl = orig_pri_path_fl; -diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c -index 4e0c565..b7273be 100644 ---- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c -+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c -@@ -1422,7 +1422,7 @@ void rt2x00lib_remove_dev(struct rt2x00_dev *rt2x00dev) - cancel_work_sync(&rt2x00dev->intf_work); - cancel_delayed_work_sync(&rt2x00dev->autowakeup_work); - cancel_work_sync(&rt2x00dev->sleep_work); --#ifdef CONFIG_RT2X00_LIB_USB -+#if IS_ENABLED(CONFIG_RT2X00_LIB_USB) - if (rt2x00_is_usb(rt2x00dev)) { - usb_kill_anchored_urbs(rt2x00dev->anchor); - hrtimer_cancel(&rt2x00dev->txstatus_timer); -diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c -index 6005e14..662705e 100644 ---- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c -+++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c -@@ -319,10 +319,8 @@ static bool rt2x00usb_kick_tx_entry(struct queue_entry *entry, void *data) - entry->skb->data, length, - rt2x00usb_interrupt_txdone, entry); - -- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor); - status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC); - if (status) { -- usb_unanchor_urb(entry_priv->urb); - if (status == -ENODEV) - clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags); - set_bit(ENTRY_DATA_IO_FAILED, &entry->flags); -@@ -410,10 +408,8 @@ static bool rt2x00usb_kick_rx_entry(struct queue_entry *entry, void *data) - entry->skb->data, entry->skb->len, - rt2x00usb_interrupt_rxdone, entry); - -- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor); - status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC); - if (status) { -- usb_unanchor_urb(entry_priv->urb); - if (status == -ENODEV) - clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags); - set_bit(ENTRY_DATA_IO_FAILED, &entry->flags); -@@ -824,10 +820,6 @@ int rt2x00usb_probe(struct usb_interface *usb_intf, - if (retval) - goto exit_free_device; - -- retval = rt2x00lib_probe_dev(rt2x00dev); -- if (retval) -- goto exit_free_reg; -- - rt2x00dev->anchor = devm_kmalloc(&usb_dev->dev, - sizeof(struct usb_anchor), - GFP_KERNEL); -@@ -835,10 +827,17 @@ int rt2x00usb_probe(struct usb_interface *usb_intf, - retval = -ENOMEM; - goto exit_free_reg; - } -- - init_usb_anchor(rt2x00dev->anchor); -+ -+ retval = rt2x00lib_probe_dev(rt2x00dev); -+ if (retval) -+ goto exit_free_anchor; -+ - return 0; - -+exit_free_anchor: -+ usb_kill_anchored_urbs(rt2x00dev->anchor); -+ - exit_free_reg: - rt2x00usb_free_reg(rt2x00dev); - -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index c28ccf1..35fb2bef 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -2650,8 +2650,15 @@ static int hub_port_wait_reset(struct usb_hub *hub, int port1, - if (ret < 0) - return ret; - -- /* The port state is unknown until the reset completes. */ -- if (!(portstatus & USB_PORT_STAT_RESET)) -+ /* -+ * The port state is unknown until the reset completes. -+ * -+ * On top of that, some chips may require additional time -+ * to re-establish a connection after the reset is complete, -+ * so also wait for the connection to be re-established. -+ */ -+ if (!(portstatus & USB_PORT_STAT_RESET) && -+ (portstatus & USB_PORT_STAT_CONNECTION)) - break; - - /* switch to the long delay after two short delay failures */ -diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c -index 516ffb4..f419dd9 100644 ---- a/fs/orangefs/devorangefs-req.c -+++ b/fs/orangefs/devorangefs-req.c -@@ -402,8 +402,9 @@ static ssize_t orangefs_devreq_write_iter(struct kiocb *iocb, - /* remove the op from the in progress hash table */ - op = orangefs_devreq_remove_op(head.tag); - if (!op) { -- gossip_err("WARNING: No one's waiting for tag %llu\n", -- llu(head.tag)); -+ gossip_debug(GOSSIP_DEV_DEBUG, -+ "%s: No one's waiting for tag %llu\n", -+ __func__, llu(head.tag)); - return ret; - } - -diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c -index 38887cc..0748a26 100644 ---- a/fs/orangefs/orangefs-debugfs.c -+++ b/fs/orangefs/orangefs-debugfs.c -@@ -671,8 +671,10 @@ int orangefs_prepare_debugfs_help_string(int at_boot) - */ - cdm_element_count = - orangefs_prepare_cdm_array(client_debug_array_string); -- if (cdm_element_count <= 0) -+ if (cdm_element_count <= 0) { -+ kfree(new); - goto out; -+ } - - for (i = 0; i < cdm_element_count; i++) { - strlcat(new, "\t", string_size); -@@ -963,13 +965,13 @@ int orangefs_debugfs_new_client_string(void __user *arg) - int ret; - - ret = copy_from_user(&client_debug_array_string, -- (void __user *)arg, -- ORANGEFS_MAX_DEBUG_STRING_LEN); -+ (void __user *)arg, -+ ORANGEFS_MAX_DEBUG_STRING_LEN); - - if (ret != 0) { - pr_info("%s: CLIENT_STRING: copy_from_user failed\n", - __func__); -- return -EIO; -+ return -EFAULT; - } - - /* -@@ -984,17 +986,18 @@ int orangefs_debugfs_new_client_string(void __user *arg) - */ - client_debug_array_string[ORANGEFS_MAX_DEBUG_STRING_LEN - 1] = - '\0'; -- -+ - pr_info("%s: client debug array string has been received.\n", - __func__); - - if (!help_string_initialized) { - - /* Build a proper debug help string. */ -- if (orangefs_prepare_debugfs_help_string(0)) { -+ ret = orangefs_prepare_debugfs_help_string(0); -+ if (ret) { - gossip_err("%s: no debug help string \n", - __func__); -- return -EIO; -+ return ret; - } - - } -@@ -1007,7 +1010,7 @@ int orangefs_debugfs_new_client_string(void __user *arg) - - help_string_initialized++; - -- return ret; -+ return 0; - } - - int orangefs_debugfs_new_debug(void __user *arg) -diff --git a/fs/orangefs/orangefs-dev-proto.h b/fs/orangefs/orangefs-dev-proto.h -index a3d84ff..f380f9ed 100644 ---- a/fs/orangefs/orangefs-dev-proto.h -+++ b/fs/orangefs/orangefs-dev-proto.h -@@ -50,8 +50,7 @@ - * Misc constants. Please retain them as multiples of 8! - * Otherwise 32-64 bit interactions will be messed up :) - */ --#define ORANGEFS_MAX_DEBUG_STRING_LEN 0x00000400 --#define ORANGEFS_MAX_DEBUG_ARRAY_LEN 0x00000800 -+#define ORANGEFS_MAX_DEBUG_STRING_LEN 0x00000800 - - /* - * The maximum number of directory entries in a single request is 96. -diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index f2b04a7..8ab0974 100644 ---- a/net/packet/af_packet.c -+++ b/net/packet/af_packet.c -@@ -4235,8 +4235,8 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - if (unlikely(!PAGE_ALIGNED(req->tp_block_size))) - goto out; - if (po->tp_version >= TPACKET_V3 && -- (int)(req->tp_block_size - -- BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) -+ req->tp_block_size <= -+ BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv)) - goto out; - if (unlikely(req->tp_frame_size < po->tp_hdrlen + - po->tp_reserve)) diff --git a/4.9.23/0000_README b/4.9.24/0000_README index 7325e48..89862a9 100644 --- a/4.9.23/0000_README +++ b/4.9.24/0000_README @@ -2,11 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1022_linux-4.9.23.patch +Patch: 1023_linux-4.9.24.patch From: http://www.kernel.org -Desc: Linux 4.9.23 +Desc: Linux 4.9.24 -Patch: 4420_grsecurity-3.1-4.9.23-201704181901.patch +Patch: 4420_grsecurity-3.1-4.9.24-201704220732.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.9.24/1023_linux-4.9.24.patch b/4.9.24/1023_linux-4.9.24.patch new file mode 100644 index 0000000..0ffd31b --- /dev/null +++ b/4.9.24/1023_linux-4.9.24.patch @@ -0,0 +1,3261 @@ +diff --git a/Makefile b/Makefile +index 0de7597..50436f5 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 9 +-SUBLEVEL = 23 ++SUBLEVEL = 24 + EXTRAVERSION = + NAME = Roaring Lionus + +diff --git a/arch/mips/lantiq/irq.c b/arch/mips/lantiq/irq.c +index 0ddf369..8ac0e59 100644 +--- a/arch/mips/lantiq/irq.c ++++ b/arch/mips/lantiq/irq.c +@@ -269,11 +269,6 @@ static void ltq_hw5_irqdispatch(void) + DEFINE_HWx_IRQDISPATCH(5) + #endif + +-static void ltq_hw_irq_handler(struct irq_desc *desc) +-{ +- ltq_hw_irqdispatch(irq_desc_get_irq(desc) - 2); +-} +- + #ifdef CONFIG_MIPS_MT_SMP + void __init arch_init_ipiirq(int irq, struct irqaction *action) + { +@@ -318,19 +313,23 @@ static struct irqaction irq_call = { + asmlinkage void plat_irq_dispatch(void) + { + unsigned int pending = read_c0_status() & read_c0_cause() & ST0_IM; +- int irq; +- +- if (!pending) { +- spurious_interrupt(); +- return; ++ unsigned int i; ++ ++ if ((MIPS_CPU_TIMER_IRQ == 7) && (pending & CAUSEF_IP7)) { ++ do_IRQ(MIPS_CPU_TIMER_IRQ); ++ goto out; ++ } else { ++ for (i = 0; i < MAX_IM; i++) { ++ if (pending & (CAUSEF_IP2 << i)) { ++ ltq_hw_irqdispatch(i); ++ goto out; ++ } ++ } + } ++ pr_alert("Spurious IRQ: CAUSE=0x%08x\n", read_c0_status()); + +- pending >>= CAUSEB_IP; +- while (pending) { +- irq = fls(pending) - 1; +- do_IRQ(MIPS_CPU_IRQ_BASE + irq); +- pending &= ~BIT(irq); +- } ++out: ++ return; + } + + static int icu_map(struct irq_domain *d, unsigned int irq, irq_hw_number_t hw) +@@ -355,6 +354,11 @@ static const struct irq_domain_ops irq_domain_ops = { + .map = icu_map, + }; + ++static struct irqaction cascade = { ++ .handler = no_action, ++ .name = "cascade", ++}; ++ + int __init icu_of_init(struct device_node *node, struct device_node *parent) + { + struct device_node *eiu_node; +@@ -386,7 +390,7 @@ int __init icu_of_init(struct device_node *node, struct device_node *parent) + mips_cpu_irq_init(); + + for (i = 0; i < MAX_IM; i++) +- irq_set_chained_handler(i + 2, ltq_hw_irq_handler); ++ setup_irq(i + 2, &cascade); + + if (cpu_has_vint) { + pr_info("Setting up vectored interrupts\n"); +diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h +index 7fcf512..0497cec 100644 +--- a/arch/parisc/include/asm/uaccess.h ++++ b/arch/parisc/include/asm/uaccess.h +@@ -42,10 +42,10 @@ static inline long access_ok(int type, const void __user * addr, + #define get_user __get_user + + #if !defined(CONFIG_64BIT) +-#define LDD_USER(ptr) __get_user_asm64(ptr) ++#define LDD_USER(val, ptr) __get_user_asm64(val, ptr) + #define STD_USER(x, ptr) __put_user_asm64(x, ptr) + #else +-#define LDD_USER(ptr) __get_user_asm("ldd", ptr) ++#define LDD_USER(val, ptr) __get_user_asm(val, "ldd", ptr) + #define STD_USER(x, ptr) __put_user_asm("std", x, ptr) + #endif + +@@ -100,63 +100,87 @@ struct exception_data { + " mtsp %0,%%sr2\n\t" \ + : : "r"(get_fs()) : ) + +-#define __get_user(x, ptr) \ +-({ \ +- register long __gu_err __asm__ ("r8") = 0; \ +- register long __gu_val; \ +- \ +- load_sr2(); \ +- switch (sizeof(*(ptr))) { \ +- case 1: __get_user_asm("ldb", ptr); break; \ +- case 2: __get_user_asm("ldh", ptr); break; \ +- case 4: __get_user_asm("ldw", ptr); break; \ +- case 8: LDD_USER(ptr); break; \ +- default: BUILD_BUG(); break; \ +- } \ +- \ +- (x) = (__force __typeof__(*(ptr))) __gu_val; \ +- __gu_err; \ ++#define __get_user_internal(val, ptr) \ ++({ \ ++ register long __gu_err __asm__ ("r8") = 0; \ ++ \ ++ switch (sizeof(*(ptr))) { \ ++ case 1: __get_user_asm(val, "ldb", ptr); break; \ ++ case 2: __get_user_asm(val, "ldh", ptr); break; \ ++ case 4: __get_user_asm(val, "ldw", ptr); break; \ ++ case 8: LDD_USER(val, ptr); break; \ ++ default: BUILD_BUG(); \ ++ } \ ++ \ ++ __gu_err; \ + }) + +-#define __get_user_asm(ldx, ptr) \ ++#define __get_user(val, ptr) \ ++({ \ ++ load_sr2(); \ ++ __get_user_internal(val, ptr); \ ++}) ++ ++#define __get_user_asm(val, ldx, ptr) \ ++{ \ ++ register long __gu_val; \ ++ \ + __asm__("1: " ldx " 0(%%sr2,%2),%0\n" \ + "9:\n" \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ + : "=r"(__gu_val), "=r"(__gu_err) \ +- : "r"(ptr), "1"(__gu_err)); ++ : "r"(ptr), "1"(__gu_err)); \ ++ \ ++ (val) = (__force __typeof__(*(ptr))) __gu_val; \ ++} + + #if !defined(CONFIG_64BIT) + +-#define __get_user_asm64(ptr) \ ++#define __get_user_asm64(val, ptr) \ ++{ \ ++ union { \ ++ unsigned long long l; \ ++ __typeof__(*(ptr)) t; \ ++ } __gu_tmp; \ ++ \ + __asm__(" copy %%r0,%R0\n" \ + "1: ldw 0(%%sr2,%2),%0\n" \ + "2: ldw 4(%%sr2,%2),%R0\n" \ + "9:\n" \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \ + ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \ +- : "=r"(__gu_val), "=r"(__gu_err) \ +- : "r"(ptr), "1"(__gu_err)); ++ : "=&r"(__gu_tmp.l), "=r"(__gu_err) \ ++ : "r"(ptr), "1"(__gu_err)); \ ++ \ ++ (val) = __gu_tmp.t; \ ++} + + #endif /* !defined(CONFIG_64BIT) */ + + +-#define __put_user(x, ptr) \ ++#define __put_user_internal(x, ptr) \ + ({ \ + register long __pu_err __asm__ ("r8") = 0; \ + __typeof__(*(ptr)) __x = (__typeof__(*(ptr)))(x); \ + \ +- load_sr2(); \ + switch (sizeof(*(ptr))) { \ +- case 1: __put_user_asm("stb", __x, ptr); break; \ +- case 2: __put_user_asm("sth", __x, ptr); break; \ +- case 4: __put_user_asm("stw", __x, ptr); break; \ +- case 8: STD_USER(__x, ptr); break; \ +- default: BUILD_BUG(); break; \ +- } \ ++ case 1: __put_user_asm("stb", __x, ptr); break; \ ++ case 2: __put_user_asm("sth", __x, ptr); break; \ ++ case 4: __put_user_asm("stw", __x, ptr); break; \ ++ case 8: STD_USER(__x, ptr); break; \ ++ default: BUILD_BUG(); \ ++ } \ + \ + __pu_err; \ + }) + ++#define __put_user(x, ptr) \ ++({ \ ++ load_sr2(); \ ++ __put_user_internal(x, ptr); \ ++}) ++ ++ + /* + * The "__put_user/kernel_asm()" macros tell gcc they read from memory + * instead of writing. This is because they do not write to any memory +diff --git a/arch/parisc/lib/lusercopy.S b/arch/parisc/lib/lusercopy.S +index f01188c..85c28bb 100644 +--- a/arch/parisc/lib/lusercopy.S ++++ b/arch/parisc/lib/lusercopy.S +@@ -201,7 +201,7 @@ ENTRY_CFI(pa_memcpy) + add dst,len,end + + /* short copy with less than 16 bytes? */ +- cmpib,>>=,n 15,len,.Lbyte_loop ++ cmpib,COND(>>=),n 15,len,.Lbyte_loop + + /* same alignment? */ + xor src,dst,t0 +@@ -216,7 +216,7 @@ ENTRY_CFI(pa_memcpy) + /* loop until we are 64-bit aligned */ + .Lalign_loop64: + extru dst,31,3,t1 +- cmpib,=,n 0,t1,.Lcopy_loop_16 ++ cmpib,=,n 0,t1,.Lcopy_loop_16_start + 20: ldb,ma 1(srcspc,src),t1 + 21: stb,ma t1,1(dstspc,dst) + b .Lalign_loop64 +@@ -225,6 +225,7 @@ ENTRY_CFI(pa_memcpy) + ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done) + ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done) + ++.Lcopy_loop_16_start: + ldi 31,t0 + .Lcopy_loop_16: + cmpb,COND(>>=),n t0,len,.Lword_loop +@@ -267,7 +268,7 @@ ENTRY_CFI(pa_memcpy) + /* loop until we are 32-bit aligned */ + .Lalign_loop32: + extru dst,31,2,t1 +- cmpib,=,n 0,t1,.Lcopy_loop_4 ++ cmpib,=,n 0,t1,.Lcopy_loop_8 + 20: ldb,ma 1(srcspc,src),t1 + 21: stb,ma t1,1(dstspc,dst) + b .Lalign_loop32 +@@ -277,7 +278,7 @@ ENTRY_CFI(pa_memcpy) + ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done) + + +-.Lcopy_loop_4: ++.Lcopy_loop_8: + cmpib,COND(>>=),n 15,len,.Lbyte_loop + + 10: ldw 0(srcspc,src),t1 +@@ -299,7 +300,7 @@ ENTRY_CFI(pa_memcpy) + ASM_EXCEPTIONTABLE_ENTRY(16b,.Lcopy_done) + ASM_EXCEPTIONTABLE_ENTRY(17b,.Lcopy_done) + +- b .Lcopy_loop_4 ++ b .Lcopy_loop_8 + ldo -16(len),len + + .Lbyte_loop: +@@ -324,7 +325,7 @@ ENTRY_CFI(pa_memcpy) + .Lunaligned_copy: + /* align until dst is 32bit-word-aligned */ + extru dst,31,2,t1 +- cmpib,COND(=),n 0,t1,.Lcopy_dstaligned ++ cmpib,=,n 0,t1,.Lcopy_dstaligned + 20: ldb 0(srcspc,src),t1 + ldo 1(src),src + 21: stb,ma t1,1(dstspc,dst) +@@ -362,7 +363,7 @@ ENTRY_CFI(pa_memcpy) + cmpiclr,<> 1,t0,%r0 + b,n .Lcase1 + .Lcase0: +- cmpb,= %r0,len,.Lcda_finish ++ cmpb,COND(=) %r0,len,.Lcda_finish + nop + + 1: ldw,ma 4(srcspc,src), a3 +@@ -376,7 +377,7 @@ ENTRY_CFI(pa_memcpy) + 1: ldw,ma 4(srcspc,src), a3 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) + ldo -1(len),len +- cmpb,=,n %r0,len,.Ldo0 ++ cmpb,COND(=),n %r0,len,.Ldo0 + .Ldo4: + 1: ldw,ma 4(srcspc,src), a0 + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault) +@@ -402,7 +403,7 @@ ENTRY_CFI(pa_memcpy) + 1: stw,ma t0, 4(dstspc,dst) + ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done) + ldo -4(len),len +- cmpb,<> %r0,len,.Ldo4 ++ cmpb,COND(<>) %r0,len,.Ldo4 + nop + .Ldo0: + shrpw a2, a3, %sar, t0 +@@ -436,14 +437,14 @@ ENTRY_CFI(pa_memcpy) + /* fault exception fixup handlers: */ + #ifdef CONFIG_64BIT + .Lcopy16_fault: +-10: b .Lcopy_done +- std,ma t1,8(dstspc,dst) ++ b .Lcopy_done ++10: std,ma t1,8(dstspc,dst) + ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done) + #endif + + .Lcopy8_fault: +-10: b .Lcopy_done +- stw,ma t1,4(dstspc,dst) ++ b .Lcopy_done ++10: stw,ma t1,4(dstspc,dst) + ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done) + + .exit +diff --git a/arch/x86/entry/vdso/vdso32-setup.c b/arch/x86/entry/vdso/vdso32-setup.c +index 7853b53..3f9d1a8 100644 +--- a/arch/x86/entry/vdso/vdso32-setup.c ++++ b/arch/x86/entry/vdso/vdso32-setup.c +@@ -30,8 +30,10 @@ static int __init vdso32_setup(char *s) + { + vdso32_enabled = simple_strtoul(s, NULL, 0); + +- if (vdso32_enabled > 1) ++ if (vdso32_enabled > 1) { + pr_warn("vdso32 values other than 0 and 1 are no longer allowed; vdso disabled\n"); ++ vdso32_enabled = 0; ++ } + + return 1; + } +@@ -62,13 +64,18 @@ subsys_initcall(sysenter_setup); + /* Register vsyscall32 into the ABI table */ + #include <linux/sysctl.h> + ++static const int zero; ++static const int one = 1; ++ + static struct ctl_table abi_table2[] = { + { + .procname = "vsyscall32", + .data = &vdso32_enabled, + .maxlen = sizeof(int), + .mode = 0644, +- .proc_handler = proc_dointvec ++ .proc_handler = proc_dointvec_minmax, ++ .extra1 = (int *)&zero, ++ .extra2 = (int *)&one, + }, + {} + }; +diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c +index 81b321a..f924629 100644 +--- a/arch/x86/events/intel/lbr.c ++++ b/arch/x86/events/intel/lbr.c +@@ -507,6 +507,9 @@ static void intel_pmu_lbr_read_32(struct cpu_hw_events *cpuc) + cpuc->lbr_entries[i].to = msr_lastbranch.to; + cpuc->lbr_entries[i].mispred = 0; + cpuc->lbr_entries[i].predicted = 0; ++ cpuc->lbr_entries[i].in_tx = 0; ++ cpuc->lbr_entries[i].abort = 0; ++ cpuc->lbr_entries[i].cycles = 0; + cpuc->lbr_entries[i].reserved = 0; + } + cpuc->lbr_stack.nr = i; +diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h +index e7f155c..94aad63 100644 +--- a/arch/x86/include/asm/elf.h ++++ b/arch/x86/include/asm/elf.h +@@ -278,7 +278,7 @@ struct task_struct; + + #define ARCH_DLINFO_IA32 \ + do { \ +- if (vdso32_enabled) { \ ++ if (VDSO_CURRENT_BASE) { \ + NEW_AUX_ENT(AT_SYSINFO, VDSO_ENTRY); \ + NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_CURRENT_BASE); \ + } \ +diff --git a/arch/x86/include/asm/pmem.h b/arch/x86/include/asm/pmem.h +index 2c1ebeb..529bb4a 100644 +--- a/arch/x86/include/asm/pmem.h ++++ b/arch/x86/include/asm/pmem.h +@@ -55,7 +55,8 @@ static inline int arch_memcpy_from_pmem(void *dst, const void *src, size_t n) + * @size: number of bytes to write back + * + * Write back a cache range using the CLWB (cache line write back) +- * instruction. ++ * instruction. Note that @size is internally rounded up to be cache ++ * line size aligned. + */ + static inline void arch_wb_cache_pmem(void *addr, size_t size) + { +@@ -69,15 +70,6 @@ static inline void arch_wb_cache_pmem(void *addr, size_t size) + clwb(p); + } + +-/* +- * copy_from_iter_nocache() on x86 only uses non-temporal stores for iovec +- * iterators, so for other types (bvec & kvec) we must do a cache write-back. +- */ +-static inline bool __iter_needs_pmem_wb(struct iov_iter *i) +-{ +- return iter_is_iovec(i) == false; +-} +- + /** + * arch_copy_from_iter_pmem - copy data from an iterator to PMEM + * @addr: PMEM destination address +@@ -94,7 +86,35 @@ static inline size_t arch_copy_from_iter_pmem(void *addr, size_t bytes, + /* TODO: skip the write-back by always using non-temporal stores */ + len = copy_from_iter_nocache(addr, bytes, i); + +- if (__iter_needs_pmem_wb(i)) ++ /* ++ * In the iovec case on x86_64 copy_from_iter_nocache() uses ++ * non-temporal stores for the bulk of the transfer, but we need ++ * to manually flush if the transfer is unaligned. A cached ++ * memory copy is used when destination or size is not naturally ++ * aligned. That is: ++ * - Require 8-byte alignment when size is 8 bytes or larger. ++ * - Require 4-byte alignment when size is 4 bytes. ++ * ++ * In the non-iovec case the entire destination needs to be ++ * flushed. ++ */ ++ if (iter_is_iovec(i)) { ++ unsigned long flushed, dest = (unsigned long) addr; ++ ++ if (bytes < 8) { ++ if (!IS_ALIGNED(dest, 4) || (bytes != 4)) ++ arch_wb_cache_pmem(addr, 1); ++ } else { ++ if (!IS_ALIGNED(dest, 8)) { ++ dest = ALIGN(dest, boot_cpu_data.x86_clflush_size); ++ arch_wb_cache_pmem(addr, 1); ++ } ++ ++ flushed = dest - (unsigned long) addr; ++ if (bytes > flushed && !IS_ALIGNED(bytes - flushed, 8)) ++ arch_wb_cache_pmem(addr + bytes - 1, 1); ++ } ++ } else + arch_wb_cache_pmem(addr, bytes); + + return len; +diff --git a/arch/x86/kernel/signal_compat.c b/arch/x86/kernel/signal_compat.c +index ec1f756..71beb28 100644 +--- a/arch/x86/kernel/signal_compat.c ++++ b/arch/x86/kernel/signal_compat.c +@@ -151,8 +151,8 @@ int __copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from, + + if (from->si_signo == SIGSEGV) { + if (from->si_code == SEGV_BNDERR) { +- compat_uptr_t lower = (unsigned long)&to->si_lower; +- compat_uptr_t upper = (unsigned long)&to->si_upper; ++ compat_uptr_t lower = (unsigned long)from->si_lower; ++ compat_uptr_t upper = (unsigned long)from->si_upper; + put_user_ex(lower, &to->si_lower); + put_user_ex(upper, &to->si_upper); + } +diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c +index 69b8f8a..43b55ef 100644 +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -6925,14 +6925,20 @@ static int nested_vmx_check_vmptr(struct kvm_vcpu *vcpu, int exit_reason, + } + + page = nested_get_page(vcpu, vmptr); +- if (page == NULL || +- *(u32 *)kmap(page) != VMCS12_REVISION) { ++ if (page == NULL) { + nested_vmx_failInvalid(vcpu); ++ skip_emulated_instruction(vcpu); ++ return 1; ++ } ++ if (*(u32 *)kmap(page) != VMCS12_REVISION) { + kunmap(page); ++ nested_release_page_clean(page); ++ nested_vmx_failInvalid(vcpu); + skip_emulated_instruction(vcpu); + return 1; + } + kunmap(page); ++ nested_release_page_clean(page); + vmx->nested.vmxon_ptr = vmptr; + break; + case EXIT_REASON_VMCLEAR: +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c +index 22af912..889e761 100644 +--- a/arch/x86/mm/init.c ++++ b/arch/x86/mm/init.c +@@ -643,21 +643,40 @@ void __init init_mem_mapping(void) + * devmem_is_allowed() checks to see if /dev/mem access to a certain address + * is valid. The argument is a physical page number. + * +- * +- * On x86, access has to be given to the first megabyte of ram because that area +- * contains BIOS code and data regions used by X and dosemu and similar apps. +- * Access has to be given to non-kernel-ram areas as well, these contain the PCI +- * mmio resources as well as potential bios/acpi data regions. ++ * On x86, access has to be given to the first megabyte of RAM because that ++ * area traditionally contains BIOS code and data regions used by X, dosemu, ++ * and similar apps. Since they map the entire memory range, the whole range ++ * must be allowed (for mapping), but any areas that would otherwise be ++ * disallowed are flagged as being "zero filled" instead of rejected. ++ * Access has to be given to non-kernel-ram areas as well, these contain the ++ * PCI mmio resources as well as potential bios/acpi data regions. + */ + int devmem_is_allowed(unsigned long pagenr) + { +- if (pagenr < 256) +- return 1; +- if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) ++ if (page_is_ram(pagenr)) { ++ /* ++ * For disallowed memory regions in the low 1MB range, ++ * request that the page be shown as all zeros. ++ */ ++ if (pagenr < 256) ++ return 2; ++ ++ return 0; ++ } ++ ++ /* ++ * This must follow RAM test, since System RAM is considered a ++ * restricted resource under CONFIG_STRICT_IOMEM. ++ */ ++ if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) { ++ /* Low 1MB bypasses iomem restrictions. */ ++ if (pagenr < 256) ++ return 1; ++ + return 0; +- if (!page_is_ram(pagenr)) +- return 1; +- return 0; ++ } ++ ++ return 1; + } + + void free_init_pages(char *what, unsigned long begin, unsigned long end) +diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c +index 30031d5..cdfe8c6 100644 +--- a/arch/x86/platform/efi/quirks.c ++++ b/arch/x86/platform/efi/quirks.c +@@ -201,6 +201,10 @@ void __init efi_arch_mem_reserve(phys_addr_t addr, u64 size) + return; + } + ++ /* No need to reserve regions that will never be freed. */ ++ if (md.attribute & EFI_MEMORY_RUNTIME) ++ return; ++ + size += addr % EFI_PAGE_SIZE; + size = round_up(size, EFI_PAGE_SIZE); + addr = round_down(addr, EFI_PAGE_SIZE); +diff --git a/arch/x86/xen/apic.c b/arch/x86/xen/apic.c +index 44c88ad..bcea81f 100644 +--- a/arch/x86/xen/apic.c ++++ b/arch/x86/xen/apic.c +@@ -145,7 +145,7 @@ static void xen_silent_inquire(int apicid) + static int xen_cpu_present_to_apicid(int cpu) + { + if (cpu_present(cpu)) +- return xen_get_apic_id(xen_apic_read(APIC_ID)); ++ return cpu_data(cpu).apicid; + else + return BAD_APICID; + } +diff --git a/crypto/ahash.c b/crypto/ahash.c +index 2ce8bcb..cce0268 100644 +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -31,6 +31,7 @@ struct ahash_request_priv { + crypto_completion_t complete; + void *data; + u8 *result; ++ u32 flags; + void *ubuf[] CRYPTO_MINALIGN_ATTR; + }; + +@@ -252,6 +253,8 @@ static int ahash_save_req(struct ahash_request *req, crypto_completion_t cplt) + priv->result = req->result; + priv->complete = req->base.complete; + priv->data = req->base.data; ++ priv->flags = req->base.flags; ++ + /* + * WARNING: We do not backup req->priv here! The req->priv + * is for internal use of the Crypto API and the +@@ -266,38 +269,44 @@ static int ahash_save_req(struct ahash_request *req, crypto_completion_t cplt) + return 0; + } + +-static void ahash_restore_req(struct ahash_request *req) ++static void ahash_restore_req(struct ahash_request *req, int err) + { + struct ahash_request_priv *priv = req->priv; + ++ if (!err) ++ memcpy(priv->result, req->result, ++ crypto_ahash_digestsize(crypto_ahash_reqtfm(req))); ++ + /* Restore the original crypto request. */ + req->result = priv->result; +- req->base.complete = priv->complete; +- req->base.data = priv->data; ++ ++ ahash_request_set_callback(req, priv->flags, ++ priv->complete, priv->data); + req->priv = NULL; + + /* Free the req->priv.priv from the ADJUSTED request. */ + kzfree(priv); + } + +-static void ahash_op_unaligned_finish(struct ahash_request *req, int err) ++static void ahash_notify_einprogress(struct ahash_request *req) + { + struct ahash_request_priv *priv = req->priv; ++ struct crypto_async_request oreq; + +- if (err == -EINPROGRESS) +- return; +- +- if (!err) +- memcpy(priv->result, req->result, +- crypto_ahash_digestsize(crypto_ahash_reqtfm(req))); ++ oreq.data = priv->data; + +- ahash_restore_req(req); ++ priv->complete(&oreq, -EINPROGRESS); + } + + static void ahash_op_unaligned_done(struct crypto_async_request *req, int err) + { + struct ahash_request *areq = req->data; + ++ if (err == -EINPROGRESS) { ++ ahash_notify_einprogress(areq); ++ return; ++ } ++ + /* + * Restore the original request, see ahash_op_unaligned() for what + * goes where. +@@ -308,7 +317,7 @@ static void ahash_op_unaligned_done(struct crypto_async_request *req, int err) + */ + + /* First copy req->result into req->priv.result */ +- ahash_op_unaligned_finish(areq, err); ++ ahash_restore_req(areq, err); + + /* Complete the ORIGINAL request. */ + areq->base.complete(&areq->base, err); +@@ -324,7 +333,12 @@ static int ahash_op_unaligned(struct ahash_request *req, + return err; + + err = op(req); +- ahash_op_unaligned_finish(req, err); ++ if (err == -EINPROGRESS || ++ (err == -EBUSY && (ahash_request_flags(req) & ++ CRYPTO_TFM_REQ_MAY_BACKLOG))) ++ return err; ++ ++ ahash_restore_req(req, err); + + return err; + } +@@ -359,25 +373,14 @@ int crypto_ahash_digest(struct ahash_request *req) + } + EXPORT_SYMBOL_GPL(crypto_ahash_digest); + +-static void ahash_def_finup_finish2(struct ahash_request *req, int err) ++static void ahash_def_finup_done2(struct crypto_async_request *req, int err) + { +- struct ahash_request_priv *priv = req->priv; ++ struct ahash_request *areq = req->data; + + if (err == -EINPROGRESS) + return; + +- if (!err) +- memcpy(priv->result, req->result, +- crypto_ahash_digestsize(crypto_ahash_reqtfm(req))); +- +- ahash_restore_req(req); +-} +- +-static void ahash_def_finup_done2(struct crypto_async_request *req, int err) +-{ +- struct ahash_request *areq = req->data; +- +- ahash_def_finup_finish2(areq, err); ++ ahash_restore_req(areq, err); + + areq->base.complete(&areq->base, err); + } +@@ -388,11 +391,15 @@ static int ahash_def_finup_finish1(struct ahash_request *req, int err) + goto out; + + req->base.complete = ahash_def_finup_done2; +- req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; ++ + err = crypto_ahash_reqtfm(req)->final(req); ++ if (err == -EINPROGRESS || ++ (err == -EBUSY && (ahash_request_flags(req) & ++ CRYPTO_TFM_REQ_MAY_BACKLOG))) ++ return err; + + out: +- ahash_def_finup_finish2(req, err); ++ ahash_restore_req(req, err); + return err; + } + +@@ -400,7 +407,16 @@ static void ahash_def_finup_done1(struct crypto_async_request *req, int err) + { + struct ahash_request *areq = req->data; + ++ if (err == -EINPROGRESS) { ++ ahash_notify_einprogress(areq); ++ return; ++ } ++ ++ areq->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; ++ + err = ahash_def_finup_finish1(areq, err); ++ if (areq->priv) ++ return; + + areq->base.complete(&areq->base, err); + } +@@ -415,6 +431,11 @@ static int ahash_def_finup(struct ahash_request *req) + return err; + + err = tfm->update(req); ++ if (err == -EINPROGRESS || ++ (err == -EBUSY && (ahash_request_flags(req) & ++ CRYPTO_TFM_REQ_MAY_BACKLOG))) ++ return err; ++ + return ahash_def_finup_finish1(req, err); + } + +diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c +index e8817e2..fde8d88 100644 +--- a/crypto/algif_aead.c ++++ b/crypto/algif_aead.c +@@ -39,6 +39,7 @@ struct aead_async_req { + struct aead_async_rsgl first_rsgl; + struct list_head list; + struct kiocb *iocb; ++ struct sock *sk; + unsigned int tsgls; + char iv[]; + }; +@@ -379,12 +380,10 @@ static ssize_t aead_sendpage(struct socket *sock, struct page *page, + + static void aead_async_cb(struct crypto_async_request *_req, int err) + { +- struct sock *sk = _req->data; +- struct alg_sock *ask = alg_sk(sk); +- struct aead_ctx *ctx = ask->private; +- struct crypto_aead *tfm = crypto_aead_reqtfm(&ctx->aead_req); +- struct aead_request *req = aead_request_cast(_req); ++ struct aead_request *req = _req->data; ++ struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct aead_async_req *areq = GET_ASYM_REQ(req, tfm); ++ struct sock *sk = areq->sk; + struct scatterlist *sg = areq->tsgl; + struct aead_async_rsgl *rsgl; + struct kiocb *iocb = areq->iocb; +@@ -447,11 +446,12 @@ static int aead_recvmsg_async(struct socket *sock, struct msghdr *msg, + memset(&areq->first_rsgl, '\0', sizeof(areq->first_rsgl)); + INIT_LIST_HEAD(&areq->list); + areq->iocb = msg->msg_iocb; ++ areq->sk = sk; + memcpy(areq->iv, ctx->iv, crypto_aead_ivsize(tfm)); + aead_request_set_tfm(req, tfm); + aead_request_set_ad(req, ctx->aead_assoclen); + aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, +- aead_async_cb, sk); ++ aead_async_cb, req); + used -= ctx->aead_assoclen; + + /* take over all tx sgls from ctx */ +diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c +index 48e19d0..22ca892 100644 +--- a/drivers/acpi/ec.c ++++ b/drivers/acpi/ec.c +@@ -729,12 +729,12 @@ static void start_transaction(struct acpi_ec *ec) + + static int ec_guard(struct acpi_ec *ec) + { +- unsigned long guard = usecs_to_jiffies(ec_polling_guard); ++ unsigned long guard = usecs_to_jiffies(ec->polling_guard); + unsigned long timeout = ec->timestamp + guard; + + /* Ensure guarding period before polling EC status */ + do { +- if (ec_busy_polling) { ++ if (ec->busy_polling) { + /* Perform busy polling */ + if (ec_transaction_completed(ec)) + return 0; +@@ -998,6 +998,28 @@ static void acpi_ec_stop(struct acpi_ec *ec, bool suspending) + spin_unlock_irqrestore(&ec->lock, flags); + } + ++static void acpi_ec_enter_noirq(struct acpi_ec *ec) ++{ ++ unsigned long flags; ++ ++ spin_lock_irqsave(&ec->lock, flags); ++ ec->busy_polling = true; ++ ec->polling_guard = 0; ++ ec_log_drv("interrupt blocked"); ++ spin_unlock_irqrestore(&ec->lock, flags); ++} ++ ++static void acpi_ec_leave_noirq(struct acpi_ec *ec) ++{ ++ unsigned long flags; ++ ++ spin_lock_irqsave(&ec->lock, flags); ++ ec->busy_polling = ec_busy_polling; ++ ec->polling_guard = ec_polling_guard; ++ ec_log_drv("interrupt unblocked"); ++ spin_unlock_irqrestore(&ec->lock, flags); ++} ++ + void acpi_ec_block_transactions(void) + { + struct acpi_ec *ec = first_ec; +@@ -1278,7 +1300,7 @@ acpi_ec_space_handler(u32 function, acpi_physical_address address, + if (function != ACPI_READ && function != ACPI_WRITE) + return AE_BAD_PARAMETER; + +- if (ec_busy_polling || bits > 8) ++ if (ec->busy_polling || bits > 8) + acpi_ec_burst_enable(ec); + + for (i = 0; i < bytes; ++i, ++address, ++value) +@@ -1286,7 +1308,7 @@ acpi_ec_space_handler(u32 function, acpi_physical_address address, + acpi_ec_read(ec, address, value) : + acpi_ec_write(ec, address, *value); + +- if (ec_busy_polling || bits > 8) ++ if (ec->busy_polling || bits > 8) + acpi_ec_burst_disable(ec); + + switch (result) { +@@ -1329,6 +1351,8 @@ static struct acpi_ec *acpi_ec_alloc(void) + spin_lock_init(&ec->lock); + INIT_WORK(&ec->work, acpi_ec_event_handler); + ec->timestamp = jiffies; ++ ec->busy_polling = true; ++ ec->polling_guard = 0; + return ec; + } + +@@ -1390,6 +1414,7 @@ static int ec_install_handlers(struct acpi_ec *ec, bool handle_events) + acpi_ec_start(ec, false); + + if (!test_bit(EC_FLAGS_EC_HANDLER_INSTALLED, &ec->flags)) { ++ acpi_ec_enter_noirq(ec); + status = acpi_install_address_space_handler(ec->handle, + ACPI_ADR_SPACE_EC, + &acpi_ec_space_handler, +@@ -1429,6 +1454,7 @@ static int ec_install_handlers(struct acpi_ec *ec, bool handle_events) + /* This is not fatal as we can poll EC events */ + if (ACPI_SUCCESS(status)) { + set_bit(EC_FLAGS_GPE_HANDLER_INSTALLED, &ec->flags); ++ acpi_ec_leave_noirq(ec); + if (test_bit(EC_FLAGS_STARTED, &ec->flags) && + ec->reference_count >= 1) + acpi_ec_enable_gpe(ec, true); +@@ -1839,34 +1865,6 @@ int __init acpi_ec_ecdt_probe(void) + } + + #ifdef CONFIG_PM_SLEEP +-static void acpi_ec_enter_noirq(struct acpi_ec *ec) +-{ +- unsigned long flags; +- +- if (ec == first_ec) { +- spin_lock_irqsave(&ec->lock, flags); +- ec->saved_busy_polling = ec_busy_polling; +- ec->saved_polling_guard = ec_polling_guard; +- ec_busy_polling = true; +- ec_polling_guard = 0; +- ec_log_drv("interrupt blocked"); +- spin_unlock_irqrestore(&ec->lock, flags); +- } +-} +- +-static void acpi_ec_leave_noirq(struct acpi_ec *ec) +-{ +- unsigned long flags; +- +- if (ec == first_ec) { +- spin_lock_irqsave(&ec->lock, flags); +- ec_busy_polling = ec->saved_busy_polling; +- ec_polling_guard = ec->saved_polling_guard; +- ec_log_drv("interrupt unblocked"); +- spin_unlock_irqrestore(&ec->lock, flags); +- } +-} +- + static int acpi_ec_suspend_noirq(struct device *dev) + { + struct acpi_ec *ec = +diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h +index 0c45226..219b90b 100644 +--- a/drivers/acpi/internal.h ++++ b/drivers/acpi/internal.h +@@ -172,8 +172,8 @@ struct acpi_ec { + struct work_struct work; + unsigned long timestamp; + unsigned long nr_pending_queries; +- bool saved_busy_polling; +- unsigned int saved_polling_guard; ++ bool busy_polling; ++ unsigned int polling_guard; + }; + + extern struct acpi_ec *first_ec; +diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c +index d1664df..9ef3941 100644 +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -1617,7 +1617,11 @@ static int cmp_map(const void *m0, const void *m1) + const struct nfit_set_info_map *map0 = m0; + const struct nfit_set_info_map *map1 = m1; + +- return map0->region_offset - map1->region_offset; ++ if (map0->region_offset < map1->region_offset) ++ return -1; ++ else if (map0->region_offset > map1->region_offset) ++ return 1; ++ return 0; + } + + /* Retrieve the nth entry referencing this spa */ +diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c +index 5a2fdf1..dd3786a 100644 +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -1827,15 +1827,20 @@ static void acpi_bus_attach(struct acpi_device *device) + return; + + device->flags.match_driver = true; +- if (!ret) { +- ret = device_attach(&device->dev); +- if (ret < 0) +- return; +- +- if (!ret && device->pnp.type.platform_id) +- acpi_default_enumeration(device); ++ if (ret > 0) { ++ acpi_device_set_enumerated(device); ++ goto ok; + } + ++ ret = device_attach(&device->dev); ++ if (ret < 0) ++ return; ++ ++ if (ret > 0 || !device->pnp.type.platform_id) ++ acpi_device_set_enumerated(device); ++ else ++ acpi_default_enumeration(device); ++ + ok: + list_for_each_entry(child, &device->children, node) + acpi_bus_attach(child); +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c +index 7a10487..c9441f9 100644 +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -54,7 +54,7 @@ struct nbd_device { + + struct mutex tx_lock; + struct gendisk *disk; +- int blksize; ++ loff_t blksize; + loff_t bytesize; + + /* protects initialization and shutdown of the socket */ +@@ -126,7 +126,7 @@ static void nbd_size_update(struct nbd_device *nbd, struct block_device *bdev) + } + + static int nbd_size_set(struct nbd_device *nbd, struct block_device *bdev, +- int blocksize, int nr_blocks) ++ loff_t blocksize, loff_t nr_blocks) + { + int ret; + +@@ -135,7 +135,7 @@ static int nbd_size_set(struct nbd_device *nbd, struct block_device *bdev, + return ret; + + nbd->blksize = blocksize; +- nbd->bytesize = (loff_t)blocksize * (loff_t)nr_blocks; ++ nbd->bytesize = blocksize * nr_blocks; + + nbd_size_update(nbd, bdev); + +@@ -648,7 +648,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd, + + case NBD_SET_SIZE: + return nbd_size_set(nbd, bdev, nbd->blksize, +- arg / nbd->blksize); ++ div_s64(arg, nbd->blksize)); + + case NBD_SET_SIZE_BLOCKS: + return nbd_size_set(nbd, bdev, nbd->blksize, arg); +@@ -817,7 +817,7 @@ static int nbd_dev_dbg_init(struct nbd_device *nbd) + debugfs_create_file("tasks", 0444, dir, nbd, &nbd_dbg_tasks_ops); + debugfs_create_u64("size_bytes", 0444, dir, &nbd->bytesize); + debugfs_create_u32("timeout", 0444, dir, &nbd->tag_set.timeout); +- debugfs_create_u32("blocksize", 0444, dir, &nbd->blksize); ++ debugfs_create_u64("blocksize", 0444, dir, &nbd->blksize); + debugfs_create_file("flags", 0444, dir, nbd, &nbd_dbg_flags_ops); + + return 0; +diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c +index d2ef51c..c9914d6 100644 +--- a/drivers/block/zram/zram_drv.c ++++ b/drivers/block/zram/zram_drv.c +@@ -582,13 +582,13 @@ static int zram_decompress_page(struct zram *zram, char *mem, u32 index) + + if (!handle || zram_test_flag(meta, index, ZRAM_ZERO)) { + bit_spin_unlock(ZRAM_ACCESS, &meta->table[index].value); +- clear_page(mem); ++ memset(mem, 0, PAGE_SIZE); + return 0; + } + + cmem = zs_map_object(meta->mem_pool, handle, ZS_MM_RO); + if (size == PAGE_SIZE) { +- copy_page(mem, cmem); ++ memcpy(mem, cmem, PAGE_SIZE); + } else { + struct zcomp_strm *zstrm = zcomp_stream_get(zram->comp); + +@@ -780,7 +780,7 @@ static int zram_bvec_write(struct zram *zram, struct bio_vec *bvec, u32 index, + + if ((clen == PAGE_SIZE) && !is_partial_io(bvec)) { + src = kmap_atomic(page); +- copy_page(cmem, src); ++ memcpy(cmem, src, PAGE_SIZE); + kunmap_atomic(src); + } else { + memcpy(cmem, src, clen); +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index dcc0973..8453a49 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -571,9 +571,12 @@ config TELCLOCK + controlling the behavior of this hardware. + + config DEVPORT +- bool ++ bool "/dev/port character device" + depends on ISA || PCI + default y ++ help ++ Say Y here if you want to support the /dev/port device. The /dev/port ++ device is similar to /dev/mem, but for I/O ports. + + source "drivers/s390/char/Kconfig" + +diff --git a/drivers/char/mem.c b/drivers/char/mem.c +index 6d9cc2d..7e4a9d1 100644 +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -60,6 +60,10 @@ static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t size) + #endif + + #ifdef CONFIG_STRICT_DEVMEM ++static inline int page_is_allowed(unsigned long pfn) ++{ ++ return devmem_is_allowed(pfn); ++} + static inline int range_is_allowed(unsigned long pfn, unsigned long size) + { + u64 from = ((u64)pfn) << PAGE_SHIFT; +@@ -75,6 +79,10 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) + return 1; + } + #else ++static inline int page_is_allowed(unsigned long pfn) ++{ ++ return 1; ++} + static inline int range_is_allowed(unsigned long pfn, unsigned long size) + { + return 1; +@@ -122,23 +130,31 @@ static ssize_t read_mem(struct file *file, char __user *buf, + + while (count > 0) { + unsigned long remaining; ++ int allowed; + + sz = size_inside_page(p, count); + +- if (!range_is_allowed(p >> PAGE_SHIFT, count)) ++ allowed = page_is_allowed(p >> PAGE_SHIFT); ++ if (!allowed) + return -EPERM; ++ if (allowed == 2) { ++ /* Show zeros for restricted memory. */ ++ remaining = clear_user(buf, sz); ++ } else { ++ /* ++ * On ia64 if a page has been mapped somewhere as ++ * uncached, then it must also be accessed uncached ++ * by the kernel or data corruption may occur. ++ */ ++ ptr = xlate_dev_mem_ptr(p); ++ if (!ptr) ++ return -EFAULT; + +- /* +- * On ia64 if a page has been mapped somewhere as uncached, then +- * it must also be accessed uncached by the kernel or data +- * corruption may occur. +- */ +- ptr = xlate_dev_mem_ptr(p); +- if (!ptr) +- return -EFAULT; ++ remaining = copy_to_user(buf, ptr, sz); ++ ++ unxlate_dev_mem_ptr(p, ptr); ++ } + +- remaining = copy_to_user(buf, ptr, sz); +- unxlate_dev_mem_ptr(p, ptr); + if (remaining) + return -EFAULT; + +@@ -181,30 +197,36 @@ static ssize_t write_mem(struct file *file, const char __user *buf, + #endif + + while (count > 0) { ++ int allowed; ++ + sz = size_inside_page(p, count); + +- if (!range_is_allowed(p >> PAGE_SHIFT, sz)) ++ allowed = page_is_allowed(p >> PAGE_SHIFT); ++ if (!allowed) + return -EPERM; + +- /* +- * On ia64 if a page has been mapped somewhere as uncached, then +- * it must also be accessed uncached by the kernel or data +- * corruption may occur. +- */ +- ptr = xlate_dev_mem_ptr(p); +- if (!ptr) { +- if (written) +- break; +- return -EFAULT; +- } ++ /* Skip actual writing when a page is marked as restricted. */ ++ if (allowed == 1) { ++ /* ++ * On ia64 if a page has been mapped somewhere as ++ * uncached, then it must also be accessed uncached ++ * by the kernel or data corruption may occur. ++ */ ++ ptr = xlate_dev_mem_ptr(p); ++ if (!ptr) { ++ if (written) ++ break; ++ return -EFAULT; ++ } + +- copied = copy_from_user(ptr, buf, sz); +- unxlate_dev_mem_ptr(p, ptr); +- if (copied) { +- written += sz - copied; +- if (written) +- break; +- return -EFAULT; ++ copied = copy_from_user(ptr, buf, sz); ++ unxlate_dev_mem_ptr(p, ptr); ++ if (copied) { ++ written += sz - copied; ++ if (written) ++ break; ++ return -EFAULT; ++ } + } + + buf += sz; +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c +index 5649234..471a301 100644 +--- a/drivers/char/virtio_console.c ++++ b/drivers/char/virtio_console.c +@@ -1136,6 +1136,8 @@ static int put_chars(u32 vtermno, const char *buf, int count) + { + struct port *port; + struct scatterlist sg[1]; ++ void *data; ++ int ret; + + if (unlikely(early_put_chars)) + return early_put_chars(vtermno, buf, count); +@@ -1144,8 +1146,14 @@ static int put_chars(u32 vtermno, const char *buf, int count) + if (!port) + return -EPIPE; + +- sg_init_one(sg, buf, count); +- return __send_to_port(port, sg, 1, count, (void *)buf, false); ++ data = kmemdup(buf, count, GFP_ATOMIC); ++ if (!data) ++ return -ENOMEM; ++ ++ sg_init_one(sg, data, count); ++ ret = __send_to_port(port, sg, 1, count, data, false); ++ kfree(data); ++ return ret; + } + + /* +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index cac4a92..6153b66 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -2404,6 +2404,20 @@ EXPORT_SYMBOL_GPL(cpufreq_boost_enabled); + *********************************************************************/ + static enum cpuhp_state hp_online; + ++static int cpuhp_cpufreq_online(unsigned int cpu) ++{ ++ cpufreq_online(cpu); ++ ++ return 0; ++} ++ ++static int cpuhp_cpufreq_offline(unsigned int cpu) ++{ ++ cpufreq_offline(cpu); ++ ++ return 0; ++} ++ + /** + * cpufreq_register_driver - register a CPU Frequency driver + * @driver_data: A struct cpufreq_driver containing the values# +@@ -2466,8 +2480,8 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) + } + + ret = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, "cpufreq:online", +- cpufreq_online, +- cpufreq_offline); ++ cpuhp_cpufreq_online, ++ cpuhp_cpufreq_offline); + if (ret < 0) + goto err_if_unreg; + hp_online = ret; +diff --git a/drivers/firmware/efi/libstub/gop.c b/drivers/firmware/efi/libstub/gop.c +index 932742e..24c461d 100644 +--- a/drivers/firmware/efi/libstub/gop.c ++++ b/drivers/firmware/efi/libstub/gop.c +@@ -149,7 +149,8 @@ setup_gop32(efi_system_table_t *sys_table_arg, struct screen_info *si, + + status = __gop_query32(sys_table_arg, gop32, &info, &size, + ¤t_fb_base); +- if (status == EFI_SUCCESS && (!first_gop || conout_found)) { ++ if (status == EFI_SUCCESS && (!first_gop || conout_found) && ++ info->pixel_format != PIXEL_BLT_ONLY) { + /* + * Systems that use the UEFI Console Splitter may + * provide multiple GOP devices, not all of which are +@@ -266,7 +267,8 @@ setup_gop64(efi_system_table_t *sys_table_arg, struct screen_info *si, + + status = __gop_query64(sys_table_arg, gop64, &info, &size, + ¤t_fb_base); +- if (status == EFI_SUCCESS && (!first_gop || conout_found)) { ++ if (status == EFI_SUCCESS && (!first_gop || conout_found) && ++ info->pixel_format != PIXEL_BLT_ONLY) { + /* + * Systems that use the UEFI Console Splitter may + * provide multiple GOP devices, not all of which are +diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c +index b87d278..a336754 100644 +--- a/drivers/gpu/drm/etnaviv/etnaviv_gpu.c ++++ b/drivers/gpu/drm/etnaviv/etnaviv_gpu.c +@@ -1305,7 +1305,7 @@ int etnaviv_gpu_submit(struct etnaviv_gpu *gpu, + if (!fence) { + event_free(gpu, event); + ret = -ENOMEM; +- goto out_pm_put; ++ goto out_unlock; + } + + gpu->event[event].fence = fence; +@@ -1345,6 +1345,7 @@ int etnaviv_gpu_submit(struct etnaviv_gpu *gpu, + hangcheck_timer_reset(gpu); + ret = 0; + ++out_unlock: + mutex_unlock(&gpu->lock); + + out_pm_put: +diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/device/base.c b/drivers/gpu/drm/nouveau/nvkm/engine/device/base.c +index e0d7f84..d741ff8 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/engine/device/base.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/device/base.c +@@ -714,7 +714,7 @@ nv4a_chipset = { + .i2c = nv04_i2c_new, + .imem = nv40_instmem_new, + .mc = nv44_mc_new, +- .mmu = nv44_mmu_new, ++ .mmu = nv04_mmu_new, + .pci = nv40_pci_new, + .therm = nv40_therm_new, + .timer = nv41_timer_new, +diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c +index fbb8c7d..0d65e7f 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c +@@ -433,8 +433,6 @@ nv50_disp_dptmds_war(struct nvkm_device *device) + case 0x94: + case 0x96: + case 0x98: +- case 0xaa: +- case 0xac: + return true; + default: + break; +diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c b/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c +index 003ac91..8a88952 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv31.c +@@ -198,7 +198,7 @@ nv31_mpeg_intr(struct nvkm_engine *engine) + } + + if (type == 0x00000010) { +- if (!nv31_mpeg_mthd(mpeg, mthd, data)) ++ if (nv31_mpeg_mthd(mpeg, mthd, data)) + show &= ~0x01000000; + } + } +diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c b/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c +index e536f37..c3cf02e 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c ++++ b/drivers/gpu/drm/nouveau/nvkm/engine/mpeg/nv44.c +@@ -172,7 +172,7 @@ nv44_mpeg_intr(struct nvkm_engine *engine) + } + + if (type == 0x00000010) { +- if (!nv44_mpeg_mthd(subdev->device, mthd, data)) ++ if (nv44_mpeg_mthd(subdev->device, mthd, data)) + show &= ~0x01000000; + } + } +diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c +index bbe1524..f397a5b 100644 +--- a/drivers/input/joystick/xpad.c ++++ b/drivers/input/joystick/xpad.c +@@ -201,6 +201,7 @@ static const struct xpad_device { + { 0x1430, 0x8888, "TX6500+ Dance Pad (first generation)", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX }, + { 0x146b, 0x0601, "BigBen Interactive XBOX 360 Controller", 0, XTYPE_XBOX360 }, + { 0x1532, 0x0037, "Razer Sabertooth", 0, XTYPE_XBOX360 }, ++ { 0x1532, 0x0a03, "Razer Wildcat", 0, XTYPE_XBOXONE }, + { 0x15e4, 0x3f00, "Power A Mini Pro Elite", 0, XTYPE_XBOX360 }, + { 0x15e4, 0x3f0a, "Xbox Airflo wired controller", 0, XTYPE_XBOX360 }, + { 0x15e4, 0x3f10, "Batarang Xbox 360 controller", 0, XTYPE_XBOX360 }, +@@ -329,6 +330,7 @@ static struct usb_device_id xpad_table[] = { + XPAD_XBOX360_VENDOR(0x24c6), /* PowerA Controllers */ + XPAD_XBOXONE_VENDOR(0x24c6), /* PowerA Controllers */ + XPAD_XBOX360_VENDOR(0x1532), /* Razer Sabertooth */ ++ XPAD_XBOXONE_VENDOR(0x1532), /* Razer Wildcat */ + XPAD_XBOX360_VENDOR(0x15e4), /* Numark X-Box 360 controllers */ + XPAD_XBOX360_VENDOR(0x162e), /* Joytech X-Box 360 controllers */ + { } +diff --git a/drivers/irqchip/irq-imx-gpcv2.c b/drivers/irqchip/irq-imx-gpcv2.c +index 15af9a9..2d203b4 100644 +--- a/drivers/irqchip/irq-imx-gpcv2.c ++++ b/drivers/irqchip/irq-imx-gpcv2.c +@@ -230,6 +230,8 @@ static int __init imx_gpcv2_irqchip_init(struct device_node *node, + return -ENOMEM; + } + ++ raw_spin_lock_init(&cd->rlock); ++ + cd->gpc_base = of_iomap(node, 0); + if (!cd->gpc_base) { + pr_err("fsl-gpcv2: unable to map gpc registers\n"); +diff --git a/drivers/media/usb/dvb-usb-v2/dvb_usb_core.c b/drivers/media/usb/dvb-usb-v2/dvb_usb_core.c +index a8e6624..a9bb2dd 100644 +--- a/drivers/media/usb/dvb-usb-v2/dvb_usb_core.c ++++ b/drivers/media/usb/dvb-usb-v2/dvb_usb_core.c +@@ -1013,8 +1013,8 @@ EXPORT_SYMBOL(dvb_usbv2_probe); + void dvb_usbv2_disconnect(struct usb_interface *intf) + { + struct dvb_usb_device *d = usb_get_intfdata(intf); +- const char *name = d->name; +- struct device dev = d->udev->dev; ++ const char *devname = kstrdup(dev_name(&d->udev->dev), GFP_KERNEL); ++ const char *drvname = d->name; + + dev_dbg(&d->udev->dev, "%s: bInterfaceNumber=%d\n", __func__, + intf->cur_altsetting->desc.bInterfaceNumber); +@@ -1024,8 +1024,9 @@ void dvb_usbv2_disconnect(struct usb_interface *intf) + + dvb_usbv2_exit(d); + +- dev_info(&dev, "%s: '%s' successfully deinitialized and disconnected\n", +- KBUILD_MODNAME, name); ++ pr_info("%s: '%s:%s' successfully deinitialized and disconnected\n", ++ KBUILD_MODNAME, drvname, devname); ++ kfree(devname); + } + EXPORT_SYMBOL(dvb_usbv2_disconnect); + +diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c +index 2434030..9fd43a3 100644 +--- a/drivers/media/usb/dvb-usb/cxusb.c ++++ b/drivers/media/usb/dvb-usb/cxusb.c +@@ -59,23 +59,24 @@ static int cxusb_ctrl_msg(struct dvb_usb_device *d, + u8 cmd, u8 *wbuf, int wlen, u8 *rbuf, int rlen) + { + struct cxusb_state *st = d->priv; +- int ret, wo; ++ int ret; + + if (1 + wlen > MAX_XFER_SIZE) { + warn("i2c wr: len=%d is too big!\n", wlen); + return -EOPNOTSUPP; + } + +- wo = (rbuf == NULL || rlen == 0); /* write-only */ ++ if (rlen > MAX_XFER_SIZE) { ++ warn("i2c rd: len=%d is too big!\n", rlen); ++ return -EOPNOTSUPP; ++ } + + mutex_lock(&d->data_mutex); + st->data[0] = cmd; + memcpy(&st->data[1], wbuf, wlen); +- if (wo) +- ret = dvb_usb_generic_write(d, st->data, 1 + wlen); +- else +- ret = dvb_usb_generic_rw(d, st->data, 1 + wlen, +- rbuf, rlen, 0); ++ ret = dvb_usb_generic_rw(d, st->data, 1 + wlen, st->data, rlen, 0); ++ if (!ret && rbuf && rlen) ++ memcpy(rbuf, st->data, rlen); + + mutex_unlock(&d->data_mutex); + return ret; +diff --git a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c +index dd048a7..b8d2ac5 100644 +--- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c ++++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c +@@ -35,42 +35,51 @@ static int usb_cypress_writemem(struct usb_device *udev,u16 addr,u8 *data, u8 le + + int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type) + { +- struct hexline hx; +- u8 reset; +- int ret,pos=0; ++ struct hexline *hx; ++ u8 *buf; ++ int ret, pos = 0; ++ u16 cpu_cs_register = cypress[type].cpu_cs_register; ++ ++ buf = kmalloc(sizeof(*hx), GFP_KERNEL); ++ if (!buf) ++ return -ENOMEM; ++ hx = (struct hexline *)buf; + + /* stop the CPU */ +- reset = 1; +- if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1) ++ buf[0] = 1; ++ if (usb_cypress_writemem(udev, cpu_cs_register, buf, 1) != 1) + err("could not stop the USB controller CPU."); + +- while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) { +- deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk); +- ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len); ++ while ((ret = dvb_usb_get_hexline(fw, hx, &pos)) > 0) { ++ deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n", hx->addr, hx->len, hx->chk); ++ ret = usb_cypress_writemem(udev, hx->addr, hx->data, hx->len); + +- if (ret != hx.len) { ++ if (ret != hx->len) { + err("error while transferring firmware " + "(transferred size: %d, block size: %d)", +- ret,hx.len); ++ ret, hx->len); + ret = -EINVAL; + break; + } + } + if (ret < 0) { + err("firmware download failed at %d with %d",pos,ret); ++ kfree(buf); + return ret; + } + + if (ret == 0) { + /* restart the CPU */ +- reset = 0; +- if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) { ++ buf[0] = 0; ++ if (usb_cypress_writemem(udev, cpu_cs_register, buf, 1) != 1) { + err("could not restart the USB controller CPU."); + ret = -EINVAL; + } + } else + ret = -EIO; + ++ kfree(buf); ++ + return ret; + } + EXPORT_SYMBOL(usb_cypress_load_firmware); +diff --git a/drivers/net/can/ifi_canfd/ifi_canfd.c b/drivers/net/can/ifi_canfd/ifi_canfd.c +index 368bb07..481895b 100644 +--- a/drivers/net/can/ifi_canfd/ifi_canfd.c ++++ b/drivers/net/can/ifi_canfd/ifi_canfd.c +@@ -557,7 +557,7 @@ static int ifi_canfd_poll(struct napi_struct *napi, int quota) + int work_done = 0; + + u32 stcmd = readl(priv->base + IFI_CANFD_STCMD); +- u32 rxstcmd = readl(priv->base + IFI_CANFD_STCMD); ++ u32 rxstcmd = readl(priv->base + IFI_CANFD_RXSTCMD); + u32 errctr = readl(priv->base + IFI_CANFD_ERROR_CTR); + + /* Handle bus state changes */ +diff --git a/drivers/net/wireless/ath/ath9k/common-spectral.c b/drivers/net/wireless/ath/ath9k/common-spectral.c +index e2512d5..eedf86b 100644 +--- a/drivers/net/wireless/ath/ath9k/common-spectral.c ++++ b/drivers/net/wireless/ath/ath9k/common-spectral.c +@@ -528,6 +528,9 @@ int ath_cmn_process_fft(struct ath_spec_scan_priv *spec_priv, struct ieee80211_h + if (!(radar_info->pulse_bw_info & SPECTRAL_SCAN_BITMASK)) + return 0; + ++ if (!spec_priv->rfs_chan_spec_scan) ++ return 1; ++ + /* Output buffers are full, no need to process anything + * since there is no space to put the result anyway + */ +@@ -1072,7 +1075,7 @@ static struct rchan_callbacks rfs_spec_scan_cb = { + + void ath9k_cmn_spectral_deinit_debug(struct ath_spec_scan_priv *spec_priv) + { +- if (IS_ENABLED(CONFIG_ATH9K_DEBUGFS)) { ++ if (IS_ENABLED(CONFIG_ATH9K_DEBUGFS) && spec_priv->rfs_chan_spec_scan) { + relay_close(spec_priv->rfs_chan_spec_scan); + spec_priv->rfs_chan_spec_scan = NULL; + } +@@ -1086,6 +1089,9 @@ void ath9k_cmn_spectral_init_debug(struct ath_spec_scan_priv *spec_priv, + debugfs_phy, + 1024, 256, &rfs_spec_scan_cb, + NULL); ++ if (!spec_priv->rfs_chan_spec_scan) ++ return; ++ + debugfs_create_file("spectral_scan_ctl", + S_IRUSR | S_IWUSR, + debugfs_phy, spec_priv, +diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c +index 23d4a17..351bac8 100644 +--- a/drivers/nvdimm/bus.c ++++ b/drivers/nvdimm/bus.c +@@ -934,8 +934,14 @@ static int __nd_ioctl(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm, + rc = nd_desc->ndctl(nd_desc, nvdimm, cmd, buf, buf_len, NULL); + if (rc < 0) + goto out_unlock; ++ nvdimm_bus_unlock(&nvdimm_bus->dev); ++ + if (copy_to_user(p, buf, buf_len)) + rc = -EFAULT; ++ ++ vfree(buf); ++ return rc; ++ + out_unlock: + nvdimm_bus_unlock(&nvdimm_bus->dev); + out: +diff --git a/drivers/nvdimm/dimm_devs.c b/drivers/nvdimm/dimm_devs.c +index d614493..dcb32f3 100644 +--- a/drivers/nvdimm/dimm_devs.c ++++ b/drivers/nvdimm/dimm_devs.c +@@ -388,7 +388,7 @@ EXPORT_SYMBOL_GPL(nvdimm_create); + + int alias_dpa_busy(struct device *dev, void *data) + { +- resource_size_t map_end, blk_start, new, busy; ++ resource_size_t map_end, blk_start, new; + struct blk_alloc_info *info = data; + struct nd_mapping *nd_mapping; + struct nd_region *nd_region; +@@ -429,29 +429,19 @@ int alias_dpa_busy(struct device *dev, void *data) + retry: + /* + * Find the free dpa from the end of the last pmem allocation to +- * the end of the interleave-set mapping that is not already +- * covered by a blk allocation. ++ * the end of the interleave-set mapping. + */ +- busy = 0; + for_each_dpa_resource(ndd, res) { ++ if (strncmp(res->name, "pmem", 4) != 0) ++ continue; + if ((res->start >= blk_start && res->start < map_end) + || (res->end >= blk_start + && res->end <= map_end)) { +- if (strncmp(res->name, "pmem", 4) == 0) { +- new = max(blk_start, min(map_end + 1, +- res->end + 1)); +- if (new != blk_start) { +- blk_start = new; +- goto retry; +- } +- } else +- busy += min(map_end, res->end) +- - max(nd_mapping->start, res->start) + 1; +- } else if (nd_mapping->start > res->start +- && map_end < res->end) { +- /* total eclipse of the PMEM region mapping */ +- busy += nd_mapping->size; +- break; ++ new = max(blk_start, min(map_end + 1, res->end + 1)); ++ if (new != blk_start) { ++ blk_start = new; ++ goto retry; ++ } + } + } + +@@ -463,52 +453,11 @@ int alias_dpa_busy(struct device *dev, void *data) + return 1; + } + +- info->available -= blk_start - nd_mapping->start + busy; ++ info->available -= blk_start - nd_mapping->start; + + return 0; + } + +-static int blk_dpa_busy(struct device *dev, void *data) +-{ +- struct blk_alloc_info *info = data; +- struct nd_mapping *nd_mapping; +- struct nd_region *nd_region; +- resource_size_t map_end; +- int i; +- +- if (!is_nd_pmem(dev)) +- return 0; +- +- nd_region = to_nd_region(dev); +- for (i = 0; i < nd_region->ndr_mappings; i++) { +- nd_mapping = &nd_region->mapping[i]; +- if (nd_mapping->nvdimm == info->nd_mapping->nvdimm) +- break; +- } +- +- if (i >= nd_region->ndr_mappings) +- return 0; +- +- map_end = nd_mapping->start + nd_mapping->size - 1; +- if (info->res->start >= nd_mapping->start +- && info->res->start < map_end) { +- if (info->res->end <= map_end) { +- info->busy = 0; +- return 1; +- } else { +- info->busy -= info->res->end - map_end; +- return 0; +- } +- } else if (info->res->end >= nd_mapping->start +- && info->res->end <= map_end) { +- info->busy -= nd_mapping->start - info->res->start; +- return 0; +- } else { +- info->busy -= nd_mapping->size; +- return 0; +- } +-} +- + /** + * nd_blk_available_dpa - account the unused dpa of BLK region + * @nd_mapping: container of dpa-resource-root + labels +@@ -538,11 +487,7 @@ resource_size_t nd_blk_available_dpa(struct nd_region *nd_region) + for_each_dpa_resource(ndd, res) { + if (strncmp(res->name, "blk", 3) != 0) + continue; +- +- info.res = res; +- info.busy = resource_size(res); +- device_for_each_child(&nvdimm_bus->dev, &info, blk_dpa_busy); +- info.available -= info.busy; ++ info.available -= resource_size(res); + } + + return info.available; +diff --git a/drivers/platform/x86/acer-wmi.c b/drivers/platform/x86/acer-wmi.c +index a66192f..c29b9b6 100644 +--- a/drivers/platform/x86/acer-wmi.c ++++ b/drivers/platform/x86/acer-wmi.c +@@ -1846,11 +1846,24 @@ static int __init acer_wmi_enable_lm(void) + return status; + } + ++#define ACER_WMID_ACCEL_HID "BST0001" ++ + static acpi_status __init acer_wmi_get_handle_cb(acpi_handle ah, u32 level, + void *ctx, void **retval) + { ++ struct acpi_device *dev; ++ ++ if (!strcmp(ctx, "SENR")) { ++ if (acpi_bus_get_device(ah, &dev)) ++ return AE_OK; ++ if (!strcmp(ACER_WMID_ACCEL_HID, acpi_device_hid(dev))) ++ return AE_OK; ++ } else ++ return AE_OK; ++ + *(acpi_handle *)retval = ah; +- return AE_OK; ++ ++ return AE_CTRL_TERMINATE; + } + + static int __init acer_wmi_get_handle(const char *name, const char *prop, +@@ -1877,7 +1890,7 @@ static int __init acer_wmi_accel_setup(void) + { + int err; + +- err = acer_wmi_get_handle("SENR", "BST0001", &gsensor_handle); ++ err = acer_wmi_get_handle("SENR", ACER_WMID_ACCEL_HID, &gsensor_handle); + if (err) + return err; + +@@ -2233,10 +2246,11 @@ static int __init acer_wmi_init(void) + err = acer_wmi_input_setup(); + if (err) + return err; ++ err = acer_wmi_accel_setup(); ++ if (err) ++ return err; + } + +- acer_wmi_accel_setup(); +- + err = platform_driver_register(&acer_platform_driver); + if (err) { + pr_err("Unable to register platform driver\n"); +diff --git a/drivers/pwm/pwm-rockchip.c b/drivers/pwm/pwm-rockchip.c +index ef89df1..744d561 100644 +--- a/drivers/pwm/pwm-rockchip.c ++++ b/drivers/pwm/pwm-rockchip.c +@@ -191,6 +191,28 @@ static int rockchip_pwm_config(struct pwm_chip *chip, struct pwm_device *pwm, + return 0; + } + ++static int rockchip_pwm_enable(struct pwm_chip *chip, ++ struct pwm_device *pwm, ++ bool enable, ++ enum pwm_polarity polarity) ++{ ++ struct rockchip_pwm_chip *pc = to_rockchip_pwm_chip(chip); ++ int ret; ++ ++ if (enable) { ++ ret = clk_enable(pc->clk); ++ if (ret) ++ return ret; ++ } ++ ++ pc->data->set_enable(chip, pwm, enable, polarity); ++ ++ if (!enable) ++ clk_disable(pc->clk); ++ ++ return 0; ++} ++ + static int rockchip_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, + struct pwm_state *state) + { +@@ -207,22 +229,26 @@ static int rockchip_pwm_apply(struct pwm_chip *chip, struct pwm_device *pwm, + return ret; + + if (state->polarity != curstate.polarity && enabled) { +- pc->data->set_enable(chip, pwm, false, state->polarity); ++ ret = rockchip_pwm_enable(chip, pwm, false, state->polarity); ++ if (ret) ++ goto out; + enabled = false; + } + + ret = rockchip_pwm_config(chip, pwm, state->duty_cycle, state->period); + if (ret) { + if (enabled != curstate.enabled) +- pc->data->set_enable(chip, pwm, !enabled, +- state->polarity); +- ++ rockchip_pwm_enable(chip, pwm, !enabled, ++ state->polarity); + goto out; + } + +- if (state->enabled != enabled) +- pc->data->set_enable(chip, pwm, state->enabled, +- state->polarity); ++ if (state->enabled != enabled) { ++ ret = rockchip_pwm_enable(chip, pwm, state->enabled, ++ state->polarity); ++ if (ret) ++ goto out; ++ } + + /* + * Update the state with the real hardware, which can differ a bit +diff --git a/drivers/rtc/rtc-tegra.c b/drivers/rtc/rtc-tegra.c +index 3853ba9..19e03d0 100644 +--- a/drivers/rtc/rtc-tegra.c ++++ b/drivers/rtc/rtc-tegra.c +@@ -18,6 +18,7 @@ + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ + #include <linux/kernel.h> ++#include <linux/clk.h> + #include <linux/init.h> + #include <linux/module.h> + #include <linux/slab.h> +@@ -59,6 +60,7 @@ struct tegra_rtc_info { + struct platform_device *pdev; + struct rtc_device *rtc_dev; + void __iomem *rtc_base; /* NULL if not initialized. */ ++ struct clk *clk; + int tegra_rtc_irq; /* alarm and periodic irq */ + spinlock_t tegra_rtc_lock; + }; +@@ -326,6 +328,14 @@ static int __init tegra_rtc_probe(struct platform_device *pdev) + if (info->tegra_rtc_irq <= 0) + return -EBUSY; + ++ info->clk = devm_clk_get(&pdev->dev, NULL); ++ if (IS_ERR(info->clk)) ++ return PTR_ERR(info->clk); ++ ++ ret = clk_prepare_enable(info->clk); ++ if (ret < 0) ++ return ret; ++ + /* set context info. */ + info->pdev = pdev; + spin_lock_init(&info->tegra_rtc_lock); +@@ -346,7 +356,7 @@ static int __init tegra_rtc_probe(struct platform_device *pdev) + ret = PTR_ERR(info->rtc_dev); + dev_err(&pdev->dev, "Unable to register device (err=%d).\n", + ret); +- return ret; ++ goto disable_clk; + } + + ret = devm_request_irq(&pdev->dev, info->tegra_rtc_irq, +@@ -356,12 +366,25 @@ static int __init tegra_rtc_probe(struct platform_device *pdev) + dev_err(&pdev->dev, + "Unable to request interrupt for device (err=%d).\n", + ret); +- return ret; ++ goto disable_clk; + } + + dev_notice(&pdev->dev, "Tegra internal Real Time Clock\n"); + + return 0; ++ ++disable_clk: ++ clk_disable_unprepare(info->clk); ++ return ret; ++} ++ ++static int tegra_rtc_remove(struct platform_device *pdev) ++{ ++ struct tegra_rtc_info *info = platform_get_drvdata(pdev); ++ ++ clk_disable_unprepare(info->clk); ++ ++ return 0; + } + + #ifdef CONFIG_PM_SLEEP +@@ -413,6 +436,7 @@ static void tegra_rtc_shutdown(struct platform_device *pdev) + + MODULE_ALIAS("platform:tegra_rtc"); + static struct platform_driver tegra_rtc_driver = { ++ .remove = tegra_rtc_remove, + .shutdown = tegra_rtc_shutdown, + .driver = { + .name = "tegra_rtc", +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 4f361d8..734e592 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -968,8 +968,13 @@ static inline + uint32_t qla2x00_isp_reg_stat(struct qla_hw_data *ha) + { + struct device_reg_24xx __iomem *reg = &ha->iobase->isp24; ++ struct device_reg_82xx __iomem *reg82 = &ha->iobase->isp82; + +- return ((RD_REG_DWORD(®->host_status)) == ISP_REG_DISCONNECT); ++ if (IS_P3P_TYPE(ha)) ++ return ((RD_REG_DWORD(®82->host_int)) == ISP_REG_DISCONNECT); ++ else ++ return ((RD_REG_DWORD(®->host_status)) == ++ ISP_REG_DISCONNECT); + } + + /************************************************************************** +diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c +index 51e5629..931af07 100644 +--- a/drivers/scsi/sd.c ++++ b/drivers/scsi/sd.c +@@ -2057,6 +2057,22 @@ static void read_capacity_error(struct scsi_disk *sdkp, struct scsi_device *sdp, + + #define READ_CAPACITY_RETRIES_ON_RESET 10 + ++/* ++ * Ensure that we don't overflow sector_t when CONFIG_LBDAF is not set ++ * and the reported logical block size is bigger than 512 bytes. Note ++ * that last_sector is a u64 and therefore logical_to_sectors() is not ++ * applicable. ++ */ ++static bool sd_addressable_capacity(u64 lba, unsigned int sector_size) ++{ ++ u64 last_sector = (lba + 1ULL) << (ilog2(sector_size) - 9); ++ ++ if (sizeof(sector_t) == 4 && last_sector > U32_MAX) ++ return false; ++ ++ return true; ++} ++ + static int read_capacity_16(struct scsi_disk *sdkp, struct scsi_device *sdp, + unsigned char *buffer) + { +@@ -2122,7 +2138,7 @@ static int read_capacity_16(struct scsi_disk *sdkp, struct scsi_device *sdp, + return -ENODEV; + } + +- if ((sizeof(sdkp->capacity) == 4) && (lba >= 0xffffffffULL)) { ++ if (!sd_addressable_capacity(lba, sector_size)) { + sd_printk(KERN_ERR, sdkp, "Too big for this kernel. Use a " + "kernel compiled with support for large block " + "devices.\n"); +@@ -2208,7 +2224,7 @@ static int read_capacity_10(struct scsi_disk *sdkp, struct scsi_device *sdp, + return sector_size; + } + +- if ((sizeof(sdkp->capacity) == 4) && (lba == 0xffffffff)) { ++ if (!sd_addressable_capacity(lba, sector_size)) { + sd_printk(KERN_ERR, sdkp, "Too big for this kernel. Use a " + "kernel compiled with support for large block " + "devices.\n"); +@@ -2877,7 +2893,8 @@ static int sd_revalidate_disk(struct gendisk *disk) + q->limits.io_opt = logical_to_bytes(sdp, sdkp->opt_xfer_blocks); + rw_max = logical_to_sectors(sdp, sdkp->opt_xfer_blocks); + } else +- rw_max = BLK_DEF_MAX_SECTORS; ++ rw_max = min_not_zero(logical_to_sectors(sdp, dev_max), ++ (sector_t)BLK_DEF_MAX_SECTORS); + + /* Combine with controller limits */ + q->limits.max_sectors = min(rw_max, queue_max_hw_sectors(q)); +diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c +index bed2bbd..e635973 100644 +--- a/drivers/scsi/sr.c ++++ b/drivers/scsi/sr.c +@@ -833,6 +833,7 @@ static void get_capabilities(struct scsi_cd *cd) + unsigned char *buffer; + struct scsi_mode_data data; + struct scsi_sense_hdr sshdr; ++ unsigned int ms_len = 128; + int rc, n; + + static const char *loadmech[] = +@@ -859,10 +860,11 @@ static void get_capabilities(struct scsi_cd *cd) + scsi_test_unit_ready(cd->device, SR_TIMEOUT, MAX_RETRIES, &sshdr); + + /* ask for mode page 0x2a */ +- rc = scsi_mode_sense(cd->device, 0, 0x2a, buffer, 128, ++ rc = scsi_mode_sense(cd->device, 0, 0x2a, buffer, ms_len, + SR_TIMEOUT, 3, &data, NULL); + +- if (!scsi_status_is_good(rc)) { ++ if (!scsi_status_is_good(rc) || data.length > ms_len || ++ data.header_length + data.block_descriptor_length > data.length) { + /* failed, drive doesn't have capabilities mode page */ + cd->cdi.speed = 1; + cd->cdi.mask |= (CDC_CD_R | CDC_CD_RW | CDC_DVD_R | +diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c +index 0efa80b..4a073339a 100644 +--- a/drivers/target/iscsi/iscsi_target_parameters.c ++++ b/drivers/target/iscsi/iscsi_target_parameters.c +@@ -782,22 +782,6 @@ static void iscsi_check_proposer_for_optional_reply(struct iscsi_param *param) + if (!strcmp(param->name, MAXRECVDATASEGMENTLENGTH)) + SET_PSTATE_REPLY_OPTIONAL(param); + /* +- * The GlobalSAN iSCSI Initiator for MacOSX does +- * not respond to MaxBurstLength, FirstBurstLength, +- * DefaultTime2Wait or DefaultTime2Retain parameter keys. +- * So, we set them to 'reply optional' here, and assume the +- * the defaults from iscsi_parameters.h if the initiator +- * is not RFC compliant and the keys are not negotiated. +- */ +- if (!strcmp(param->name, MAXBURSTLENGTH)) +- SET_PSTATE_REPLY_OPTIONAL(param); +- if (!strcmp(param->name, FIRSTBURSTLENGTH)) +- SET_PSTATE_REPLY_OPTIONAL(param); +- if (!strcmp(param->name, DEFAULTTIME2WAIT)) +- SET_PSTATE_REPLY_OPTIONAL(param); +- if (!strcmp(param->name, DEFAULTTIME2RETAIN)) +- SET_PSTATE_REPLY_OPTIONAL(param); +- /* + * Required for gPXE iSCSI boot client + */ + if (!strcmp(param->name, MAXCONNECTIONS)) +diff --git a/drivers/target/iscsi/iscsi_target_util.c b/drivers/target/iscsi/iscsi_target_util.c +index 1f38177..da5a5fc 100644 +--- a/drivers/target/iscsi/iscsi_target_util.c ++++ b/drivers/target/iscsi/iscsi_target_util.c +@@ -735,21 +735,23 @@ void iscsit_free_cmd(struct iscsi_cmd *cmd, bool shutdown) + { + struct se_cmd *se_cmd = NULL; + int rc; ++ bool op_scsi = false; + /* + * Determine if a struct se_cmd is associated with + * this struct iscsi_cmd. + */ + switch (cmd->iscsi_opcode) { + case ISCSI_OP_SCSI_CMD: +- se_cmd = &cmd->se_cmd; +- __iscsit_free_cmd(cmd, true, shutdown); ++ op_scsi = true; + /* + * Fallthrough + */ + case ISCSI_OP_SCSI_TMFUNC: +- rc = transport_generic_free_cmd(&cmd->se_cmd, shutdown); +- if (!rc && shutdown && se_cmd && se_cmd->se_sess) { +- __iscsit_free_cmd(cmd, true, shutdown); ++ se_cmd = &cmd->se_cmd; ++ __iscsit_free_cmd(cmd, op_scsi, shutdown); ++ rc = transport_generic_free_cmd(se_cmd, shutdown); ++ if (!rc && shutdown && se_cmd->se_sess) { ++ __iscsit_free_cmd(cmd, op_scsi, shutdown); + target_put_sess_cmd(se_cmd); + } + break; +diff --git a/drivers/target/target_core_fabric_configfs.c b/drivers/target/target_core_fabric_configfs.c +index 31a096a..6e456de 100644 +--- a/drivers/target/target_core_fabric_configfs.c ++++ b/drivers/target/target_core_fabric_configfs.c +@@ -92,6 +92,11 @@ static int target_fabric_mappedlun_link( + pr_err("Source se_lun->lun_se_dev does not exist\n"); + return -EINVAL; + } ++ if (lun->lun_shutdown) { ++ pr_err("Unable to create mappedlun symlink because" ++ " lun->lun_shutdown=true\n"); ++ return -EINVAL; ++ } + se_tpg = lun->lun_tpg; + + nacl_ci = &lun_acl_ci->ci_parent->ci_group->cg_item; +diff --git a/drivers/target/target_core_tpg.c b/drivers/target/target_core_tpg.c +index 2744251..1949f50 100644 +--- a/drivers/target/target_core_tpg.c ++++ b/drivers/target/target_core_tpg.c +@@ -640,6 +640,8 @@ void core_tpg_remove_lun( + */ + struct se_device *dev = rcu_dereference_raw(lun->lun_se_dev); + ++ lun->lun_shutdown = true; ++ + core_clear_lun_from_tpg(lun, tpg); + /* + * Wait for any active I/O references to percpu se_lun->lun_ref to +@@ -661,6 +663,8 @@ void core_tpg_remove_lun( + } + if (!(dev->se_hba->hba_flags & HBA_FLAGS_INTERNAL_USE)) + hlist_del_rcu(&lun->link); ++ ++ lun->lun_shutdown = false; + mutex_unlock(&tpg->tpg_lun_mutex); + + percpu_ref_exit(&lun->lun_ref); +diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c +index 70c143a..1a83456 100644 +--- a/drivers/target/target_core_user.c ++++ b/drivers/target/target_core_user.c +@@ -306,24 +306,50 @@ static void free_data_area(struct tcmu_dev *udev, struct tcmu_cmd *cmd) + DATA_BLOCK_BITS); + } + +-static void gather_data_area(struct tcmu_dev *udev, unsigned long *cmd_bitmap, +- struct scatterlist *data_sg, unsigned int data_nents) ++static void gather_data_area(struct tcmu_dev *udev, struct tcmu_cmd *cmd, ++ bool bidi) + { ++ struct se_cmd *se_cmd = cmd->se_cmd; + int i, block; + int block_remaining = 0; + void *from, *to; + size_t copy_bytes, from_offset; +- struct scatterlist *sg; ++ struct scatterlist *sg, *data_sg; ++ unsigned int data_nents; ++ DECLARE_BITMAP(bitmap, DATA_BLOCK_BITS); ++ ++ bitmap_copy(bitmap, cmd->data_bitmap, DATA_BLOCK_BITS); ++ ++ if (!bidi) { ++ data_sg = se_cmd->t_data_sg; ++ data_nents = se_cmd->t_data_nents; ++ } else { ++ uint32_t count; ++ ++ /* ++ * For bidi case, the first count blocks are for Data-Out ++ * buffer blocks, and before gathering the Data-In buffer ++ * the Data-Out buffer blocks should be discarded. ++ */ ++ count = DIV_ROUND_UP(se_cmd->data_length, DATA_BLOCK_SIZE); ++ while (count--) { ++ block = find_first_bit(bitmap, DATA_BLOCK_BITS); ++ clear_bit(block, bitmap); ++ } ++ ++ data_sg = se_cmd->t_bidi_data_sg; ++ data_nents = se_cmd->t_bidi_data_nents; ++ } + + for_each_sg(data_sg, sg, data_nents, i) { + int sg_remaining = sg->length; + to = kmap_atomic(sg_page(sg)) + sg->offset; + while (sg_remaining > 0) { + if (block_remaining == 0) { +- block = find_first_bit(cmd_bitmap, ++ block = find_first_bit(bitmap, + DATA_BLOCK_BITS); + block_remaining = DATA_BLOCK_SIZE; +- clear_bit(block, cmd_bitmap); ++ clear_bit(block, bitmap); + } + copy_bytes = min_t(size_t, sg_remaining, + block_remaining); +@@ -389,6 +415,27 @@ static bool is_ring_space_avail(struct tcmu_dev *udev, size_t cmd_size, size_t d + return true; + } + ++static inline size_t tcmu_cmd_get_data_length(struct tcmu_cmd *tcmu_cmd) ++{ ++ struct se_cmd *se_cmd = tcmu_cmd->se_cmd; ++ size_t data_length = round_up(se_cmd->data_length, DATA_BLOCK_SIZE); ++ ++ if (se_cmd->se_cmd_flags & SCF_BIDI) { ++ BUG_ON(!(se_cmd->t_bidi_data_sg && se_cmd->t_bidi_data_nents)); ++ data_length += round_up(se_cmd->t_bidi_data_sg->length, ++ DATA_BLOCK_SIZE); ++ } ++ ++ return data_length; ++} ++ ++static inline uint32_t tcmu_cmd_get_block_cnt(struct tcmu_cmd *tcmu_cmd) ++{ ++ size_t data_length = tcmu_cmd_get_data_length(tcmu_cmd); ++ ++ return data_length / DATA_BLOCK_SIZE; ++} ++ + static sense_reason_t + tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) + { +@@ -402,7 +449,7 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) + uint32_t cmd_head; + uint64_t cdb_off; + bool copy_to_data_area; +- size_t data_length; ++ size_t data_length = tcmu_cmd_get_data_length(tcmu_cmd); + DECLARE_BITMAP(old_bitmap, DATA_BLOCK_BITS); + + if (test_bit(TCMU_DEV_BIT_BROKEN, &udev->flags)) +@@ -416,8 +463,7 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) + * expensive to tell how many regions are freed in the bitmap + */ + base_command_size = max(offsetof(struct tcmu_cmd_entry, +- req.iov[se_cmd->t_bidi_data_nents + +- se_cmd->t_data_nents]), ++ req.iov[tcmu_cmd_get_block_cnt(tcmu_cmd)]), + sizeof(struct tcmu_cmd_entry)); + command_size = base_command_size + + round_up(scsi_command_size(se_cmd->t_task_cdb), TCMU_OP_ALIGN_SIZE); +@@ -428,11 +474,6 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) + + mb = udev->mb_addr; + cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */ +- data_length = se_cmd->data_length; +- if (se_cmd->se_cmd_flags & SCF_BIDI) { +- BUG_ON(!(se_cmd->t_bidi_data_sg && se_cmd->t_bidi_data_nents)); +- data_length += se_cmd->t_bidi_data_sg->length; +- } + if ((command_size > (udev->cmdr_size / 2)) || + data_length > udev->data_size) { + pr_warn("TCMU: Request of size %zu/%zu is too big for %u/%zu " +@@ -502,11 +543,14 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) + entry->req.iov_dif_cnt = 0; + + /* Handle BIDI commands */ +- iov_cnt = 0; +- alloc_and_scatter_data_area(udev, se_cmd->t_bidi_data_sg, +- se_cmd->t_bidi_data_nents, &iov, &iov_cnt, false); +- entry->req.iov_bidi_cnt = iov_cnt; +- ++ if (se_cmd->se_cmd_flags & SCF_BIDI) { ++ iov_cnt = 0; ++ iov++; ++ alloc_and_scatter_data_area(udev, se_cmd->t_bidi_data_sg, ++ se_cmd->t_bidi_data_nents, &iov, &iov_cnt, ++ false); ++ entry->req.iov_bidi_cnt = iov_cnt; ++ } + /* cmd's data_bitmap is what changed in process */ + bitmap_xor(tcmu_cmd->data_bitmap, old_bitmap, udev->data_bitmap, + DATA_BLOCK_BITS); +@@ -582,19 +626,11 @@ static void tcmu_handle_completion(struct tcmu_cmd *cmd, struct tcmu_cmd_entry * + se_cmd->scsi_sense_length); + free_data_area(udev, cmd); + } else if (se_cmd->se_cmd_flags & SCF_BIDI) { +- DECLARE_BITMAP(bitmap, DATA_BLOCK_BITS); +- + /* Get Data-In buffer before clean up */ +- bitmap_copy(bitmap, cmd->data_bitmap, DATA_BLOCK_BITS); +- gather_data_area(udev, bitmap, +- se_cmd->t_bidi_data_sg, se_cmd->t_bidi_data_nents); ++ gather_data_area(udev, cmd, true); + free_data_area(udev, cmd); + } else if (se_cmd->data_direction == DMA_FROM_DEVICE) { +- DECLARE_BITMAP(bitmap, DATA_BLOCK_BITS); +- +- bitmap_copy(bitmap, cmd->data_bitmap, DATA_BLOCK_BITS); +- gather_data_area(udev, bitmap, +- se_cmd->t_data_sg, se_cmd->t_data_nents); ++ gather_data_area(udev, cmd, false); + free_data_area(udev, cmd); + } else if (se_cmd->data_direction == DMA_TO_DEVICE) { + free_data_area(udev, cmd); +diff --git a/drivers/video/fbdev/efifb.c b/drivers/video/fbdev/efifb.c +index 37a37c4..6f2e729 100644 +--- a/drivers/video/fbdev/efifb.c ++++ b/drivers/video/fbdev/efifb.c +@@ -10,6 +10,7 @@ + #include <linux/efi.h> + #include <linux/errno.h> + #include <linux/fb.h> ++#include <linux/pci.h> + #include <linux/platform_device.h> + #include <linux/screen_info.h> + #include <video/vga.h> +@@ -118,6 +119,8 @@ static inline bool fb_base_is_valid(void) + return false; + } + ++static bool pci_dev_disabled; /* FB base matches BAR of a disabled device */ ++ + static int efifb_probe(struct platform_device *dev) + { + struct fb_info *info; +@@ -127,7 +130,7 @@ static int efifb_probe(struct platform_device *dev) + unsigned int size_total; + char *option = NULL; + +- if (screen_info.orig_video_isVGA != VIDEO_TYPE_EFI) ++ if (screen_info.orig_video_isVGA != VIDEO_TYPE_EFI || pci_dev_disabled) + return -ENODEV; + + if (fb_get_options("efifb", &option)) +@@ -327,3 +330,64 @@ static struct platform_driver efifb_driver = { + }; + + builtin_platform_driver(efifb_driver); ++ ++#if defined(CONFIG_PCI) && !defined(CONFIG_X86) ++ ++static bool pci_bar_found; /* did we find a BAR matching the efifb base? */ ++ ++static void claim_efifb_bar(struct pci_dev *dev, int idx) ++{ ++ u16 word; ++ ++ pci_bar_found = true; ++ ++ pci_read_config_word(dev, PCI_COMMAND, &word); ++ if (!(word & PCI_COMMAND_MEMORY)) { ++ pci_dev_disabled = true; ++ dev_err(&dev->dev, ++ "BAR %d: assigned to efifb but device is disabled!\n", ++ idx); ++ return; ++ } ++ ++ if (pci_claim_resource(dev, idx)) { ++ pci_dev_disabled = true; ++ dev_err(&dev->dev, ++ "BAR %d: failed to claim resource for efifb!\n", idx); ++ return; ++ } ++ ++ dev_info(&dev->dev, "BAR %d: assigned to efifb\n", idx); ++} ++ ++static void efifb_fixup_resources(struct pci_dev *dev) ++{ ++ u64 base = screen_info.lfb_base; ++ u64 size = screen_info.lfb_size; ++ int i; ++ ++ if (pci_bar_found || screen_info.orig_video_isVGA != VIDEO_TYPE_EFI) ++ return; ++ ++ if (screen_info.capabilities & VIDEO_CAPABILITY_64BIT_BASE) ++ base |= (u64)screen_info.ext_lfb_base << 32; ++ ++ if (!base) ++ return; ++ ++ for (i = 0; i < PCI_STD_RESOURCE_END; i++) { ++ struct resource *res = &dev->resource[i]; ++ ++ if (!(res->flags & IORESOURCE_MEM)) ++ continue; ++ ++ if (res->start <= base && res->end >= base + size - 1) { ++ claim_efifb_bar(dev, i); ++ break; ++ } ++ } ++} ++DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_ANY_ID, PCI_ANY_ID, PCI_BASE_CLASS_DISPLAY, ++ 16, efifb_fixup_resources); ++ ++#endif +diff --git a/drivers/video/fbdev/xen-fbfront.c b/drivers/video/fbdev/xen-fbfront.c +index 0567d51..ea2f19f 100644 +--- a/drivers/video/fbdev/xen-fbfront.c ++++ b/drivers/video/fbdev/xen-fbfront.c +@@ -644,7 +644,6 @@ static void xenfb_backend_changed(struct xenbus_device *dev, + break; + + case XenbusStateInitWait: +-InitWait: + xenbus_switch_state(dev, XenbusStateConnected); + break; + +@@ -655,7 +654,8 @@ static void xenfb_backend_changed(struct xenbus_device *dev, + * get Connected twice here. + */ + if (dev->state != XenbusStateConnected) +- goto InitWait; /* no InitWait seen yet, fudge it */ ++ /* no InitWait seen yet, fudge it */ ++ xenbus_switch_state(dev, XenbusStateConnected); + + if (xenbus_scanf(XBT_NIL, info->xbdev->otherend, + "request-update", "%d", &val) < 0) +diff --git a/fs/cifs/file.c b/fs/cifs/file.c +index 1cd0e2e..3925758 100644 +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -2597,7 +2597,7 @@ cifs_write_from_iter(loff_t offset, size_t len, struct iov_iter *from, + wdata->credits = credits; + + if (!wdata->cfile->invalidHandle || +- !cifs_reopen_file(wdata->cfile, false)) ++ !(rc = cifs_reopen_file(wdata->cfile, false))) + rc = server->ops->async_writev(wdata, + cifs_uncached_writedata_release); + if (rc) { +@@ -3002,7 +3002,7 @@ cifs_send_async_read(loff_t offset, size_t len, struct cifsFileInfo *open_file, + rdata->credits = credits; + + if (!rdata->cfile->invalidHandle || +- !cifs_reopen_file(rdata->cfile, true)) ++ !(rc = cifs_reopen_file(rdata->cfile, true))) + rc = server->ops->async_readv(rdata); + error: + if (rc) { +@@ -3577,7 +3577,7 @@ static int cifs_readpages(struct file *file, struct address_space *mapping, + } + + if (!rdata->cfile->invalidHandle || +- !cifs_reopen_file(rdata->cfile, true)) ++ !(rc = cifs_reopen_file(rdata->cfile, true))) + rc = server->ops->async_readv(rdata); + if (rc) { + add_credits_and_wake_if(server, rdata->credits, 0); +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c +index bdd3292..7080dac 100644 +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -1987,6 +1987,9 @@ void smb2_reconnect_server(struct work_struct *work) + struct cifs_tcon *tcon, *tcon2; + struct list_head tmp_list; + int tcon_exist = false; ++ int rc; ++ int resched = false; ++ + + /* Prevent simultaneous reconnects that can corrupt tcon->rlist list */ + mutex_lock(&server->reconnect_mutex); +@@ -2014,13 +2017,18 @@ void smb2_reconnect_server(struct work_struct *work) + spin_unlock(&cifs_tcp_ses_lock); + + list_for_each_entry_safe(tcon, tcon2, &tmp_list, rlist) { +- if (!smb2_reconnect(SMB2_INTERNAL_CMD, tcon)) ++ rc = smb2_reconnect(SMB2_INTERNAL_CMD, tcon); ++ if (!rc) + cifs_reopen_persistent_handles(tcon); ++ else ++ resched = true; + list_del_init(&tcon->rlist); + cifs_put_tcon(tcon); + } + + cifs_dbg(FYI, "Reconnecting tcons finished\n"); ++ if (resched) ++ queue_delayed_work(cifsiod_wq, &server->reconnect, 2 * HZ); + mutex_unlock(&server->reconnect_mutex); + + /* now we can safely release srv struct */ +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index dc9d64a..c78fce4 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -71,10 +71,9 @@ static __u32 ext4_inode_csum(struct inode *inode, struct ext4_inode *raw, + csum = ext4_chksum(sbi, csum, (__u8 *)&dummy_csum, + csum_size); + offset += csum_size; +- csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset, +- EXT4_INODE_SIZE(inode->i_sb) - +- offset); + } ++ csum = ext4_chksum(sbi, csum, (__u8 *)raw + offset, ++ EXT4_INODE_SIZE(inode->i_sb) - offset); + } + + return csum; +diff --git a/fs/orangefs/devorangefs-req.c b/fs/orangefs/devorangefs-req.c +index f419dd9..fe2cbeb 100644 +--- a/fs/orangefs/devorangefs-req.c ++++ b/fs/orangefs/devorangefs-req.c +@@ -208,14 +208,19 @@ static ssize_t orangefs_devreq_read(struct file *file, + continue; + /* + * Skip ops whose filesystem we don't know about unless +- * it is being mounted. ++ * it is being mounted or unmounted. It is possible for ++ * a filesystem we don't know about to be unmounted if ++ * it fails to mount in the kernel after userspace has ++ * been sent the mount request. + */ + /* XXX: is there a better way to detect this? */ + } else if (ret == -1 && + !(op->upcall.type == + ORANGEFS_VFS_OP_FS_MOUNT || + op->upcall.type == +- ORANGEFS_VFS_OP_GETATTR)) { ++ ORANGEFS_VFS_OP_GETATTR || ++ op->upcall.type == ++ ORANGEFS_VFS_OP_FS_UMOUNT)) { + gossip_debug(GOSSIP_DEV_DEBUG, + "orangefs: skipping op tag %llu %s\n", + llu(op->tag), get_opname_string(op)); +diff --git a/fs/orangefs/orangefs-kernel.h b/fs/orangefs/orangefs-kernel.h +index 3bf803d..45dd8f2 100644 +--- a/fs/orangefs/orangefs-kernel.h ++++ b/fs/orangefs/orangefs-kernel.h +@@ -249,6 +249,7 @@ struct orangefs_sb_info_s { + char devname[ORANGEFS_MAX_SERVER_ADDR_LEN]; + struct super_block *sb; + int mount_pending; ++ int no_list; + struct list_head list; + }; + +diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c +index cd261c8..629d8c9 100644 +--- a/fs/orangefs/super.c ++++ b/fs/orangefs/super.c +@@ -493,7 +493,7 @@ struct dentry *orangefs_mount(struct file_system_type *fst, + + if (ret) { + d = ERR_PTR(ret); +- goto free_op; ++ goto free_sb_and_op; + } + + /* +@@ -519,6 +519,9 @@ struct dentry *orangefs_mount(struct file_system_type *fst, + spin_unlock(&orangefs_superblocks_lock); + op_release(new_op); + ++ /* Must be removed from the list now. */ ++ ORANGEFS_SB(sb)->no_list = 0; ++ + if (orangefs_userspace_version >= 20906) { + new_op = op_alloc(ORANGEFS_VFS_OP_FEATURES); + if (!new_op) +@@ -533,6 +536,10 @@ struct dentry *orangefs_mount(struct file_system_type *fst, + + return dget(sb->s_root); + ++free_sb_and_op: ++ /* Will call orangefs_kill_sb with sb not in list. */ ++ ORANGEFS_SB(sb)->no_list = 1; ++ deactivate_locked_super(sb); + free_op: + gossip_err("orangefs_mount: mount request failed with %d\n", ret); + if (ret == -EINVAL) { +@@ -558,12 +565,14 @@ void orangefs_kill_sb(struct super_block *sb) + */ + orangefs_unmount_sb(sb); + +- /* remove the sb from our list of orangefs specific sb's */ +- +- spin_lock(&orangefs_superblocks_lock); +- __list_del_entry(&ORANGEFS_SB(sb)->list); /* not list_del_init */ +- ORANGEFS_SB(sb)->list.prev = NULL; +- spin_unlock(&orangefs_superblocks_lock); ++ if (!ORANGEFS_SB(sb)->no_list) { ++ /* remove the sb from our list of orangefs specific sb's */ ++ spin_lock(&orangefs_superblocks_lock); ++ /* not list_del_init */ ++ __list_del_entry(&ORANGEFS_SB(sb)->list); ++ ORANGEFS_SB(sb)->list.prev = NULL; ++ spin_unlock(&orangefs_superblocks_lock); ++ } + + /* + * make sure that ORANGEFS_DEV_REMOUNT_ALL loop that might've seen us +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c +index 35b92d8..b1517b6 100644 +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -899,7 +899,14 @@ static inline void clear_soft_dirty(struct vm_area_struct *vma, + static inline void clear_soft_dirty_pmd(struct vm_area_struct *vma, + unsigned long addr, pmd_t *pmdp) + { +- pmd_t pmd = pmdp_huge_get_and_clear(vma->vm_mm, addr, pmdp); ++ pmd_t pmd = *pmdp; ++ ++ /* See comment in change_huge_pmd() */ ++ pmdp_invalidate(vma, addr, pmdp); ++ if (pmd_dirty(*pmdp)) ++ pmd = pmd_mkdirty(pmd); ++ if (pmd_young(*pmdp)) ++ pmd = pmd_mkyoung(pmd); + + pmd = pmd_wrprotect(pmd); + pmd = pmd_clear_soft_dirty(pmd); +diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h +index 1d4f365..f6d9af3e 100644 +--- a/include/crypto/internal/hash.h ++++ b/include/crypto/internal/hash.h +@@ -166,6 +166,16 @@ static inline struct ahash_instance *ahash_alloc_instance( + return crypto_alloc_instance2(name, alg, ahash_instance_headroom()); + } + ++static inline void ahash_request_complete(struct ahash_request *req, int err) ++{ ++ req->base.complete(&req->base, err); ++} ++ ++static inline u32 ahash_request_flags(struct ahash_request *req) ++{ ++ return req->base.flags; ++} ++ + static inline struct crypto_ahash *crypto_spawn_ahash( + struct crypto_ahash_spawn *spawn) + { +diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h +index c83c23f..307ae63 100644 +--- a/include/linux/cgroup.h ++++ b/include/linux/cgroup.h +@@ -570,6 +570,25 @@ static inline void pr_cont_cgroup_path(struct cgroup *cgrp) + pr_cont_kernfs_path(cgrp->kn); + } + ++static inline void cgroup_init_kthreadd(void) ++{ ++ /* ++ * kthreadd is inherited by all kthreads, keep it in the root so ++ * that the new kthreads are guaranteed to stay in the root until ++ * initialization is finished. ++ */ ++ current->no_cgroup_migration = 1; ++} ++ ++static inline void cgroup_kthread_ready(void) ++{ ++ /* ++ * This kthread finished initialization. The creator should have ++ * set PF_NO_SETAFFINITY if this kthread should stay in the root. ++ */ ++ current->no_cgroup_migration = 0; ++} ++ + #else /* !CONFIG_CGROUPS */ + + struct cgroup_subsys_state; +@@ -590,6 +609,8 @@ static inline void cgroup_free(struct task_struct *p) {} + + static inline int cgroup_init_early(void) { return 0; } + static inline int cgroup_init(void) { return 0; } ++static inline void cgroup_init_kthreadd(void) {} ++static inline void cgroup_kthread_ready(void) {} + + static inline bool task_under_cgroup_hierarchy(struct task_struct *task, + struct cgroup *ancestor) +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 75d9a57..f425eb3 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -1584,6 +1584,10 @@ struct task_struct { + #ifdef CONFIG_COMPAT_BRK + unsigned brk_randomized:1; + #endif ++#ifdef CONFIG_CGROUPS ++ /* disallow userland-initiated cgroup migration */ ++ unsigned no_cgroup_migration:1; ++#endif + + unsigned long atomic_flags; /* Flags needing atomic access. */ + +diff --git a/include/linux/uio.h b/include/linux/uio.h +index 6e22b54..c146ebc 100644 +--- a/include/linux/uio.h ++++ b/include/linux/uio.h +@@ -39,7 +39,10 @@ struct iov_iter { + }; + union { + unsigned long nr_segs; +- int idx; ++ struct { ++ int idx; ++ int start_idx; ++ }; + }; + }; + +@@ -81,6 +84,7 @@ unsigned long iov_shorten(struct iovec *iov, unsigned long nr_segs, size_t to); + size_t iov_iter_copy_from_user_atomic(struct page *page, + struct iov_iter *i, unsigned long offset, size_t bytes); + void iov_iter_advance(struct iov_iter *i, size_t bytes); ++void iov_iter_revert(struct iov_iter *i, size_t bytes); + int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes); + size_t iov_iter_single_seg_count(const struct iov_iter *i); + size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes, +diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h +index 6233e8f..0383c60 100644 +--- a/include/target/target_core_base.h ++++ b/include/target/target_core_base.h +@@ -705,6 +705,7 @@ struct se_lun { + u64 unpacked_lun; + #define SE_LUN_LINK_MAGIC 0xffff7771 + u32 lun_link_magic; ++ bool lun_shutdown; + bool lun_access_ro; + u32 lun_index; + +diff --git a/kernel/cgroup.c b/kernel/cgroup.c +index 4e2f3de..a3d2aad 100644 +--- a/kernel/cgroup.c ++++ b/kernel/cgroup.c +@@ -2920,11 +2920,12 @@ static ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf, + tsk = tsk->group_leader; + + /* +- * Workqueue threads may acquire PF_NO_SETAFFINITY and become +- * trapped in a cpuset, or RT worker may be born in a cgroup +- * with no rt_runtime allocated. Just say no. ++ * kthreads may acquire PF_NO_SETAFFINITY during initialization. ++ * If userland migrates such a kthread to a non-root cgroup, it can ++ * become trapped in a cpuset, or RT kthread may be born in a ++ * cgroup with no rt_runtime allocated. Just say no. + */ +- if (tsk == kthreadd_task || (tsk->flags & PF_NO_SETAFFINITY)) { ++ if (tsk->no_cgroup_migration || (tsk->flags & PF_NO_SETAFFINITY)) { + ret = -EINVAL; + goto out_unlock_rcu; + } +diff --git a/kernel/kthread.c b/kernel/kthread.c +index be2cc1f..c2c911a 100644 +--- a/kernel/kthread.c ++++ b/kernel/kthread.c +@@ -18,6 +18,7 @@ + #include <linux/freezer.h> + #include <linux/ptrace.h> + #include <linux/uaccess.h> ++#include <linux/cgroup.h> + #include <trace/events/sched.h> + + static DEFINE_SPINLOCK(kthread_create_lock); +@@ -205,6 +206,7 @@ static int kthread(void *_create) + ret = -EINTR; + + if (!test_bit(KTHREAD_SHOULD_STOP, &self.flags)) { ++ cgroup_kthread_ready(); + __kthread_parkme(&self); + ret = threadfn(data); + } +@@ -530,6 +532,7 @@ int kthreadd(void *unused) + set_mems_allowed(node_states[N_MEMORY]); + + current->flags |= PF_NOFREEZE; ++ cgroup_init_kthreadd(); + + for (;;) { + set_current_state(TASK_INTERRUPTIBLE); +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c +index da87b3c..221eb59 100644 +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -3736,23 +3736,24 @@ static void __enable_ftrace_function_probe(struct ftrace_ops_hash *old_hash) + ftrace_probe_registered = 1; + } + +-static void __disable_ftrace_function_probe(void) ++static bool __disable_ftrace_function_probe(void) + { + int i; + + if (!ftrace_probe_registered) +- return; ++ return false; + + for (i = 0; i < FTRACE_FUNC_HASHSIZE; i++) { + struct hlist_head *hhd = &ftrace_func_hash[i]; + if (hhd->first) +- return; ++ return false; + } + + /* no more funcs left */ + ftrace_shutdown(&trace_probe_ops, 0); + + ftrace_probe_registered = 0; ++ return true; + } + + +@@ -3882,6 +3883,7 @@ static void + __unregister_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, + void *data, int flags) + { ++ struct ftrace_ops_hash old_hash_ops; + struct ftrace_func_entry *rec_entry; + struct ftrace_func_probe *entry; + struct ftrace_func_probe *p; +@@ -3893,6 +3895,7 @@ __unregister_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, + struct hlist_node *tmp; + char str[KSYM_SYMBOL_LEN]; + int i, ret; ++ bool disabled; + + if (glob && (strcmp(glob, "*") == 0 || !strlen(glob))) + func_g.search = NULL; +@@ -3911,6 +3914,10 @@ __unregister_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, + + mutex_lock(&trace_probe_ops.func_hash->regex_lock); + ++ old_hash_ops.filter_hash = old_hash; ++ /* Probes only have filters */ ++ old_hash_ops.notrace_hash = NULL; ++ + hash = alloc_and_copy_ftrace_hash(FTRACE_HASH_DEFAULT_BITS, *orig_hash); + if (!hash) + /* Hmm, should report this somehow */ +@@ -3948,12 +3955,17 @@ __unregister_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, + } + } + mutex_lock(&ftrace_lock); +- __disable_ftrace_function_probe(); ++ disabled = __disable_ftrace_function_probe(); + /* + * Remove after the disable is called. Otherwise, if the last + * probe is removed, a null hash means *all enabled*. + */ + ret = ftrace_hash_move(&trace_probe_ops, 1, orig_hash, hash); ++ ++ /* still need to update the function call sites */ ++ if (ftrace_enabled && !disabled) ++ ftrace_run_modify_code(&trace_probe_ops, FTRACE_UPDATE_CALLS, ++ &old_hash_ops); + synchronize_sched(); + if (!ret) + free_ftrace_hash_rcu(old_hash); +@@ -5389,6 +5401,15 @@ static void clear_ftrace_pids(struct trace_array *tr) + trace_free_pid_list(pid_list); + } + ++void ftrace_clear_pids(struct trace_array *tr) ++{ ++ mutex_lock(&ftrace_lock); ++ ++ clear_ftrace_pids(tr); ++ ++ mutex_unlock(&ftrace_lock); ++} ++ + static void ftrace_pid_reset(struct trace_array *tr) + { + mutex_lock(&ftrace_lock); +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 90b66ed..862bc88 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -7150,6 +7150,7 @@ static int instance_rmdir(const char *name) + + tracing_set_nop(tr); + event_trace_del_tracer(tr); ++ ftrace_clear_pids(tr); + ftrace_destroy_function_files(tr); + tracefs_remove_recursive(tr->dir); + free_trace_buffers(tr); +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h +index fd24b1f..b0d8576 100644 +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -870,6 +870,7 @@ int using_ftrace_ops_list_func(void); + void ftrace_init_tracefs(struct trace_array *tr, struct dentry *d_tracer); + void ftrace_init_tracefs_toplevel(struct trace_array *tr, + struct dentry *d_tracer); ++void ftrace_clear_pids(struct trace_array *tr); + #else + static inline int ftrace_trace_task(struct trace_array *tr) + { +@@ -888,6 +889,7 @@ ftrace_init_global_array_ops(struct trace_array *tr) { } + static inline void ftrace_reset_array_ops(struct trace_array *tr) { } + static inline void ftrace_init_tracefs(struct trace_array *tr, struct dentry *d) { } + static inline void ftrace_init_tracefs_toplevel(struct trace_array *tr, struct dentry *d) { } ++static inline void ftrace_clear_pids(struct trace_array *tr) { } + /* ftace_func_t type is not defined, use macro instead of static inline */ + #define ftrace_init_array_ops(tr, func) do { } while (0) + #endif /* CONFIG_FUNCTION_TRACER */ +diff --git a/lib/iov_iter.c b/lib/iov_iter.c +index efb0b4d..a75ea63 100644 +--- a/lib/iov_iter.c ++++ b/lib/iov_iter.c +@@ -734,6 +734,68 @@ void iov_iter_advance(struct iov_iter *i, size_t size) + } + EXPORT_SYMBOL(iov_iter_advance); + ++void iov_iter_revert(struct iov_iter *i, size_t unroll) ++{ ++ if (!unroll) ++ return; ++ i->count += unroll; ++ if (unlikely(i->type & ITER_PIPE)) { ++ struct pipe_inode_info *pipe = i->pipe; ++ int idx = i->idx; ++ size_t off = i->iov_offset; ++ while (1) { ++ size_t n = off - pipe->bufs[idx].offset; ++ if (unroll < n) { ++ off -= (n - unroll); ++ break; ++ } ++ unroll -= n; ++ if (!unroll && idx == i->start_idx) { ++ off = 0; ++ break; ++ } ++ if (!idx--) ++ idx = pipe->buffers - 1; ++ off = pipe->bufs[idx].offset + pipe->bufs[idx].len; ++ } ++ i->iov_offset = off; ++ i->idx = idx; ++ pipe_truncate(i); ++ return; ++ } ++ if (unroll <= i->iov_offset) { ++ i->iov_offset -= unroll; ++ return; ++ } ++ unroll -= i->iov_offset; ++ if (i->type & ITER_BVEC) { ++ const struct bio_vec *bvec = i->bvec; ++ while (1) { ++ size_t n = (--bvec)->bv_len; ++ i->nr_segs++; ++ if (unroll <= n) { ++ i->bvec = bvec; ++ i->iov_offset = n - unroll; ++ return; ++ } ++ unroll -= n; ++ } ++ } else { /* same logics for iovec and kvec */ ++ const struct iovec *iov = i->iov; ++ while (1) { ++ size_t n = (--iov)->iov_len; ++ i->nr_segs++; ++ if (unroll <= n) { ++ i->iov = iov; ++ i->iov_offset = n - unroll; ++ return; ++ } ++ unroll -= n; ++ } ++ } ++} ++EXPORT_SYMBOL(iov_iter_revert); ++ + /* + * Return the count of just the current iov_iter segment. + */ +@@ -787,6 +849,7 @@ void iov_iter_pipe(struct iov_iter *i, int direction, + i->idx = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1); + i->iov_offset = 0; + i->count = count; ++ i->start_idx = i->idx; + } + EXPORT_SYMBOL(iov_iter_pipe); + +diff --git a/mm/huge_memory.c b/mm/huge_memory.c +index 917555c..d5b2b75 100644 +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -1380,8 +1380,7 @@ bool madvise_free_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma, + deactivate_page(page); + + if (pmd_young(orig_pmd) || pmd_dirty(orig_pmd)) { +- orig_pmd = pmdp_huge_get_and_clear_full(tlb->mm, addr, pmd, +- tlb->fullmm); ++ pmdp_invalidate(vma, addr, pmd); + orig_pmd = pmd_mkold(orig_pmd); + orig_pmd = pmd_mkclean(orig_pmd); + +diff --git a/mm/memcontrol.c b/mm/memcontrol.c +index 0de2669..47559cc 100644 +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -2152,6 +2152,8 @@ struct memcg_kmem_cache_create_work { + struct work_struct work; + }; + ++static struct workqueue_struct *memcg_kmem_cache_create_wq; ++ + static void memcg_kmem_cache_create_func(struct work_struct *w) + { + struct memcg_kmem_cache_create_work *cw = +@@ -2183,7 +2185,7 @@ static void __memcg_schedule_kmem_cache_create(struct mem_cgroup *memcg, + cw->cachep = cachep; + INIT_WORK(&cw->work, memcg_kmem_cache_create_func); + +- schedule_work(&cw->work); ++ queue_work(memcg_kmem_cache_create_wq, &cw->work); + } + + static void memcg_schedule_kmem_cache_create(struct mem_cgroup *memcg, +@@ -5786,6 +5788,17 @@ static int __init mem_cgroup_init(void) + { + int cpu, node; + ++#ifndef CONFIG_SLOB ++ /* ++ * Kmem cache creation is mostly done with the slab_mutex held, ++ * so use a special workqueue to avoid stalling all worker ++ * threads in case lots of cgroups are created simultaneously. ++ */ ++ memcg_kmem_cache_create_wq = ++ alloc_ordered_workqueue("memcg_kmem_cache_create", 0); ++ BUG_ON(!memcg_kmem_cache_create_wq); ++#endif ++ + hotcpu_notifier(memcg_cpu_hotplug_callback, 0); + + for_each_possible_cpu(cpu) +diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c +index b0bc023..1689bb5 100644 +--- a/mm/zsmalloc.c ++++ b/mm/zsmalloc.c +@@ -280,7 +280,7 @@ struct zs_pool { + struct zspage { + struct { + unsigned int fullness:FULLNESS_BITS; +- unsigned int class:CLASS_BITS; ++ unsigned int class:CLASS_BITS + 1; + unsigned int isolated:ISOLATED_BITS; + unsigned int magic:MAGIC_VAL_BITS; + }; +diff --git a/net/core/datagram.c b/net/core/datagram.c +index b7de71f..963732e 100644 +--- a/net/core/datagram.c ++++ b/net/core/datagram.c +@@ -378,7 +378,7 @@ int skb_copy_datagram_iter(const struct sk_buff *skb, int offset, + struct iov_iter *to, int len) + { + int start = skb_headlen(skb); +- int i, copy = start - offset; ++ int i, copy = start - offset, start_off = offset, n; + struct sk_buff *frag_iter; + + trace_skb_copy_datagram_iovec(skb, len); +@@ -387,11 +387,12 @@ int skb_copy_datagram_iter(const struct sk_buff *skb, int offset, + if (copy > 0) { + if (copy > len) + copy = len; +- if (copy_to_iter(skb->data + offset, copy, to) != copy) ++ n = copy_to_iter(skb->data + offset, copy, to); ++ offset += n; ++ if (n != copy) + goto short_copy; + if ((len -= copy) == 0) + return 0; +- offset += copy; + } + + /* Copy paged appendix. Hmm... why does this look so complicated? */ +@@ -405,13 +406,14 @@ int skb_copy_datagram_iter(const struct sk_buff *skb, int offset, + if ((copy = end - offset) > 0) { + if (copy > len) + copy = len; +- if (copy_page_to_iter(skb_frag_page(frag), ++ n = copy_page_to_iter(skb_frag_page(frag), + frag->page_offset + offset - +- start, copy, to) != copy) ++ start, copy, to); ++ offset += n; ++ if (n != copy) + goto short_copy; + if (!(len -= copy)) + return 0; +- offset += copy; + } + start = end; + } +@@ -443,6 +445,7 @@ int skb_copy_datagram_iter(const struct sk_buff *skb, int offset, + */ + + fault: ++ iov_iter_revert(to, offset - start_off); + return -EFAULT; + + short_copy: +@@ -593,7 +596,7 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset, + __wsum *csump) + { + int start = skb_headlen(skb); +- int i, copy = start - offset; ++ int i, copy = start - offset, start_off = offset; + struct sk_buff *frag_iter; + int pos = 0; + int n; +@@ -603,11 +606,11 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset, + if (copy > len) + copy = len; + n = csum_and_copy_to_iter(skb->data + offset, copy, csump, to); ++ offset += n; + if (n != copy) + goto fault; + if ((len -= copy) == 0) + return 0; +- offset += copy; + pos = copy; + } + +@@ -629,12 +632,12 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset, + offset - start, copy, + &csum2, to); + kunmap(page); ++ offset += n; + if (n != copy) + goto fault; + *csump = csum_block_add(*csump, csum2, pos); + if (!(len -= copy)) + return 0; +- offset += copy; + pos += copy; + } + start = end; +@@ -667,6 +670,7 @@ static int skb_copy_and_csum_datagram(const struct sk_buff *skb, int offset, + return 0; + + fault: ++ iov_iter_revert(to, offset - start_off); + return -EFAULT; + } + +@@ -751,6 +755,7 @@ int skb_copy_and_csum_datagram_msg(struct sk_buff *skb, + } + return 0; + csum_error: ++ iov_iter_revert(&msg->msg_iter, chunk); + return -EINVAL; + fault: + return -EFAULT; +diff --git a/net/ipv6/route.c b/net/ipv6/route.c +index bff4460..8d6c09f 100644 +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -2166,6 +2166,8 @@ static int ip6_route_del(struct fib6_config *cfg) + continue; + if (cfg->fc_metric && cfg->fc_metric != rt->rt6i_metric) + continue; ++ if (cfg->fc_protocol && cfg->fc_protocol != rt->rt6i_protocol) ++ continue; + dst_hold(&rt->dst); + read_unlock_bh(&table->tb6_lock); + +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index 6cbe5bd..6734420 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -4735,6 +4735,12 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp) + if (!asoc) + return -EINVAL; + ++ /* If there is a thread waiting on more sndbuf space for ++ * sending on this asoc, it cannot be peeled. ++ */ ++ if (waitqueue_active(&asoc->wait)) ++ return -EBUSY; ++ + /* An association cannot be branched off from an already peeled-off + * socket, nor is this supported for tcp style sockets. + */ +@@ -7427,8 +7433,6 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, + */ + release_sock(sk); + current_timeo = schedule_timeout(current_timeo); +- if (sk != asoc->base.sk) +- goto do_error; + lock_sock(sk); + + *timeo_p = current_timeo; +diff --git a/sound/soc/intel/Kconfig b/sound/soc/intel/Kconfig +index fd5d1e0..e18fe9d 100644 +--- a/sound/soc/intel/Kconfig ++++ b/sound/soc/intel/Kconfig +@@ -33,11 +33,9 @@ config SND_SOC_INTEL_SST + select SND_SOC_INTEL_SST_MATCH if ACPI + depends on (X86 || COMPILE_TEST) + +-# firmware stuff depends DW_DMAC_CORE; since there is no depends-on from +-# the reverse selection, each machine driver needs to select +-# SND_SOC_INTEL_SST_FIRMWARE carefully depending on DW_DMAC_CORE + config SND_SOC_INTEL_SST_FIRMWARE + tristate ++ select DW_DMAC_CORE + + config SND_SOC_INTEL_SST_ACPI + tristate +@@ -47,16 +45,18 @@ config SND_SOC_INTEL_SST_MATCH + + config SND_SOC_INTEL_HASWELL + tristate ++ select SND_SOC_INTEL_SST + select SND_SOC_INTEL_SST_FIRMWARE + + config SND_SOC_INTEL_BAYTRAIL + tristate ++ select SND_SOC_INTEL_SST ++ select SND_SOC_INTEL_SST_FIRMWARE + + config SND_SOC_INTEL_HASWELL_MACH + tristate "ASoC Audio DSP support for Intel Haswell Lynxpoint" + depends on X86_INTEL_LPSS && I2C && I2C_DESIGNWARE_PLATFORM +- depends on DW_DMAC_CORE +- select SND_SOC_INTEL_SST ++ depends on DMADEVICES + select SND_SOC_INTEL_HASWELL + select SND_SOC_RT5640 + help +@@ -99,9 +99,8 @@ config SND_SOC_INTEL_BXT_RT298_MACH + config SND_SOC_INTEL_BYT_RT5640_MACH + tristate "ASoC Audio driver for Intel Baytrail with RT5640 codec" + depends on X86_INTEL_LPSS && I2C +- depends on DW_DMAC_CORE && (SND_SST_IPC_ACPI = n) +- select SND_SOC_INTEL_SST +- select SND_SOC_INTEL_SST_FIRMWARE ++ depends on DMADEVICES ++ depends on SND_SST_IPC_ACPI = n + select SND_SOC_INTEL_BAYTRAIL + select SND_SOC_RT5640 + help +@@ -112,9 +111,8 @@ config SND_SOC_INTEL_BYT_RT5640_MACH + config SND_SOC_INTEL_BYT_MAX98090_MACH + tristate "ASoC Audio driver for Intel Baytrail with MAX98090 codec" + depends on X86_INTEL_LPSS && I2C +- depends on DW_DMAC_CORE && (SND_SST_IPC_ACPI = n) +- select SND_SOC_INTEL_SST +- select SND_SOC_INTEL_SST_FIRMWARE ++ depends on DMADEVICES ++ depends on SND_SST_IPC_ACPI = n + select SND_SOC_INTEL_BAYTRAIL + select SND_SOC_MAX98090 + help +@@ -123,9 +121,8 @@ config SND_SOC_INTEL_BYT_MAX98090_MACH + + config SND_SOC_INTEL_BDW_RT5677_MACH + tristate "ASoC Audio driver for Intel Broadwell with RT5677 codec" +- depends on X86_INTEL_LPSS && GPIOLIB && I2C && DW_DMAC +- depends on DW_DMAC_CORE=y +- select SND_SOC_INTEL_SST ++ depends on X86_INTEL_LPSS && GPIOLIB && I2C ++ depends on DMADEVICES + select SND_SOC_INTEL_HASWELL + select SND_SOC_RT5677 + help +@@ -134,10 +131,8 @@ config SND_SOC_INTEL_BDW_RT5677_MACH + + config SND_SOC_INTEL_BROADWELL_MACH + tristate "ASoC Audio DSP support for Intel Broadwell Wildcatpoint" +- depends on X86_INTEL_LPSS && I2C && DW_DMAC && \ +- I2C_DESIGNWARE_PLATFORM +- depends on DW_DMAC_CORE +- select SND_SOC_INTEL_SST ++ depends on X86_INTEL_LPSS && I2C && I2C_DESIGNWARE_PLATFORM ++ depends on DMADEVICES + select SND_SOC_INTEL_HASWELL + select SND_SOC_RT286 + help diff --git a/4.9.23/4420_grsecurity-3.1-4.9.23-201704181901.patch b/4.9.24/4420_grsecurity-3.1-4.9.24-201704220732.patch index 5c38b38..8f3058d 100644 --- a/4.9.23/4420_grsecurity-3.1-4.9.23-201704181901.patch +++ b/4.9.24/4420_grsecurity-3.1-4.9.24-201704220732.patch @@ -419,7 +419,7 @@ index 3d0ae15..84e5412 100644 cmd_syscalls = $(CONFIG_SHELL) $< $(CC) $(c_flags) $(missing_syscalls_flags) diff --git a/Makefile b/Makefile -index 0de7597..ada2dd2 100644 +index 50436f5..435d355 100644 --- a/Makefile +++ b/Makefile @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -7972,10 +7972,10 @@ index 3a4ed9f..29b7218 100644 #define PAGE_KERNEL_EXEC __pgprot(_PAGE_KERNEL_EXEC) #define PAGE_KERNEL_RWX __pgprot(_PAGE_KERNEL_RWX) diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h -index 7fcf512..37391e8 100644 +index 0497cec..58b097a 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h -@@ -232,10 +232,10 @@ static inline void copy_user_overflow(int size, unsigned long count) +@@ -256,10 +256,10 @@ static inline void copy_user_overflow(int size, unsigned long count) static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -7988,7 +7988,7 @@ index 7fcf512..37391e8 100644 check_object_size(to, n, false); ret = __copy_from_user(to, from, n); } else if (!__builtin_constant_p(n)) -@@ -243,7 +243,7 @@ copy_from_user(void *to, const void __user *from, unsigned long n) +@@ -267,7 +267,7 @@ copy_from_user(void *to, const void __user *from, unsigned long n) else __bad_copy_user(); @@ -7997,7 +7997,7 @@ index 7fcf512..37391e8 100644 memset(to + (n - ret), 0, ret); return ret; -@@ -252,9 +252,9 @@ copy_from_user(void *to, const void __user *from, unsigned long n) +@@ -276,9 +276,9 @@ copy_from_user(void *to, const void __user *from, unsigned long n) static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -21420,10 +21420,10 @@ index be20239..99d75dd 100644 } else if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(regs)) regs->flags |= PERF_EFLAGS_EXACT; diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c -index 81b321a..ef54593 100644 +index f924629..bb99e36 100644 --- a/arch/x86/events/intel/lbr.c +++ b/arch/x86/events/intel/lbr.c -@@ -805,7 +805,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort) +@@ -808,7 +808,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort) * Ensure we don't blindy read any address by validating it is * a known text address. */ @@ -21432,7 +21432,7 @@ index 81b321a..ef54593 100644 addr = (void *)from; /* * Assume we can get the maximum possible size -@@ -827,7 +827,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort) +@@ -830,7 +830,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort) #ifdef CONFIG_X86_64 is64 = kernel_ip((unsigned long)addr) || !test_thread_flag(TIF_IA32); #endif @@ -24008,7 +24008,7 @@ index 389d700..fa51266 100644 return true; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index e7f155c..8611814 100644 +index 94aad63..7d9c5cc 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t; @@ -26400,7 +26400,7 @@ index 8b4de22..eaf50b8 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/pmem.h b/arch/x86/include/asm/pmem.h -index 2c1ebeb..69c4605 100644 +index 529bb4a..2e9cae3 100644 --- a/arch/x86/include/asm/pmem.h +++ b/arch/x86/include/asm/pmem.h @@ -38,7 +38,7 @@ static inline void arch_memcpy_to_pmem(void *dst, const void *src, size_t n) @@ -35063,7 +35063,7 @@ index 1c113db..287b42e 100644 static int trace_irq_vector_refcount; static DEFINE_MUTEX(irq_vector_mutex); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index bd4e3d4..3e938e3 100644 +index bd4e3d4..3089938 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -71,7 +71,7 @@ @@ -35093,7 +35093,7 @@ index bd4e3d4..3e938e3 100644 struct pt_regs *regs, long error_code) { if (v8086_mode(regs)) { -@@ -189,8 +189,32 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, +@@ -189,8 +189,31 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, if (!fixup_exception(regs, trapnr)) { tsk->thread.error_code = error_code; tsk->thread.trap_nr = trapnr; @@ -35118,7 +35118,6 @@ index bd4e3d4..3e938e3 100644 + +#ifdef CONFIG_PAX_REFCOUNT + if (trapnr == X86_REFCOUNT_VECTOR) { -+ regs->ip -= 2; // sizeof int $xx + pax_report_refcount_error(regs, str); + } +#endif @@ -35126,7 +35125,7 @@ index bd4e3d4..3e938e3 100644 return 0; } -@@ -229,7 +253,7 @@ static siginfo_t *fill_trap_info(struct pt_regs *regs, int signr, int trapnr, +@@ -229,7 +252,7 @@ static siginfo_t *fill_trap_info(struct pt_regs *regs, int signr, int trapnr, } static void @@ -35135,7 +35134,7 @@ index bd4e3d4..3e938e3 100644 long error_code, siginfo_t *info) { struct task_struct *tsk = current; -@@ -252,7 +276,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, +@@ -252,7 +275,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, if (show_unhandled_signals && unhandled_signal(tsk, signr) && printk_ratelimit()) { pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx", @@ -35144,7 +35143,7 @@ index bd4e3d4..3e938e3 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); pr_cont("\n"); -@@ -262,7 +286,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, +@@ -262,7 +285,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, } NOKPROBE_SYMBOL(do_trap); @@ -35153,7 +35152,7 @@ index bd4e3d4..3e938e3 100644 unsigned long trapnr, int signr) { siginfo_t info; -@@ -292,7 +316,7 @@ DO_ERROR(X86_TRAP_NP, SIGBUS, "segment not present", segment_not_present) +@@ -292,7 +315,7 @@ DO_ERROR(X86_TRAP_NP, SIGBUS, "segment not present", segment_not_present) DO_ERROR(X86_TRAP_SS, SIGBUS, "stack segment", stack_segment) DO_ERROR(X86_TRAP_AC, SIGBUS, "alignment check", alignment_check) @@ -35162,7 +35161,7 @@ index bd4e3d4..3e938e3 100644 __visible void __noreturn handle_stack_overflow(const char *message, struct pt_regs *regs, unsigned long fault_address) -@@ -307,13 +331,49 @@ __visible void __noreturn handle_stack_overflow(const char *message, +@@ -307,13 +330,49 @@ __visible void __noreturn handle_stack_overflow(const char *message, } #endif @@ -35213,7 +35212,7 @@ index bd4e3d4..3e938e3 100644 unsigned long cr2; #endif -@@ -350,7 +410,7 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) +@@ -350,7 +409,7 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_DF; @@ -35222,7 +35221,7 @@ index bd4e3d4..3e938e3 100644 /* * If we overflow the stack into a guard page, the CPU will fail * to deliver #PF and will send #DF instead. Similarly, if we -@@ -390,8 +450,12 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) +@@ -390,8 +449,12 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) */ cr2 = read_cr2(); if ((unsigned long)task_stack_page(tsk) - 1 - cr2 < PAGE_SIZE) @@ -35235,7 +35234,7 @@ index bd4e3d4..3e938e3 100644 #ifdef CONFIG_DOUBLEFAULT df_debug(regs, error_code); -@@ -505,11 +569,35 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -505,11 +568,35 @@ do_general_protection(struct pt_regs *regs, long error_code) tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; if (notify_die(DIE_GPF, "general protection fault", regs, error_code, @@ -35272,7 +35271,7 @@ index bd4e3d4..3e938e3 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -607,6 +695,9 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) +@@ -607,6 +694,9 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) container_of(task_pt_regs(current), struct bad_iret_stack, regs); @@ -35282,7 +35281,7 @@ index bd4e3d4..3e938e3 100644 /* Copy the IRET target to the new stack. */ memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8); -@@ -778,7 +869,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code) +@@ -778,7 +868,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code) * This is the most likely code path that involves non-trivial use * of the SYSENTER stack. Check that we haven't overrun it. */ @@ -35291,7 +35290,7 @@ index bd4e3d4..3e938e3 100644 "Overran or corrupted SYSENTER stack\n"); #endif ist_exit(regs); -@@ -908,7 +999,7 @@ void __init early_trap_init(void) +@@ -908,7 +998,7 @@ void __init early_trap_init(void) * since we don't have trace_debug and it will be reset to * 'debug' in trap_init() by set_intr_gate_ist(). */ @@ -35300,7 +35299,7 @@ index bd4e3d4..3e938e3 100644 /* int3 can be called from all */ set_system_intr_gate(X86_TRAP_BP, &int3); #ifdef CONFIG_X86_32 -@@ -975,6 +1066,19 @@ void __init trap_init(void) +@@ -975,6 +1065,19 @@ void __init trap_init(void) set_bit(IA32_SYSCALL_VECTOR, used_vectors); #endif @@ -35320,7 +35319,7 @@ index bd4e3d4..3e938e3 100644 /* * Set the IDT descriptor to a fixed read-only location, so that the * "sidt" instruction will not leak the location of the kernel, and -@@ -993,7 +1097,7 @@ void __init trap_init(void) +@@ -993,7 +1096,7 @@ void __init trap_init(void) * in early_trap_init(). However, ITS works only after * cpu_init() loads TSS. See comments in early_trap_init(). */ @@ -35329,7 +35328,7 @@ index bd4e3d4..3e938e3 100644 /* int3 can be called from all */ set_system_intr_gate_ist(X86_TRAP_BP, &int3, DEBUG_STACK); -@@ -1001,7 +1105,7 @@ void __init trap_init(void) +@@ -1001,7 +1104,7 @@ void __init trap_init(void) #ifdef CONFIG_X86_64 memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16); @@ -36116,7 +36115,7 @@ index 8ca1eca..fff3699b 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 69b8f8a..0cf39f5 100644 +index 43b55ef..b88294e 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1675,14 +1675,14 @@ static __always_inline void vmcs_writel(unsigned long field, unsigned long value @@ -36221,7 +36220,7 @@ index 69b8f8a..0cf39f5 100644 } if (cpu_has_vmx_preemption_timer() && enable_preemption_timer) { -@@ -8928,6 +8947,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -8934,6 +8953,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -36234,7 +36233,7 @@ index 69b8f8a..0cf39f5 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -8980,6 +9005,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -8986,6 +9011,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -36246,7 +36245,7 @@ index 69b8f8a..0cf39f5 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -8993,7 +9023,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -8999,7 +9029,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -36255,7 +36254,7 @@ index 69b8f8a..0cf39f5 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -9002,8 +9032,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -9008,8 +9038,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -41054,7 +41053,7 @@ index 2ae8584..e8f8f29 100644 #endif /* CONFIG_HUGETLB_PAGE */ diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 22af912..ac95bc1 100644 +index 889e761..ac95bc1 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -4,6 +4,7 @@ @@ -41092,9 +41091,22 @@ index 22af912..ac95bc1 100644 __flush_tlb_all(); early_memtest(0, max_pfn_mapped << PAGE_SHIFT); -@@ -649,10 +662,34 @@ void __init init_mem_mapping(void) - * Access has to be given to non-kernel-ram areas as well, these contain the PCI - * mmio resources as well as potential bios/acpi data regions. +@@ -643,40 +656,45 @@ void __init init_mem_mapping(void) + * devmem_is_allowed() checks to see if /dev/mem access to a certain address + * is valid. The argument is a physical page number. + * +- * On x86, access has to be given to the first megabyte of RAM because that +- * area traditionally contains BIOS code and data regions used by X, dosemu, +- * and similar apps. Since they map the entire memory range, the whole range +- * must be allowed (for mapping), but any areas that would otherwise be +- * disallowed are flagged as being "zero filled" instead of rejected. +- * Access has to be given to non-kernel-ram areas as well, these contain the +- * PCI mmio resources as well as potential bios/acpi data regions. ++ * ++ * On x86, access has to be given to the first megabyte of ram because that area ++ * contains BIOS code and data regions used by X and dosemu and similar apps. ++ * Access has to be given to non-kernel-ram areas as well, these contain the PCI ++ * mmio resources as well as potential bios/acpi data regions. */ + +#ifdef CONFIG_GRKERNSEC_KMEM @@ -41104,6 +41116,14 @@ index 22af912..ac95bc1 100644 + int devmem_is_allowed(unsigned long pagenr) { +- if (page_is_ram(pagenr)) { +- /* +- * For disallowed memory regions in the low 1MB range, +- * request that the page be shown as all zeros. +- */ +- if (pagenr < 256) +- return 2; +- +#ifdef CONFIG_GRKERNSEC_KMEM + /* allow BDA */ + if (!pagenr) @@ -41118,16 +41138,34 @@ index 22af912..ac95bc1 100644 + return 1; + /* throw out everything else below 1MB */ + if (pagenr <= 256) -+ return 0; + return 0; +- } +- +- /* +- * This must follow RAM test, since System RAM is considered a +- * restricted resource under CONFIG_STRICT_IOMEM. +- */ +- if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) { +- /* Low 1MB bypasses iomem restrictions. */ +- if (pagenr < 256) +- return 1; +#else - if (pagenr < 256) - return 1; ++ if (pagenr < 256) ++ return 1; +#endif -+ - if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) + ++ if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; - if (!page_is_ram(pagenr)) -@@ -699,8 +736,33 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +- } +- +- return 1; ++ if (!page_is_ram(pagenr)) ++ return 1; ++ return 0; + } + + void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -718,8 +736,33 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) } } @@ -46242,10 +46280,10 @@ index 993fd31..cc15d14 100644 } EXPORT_SYMBOL_GPL(acpi_dev_pm_attach); diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c -index 48e19d0..b08e802 100644 +index 22ca892..3bcf391 100644 --- a/drivers/acpi/ec.c +++ b/drivers/acpi/ec.c -@@ -1777,7 +1777,7 @@ static int ec_correct_ecdt(const struct dmi_system_id *id) +@@ -1803,7 +1803,7 @@ static int ec_correct_ecdt(const struct dmi_system_id *id) return 0; } @@ -46254,7 +46292,7 @@ index 48e19d0..b08e802 100644 { ec_correct_ecdt, "MSI MS-171F", { DMI_MATCH(DMI_SYS_VENDOR, "Micro-Star"), -@@ -1910,7 +1910,7 @@ static const struct dev_pm_ops acpi_ec_pm = { +@@ -1908,7 +1908,7 @@ static const struct dev_pm_ops acpi_ec_pm = { SET_SYSTEM_SLEEP_PM_OPS(acpi_ec_suspend, acpi_ec_resume) }; @@ -46263,7 +46301,7 @@ index 48e19d0..b08e802 100644 { int result = 0; -@@ -1928,7 +1928,7 @@ static int param_set_event_clearing(const char *val, struct kernel_param *kp) +@@ -1926,7 +1926,7 @@ static int param_set_event_clearing(const char *val, struct kernel_param *kp) return result; } @@ -48826,7 +48864,7 @@ index 584bc31..e64a12c 100644 static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode) diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index dcc0973..8d34c88 100644 +index 8453a49..aaea2ac 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -17,7 +17,8 @@ config DEVMEM @@ -48841,12 +48879,12 @@ index dcc0973..8d34c88 100644 /dev/kmem device is rarely used, but can be used for certain @@ -573,6 +574,7 @@ config TELCLOCK config DEVPORT - bool + bool "/dev/port character device" depends on ISA || PCI + depends on !GRKERNSEC_KMEM default y - - source "drivers/s390/char/Kconfig" + help + Say Y here if you want to support the /dev/port device. The /dev/port diff --git a/drivers/char/agp/compat_ioctl.c b/drivers/char/agp/compat_ioctl.c index a48e05b..6bac831 100644 --- a/drivers/char/agp/compat_ioctl.c @@ -49054,7 +49092,7 @@ index 5673fff..3ab2908 100644 if (ssif_info->supports_pec) ssif_info->client->flags |= I2C_CLIENT_PEC; diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 6d9cc2d..8bf97d6 100644 +index 7e4a9d1..8bf97d6 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -49076,7 +49114,18 @@ index 6d9cc2d..8bf97d6 100644 static inline unsigned long size_inside_page(unsigned long start, unsigned long size) { -@@ -67,13 +72,22 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) +@@ -60,10 +65,6 @@ static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t size) + #endif + + #ifdef CONFIG_STRICT_DEVMEM +-static inline int page_is_allowed(unsigned long pfn) +-{ +- return devmem_is_allowed(pfn); +-} + static inline int range_is_allowed(unsigned long pfn, unsigned long size) + { + u64 from = ((u64)pfn) << PAGE_SHIFT; +@@ -71,18 +72,23 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) u64 cursor = from; while (cursor < to) { @@ -49092,15 +49141,19 @@ index 6d9cc2d..8bf97d6 100644 } return 1; } +-#else +-static inline int page_is_allowed(unsigned long pfn) +#elif defined(CONFIG_GRKERNSEC_KMEM) +static inline int range_is_allowed(unsigned long pfn, unsigned long size) -+{ + { +- return 1; + return 0; -+} - #else + } ++#else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -98,6 +112,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, + return 1; +@@ -106,6 +112,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, phys_addr_t p = *ppos; ssize_t read, sz; void *ptr; @@ -49108,7 +49161,7 @@ index 6d9cc2d..8bf97d6 100644 if (p != *ppos) return 0; -@@ -120,13 +135,19 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -128,35 +135,37 @@ static ssize_t read_mem(struct file *file, char __user *buf, } #endif @@ -49118,31 +49171,46 @@ index 6d9cc2d..8bf97d6 100644 + while (count > 0) { unsigned long remaining; +- int allowed; sz = size_inside_page(p, count); -- if (!range_is_allowed(p >> PAGE_SHIFT, count)) +- allowed = page_is_allowed(p >> PAGE_SHIFT); +- if (!allowed) + if (!range_is_allowed(p >> PAGE_SHIFT, count)) { + kfree(temp); return -EPERM; +- if (allowed == 2) { +- /* Show zeros for restricted memory. */ +- remaining = clear_user(buf, sz); +- } else { +- /* +- * On ia64 if a page has been mapped somewhere as +- * uncached, then it must also be accessed uncached +- * by the kernel or data corruption may occur. +- */ +- ptr = xlate_dev_mem_ptr(p); +- if (!ptr) +- return -EFAULT; +- +- remaining = copy_to_user(buf, ptr, sz); + } - /* - * On ia64 if a page has been mapped somewhere as uncached, then -@@ -134,13 +155,17 @@ static ssize_t read_mem(struct file *file, char __user *buf, - * corruption may occur. - */ - ptr = xlate_dev_mem_ptr(p); -- if (!ptr) +- unxlate_dev_mem_ptr(p, ptr); ++ /* ++ * On ia64 if a page has been mapped somewhere as uncached, then ++ * it must also be accessed uncached by the kernel or data ++ * corruption may occur. ++ */ ++ ptr = xlate_dev_mem_ptr(p); + if (!ptr || probe_kernel_read(temp, ptr, sz)) { + kfree(temp); - return -EFAULT; -+ } ++ return -EFAULT; + } -- remaining = copy_to_user(buf, ptr, sz); -+ remaining = copy_to_user(buf, temp, sz); - unxlate_dev_mem_ptr(p, ptr); - if (remaining) ++ remaining = copy_to_user(buf, temp, sz); ++ unxlate_dev_mem_ptr(p, ptr); + if (remaining) { + kfree(temp); return -EFAULT; @@ -49150,7 +49218,7 @@ index 6d9cc2d..8bf97d6 100644 buf += sz; p += sz; -@@ -148,6 +173,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -164,6 +173,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, read += sz; } @@ -49159,7 +49227,63 @@ index 6d9cc2d..8bf97d6 100644 *ppos += read; return read; } -@@ -383,6 +410,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -197,36 +208,30 @@ static ssize_t write_mem(struct file *file, const char __user *buf, + #endif + + while (count > 0) { +- int allowed; +- + sz = size_inside_page(p, count); + +- allowed = page_is_allowed(p >> PAGE_SHIFT); +- if (!allowed) ++ if (!range_is_allowed(p >> PAGE_SHIFT, sz)) + return -EPERM; + +- /* Skip actual writing when a page is marked as restricted. */ +- if (allowed == 1) { +- /* +- * On ia64 if a page has been mapped somewhere as +- * uncached, then it must also be accessed uncached +- * by the kernel or data corruption may occur. +- */ +- ptr = xlate_dev_mem_ptr(p); +- if (!ptr) { +- if (written) +- break; +- return -EFAULT; +- } ++ /* ++ * On ia64 if a page has been mapped somewhere as uncached, then ++ * it must also be accessed uncached by the kernel or data ++ * corruption may occur. ++ */ ++ ptr = xlate_dev_mem_ptr(p); ++ if (!ptr) { ++ if (written) ++ break; ++ return -EFAULT; ++ } + +- copied = copy_from_user(ptr, buf, sz); +- unxlate_dev_mem_ptr(p, ptr); +- if (copied) { +- written += sz - copied; +- if (written) +- break; +- return -EFAULT; +- } ++ copied = copy_from_user(ptr, buf, sz); ++ unxlate_dev_mem_ptr(p, ptr); ++ if (copied) { ++ written += sz - copied; ++ if (written) ++ break; ++ return -EFAULT; + } + + buf += sz; +@@ -405,6 +410,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, read = 0; if (p < (unsigned long) high_memory) { @@ -49168,7 +49292,7 @@ index 6d9cc2d..8bf97d6 100644 low_count = count; if (count > (unsigned long)high_memory - p) low_count = (unsigned long)high_memory - p; -@@ -400,6 +429,11 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -422,6 +429,11 @@ static ssize_t read_kmem(struct file *file, char __user *buf, count -= sz; } #endif @@ -49180,7 +49304,7 @@ index 6d9cc2d..8bf97d6 100644 while (low_count > 0) { sz = size_inside_page(p, low_count); -@@ -412,14 +446,18 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -434,14 +446,18 @@ static ssize_t read_kmem(struct file *file, char __user *buf, if (!virt_addr_valid(kbuf)) return -ENXIO; @@ -49200,7 +49324,7 @@ index 6d9cc2d..8bf97d6 100644 } if (count > 0) { -@@ -826,6 +864,9 @@ static const struct memdev { +@@ -848,6 +864,9 @@ static const struct memdev { #ifdef CONFIG_PRINTK [11] = { "kmsg", 0644, &kmsg_fops, 0 }, #endif @@ -49210,7 +49334,7 @@ index 6d9cc2d..8bf97d6 100644 }; static int memory_open(struct inode *inode, struct file *filp) -@@ -887,7 +928,7 @@ static int __init chr_dev_init(void) +@@ -909,7 +928,7 @@ static int __init chr_dev_init(void) continue; device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), @@ -49474,7 +49598,7 @@ index e722886..78a48b9 100644 (*pos)++; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 5649234..34b55b7 100644 +index 471a301..b250231 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -691,11 +691,11 @@ static ssize_t fill_readbuf(struct port *port, char __user *out_buf, @@ -49491,7 +49615,7 @@ index 5649234..34b55b7 100644 out_count); } -@@ -1170,7 +1170,7 @@ static int get_chars(u32 vtermno, char *buf, int count) +@@ -1178,7 +1178,7 @@ static int get_chars(u32 vtermno, char *buf, int count) /* If we don't have an input queue yet, we can't get input. */ BUG_ON(!port->in_vq); @@ -49817,7 +49941,7 @@ index 4d3ec92..cf501fc 100644 ret = cpufreq_register_driver(&dt_cpufreq_driver); if (ret) diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index cac4a92..93c0aed 100644 +index 6153b66..d3d0871 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -528,12 +528,12 @@ EXPORT_SYMBOL_GPL(cpufreq_driver_resolve_freq); @@ -49875,7 +49999,7 @@ index cac4a92..93c0aed 100644 /* This will get removed on driver unregister */ return create_boost_sysfs_file(); -@@ -2444,8 +2450,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2458,8 +2464,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) cpufreq_driver = driver_data; write_unlock_irqrestore(&cpufreq_driver_lock, flags); @@ -63289,79 +63413,6 @@ index 642b89c..5e92dc3 100644 module_param(radio_nr, int, 0444); MODULE_PARM_DESC(radio_nr, "Radio Nr"); -diff --git a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c -index dd048a7..717a7b2 100644 ---- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c -+++ b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c -@@ -35,42 +35,57 @@ static int usb_cypress_writemem(struct usb_device *udev,u16 addr,u8 *data, u8 le - - int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type) - { -- struct hexline hx; -- u8 reset; -+ struct hexline *hx; -+ u8 *reset; - int ret,pos=0; - -+ reset = kmalloc(1, GFP_KERNEL); -+ if (reset == NULL) -+ return -ENOMEM; -+ -+ hx = kmalloc(sizeof(struct hexline), GFP_KERNEL); -+ if (hx == NULL) { -+ kfree(reset); -+ return -ENOMEM; -+ } -+ - /* stop the CPU */ -- reset = 1; -- if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1) -+ reset[0] = 1; -+ if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1) - err("could not stop the USB controller CPU."); - -- while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) { -- deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk); -- ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len); -+ while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) { -+ deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk); -+ ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len); - -- if (ret != hx.len) { -+ if (ret != hx->len) { - err("error while transferring firmware " - "(transferred size: %d, block size: %d)", -- ret,hx.len); -+ ret,hx->len); - ret = -EINVAL; - break; - } - } - if (ret < 0) { - err("firmware download failed at %d with %d",pos,ret); -+ kfree(reset); -+ kfree(hx); - return ret; - } - - if (ret == 0) { - /* restart the CPU */ -- reset = 0; -- if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) { -+ reset[0] = 0; -+ if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) { - err("could not restart the USB controller CPU."); - ret = -EINVAL; - } - } else - ret = -EIO; - -+ kfree(reset); -+ kfree(hx); -+ - return ret; - } - EXPORT_SYMBOL(usb_cypress_load_firmware); diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c index 4706628..14d602fb 100644 --- a/drivers/media/usb/dvb-usb/technisat-usb2.c @@ -79479,7 +79530,7 @@ index 6ca0081..fbb9efd 100644 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool); extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index 4f361d8..64d9741 100644 +index 734e592..97c7fb4 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -301,12 +301,12 @@ struct scsi_transport_template *qla2xxx_transport_vport_template = NULL; @@ -79497,7 +79548,7 @@ index 4f361d8..64d9741 100644 add_timer(&vha->timer); vha->timer_active = 1; } -@@ -1529,8 +1529,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) +@@ -1534,8 +1534,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) { /* Ok, a 64bit DMA mask is applicable. */ ha->flags.enable_64bit_addressing = 1; @@ -79510,7 +79561,7 @@ index 4f361d8..64d9741 100644 return; } } -@@ -5411,8 +5413,9 @@ qla2x00_rst_aen(scsi_qla_host_t *vha) +@@ -5416,8 +5418,9 @@ qla2x00_rst_aen(scsi_qla_host_t *vha) * Context: Interrupt ***************************************************************************/ void @@ -79521,7 +79572,7 @@ index 4f361d8..64d9741 100644 unsigned long cpu_flags = 0; int start_dpc = 0; int index; -@@ -5674,7 +5677,7 @@ qla2x00_release_firmware(void) +@@ -5679,7 +5682,7 @@ qla2x00_release_firmware(void) } static pci_ers_result_t @@ -79981,7 +80032,7 @@ index e3cd3ec..97ab643 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 51e5629..caef5f7 100644 +index 931af07..8998d44 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -113,7 +113,7 @@ static int sd_resume(struct device *); @@ -80002,7 +80053,7 @@ index 51e5629..caef5f7 100644 { int result = SCpnt->result; unsigned int good_bytes = result ? 0 : scsi_bufflen(SCpnt); -@@ -3081,7 +3081,7 @@ static int sd_probe(struct device *dev) +@@ -3098,7 +3098,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -80078,7 +80129,7 @@ index a535b26..d62e7f1 100644 INIT_DELAYED_WORK(&ctrl_info->rescan_work, pqi_rescan_worker); INIT_DELAYED_WORK(&ctrl_info->update_time_work, pqi_update_time_worker); diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c -index bed2bbd..3abf75c 100644 +index e635973..93f218e 100644 --- a/drivers/scsi/sr.c +++ b/drivers/scsi/sr.c @@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex); @@ -105588,7 +105639,7 @@ index 203287f..f1b702c 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 1cd0e2e..50411b0 100644 +index 3925758..f2e78fa 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1431,7 +1431,7 @@ cifs_free_llist(struct list_head *llist) @@ -105880,10 +105931,10 @@ index 5d456eb..6b33055 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index bdd3292..eed47d8 100644 +index 7080dac..28a6a3048 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2617,8 +2617,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2625,8 +2625,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -120913,10 +120964,10 @@ index d3ed817..d6038021 100644 } putname(tmp); diff --git a/fs/orangefs/super.c b/fs/orangefs/super.c -index cd261c8..7a1c069 100644 +index 629d8c9..2edba1f 100644 --- a/fs/orangefs/super.c +++ b/fs/orangefs/super.c -@@ -578,10 +578,12 @@ void orangefs_kill_sb(struct super_block *sb) +@@ -587,10 +587,12 @@ void orangefs_kill_sb(struct super_block *sb) int orangefs_inode_cache_initialize(void) { @@ -122943,7 +122994,7 @@ index d700c42..f711c86 100644 seq_put_decimal_ull(p, "softirq ", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 35b92d8..eb959b5 100644 +index b1517b6..b1aa804 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -15,12 +15,19 @@ @@ -123142,7 +123193,7 @@ index 35b92d8..eb959b5 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1436,7 +1488,7 @@ static int pagemap_open(struct inode *inode, struct file *file) +@@ -1443,7 +1495,7 @@ static int pagemap_open(struct inode *inode, struct file *file) { struct mm_struct *mm; @@ -123151,7 +123202,7 @@ index 35b92d8..eb959b5 100644 if (IS_ERR(mm)) return PTR_ERR(mm); file->private_data = mm; -@@ -1639,6 +1691,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1646,6 +1698,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -123165,7 +123216,7 @@ index 35b92d8..eb959b5 100644 if (!mm) return 0; -@@ -1653,11 +1712,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1660,11 +1719,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy); } @@ -142897,7 +142948,7 @@ index cb3c8fe..a001ef9 100644 /* diff --git a/include/linux/sched.h b/include/linux/sched.h -index 75d9a57..3370513 100644 +index f425eb3..2b11430 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -7,7 +7,7 @@ @@ -142997,7 +143048,7 @@ index 75d9a57..3370513 100644 atomic_t usage; unsigned int flags; /* per process flags, defined below */ unsigned int ptrace; -@@ -1610,6 +1645,8 @@ struct task_struct { +@@ -1614,6 +1649,8 @@ struct task_struct { struct list_head sibling; /* linkage in my parent's children list */ struct task_struct *group_leader; /* threadgroup leader */ @@ -143006,7 +143057,7 @@ index 75d9a57..3370513 100644 /* * ptraced is the list of tasks this task is using ptrace on. * This includes both natural children and PTRACE_ATTACH targets. -@@ -1624,8 +1661,8 @@ struct task_struct { +@@ -1628,8 +1665,8 @@ struct task_struct { struct list_head thread_node; struct completion *vfork_done; /* for vfork() */ @@ -143017,7 +143068,7 @@ index 75d9a57..3370513 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1655,12 +1692,6 @@ struct task_struct { +@@ -1659,12 +1696,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -143030,7 +143081,7 @@ index 75d9a57..3370513 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1676,6 +1707,8 @@ struct task_struct { +@@ -1680,6 +1711,8 @@ struct task_struct { /* hung task detection */ unsigned long last_switch_count; #endif @@ -143039,7 +143090,7 @@ index 75d9a57..3370513 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1686,8 +1719,11 @@ struct task_struct { +@@ -1690,8 +1723,11 @@ struct task_struct { struct signal_struct *signal; struct sighand_struct *sighand; @@ -143053,7 +143104,7 @@ index 75d9a57..3370513 100644 struct sigpending pending; unsigned long sas_ss_sp; -@@ -1754,6 +1790,10 @@ struct task_struct { +@@ -1758,6 +1794,10 @@ struct task_struct { unsigned int in_ubsan; #endif @@ -143064,7 +143115,7 @@ index 75d9a57..3370513 100644 /* journalling filesystem info */ void *journal_info; -@@ -1792,6 +1832,10 @@ struct task_struct { +@@ -1796,6 +1836,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -143075,7 +143126,7 @@ index 75d9a57..3370513 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1907,7 +1951,7 @@ struct task_struct { +@@ -1911,7 +1955,7 @@ struct task_struct { * Number of functions that haven't been traced * because of depth overrun. */ @@ -143084,7 +143135,7 @@ index 75d9a57..3370513 100644 /* Pause for the tracing */ atomic_t tracing_graph_pause; #endif -@@ -1955,23 +1999,101 @@ struct task_struct { +@@ -1959,23 +2003,101 @@ struct task_struct { #ifdef CONFIG_THREAD_INFO_IN_TASK /* A live task holds one reference. */ atomic_t stack_refcount; @@ -143196,7 +143247,7 @@ index 75d9a57..3370513 100644 #ifdef CONFIG_VMAP_STACK static inline struct vm_struct *task_stack_vm_area(const struct task_struct *t) { -@@ -2096,7 +2218,7 @@ struct pid_namespace; +@@ -2100,7 +2222,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -143205,7 +143256,7 @@ index 75d9a57..3370513 100644 { return tsk->pid; } -@@ -2463,6 +2585,50 @@ extern u64 sched_clock_cpu(int cpu); +@@ -2467,6 +2589,50 @@ extern u64 sched_clock_cpu(int cpu); extern void sched_clock_init(void); @@ -143256,7 +143307,7 @@ index 75d9a57..3370513 100644 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK static inline void sched_clock_tick(void) { -@@ -2655,6 +2821,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2659,6 +2825,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -143264,7 +143315,7 @@ index 75d9a57..3370513 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2686,7 +2853,7 @@ extern void proc_caches_init(void); +@@ -2690,7 +2857,7 @@ extern void proc_caches_init(void); extern void flush_signals(struct task_struct *); extern void ignore_signals(struct task_struct *); extern void flush_signal_handlers(struct task_struct *, int force_default); @@ -143273,7 +143324,7 @@ index 75d9a57..3370513 100644 static inline int kernel_dequeue_signal(siginfo_t *info) { -@@ -2952,7 +3119,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2956,7 +3123,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -143282,7 +143333,7 @@ index 75d9a57..3370513 100644 extern int do_execve(struct filename *, const char __user * const __user *, -@@ -3067,11 +3234,13 @@ static inline int thread_group_empty(struct task_struct *p) +@@ -3071,11 +3238,13 @@ static inline int thread_group_empty(struct task_struct *p) * It must not be nested with write_lock_irq(&tasklist_lock), * neither inside nor outside. */ @@ -143296,7 +143347,7 @@ index 75d9a57..3370513 100644 static inline void task_unlock(struct task_struct *p) { spin_unlock(&p->alloc_lock); -@@ -3145,7 +3314,7 @@ static inline void *task_stack_page(const struct task_struct *task) +@@ -3149,7 +3318,7 @@ static inline void *task_stack_page(const struct task_struct *task) static inline unsigned long *end_of_stack(const struct task_struct *task) { @@ -143305,7 +143356,7 @@ index 75d9a57..3370513 100644 } #elif !defined(__HAVE_THREAD_FUNCTIONS) -@@ -3199,13 +3368,24 @@ static inline void put_task_stack(struct task_struct *tsk) {} +@@ -3203,13 +3372,24 @@ static inline void put_task_stack(struct task_struct *tsk) {} #define task_stack_end_corrupted(task) \ (*(end_of_stack(task)) != STACK_END_MAGIC) @@ -143332,7 +143383,7 @@ index 75d9a57..3370513 100644 extern void thread_stack_cache_init(void); #ifdef CONFIG_DEBUG_STACK_USAGE -@@ -3600,7 +3780,7 @@ static inline unsigned long rlimit_max(unsigned int limit) +@@ -3604,7 +3784,7 @@ static inline unsigned long rlimit_max(unsigned int limit) #ifdef CONFIG_CPU_FREQ struct update_util_data { void (*func)(struct update_util_data *data, u64 time, unsigned int flags); @@ -148159,10 +148210,10 @@ index 4984e1f..a5bf6f5 100644 * ptracer_capable - Determine if the ptracer holds CAP_SYS_PTRACE in the namespace * @tsk: The task that may be ptraced diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 4e2f3de..d50672d 100644 +index a3d2aad..5c0c12d 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -3656,7 +3656,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp, +@@ -3657,7 +3657,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp, key = &cft->lockdep_key; #endif kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name), @@ -148171,7 +148222,7 @@ index 4e2f3de..d50672d 100644 NULL, key); if (IS_ERR(kn)) return PTR_ERR(kn); -@@ -3760,11 +3760,14 @@ static void cgroup_exit_cftypes(struct cftype *cfts) +@@ -3761,11 +3761,14 @@ static void cgroup_exit_cftypes(struct cftype *cfts) /* free copy for custom atomic_write_len, see init_cftypes() */ if (cft->max_write_len && cft->max_write_len != PAGE_SIZE) kfree(cft->kf_ops); @@ -148189,7 +148240,7 @@ index 4e2f3de..d50672d 100644 } } -@@ -3795,8 +3798,10 @@ static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) +@@ -3796,8 +3799,10 @@ static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) kf_ops->atomic_write_len = cft->max_write_len; } @@ -148202,7 +148253,7 @@ index 4e2f3de..d50672d 100644 } return 0; -@@ -3809,7 +3814,7 @@ static int cgroup_rm_cftypes_locked(struct cftype *cfts) +@@ -3810,7 +3815,7 @@ static int cgroup_rm_cftypes_locked(struct cftype *cfts) if (!cfts || !cfts[0].ss) return -ENOENT; @@ -148211,7 +148262,7 @@ index 4e2f3de..d50672d 100644 cgroup_apply_cftypes(cfts, false); cgroup_exit_cftypes(cfts); return 0; -@@ -3866,7 +3871,7 @@ static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) +@@ -3867,7 +3872,7 @@ static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) mutex_lock(&cgroup_mutex); @@ -148220,7 +148271,7 @@ index 4e2f3de..d50672d 100644 ret = cgroup_apply_cftypes(cfts, true); if (ret) cgroup_rm_cftypes_locked(cfts); -@@ -3887,8 +3892,10 @@ int cgroup_add_dfl_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) +@@ -3888,8 +3893,10 @@ int cgroup_add_dfl_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) { struct cftype *cft; @@ -148232,7 +148283,7 @@ index 4e2f3de..d50672d 100644 return cgroup_add_cftypes(ss, cfts); } -@@ -3904,8 +3911,10 @@ int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) +@@ -3905,8 +3912,10 @@ int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) { struct cftype *cft; @@ -148244,7 +148295,7 @@ index 4e2f3de..d50672d 100644 return cgroup_add_cftypes(ss, cfts); } -@@ -6090,6 +6099,9 @@ static void cgroup_release_agent(struct work_struct *work) +@@ -6091,6 +6100,9 @@ static void cgroup_release_agent(struct work_struct *work) if (!pathbuf || !agentbuf) goto out; @@ -148254,7 +148305,7 @@ index 4e2f3de..d50672d 100644 spin_lock_irq(&css_set_lock); ret = cgroup_path_ns_locked(cgrp, pathbuf, PATH_MAX, &init_cgroup_ns); spin_unlock_irq(&css_set_lock); -@@ -6570,7 +6582,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) +@@ -6571,7 +6583,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) struct task_struct *task; int count = 0; @@ -154474,7 +154525,7 @@ index dbafc5d..819bd5d 100644 ret = -EIO; diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index da87b3c..2f63cc9 100644 +index 221eb59..055ddca 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -120,8 +120,9 @@ static void ftrace_ops_list_func(unsigned long ip, unsigned long parent_ip, @@ -154510,7 +154561,7 @@ index da87b3c..2f63cc9 100644 } /* -@@ -4878,8 +4884,10 @@ static int ftrace_process_locs(struct module *mod, +@@ -4890,8 +4896,10 @@ static int ftrace_process_locs(struct module *mod, if (!count) return 0; @@ -154521,7 +154572,7 @@ index da87b3c..2f63cc9 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) -@@ -5295,7 +5303,8 @@ static void ftrace_ops_list_func(unsigned long ip, unsigned long parent_ip, +@@ -5307,7 +5315,8 @@ static void ftrace_ops_list_func(unsigned long ip, unsigned long parent_ip, __ftrace_ops_list_func(ip, parent_ip, NULL, regs); } #else @@ -154531,7 +154582,7 @@ index da87b3c..2f63cc9 100644 { __ftrace_ops_list_func(ip, parent_ip, NULL, NULL); } -@@ -5718,8 +5727,12 @@ int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) +@@ -5739,8 +5748,12 @@ int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) } /* The callbacks that hook a function */ @@ -154546,7 +154597,7 @@ index da87b3c..2f63cc9 100644 trace_func_graph_ent_t ftrace_graph_entry = ftrace_graph_entry_stub; static trace_func_graph_ent_t __ftrace_graph_entry = ftrace_graph_entry_stub; -@@ -5752,7 +5765,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list) +@@ -5773,7 +5786,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list) if (t->ret_stack == NULL) { atomic_set(&t->tracing_graph_pause, 0); @@ -154555,7 +154606,7 @@ index da87b3c..2f63cc9 100644 t->curr_ret_stack = -1; /* Make sure the tasks see the -1 first: */ smp_wmb(); -@@ -5947,7 +5960,7 @@ void unregister_ftrace_graph(void) +@@ -5968,7 +5981,7 @@ void unregister_ftrace_graph(void) goto out; ftrace_graph_active--; @@ -154564,7 +154615,7 @@ index da87b3c..2f63cc9 100644 ftrace_graph_entry = ftrace_graph_entry_stub; __ftrace_graph_entry = ftrace_graph_entry_stub; ftrace_shutdown(&graph_ops, FTRACE_STOP_FUNC_RET); -@@ -5975,7 +5988,7 @@ static void +@@ -5996,7 +6009,7 @@ static void graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack) { atomic_set(&t->tracing_graph_pause, 0); @@ -154917,7 +154968,7 @@ index f30847a..9e62b08 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 90b66ed..c34206c 100644 +index 862bc88..27ebd55 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3883,7 +3883,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -154930,10 +154981,10 @@ index 90b66ed..c34206c 100644 /* do nothing if flag is already set */ if (!!(tr->trace_flags & mask) == !!enabled) diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h -index fd24b1f..bdbb85b 100644 +index b0d8576..6284224 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h -@@ -1615,7 +1615,7 @@ void trace_printk_control(bool enabled); +@@ -1617,7 +1617,7 @@ void trace_printk_control(bool enabled); void trace_printk_init_buffers(void); void trace_printk_start_comm(void); int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set); @@ -157365,7 +157416,7 @@ index 93fb63e..0aa6448 100644 if (end == start) return error; diff --git a/mm/memcontrol.c b/mm/memcontrol.c -index 0de2669..1489e01 100644 +index 47559cc..3c43108 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -701,7 +701,7 @@ static void memcg_check_events(struct mem_cgroup *memcg, struct page *page) @@ -163975,7 +164026,7 @@ index 1cd2ec0..2650ce6 100644 a0 = a[0]; a1 = a[1]; diff --git a/net/core/datagram.c b/net/core/datagram.c -index b7de71f..808387d 100644 +index 963732e..999ed39 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c @@ -360,7 +360,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags) @@ -167277,10 +167328,10 @@ index 3815e85..f6cb55b 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index bff4460..4551e9a 100644 +index 8d6c09f..685bdcf 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -3625,7 +3625,7 @@ struct ctl_table ipv6_route_table_template[] = { +@@ -3627,7 +3627,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -170649,7 +170700,7 @@ index c345bf1..41a50e5 100644 NULL, sctp_cname, sctp_tname, sctp_oname, sctp_pname, }; diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 6cbe5bd..04c4e00 100644 +index 6734420..aa1101c 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4719,7 +4719,7 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv @@ -170661,7 +170712,7 @@ index 6cbe5bd..04c4e00 100644 return -EFAULT; return 0; } -@@ -5139,6 +5139,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -5145,6 +5145,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, ->addr_to_user(sp, &temp); if (space_left < addrlen) return -ENOMEM; @@ -170670,7 +170721,7 @@ index 6cbe5bd..04c4e00 100644 if (copy_to_user(to, &temp, addrlen)) return -EFAULT; to += addrlen; -@@ -7855,6 +7857,10 @@ struct proto sctp_prot = { +@@ -7859,6 +7861,10 @@ struct proto sctp_prot = { .unhash = sctp_unhash, .get_port = sctp_get_port, .obj_size = sizeof(struct sctp_sock), @@ -180580,10 +180631,10 @@ index 0000000..a8039b2 +clean-files += *.so diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable.data b/scripts/gcc-plugins/size_overflow_plugin/disable.data new file mode 100644 -index 0000000..83975f2 +index 0000000..2bb03a6 --- /dev/null +++ b/scripts/gcc-plugins/size_overflow_plugin/disable.data -@@ -0,0 +1,12472 @@ +@@ -0,0 +1,12473 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -193056,6 +193107,7 @@ index 0000000..83975f2 +btrfs_get_token_16_fndecl_46639_fns btrfs_get_token_16 fndecl 0 46639 NULL +btrfs_get_token_64_fndecl_54223_fns btrfs_get_token_64 fndecl 0 54223 NULL +qdisc_tree_reduce_backlog_fndecl_3865_fields qdisc_tree_reduce_backlog fndecl 2 3865 NULL ++user_buffer_offset_binder_proc_17508_fields user_buffer_offset binder_proc 0 17508 NULL diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_aux.data b/scripts/gcc-plugins/size_overflow_plugin/e_aux.data new file mode 100644 index 0000000..74e91b2 @@ -193161,7 +193213,7 @@ index 0000000..74e91b2 +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_fields.data b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data new file mode 100644 -index 0000000..0928e48 +index 0000000..bf44c70 --- /dev/null +++ b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data @@ -0,0 +1,16326 @@ @@ -197522,7 +197574,6 @@ index 0000000..0928e48 +len_tmc_drvdata_17487_fields len tmc_drvdata 0 17487 NULL +mlx4_ib_reg_user_mr_fndecl_17492_fields mlx4_ib_reg_user_mr fndecl 3-2 17492 NULL +qp_memcpy_from_queue_fndecl_17500_fields qp_memcpy_from_queue fndecl 5-4 17500 NULL -+user_buffer_offset_binder_proc_17508_fields user_buffer_offset binder_proc 0 17508 NULL +invalidate_fndecl_17509_fields invalidate fndecl 4-3 17509 NULL +brcmf_fil_iovar_data_set_fndecl_17512_fields brcmf_fil_iovar_data_set fndecl 4 17512 NULL +npages_free_dma_pool_17513_fields npages_free dma_pool 0 17513 NULL nohasharray @@ -198830,6 +198881,7 @@ index 0000000..0928e48 +xprt_alloc_fndecl_22736_fields xprt_alloc fndecl 4-3 22736 NULL +num_fcoe_qps_i40e_pf_22740_fields num_fcoe_qps i40e_pf 0 22740 NULL +iwlagn_pass_packet_to_mac80211_fndecl_22746_fields iwlagn_pass_packet_to_mac80211 fndecl 3 22746 NULL ++iov_iter_revert_fndecl_22771_fields iov_iter_revert fndecl 2 22771 NULL +rambase_brcmf_chip_22773_fields rambase brcmf_chip 0 22773 NULL +efi_memmap_alloc_fndecl_22776_fields efi_memmap_alloc fndecl 1-0 22776 NULL +ndr_mappings_nd_region_22782_fields ndr_mappings nd_region 0 22782 NULL diff --git a/4.9.23/4425_grsec_remove_EI_PAX.patch b/4.9.24/4425_grsec_remove_EI_PAX.patch index 594598a..594598a 100644 --- a/4.9.23/4425_grsec_remove_EI_PAX.patch +++ b/4.9.24/4425_grsec_remove_EI_PAX.patch diff --git a/4.9.23/4426_default_XATTR_PAX_FLAGS.patch b/4.9.24/4426_default_XATTR_PAX_FLAGS.patch index f7e97b5..f7e97b5 100644 --- a/4.9.23/4426_default_XATTR_PAX_FLAGS.patch +++ b/4.9.24/4426_default_XATTR_PAX_FLAGS.patch diff --git a/4.9.23/4427_force_XATTR_PAX_tmpfs.patch b/4.9.24/4427_force_XATTR_PAX_tmpfs.patch index 3871139..3871139 100644 --- a/4.9.23/4427_force_XATTR_PAX_tmpfs.patch +++ b/4.9.24/4427_force_XATTR_PAX_tmpfs.patch diff --git a/4.9.23/4430_grsec-remove-localversion-grsec.patch b/4.9.24/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/4.9.23/4430_grsec-remove-localversion-grsec.patch +++ b/4.9.24/4430_grsec-remove-localversion-grsec.patch diff --git a/4.9.23/4435_grsec-mute-warnings.patch b/4.9.24/4435_grsec-mute-warnings.patch index 8929222..8929222 100644 --- a/4.9.23/4435_grsec-mute-warnings.patch +++ b/4.9.24/4435_grsec-mute-warnings.patch diff --git a/4.9.23/4440_grsec-remove-protected-paths.patch b/4.9.24/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/4.9.23/4440_grsec-remove-protected-paths.patch +++ b/4.9.24/4440_grsec-remove-protected-paths.patch diff --git a/4.9.23/4450_grsec-kconfig-default-gids.patch b/4.9.24/4450_grsec-kconfig-default-gids.patch index cee6e27..cee6e27 100644 --- a/4.9.23/4450_grsec-kconfig-default-gids.patch +++ b/4.9.24/4450_grsec-kconfig-default-gids.patch diff --git a/4.9.23/4465_selinux-avc_audit-log-curr_ip.patch b/4.9.24/4465_selinux-avc_audit-log-curr_ip.patch index 06a5294..06a5294 100644 --- a/4.9.23/4465_selinux-avc_audit-log-curr_ip.patch +++ b/4.9.24/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/4.9.23/4470_disable-compat_vdso.patch b/4.9.24/4470_disable-compat_vdso.patch index a1401d8..a1401d8 100644 --- a/4.9.23/4470_disable-compat_vdso.patch +++ b/4.9.24/4470_disable-compat_vdso.patch diff --git a/4.9.23/4475_emutramp_default_on.patch b/4.9.24/4475_emutramp_default_on.patch index feb8c7b..feb8c7b 100644 --- a/4.9.23/4475_emutramp_default_on.patch +++ b/4.9.24/4475_emutramp_default_on.patch |