diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2016-02-29 03:21:59 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2016-02-29 03:21:59 -0500 |
commit | 475e64940396ac502ed92e463b128f96047001be (patch) | |
tree | e5ae9ad2e50a3a2329907f63584347e0d6455667 | |
parent | grsecurity-3.1-4.4.2-201602182048 (diff) | |
download | hardened-patchset-20160228.tar.gz hardened-patchset-20160228.tar.bz2 hardened-patchset-20160228.zip |
grsecurity-3.1-4.4.3-20160228214920160228
-rw-r--r-- | 4.4.2/1001_linux-4.4.2.patch | 5320 | ||||
-rw-r--r-- | 4.4.3/0000_README (renamed from 4.4.2/0000_README) | 6 | ||||
-rw-r--r-- | 4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch (renamed from 4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch) | 1770 | ||||
-rw-r--r-- | 4.4.3/4425_grsec_remove_EI_PAX.patch (renamed from 4.4.2/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.4.2/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4430_grsec-remove-localversion-grsec.patch (renamed from 4.4.2/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4435_grsec-mute-warnings.patch (renamed from 4.4.2/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4440_grsec-remove-protected-paths.patch (renamed from 4.4.2/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4450_grsec-kconfig-default-gids.patch (renamed from 4.4.2/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.4.2/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4470_disable-compat_vdso.patch (renamed from 4.4.2/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 4.4.3/4475_emutramp_default_on.patch (renamed from 4.4.2/4475_emutramp_default_on.patch) | 0 |
12 files changed, 920 insertions, 6176 deletions
diff --git a/4.4.2/1001_linux-4.4.2.patch b/4.4.2/1001_linux-4.4.2.patch deleted file mode 100644 index d190146..0000000 --- a/4.4.2/1001_linux-4.4.2.patch +++ /dev/null @@ -1,5320 +0,0 @@ -diff --git a/Makefile b/Makefile -index c6a265b..e7a2958 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 4 - PATCHLEVEL = 4 --SUBLEVEL = 1 -+SUBLEVEL = 2 - EXTRAVERSION = - NAME = Blurry Fish Butt - -diff --git a/arch/parisc/include/asm/hugetlb.h b/arch/parisc/include/asm/hugetlb.h -index 7d56a9c..a65d888 100644 ---- a/arch/parisc/include/asm/hugetlb.h -+++ b/arch/parisc/include/asm/hugetlb.h -@@ -54,24 +54,12 @@ static inline pte_t huge_pte_wrprotect(pte_t pte) - return pte_wrprotect(pte); - } - --static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, -- unsigned long addr, pte_t *ptep) --{ -- pte_t old_pte = *ptep; -- set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); --} -+void huge_ptep_set_wrprotect(struct mm_struct *mm, -+ unsigned long addr, pte_t *ptep); - --static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, -+int huge_ptep_set_access_flags(struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, -- pte_t pte, int dirty) --{ -- int changed = !pte_same(*ptep, pte); -- if (changed) { -- set_huge_pte_at(vma->vm_mm, addr, ptep, pte); -- flush_tlb_page(vma, addr); -- } -- return changed; --} -+ pte_t pte, int dirty); - - static inline pte_t huge_ptep_get(pte_t *ptep) - { -diff --git a/arch/parisc/include/uapi/asm/siginfo.h b/arch/parisc/include/uapi/asm/siginfo.h -index d703472..1c75565 100644 ---- a/arch/parisc/include/uapi/asm/siginfo.h -+++ b/arch/parisc/include/uapi/asm/siginfo.h -@@ -1,6 +1,10 @@ - #ifndef _PARISC_SIGINFO_H - #define _PARISC_SIGINFO_H - -+#if defined(__LP64__) -+#define __ARCH_SI_PREAMBLE_SIZE (4 * sizeof(int)) -+#endif -+ - #include <asm-generic/siginfo.h> - - #undef NSIGTRAP -diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c -index f6fdc77..54ba392 100644 ---- a/arch/parisc/mm/hugetlbpage.c -+++ b/arch/parisc/mm/hugetlbpage.c -@@ -105,15 +105,13 @@ static inline void purge_tlb_entries_huge(struct mm_struct *mm, unsigned long ad - addr |= _HUGE_PAGE_SIZE_ENCODING_DEFAULT; - - for (i = 0; i < (1 << (HPAGE_SHIFT-REAL_HPAGE_SHIFT)); i++) { -- mtsp(mm->context, 1); -- pdtlb(addr); -- if (unlikely(split_tlb)) -- pitlb(addr); -+ purge_tlb_entries(mm, addr); - addr += (1UL << REAL_HPAGE_SHIFT); - } - } - --void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, -+/* __set_huge_pte_at() must be called holding the pa_tlb_lock. */ -+static void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - pte_t *ptep, pte_t entry) - { - unsigned long addr_start; -@@ -123,14 +121,9 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - addr_start = addr; - - for (i = 0; i < (1 << HUGETLB_PAGE_ORDER); i++) { -- /* Directly write pte entry. We could call set_pte_at(mm, addr, ptep, entry) -- * instead, but then we get double locking on pa_tlb_lock. */ -- *ptep = entry; -+ set_pte(ptep, entry); - ptep++; - -- /* Drop the PAGE_SIZE/non-huge tlb entry */ -- purge_tlb_entries(mm, addr); -- - addr += PAGE_SIZE; - pte_val(entry) += PAGE_SIZE; - } -@@ -138,18 +131,61 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, - purge_tlb_entries_huge(mm, addr_start); - } - -+void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, -+ pte_t *ptep, pte_t entry) -+{ -+ unsigned long flags; -+ -+ purge_tlb_start(flags); -+ __set_huge_pte_at(mm, addr, ptep, entry); -+ purge_tlb_end(flags); -+} -+ - - pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - pte_t *ptep) - { -+ unsigned long flags; - pte_t entry; - -+ purge_tlb_start(flags); - entry = *ptep; -- set_huge_pte_at(mm, addr, ptep, __pte(0)); -+ __set_huge_pte_at(mm, addr, ptep, __pte(0)); -+ purge_tlb_end(flags); - - return entry; - } - -+ -+void huge_ptep_set_wrprotect(struct mm_struct *mm, -+ unsigned long addr, pte_t *ptep) -+{ -+ unsigned long flags; -+ pte_t old_pte; -+ -+ purge_tlb_start(flags); -+ old_pte = *ptep; -+ __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); -+ purge_tlb_end(flags); -+} -+ -+int huge_ptep_set_access_flags(struct vm_area_struct *vma, -+ unsigned long addr, pte_t *ptep, -+ pte_t pte, int dirty) -+{ -+ unsigned long flags; -+ int changed; -+ -+ purge_tlb_start(flags); -+ changed = !pte_same(*ptep, pte); -+ if (changed) { -+ __set_huge_pte_at(vma->vm_mm, addr, ptep, pte); -+ } -+ purge_tlb_end(flags); -+ return changed; -+} -+ -+ - int pmd_huge(pmd_t pmd) - { - return 0; -diff --git a/arch/x86/crypto/chacha20-ssse3-x86_64.S b/arch/x86/crypto/chacha20-ssse3-x86_64.S -index 712b130..3a33124 100644 ---- a/arch/x86/crypto/chacha20-ssse3-x86_64.S -+++ b/arch/x86/crypto/chacha20-ssse3-x86_64.S -@@ -157,7 +157,9 @@ ENTRY(chacha20_4block_xor_ssse3) - # done with the slightly better performing SSSE3 byte shuffling, - # 7/12-bit word rotation uses traditional shift+OR. - -- sub $0x40,%rsp -+ mov %rsp,%r11 -+ sub $0x80,%rsp -+ and $~63,%rsp - - # x0..15[0-3] = s0..3[0..3] - movq 0x00(%rdi),%xmm1 -@@ -620,6 +622,6 @@ ENTRY(chacha20_4block_xor_ssse3) - pxor %xmm1,%xmm15 - movdqu %xmm15,0xf0(%rsi) - -- add $0x40,%rsp -+ mov %r11,%rsp - ret - ENDPROC(chacha20_4block_xor_ssse3) -diff --git a/block/blk-merge.c b/block/blk-merge.c -index e01405a..b966db8 100644 ---- a/block/blk-merge.c -+++ b/block/blk-merge.c -@@ -68,6 +68,18 @@ static struct bio *blk_bio_write_same_split(struct request_queue *q, - return bio_split(bio, q->limits.max_write_same_sectors, GFP_NOIO, bs); - } - -+static inline unsigned get_max_io_size(struct request_queue *q, -+ struct bio *bio) -+{ -+ unsigned sectors = blk_max_size_offset(q, bio->bi_iter.bi_sector); -+ unsigned mask = queue_logical_block_size(q) - 1; -+ -+ /* aligned to logical block size */ -+ sectors &= ~(mask >> 9); -+ -+ return sectors; -+} -+ - static struct bio *blk_bio_segment_split(struct request_queue *q, - struct bio *bio, - struct bio_set *bs, -@@ -79,11 +91,9 @@ static struct bio *blk_bio_segment_split(struct request_queue *q, - unsigned front_seg_size = bio->bi_seg_front_size; - bool do_split = true; - struct bio *new = NULL; -+ const unsigned max_sectors = get_max_io_size(q, bio); - - bio_for_each_segment(bv, bio, iter) { -- if (sectors + (bv.bv_len >> 9) > queue_max_sectors(q)) -- goto split; -- - /* - * If the queue doesn't support SG gaps and adding this - * offset would create a gap, disallow it. -@@ -91,6 +101,21 @@ static struct bio *blk_bio_segment_split(struct request_queue *q, - if (bvprvp && bvec_gap_to_prev(q, bvprvp, bv.bv_offset)) - goto split; - -+ if (sectors + (bv.bv_len >> 9) > max_sectors) { -+ /* -+ * Consider this a new segment if we're splitting in -+ * the middle of this vector. -+ */ -+ if (nsegs < queue_max_segments(q) && -+ sectors < max_sectors) { -+ nsegs++; -+ sectors = max_sectors; -+ } -+ if (sectors) -+ goto split; -+ /* Make this single bvec as the 1st segment */ -+ } -+ - if (bvprvp && blk_queue_cluster(q)) { - if (seg_size + bv.bv_len > queue_max_segment_size(q)) - goto new_segment; -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index a8e7aa3..f5e18c2 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -76,6 +76,8 @@ int af_alg_register_type(const struct af_alg_type *type) - goto unlock; - - type->ops->owner = THIS_MODULE; -+ if (type->ops_nokey) -+ type->ops_nokey->owner = THIS_MODULE; - node->type = type; - list_add(&node->list, &alg_types); - err = 0; -@@ -125,6 +127,26 @@ int af_alg_release(struct socket *sock) - } - EXPORT_SYMBOL_GPL(af_alg_release); - -+void af_alg_release_parent(struct sock *sk) -+{ -+ struct alg_sock *ask = alg_sk(sk); -+ unsigned int nokey = ask->nokey_refcnt; -+ bool last = nokey && !ask->refcnt; -+ -+ sk = ask->parent; -+ ask = alg_sk(sk); -+ -+ lock_sock(sk); -+ ask->nokey_refcnt -= nokey; -+ if (!last) -+ last = !--ask->refcnt; -+ release_sock(sk); -+ -+ if (last) -+ sock_put(sk); -+} -+EXPORT_SYMBOL_GPL(af_alg_release_parent); -+ - static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) - { - const u32 forbidden = CRYPTO_ALG_INTERNAL; -@@ -133,6 +155,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) - struct sockaddr_alg *sa = (void *)uaddr; - const struct af_alg_type *type; - void *private; -+ int err; - - if (sock->state == SS_CONNECTED) - return -EINVAL; -@@ -160,16 +183,22 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) - return PTR_ERR(private); - } - -+ err = -EBUSY; - lock_sock(sk); -+ if (ask->refcnt | ask->nokey_refcnt) -+ goto unlock; - - swap(ask->type, type); - swap(ask->private, private); - -+ err = 0; -+ -+unlock: - release_sock(sk); - - alg_do_release(type, private); - -- return 0; -+ return err; - } - - static int alg_setkey(struct sock *sk, char __user *ukey, -@@ -202,11 +231,15 @@ static int alg_setsockopt(struct socket *sock, int level, int optname, - struct sock *sk = sock->sk; - struct alg_sock *ask = alg_sk(sk); - const struct af_alg_type *type; -- int err = -ENOPROTOOPT; -+ int err = -EBUSY; - - lock_sock(sk); -+ if (ask->refcnt) -+ goto unlock; -+ - type = ask->type; - -+ err = -ENOPROTOOPT; - if (level != SOL_ALG || !type) - goto unlock; - -@@ -238,6 +271,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) - struct alg_sock *ask = alg_sk(sk); - const struct af_alg_type *type; - struct sock *sk2; -+ unsigned int nokey; - int err; - - lock_sock(sk); -@@ -257,20 +291,29 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) - security_sk_clone(sk, sk2); - - err = type->accept(ask->private, sk2); -- if (err) { -- sk_free(sk2); -+ -+ nokey = err == -ENOKEY; -+ if (nokey && type->accept_nokey) -+ err = type->accept_nokey(ask->private, sk2); -+ -+ if (err) - goto unlock; -- } - - sk2->sk_family = PF_ALG; - -- sock_hold(sk); -+ if (nokey || !ask->refcnt++) -+ sock_hold(sk); -+ ask->nokey_refcnt += nokey; - alg_sk(sk2)->parent = sk; - alg_sk(sk2)->type = type; -+ alg_sk(sk2)->nokey_refcnt = nokey; - - newsock->ops = type->ops; - newsock->state = SS_CONNECTED; - -+ if (nokey) -+ newsock->ops = type->ops_nokey; -+ - err = 0; - - unlock: -diff --git a/crypto/ahash.c b/crypto/ahash.c -index 9c1dc8d..d19b523 100644 ---- a/crypto/ahash.c -+++ b/crypto/ahash.c -@@ -451,6 +451,7 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm) - struct ahash_alg *alg = crypto_ahash_alg(hash); - - hash->setkey = ahash_nosetkey; -+ hash->has_setkey = false; - hash->export = ahash_no_export; - hash->import = ahash_no_import; - -@@ -463,8 +464,10 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm) - hash->finup = alg->finup ?: ahash_def_finup; - hash->digest = alg->digest; - -- if (alg->setkey) -+ if (alg->setkey) { - hash->setkey = alg->setkey; -+ hash->has_setkey = true; -+ } - if (alg->export) - hash->export = alg->export; - if (alg->import) -diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c -index b4c24fe..68a5cea 100644 ---- a/crypto/algif_hash.c -+++ b/crypto/algif_hash.c -@@ -34,6 +34,11 @@ struct hash_ctx { - struct ahash_request req; - }; - -+struct algif_hash_tfm { -+ struct crypto_ahash *hash; -+ bool has_key; -+}; -+ - static int hash_sendmsg(struct socket *sock, struct msghdr *msg, - size_t ignored) - { -@@ -49,7 +54,8 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg, - - lock_sock(sk); - if (!ctx->more) { -- err = crypto_ahash_init(&ctx->req); -+ err = af_alg_wait_for_completion(crypto_ahash_init(&ctx->req), -+ &ctx->completion); - if (err) - goto unlock; - } -@@ -120,6 +126,7 @@ static ssize_t hash_sendpage(struct socket *sock, struct page *page, - } else { - if (!ctx->more) { - err = crypto_ahash_init(&ctx->req); -+ err = af_alg_wait_for_completion(err, &ctx->completion); - if (err) - goto unlock; - } -@@ -235,19 +242,151 @@ static struct proto_ops algif_hash_ops = { - .accept = hash_accept, - }; - -+static int hash_check_key(struct socket *sock) -+{ -+ int err = 0; -+ struct sock *psk; -+ struct alg_sock *pask; -+ struct algif_hash_tfm *tfm; -+ struct sock *sk = sock->sk; -+ struct alg_sock *ask = alg_sk(sk); -+ -+ lock_sock(sk); -+ if (ask->refcnt) -+ goto unlock_child; -+ -+ psk = ask->parent; -+ pask = alg_sk(ask->parent); -+ tfm = pask->private; -+ -+ err = -ENOKEY; -+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING); -+ if (!tfm->has_key) -+ goto unlock; -+ -+ if (!pask->refcnt++) -+ sock_hold(psk); -+ -+ ask->refcnt = 1; -+ sock_put(psk); -+ -+ err = 0; -+ -+unlock: -+ release_sock(psk); -+unlock_child: -+ release_sock(sk); -+ -+ return err; -+} -+ -+static int hash_sendmsg_nokey(struct socket *sock, struct msghdr *msg, -+ size_t size) -+{ -+ int err; -+ -+ err = hash_check_key(sock); -+ if (err) -+ return err; -+ -+ return hash_sendmsg(sock, msg, size); -+} -+ -+static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page, -+ int offset, size_t size, int flags) -+{ -+ int err; -+ -+ err = hash_check_key(sock); -+ if (err) -+ return err; -+ -+ return hash_sendpage(sock, page, offset, size, flags); -+} -+ -+static int hash_recvmsg_nokey(struct socket *sock, struct msghdr *msg, -+ size_t ignored, int flags) -+{ -+ int err; -+ -+ err = hash_check_key(sock); -+ if (err) -+ return err; -+ -+ return hash_recvmsg(sock, msg, ignored, flags); -+} -+ -+static int hash_accept_nokey(struct socket *sock, struct socket *newsock, -+ int flags) -+{ -+ int err; -+ -+ err = hash_check_key(sock); -+ if (err) -+ return err; -+ -+ return hash_accept(sock, newsock, flags); -+} -+ -+static struct proto_ops algif_hash_ops_nokey = { -+ .family = PF_ALG, -+ -+ .connect = sock_no_connect, -+ .socketpair = sock_no_socketpair, -+ .getname = sock_no_getname, -+ .ioctl = sock_no_ioctl, -+ .listen = sock_no_listen, -+ .shutdown = sock_no_shutdown, -+ .getsockopt = sock_no_getsockopt, -+ .mmap = sock_no_mmap, -+ .bind = sock_no_bind, -+ .setsockopt = sock_no_setsockopt, -+ .poll = sock_no_poll, -+ -+ .release = af_alg_release, -+ .sendmsg = hash_sendmsg_nokey, -+ .sendpage = hash_sendpage_nokey, -+ .recvmsg = hash_recvmsg_nokey, -+ .accept = hash_accept_nokey, -+}; -+ - static void *hash_bind(const char *name, u32 type, u32 mask) - { -- return crypto_alloc_ahash(name, type, mask); -+ struct algif_hash_tfm *tfm; -+ struct crypto_ahash *hash; -+ -+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); -+ if (!tfm) -+ return ERR_PTR(-ENOMEM); -+ -+ hash = crypto_alloc_ahash(name, type, mask); -+ if (IS_ERR(hash)) { -+ kfree(tfm); -+ return ERR_CAST(hash); -+ } -+ -+ tfm->hash = hash; -+ -+ return tfm; - } - - static void hash_release(void *private) - { -- crypto_free_ahash(private); -+ struct algif_hash_tfm *tfm = private; -+ -+ crypto_free_ahash(tfm->hash); -+ kfree(tfm); - } - - static int hash_setkey(void *private, const u8 *key, unsigned int keylen) - { -- return crypto_ahash_setkey(private, key, keylen); -+ struct algif_hash_tfm *tfm = private; -+ int err; -+ -+ err = crypto_ahash_setkey(tfm->hash, key, keylen); -+ tfm->has_key = !err; -+ -+ return err; - } - - static void hash_sock_destruct(struct sock *sk) -@@ -261,12 +400,14 @@ static void hash_sock_destruct(struct sock *sk) - af_alg_release_parent(sk); - } - --static int hash_accept_parent(void *private, struct sock *sk) -+static int hash_accept_parent_nokey(void *private, struct sock *sk) - { - struct hash_ctx *ctx; - struct alg_sock *ask = alg_sk(sk); -- unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(private); -- unsigned ds = crypto_ahash_digestsize(private); -+ struct algif_hash_tfm *tfm = private; -+ struct crypto_ahash *hash = tfm->hash; -+ unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(hash); -+ unsigned ds = crypto_ahash_digestsize(hash); - - ctx = sock_kmalloc(sk, len, GFP_KERNEL); - if (!ctx) -@@ -286,7 +427,7 @@ static int hash_accept_parent(void *private, struct sock *sk) - - ask->private = ctx; - -- ahash_request_set_tfm(&ctx->req, private); -+ ahash_request_set_tfm(&ctx->req, hash); - ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, - af_alg_complete, &ctx->completion); - -@@ -295,12 +436,24 @@ static int hash_accept_parent(void *private, struct sock *sk) - return 0; - } - -+static int hash_accept_parent(void *private, struct sock *sk) -+{ -+ struct algif_hash_tfm *tfm = private; -+ -+ if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash)) -+ return -ENOKEY; -+ -+ return hash_accept_parent_nokey(private, sk); -+} -+ - static const struct af_alg_type algif_type_hash = { - .bind = hash_bind, - .release = hash_release, - .setkey = hash_setkey, - .accept = hash_accept_parent, -+ .accept_nokey = hash_accept_parent_nokey, - .ops = &algif_hash_ops, -+ .ops_nokey = &algif_hash_ops_nokey, - .name = "hash", - .owner = THIS_MODULE - }; -diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c -index 634b4d1..f5e9f93 100644 ---- a/crypto/algif_skcipher.c -+++ b/crypto/algif_skcipher.c -@@ -31,6 +31,11 @@ struct skcipher_sg_list { - struct scatterlist sg[0]; - }; - -+struct skcipher_tfm { -+ struct crypto_skcipher *skcipher; -+ bool has_key; -+}; -+ - struct skcipher_ctx { - struct list_head tsgl; - struct af_alg_sgl rsgl; -@@ -60,18 +65,10 @@ struct skcipher_async_req { - struct skcipher_async_rsgl first_sgl; - struct list_head list; - struct scatterlist *tsg; -- char iv[]; -+ atomic_t *inflight; -+ struct skcipher_request req; - }; - --#define GET_SREQ(areq, ctx) (struct skcipher_async_req *)((char *)areq + \ -- crypto_skcipher_reqsize(crypto_skcipher_reqtfm(&ctx->req))) -- --#define GET_REQ_SIZE(ctx) \ -- crypto_skcipher_reqsize(crypto_skcipher_reqtfm(&ctx->req)) -- --#define GET_IV_SIZE(ctx) \ -- crypto_skcipher_ivsize(crypto_skcipher_reqtfm(&ctx->req)) -- - #define MAX_SGL_ENTS ((4096 - sizeof(struct skcipher_sg_list)) / \ - sizeof(struct scatterlist) - 1) - -@@ -97,15 +94,12 @@ static void skcipher_free_async_sgls(struct skcipher_async_req *sreq) - - static void skcipher_async_cb(struct crypto_async_request *req, int err) - { -- struct sock *sk = req->data; -- struct alg_sock *ask = alg_sk(sk); -- struct skcipher_ctx *ctx = ask->private; -- struct skcipher_async_req *sreq = GET_SREQ(req, ctx); -+ struct skcipher_async_req *sreq = req->data; - struct kiocb *iocb = sreq->iocb; - -- atomic_dec(&ctx->inflight); -+ atomic_dec(sreq->inflight); - skcipher_free_async_sgls(sreq); -- kfree(req); -+ kzfree(sreq); - iocb->ki_complete(iocb, err, err); - } - -@@ -301,8 +295,11 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, - { - struct sock *sk = sock->sk; - struct alg_sock *ask = alg_sk(sk); -+ struct sock *psk = ask->parent; -+ struct alg_sock *pask = alg_sk(psk); - struct skcipher_ctx *ctx = ask->private; -- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req); -+ struct skcipher_tfm *skc = pask->private; -+ struct crypto_skcipher *tfm = skc->skcipher; - unsigned ivsize = crypto_skcipher_ivsize(tfm); - struct skcipher_sg_list *sgl; - struct af_alg_control con = {}; -@@ -387,7 +384,8 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg, - - sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list); - sg = sgl->sg; -- sg_unmark_end(sg + sgl->cur); -+ if (sgl->cur) -+ sg_unmark_end(sg + sgl->cur - 1); - do { - i = sgl->cur; - plen = min_t(int, len, PAGE_SIZE); -@@ -503,37 +501,43 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg, - { - struct sock *sk = sock->sk; - struct alg_sock *ask = alg_sk(sk); -+ struct sock *psk = ask->parent; -+ struct alg_sock *pask = alg_sk(psk); - struct skcipher_ctx *ctx = ask->private; -+ struct skcipher_tfm *skc = pask->private; -+ struct crypto_skcipher *tfm = skc->skcipher; - struct skcipher_sg_list *sgl; - struct scatterlist *sg; - struct skcipher_async_req *sreq; - struct skcipher_request *req; - struct skcipher_async_rsgl *last_rsgl = NULL; -- unsigned int txbufs = 0, len = 0, tx_nents = skcipher_all_sg_nents(ctx); -- unsigned int reqlen = sizeof(struct skcipher_async_req) + -- GET_REQ_SIZE(ctx) + GET_IV_SIZE(ctx); -+ unsigned int txbufs = 0, len = 0, tx_nents; -+ unsigned int reqsize = crypto_skcipher_reqsize(tfm); -+ unsigned int ivsize = crypto_skcipher_ivsize(tfm); - int err = -ENOMEM; - bool mark = false; -+ char *iv; - -- lock_sock(sk); -- req = kmalloc(reqlen, GFP_KERNEL); -- if (unlikely(!req)) -- goto unlock; -+ sreq = kzalloc(sizeof(*sreq) + reqsize + ivsize, GFP_KERNEL); -+ if (unlikely(!sreq)) -+ goto out; - -- sreq = GET_SREQ(req, ctx); -+ req = &sreq->req; -+ iv = (char *)(req + 1) + reqsize; - sreq->iocb = msg->msg_iocb; -- memset(&sreq->first_sgl, '\0', sizeof(struct skcipher_async_rsgl)); - INIT_LIST_HEAD(&sreq->list); -+ sreq->inflight = &ctx->inflight; -+ -+ lock_sock(sk); -+ tx_nents = skcipher_all_sg_nents(ctx); - sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL); -- if (unlikely(!sreq->tsg)) { -- kfree(req); -+ if (unlikely(!sreq->tsg)) - goto unlock; -- } - sg_init_table(sreq->tsg, tx_nents); -- memcpy(sreq->iv, ctx->iv, GET_IV_SIZE(ctx)); -- skcipher_request_set_tfm(req, crypto_skcipher_reqtfm(&ctx->req)); -- skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, -- skcipher_async_cb, sk); -+ memcpy(iv, ctx->iv, ivsize); -+ skcipher_request_set_tfm(req, tfm); -+ skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, -+ skcipher_async_cb, sreq); - - while (iov_iter_count(&msg->msg_iter)) { - struct skcipher_async_rsgl *rsgl; -@@ -609,20 +613,22 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg, - sg_mark_end(sreq->tsg + txbufs - 1); - - skcipher_request_set_crypt(req, sreq->tsg, sreq->first_sgl.sgl.sg, -- len, sreq->iv); -+ len, iv); - err = ctx->enc ? crypto_skcipher_encrypt(req) : - crypto_skcipher_decrypt(req); - if (err == -EINPROGRESS) { - atomic_inc(&ctx->inflight); - err = -EIOCBQUEUED; -+ sreq = NULL; - goto unlock; - } - free: - skcipher_free_async_sgls(sreq); -- kfree(req); - unlock: - skcipher_wmem_wakeup(sk); - release_sock(sk); -+ kzfree(sreq); -+out: - return err; - } - -@@ -631,9 +637,12 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg, - { - struct sock *sk = sock->sk; - struct alg_sock *ask = alg_sk(sk); -+ struct sock *psk = ask->parent; -+ struct alg_sock *pask = alg_sk(psk); - struct skcipher_ctx *ctx = ask->private; -- unsigned bs = crypto_skcipher_blocksize(crypto_skcipher_reqtfm( -- &ctx->req)); -+ struct skcipher_tfm *skc = pask->private; -+ struct crypto_skcipher *tfm = skc->skcipher; -+ unsigned bs = crypto_skcipher_blocksize(tfm); - struct skcipher_sg_list *sgl; - struct scatterlist *sg; - int err = -EAGAIN; -@@ -642,13 +651,6 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg, - - lock_sock(sk); - while (msg_data_left(msg)) { -- sgl = list_first_entry(&ctx->tsgl, -- struct skcipher_sg_list, list); -- sg = sgl->sg; -- -- while (!sg->length) -- sg++; -- - if (!ctx->used) { - err = skcipher_wait_for_data(sk, flags); - if (err) -@@ -669,6 +671,13 @@ static int skcipher_recvmsg_sync(struct socket *sock, struct msghdr *msg, - if (!used) - goto free; - -+ sgl = list_first_entry(&ctx->tsgl, -+ struct skcipher_sg_list, list); -+ sg = sgl->sg; -+ -+ while (!sg->length) -+ sg++; -+ - skcipher_request_set_crypt(&ctx->req, sg, ctx->rsgl.sg, used, - ctx->iv); - -@@ -748,19 +757,139 @@ static struct proto_ops algif_skcipher_ops = { - .poll = skcipher_poll, - }; - -+static int skcipher_check_key(struct socket *sock) -+{ -+ int err = 0; -+ struct sock *psk; -+ struct alg_sock *pask; -+ struct skcipher_tfm *tfm; -+ struct sock *sk = sock->sk; -+ struct alg_sock *ask = alg_sk(sk); -+ -+ lock_sock(sk); -+ if (ask->refcnt) -+ goto unlock_child; -+ -+ psk = ask->parent; -+ pask = alg_sk(ask->parent); -+ tfm = pask->private; -+ -+ err = -ENOKEY; -+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING); -+ if (!tfm->has_key) -+ goto unlock; -+ -+ if (!pask->refcnt++) -+ sock_hold(psk); -+ -+ ask->refcnt = 1; -+ sock_put(psk); -+ -+ err = 0; -+ -+unlock: -+ release_sock(psk); -+unlock_child: -+ release_sock(sk); -+ -+ return err; -+} -+ -+static int skcipher_sendmsg_nokey(struct socket *sock, struct msghdr *msg, -+ size_t size) -+{ -+ int err; -+ -+ err = skcipher_check_key(sock); -+ if (err) -+ return err; -+ -+ return skcipher_sendmsg(sock, msg, size); -+} -+ -+static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page, -+ int offset, size_t size, int flags) -+{ -+ int err; -+ -+ err = skcipher_check_key(sock); -+ if (err) -+ return err; -+ -+ return skcipher_sendpage(sock, page, offset, size, flags); -+} -+ -+static int skcipher_recvmsg_nokey(struct socket *sock, struct msghdr *msg, -+ size_t ignored, int flags) -+{ -+ int err; -+ -+ err = skcipher_check_key(sock); -+ if (err) -+ return err; -+ -+ return skcipher_recvmsg(sock, msg, ignored, flags); -+} -+ -+static struct proto_ops algif_skcipher_ops_nokey = { -+ .family = PF_ALG, -+ -+ .connect = sock_no_connect, -+ .socketpair = sock_no_socketpair, -+ .getname = sock_no_getname, -+ .ioctl = sock_no_ioctl, -+ .listen = sock_no_listen, -+ .shutdown = sock_no_shutdown, -+ .getsockopt = sock_no_getsockopt, -+ .mmap = sock_no_mmap, -+ .bind = sock_no_bind, -+ .accept = sock_no_accept, -+ .setsockopt = sock_no_setsockopt, -+ -+ .release = af_alg_release, -+ .sendmsg = skcipher_sendmsg_nokey, -+ .sendpage = skcipher_sendpage_nokey, -+ .recvmsg = skcipher_recvmsg_nokey, -+ .poll = skcipher_poll, -+}; -+ - static void *skcipher_bind(const char *name, u32 type, u32 mask) - { -- return crypto_alloc_skcipher(name, type, mask); -+ struct skcipher_tfm *tfm; -+ struct crypto_skcipher *skcipher; -+ -+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL); -+ if (!tfm) -+ return ERR_PTR(-ENOMEM); -+ -+ skcipher = crypto_alloc_skcipher(name, type, mask); -+ if (IS_ERR(skcipher)) { -+ kfree(tfm); -+ return ERR_CAST(skcipher); -+ } -+ -+ tfm->skcipher = skcipher; -+ -+ return tfm; - } - - static void skcipher_release(void *private) - { -- crypto_free_skcipher(private); -+ struct skcipher_tfm *tfm = private; -+ -+ crypto_free_skcipher(tfm->skcipher); -+ kfree(tfm); - } - - static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen) - { -- return crypto_skcipher_setkey(private, key, keylen); -+ struct skcipher_tfm *tfm = private; -+ int err; -+ -+ err = crypto_skcipher_setkey(tfm->skcipher, key, keylen); -+ tfm->has_key = !err; -+ -+ return err; - } - - static void skcipher_wait(struct sock *sk) -@@ -788,24 +917,26 @@ static void skcipher_sock_destruct(struct sock *sk) - af_alg_release_parent(sk); - } - --static int skcipher_accept_parent(void *private, struct sock *sk) -+static int skcipher_accept_parent_nokey(void *private, struct sock *sk) - { - struct skcipher_ctx *ctx; - struct alg_sock *ask = alg_sk(sk); -- unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(private); -+ struct skcipher_tfm *tfm = private; -+ struct crypto_skcipher *skcipher = tfm->skcipher; -+ unsigned int len = sizeof(*ctx) + crypto_skcipher_reqsize(skcipher); - - ctx = sock_kmalloc(sk, len, GFP_KERNEL); - if (!ctx) - return -ENOMEM; - -- ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(private), -+ ctx->iv = sock_kmalloc(sk, crypto_skcipher_ivsize(skcipher), - GFP_KERNEL); - if (!ctx->iv) { - sock_kfree_s(sk, ctx, len); - return -ENOMEM; - } - -- memset(ctx->iv, 0, crypto_skcipher_ivsize(private)); -+ memset(ctx->iv, 0, crypto_skcipher_ivsize(skcipher)); - - INIT_LIST_HEAD(&ctx->tsgl); - ctx->len = len; -@@ -818,8 +949,9 @@ static int skcipher_accept_parent(void *private, struct sock *sk) - - ask->private = ctx; - -- skcipher_request_set_tfm(&ctx->req, private); -- skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG, -+ skcipher_request_set_tfm(&ctx->req, skcipher); -+ skcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_SLEEP | -+ CRYPTO_TFM_REQ_MAY_BACKLOG, - af_alg_complete, &ctx->completion); - - sk->sk_destruct = skcipher_sock_destruct; -@@ -827,12 +959,24 @@ static int skcipher_accept_parent(void *private, struct sock *sk) - return 0; - } - -+static int skcipher_accept_parent(void *private, struct sock *sk) -+{ -+ struct skcipher_tfm *tfm = private; -+ -+ if (!tfm->has_key && crypto_skcipher_has_setkey(tfm->skcipher)) -+ return -ENOKEY; -+ -+ return skcipher_accept_parent_nokey(private, sk); -+} -+ - static const struct af_alg_type algif_type_skcipher = { - .bind = skcipher_bind, - .release = skcipher_release, - .setkey = skcipher_setkey, - .accept = skcipher_accept_parent, -+ .accept_nokey = skcipher_accept_parent_nokey, - .ops = &algif_skcipher_ops, -+ .ops_nokey = &algif_skcipher_ops_nokey, - .name = "skcipher", - .owner = THIS_MODULE - }; -diff --git a/crypto/crc32c_generic.c b/crypto/crc32c_generic.c -index 06f1b60..4c0a0e2 100644 ---- a/crypto/crc32c_generic.c -+++ b/crypto/crc32c_generic.c -@@ -172,4 +172,3 @@ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c"); - MODULE_LICENSE("GPL"); - MODULE_ALIAS_CRYPTO("crc32c"); - MODULE_ALIAS_CRYPTO("crc32c-generic"); --MODULE_SOFTDEP("pre: crc32c"); -diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c -index 237f379..43fe85f 100644 ---- a/crypto/crypto_user.c -+++ b/crypto/crypto_user.c -@@ -499,6 +499,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - if (link->dump == NULL) - return -EINVAL; - -+ down_read(&crypto_alg_sem); - list_for_each_entry(alg, &crypto_alg_list, cra_list) - dump_alloc += CRYPTO_REPORT_MAXSIZE; - -@@ -508,8 +509,11 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - .done = link->done, - .min_dump_alloc = dump_alloc, - }; -- return netlink_dump_start(crypto_nlsk, skb, nlh, &c); -+ err = netlink_dump_start(crypto_nlsk, skb, nlh, &c); - } -+ up_read(&crypto_alg_sem); -+ -+ return err; - } - - err = nlmsg_parse(nlh, crypto_msg_min[type], attrs, CRYPTOCFGA_MAX, -diff --git a/crypto/shash.c b/crypto/shash.c -index ecb1e3d..3597545 100644 ---- a/crypto/shash.c -+++ b/crypto/shash.c -@@ -354,9 +354,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm) - crt->final = shash_async_final; - crt->finup = shash_async_finup; - crt->digest = shash_async_digest; -+ crt->setkey = shash_async_setkey; -+ -+ crt->has_setkey = alg->setkey != shash_no_setkey; - -- if (alg->setkey) -- crt->setkey = shash_async_setkey; - if (alg->export) - crt->export = shash_async_export; - if (alg->import) -diff --git a/crypto/skcipher.c b/crypto/skcipher.c -index 7591928..d199c0b 100644 ---- a/crypto/skcipher.c -+++ b/crypto/skcipher.c -@@ -118,6 +118,7 @@ static int crypto_init_skcipher_ops_blkcipher(struct crypto_tfm *tfm) - skcipher->decrypt = skcipher_decrypt_blkcipher; - - skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher); -+ skcipher->has_setkey = calg->cra_blkcipher.max_keysize; - - return 0; - } -@@ -210,6 +211,7 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm) - skcipher->ivsize = crypto_ablkcipher_ivsize(ablkcipher); - skcipher->reqsize = crypto_ablkcipher_reqsize(ablkcipher) + - sizeof(struct ablkcipher_request); -+ skcipher->has_setkey = calg->cra_ablkcipher.max_keysize; - - return 0; - } -diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c -index cdfbcc5..99921aa 100644 ---- a/drivers/ata/ahci.c -+++ b/drivers/ata/ahci.c -@@ -264,6 +264,26 @@ static const struct pci_device_id ahci_pci_tbl[] = { - { PCI_VDEVICE(INTEL, 0x3b2b), board_ahci }, /* PCH RAID */ - { PCI_VDEVICE(INTEL, 0x3b2c), board_ahci }, /* PCH RAID */ - { PCI_VDEVICE(INTEL, 0x3b2f), board_ahci }, /* PCH AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b0), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b1), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b2), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b3), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b4), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b5), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b6), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19b7), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19bE), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19bF), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c0), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c1), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c2), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c3), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c4), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c5), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c6), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19c7), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19cE), board_ahci }, /* DNV AHCI */ -+ { PCI_VDEVICE(INTEL, 0x19cF), board_ahci }, /* DNV AHCI */ - { PCI_VDEVICE(INTEL, 0x1c02), board_ahci }, /* CPT AHCI */ - { PCI_VDEVICE(INTEL, 0x1c03), board_ahci }, /* CPT AHCI */ - { PCI_VDEVICE(INTEL, 0x1c04), board_ahci }, /* CPT RAID */ -diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index 4665512..1f225cc 100644 ---- a/drivers/ata/libahci.c -+++ b/drivers/ata/libahci.c -@@ -495,8 +495,8 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv) - } - } - -- /* fabricate port_map from cap.nr_ports */ -- if (!port_map) { -+ /* fabricate port_map from cap.nr_ports for < AHCI 1.3 */ -+ if (!port_map && vers < 0x10300) { - port_map = (1 << ahci_nr_ports(cap)) - 1; - dev_warn(dev, "forcing PORTS_IMPL to 0x%x\n", port_map); - -diff --git a/drivers/base/platform.c b/drivers/base/platform.c -index 1dd6d3b..176b59f 100644 ---- a/drivers/base/platform.c -+++ b/drivers/base/platform.c -@@ -513,10 +513,15 @@ static int platform_drv_probe(struct device *_dev) - return ret; - - ret = dev_pm_domain_attach(_dev, true); -- if (ret != -EPROBE_DEFER && drv->probe) { -- ret = drv->probe(dev); -- if (ret) -- dev_pm_domain_detach(_dev, true); -+ if (ret != -EPROBE_DEFER) { -+ if (drv->probe) { -+ ret = drv->probe(dev); -+ if (ret) -+ dev_pm_domain_detach(_dev, true); -+ } else { -+ /* don't fail if just dev_pm_domain_attach failed */ -+ ret = 0; -+ } - } - - if (drv->prevent_deferred_probe && ret == -EPROBE_DEFER) { -diff --git a/drivers/block/zram/zcomp.c b/drivers/block/zram/zcomp.c -index 5cb13ca..c536177 100644 ---- a/drivers/block/zram/zcomp.c -+++ b/drivers/block/zram/zcomp.c -@@ -76,7 +76,7 @@ static void zcomp_strm_free(struct zcomp *comp, struct zcomp_strm *zstrm) - */ - static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp) - { -- struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_KERNEL); -+ struct zcomp_strm *zstrm = kmalloc(sizeof(*zstrm), GFP_NOIO); - if (!zstrm) - return NULL; - -@@ -85,7 +85,7 @@ static struct zcomp_strm *zcomp_strm_alloc(struct zcomp *comp) - * allocate 2 pages. 1 for compressed data, plus 1 extra for the - * case when compressed size is larger than the original one - */ -- zstrm->buffer = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, 1); -+ zstrm->buffer = (void *)__get_free_pages(GFP_NOIO | __GFP_ZERO, 1); - if (!zstrm->private || !zstrm->buffer) { - zcomp_strm_free(comp, zstrm); - zstrm = NULL; -diff --git a/drivers/block/zram/zcomp_lz4.c b/drivers/block/zram/zcomp_lz4.c -index f2afb7e..dd60831 100644 ---- a/drivers/block/zram/zcomp_lz4.c -+++ b/drivers/block/zram/zcomp_lz4.c -@@ -10,17 +10,36 @@ - #include <linux/kernel.h> - #include <linux/slab.h> - #include <linux/lz4.h> -+#include <linux/vmalloc.h> -+#include <linux/mm.h> - - #include "zcomp_lz4.h" - - static void *zcomp_lz4_create(void) - { -- return kzalloc(LZ4_MEM_COMPRESS, GFP_KERNEL); -+ void *ret; -+ -+ /* -+ * This function can be called in swapout/fs write path -+ * so we can't use GFP_FS|IO. And it assumes we already -+ * have at least one stream in zram initialization so we -+ * don't do best effort to allocate more stream in here. -+ * A default stream will work well without further multiple -+ * streams. That's why we use NORETRY | NOWARN. -+ */ -+ ret = kzalloc(LZ4_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY | -+ __GFP_NOWARN); -+ if (!ret) -+ ret = __vmalloc(LZ4_MEM_COMPRESS, -+ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN | -+ __GFP_ZERO | __GFP_HIGHMEM, -+ PAGE_KERNEL); -+ return ret; - } - - static void zcomp_lz4_destroy(void *private) - { -- kfree(private); -+ kvfree(private); - } - - static int zcomp_lz4_compress(const unsigned char *src, unsigned char *dst, -diff --git a/drivers/block/zram/zcomp_lzo.c b/drivers/block/zram/zcomp_lzo.c -index da1bc47..edc5499 100644 ---- a/drivers/block/zram/zcomp_lzo.c -+++ b/drivers/block/zram/zcomp_lzo.c -@@ -10,17 +10,36 @@ - #include <linux/kernel.h> - #include <linux/slab.h> - #include <linux/lzo.h> -+#include <linux/vmalloc.h> -+#include <linux/mm.h> - - #include "zcomp_lzo.h" - - static void *lzo_create(void) - { -- return kzalloc(LZO1X_MEM_COMPRESS, GFP_KERNEL); -+ void *ret; -+ -+ /* -+ * This function can be called in swapout/fs write path -+ * so we can't use GFP_FS|IO. And it assumes we already -+ * have at least one stream in zram initialization so we -+ * don't do best effort to allocate more stream in here. -+ * A default stream will work well without further multiple -+ * streams. That's why we use NORETRY | NOWARN. -+ */ -+ ret = kzalloc(LZO1X_MEM_COMPRESS, GFP_NOIO | __GFP_NORETRY | -+ __GFP_NOWARN); -+ if (!ret) -+ ret = __vmalloc(LZO1X_MEM_COMPRESS, -+ GFP_NOIO | __GFP_NORETRY | __GFP_NOWARN | -+ __GFP_ZERO | __GFP_HIGHMEM, -+ PAGE_KERNEL); -+ return ret; - } - - static void lzo_destroy(void *private) - { -- kfree(private); -+ kvfree(private); - } - - static int lzo_compress(const unsigned char *src, unsigned char *dst, -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 47915d7..370c2f7 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1325,7 +1325,6 @@ static int zram_remove(struct zram *zram) - - pr_info("Removed device: %s\n", zram->disk->disk_name); - -- idr_remove(&zram_index_idr, zram->disk->first_minor); - blk_cleanup_queue(zram->disk->queue); - del_gendisk(zram->disk); - put_disk(zram->disk); -@@ -1367,10 +1366,12 @@ static ssize_t hot_remove_store(struct class *class, - mutex_lock(&zram_index_mutex); - - zram = idr_find(&zram_index_idr, dev_id); -- if (zram) -+ if (zram) { - ret = zram_remove(zram); -- else -+ idr_remove(&zram_index_idr, dev_id); -+ } else { - ret = -ENODEV; -+ } - - mutex_unlock(&zram_index_mutex); - return ret ? ret : count; -diff --git a/drivers/crypto/atmel-sha.c b/drivers/crypto/atmel-sha.c -index 660d8c0..3178f84 100644 ---- a/drivers/crypto/atmel-sha.c -+++ b/drivers/crypto/atmel-sha.c -@@ -783,7 +783,7 @@ static void atmel_sha_finish_req(struct ahash_request *req, int err) - dd->flags &= ~(SHA_FLAGS_BUSY | SHA_FLAGS_FINAL | SHA_FLAGS_CPU | - SHA_FLAGS_DMA_READY | SHA_FLAGS_OUTPUT_READY); - -- clk_disable_unprepare(dd->iclk); -+ clk_disable(dd->iclk); - - if (req->base.complete) - req->base.complete(&req->base, err); -@@ -796,7 +796,7 @@ static int atmel_sha_hw_init(struct atmel_sha_dev *dd) - { - int err; - -- err = clk_prepare_enable(dd->iclk); -+ err = clk_enable(dd->iclk); - if (err) - return err; - -@@ -823,7 +823,7 @@ static void atmel_sha_hw_version_init(struct atmel_sha_dev *dd) - dev_info(dd->dev, - "version: 0x%x\n", dd->hw_version); - -- clk_disable_unprepare(dd->iclk); -+ clk_disable(dd->iclk); - } - - static int atmel_sha_handle_queue(struct atmel_sha_dev *dd, -@@ -1411,6 +1411,10 @@ static int atmel_sha_probe(struct platform_device *pdev) - goto res_err; - } - -+ err = clk_prepare(sha_dd->iclk); -+ if (err) -+ goto res_err; -+ - atmel_sha_hw_version_init(sha_dd); - - atmel_sha_get_cap(sha_dd); -@@ -1422,12 +1426,12 @@ static int atmel_sha_probe(struct platform_device *pdev) - if (IS_ERR(pdata)) { - dev_err(&pdev->dev, "platform data not available\n"); - err = PTR_ERR(pdata); -- goto res_err; -+ goto iclk_unprepare; - } - } - if (!pdata->dma_slave) { - err = -ENXIO; -- goto res_err; -+ goto iclk_unprepare; - } - err = atmel_sha_dma_init(sha_dd, pdata); - if (err) -@@ -1458,6 +1462,8 @@ err_algs: - if (sha_dd->caps.has_dma) - atmel_sha_dma_cleanup(sha_dd); - err_sha_dma: -+iclk_unprepare: -+ clk_unprepare(sha_dd->iclk); - res_err: - tasklet_kill(&sha_dd->done_task); - sha_dd_err: -@@ -1484,12 +1490,7 @@ static int atmel_sha_remove(struct platform_device *pdev) - if (sha_dd->caps.has_dma) - atmel_sha_dma_cleanup(sha_dd); - -- iounmap(sha_dd->io_base); -- -- clk_put(sha_dd->iclk); -- -- if (sha_dd->irq >= 0) -- free_irq(sha_dd->irq, sha_dd); -+ clk_unprepare(sha_dd->iclk); - - return 0; - } -diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c -index 8abb4bc..69d4a13 100644 ---- a/drivers/crypto/caam/ctrl.c -+++ b/drivers/crypto/caam/ctrl.c -@@ -534,8 +534,8 @@ static int caam_probe(struct platform_device *pdev) - * long pointers in master configuration register - */ - clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK, MCFGR_AWCACHE_CACH | -- MCFGR_WDENABLE | (sizeof(dma_addr_t) == sizeof(u64) ? -- MCFGR_LONG_PTR : 0)); -+ MCFGR_AWCACHE_BUFF | MCFGR_WDENABLE | -+ (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0)); - - /* - * Read the Compile Time paramters and SCFGR to determine -diff --git a/drivers/crypto/marvell/cesa.c b/drivers/crypto/marvell/cesa.c -index 0643e33..c0656e7 100644 ---- a/drivers/crypto/marvell/cesa.c -+++ b/drivers/crypto/marvell/cesa.c -@@ -306,7 +306,7 @@ static int mv_cesa_dev_dma_init(struct mv_cesa_dev *cesa) - return -ENOMEM; - - dma->padding_pool = dmam_pool_create("cesa_padding", dev, 72, 1, 0); -- if (!dma->cache_pool) -+ if (!dma->padding_pool) - return -ENOMEM; - - cesa->dma = dma; -diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-core.c b/drivers/crypto/sunxi-ss/sun4i-ss-core.c -index eab6fe2..107cd2a 100644 ---- a/drivers/crypto/sunxi-ss/sun4i-ss-core.c -+++ b/drivers/crypto/sunxi-ss/sun4i-ss-core.c -@@ -39,6 +39,7 @@ static struct sun4i_ss_alg_template ss_algs[] = { - .import = sun4i_hash_import_md5, - .halg = { - .digestsize = MD5_DIGEST_SIZE, -+ .statesize = sizeof(struct md5_state), - .base = { - .cra_name = "md5", - .cra_driver_name = "md5-sun4i-ss", -@@ -66,6 +67,7 @@ static struct sun4i_ss_alg_template ss_algs[] = { - .import = sun4i_hash_import_sha1, - .halg = { - .digestsize = SHA1_DIGEST_SIZE, -+ .statesize = sizeof(struct sha1_state), - .base = { - .cra_name = "sha1", - .cra_driver_name = "sha1-sun4i-ss", -diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c -index 3d664d0..2b8ff18 100644 ---- a/drivers/hid/hid-multitouch.c -+++ b/drivers/hid/hid-multitouch.c -@@ -357,8 +357,19 @@ static void mt_feature_mapping(struct hid_device *hdev, - break; - } - -- td->inputmode = field->report->id; -- td->inputmode_index = usage->usage_index; -+ if (td->inputmode < 0) { -+ td->inputmode = field->report->id; -+ td->inputmode_index = usage->usage_index; -+ } else { -+ /* -+ * Some elan panels wrongly declare 2 input mode -+ * features, and silently ignore when we set the -+ * value in the second field. Skip the second feature -+ * and hope for the best. -+ */ -+ dev_info(&hdev->dev, -+ "Ignoring the extra HID_DG_INPUTMODE\n"); -+ } - - break; - case HID_DG_CONTACTMAX: -diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c -index 36712e9..5dd426f 100644 ---- a/drivers/hid/usbhid/hid-core.c -+++ b/drivers/hid/usbhid/hid-core.c -@@ -477,8 +477,6 @@ static void hid_ctrl(struct urb *urb) - struct usbhid_device *usbhid = hid->driver_data; - int unplug = 0, status = urb->status; - -- spin_lock(&usbhid->lock); -- - switch (status) { - case 0: /* success */ - if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN) -@@ -498,6 +496,8 @@ static void hid_ctrl(struct urb *urb) - hid_warn(urb->dev, "ctrl urb status %d received\n", status); - } - -+ spin_lock(&usbhid->lock); -+ - if (unplug) { - usbhid->ctrltail = usbhid->ctrlhead; - } else { -diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c -index 7df9777..dad768c 100644 ---- a/drivers/iommu/io-pgtable-arm.c -+++ b/drivers/iommu/io-pgtable-arm.c -@@ -405,17 +405,18 @@ static void __arm_lpae_free_pgtable(struct arm_lpae_io_pgtable *data, int lvl, - arm_lpae_iopte *start, *end; - unsigned long table_size; - -- /* Only leaf entries at the last level */ -- if (lvl == ARM_LPAE_MAX_LEVELS - 1) -- return; -- - if (lvl == ARM_LPAE_START_LVL(data)) - table_size = data->pgd_size; - else - table_size = 1UL << data->pg_shift; - - start = ptep; -- end = (void *)ptep + table_size; -+ -+ /* Only leaf entries at the last level */ -+ if (lvl == ARM_LPAE_MAX_LEVELS - 1) -+ end = ptep; -+ else -+ end = (void *)ptep + table_size; - - while (ptep != end) { - arm_lpae_iopte pte = *ptep++; -diff --git a/drivers/md/md.c b/drivers/md/md.c -index 61aacab..b1e1f6b 100644 ---- a/drivers/md/md.c -+++ b/drivers/md/md.c -@@ -2017,28 +2017,32 @@ int md_integrity_register(struct mddev *mddev) - } - EXPORT_SYMBOL(md_integrity_register); - --/* Disable data integrity if non-capable/non-matching disk is being added */ --void md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev) -+/* -+ * Attempt to add an rdev, but only if it is consistent with the current -+ * integrity profile -+ */ -+int md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev) - { - struct blk_integrity *bi_rdev; - struct blk_integrity *bi_mddev; -+ char name[BDEVNAME_SIZE]; - - if (!mddev->gendisk) -- return; -+ return 0; - - bi_rdev = bdev_get_integrity(rdev->bdev); - bi_mddev = blk_get_integrity(mddev->gendisk); - - if (!bi_mddev) /* nothing to do */ -- return; -- if (rdev->raid_disk < 0) /* skip spares */ -- return; -- if (bi_rdev && blk_integrity_compare(mddev->gendisk, -- rdev->bdev->bd_disk) >= 0) -- return; -- WARN_ON_ONCE(!mddev->suspended); -- printk(KERN_NOTICE "disabling data integrity on %s\n", mdname(mddev)); -- blk_integrity_unregister(mddev->gendisk); -+ return 0; -+ -+ if (blk_integrity_compare(mddev->gendisk, rdev->bdev->bd_disk) != 0) { -+ printk(KERN_NOTICE "%s: incompatible integrity profile for %s\n", -+ mdname(mddev), bdevname(rdev->bdev, name)); -+ return -ENXIO; -+ } -+ -+ return 0; - } - EXPORT_SYMBOL(md_integrity_add_rdev); - -diff --git a/drivers/md/md.h b/drivers/md/md.h -index ca0b643..dfa57b4 100644 ---- a/drivers/md/md.h -+++ b/drivers/md/md.h -@@ -657,7 +657,7 @@ extern void md_wait_for_blocked_rdev(struct md_rdev *rdev, struct mddev *mddev); - extern void md_set_array_sectors(struct mddev *mddev, sector_t array_sectors); - extern int md_check_no_bitmap(struct mddev *mddev); - extern int md_integrity_register(struct mddev *mddev); --extern void md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev); -+extern int md_integrity_add_rdev(struct md_rdev *rdev, struct mddev *mddev); - extern int strict_strtoul_scaled(const char *cp, unsigned long *res, int scale); - - extern void mddev_init(struct mddev *mddev); -diff --git a/drivers/md/multipath.c b/drivers/md/multipath.c -index 7331a80..0a72ab6 100644 ---- a/drivers/md/multipath.c -+++ b/drivers/md/multipath.c -@@ -257,6 +257,9 @@ static int multipath_add_disk(struct mddev *mddev, struct md_rdev *rdev) - disk_stack_limits(mddev->gendisk, rdev->bdev, - rdev->data_offset << 9); - -+ err = md_integrity_add_rdev(rdev, mddev); -+ if (err) -+ break; - spin_lock_irq(&conf->device_lock); - mddev->degraded--; - rdev->raid_disk = path; -@@ -264,9 +267,6 @@ static int multipath_add_disk(struct mddev *mddev, struct md_rdev *rdev) - spin_unlock_irq(&conf->device_lock); - rcu_assign_pointer(p->rdev, rdev); - err = 0; -- mddev_suspend(mddev); -- md_integrity_add_rdev(rdev, mddev); -- mddev_resume(mddev); - break; - } - -diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index e2169ff..c4b9134 100644 ---- a/drivers/md/raid1.c -+++ b/drivers/md/raid1.c -@@ -1589,6 +1589,9 @@ static int raid1_add_disk(struct mddev *mddev, struct md_rdev *rdev) - if (mddev->recovery_disabled == conf->recovery_disabled) - return -EBUSY; - -+ if (md_integrity_add_rdev(rdev, mddev)) -+ return -ENXIO; -+ - if (rdev->raid_disk >= 0) - first = last = rdev->raid_disk; - -@@ -1632,9 +1635,6 @@ static int raid1_add_disk(struct mddev *mddev, struct md_rdev *rdev) - break; - } - } -- mddev_suspend(mddev); -- md_integrity_add_rdev(rdev, mddev); -- mddev_resume(mddev); - if (mddev->queue && blk_queue_discard(bdev_get_queue(rdev->bdev))) - queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue); - print_conf(conf); -diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 84e597e..ce959b4 100644 ---- a/drivers/md/raid10.c -+++ b/drivers/md/raid10.c -@@ -1698,6 +1698,9 @@ static int raid10_add_disk(struct mddev *mddev, struct md_rdev *rdev) - if (rdev->saved_raid_disk < 0 && !_enough(conf, 1, -1)) - return -EINVAL; - -+ if (md_integrity_add_rdev(rdev, mddev)) -+ return -ENXIO; -+ - if (rdev->raid_disk >= 0) - first = last = rdev->raid_disk; - -@@ -1739,9 +1742,6 @@ static int raid10_add_disk(struct mddev *mddev, struct md_rdev *rdev) - rcu_assign_pointer(p->rdev, rdev); - break; - } -- mddev_suspend(mddev); -- md_integrity_add_rdev(rdev, mddev); -- mddev_resume(mddev); - if (mddev->queue && blk_queue_discard(bdev_get_queue(rdev->bdev))) - queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, mddev->queue); - -diff --git a/drivers/media/i2c/ir-kbd-i2c.c b/drivers/media/i2c/ir-kbd-i2c.c -index 728d2cc..175a761 100644 ---- a/drivers/media/i2c/ir-kbd-i2c.c -+++ b/drivers/media/i2c/ir-kbd-i2c.c -@@ -478,7 +478,6 @@ static const struct i2c_device_id ir_kbd_id[] = { - { "ir_rx_z8f0811_hdpvr", 0 }, - { } - }; --MODULE_DEVICE_TABLE(i2c, ir_kbd_id); - - static struct i2c_driver ir_kbd_driver = { - .driver = { -diff --git a/drivers/media/pci/saa7134/saa7134-alsa.c b/drivers/media/pci/saa7134/saa7134-alsa.c -index 1d2c310..94f8162 100644 ---- a/drivers/media/pci/saa7134/saa7134-alsa.c -+++ b/drivers/media/pci/saa7134/saa7134-alsa.c -@@ -1211,6 +1211,8 @@ static int alsa_device_init(struct saa7134_dev *dev) - - static int alsa_device_exit(struct saa7134_dev *dev) - { -+ if (!snd_saa7134_cards[dev->nr]) -+ return 1; - - snd_card_free(snd_saa7134_cards[dev->nr]); - snd_saa7134_cards[dev->nr] = NULL; -@@ -1260,7 +1262,8 @@ static void saa7134_alsa_exit(void) - int idx; - - for (idx = 0; idx < SNDRV_CARDS; idx++) { -- snd_card_free(snd_saa7134_cards[idx]); -+ if (snd_saa7134_cards[idx]) -+ snd_card_free(snd_saa7134_cards[idx]); - } - - saa7134_dmasound_init = NULL; -diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c -index ece544e..3ff583f 100644 ---- a/drivers/mtd/nand/nand_base.c -+++ b/drivers/mtd/nand/nand_base.c -@@ -3995,6 +3995,9 @@ int nand_scan_ident(struct mtd_info *mtd, int maxchips, - return ret; - } - -+ if (!mtd->name && mtd->dev.parent) -+ mtd->name = dev_name(mtd->dev.parent); -+ - /* Set the default functions */ - nand_set_defaults(chip, chip->options & NAND_BUSWIDTH_16); - -diff --git a/drivers/net/wireless/realtek/rtlwifi/regd.c b/drivers/net/wireless/realtek/rtlwifi/regd.c -index a62bf0a..5be3411 100644 ---- a/drivers/net/wireless/realtek/rtlwifi/regd.c -+++ b/drivers/net/wireless/realtek/rtlwifi/regd.c -@@ -351,7 +351,6 @@ static const struct ieee80211_regdomain *_rtl_regdomain_select( - case COUNTRY_CODE_SPAIN: - case COUNTRY_CODE_FRANCE: - case COUNTRY_CODE_ISRAEL: -- case COUNTRY_CODE_WORLD_WIDE_13: - return &rtl_regdom_12_13; - case COUNTRY_CODE_MKK: - case COUNTRY_CODE_MKK1: -@@ -360,6 +359,7 @@ static const struct ieee80211_regdomain *_rtl_regdomain_select( - return &rtl_regdom_14_60_64; - case COUNTRY_CODE_GLOBAL_DOMAIN: - return &rtl_regdom_14; -+ case COUNTRY_CODE_WORLD_WIDE_13: - case COUNTRY_CODE_WORLD_WIDE_13_5G_ALL: - return &rtl_regdom_12_13_5g_all; - default: -diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c -index 142bdff..4159f9b 100644 ---- a/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c -+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8821ae/sw.c -@@ -95,8 +95,6 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw) - struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw)); - - rtl8821ae_bt_reg_init(hw); -- rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support; -- rtlpci->int_clear = rtlpriv->cfg->mod_params->int_clear; - rtlpriv->btcoexist.btc_ops = rtl_btc_get_ops_pointer(); - - rtlpriv->dm.dm_initialgain_enable = 1; -@@ -168,12 +166,15 @@ int rtl8821ae_init_sw_vars(struct ieee80211_hw *hw) - rtlpriv->psc.swctrl_lps = rtlpriv->cfg->mod_params->swctrl_lps; - rtlpriv->psc.fwctrl_lps = rtlpriv->cfg->mod_params->fwctrl_lps; - rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support; -- rtlpci->msi_support = rtlpriv->cfg->mod_params->int_clear; -+ rtlpci->int_clear = rtlpriv->cfg->mod_params->int_clear; -+ rtlpriv->cfg->mod_params->sw_crypto = -+ rtlpriv->cfg->mod_params->sw_crypto; -+ rtlpriv->cfg->mod_params->disable_watchdog = -+ rtlpriv->cfg->mod_params->disable_watchdog; - if (rtlpriv->cfg->mod_params->disable_watchdog) - pr_info("watchdog disabled\n"); - rtlpriv->psc.reg_fwctrl_lps = 3; - rtlpriv->psc.reg_max_lps_awakeintvl = 5; -- rtlpci->msi_support = rtlpriv->cfg->mod_params->msi_support; - - /* for ASPM, you can close aspm through - * set const_support_pciaspm = 0 -diff --git a/drivers/net/wireless/ti/wlcore/io.h b/drivers/net/wireless/ti/wlcore/io.h -index 0305729..10cf374 100644 ---- a/drivers/net/wireless/ti/wlcore/io.h -+++ b/drivers/net/wireless/ti/wlcore/io.h -@@ -207,19 +207,23 @@ static inline int __must_check wlcore_write_reg(struct wl1271 *wl, int reg, - - static inline void wl1271_power_off(struct wl1271 *wl) - { -- int ret; -+ int ret = 0; - - if (!test_bit(WL1271_FLAG_GPIO_POWER, &wl->flags)) - return; - -- ret = wl->if_ops->power(wl->dev, false); -+ if (wl->if_ops->power) -+ ret = wl->if_ops->power(wl->dev, false); - if (!ret) - clear_bit(WL1271_FLAG_GPIO_POWER, &wl->flags); - } - - static inline int wl1271_power_on(struct wl1271 *wl) - { -- int ret = wl->if_ops->power(wl->dev, true); -+ int ret = 0; -+ -+ if (wl->if_ops->power) -+ ret = wl->if_ops->power(wl->dev, true); - if (ret == 0) - set_bit(WL1271_FLAG_GPIO_POWER, &wl->flags); - -diff --git a/drivers/net/wireless/ti/wlcore/spi.c b/drivers/net/wireless/ti/wlcore/spi.c -index 236b410..44f059f7 100644 ---- a/drivers/net/wireless/ti/wlcore/spi.c -+++ b/drivers/net/wireless/ti/wlcore/spi.c -@@ -73,7 +73,10 @@ - */ - #define SPI_AGGR_BUFFER_SIZE (4 * PAGE_SIZE) - --#define WSPI_MAX_NUM_OF_CHUNKS (SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE) -+/* Maximum number of SPI write chunks */ -+#define WSPI_MAX_NUM_OF_CHUNKS \ -+ ((SPI_AGGR_BUFFER_SIZE / WSPI_MAX_CHUNK_SIZE) + 1) -+ - - struct wl12xx_spi_glue { - struct device *dev; -@@ -268,9 +271,10 @@ static int __must_check wl12xx_spi_raw_write(struct device *child, int addr, - void *buf, size_t len, bool fixed) - { - struct wl12xx_spi_glue *glue = dev_get_drvdata(child->parent); -- struct spi_transfer t[2 * (WSPI_MAX_NUM_OF_CHUNKS + 1)]; -+ /* SPI write buffers - 2 for each chunk */ -+ struct spi_transfer t[2 * WSPI_MAX_NUM_OF_CHUNKS]; - struct spi_message m; -- u32 commands[WSPI_MAX_NUM_OF_CHUNKS]; -+ u32 commands[WSPI_MAX_NUM_OF_CHUNKS]; /* 1 command per chunk */ - u32 *cmd; - u32 chunk_len; - int i; -diff --git a/drivers/pci/bus.c b/drivers/pci/bus.c -index d3346d2..89b3bef 100644 ---- a/drivers/pci/bus.c -+++ b/drivers/pci/bus.c -@@ -140,6 +140,8 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res, - type_mask |= IORESOURCE_TYPE_BITS; - - pci_bus_for_each_resource(bus, r, i) { -+ resource_size_t min_used = min; -+ - if (!r) - continue; - -@@ -163,12 +165,12 @@ static int pci_bus_alloc_from_region(struct pci_bus *bus, struct resource *res, - * overrides "min". - */ - if (avail.start) -- min = avail.start; -+ min_used = avail.start; - - max = avail.end; - - /* Ok, try it out.. */ -- ret = allocate_resource(r, res, size, min, max, -+ ret = allocate_resource(r, res, size, min_used, max, - align, alignf, alignf_data); - if (ret == 0) - return 0; -diff --git a/drivers/pci/host/pci-dra7xx.c b/drivers/pci/host/pci-dra7xx.c -index 8c36880..923607b 100644 ---- a/drivers/pci/host/pci-dra7xx.c -+++ b/drivers/pci/host/pci-dra7xx.c -@@ -302,7 +302,8 @@ static int __init dra7xx_add_pcie_port(struct dra7xx_pcie *dra7xx, - } - - ret = devm_request_irq(&pdev->dev, pp->irq, -- dra7xx_pcie_msi_irq_handler, IRQF_SHARED, -+ dra7xx_pcie_msi_irq_handler, -+ IRQF_SHARED | IRQF_NO_THREAD, - "dra7-pcie-msi", pp); - if (ret) { - dev_err(&pdev->dev, "failed to request irq\n"); -diff --git a/drivers/pci/host/pci-exynos.c b/drivers/pci/host/pci-exynos.c -index 01095e1..d997d22 100644 ---- a/drivers/pci/host/pci-exynos.c -+++ b/drivers/pci/host/pci-exynos.c -@@ -522,7 +522,8 @@ static int __init exynos_add_pcie_port(struct pcie_port *pp, - - ret = devm_request_irq(&pdev->dev, pp->msi_irq, - exynos_pcie_msi_irq_handler, -- IRQF_SHARED, "exynos-pcie", pp); -+ IRQF_SHARED | IRQF_NO_THREAD, -+ "exynos-pcie", pp); - if (ret) { - dev_err(&pdev->dev, "failed to request msi irq\n"); - return ret; -diff --git a/drivers/pci/host/pci-imx6.c b/drivers/pci/host/pci-imx6.c -index 22e8224..9ce7cd1 100644 ---- a/drivers/pci/host/pci-imx6.c -+++ b/drivers/pci/host/pci-imx6.c -@@ -537,7 +537,8 @@ static int __init imx6_add_pcie_port(struct pcie_port *pp, - - ret = devm_request_irq(&pdev->dev, pp->msi_irq, - imx6_pcie_msi_handler, -- IRQF_SHARED, "mx6-pcie-msi", pp); -+ IRQF_SHARED | IRQF_NO_THREAD, -+ "mx6-pcie-msi", pp); - if (ret) { - dev_err(&pdev->dev, "failed to request MSI irq\n"); - return ret; -diff --git a/drivers/pci/host/pci-tegra.c b/drivers/pci/host/pci-tegra.c -index 3018ae5..3032311 100644 ---- a/drivers/pci/host/pci-tegra.c -+++ b/drivers/pci/host/pci-tegra.c -@@ -1288,7 +1288,7 @@ static int tegra_pcie_enable_msi(struct tegra_pcie *pcie) - - msi->irq = err; - -- err = request_irq(msi->irq, tegra_pcie_msi_irq, 0, -+ err = request_irq(msi->irq, tegra_pcie_msi_irq, IRQF_NO_THREAD, - tegra_msi_irq_chip.name, pcie); - if (err < 0) { - dev_err(&pdev->dev, "failed to request IRQ: %d\n", err); -diff --git a/drivers/pci/host/pcie-rcar.c b/drivers/pci/host/pcie-rcar.c -index f4fa6c5..414c336 100644 ---- a/drivers/pci/host/pcie-rcar.c -+++ b/drivers/pci/host/pcie-rcar.c -@@ -720,14 +720,16 @@ static int rcar_pcie_enable_msi(struct rcar_pcie *pcie) - - /* Two irqs are for MSI, but they are also used for non-MSI irqs */ - err = devm_request_irq(&pdev->dev, msi->irq1, rcar_pcie_msi_irq, -- IRQF_SHARED, rcar_msi_irq_chip.name, pcie); -+ IRQF_SHARED | IRQF_NO_THREAD, -+ rcar_msi_irq_chip.name, pcie); - if (err < 0) { - dev_err(&pdev->dev, "failed to request IRQ: %d\n", err); - goto err; - } - - err = devm_request_irq(&pdev->dev, msi->irq2, rcar_pcie_msi_irq, -- IRQF_SHARED, rcar_msi_irq_chip.name, pcie); -+ IRQF_SHARED | IRQF_NO_THREAD, -+ rcar_msi_irq_chip.name, pcie); - if (err < 0) { - dev_err(&pdev->dev, "failed to request IRQ: %d\n", err); - goto err; -diff --git a/drivers/pci/host/pcie-spear13xx.c b/drivers/pci/host/pcie-spear13xx.c -index b95b756..a6cd823 100644 ---- a/drivers/pci/host/pcie-spear13xx.c -+++ b/drivers/pci/host/pcie-spear13xx.c -@@ -279,7 +279,8 @@ static int spear13xx_add_pcie_port(struct pcie_port *pp, - return -ENODEV; - } - ret = devm_request_irq(dev, pp->irq, spear13xx_pcie_irq_handler, -- IRQF_SHARED, "spear1340-pcie", pp); -+ IRQF_SHARED | IRQF_NO_THREAD, -+ "spear1340-pcie", pp); - if (ret) { - dev_err(dev, "failed to request irq %d\n", pp->irq); - return ret; -diff --git a/drivers/pci/host/pcie-xilinx.c b/drivers/pci/host/pcie-xilinx.c -index 3c7a0d5..4cfa463 100644 ---- a/drivers/pci/host/pcie-xilinx.c -+++ b/drivers/pci/host/pcie-xilinx.c -@@ -781,7 +781,8 @@ static int xilinx_pcie_parse_dt(struct xilinx_pcie_port *port) - - port->irq = irq_of_parse_and_map(node, 0); - err = devm_request_irq(dev, port->irq, xilinx_pcie_intr_handler, -- IRQF_SHARED, "xilinx-pcie", port); -+ IRQF_SHARED | IRQF_NO_THREAD, -+ "xilinx-pcie", port); - if (err) { - dev_err(dev, "unable to request irq %d\n", port->irq); - return err; -diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index e49c2bce..cf000b3 100644 ---- a/drivers/tty/n_tty.c -+++ b/drivers/tty/n_tty.c -@@ -258,16 +258,13 @@ static void n_tty_check_throttle(struct tty_struct *tty) - - static void n_tty_check_unthrottle(struct tty_struct *tty) - { -- if (tty->driver->type == TTY_DRIVER_TYPE_PTY && -- tty->link->ldisc->ops->write_wakeup == n_tty_write_wakeup) { -+ if (tty->driver->type == TTY_DRIVER_TYPE_PTY) { - if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE) - return; - if (!tty->count) - return; - n_tty_kick_worker(tty); -- n_tty_write_wakeup(tty->link); -- if (waitqueue_active(&tty->link->write_wait)) -- wake_up_interruptible_poll(&tty->link->write_wait, POLLOUT); -+ tty_wakeup(tty->link); - return; - } - -diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index bcc8e1e..7cef543 100644 ---- a/drivers/tty/tty_io.c -+++ b/drivers/tty/tty_io.c -@@ -1462,13 +1462,13 @@ static int tty_reopen(struct tty_struct *tty) - { - struct tty_driver *driver = tty->driver; - -- if (!tty->count) -- return -EIO; -- - if (driver->type == TTY_DRIVER_TYPE_PTY && - driver->subtype == PTY_TYPE_MASTER) - return -EIO; - -+ if (!tty->count) -+ return -EAGAIN; -+ - if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN)) - return -EBUSY; - -@@ -2069,7 +2069,12 @@ retry_open: - - if (tty) { - mutex_unlock(&tty_mutex); -- tty_lock(tty); -+ retval = tty_lock_interruptible(tty); -+ if (retval) { -+ if (retval == -EINTR) -+ retval = -ERESTARTSYS; -+ goto err_unref; -+ } - /* safe to drop the kref from tty_driver_lookup_tty() */ - tty_kref_put(tty); - retval = tty_reopen(tty); -@@ -2087,7 +2092,11 @@ retry_open: - - if (IS_ERR(tty)) { - retval = PTR_ERR(tty); -- goto err_file; -+ if (retval != -EAGAIN || signal_pending(current)) -+ goto err_file; -+ tty_free_file(filp); -+ schedule(); -+ goto retry_open; - } - - tty_add_file(tty, filp); -@@ -2156,6 +2165,7 @@ retry_open: - return 0; - err_unlock: - mutex_unlock(&tty_mutex); -+err_unref: - /* after locks to avoid deadlock */ - if (!IS_ERR_OR_NULL(driver)) - tty_driver_kref_put(driver); -@@ -2653,6 +2663,28 @@ static int tiocsetd(struct tty_struct *tty, int __user *p) - } - - /** -+ * tiocgetd - get line discipline -+ * @tty: tty device -+ * @p: pointer to user data -+ * -+ * Retrieves the line discipline id directly from the ldisc. -+ * -+ * Locking: waits for ldisc reference (in case the line discipline -+ * is changing or the tty is being hungup) -+ */ -+ -+static int tiocgetd(struct tty_struct *tty, int __user *p) -+{ -+ struct tty_ldisc *ld; -+ int ret; -+ -+ ld = tty_ldisc_ref_wait(tty); -+ ret = put_user(ld->ops->num, p); -+ tty_ldisc_deref(ld); -+ return ret; -+} -+ -+/** - * send_break - performed time break - * @tty: device to break on - * @duration: timeout in mS -@@ -2878,7 +2910,7 @@ long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - case TIOCGSID: - return tiocgsid(tty, real_tty, p); - case TIOCGETD: -- return put_user(tty->ldisc->ops->num, (int __user *)p); -+ return tiocgetd(tty, p); - case TIOCSETD: - return tiocsetd(tty, p); - case TIOCVHANGUP: -diff --git a/drivers/tty/tty_mutex.c b/drivers/tty/tty_mutex.c -index 0efcf71..d09293b 100644 ---- a/drivers/tty/tty_mutex.c -+++ b/drivers/tty/tty_mutex.c -@@ -22,6 +22,14 @@ void __lockfunc tty_lock(struct tty_struct *tty) - } - EXPORT_SYMBOL(tty_lock); - -+int tty_lock_interruptible(struct tty_struct *tty) -+{ -+ if (WARN(tty->magic != TTY_MAGIC, "L Bad %p\n", tty)) -+ return -EIO; -+ tty_kref_get(tty); -+ return mutex_lock_interruptible(&tty->legacy_mutex); -+} -+ - void __lockfunc tty_unlock(struct tty_struct *tty) - { - if (tty->magic != TTY_MAGIC) { -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c -index 26ca4f9..e4c70dc 100644 ---- a/drivers/usb/class/cdc-acm.c -+++ b/drivers/usb/class/cdc-acm.c -@@ -428,7 +428,8 @@ static void acm_read_bulk_callback(struct urb *urb) - set_bit(rb->index, &acm->read_urbs_free); - dev_dbg(&acm->data->dev, "%s - non-zero urb status: %d\n", - __func__, status); -- return; -+ if ((status != -ENOENT) || (urb->actual_length == 0)) -+ return; - } - - usb_mark_last_busy(acm->dev); -@@ -1404,6 +1405,8 @@ made_compressed_probe: - usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress), - NULL, acm->writesize, acm_write_bulk, snd); - snd->urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP; -+ if (quirks & SEND_ZERO_PACKET) -+ snd->urb->transfer_flags |= URB_ZERO_PACKET; - snd->instance = acm; - } - -@@ -1861,6 +1864,10 @@ static const struct usb_device_id acm_ids[] = { - { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM, - USB_CDC_ACM_PROTO_AT_CDMA) }, - -+ { USB_DEVICE(0x1519, 0x0452), /* Intel 7260 modem */ -+ .driver_info = SEND_ZERO_PACKET, -+ }, -+ - { } - }; - -diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h -index dd9af38..ccfaba9 100644 ---- a/drivers/usb/class/cdc-acm.h -+++ b/drivers/usb/class/cdc-acm.h -@@ -134,3 +134,4 @@ struct acm { - #define IGNORE_DEVICE BIT(5) - #define QUIRK_CONTROL_LINE_STATE BIT(6) - #define CLEAR_HALT_CONDITIONS BIT(7) -+#define SEND_ZERO_PACKET BIT(8) -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 8683436..1560f3f 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -5386,7 +5386,6 @@ static int usb_reset_and_verify_device(struct usb_device *udev) - } - - bos = udev->bos; -- udev->bos = NULL; - - for (i = 0; i < SET_CONFIG_TRIES; ++i) { - -@@ -5479,8 +5478,11 @@ done: - usb_set_usb2_hardware_lpm(udev, 1); - usb_unlocked_enable_lpm(udev); - usb_enable_ltm(udev); -- usb_release_bos_descriptor(udev); -- udev->bos = bos; -+ /* release the new BOS descriptor allocated by hub_port_init() */ -+ if (udev->bos != bos) { -+ usb_release_bos_descriptor(udev); -+ udev->bos = bos; -+ } - return 0; - - re_enumerate: -diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c -index c621090..c2d6520 100644 ---- a/drivers/usb/host/xhci-pci.c -+++ b/drivers/usb/host/xhci-pci.c -@@ -28,7 +28,9 @@ - #include "xhci.h" - #include "xhci-trace.h" - --#define PORT2_SSIC_CONFIG_REG2 0x883c -+#define SSIC_PORT_NUM 2 -+#define SSIC_PORT_CFG2 0x880c -+#define SSIC_PORT_CFG2_OFFSET 0x30 - #define PROG_DONE (1 << 30) - #define SSIC_PORT_UNUSED (1 << 31) - -@@ -45,6 +47,7 @@ - #define PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI 0x22b5 - #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI 0xa12f - #define PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI 0x9d2f -+#define PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI 0x0aa8 - - static const char hcd_name[] = "xhci_hcd"; - -@@ -152,7 +155,8 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) - if (pdev->vendor == PCI_VENDOR_ID_INTEL && - (pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_LP_XHCI || - pdev->device == PCI_DEVICE_ID_INTEL_SUNRISEPOINT_H_XHCI || -- pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI)) { -+ pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI || -+ pdev->device == PCI_DEVICE_ID_INTEL_BROXTON_M_XHCI)) { - xhci->quirks |= XHCI_PME_STUCK_QUIRK; - } - if (pdev->vendor == PCI_VENDOR_ID_ETRON && -@@ -322,28 +326,36 @@ static void xhci_pme_quirk(struct usb_hcd *hcd, bool suspend) - struct pci_dev *pdev = to_pci_dev(hcd->self.controller); - u32 val; - void __iomem *reg; -+ int i; - - if (pdev->vendor == PCI_VENDOR_ID_INTEL && - pdev->device == PCI_DEVICE_ID_INTEL_CHERRYVIEW_XHCI) { - -- reg = (void __iomem *) xhci->cap_regs + PORT2_SSIC_CONFIG_REG2; -- -- /* Notify SSIC that SSIC profile programming is not done */ -- val = readl(reg) & ~PROG_DONE; -- writel(val, reg); -- -- /* Mark SSIC port as unused(suspend) or used(resume) */ -- val = readl(reg); -- if (suspend) -- val |= SSIC_PORT_UNUSED; -- else -- val &= ~SSIC_PORT_UNUSED; -- writel(val, reg); -- -- /* Notify SSIC that SSIC profile programming is done */ -- val = readl(reg) | PROG_DONE; -- writel(val, reg); -- readl(reg); -+ for (i = 0; i < SSIC_PORT_NUM; i++) { -+ reg = (void __iomem *) xhci->cap_regs + -+ SSIC_PORT_CFG2 + -+ i * SSIC_PORT_CFG2_OFFSET; -+ -+ /* -+ * Notify SSIC that SSIC profile programming -+ * is not done. -+ */ -+ val = readl(reg) & ~PROG_DONE; -+ writel(val, reg); -+ -+ /* Mark SSIC port as unused(suspend) or used(resume) */ -+ val = readl(reg); -+ if (suspend) -+ val |= SSIC_PORT_UNUSED; -+ else -+ val &= ~SSIC_PORT_UNUSED; -+ writel(val, reg); -+ -+ /* Notify SSIC that SSIC profile programming is done */ -+ val = readl(reg) | PROG_DONE; -+ writel(val, reg); -+ readl(reg); -+ } - } - - reg = (void __iomem *) xhci->cap_regs + 0x80a4; -diff --git a/drivers/usb/phy/phy-msm-usb.c b/drivers/usb/phy/phy-msm-usb.c -index 0d19a6d..970a30e 100644 ---- a/drivers/usb/phy/phy-msm-usb.c -+++ b/drivers/usb/phy/phy-msm-usb.c -@@ -1599,6 +1599,8 @@ static int msm_otg_read_dt(struct platform_device *pdev, struct msm_otg *motg) - &motg->id.nb); - if (ret < 0) { - dev_err(&pdev->dev, "register ID notifier failed\n"); -+ extcon_unregister_notifier(motg->vbus.extcon, -+ EXTCON_USB, &motg->vbus.nb); - return ret; - } - -@@ -1660,15 +1662,6 @@ static int msm_otg_probe(struct platform_device *pdev) - if (!motg) - return -ENOMEM; - -- pdata = dev_get_platdata(&pdev->dev); -- if (!pdata) { -- if (!np) -- return -ENXIO; -- ret = msm_otg_read_dt(pdev, motg); -- if (ret) -- return ret; -- } -- - motg->phy.otg = devm_kzalloc(&pdev->dev, sizeof(struct usb_otg), - GFP_KERNEL); - if (!motg->phy.otg) -@@ -1710,6 +1703,15 @@ static int msm_otg_probe(struct platform_device *pdev) - if (!motg->regs) - return -ENOMEM; - -+ pdata = dev_get_platdata(&pdev->dev); -+ if (!pdata) { -+ if (!np) -+ return -ENXIO; -+ ret = msm_otg_read_dt(pdev, motg); -+ if (ret) -+ return ret; -+ } -+ - /* - * NOTE: The PHYs can be multiplexed between the chipidea controller - * and the dwc3 controller, using a single bit. It is important that -@@ -1717,8 +1719,10 @@ static int msm_otg_probe(struct platform_device *pdev) - */ - if (motg->phy_number) { - phy_select = devm_ioremap_nocache(&pdev->dev, USB2_PHY_SEL, 4); -- if (!phy_select) -- return -ENOMEM; -+ if (!phy_select) { -+ ret = -ENOMEM; -+ goto unregister_extcon; -+ } - /* Enable second PHY with the OTG port */ - writel(0x1, phy_select); - } -@@ -1728,7 +1732,8 @@ static int msm_otg_probe(struct platform_device *pdev) - motg->irq = platform_get_irq(pdev, 0); - if (motg->irq < 0) { - dev_err(&pdev->dev, "platform_get_irq failed\n"); -- return motg->irq; -+ ret = motg->irq; -+ goto unregister_extcon; - } - - regs[0].supply = "vddcx"; -@@ -1737,7 +1742,7 @@ static int msm_otg_probe(struct platform_device *pdev) - - ret = devm_regulator_bulk_get(motg->phy.dev, ARRAY_SIZE(regs), regs); - if (ret) -- return ret; -+ goto unregister_extcon; - - motg->vddcx = regs[0].consumer; - motg->v3p3 = regs[1].consumer; -@@ -1834,6 +1839,12 @@ disable_clks: - clk_disable_unprepare(motg->clk); - if (!IS_ERR(motg->core_clk)) - clk_disable_unprepare(motg->core_clk); -+unregister_extcon: -+ extcon_unregister_notifier(motg->id.extcon, -+ EXTCON_USB_HOST, &motg->id.nb); -+ extcon_unregister_notifier(motg->vbus.extcon, -+ EXTCON_USB, &motg->vbus.nb); -+ - return ret; - } - -diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c -index 59b2126..1dd9919 100644 ---- a/drivers/usb/serial/cp210x.c -+++ b/drivers/usb/serial/cp210x.c -@@ -98,6 +98,7 @@ static const struct usb_device_id id_table[] = { - { USB_DEVICE(0x10C4, 0x81AC) }, /* MSD Dash Hawk */ - { USB_DEVICE(0x10C4, 0x81AD) }, /* INSYS USB Modem */ - { USB_DEVICE(0x10C4, 0x81C8) }, /* Lipowsky Industrie Elektronik GmbH, Baby-JTAG */ -+ { USB_DEVICE(0x10C4, 0x81D7) }, /* IAI Corp. RCB-CV-USB USB to RS485 Adaptor */ - { USB_DEVICE(0x10C4, 0x81E2) }, /* Lipowsky Industrie Elektronik GmbH, Baby-LIN */ - { USB_DEVICE(0x10C4, 0x81E7) }, /* Aerocomm Radio */ - { USB_DEVICE(0x10C4, 0x81E8) }, /* Zephyr Bioharness */ -diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c -index a5a0376..8c660ae 100644 ---- a/drivers/usb/serial/ftdi_sio.c -+++ b/drivers/usb/serial/ftdi_sio.c -@@ -824,6 +824,7 @@ static const struct usb_device_id id_table_combined[] = { - { USB_DEVICE(FTDI_VID, FTDI_TURTELIZER_PID), - .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, - { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_USB60F) }, -+ { USB_DEVICE(RATOC_VENDOR_ID, RATOC_PRODUCT_ID_SCU18) }, - { USB_DEVICE(FTDI_VID, FTDI_REU_TINY_PID) }, - - /* Papouch devices based on FTDI chip */ -diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h -index 67c6d44..a84df25 100644 ---- a/drivers/usb/serial/ftdi_sio_ids.h -+++ b/drivers/usb/serial/ftdi_sio_ids.h -@@ -615,6 +615,7 @@ - */ - #define RATOC_VENDOR_ID 0x0584 - #define RATOC_PRODUCT_ID_USB60F 0xb020 -+#define RATOC_PRODUCT_ID_SCU18 0xb03a - - /* - * Infineon Technologies -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c -index f228060..db86e51 100644 ---- a/drivers/usb/serial/option.c -+++ b/drivers/usb/serial/option.c -@@ -268,6 +268,8 @@ static void option_instat_callback(struct urb *urb); - #define TELIT_PRODUCT_CC864_SINGLE 0x1006 - #define TELIT_PRODUCT_DE910_DUAL 0x1010 - #define TELIT_PRODUCT_UE910_V2 0x1012 -+#define TELIT_PRODUCT_LE922_USBCFG0 0x1042 -+#define TELIT_PRODUCT_LE922_USBCFG3 0x1043 - #define TELIT_PRODUCT_LE920 0x1200 - #define TELIT_PRODUCT_LE910 0x1201 - -@@ -615,6 +617,16 @@ static const struct option_blacklist_info telit_le920_blacklist = { - .reserved = BIT(1) | BIT(5), - }; - -+static const struct option_blacklist_info telit_le922_blacklist_usbcfg0 = { -+ .sendsetup = BIT(2), -+ .reserved = BIT(0) | BIT(1) | BIT(3), -+}; -+ -+static const struct option_blacklist_info telit_le922_blacklist_usbcfg3 = { -+ .sendsetup = BIT(0), -+ .reserved = BIT(1) | BIT(2) | BIT(3), -+}; -+ - static const struct usb_device_id option_ids[] = { - { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, - { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) }, -@@ -1160,6 +1172,10 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) }, - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) }, - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_UE910_V2) }, -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG0), -+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 }, -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG3), -+ .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg3 }, - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910), - .driver_info = (kernel_ulong_t)&telit_le910_blacklist }, - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920), -@@ -1679,7 +1695,7 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_EU3_P) }, - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PH8), - .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, -- { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX) }, -+ { USB_DEVICE_INTERFACE_CLASS(CINTERION_VENDOR_ID, CINTERION_PRODUCT_AHXX, 0xff) }, - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_PLXX), - .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, - { USB_DEVICE(CINTERION_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) }, -diff --git a/drivers/usb/serial/visor.c b/drivers/usb/serial/visor.c -index 60afb39..337a0be 100644 ---- a/drivers/usb/serial/visor.c -+++ b/drivers/usb/serial/visor.c -@@ -544,6 +544,11 @@ static int treo_attach(struct usb_serial *serial) - (serial->num_interrupt_in == 0)) - return 0; - -+ if (serial->num_bulk_in < 2 || serial->num_interrupt_in < 2) { -+ dev_err(&serial->interface->dev, "missing endpoints\n"); -+ return -ENODEV; -+ } -+ - /* - * It appears that Treos and Kyoceras want to use the - * 1st bulk in endpoint to communicate with the 2nd bulk out endpoint, -@@ -597,8 +602,10 @@ static int clie_5_attach(struct usb_serial *serial) - */ - - /* some sanity check */ -- if (serial->num_ports < 2) -- return -1; -+ if (serial->num_bulk_out < 2) { -+ dev_err(&serial->interface->dev, "missing bulk out endpoints\n"); -+ return -ENODEV; -+ } - - /* port 0 now uses the modified endpoint Address */ - port = serial->port[0]; -diff --git a/fs/ext4/crypto_key.c b/fs/ext4/crypto_key.c -index c5882b3..9a16d1e 100644 ---- a/fs/ext4/crypto_key.c -+++ b/fs/ext4/crypto_key.c -@@ -213,9 +213,11 @@ retry: - res = -ENOKEY; - goto out; - } -+ down_read(&keyring_key->sem); - ukp = user_key_payload(keyring_key); - if (ukp->datalen != sizeof(struct ext4_encryption_key)) { - res = -EINVAL; -+ up_read(&keyring_key->sem); - goto out; - } - master_key = (struct ext4_encryption_key *)ukp->data; -@@ -226,10 +228,12 @@ retry: - "ext4: key size incorrect: %d\n", - master_key->size); - res = -ENOKEY; -+ up_read(&keyring_key->sem); - goto out; - } - res = ext4_derive_key_aes(ctx.nonce, master_key->raw, - raw_key); -+ up_read(&keyring_key->sem); - if (res) - goto out; - got_key: -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index 8981803..343b0f1 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -8054,7 +8054,6 @@ static void nfs4_layoutreturn_release(void *calldata) - pnfs_set_layout_stateid(lo, &lrp->res.stateid, true); - pnfs_mark_matching_lsegs_invalid(lo, &freeme, &lrp->args.range); - pnfs_clear_layoutreturn_waitbit(lo); -- lo->plh_block_lgets--; - spin_unlock(&lo->plh_inode->i_lock); - pnfs_free_lseg_list(&freeme); - pnfs_put_layout_hdr(lrp->args.layout); -diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c -index 84f2f80..4e2162b 100644 ---- a/fs/ocfs2/dlm/dlmmaster.c -+++ b/fs/ocfs2/dlm/dlmmaster.c -@@ -2519,6 +2519,11 @@ static int dlm_migrate_lockres(struct dlm_ctxt *dlm, - spin_lock(&dlm->master_lock); - ret = dlm_add_migration_mle(dlm, res, mle, &oldmle, name, - namelen, target, dlm->node_num); -+ /* get an extra reference on the mle. -+ * otherwise the assert_master from the new -+ * master will destroy this. -+ */ -+ dlm_get_mle_inuse(mle); - spin_unlock(&dlm->master_lock); - spin_unlock(&dlm->spinlock); - -@@ -2554,6 +2559,7 @@ fail: - if (mle_added) { - dlm_mle_detach_hb_events(dlm, mle); - dlm_put_mle(mle); -+ dlm_put_mle_inuse(mle); - } else if (mle) { - kmem_cache_free(dlm_mle_cache, mle); - mle = NULL; -@@ -2571,17 +2577,6 @@ fail: - * ensure that all assert_master work is flushed. */ - flush_workqueue(dlm->dlm_worker); - -- /* get an extra reference on the mle. -- * otherwise the assert_master from the new -- * master will destroy this. -- * also, make sure that all callers of dlm_get_mle -- * take both dlm->spinlock and dlm->master_lock */ -- spin_lock(&dlm->spinlock); -- spin_lock(&dlm->master_lock); -- dlm_get_mle_inuse(mle); -- spin_unlock(&dlm->master_lock); -- spin_unlock(&dlm->spinlock); -- - /* notify new node and send all lock state */ - /* call send_one_lockres with migration flag. - * this serves as notice to the target node that a -@@ -3312,6 +3307,15 @@ top: - mle->new_master != dead_node) - continue; - -+ if (mle->new_master == dead_node && mle->inuse) { -+ mlog(ML_NOTICE, "%s: target %u died during " -+ "migration from %u, the MLE is " -+ "still keep used, ignore it!\n", -+ dlm->name, dead_node, -+ mle->master); -+ continue; -+ } -+ - /* If we have reached this point, this mle needs to be - * removed from the list and freed. */ - dlm_clean_migration_mle(dlm, mle); -diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c -index 9e4f862..42f0cae 100644 ---- a/fs/ocfs2/dlm/dlmrecovery.c -+++ b/fs/ocfs2/dlm/dlmrecovery.c -@@ -2360,6 +2360,8 @@ static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node) - break; - } - } -+ dlm_lockres_clear_refmap_bit(dlm, res, -+ dead_node); - spin_unlock(&res->spinlock); - continue; - } -diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c -index 20276e3..b002acf 100644 ---- a/fs/ocfs2/dlmglue.c -+++ b/fs/ocfs2/dlmglue.c -@@ -1390,6 +1390,7 @@ static int __ocfs2_cluster_lock(struct ocfs2_super *osb, - unsigned int gen; - int noqueue_attempted = 0; - int dlm_locked = 0; -+ int kick_dc = 0; - - if (!(lockres->l_flags & OCFS2_LOCK_INITIALIZED)) { - mlog_errno(-EINVAL); -@@ -1524,7 +1525,12 @@ update_holders: - unlock: - lockres_clear_flags(lockres, OCFS2_LOCK_UPCONVERT_FINISHING); - -+ /* ocfs2_unblock_lock reques on seeing OCFS2_LOCK_UPCONVERT_FINISHING */ -+ kick_dc = (lockres->l_flags & OCFS2_LOCK_BLOCKED); -+ - spin_unlock_irqrestore(&lockres->l_lock, flags); -+ if (kick_dc) -+ ocfs2_wake_downconvert_thread(osb); - out: - /* - * This is helping work around a lock inversion between the page lock -diff --git a/include/crypto/hash.h b/include/crypto/hash.h -index 3d69c93..6361892 100644 ---- a/include/crypto/hash.h -+++ b/include/crypto/hash.h -@@ -204,6 +204,7 @@ struct crypto_ahash { - unsigned int keylen); - - unsigned int reqsize; -+ bool has_setkey; - struct crypto_tfm base; - }; - -@@ -375,6 +376,11 @@ static inline void *ahash_request_ctx(struct ahash_request *req) - int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key, - unsigned int keylen); - -+static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm) -+{ -+ return tfm->has_setkey; -+} -+ - /** - * crypto_ahash_finup() - update and finalize message digest - * @req: reference to the ahash_request handle that holds all information -diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h -index 018afb2..a2bfd78 100644 ---- a/include/crypto/if_alg.h -+++ b/include/crypto/if_alg.h -@@ -30,6 +30,9 @@ struct alg_sock { - - struct sock *parent; - -+ unsigned int refcnt; -+ unsigned int nokey_refcnt; -+ - const struct af_alg_type *type; - void *private; - }; -@@ -50,9 +53,11 @@ struct af_alg_type { - void (*release)(void *private); - int (*setkey)(void *private, const u8 *key, unsigned int keylen); - int (*accept)(void *private, struct sock *sk); -+ int (*accept_nokey)(void *private, struct sock *sk); - int (*setauthsize)(void *private, unsigned int authsize); - - struct proto_ops *ops; -+ struct proto_ops *ops_nokey; - struct module *owner; - char name[14]; - }; -@@ -67,6 +72,7 @@ int af_alg_register_type(const struct af_alg_type *type); - int af_alg_unregister_type(const struct af_alg_type *type); - - int af_alg_release(struct socket *sock); -+void af_alg_release_parent(struct sock *sk); - int af_alg_accept(struct sock *sk, struct socket *newsock); - - int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len); -@@ -83,11 +89,6 @@ static inline struct alg_sock *alg_sk(struct sock *sk) - return (struct alg_sock *)sk; - } - --static inline void af_alg_release_parent(struct sock *sk) --{ -- sock_put(alg_sk(sk)->parent); --} -- - static inline void af_alg_init_completion(struct af_alg_completion *completion) - { - init_completion(&completion->completion); -diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h -index d8dd41f..fd8742a 100644 ---- a/include/crypto/skcipher.h -+++ b/include/crypto/skcipher.h -@@ -61,6 +61,8 @@ struct crypto_skcipher { - unsigned int ivsize; - unsigned int reqsize; - -+ bool has_setkey; -+ - struct crypto_tfm base; - }; - -@@ -305,6 +307,11 @@ static inline int crypto_skcipher_setkey(struct crypto_skcipher *tfm, - return tfm->setkey(tfm, key, keylen); - } - -+static inline bool crypto_skcipher_has_setkey(struct crypto_skcipher *tfm) -+{ -+ return tfm->has_setkey; -+} -+ - /** - * crypto_skcipher_reqtfm() - obtain cipher handle from request - * @req: skcipher_request out of which the cipher handle is to be obtained -diff --git a/include/linux/console.h b/include/linux/console.h -index bd19434..ea731af 100644 ---- a/include/linux/console.h -+++ b/include/linux/console.h -@@ -150,6 +150,7 @@ extern int console_trylock(void); - extern void console_unlock(void); - extern void console_conditional_schedule(void); - extern void console_unblank(void); -+extern void console_flush_on_panic(void); - extern struct tty_driver *console_device(int *); - extern void console_stop(struct console *); - extern void console_start(struct console *); -diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h -index 76dd4f0..2ead22d 100644 ---- a/include/linux/hrtimer.h -+++ b/include/linux/hrtimer.h -@@ -87,7 +87,8 @@ enum hrtimer_restart { - * @function: timer expiry callback function - * @base: pointer to the timer base (per cpu and per clock) - * @state: state information (See bit values above) -- * @start_pid: timer statistics field to store the pid of the task which -+ * @is_rel: Set if the timer was armed relative -+ * @start_pid: timer statistics field to store the pid of the task which - * started the timer - * @start_site: timer statistics field to store the site where the timer - * was started -@@ -101,7 +102,8 @@ struct hrtimer { - ktime_t _softexpires; - enum hrtimer_restart (*function)(struct hrtimer *); - struct hrtimer_clock_base *base; -- unsigned long state; -+ u8 state; -+ u8 is_rel; - #ifdef CONFIG_TIMER_STATS - int start_pid; - void *start_site; -@@ -321,6 +323,27 @@ static inline void clock_was_set_delayed(void) { } - - #endif - -+static inline ktime_t -+__hrtimer_expires_remaining_adjusted(const struct hrtimer *timer, ktime_t now) -+{ -+ ktime_t rem = ktime_sub(timer->node.expires, now); -+ -+ /* -+ * Adjust relative timers for the extra we added in -+ * hrtimer_start_range_ns() to prevent short timeouts. -+ */ -+ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && timer->is_rel) -+ rem.tv64 -= hrtimer_resolution; -+ return rem; -+} -+ -+static inline ktime_t -+hrtimer_expires_remaining_adjusted(const struct hrtimer *timer) -+{ -+ return __hrtimer_expires_remaining_adjusted(timer, -+ timer->base->get_time()); -+} -+ - extern void clock_was_set(void); - #ifdef CONFIG_TIMERFD - extern void timerfd_clock_was_set(void); -@@ -390,7 +413,12 @@ static inline void hrtimer_restart(struct hrtimer *timer) - } - - /* Query timers: */ --extern ktime_t hrtimer_get_remaining(const struct hrtimer *timer); -+extern ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust); -+ -+static inline ktime_t hrtimer_get_remaining(const struct hrtimer *timer) -+{ -+ return __hrtimer_get_remaining(timer, false); -+} - - extern u64 hrtimer_get_next_event(void); - -diff --git a/include/linux/tty.h b/include/linux/tty.h -index 5e31f1b..6b6e811 100644 ---- a/include/linux/tty.h -+++ b/include/linux/tty.h -@@ -654,6 +654,7 @@ extern long vt_compat_ioctl(struct tty_struct *tty, - /* tty_mutex.c */ - /* functions for preparation of BKL removal */ - extern void __lockfunc tty_lock(struct tty_struct *tty); -+extern int tty_lock_interruptible(struct tty_struct *tty); - extern void __lockfunc tty_unlock(struct tty_struct *tty); - extern void __lockfunc tty_lock_slave(struct tty_struct *tty); - extern void __lockfunc tty_unlock_slave(struct tty_struct *tty); -diff --git a/include/sound/rawmidi.h b/include/sound/rawmidi.h -index f6cbef7..3b91ad5 100644 ---- a/include/sound/rawmidi.h -+++ b/include/sound/rawmidi.h -@@ -167,6 +167,10 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream, - int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count); - int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream, - unsigned char *buffer, int count); -+int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream, -+ unsigned char *buffer, int count); -+int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, -+ int count); - - /* main midi functions */ - -diff --git a/kernel/panic.c b/kernel/panic.c -index 4b150bc..41e2b54 100644 ---- a/kernel/panic.c -+++ b/kernel/panic.c -@@ -157,8 +157,7 @@ void panic(const char *fmt, ...) - * panic() is not being callled from OOPS. - */ - debug_locks_off(); -- console_trylock(); -- console_unlock(); -+ console_flush_on_panic(); - - if (!panic_blink) - panic_blink = no_blink; -diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index 2ce8826..c048e34 100644 ---- a/kernel/printk/printk.c -+++ b/kernel/printk/printk.c -@@ -2233,13 +2233,24 @@ void console_unlock(void) - static u64 seen_seq; - unsigned long flags; - bool wake_klogd = false; -- bool retry; -+ bool do_cond_resched, retry; - - if (console_suspended) { - up_console_sem(); - return; - } - -+ /* -+ * Console drivers are called under logbuf_lock, so -+ * @console_may_schedule should be cleared before; however, we may -+ * end up dumping a lot of lines, for example, if called from -+ * console registration path, and should invoke cond_resched() -+ * between lines if allowable. Not doing so can cause a very long -+ * scheduling stall on a slow console leading to RCU stall and -+ * softlockup warnings which exacerbate the issue with more -+ * messages practically incapacitating the system. -+ */ -+ do_cond_resched = console_may_schedule; - console_may_schedule = 0; - - /* flush buffered message fragment immediately to console */ -@@ -2311,6 +2322,9 @@ skip: - call_console_drivers(level, ext_text, ext_len, text, len); - start_critical_timings(); - local_irq_restore(flags); -+ -+ if (do_cond_resched) -+ cond_resched(); - } - console_locked = 0; - -@@ -2378,6 +2392,25 @@ void console_unblank(void) - console_unlock(); - } - -+/** -+ * console_flush_on_panic - flush console content on panic -+ * -+ * Immediately output all pending messages no matter what. -+ */ -+void console_flush_on_panic(void) -+{ -+ /* -+ * If someone else is holding the console lock, trylock will fail -+ * and may_schedule may be set. Ignore and proceed to unlock so -+ * that messages are flushed out. As this can be called from any -+ * context and we don't want to get preempted while flushing, -+ * ensure may_schedule is cleared. -+ */ -+ console_trylock(); -+ console_may_schedule = 0; -+ console_unlock(); -+} -+ - /* - * Return the console tty driver structure and its associated index - */ -diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 732e993..eb70592 100644 ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -6738,7 +6738,7 @@ static void sched_init_numa(void) - - sched_domains_numa_masks[i][j] = mask; - -- for (k = 0; k < nr_node_ids; k++) { -+ for_each_node(k) { - if (node_distance(j, k) > sched_domains_numa_distance[i]) - continue; - -diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c -index 435b885..fa909f9 100644 ---- a/kernel/time/hrtimer.c -+++ b/kernel/time/hrtimer.c -@@ -897,10 +897,10 @@ static int enqueue_hrtimer(struct hrtimer *timer, - */ - static void __remove_hrtimer(struct hrtimer *timer, - struct hrtimer_clock_base *base, -- unsigned long newstate, int reprogram) -+ u8 newstate, int reprogram) - { - struct hrtimer_cpu_base *cpu_base = base->cpu_base; -- unsigned int state = timer->state; -+ u8 state = timer->state; - - timer->state = newstate; - if (!(state & HRTIMER_STATE_ENQUEUED)) -@@ -930,7 +930,7 @@ static inline int - remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool restart) - { - if (hrtimer_is_queued(timer)) { -- unsigned long state = timer->state; -+ u8 state = timer->state; - int reprogram; - - /* -@@ -954,6 +954,22 @@ remove_hrtimer(struct hrtimer *timer, struct hrtimer_clock_base *base, bool rest - return 0; - } - -+static inline ktime_t hrtimer_update_lowres(struct hrtimer *timer, ktime_t tim, -+ const enum hrtimer_mode mode) -+{ -+#ifdef CONFIG_TIME_LOW_RES -+ /* -+ * CONFIG_TIME_LOW_RES indicates that the system has no way to return -+ * granular time values. For relative timers we add hrtimer_resolution -+ * (i.e. one jiffie) to prevent short timeouts. -+ */ -+ timer->is_rel = mode & HRTIMER_MODE_REL; -+ if (timer->is_rel) -+ tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution)); -+#endif -+ return tim; -+} -+ - /** - * hrtimer_start_range_ns - (re)start an hrtimer on the current CPU - * @timer: the timer to be added -@@ -974,19 +990,10 @@ void hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, - /* Remove an active timer from the queue: */ - remove_hrtimer(timer, base, true); - -- if (mode & HRTIMER_MODE_REL) { -+ if (mode & HRTIMER_MODE_REL) - tim = ktime_add_safe(tim, base->get_time()); -- /* -- * CONFIG_TIME_LOW_RES is a temporary way for architectures -- * to signal that they simply return xtime in -- * do_gettimeoffset(). In this case we want to round up by -- * resolution when starting a relative timer, to avoid short -- * timeouts. This will go away with the GTOD framework. -- */ --#ifdef CONFIG_TIME_LOW_RES -- tim = ktime_add_safe(tim, ktime_set(0, hrtimer_resolution)); --#endif -- } -+ -+ tim = hrtimer_update_lowres(timer, tim, mode); - - hrtimer_set_expires_range_ns(timer, tim, delta_ns); - -@@ -1074,19 +1081,23 @@ EXPORT_SYMBOL_GPL(hrtimer_cancel); - /** - * hrtimer_get_remaining - get remaining time for the timer - * @timer: the timer to read -+ * @adjust: adjust relative timers when CONFIG_TIME_LOW_RES=y - */ --ktime_t hrtimer_get_remaining(const struct hrtimer *timer) -+ktime_t __hrtimer_get_remaining(const struct hrtimer *timer, bool adjust) - { - unsigned long flags; - ktime_t rem; - - lock_hrtimer_base(timer, &flags); -- rem = hrtimer_expires_remaining(timer); -+ if (IS_ENABLED(CONFIG_TIME_LOW_RES) && adjust) -+ rem = hrtimer_expires_remaining_adjusted(timer); -+ else -+ rem = hrtimer_expires_remaining(timer); - unlock_hrtimer_base(timer, &flags); - - return rem; - } --EXPORT_SYMBOL_GPL(hrtimer_get_remaining); -+EXPORT_SYMBOL_GPL(__hrtimer_get_remaining); - - #ifdef CONFIG_NO_HZ_COMMON - /** -@@ -1220,6 +1231,14 @@ static void __run_hrtimer(struct hrtimer_cpu_base *cpu_base, - fn = timer->function; - - /* -+ * Clear the 'is relative' flag for the TIME_LOW_RES case. If the -+ * timer is restarted with a period then it becomes an absolute -+ * timer. If its not restarted it does not matter. -+ */ -+ if (IS_ENABLED(CONFIG_TIME_LOW_RES)) -+ timer->is_rel = false; -+ -+ /* - * Because we run timers from hardirq context, there is no chance - * they get migrated to another cpu, therefore its safe to unlock - * the timer base. -diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c -index f75e35b..ba7d8b2 100644 ---- a/kernel/time/timer_list.c -+++ b/kernel/time/timer_list.c -@@ -69,7 +69,7 @@ print_timer(struct seq_file *m, struct hrtimer *taddr, struct hrtimer *timer, - print_name_offset(m, taddr); - SEQ_printf(m, ", "); - print_name_offset(m, timer->function); -- SEQ_printf(m, ", S:%02lx", timer->state); -+ SEQ_printf(m, ", S:%02x", timer->state); - #ifdef CONFIG_TIMER_STATS - SEQ_printf(m, ", "); - print_name_offset(m, timer->start_site); -diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 87fb980..d929340 100644 ---- a/kernel/trace/trace.c -+++ b/kernel/trace/trace.c -@@ -1751,7 +1751,7 @@ void trace_buffer_unlock_commit_regs(struct trace_array *tr, - { - __buffer_unlock_commit(buffer, event); - -- ftrace_trace_stack(tr, buffer, flags, 6, pc, regs); -+ ftrace_trace_stack(tr, buffer, flags, 0, pc, regs); - ftrace_trace_userstack(buffer, flags, pc); - } - EXPORT_SYMBOL_GPL(trace_buffer_unlock_commit_regs); -diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index dda9e67..202df6c 100644 ---- a/kernel/trace/trace_stack.c -+++ b/kernel/trace/trace_stack.c -@@ -126,6 +126,13 @@ check_stack(unsigned long ip, unsigned long *stack) - } - - /* -+ * Some archs may not have the passed in ip in the dump. -+ * If that happens, we need to show everything. -+ */ -+ if (i == stack_trace_max.nr_entries) -+ i = 0; -+ -+ /* - * Now find where in the stack these are. - */ - x = 0; -diff --git a/lib/libcrc32c.c b/lib/libcrc32c.c -index 6a08ce7..acf9da4 100644 ---- a/lib/libcrc32c.c -+++ b/lib/libcrc32c.c -@@ -74,3 +74,4 @@ module_exit(libcrc32c_mod_fini); - MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>"); - MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations"); - MODULE_LICENSE("GPL"); -+MODULE_SOFTDEP("pre: crc32c"); -diff --git a/mm/backing-dev.c b/mm/backing-dev.c -index 7340353..cbe6f0b 100644 ---- a/mm/backing-dev.c -+++ b/mm/backing-dev.c -@@ -989,7 +989,7 @@ long wait_iff_congested(struct zone *zone, int sync, long timeout) - * here rather than calling cond_resched(). - */ - if (current->flags & PF_WQ_WORKER) -- schedule_timeout(1); -+ schedule_timeout_uninterruptible(1); - else - cond_resched(); - -diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c -index 9f15bdd..fc08399 100644 ---- a/mm/zsmalloc.c -+++ b/mm/zsmalloc.c -@@ -309,7 +309,12 @@ static void free_handle(struct zs_pool *pool, unsigned long handle) - - static void record_obj(unsigned long handle, unsigned long obj) - { -- *(unsigned long *)handle = obj; -+ /* -+ * lsb of @obj represents handle lock while other bits -+ * represent object value the handle is pointing so -+ * updating shouldn't do store tearing. -+ */ -+ WRITE_ONCE(*(unsigned long *)handle, obj); - } - - /* zpool driver */ -@@ -1635,6 +1640,13 @@ static int migrate_zspage(struct zs_pool *pool, struct size_class *class, - free_obj = obj_malloc(d_page, class, handle); - zs_object_copy(free_obj, used_obj, class); - index++; -+ /* -+ * record_obj updates handle's value to free_obj and it will -+ * invalidate lock bit(ie, HANDLE_PIN_BIT) of handle, which -+ * breaks synchronization using pin_tag(e,g, zs_free) so -+ * let's keep the lock bit. -+ */ -+ free_obj |= BIT(HANDLE_PIN_BIT); - record_obj(handle, free_obj); - unpin_tag(handle); - obj_free(pool, class, used_obj); -diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c -index 1334e02..3d145a3 100644 ---- a/security/integrity/evm/evm_main.c -+++ b/security/integrity/evm/evm_main.c -@@ -23,6 +23,7 @@ - #include <linux/integrity.h> - #include <linux/evm.h> - #include <crypto/hash.h> -+#include <crypto/algapi.h> - #include "evm.h" - - int evm_initialized; -@@ -148,7 +149,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, - xattr_value_len, calc.digest); - if (rc) - break; -- rc = memcmp(xattr_data->digest, calc.digest, -+ rc = crypto_memneq(xattr_data->digest, calc.digest, - sizeof(calc.digest)); - if (rc) - rc = -EINVAL; -diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c -index b123c42..b554d7f 100644 ---- a/sound/core/compress_offload.c -+++ b/sound/core/compress_offload.c -@@ -44,6 +44,13 @@ - #include <sound/compress_offload.h> - #include <sound/compress_driver.h> - -+/* struct snd_compr_codec_caps overflows the ioctl bit size for some -+ * architectures, so we need to disable the relevant ioctls. -+ */ -+#if _IOC_SIZEBITS < 14 -+#define COMPR_CODEC_CAPS_OVERFLOW -+#endif -+ - /* TODO: - * - add substream support for multiple devices in case of - * SND_DYNAMIC_MINORS is not used -@@ -438,6 +445,7 @@ out: - return retval; - } - -+#ifndef COMPR_CODEC_CAPS_OVERFLOW - static int - snd_compr_get_codec_caps(struct snd_compr_stream *stream, unsigned long arg) - { -@@ -461,6 +469,7 @@ out: - kfree(caps); - return retval; - } -+#endif /* !COMPR_CODEC_CAPS_OVERFLOW */ - - /* revisit this with snd_pcm_preallocate_xxx */ - static int snd_compr_allocate_buffer(struct snd_compr_stream *stream, -@@ -799,9 +808,11 @@ static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg) - case _IOC_NR(SNDRV_COMPRESS_GET_CAPS): - retval = snd_compr_get_caps(stream, arg); - break; -+#ifndef COMPR_CODEC_CAPS_OVERFLOW - case _IOC_NR(SNDRV_COMPRESS_GET_CODEC_CAPS): - retval = snd_compr_get_codec_caps(stream, arg); - break; -+#endif - case _IOC_NR(SNDRV_COMPRESS_SET_PARAMS): - retval = snd_compr_set_params(stream, arg); - break; -diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c -index 58550cc..33e72c8 100644 ---- a/sound/core/oss/pcm_oss.c -+++ b/sound/core/oss/pcm_oss.c -@@ -834,7 +834,8 @@ static int choose_rate(struct snd_pcm_substream *substream, - return snd_pcm_hw_param_near(substream, params, SNDRV_PCM_HW_PARAM_RATE, best_rate, NULL); - } - --static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream) -+static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream, -+ bool trylock) - { - struct snd_pcm_runtime *runtime = substream->runtime; - struct snd_pcm_hw_params *params, *sparams; -@@ -848,7 +849,10 @@ static int snd_pcm_oss_change_params(struct snd_pcm_substream *substream) - struct snd_mask sformat_mask; - struct snd_mask mask; - -- if (mutex_lock_interruptible(&runtime->oss.params_lock)) -+ if (trylock) { -+ if (!(mutex_trylock(&runtime->oss.params_lock))) -+ return -EAGAIN; -+ } else if (mutex_lock_interruptible(&runtime->oss.params_lock)) - return -EINTR; - sw_params = kmalloc(sizeof(*sw_params), GFP_KERNEL); - params = kmalloc(sizeof(*params), GFP_KERNEL); -@@ -1092,7 +1096,7 @@ static int snd_pcm_oss_get_active_substream(struct snd_pcm_oss_file *pcm_oss_fil - if (asubstream == NULL) - asubstream = substream; - if (substream->runtime->oss.params) { -- err = snd_pcm_oss_change_params(substream); -+ err = snd_pcm_oss_change_params(substream, false); - if (err < 0) - return err; - } -@@ -1132,7 +1136,7 @@ static int snd_pcm_oss_make_ready(struct snd_pcm_substream *substream) - return 0; - runtime = substream->runtime; - if (runtime->oss.params) { -- err = snd_pcm_oss_change_params(substream); -+ err = snd_pcm_oss_change_params(substream, false); - if (err < 0) - return err; - } -@@ -2163,7 +2167,7 @@ static int snd_pcm_oss_get_space(struct snd_pcm_oss_file *pcm_oss_file, int stre - runtime = substream->runtime; - - if (runtime->oss.params && -- (err = snd_pcm_oss_change_params(substream)) < 0) -+ (err = snd_pcm_oss_change_params(substream, false)) < 0) - return err; - - info.fragsize = runtime->oss.period_bytes; -@@ -2800,7 +2804,12 @@ static int snd_pcm_oss_mmap(struct file *file, struct vm_area_struct *area) - return -EIO; - - if (runtime->oss.params) { -- if ((err = snd_pcm_oss_change_params(substream)) < 0) -+ /* use mutex_trylock() for params_lock for avoiding a deadlock -+ * between mmap_sem and params_lock taken by -+ * copy_from/to_user() in snd_pcm_oss_write/read() -+ */ -+ err = snd_pcm_oss_change_params(substream, true); -+ if (err < 0) - return err; - } - #ifdef CONFIG_SND_PCM_OSS_PLUGINS -diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c -index a775984..795437b 100644 ---- a/sound/core/rawmidi.c -+++ b/sound/core/rawmidi.c -@@ -942,31 +942,36 @@ static long snd_rawmidi_kernel_read1(struct snd_rawmidi_substream *substream, - unsigned long flags; - long result = 0, count1; - struct snd_rawmidi_runtime *runtime = substream->runtime; -+ unsigned long appl_ptr; - -+ spin_lock_irqsave(&runtime->lock, flags); - while (count > 0 && runtime->avail) { - count1 = runtime->buffer_size - runtime->appl_ptr; - if (count1 > count) - count1 = count; -- spin_lock_irqsave(&runtime->lock, flags); - if (count1 > (int)runtime->avail) - count1 = runtime->avail; -+ -+ /* update runtime->appl_ptr before unlocking for userbuf */ -+ appl_ptr = runtime->appl_ptr; -+ runtime->appl_ptr += count1; -+ runtime->appl_ptr %= runtime->buffer_size; -+ runtime->avail -= count1; -+ - if (kernelbuf) -- memcpy(kernelbuf + result, runtime->buffer + runtime->appl_ptr, count1); -+ memcpy(kernelbuf + result, runtime->buffer + appl_ptr, count1); - if (userbuf) { - spin_unlock_irqrestore(&runtime->lock, flags); - if (copy_to_user(userbuf + result, -- runtime->buffer + runtime->appl_ptr, count1)) { -+ runtime->buffer + appl_ptr, count1)) { - return result > 0 ? result : -EFAULT; - } - spin_lock_irqsave(&runtime->lock, flags); - } -- runtime->appl_ptr += count1; -- runtime->appl_ptr %= runtime->buffer_size; -- runtime->avail -= count1; -- spin_unlock_irqrestore(&runtime->lock, flags); - result += count1; - count -= count1; - } -+ spin_unlock_irqrestore(&runtime->lock, flags); - return result; - } - -@@ -1055,23 +1060,16 @@ int snd_rawmidi_transmit_empty(struct snd_rawmidi_substream *substream) - EXPORT_SYMBOL(snd_rawmidi_transmit_empty); - - /** -- * snd_rawmidi_transmit_peek - copy data from the internal buffer -+ * __snd_rawmidi_transmit_peek - copy data from the internal buffer - * @substream: the rawmidi substream - * @buffer: the buffer pointer - * @count: data size to transfer - * -- * Copies data from the internal output buffer to the given buffer. -- * -- * Call this in the interrupt handler when the midi output is ready, -- * and call snd_rawmidi_transmit_ack() after the transmission is -- * finished. -- * -- * Return: The size of copied data, or a negative error code on failure. -+ * This is a variant of snd_rawmidi_transmit_peek() without spinlock. - */ --int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream, -+int __snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream, - unsigned char *buffer, int count) - { -- unsigned long flags; - int result, count1; - struct snd_rawmidi_runtime *runtime = substream->runtime; - -@@ -1081,7 +1079,6 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream, - return -EINVAL; - } - result = 0; -- spin_lock_irqsave(&runtime->lock, flags); - if (runtime->avail >= runtime->buffer_size) { - /* warning: lowlevel layer MUST trigger down the hardware */ - goto __skip; -@@ -1106,25 +1103,47 @@ int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream, - } - } - __skip: -+ return result; -+} -+EXPORT_SYMBOL(__snd_rawmidi_transmit_peek); -+ -+/** -+ * snd_rawmidi_transmit_peek - copy data from the internal buffer -+ * @substream: the rawmidi substream -+ * @buffer: the buffer pointer -+ * @count: data size to transfer -+ * -+ * Copies data from the internal output buffer to the given buffer. -+ * -+ * Call this in the interrupt handler when the midi output is ready, -+ * and call snd_rawmidi_transmit_ack() after the transmission is -+ * finished. -+ * -+ * Return: The size of copied data, or a negative error code on failure. -+ */ -+int snd_rawmidi_transmit_peek(struct snd_rawmidi_substream *substream, -+ unsigned char *buffer, int count) -+{ -+ struct snd_rawmidi_runtime *runtime = substream->runtime; -+ int result; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&runtime->lock, flags); -+ result = __snd_rawmidi_transmit_peek(substream, buffer, count); - spin_unlock_irqrestore(&runtime->lock, flags); - return result; - } - EXPORT_SYMBOL(snd_rawmidi_transmit_peek); - - /** -- * snd_rawmidi_transmit_ack - acknowledge the transmission -+ * __snd_rawmidi_transmit_ack - acknowledge the transmission - * @substream: the rawmidi substream - * @count: the transferred count - * -- * Advances the hardware pointer for the internal output buffer with -- * the given size and updates the condition. -- * Call after the transmission is finished. -- * -- * Return: The advanced size if successful, or a negative error code on failure. -+ * This is a variant of __snd_rawmidi_transmit_ack() without spinlock. - */ --int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count) -+int __snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count) - { -- unsigned long flags; - struct snd_rawmidi_runtime *runtime = substream->runtime; - - if (runtime->buffer == NULL) { -@@ -1132,7 +1151,6 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count) - "snd_rawmidi_transmit_ack: output is not active!!!\n"); - return -EINVAL; - } -- spin_lock_irqsave(&runtime->lock, flags); - snd_BUG_ON(runtime->avail + count > runtime->buffer_size); - runtime->hw_ptr += count; - runtime->hw_ptr %= runtime->buffer_size; -@@ -1142,9 +1160,32 @@ int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count) - if (runtime->drain || snd_rawmidi_ready(substream)) - wake_up(&runtime->sleep); - } -- spin_unlock_irqrestore(&runtime->lock, flags); - return count; - } -+EXPORT_SYMBOL(__snd_rawmidi_transmit_ack); -+ -+/** -+ * snd_rawmidi_transmit_ack - acknowledge the transmission -+ * @substream: the rawmidi substream -+ * @count: the transferred count -+ * -+ * Advances the hardware pointer for the internal output buffer with -+ * the given size and updates the condition. -+ * Call after the transmission is finished. -+ * -+ * Return: The advanced size if successful, or a negative error code on failure. -+ */ -+int snd_rawmidi_transmit_ack(struct snd_rawmidi_substream *substream, int count) -+{ -+ struct snd_rawmidi_runtime *runtime = substream->runtime; -+ int result; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&runtime->lock, flags); -+ result = __snd_rawmidi_transmit_ack(substream, count); -+ spin_unlock_irqrestore(&runtime->lock, flags); -+ return result; -+} - EXPORT_SYMBOL(snd_rawmidi_transmit_ack); - - /** -@@ -1160,12 +1201,22 @@ EXPORT_SYMBOL(snd_rawmidi_transmit_ack); - int snd_rawmidi_transmit(struct snd_rawmidi_substream *substream, - unsigned char *buffer, int count) - { -+ struct snd_rawmidi_runtime *runtime = substream->runtime; -+ int result; -+ unsigned long flags; -+ -+ spin_lock_irqsave(&runtime->lock, flags); - if (!substream->opened) -- return -EBADFD; -- count = snd_rawmidi_transmit_peek(substream, buffer, count); -- if (count < 0) -- return count; -- return snd_rawmidi_transmit_ack(substream, count); -+ result = -EBADFD; -+ else { -+ count = __snd_rawmidi_transmit_peek(substream, buffer, count); -+ if (count <= 0) -+ result = count; -+ else -+ result = __snd_rawmidi_transmit_ack(substream, count); -+ } -+ spin_unlock_irqrestore(&runtime->lock, flags); -+ return result; - } - EXPORT_SYMBOL(snd_rawmidi_transmit); - -@@ -1177,8 +1228,9 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream, - unsigned long flags; - long count1, result; - struct snd_rawmidi_runtime *runtime = substream->runtime; -+ unsigned long appl_ptr; - -- if (snd_BUG_ON(!kernelbuf && !userbuf)) -+ if (!kernelbuf && !userbuf) - return -EINVAL; - if (snd_BUG_ON(!runtime->buffer)) - return -EINVAL; -@@ -1197,12 +1249,19 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream, - count1 = count; - if (count1 > (long)runtime->avail) - count1 = runtime->avail; -+ -+ /* update runtime->appl_ptr before unlocking for userbuf */ -+ appl_ptr = runtime->appl_ptr; -+ runtime->appl_ptr += count1; -+ runtime->appl_ptr %= runtime->buffer_size; -+ runtime->avail -= count1; -+ - if (kernelbuf) -- memcpy(runtime->buffer + runtime->appl_ptr, -+ memcpy(runtime->buffer + appl_ptr, - kernelbuf + result, count1); - else if (userbuf) { - spin_unlock_irqrestore(&runtime->lock, flags); -- if (copy_from_user(runtime->buffer + runtime->appl_ptr, -+ if (copy_from_user(runtime->buffer + appl_ptr, - userbuf + result, count1)) { - spin_lock_irqsave(&runtime->lock, flags); - result = result > 0 ? result : -EFAULT; -@@ -1210,9 +1269,6 @@ static long snd_rawmidi_kernel_write1(struct snd_rawmidi_substream *substream, - } - spin_lock_irqsave(&runtime->lock, flags); - } -- runtime->appl_ptr += count1; -- runtime->appl_ptr %= runtime->buffer_size; -- runtime->avail -= count1; - result += count1; - count -= count1; - } -diff --git a/sound/core/seq/oss/seq_oss_init.c b/sound/core/seq/oss/seq_oss_init.c -index b1221b2..6779e82b 100644 ---- a/sound/core/seq/oss/seq_oss_init.c -+++ b/sound/core/seq/oss/seq_oss_init.c -@@ -202,7 +202,7 @@ snd_seq_oss_open(struct file *file, int level) - - dp->index = i; - if (i >= SNDRV_SEQ_OSS_MAX_CLIENTS) { -- pr_err("ALSA: seq_oss: too many applications\n"); -+ pr_debug("ALSA: seq_oss: too many applications\n"); - rc = -ENOMEM; - goto _error; - } -diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c -index 0f3b381..b16dbef 100644 ---- a/sound/core/seq/oss/seq_oss_synth.c -+++ b/sound/core/seq/oss/seq_oss_synth.c -@@ -308,7 +308,7 @@ snd_seq_oss_synth_cleanup(struct seq_oss_devinfo *dp) - struct seq_oss_synth *rec; - struct seq_oss_synthinfo *info; - -- if (snd_BUG_ON(dp->max_synthdev >= SNDRV_SEQ_OSS_MAX_SYNTH_DEVS)) -+ if (snd_BUG_ON(dp->max_synthdev > SNDRV_SEQ_OSS_MAX_SYNTH_DEVS)) - return; - for (i = 0; i < dp->max_synthdev; i++) { - info = &dp->synths[i]; -diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c -index 13cfa81..58e79e0 100644 ---- a/sound/core/seq/seq_clientmgr.c -+++ b/sound/core/seq/seq_clientmgr.c -@@ -678,6 +678,9 @@ static int deliver_to_subscribers(struct snd_seq_client *client, - else - down_read(&grp->list_mutex); - list_for_each_entry(subs, &grp->list_head, src_list) { -+ /* both ports ready? */ -+ if (atomic_read(&subs->ref_count) != 2) -+ continue; - event->dest = subs->info.dest; - if (subs->info.flags & SNDRV_SEQ_PORT_SUBS_TIMESTAMP) - /* convert time according to flag with subscription */ -diff --git a/sound/core/seq/seq_ports.c b/sound/core/seq/seq_ports.c -index 55170a2..921fb2b 100644 ---- a/sound/core/seq/seq_ports.c -+++ b/sound/core/seq/seq_ports.c -@@ -173,10 +173,6 @@ struct snd_seq_client_port *snd_seq_create_port(struct snd_seq_client *client, - } - - /* */ --enum group_type { -- SRC_LIST, DEST_LIST --}; -- - static int subscribe_port(struct snd_seq_client *client, - struct snd_seq_client_port *port, - struct snd_seq_port_subs_info *grp, -@@ -203,6 +199,20 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr, - return NULL; - } - -+static void delete_and_unsubscribe_port(struct snd_seq_client *client, -+ struct snd_seq_client_port *port, -+ struct snd_seq_subscribers *subs, -+ bool is_src, bool ack); -+ -+static inline struct snd_seq_subscribers * -+get_subscriber(struct list_head *p, bool is_src) -+{ -+ if (is_src) -+ return list_entry(p, struct snd_seq_subscribers, src_list); -+ else -+ return list_entry(p, struct snd_seq_subscribers, dest_list); -+} -+ - /* - * remove all subscribers on the list - * this is called from port_delete, for each src and dest list. -@@ -210,7 +220,7 @@ static struct snd_seq_client_port *get_client_port(struct snd_seq_addr *addr, - static void clear_subscriber_list(struct snd_seq_client *client, - struct snd_seq_client_port *port, - struct snd_seq_port_subs_info *grp, -- int grptype) -+ int is_src) - { - struct list_head *p, *n; - -@@ -219,15 +229,13 @@ static void clear_subscriber_list(struct snd_seq_client *client, - struct snd_seq_client *c; - struct snd_seq_client_port *aport; - -- if (grptype == SRC_LIST) { -- subs = list_entry(p, struct snd_seq_subscribers, src_list); -+ subs = get_subscriber(p, is_src); -+ if (is_src) - aport = get_client_port(&subs->info.dest, &c); -- } else { -- subs = list_entry(p, struct snd_seq_subscribers, dest_list); -+ else - aport = get_client_port(&subs->info.sender, &c); -- } -- list_del(p); -- unsubscribe_port(client, port, grp, &subs->info, 0); -+ delete_and_unsubscribe_port(client, port, subs, is_src, false); -+ - if (!aport) { - /* looks like the connected port is being deleted. - * we decrease the counter, and when both ports are deleted -@@ -235,21 +243,14 @@ static void clear_subscriber_list(struct snd_seq_client *client, - */ - if (atomic_dec_and_test(&subs->ref_count)) - kfree(subs); -- } else { -- /* ok we got the connected port */ -- struct snd_seq_port_subs_info *agrp; -- agrp = (grptype == SRC_LIST) ? &aport->c_dest : &aport->c_src; -- down_write(&agrp->list_mutex); -- if (grptype == SRC_LIST) -- list_del(&subs->dest_list); -- else -- list_del(&subs->src_list); -- up_write(&agrp->list_mutex); -- unsubscribe_port(c, aport, agrp, &subs->info, 1); -- kfree(subs); -- snd_seq_port_unlock(aport); -- snd_seq_client_unlock(c); -+ continue; - } -+ -+ /* ok we got the connected port */ -+ delete_and_unsubscribe_port(c, aport, subs, !is_src, true); -+ kfree(subs); -+ snd_seq_port_unlock(aport); -+ snd_seq_client_unlock(c); - } - } - -@@ -262,8 +263,8 @@ static int port_delete(struct snd_seq_client *client, - snd_use_lock_sync(&port->use_lock); - - /* clear subscribers info */ -- clear_subscriber_list(client, port, &port->c_src, SRC_LIST); -- clear_subscriber_list(client, port, &port->c_dest, DEST_LIST); -+ clear_subscriber_list(client, port, &port->c_src, true); -+ clear_subscriber_list(client, port, &port->c_dest, false); - - if (port->private_free) - port->private_free(port->private_data); -@@ -479,85 +480,120 @@ static int match_subs_info(struct snd_seq_port_subscribe *r, - return 0; - } - -- --/* connect two ports */ --int snd_seq_port_connect(struct snd_seq_client *connector, -- struct snd_seq_client *src_client, -- struct snd_seq_client_port *src_port, -- struct snd_seq_client *dest_client, -- struct snd_seq_client_port *dest_port, -- struct snd_seq_port_subscribe *info) -+static int check_and_subscribe_port(struct snd_seq_client *client, -+ struct snd_seq_client_port *port, -+ struct snd_seq_subscribers *subs, -+ bool is_src, bool exclusive, bool ack) - { -- struct snd_seq_port_subs_info *src = &src_port->c_src; -- struct snd_seq_port_subs_info *dest = &dest_port->c_dest; -- struct snd_seq_subscribers *subs, *s; -- int err, src_called = 0; -- unsigned long flags; -- int exclusive; -+ struct snd_seq_port_subs_info *grp; -+ struct list_head *p; -+ struct snd_seq_subscribers *s; -+ int err; - -- subs = kzalloc(sizeof(*subs), GFP_KERNEL); -- if (! subs) -- return -ENOMEM; -- -- subs->info = *info; -- atomic_set(&subs->ref_count, 2); -- -- down_write(&src->list_mutex); -- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING); -- -- exclusive = info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE ? 1 : 0; -+ grp = is_src ? &port->c_src : &port->c_dest; - err = -EBUSY; -+ down_write(&grp->list_mutex); - if (exclusive) { -- if (! list_empty(&src->list_head) || ! list_empty(&dest->list_head)) -+ if (!list_empty(&grp->list_head)) - goto __error; - } else { -- if (src->exclusive || dest->exclusive) -+ if (grp->exclusive) - goto __error; - /* check whether already exists */ -- list_for_each_entry(s, &src->list_head, src_list) { -- if (match_subs_info(info, &s->info)) -- goto __error; -- } -- list_for_each_entry(s, &dest->list_head, dest_list) { -- if (match_subs_info(info, &s->info)) -+ list_for_each(p, &grp->list_head) { -+ s = get_subscriber(p, is_src); -+ if (match_subs_info(&subs->info, &s->info)) - goto __error; - } - } - -- if ((err = subscribe_port(src_client, src_port, src, info, -- connector->number != src_client->number)) < 0) -- goto __error; -- src_called = 1; -- -- if ((err = subscribe_port(dest_client, dest_port, dest, info, -- connector->number != dest_client->number)) < 0) -+ err = subscribe_port(client, port, grp, &subs->info, ack); -+ if (err < 0) { -+ grp->exclusive = 0; - goto __error; -+ } - - /* add to list */ -- write_lock_irqsave(&src->list_lock, flags); -- // write_lock(&dest->list_lock); // no other lock yet -- list_add_tail(&subs->src_list, &src->list_head); -- list_add_tail(&subs->dest_list, &dest->list_head); -- // write_unlock(&dest->list_lock); // no other lock yet -- write_unlock_irqrestore(&src->list_lock, flags); -+ write_lock_irq(&grp->list_lock); -+ if (is_src) -+ list_add_tail(&subs->src_list, &grp->list_head); -+ else -+ list_add_tail(&subs->dest_list, &grp->list_head); -+ grp->exclusive = exclusive; -+ atomic_inc(&subs->ref_count); -+ write_unlock_irq(&grp->list_lock); -+ err = 0; -+ -+ __error: -+ up_write(&grp->list_mutex); -+ return err; -+} - -- src->exclusive = dest->exclusive = exclusive; -+static void delete_and_unsubscribe_port(struct snd_seq_client *client, -+ struct snd_seq_client_port *port, -+ struct snd_seq_subscribers *subs, -+ bool is_src, bool ack) -+{ -+ struct snd_seq_port_subs_info *grp; -+ -+ grp = is_src ? &port->c_src : &port->c_dest; -+ down_write(&grp->list_mutex); -+ write_lock_irq(&grp->list_lock); -+ if (is_src) -+ list_del(&subs->src_list); -+ else -+ list_del(&subs->dest_list); -+ grp->exclusive = 0; -+ write_unlock_irq(&grp->list_lock); -+ up_write(&grp->list_mutex); -+ -+ unsubscribe_port(client, port, grp, &subs->info, ack); -+} -+ -+/* connect two ports */ -+int snd_seq_port_connect(struct snd_seq_client *connector, -+ struct snd_seq_client *src_client, -+ struct snd_seq_client_port *src_port, -+ struct snd_seq_client *dest_client, -+ struct snd_seq_client_port *dest_port, -+ struct snd_seq_port_subscribe *info) -+{ -+ struct snd_seq_subscribers *subs; -+ bool exclusive; -+ int err; -+ -+ subs = kzalloc(sizeof(*subs), GFP_KERNEL); -+ if (!subs) -+ return -ENOMEM; -+ -+ subs->info = *info; -+ atomic_set(&subs->ref_count, 0); -+ INIT_LIST_HEAD(&subs->src_list); -+ INIT_LIST_HEAD(&subs->dest_list); -+ -+ exclusive = !!(info->flags & SNDRV_SEQ_PORT_SUBS_EXCLUSIVE); -+ -+ err = check_and_subscribe_port(src_client, src_port, subs, true, -+ exclusive, -+ connector->number != src_client->number); -+ if (err < 0) -+ goto error; -+ err = check_and_subscribe_port(dest_client, dest_port, subs, false, -+ exclusive, -+ connector->number != dest_client->number); -+ if (err < 0) -+ goto error_dest; - -- up_write(&dest->list_mutex); -- up_write(&src->list_mutex); - return 0; - -- __error: -- if (src_called) -- unsubscribe_port(src_client, src_port, src, info, -- connector->number != src_client->number); -+ error_dest: -+ delete_and_unsubscribe_port(src_client, src_port, subs, true, -+ connector->number != src_client->number); -+ error: - kfree(subs); -- up_write(&dest->list_mutex); -- up_write(&src->list_mutex); - return err; - } - -- - /* remove the connection */ - int snd_seq_port_disconnect(struct snd_seq_client *connector, - struct snd_seq_client *src_client, -@@ -567,37 +603,28 @@ int snd_seq_port_disconnect(struct snd_seq_client *connector, - struct snd_seq_port_subscribe *info) - { - struct snd_seq_port_subs_info *src = &src_port->c_src; -- struct snd_seq_port_subs_info *dest = &dest_port->c_dest; - struct snd_seq_subscribers *subs; - int err = -ENOENT; -- unsigned long flags; - - down_write(&src->list_mutex); -- down_write_nested(&dest->list_mutex, SINGLE_DEPTH_NESTING); -- - /* look for the connection */ - list_for_each_entry(subs, &src->list_head, src_list) { - if (match_subs_info(info, &subs->info)) { -- write_lock_irqsave(&src->list_lock, flags); -- // write_lock(&dest->list_lock); // no lock yet -- list_del(&subs->src_list); -- list_del(&subs->dest_list); -- // write_unlock(&dest->list_lock); -- write_unlock_irqrestore(&src->list_lock, flags); -- src->exclusive = dest->exclusive = 0; -- unsubscribe_port(src_client, src_port, src, info, -- connector->number != src_client->number); -- unsubscribe_port(dest_client, dest_port, dest, info, -- connector->number != dest_client->number); -- kfree(subs); -+ atomic_dec(&subs->ref_count); /* mark as not ready */ - err = 0; - break; - } - } -- -- up_write(&dest->list_mutex); - up_write(&src->list_mutex); -- return err; -+ if (err < 0) -+ return err; -+ -+ delete_and_unsubscribe_port(src_client, src_port, subs, true, -+ connector->number != src_client->number); -+ delete_and_unsubscribe_port(dest_client, dest_port, subs, false, -+ connector->number != dest_client->number); -+ kfree(subs); -+ return 0; - } - - -diff --git a/sound/core/seq/seq_timer.c b/sound/core/seq/seq_timer.c -index 82b220c..2931049 100644 ---- a/sound/core/seq/seq_timer.c -+++ b/sound/core/seq/seq_timer.c -@@ -90,6 +90,9 @@ void snd_seq_timer_delete(struct snd_seq_timer **tmr) - - void snd_seq_timer_defaults(struct snd_seq_timer * tmr) - { -+ unsigned long flags; -+ -+ spin_lock_irqsave(&tmr->lock, flags); - /* setup defaults */ - tmr->ppq = 96; /* 96 PPQ */ - tmr->tempo = 500000; /* 120 BPM */ -@@ -105,21 +108,25 @@ void snd_seq_timer_defaults(struct snd_seq_timer * tmr) - tmr->preferred_resolution = seq_default_timer_resolution; - - tmr->skew = tmr->skew_base = SKEW_BASE; -+ spin_unlock_irqrestore(&tmr->lock, flags); - } - --void snd_seq_timer_reset(struct snd_seq_timer * tmr) -+static void seq_timer_reset(struct snd_seq_timer *tmr) - { -- unsigned long flags; -- -- spin_lock_irqsave(&tmr->lock, flags); -- - /* reset time & songposition */ - tmr->cur_time.tv_sec = 0; - tmr->cur_time.tv_nsec = 0; - - tmr->tick.cur_tick = 0; - tmr->tick.fraction = 0; -+} -+ -+void snd_seq_timer_reset(struct snd_seq_timer *tmr) -+{ -+ unsigned long flags; - -+ spin_lock_irqsave(&tmr->lock, flags); -+ seq_timer_reset(tmr); - spin_unlock_irqrestore(&tmr->lock, flags); - } - -@@ -138,8 +145,11 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri, - tmr = q->timer; - if (tmr == NULL) - return; -- if (!tmr->running) -+ spin_lock_irqsave(&tmr->lock, flags); -+ if (!tmr->running) { -+ spin_unlock_irqrestore(&tmr->lock, flags); - return; -+ } - - resolution *= ticks; - if (tmr->skew != tmr->skew_base) { -@@ -148,8 +158,6 @@ static void snd_seq_timer_interrupt(struct snd_timer_instance *timeri, - (((resolution & 0xffff) * tmr->skew) >> 16); - } - -- spin_lock_irqsave(&tmr->lock, flags); -- - /* update timer */ - snd_seq_inc_time_nsec(&tmr->cur_time, resolution); - -@@ -296,26 +304,30 @@ int snd_seq_timer_open(struct snd_seq_queue *q) - t->callback = snd_seq_timer_interrupt; - t->callback_data = q; - t->flags |= SNDRV_TIMER_IFLG_AUTO; -+ spin_lock_irq(&tmr->lock); - tmr->timeri = t; -+ spin_unlock_irq(&tmr->lock); - return 0; - } - - int snd_seq_timer_close(struct snd_seq_queue *q) - { - struct snd_seq_timer *tmr; -+ struct snd_timer_instance *t; - - tmr = q->timer; - if (snd_BUG_ON(!tmr)) - return -EINVAL; -- if (tmr->timeri) { -- snd_timer_stop(tmr->timeri); -- snd_timer_close(tmr->timeri); -- tmr->timeri = NULL; -- } -+ spin_lock_irq(&tmr->lock); -+ t = tmr->timeri; -+ tmr->timeri = NULL; -+ spin_unlock_irq(&tmr->lock); -+ if (t) -+ snd_timer_close(t); - return 0; - } - --int snd_seq_timer_stop(struct snd_seq_timer * tmr) -+static int seq_timer_stop(struct snd_seq_timer *tmr) - { - if (! tmr->timeri) - return -EINVAL; -@@ -326,6 +338,17 @@ int snd_seq_timer_stop(struct snd_seq_timer * tmr) - return 0; - } - -+int snd_seq_timer_stop(struct snd_seq_timer *tmr) -+{ -+ unsigned long flags; -+ int err; -+ -+ spin_lock_irqsave(&tmr->lock, flags); -+ err = seq_timer_stop(tmr); -+ spin_unlock_irqrestore(&tmr->lock, flags); -+ return err; -+} -+ - static int initialize_timer(struct snd_seq_timer *tmr) - { - struct snd_timer *t; -@@ -358,13 +381,13 @@ static int initialize_timer(struct snd_seq_timer *tmr) - return 0; - } - --int snd_seq_timer_start(struct snd_seq_timer * tmr) -+static int seq_timer_start(struct snd_seq_timer *tmr) - { - if (! tmr->timeri) - return -EINVAL; - if (tmr->running) -- snd_seq_timer_stop(tmr); -- snd_seq_timer_reset(tmr); -+ seq_timer_stop(tmr); -+ seq_timer_reset(tmr); - if (initialize_timer(tmr) < 0) - return -EINVAL; - snd_timer_start(tmr->timeri, tmr->ticks); -@@ -373,14 +396,25 @@ int snd_seq_timer_start(struct snd_seq_timer * tmr) - return 0; - } - --int snd_seq_timer_continue(struct snd_seq_timer * tmr) -+int snd_seq_timer_start(struct snd_seq_timer *tmr) -+{ -+ unsigned long flags; -+ int err; -+ -+ spin_lock_irqsave(&tmr->lock, flags); -+ err = seq_timer_start(tmr); -+ spin_unlock_irqrestore(&tmr->lock, flags); -+ return err; -+} -+ -+static int seq_timer_continue(struct snd_seq_timer *tmr) - { - if (! tmr->timeri) - return -EINVAL; - if (tmr->running) - return -EBUSY; - if (! tmr->initialized) { -- snd_seq_timer_reset(tmr); -+ seq_timer_reset(tmr); - if (initialize_timer(tmr) < 0) - return -EINVAL; - } -@@ -390,11 +424,24 @@ int snd_seq_timer_continue(struct snd_seq_timer * tmr) - return 0; - } - -+int snd_seq_timer_continue(struct snd_seq_timer *tmr) -+{ -+ unsigned long flags; -+ int err; -+ -+ spin_lock_irqsave(&tmr->lock, flags); -+ err = seq_timer_continue(tmr); -+ spin_unlock_irqrestore(&tmr->lock, flags); -+ return err; -+} -+ - /* return current 'real' time. use timeofday() to get better granularity. */ - snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr) - { - snd_seq_real_time_t cur_time; -+ unsigned long flags; - -+ spin_lock_irqsave(&tmr->lock, flags); - cur_time = tmr->cur_time; - if (tmr->running) { - struct timeval tm; -@@ -410,7 +457,7 @@ snd_seq_real_time_t snd_seq_timer_get_cur_time(struct snd_seq_timer *tmr) - } - snd_seq_sanity_real_time(&cur_time); - } -- -+ spin_unlock_irqrestore(&tmr->lock, flags); - return cur_time; - } - -diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c -index 56e0f4cd..81134e0 100644 ---- a/sound/core/seq/seq_virmidi.c -+++ b/sound/core/seq/seq_virmidi.c -@@ -155,21 +155,26 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream, - struct snd_virmidi *vmidi = substream->runtime->private_data; - int count, res; - unsigned char buf[32], *pbuf; -+ unsigned long flags; - - if (up) { - vmidi->trigger = 1; - if (vmidi->seq_mode == SNDRV_VIRMIDI_SEQ_DISPATCH && - !(vmidi->rdev->flags & SNDRV_VIRMIDI_SUBSCRIBE)) { -- snd_rawmidi_transmit_ack(substream, substream->runtime->buffer_size - substream->runtime->avail); -- return; /* ignored */ -+ while (snd_rawmidi_transmit(substream, buf, -+ sizeof(buf)) > 0) { -+ /* ignored */ -+ } -+ return; - } - if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) { - if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0) - return; - vmidi->event.type = SNDRV_SEQ_EVENT_NONE; - } -+ spin_lock_irqsave(&substream->runtime->lock, flags); - while (1) { -- count = snd_rawmidi_transmit_peek(substream, buf, sizeof(buf)); -+ count = __snd_rawmidi_transmit_peek(substream, buf, sizeof(buf)); - if (count <= 0) - break; - pbuf = buf; -@@ -179,16 +184,18 @@ static void snd_virmidi_output_trigger(struct snd_rawmidi_substream *substream, - snd_midi_event_reset_encode(vmidi->parser); - continue; - } -- snd_rawmidi_transmit_ack(substream, res); -+ __snd_rawmidi_transmit_ack(substream, res); - pbuf += res; - count -= res; - if (vmidi->event.type != SNDRV_SEQ_EVENT_NONE) { - if (snd_seq_kernel_client_dispatch(vmidi->client, &vmidi->event, in_atomic(), 0) < 0) -- return; -+ goto out; - vmidi->event.type = SNDRV_SEQ_EVENT_NONE; - } - } - } -+ out: -+ spin_unlock_irqrestore(&substream->runtime->lock, flags); - } else { - vmidi->trigger = 0; - } -@@ -254,9 +261,13 @@ static int snd_virmidi_output_open(struct snd_rawmidi_substream *substream) - */ - static int snd_virmidi_input_close(struct snd_rawmidi_substream *substream) - { -+ struct snd_virmidi_dev *rdev = substream->rmidi->private_data; - struct snd_virmidi *vmidi = substream->runtime->private_data; -- snd_midi_event_free(vmidi->parser); -+ -+ write_lock_irq(&rdev->filelist_lock); - list_del(&vmidi->list); -+ write_unlock_irq(&rdev->filelist_lock); -+ snd_midi_event_free(vmidi->parser); - substream->runtime->private_data = NULL; - kfree(vmidi); - return 0; -diff --git a/sound/core/timer.c b/sound/core/timer.c -index 0a049c4..f24c9fc 100644 ---- a/sound/core/timer.c -+++ b/sound/core/timer.c -@@ -305,8 +305,7 @@ int snd_timer_open(struct snd_timer_instance **ti, - return 0; - } - --static int _snd_timer_stop(struct snd_timer_instance *timeri, -- int keep_flag, int event); -+static int _snd_timer_stop(struct snd_timer_instance *timeri, int event); - - /* - * close a timer instance -@@ -348,7 +347,7 @@ int snd_timer_close(struct snd_timer_instance *timeri) - spin_unlock_irq(&timer->lock); - mutex_lock(®ister_mutex); - list_del(&timeri->open_list); -- if (timer && list_empty(&timer->open_list_head) && -+ if (list_empty(&timer->open_list_head) && - timer->hw.close) - timer->hw.close(timer); - /* remove slave links */ -@@ -423,7 +422,7 @@ static void snd_timer_notify1(struct snd_timer_instance *ti, int event) - spin_lock_irqsave(&timer->lock, flags); - list_for_each_entry(ts, &ti->slave_active_head, active_list) - if (ts->ccallback) -- ts->ccallback(ti, event + 100, &tstamp, resolution); -+ ts->ccallback(ts, event + 100, &tstamp, resolution); - spin_unlock_irqrestore(&timer->lock, flags); - } - -@@ -452,6 +451,10 @@ static int snd_timer_start_slave(struct snd_timer_instance *timeri) - unsigned long flags; - - spin_lock_irqsave(&slave_active_lock, flags); -+ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) { -+ spin_unlock_irqrestore(&slave_active_lock, flags); -+ return -EBUSY; -+ } - timeri->flags |= SNDRV_TIMER_IFLG_RUNNING; - if (timeri->master && timeri->timer) { - spin_lock(&timeri->timer->lock); -@@ -476,7 +479,8 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks) - return -EINVAL; - if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) { - result = snd_timer_start_slave(timeri); -- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START); -+ if (result >= 0) -+ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START); - return result; - } - timer = timeri->timer; -@@ -485,16 +489,22 @@ int snd_timer_start(struct snd_timer_instance *timeri, unsigned int ticks) - if (timer->card && timer->card->shutdown) - return -ENODEV; - spin_lock_irqsave(&timer->lock, flags); -+ if (timeri->flags & (SNDRV_TIMER_IFLG_RUNNING | -+ SNDRV_TIMER_IFLG_START)) { -+ result = -EBUSY; -+ goto unlock; -+ } - timeri->ticks = timeri->cticks = ticks; - timeri->pticks = 0; - result = snd_timer_start1(timer, timeri, ticks); -+ unlock: - spin_unlock_irqrestore(&timer->lock, flags); -- snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START); -+ if (result >= 0) -+ snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_START); - return result; - } - --static int _snd_timer_stop(struct snd_timer_instance * timeri, -- int keep_flag, int event) -+static int _snd_timer_stop(struct snd_timer_instance *timeri, int event) - { - struct snd_timer *timer; - unsigned long flags; -@@ -503,19 +513,30 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri, - return -ENXIO; - - if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) { -- if (!keep_flag) { -- spin_lock_irqsave(&slave_active_lock, flags); -- timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING; -- list_del_init(&timeri->ack_list); -- list_del_init(&timeri->active_list); -+ spin_lock_irqsave(&slave_active_lock, flags); -+ if (!(timeri->flags & SNDRV_TIMER_IFLG_RUNNING)) { - spin_unlock_irqrestore(&slave_active_lock, flags); -+ return -EBUSY; - } -+ if (timeri->timer) -+ spin_lock(&timeri->timer->lock); -+ timeri->flags &= ~SNDRV_TIMER_IFLG_RUNNING; -+ list_del_init(&timeri->ack_list); -+ list_del_init(&timeri->active_list); -+ if (timeri->timer) -+ spin_unlock(&timeri->timer->lock); -+ spin_unlock_irqrestore(&slave_active_lock, flags); - goto __end; - } - timer = timeri->timer; - if (!timer) - return -EINVAL; - spin_lock_irqsave(&timer->lock, flags); -+ if (!(timeri->flags & (SNDRV_TIMER_IFLG_RUNNING | -+ SNDRV_TIMER_IFLG_START))) { -+ spin_unlock_irqrestore(&timer->lock, flags); -+ return -EBUSY; -+ } - list_del_init(&timeri->ack_list); - list_del_init(&timeri->active_list); - if (timer->card && timer->card->shutdown) { -@@ -534,9 +555,7 @@ static int _snd_timer_stop(struct snd_timer_instance * timeri, - } - } - } -- if (!keep_flag) -- timeri->flags &= -- ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START); -+ timeri->flags &= ~(SNDRV_TIMER_IFLG_RUNNING | SNDRV_TIMER_IFLG_START); - spin_unlock_irqrestore(&timer->lock, flags); - __end: - if (event != SNDRV_TIMER_EVENT_RESOLUTION) -@@ -555,7 +574,7 @@ int snd_timer_stop(struct snd_timer_instance *timeri) - unsigned long flags; - int err; - -- err = _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_STOP); -+ err = _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_STOP); - if (err < 0) - return err; - timer = timeri->timer; -@@ -587,10 +606,15 @@ int snd_timer_continue(struct snd_timer_instance *timeri) - if (timer->card && timer->card->shutdown) - return -ENODEV; - spin_lock_irqsave(&timer->lock, flags); -+ if (timeri->flags & SNDRV_TIMER_IFLG_RUNNING) { -+ result = -EBUSY; -+ goto unlock; -+ } - if (!timeri->cticks) - timeri->cticks = 1; - timeri->pticks = 0; - result = snd_timer_start1(timer, timeri, timer->sticks); -+ unlock: - spin_unlock_irqrestore(&timer->lock, flags); - snd_timer_notify1(timeri, SNDRV_TIMER_EVENT_CONTINUE); - return result; -@@ -601,7 +625,7 @@ int snd_timer_continue(struct snd_timer_instance *timeri) - */ - int snd_timer_pause(struct snd_timer_instance * timeri) - { -- return _snd_timer_stop(timeri, 0, SNDRV_TIMER_EVENT_PAUSE); -+ return _snd_timer_stop(timeri, SNDRV_TIMER_EVENT_PAUSE); - } - - /* -@@ -724,8 +748,8 @@ void snd_timer_interrupt(struct snd_timer * timer, unsigned long ticks_left) - ti->cticks = ti->ticks; - } else { - ti->flags &= ~SNDRV_TIMER_IFLG_RUNNING; -- if (--timer->running) -- list_del_init(&ti->active_list); -+ --timer->running; -+ list_del_init(&ti->active_list); - } - if ((timer->hw.flags & SNDRV_TIMER_HW_TASKLET) || - (ti->flags & SNDRV_TIMER_IFLG_FAST)) -@@ -1900,6 +1924,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer, - { - struct snd_timer_user *tu; - long result = 0, unit; -+ int qhead; - int err = 0; - - tu = file->private_data; -@@ -1911,7 +1936,7 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer, - - if ((file->f_flags & O_NONBLOCK) != 0 || result > 0) { - err = -EAGAIN; -- break; -+ goto _error; - } - - set_current_state(TASK_INTERRUPTIBLE); -@@ -1926,42 +1951,37 @@ static ssize_t snd_timer_user_read(struct file *file, char __user *buffer, - - if (tu->disconnected) { - err = -ENODEV; -- break; -+ goto _error; - } - if (signal_pending(current)) { - err = -ERESTARTSYS; -- break; -+ goto _error; - } - } - -+ qhead = tu->qhead++; -+ tu->qhead %= tu->queue_size; - spin_unlock_irq(&tu->qlock); -- if (err < 0) -- goto _error; - - if (tu->tread) { -- if (copy_to_user(buffer, &tu->tqueue[tu->qhead++], -- sizeof(struct snd_timer_tread))) { -+ if (copy_to_user(buffer, &tu->tqueue[qhead], -+ sizeof(struct snd_timer_tread))) - err = -EFAULT; -- goto _error; -- } - } else { -- if (copy_to_user(buffer, &tu->queue[tu->qhead++], -- sizeof(struct snd_timer_read))) { -+ if (copy_to_user(buffer, &tu->queue[qhead], -+ sizeof(struct snd_timer_read))) - err = -EFAULT; -- goto _error; -- } - } - -- tu->qhead %= tu->queue_size; -- -- result += unit; -- buffer += unit; -- - spin_lock_irq(&tu->qlock); - tu->qused--; -+ if (err < 0) -+ goto _error; -+ result += unit; -+ buffer += unit; - } -- spin_unlock_irq(&tu->qlock); - _error: -+ spin_unlock_irq(&tu->qlock); - return result > 0 ? result : err; - } - -diff --git a/sound/drivers/dummy.c b/sound/drivers/dummy.c -index 016e451..a9f7a75 100644 ---- a/sound/drivers/dummy.c -+++ b/sound/drivers/dummy.c -@@ -109,6 +109,9 @@ struct dummy_timer_ops { - snd_pcm_uframes_t (*pointer)(struct snd_pcm_substream *); - }; - -+#define get_dummy_ops(substream) \ -+ (*(const struct dummy_timer_ops **)(substream)->runtime->private_data) -+ - struct dummy_model { - const char *name; - int (*playback_constraints)(struct snd_pcm_runtime *runtime); -@@ -137,7 +140,6 @@ struct snd_dummy { - int iobox; - struct snd_kcontrol *cd_volume_ctl; - struct snd_kcontrol *cd_switch_ctl; -- const struct dummy_timer_ops *timer_ops; - }; - - /* -@@ -231,6 +233,8 @@ static struct dummy_model *dummy_models[] = { - */ - - struct dummy_systimer_pcm { -+ /* ops must be the first item */ -+ const struct dummy_timer_ops *timer_ops; - spinlock_t lock; - struct timer_list timer; - unsigned long base_time; -@@ -366,6 +370,8 @@ static struct dummy_timer_ops dummy_systimer_ops = { - */ - - struct dummy_hrtimer_pcm { -+ /* ops must be the first item */ -+ const struct dummy_timer_ops *timer_ops; - ktime_t base_time; - ktime_t period_time; - atomic_t running; -@@ -492,31 +498,25 @@ static struct dummy_timer_ops dummy_hrtimer_ops = { - - static int dummy_pcm_trigger(struct snd_pcm_substream *substream, int cmd) - { -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream); -- - switch (cmd) { - case SNDRV_PCM_TRIGGER_START: - case SNDRV_PCM_TRIGGER_RESUME: -- return dummy->timer_ops->start(substream); -+ return get_dummy_ops(substream)->start(substream); - case SNDRV_PCM_TRIGGER_STOP: - case SNDRV_PCM_TRIGGER_SUSPEND: -- return dummy->timer_ops->stop(substream); -+ return get_dummy_ops(substream)->stop(substream); - } - return -EINVAL; - } - - static int dummy_pcm_prepare(struct snd_pcm_substream *substream) - { -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream); -- -- return dummy->timer_ops->prepare(substream); -+ return get_dummy_ops(substream)->prepare(substream); - } - - static snd_pcm_uframes_t dummy_pcm_pointer(struct snd_pcm_substream *substream) - { -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream); -- -- return dummy->timer_ops->pointer(substream); -+ return get_dummy_ops(substream)->pointer(substream); - } - - static struct snd_pcm_hardware dummy_pcm_hardware = { -@@ -562,17 +562,19 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream) - struct snd_dummy *dummy = snd_pcm_substream_chip(substream); - struct dummy_model *model = dummy->model; - struct snd_pcm_runtime *runtime = substream->runtime; -+ const struct dummy_timer_ops *ops; - int err; - -- dummy->timer_ops = &dummy_systimer_ops; -+ ops = &dummy_systimer_ops; - #ifdef CONFIG_HIGH_RES_TIMERS - if (hrtimer) -- dummy->timer_ops = &dummy_hrtimer_ops; -+ ops = &dummy_hrtimer_ops; - #endif - -- err = dummy->timer_ops->create(substream); -+ err = ops->create(substream); - if (err < 0) - return err; -+ get_dummy_ops(substream) = ops; - - runtime->hw = dummy->pcm_hw; - if (substream->pcm->device & 1) { -@@ -594,7 +596,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream) - err = model->capture_constraints(substream->runtime); - } - if (err < 0) { -- dummy->timer_ops->free(substream); -+ get_dummy_ops(substream)->free(substream); - return err; - } - return 0; -@@ -602,8 +604,7 @@ static int dummy_pcm_open(struct snd_pcm_substream *substream) - - static int dummy_pcm_close(struct snd_pcm_substream *substream) - { -- struct snd_dummy *dummy = snd_pcm_substream_chip(substream); -- dummy->timer_ops->free(substream); -+ get_dummy_ops(substream)->free(substream); - return 0; - } - -diff --git a/sound/firewire/bebob/bebob_stream.c b/sound/firewire/bebob/bebob_stream.c -index 926e5dc..5022c9b 100644 ---- a/sound/firewire/bebob/bebob_stream.c -+++ b/sound/firewire/bebob/bebob_stream.c -@@ -47,14 +47,16 @@ static const unsigned int bridgeco_freq_table[] = { - [6] = 0x07, - }; - --static unsigned int --get_formation_index(unsigned int rate) -+static int -+get_formation_index(unsigned int rate, unsigned int *index) - { - unsigned int i; - - for (i = 0; i < ARRAY_SIZE(snd_bebob_rate_table); i++) { -- if (snd_bebob_rate_table[i] == rate) -- return i; -+ if (snd_bebob_rate_table[i] == rate) { -+ *index = i; -+ return 0; -+ } - } - return -EINVAL; - } -@@ -425,7 +427,9 @@ make_both_connections(struct snd_bebob *bebob, unsigned int rate) - goto end; - - /* confirm params for both streams */ -- index = get_formation_index(rate); -+ err = get_formation_index(rate, &index); -+ if (err < 0) -+ goto end; - pcm_channels = bebob->tx_stream_formations[index].pcm; - midi_channels = bebob->tx_stream_formations[index].midi; - err = amdtp_am824_set_parameters(&bebob->tx_stream, rate, -diff --git a/sound/isa/Kconfig b/sound/isa/Kconfig -index 0216475..37adcc6 100644 ---- a/sound/isa/Kconfig -+++ b/sound/isa/Kconfig -@@ -3,6 +3,7 @@ - config SND_WSS_LIB - tristate - select SND_PCM -+ select SND_TIMER - - config SND_SB_COMMON - tristate -@@ -42,6 +43,7 @@ config SND_AD1816A - select SND_OPL3_LIB - select SND_MPU401_UART - select SND_PCM -+ select SND_TIMER - help - Say Y here to include support for Analog Devices SoundPort - AD1816A or compatible sound chips. -@@ -209,6 +211,7 @@ config SND_GUSCLASSIC - tristate "Gravis UltraSound Classic" - select SND_RAWMIDI - select SND_PCM -+ select SND_TIMER - help - Say Y here to include support for Gravis UltraSound Classic - soundcards. -@@ -221,6 +224,7 @@ config SND_GUSEXTREME - select SND_OPL3_LIB - select SND_MPU401_UART - select SND_PCM -+ select SND_TIMER - help - Say Y here to include support for Gravis UltraSound Extreme - soundcards. -diff --git a/sound/pci/Kconfig b/sound/pci/Kconfig -index 656ce39..8f6594a 100644 ---- a/sound/pci/Kconfig -+++ b/sound/pci/Kconfig -@@ -155,6 +155,7 @@ config SND_AZT3328 - select SND_PCM - select SND_RAWMIDI - select SND_AC97_CODEC -+ select SND_TIMER - depends on ZONE_DMA - help - Say Y here to include support for Aztech AZF3328 (PCI168) -@@ -463,6 +464,7 @@ config SND_EMU10K1 - select SND_HWDEP - select SND_RAWMIDI - select SND_AC97_CODEC -+ select SND_TIMER - depends on ZONE_DMA - help - Say Y to include support for Sound Blaster PCI 512, Live!, -@@ -889,6 +891,7 @@ config SND_YMFPCI - select SND_OPL3_LIB - select SND_MPU401_UART - select SND_AC97_CODEC -+ select SND_TIMER - help - Say Y here to include support for Yamaha PCI audio chips - - YMF724, YMF724F, YMF740, YMF740C, YMF744, YMF754. -diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c -index c6e8a65..5c4fa8e 100644 ---- a/sound/pci/hda/hda_generic.c -+++ b/sound/pci/hda/hda_generic.c -@@ -771,9 +771,6 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir, - unsigned int caps; - unsigned int mask, val; - -- if (!enable && is_active_nid(codec, nid, dir, idx_to_check)) -- return; -- - caps = query_amp_caps(codec, nid, dir); - val = get_amp_val_to_activate(codec, nid, dir, caps, enable); - mask = get_amp_mask_to_modify(codec, nid, dir, idx_to_check, caps); -@@ -784,12 +781,22 @@ static void activate_amp(struct hda_codec *codec, hda_nid_t nid, int dir, - update_amp(codec, nid, dir, idx, mask, val); - } - -+static void check_and_activate_amp(struct hda_codec *codec, hda_nid_t nid, -+ int dir, int idx, int idx_to_check, -+ bool enable) -+{ -+ /* check whether the given amp is still used by others */ -+ if (!enable && is_active_nid(codec, nid, dir, idx_to_check)) -+ return; -+ activate_amp(codec, nid, dir, idx, idx_to_check, enable); -+} -+ - static void activate_amp_out(struct hda_codec *codec, struct nid_path *path, - int i, bool enable) - { - hda_nid_t nid = path->path[i]; - init_amp(codec, nid, HDA_OUTPUT, 0); -- activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable); -+ check_and_activate_amp(codec, nid, HDA_OUTPUT, 0, 0, enable); - } - - static void activate_amp_in(struct hda_codec *codec, struct nid_path *path, -@@ -817,9 +824,16 @@ static void activate_amp_in(struct hda_codec *codec, struct nid_path *path, - * when aa-mixer is available, we need to enable the path as well - */ - for (n = 0; n < nums; n++) { -- if (n != idx && (!add_aamix || conn[n] != spec->mixer_merge_nid)) -- continue; -- activate_amp(codec, nid, HDA_INPUT, n, idx, enable); -+ if (n != idx) { -+ if (conn[n] != spec->mixer_merge_nid) -+ continue; -+ /* when aamix is disabled, force to off */ -+ if (!add_aamix) { -+ activate_amp(codec, nid, HDA_INPUT, n, n, false); -+ continue; -+ } -+ } -+ check_and_activate_amp(codec, nid, HDA_INPUT, n, idx, enable); - } - } - -@@ -1580,6 +1594,12 @@ static bool map_singles(struct hda_codec *codec, int outs, - return found; - } - -+static inline bool has_aamix_out_paths(struct hda_gen_spec *spec) -+{ -+ return spec->aamix_out_paths[0] || spec->aamix_out_paths[1] || -+ spec->aamix_out_paths[2]; -+} -+ - /* create a new path including aamix if available, and return its index */ - static int check_aamix_out_path(struct hda_codec *codec, int path_idx) - { -@@ -2422,25 +2442,51 @@ static void update_aamix_paths(struct hda_codec *codec, bool do_mix, - } - } - -+/* re-initialize the output paths; only called from loopback_mixing_put() */ -+static void update_output_paths(struct hda_codec *codec, int num_outs, -+ const int *paths) -+{ -+ struct hda_gen_spec *spec = codec->spec; -+ struct nid_path *path; -+ int i; -+ -+ for (i = 0; i < num_outs; i++) { -+ path = snd_hda_get_path_from_idx(codec, paths[i]); -+ if (path) -+ snd_hda_activate_path(codec, path, path->active, -+ spec->aamix_mode); -+ } -+} -+ - static int loopback_mixing_put(struct snd_kcontrol *kcontrol, - struct snd_ctl_elem_value *ucontrol) - { - struct hda_codec *codec = snd_kcontrol_chip(kcontrol); - struct hda_gen_spec *spec = codec->spec; -+ const struct auto_pin_cfg *cfg = &spec->autocfg; - unsigned int val = ucontrol->value.enumerated.item[0]; - - if (val == spec->aamix_mode) - return 0; - spec->aamix_mode = val; -- update_aamix_paths(codec, val, spec->out_paths[0], -- spec->aamix_out_paths[0], -- spec->autocfg.line_out_type); -- update_aamix_paths(codec, val, spec->hp_paths[0], -- spec->aamix_out_paths[1], -- AUTO_PIN_HP_OUT); -- update_aamix_paths(codec, val, spec->speaker_paths[0], -- spec->aamix_out_paths[2], -- AUTO_PIN_SPEAKER_OUT); -+ if (has_aamix_out_paths(spec)) { -+ update_aamix_paths(codec, val, spec->out_paths[0], -+ spec->aamix_out_paths[0], -+ cfg->line_out_type); -+ update_aamix_paths(codec, val, spec->hp_paths[0], -+ spec->aamix_out_paths[1], -+ AUTO_PIN_HP_OUT); -+ update_aamix_paths(codec, val, spec->speaker_paths[0], -+ spec->aamix_out_paths[2], -+ AUTO_PIN_SPEAKER_OUT); -+ } else { -+ update_output_paths(codec, cfg->line_outs, spec->out_paths); -+ if (cfg->line_out_type != AUTO_PIN_HP_OUT) -+ update_output_paths(codec, cfg->hp_outs, spec->hp_paths); -+ if (cfg->line_out_type != AUTO_PIN_SPEAKER_OUT) -+ update_output_paths(codec, cfg->speaker_outs, -+ spec->speaker_paths); -+ } - return 1; - } - -@@ -2458,12 +2504,13 @@ static int create_loopback_mixing_ctl(struct hda_codec *codec) - - if (!spec->mixer_nid) - return 0; -- if (!(spec->aamix_out_paths[0] || spec->aamix_out_paths[1] || -- spec->aamix_out_paths[2])) -- return 0; - if (!snd_hda_gen_add_kctl(spec, NULL, &loopback_mixing_enum)) - return -ENOMEM; - spec->have_aamix_ctl = 1; -+ /* if no explicit aamix path is present (e.g. for Realtek codecs), -+ * enable aamix as default -- just for compatibility -+ */ -+ spec->aamix_mode = !has_aamix_out_paths(spec); - return 0; - } - -@@ -3998,9 +4045,9 @@ static void pin_power_callback(struct hda_codec *codec, - struct hda_jack_callback *jack, - bool on) - { -- if (jack && jack->tbl->nid) -+ if (jack && jack->nid) - sync_power_state_change(codec, -- set_pin_power_jack(codec, jack->tbl->nid, on)); -+ set_pin_power_jack(codec, jack->nid, on)); - } - - /* callback only doing power up -- called at first */ -@@ -5664,6 +5711,8 @@ static void init_aamix_paths(struct hda_codec *codec) - - if (!spec->have_aamix_ctl) - return; -+ if (!has_aamix_out_paths(spec)) -+ return; - update_aamix_paths(codec, spec->aamix_mode, spec->out_paths[0], - spec->aamix_out_paths[0], - spec->autocfg.line_out_type); -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c -index 614baff..02a86ba 100644 ---- a/sound/pci/hda/hda_intel.c -+++ b/sound/pci/hda/hda_intel.c -@@ -90,6 +90,8 @@ enum { - #define NVIDIA_HDA_ENABLE_COHBIT 0x01 - - /* Defines for Intel SCH HDA snoop control */ -+#define INTEL_HDA_CGCTL 0x48 -+#define INTEL_HDA_CGCTL_MISCBDCGE (0x1 << 6) - #define INTEL_SCH_HDA_DEVC 0x78 - #define INTEL_SCH_HDA_DEVC_NOSNOOP (0x1<<11) - -@@ -528,10 +530,21 @@ static void hda_intel_init_chip(struct azx *chip, bool full_reset) - { - struct hdac_bus *bus = azx_bus(chip); - struct pci_dev *pci = chip->pci; -+ u32 val; - - if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL) - snd_hdac_set_codec_wakeup(bus, true); -+ if (IS_BROXTON(pci)) { -+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val); -+ val = val & ~INTEL_HDA_CGCTL_MISCBDCGE; -+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val); -+ } - azx_init_chip(chip, full_reset); -+ if (IS_BROXTON(pci)) { -+ pci_read_config_dword(pci, INTEL_HDA_CGCTL, &val); -+ val = val | INTEL_HDA_CGCTL_MISCBDCGE; -+ pci_write_config_dword(pci, INTEL_HDA_CGCTL, val); -+ } - if (chip->driver_caps & AZX_DCAPS_I915_POWERWELL) - snd_hdac_set_codec_wakeup(bus, false); - -diff --git a/sound/pci/hda/hda_jack.c b/sound/pci/hda/hda_jack.c -index c945e25..a33234e 100644 ---- a/sound/pci/hda/hda_jack.c -+++ b/sound/pci/hda/hda_jack.c -@@ -259,7 +259,7 @@ snd_hda_jack_detect_enable_callback(struct hda_codec *codec, hda_nid_t nid, - if (!callback) - return ERR_PTR(-ENOMEM); - callback->func = func; -- callback->tbl = jack; -+ callback->nid = jack->nid; - callback->next = jack->callback; - jack->callback = callback; - } -diff --git a/sound/pci/hda/hda_jack.h b/sound/pci/hda/hda_jack.h -index 858708a..e9814c0 100644 ---- a/sound/pci/hda/hda_jack.h -+++ b/sound/pci/hda/hda_jack.h -@@ -21,7 +21,7 @@ struct hda_jack_callback; - typedef void (*hda_jack_callback_fn) (struct hda_codec *, struct hda_jack_callback *); - - struct hda_jack_callback { -- struct hda_jack_tbl *tbl; -+ hda_nid_t nid; - hda_jack_callback_fn func; - unsigned int private_data; /* arbitrary data */ - struct hda_jack_callback *next; -diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c -index 4ef2259..9ceb2bc 100644 ---- a/sound/pci/hda/patch_ca0132.c -+++ b/sound/pci/hda/patch_ca0132.c -@@ -4427,13 +4427,16 @@ static void ca0132_process_dsp_response(struct hda_codec *codec, - static void hp_callback(struct hda_codec *codec, struct hda_jack_callback *cb) - { - struct ca0132_spec *spec = codec->spec; -+ struct hda_jack_tbl *tbl; - - /* Delay enabling the HP amp, to let the mic-detection - * state machine run. - */ - cancel_delayed_work_sync(&spec->unsol_hp_work); - schedule_delayed_work(&spec->unsol_hp_work, msecs_to_jiffies(500)); -- cb->tbl->block_report = 1; -+ tbl = snd_hda_jack_tbl_get(codec, cb->nid); -+ if (tbl) -+ tbl->block_report = 1; - } - - static void amic_callback(struct hda_codec *codec, struct hda_jack_callback *cb) -diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c -index a12ae8a..c1c855a 100644 ---- a/sound/pci/hda/patch_cirrus.c -+++ b/sound/pci/hda/patch_cirrus.c -@@ -614,6 +614,7 @@ enum { - CS4208_MAC_AUTO, - CS4208_MBA6, - CS4208_MBP11, -+ CS4208_MACMINI, - CS4208_GPIO0, - }; - -@@ -621,6 +622,7 @@ static const struct hda_model_fixup cs4208_models[] = { - { .id = CS4208_GPIO0, .name = "gpio0" }, - { .id = CS4208_MBA6, .name = "mba6" }, - { .id = CS4208_MBP11, .name = "mbp11" }, -+ { .id = CS4208_MACMINI, .name = "macmini" }, - {} - }; - -@@ -632,6 +634,7 @@ static const struct snd_pci_quirk cs4208_fixup_tbl[] = { - /* codec SSID matching */ - static const struct snd_pci_quirk cs4208_mac_fixup_tbl[] = { - SND_PCI_QUIRK(0x106b, 0x5e00, "MacBookPro 11,2", CS4208_MBP11), -+ SND_PCI_QUIRK(0x106b, 0x6c00, "MacMini 7,1", CS4208_MACMINI), - SND_PCI_QUIRK(0x106b, 0x7100, "MacBookAir 6,1", CS4208_MBA6), - SND_PCI_QUIRK(0x106b, 0x7200, "MacBookAir 6,2", CS4208_MBA6), - SND_PCI_QUIRK(0x106b, 0x7b00, "MacBookPro 12,1", CS4208_MBP11), -@@ -666,6 +669,24 @@ static void cs4208_fixup_mac(struct hda_codec *codec, - snd_hda_apply_fixup(codec, action); - } - -+/* MacMini 7,1 has the inverted jack detection */ -+static void cs4208_fixup_macmini(struct hda_codec *codec, -+ const struct hda_fixup *fix, int action) -+{ -+ static const struct hda_pintbl pincfgs[] = { -+ { 0x18, 0x00ab9150 }, /* mic (audio-in) jack: disable detect */ -+ { 0x21, 0x004be140 }, /* SPDIF: disable detect */ -+ { } -+ }; -+ -+ if (action == HDA_FIXUP_ACT_PRE_PROBE) { -+ /* HP pin (0x10) has an inverted detection */ -+ codec->inv_jack_detect = 1; -+ /* disable the bogus Mic and SPDIF jack detections */ -+ snd_hda_apply_pincfgs(codec, pincfgs); -+ } -+} -+ - static int cs4208_spdif_sw_put(struct snd_kcontrol *kcontrol, - struct snd_ctl_elem_value *ucontrol) - { -@@ -709,6 +730,12 @@ static const struct hda_fixup cs4208_fixups[] = { - .chained = true, - .chain_id = CS4208_GPIO0, - }, -+ [CS4208_MACMINI] = { -+ .type = HDA_FIXUP_FUNC, -+ .v.func = cs4208_fixup_macmini, -+ .chained = true, -+ .chain_id = CS4208_GPIO0, -+ }, - [CS4208_GPIO0] = { - .type = HDA_FIXUP_FUNC, - .v.func = cs4208_fixup_gpio0, -diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c -index 4b6fb66..70c9456 100644 ---- a/sound/pci/hda/patch_hdmi.c -+++ b/sound/pci/hda/patch_hdmi.c -@@ -438,7 +438,8 @@ static int hdmi_eld_ctl_get(struct snd_kcontrol *kcontrol, - eld = &per_pin->sink_eld; - - mutex_lock(&per_pin->lock); -- if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data)) { -+ if (eld->eld_size > ARRAY_SIZE(ucontrol->value.bytes.data) || -+ eld->eld_size > ELD_MAX_SIZE) { - mutex_unlock(&per_pin->lock); - snd_BUG(); - return -EINVAL; -@@ -1183,7 +1184,7 @@ static void check_presence_and_report(struct hda_codec *codec, hda_nid_t nid) - static void jack_callback(struct hda_codec *codec, - struct hda_jack_callback *jack) - { -- check_presence_and_report(codec, jack->tbl->nid); -+ check_presence_and_report(codec, jack->nid); - } - - static void hdmi_intrinsic_event(struct hda_codec *codec, unsigned int res) -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index 3375324..efd4980 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -282,7 +282,7 @@ static void alc_update_knob_master(struct hda_codec *codec, - uctl = kzalloc(sizeof(*uctl), GFP_KERNEL); - if (!uctl) - return; -- val = snd_hda_codec_read(codec, jack->tbl->nid, 0, -+ val = snd_hda_codec_read(codec, jack->nid, 0, - AC_VERB_GET_VOLUME_KNOB_CONTROL, 0); - val &= HDA_AMP_VOLMASK; - uctl->value.integer.value[0] = val; -@@ -327,6 +327,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec) - case 0x10ec0292: - alc_update_coef_idx(codec, 0x4, 1<<15, 0); - break; -+ case 0x10ec0225: - case 0x10ec0233: - case 0x10ec0255: - case 0x10ec0256: -@@ -900,6 +901,7 @@ static struct alc_codec_rename_pci_table rename_pci_tbl[] = { - { 0x10ec0899, 0x1028, 0, "ALC3861" }, - { 0x10ec0298, 0x1028, 0, "ALC3266" }, - { 0x10ec0256, 0x1028, 0, "ALC3246" }, -+ { 0x10ec0225, 0x1028, 0, "ALC3253" }, - { 0x10ec0670, 0x1025, 0, "ALC669X" }, - { 0x10ec0676, 0x1025, 0, "ALC679X" }, - { 0x10ec0282, 0x1043, 0, "ALC3229" }, -@@ -1785,7 +1787,6 @@ enum { - ALC882_FIXUP_NO_PRIMARY_HP, - ALC887_FIXUP_ASUS_BASS, - ALC887_FIXUP_BASS_CHMAP, -- ALC882_FIXUP_DISABLE_AAMIX, - }; - - static void alc889_fixup_coef(struct hda_codec *codec, -@@ -1947,8 +1948,6 @@ static void alc882_fixup_no_primary_hp(struct hda_codec *codec, - - static void alc_fixup_bass_chmap(struct hda_codec *codec, - const struct hda_fixup *fix, int action); --static void alc_fixup_disable_aamix(struct hda_codec *codec, -- const struct hda_fixup *fix, int action); - - static const struct hda_fixup alc882_fixups[] = { - [ALC882_FIXUP_ABIT_AW9D_MAX] = { -@@ -2186,10 +2185,6 @@ static const struct hda_fixup alc882_fixups[] = { - .type = HDA_FIXUP_FUNC, - .v.func = alc_fixup_bass_chmap, - }, -- [ALC882_FIXUP_DISABLE_AAMIX] = { -- .type = HDA_FIXUP_FUNC, -- .v.func = alc_fixup_disable_aamix, -- }, - }; - - static const struct snd_pci_quirk alc882_fixup_tbl[] = { -@@ -2228,6 +2223,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = { - SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT), - SND_PCI_QUIRK(0x104d, 0x905a, "Sony Vaio Z", ALC882_FIXUP_NO_PRIMARY_HP), - SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP), -+ SND_PCI_QUIRK(0x104d, 0x9044, "Sony VAIO AiO", ALC882_FIXUP_NO_PRIMARY_HP), - - /* All Apple entries are in codec SSIDs */ - SND_PCI_QUIRK(0x106b, 0x00a0, "MacBookPro 3,1", ALC889_FIXUP_MBP_VREF), -@@ -2257,7 +2253,6 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = { - SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD), - SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3), - SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE), -- SND_PCI_QUIRK(0x1458, 0xa182, "Gigabyte Z170X-UD3", ALC882_FIXUP_DISABLE_AAMIX), - SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", ALC882_FIXUP_ABIT_AW9D_MAX), - SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD), - SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD), -@@ -2651,6 +2646,7 @@ enum { - ALC269_TYPE_ALC298, - ALC269_TYPE_ALC255, - ALC269_TYPE_ALC256, -+ ALC269_TYPE_ALC225, - }; - - /* -@@ -2680,6 +2676,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec) - case ALC269_TYPE_ALC298: - case ALC269_TYPE_ALC255: - case ALC269_TYPE_ALC256: -+ case ALC269_TYPE_ALC225: - ssids = alc269_ssids; - break; - default: -@@ -3658,6 +3655,16 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec) - WRITE_COEF(0xb7, 0x802b), - {} - }; -+ static struct coef_fw coef0225[] = { -+ UPDATE_COEF(0x4a, 1<<8, 0), -+ UPDATE_COEFEX(0x57, 0x05, 1<<14, 0), -+ UPDATE_COEF(0x63, 3<<14, 3<<14), -+ UPDATE_COEF(0x4a, 3<<4, 2<<4), -+ UPDATE_COEF(0x4a, 3<<10, 3<<10), -+ UPDATE_COEF(0x45, 0x3f<<10, 0x34<<10), -+ UPDATE_COEF(0x4a, 3<<10, 0), -+ {} -+ }; - - switch (codec->core.vendor_id) { - case 0x10ec0255: -@@ -3682,6 +3689,9 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec) - case 0x10ec0668: - alc_process_coef_fw(codec, coef0668); - break; -+ case 0x10ec0225: -+ alc_process_coef_fw(codec, coef0225); -+ break; - } - codec_dbg(codec, "Headset jack set to unplugged mode.\n"); - } -@@ -3727,6 +3737,13 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin, - UPDATE_COEF(0xc3, 0, 1<<12), - {} - }; -+ static struct coef_fw coef0225[] = { -+ UPDATE_COEFEX(0x57, 0x05, 1<<14, 1<<14), -+ UPDATE_COEF(0x4a, 3<<4, 2<<4), -+ UPDATE_COEF(0x63, 3<<14, 0), -+ {} -+ }; -+ - - switch (codec->core.vendor_id) { - case 0x10ec0255: -@@ -3772,6 +3789,12 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin, - alc_process_coef_fw(codec, coef0688); - snd_hda_set_pin_ctl_cache(codec, mic_pin, PIN_VREF50); - break; -+ case 0x10ec0225: -+ alc_update_coef_idx(codec, 0x45, 0x3f<<10, 0x31<<10); -+ snd_hda_set_pin_ctl_cache(codec, hp_pin, 0); -+ alc_process_coef_fw(codec, coef0225); -+ snd_hda_set_pin_ctl_cache(codec, mic_pin, PIN_VREF50); -+ break; - } - codec_dbg(codec, "Headset jack set to mic-in mode.\n"); - } -@@ -3884,6 +3907,13 @@ static void alc_headset_mode_ctia(struct hda_codec *codec) - WRITE_COEF(0xc3, 0x0000), - {} - }; -+ static struct coef_fw coef0225[] = { -+ UPDATE_COEF(0x45, 0x3f<<10, 0x35<<10), -+ UPDATE_COEF(0x49, 1<<8, 1<<8), -+ UPDATE_COEF(0x4a, 7<<6, 7<<6), -+ UPDATE_COEF(0x4a, 3<<4, 3<<4), -+ {} -+ }; - - switch (codec->core.vendor_id) { - case 0x10ec0255: -@@ -3912,6 +3942,9 @@ static void alc_headset_mode_ctia(struct hda_codec *codec) - case 0x10ec0668: - alc_process_coef_fw(codec, coef0688); - break; -+ case 0x10ec0225: -+ alc_process_coef_fw(codec, coef0225); -+ break; - } - codec_dbg(codec, "Headset jack set to iPhone-style headset mode.\n"); - } -@@ -3955,6 +3988,13 @@ static void alc_headset_mode_omtp(struct hda_codec *codec) - WRITE_COEF(0xc3, 0x0000), - {} - }; -+ static struct coef_fw coef0225[] = { -+ UPDATE_COEF(0x45, 0x3f<<10, 0x39<<10), -+ UPDATE_COEF(0x49, 1<<8, 1<<8), -+ UPDATE_COEF(0x4a, 7<<6, 7<<6), -+ UPDATE_COEF(0x4a, 3<<4, 3<<4), -+ {} -+ }; - - switch (codec->core.vendor_id) { - case 0x10ec0255: -@@ -3983,6 +4023,9 @@ static void alc_headset_mode_omtp(struct hda_codec *codec) - case 0x10ec0668: - alc_process_coef_fw(codec, coef0688); - break; -+ case 0x10ec0225: -+ alc_process_coef_fw(codec, coef0225); -+ break; - } - codec_dbg(codec, "Headset jack set to Nokia-style headset mode.\n"); - } -@@ -4014,6 +4057,11 @@ static void alc_determine_headset_type(struct hda_codec *codec) - WRITE_COEF(0xc3, 0x0c00), - {} - }; -+ static struct coef_fw coef0225[] = { -+ UPDATE_COEF(0x45, 0x3f<<10, 0x34<<10), -+ UPDATE_COEF(0x49, 1<<8, 1<<8), -+ {} -+ }; - - switch (codec->core.vendor_id) { - case 0x10ec0255: -@@ -4058,6 +4106,12 @@ static void alc_determine_headset_type(struct hda_codec *codec) - val = alc_read_coef_idx(codec, 0xbe); - is_ctia = (val & 0x1c02) == 0x1c02; - break; -+ case 0x10ec0225: -+ alc_process_coef_fw(codec, coef0225); -+ msleep(800); -+ val = alc_read_coef_idx(codec, 0x46); -+ is_ctia = (val & 0x00f0) == 0x00f0; -+ break; - } - - codec_dbg(codec, "Headset jack detected iPhone-style headset: %s\n", -@@ -5560,6 +5614,9 @@ static const struct hda_model_fixup alc269_fixup_models[] = { - {.id = ALC292_FIXUP_TPT440, .name = "tpt440"}, - {} - }; -+#define ALC225_STANDARD_PINS \ -+ {0x12, 0xb7a60130}, \ -+ {0x21, 0x04211020} - - #define ALC256_STANDARD_PINS \ - {0x12, 0x90a60140}, \ -@@ -5581,6 +5638,12 @@ static const struct hda_model_fixup alc269_fixup_models[] = { - {0x21, 0x03211020} - - static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { -+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE, -+ ALC225_STANDARD_PINS, -+ {0x14, 0x901701a0}), -+ SND_HDA_PIN_QUIRK(0x10ec0225, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE, -+ ALC225_STANDARD_PINS, -+ {0x14, 0x901701b0}), - SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL2_MIC_NO_PRESENCE, - {0x14, 0x90170110}, - {0x21, 0x02211020}), -@@ -5906,6 +5969,9 @@ static int patch_alc269(struct hda_codec *codec) - spec->gen.mixer_nid = 0; /* ALC256 does not have any loopback mixer path */ - alc_update_coef_idx(codec, 0x36, 1 << 13, 1 << 5); /* Switch pcbeep path to Line in path*/ - break; -+ case 0x10ec0225: -+ spec->codec_variant = ALC269_TYPE_ALC225; -+ break; - } - - if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) { -@@ -6796,6 +6862,7 @@ static int patch_alc680(struct hda_codec *codec) - */ - static const struct hda_device_id snd_hda_id_realtek[] = { - HDA_CODEC_ENTRY(0x10ec0221, "ALC221", patch_alc269), -+ HDA_CODEC_ENTRY(0x10ec0225, "ALC225", patch_alc269), - HDA_CODEC_ENTRY(0x10ec0231, "ALC231", patch_alc269), - HDA_CODEC_ENTRY(0x10ec0233, "ALC233", patch_alc269), - HDA_CODEC_ENTRY(0x10ec0235, "ALC233", patch_alc269), -diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c -index 2c7c5eb..37b70f8 100644 ---- a/sound/pci/hda/patch_sigmatel.c -+++ b/sound/pci/hda/patch_sigmatel.c -@@ -493,9 +493,9 @@ static void jack_update_power(struct hda_codec *codec, - if (!spec->num_pwrs) - return; - -- if (jack && jack->tbl->nid) { -- stac_toggle_power_map(codec, jack->tbl->nid, -- snd_hda_jack_detect(codec, jack->tbl->nid), -+ if (jack && jack->nid) { -+ stac_toggle_power_map(codec, jack->nid, -+ snd_hda_jack_detect(codec, jack->nid), - true); - return; - } -diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c -index 3e3c7f6..b74840b 100644 ---- a/sound/soc/codecs/rt5645.c -+++ b/sound/soc/codecs/rt5645.c -@@ -621,7 +621,7 @@ static const struct snd_kcontrol_new rt5645_snd_controls[] = { - - /* IN1/IN2 Control */ - SOC_SINGLE_TLV("IN1 Boost", RT5645_IN1_CTRL1, -- RT5645_BST_SFT1, 8, 0, bst_tlv), -+ RT5645_BST_SFT1, 12, 0, bst_tlv), - SOC_SINGLE_TLV("IN2 Boost", RT5645_IN2_CTRL, - RT5645_BST_SFT2, 8, 0, bst_tlv), - -diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c -index c86dc96..65b936e 100644 ---- a/sound/soc/soc-pcm.c -+++ b/sound/soc/soc-pcm.c -@@ -1743,7 +1743,8 @@ int dpcm_be_dai_hw_free(struct snd_soc_pcm_runtime *fe, int stream) - (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PREPARE) && - (be->dpcm[stream].state != SND_SOC_DPCM_STATE_HW_FREE) && - (be->dpcm[stream].state != SND_SOC_DPCM_STATE_PAUSED) && -- (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP)) -+ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_STOP) && -+ (be->dpcm[stream].state != SND_SOC_DPCM_STATE_SUSPEND)) - continue; - - dev_dbg(be->dev, "ASoC: hw_free BE %s\n", -diff --git a/sound/sparc/Kconfig b/sound/sparc/Kconfig -index d75deba..dfcd386 100644 ---- a/sound/sparc/Kconfig -+++ b/sound/sparc/Kconfig -@@ -22,6 +22,7 @@ config SND_SUN_AMD7930 - config SND_SUN_CS4231 - tristate "Sun CS4231" - select SND_PCM -+ select SND_TIMER - help - Say Y here to include support for CS4231 sound device on Sun. - -diff --git a/sound/usb/midi.c b/sound/usb/midi.c -index 5b4c58c..b21b766 100644 ---- a/sound/usb/midi.c -+++ b/sound/usb/midi.c -@@ -2454,7 +2454,6 @@ int snd_usbmidi_create(struct snd_card *card, - else - err = snd_usbmidi_create_endpoints(umidi, endpoints); - if (err < 0) { -- snd_usbmidi_free(umidi); - return err; - } - -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c -index 23ea6d8..4f6ce1c 100644 ---- a/sound/usb/quirks.c -+++ b/sound/usb/quirks.c -@@ -1121,6 +1121,7 @@ bool snd_usb_get_sample_rate_quirk(struct snd_usb_audio *chip) - switch (chip->usb_id) { - case USB_ID(0x045E, 0x075D): /* MS Lifecam Cinema */ - case USB_ID(0x045E, 0x076D): /* MS Lifecam HD-5000 */ -+ case USB_ID(0x045E, 0x076F): /* MS Lifecam HD-6000 */ - case USB_ID(0x045E, 0x0772): /* MS Lifecam Studio */ - case USB_ID(0x045E, 0x0779): /* MS Lifecam HD-3000 */ - case USB_ID(0x04D8, 0xFEEA): /* Benchmark DAC1 Pre */ -@@ -1205,8 +1206,12 @@ void snd_usb_set_interface_quirk(struct usb_device *dev) - * "Playback Design" products need a 50ms delay after setting the - * USB interface. - */ -- if (le16_to_cpu(dev->descriptor.idVendor) == 0x23ba) -+ switch (le16_to_cpu(dev->descriptor.idVendor)) { -+ case 0x23ba: /* Playback Design */ -+ case 0x0644: /* TEAC Corp. */ - mdelay(50); -+ break; -+ } - } - - void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe, -@@ -1221,6 +1226,14 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe, - (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) - mdelay(20); - -+ /* -+ * "TEAC Corp." products need a 20ms delay after each -+ * class compliant request -+ */ -+ if ((le16_to_cpu(dev->descriptor.idVendor) == 0x0644) && -+ (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) -+ mdelay(20); -+ - /* Marantz/Denon devices with USB DAC functionality need a delay - * after each class compliant request - */ -@@ -1269,7 +1282,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip, - case USB_ID(0x20b1, 0x3008): /* iFi Audio micro/nano iDSD */ - case USB_ID(0x20b1, 0x2008): /* Matrix Audio X-Sabre */ - case USB_ID(0x20b1, 0x300a): /* Matrix Audio Mini-i Pro */ -- case USB_ID(0x22d8, 0x0416): /* OPPO HA-1*/ -+ case USB_ID(0x22d9, 0x0416): /* OPPO HA-1 */ - if (fp->altsetting == 2) - return SNDRV_PCM_FMTBIT_DSD_U32_BE; - break; -@@ -1278,6 +1291,7 @@ u64 snd_usb_interface_dsd_format_quirks(struct snd_usb_audio *chip, - case USB_ID(0x20b1, 0x2009): /* DIYINHK DSD DXD 384kHz USB to I2S/DSD */ - case USB_ID(0x20b1, 0x2023): /* JLsounds I2SoverUSB */ - case USB_ID(0x20b1, 0x3023): /* Aune X1S 32BIT/384 DSD DAC */ -+ case USB_ID(0x2616, 0x0106): /* PS Audio NuWave DAC */ - if (fp->altsetting == 3) - return SNDRV_PCM_FMTBIT_DSD_U32_BE; - break; diff --git a/4.4.2/0000_README b/4.4.3/0000_README index 780df77..25f9ab4 100644 --- a/4.4.2/0000_README +++ b/4.4.3/0000_README @@ -2,11 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1001_linux-4.4.2.patch -From: http://www.kernel.org -Desc: Linux 4.4.2 - -Patch: 4420_grsecurity-3.1-4.4.2-201602182048.patch +Patch: 4420_grsecurity-3.1-4.4.3-201602282149.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch b/4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch index 0157b77..fcd8074 100644 --- a/4.4.2/4420_grsecurity-3.1-4.4.2-201602182048.patch +++ b/4.4.3/4420_grsecurity-3.1-4.4.3-201602282149.patch @@ -449,7 +449,7 @@ index af70d15..ccd3786 100644 A toggle value indicating if modules are allowed to be loaded diff --git a/Makefile b/Makefile -index e7a2958..730b429 100644 +index 802be10..383fd5d 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4748,7 +4748,7 @@ index b2ede967..865eed5 100644 #define user_addr_max get_fs diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c -index 7963aa4..15dd03d 100644 +index 354144e..f8c556b 100644 --- a/arch/arm64/mm/dma-mapping.c +++ b/arch/arm64/mm/dma-mapping.c @@ -132,7 +132,7 @@ static void __dma_free_coherent(struct device *dev, size_t size, @@ -20263,7 +20263,7 @@ index e6844df..432b56e 100644 #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h -index a471cad..d1e3128 100644 +index 79c9185..d1e3128 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -85,8 +85,10 @@ @@ -20342,30 +20342,7 @@ index a471cad..d1e3128 100644 static inline pmdval_t native_pmd_val(pmd_t pmd) { return native_pgd_val(pmd.pud.pgd); -@@ -363,20 +374,18 @@ static inline enum page_cache_mode pgprot2cachemode(pgprot_t pgprot) - } - static inline pgprot_t pgprot_4k_2_large(pgprot_t pgprot) - { -+ pgprotval_t val = pgprot_val(pgprot); - pgprot_t new; -- unsigned long val; - -- val = pgprot_val(pgprot); - pgprot_val(new) = (val & ~(_PAGE_PAT | _PAGE_PAT_LARGE)) | - ((val & _PAGE_PAT) << (_PAGE_BIT_PAT_LARGE - _PAGE_BIT_PAT)); - return new; - } - static inline pgprot_t pgprot_large_2_4k(pgprot_t pgprot) - { -+ pgprotval_t val = pgprot_val(pgprot); - pgprot_t new; -- unsigned long val; - -- val = pgprot_val(pgprot); - pgprot_val(new) = (val & ~(_PAGE_PAT | _PAGE_PAT_LARGE)) | - ((val & _PAGE_PAT_LARGE) >> - (_PAGE_BIT_PAT_LARGE - _PAGE_BIT_PAT)); -@@ -388,7 +397,6 @@ typedef struct page *pgtable_t; +@@ -386,7 +397,6 @@ typedef struct page *pgtable_t; extern pteval_t __supported_pte_mask; extern void set_nx(void); @@ -30797,7 +30774,7 @@ index 009f982..9b3db5e 100644 ret ENDPROC(copy_page_regs) diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S -index 982ce34..8e14731 100644 +index 27f89c7..7ae1e8e 100644 --- a/arch/x86/lib/copy_user_64.S +++ b/arch/x86/lib/copy_user_64.S @@ -14,50 +14,7 @@ @@ -30902,8 +30879,8 @@ index 982ce34..8e14731 100644 ret .section .fixup,"ax" -@@ -235,6 +201,16 @@ ENDPROC(copy_user_enhanced_fast_string) - * This will force destination/source out of cache for more performance. +@@ -240,6 +206,16 @@ ENDPROC(copy_user_enhanced_fast_string) + * - Require 4-byte alignment when size is 4 bytes. */ ENTRY(__copy_user_nocache) + @@ -30917,11 +30894,11 @@ index 982ce34..8e14731 100644 + + ASM_PAX_OPEN_USERLAND ASM_STAC - cmpl $8,%edx - jb 20f /* less then 8 bytes, go to byte copy loop */ -@@ -284,7 +260,9 @@ ENTRY(__copy_user_nocache) - jnz 21b - 23: xorl %eax,%eax + + /* If size is less than 8 bytes, go to 4-byte copy */ +@@ -335,7 +311,9 @@ ENTRY(__copy_user_nocache) + .L_finish_copy: + xorl %eax,%eax ASM_CLAC + ASM_PAX_CLOSE_USERLAND sfence @@ -32615,7 +32592,7 @@ index 903ec1e..41b4708 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index eef44d9..79b0e58 100644 +index e830c71..96cfc3d 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -14,6 +14,8 @@ @@ -32755,7 +32732,7 @@ index eef44d9..79b0e58 100644 pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); if (!pmd_k) return -1; -@@ -381,11 +451,25 @@ static noinline int vmalloc_fault(unsigned long address) +@@ -382,11 +452,25 @@ static noinline int vmalloc_fault(unsigned long address) * happen within a race in page table update. In the later * case just flush: */ @@ -32782,7 +32759,7 @@ index eef44d9..79b0e58 100644 if (pgd_none(*pgd)) { set_pgd(pgd, *pgd_ref); arch_flush_lazy_mmu_mode(); -@@ -552,7 +636,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) +@@ -559,7 +643,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) static int is_errata100(struct pt_regs *regs, unsigned long address) { #ifdef CONFIG_X86_64 @@ -32791,7 +32768,7 @@ index eef44d9..79b0e58 100644 return 1; #endif return 0; -@@ -579,9 +663,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) +@@ -586,9 +670,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) } static const char nx_warning[] = KERN_CRIT @@ -32803,7 +32780,7 @@ index eef44d9..79b0e58 100644 static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, -@@ -590,7 +674,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, +@@ -597,7 +681,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, if (!oops_may_print()) return; @@ -32812,7 +32789,7 @@ index eef44d9..79b0e58 100644 unsigned int level; pgd_t *pgd; pte_t *pte; -@@ -601,13 +685,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, +@@ -608,13 +692,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, pte = lookup_address_in_pgd(pgd, address, &level); if (pte && pte_present(*pte) && !pte_exec(*pte)) @@ -32840,7 +32817,7 @@ index eef44d9..79b0e58 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -786,6 +882,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, +@@ -793,6 +889,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, return; } #endif @@ -32863,7 +32840,7 @@ index eef44d9..79b0e58 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -868,7 +980,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -875,7 +987,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -32872,7 +32849,7 @@ index eef44d9..79b0e58 100644 code = BUS_MCEERR_AR; } #endif -@@ -920,6 +1032,107 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -927,6 +1039,107 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -32980,7 +32957,7 @@ index eef44d9..79b0e58 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -1005,6 +1218,9 @@ int show_unhandled_signals = 1; +@@ -1012,6 +1225,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -32990,7 +32967,7 @@ index eef44d9..79b0e58 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1067,6 +1283,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1074,6 +1290,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, tsk = current; mm = tsk->mm; @@ -33013,7 +32990,7 @@ index eef44d9..79b0e58 100644 /* * Detect and handle instructions that would cause a page fault for * both a tracked kernel page and a userspace page. -@@ -1191,6 +1423,11 @@ retry: +@@ -1198,6 +1430,11 @@ retry: might_sleep(); } @@ -33025,7 +33002,7 @@ index eef44d9..79b0e58 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1202,18 +1439,24 @@ retry: +@@ -1209,18 +1446,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -33061,7 +33038,7 @@ index eef44d9..79b0e58 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1333,3 +1576,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1340,3 +1583,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) } NOKPROBE_SYMBOL(trace_do_page_fault); #endif /* CONFIG_TRACING */ @@ -34418,18 +34395,9 @@ index c3b3f65..5bfe5dc 100644 unsigned long uninitialized_var(pfn_align); int i, nid; diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index a3137a4..a2bb098 100644 +index db20ee9..a2bb098 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c -@@ -33,7 +33,7 @@ struct cpa_data { - pgd_t *pgd; - pgprot_t mask_set; - pgprot_t mask_clr; -- int numpages; -+ unsigned long numpages; - int flags; - unsigned long pfn; - unsigned force_split : 1; @@ -259,7 +259,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, */ #ifdef CONFIG_PCI_BIOS @@ -34545,15 +34513,6 @@ index a3137a4..a2bb098 100644 cpa->flags |= CPA_FLUSHTLB; } cpa->numpages = 1; -@@ -1345,7 +1377,7 @@ static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias) - * CPA operation. Either a large page has been - * preserved or a single page update happened. - */ -- BUG_ON(cpa->numpages > numpages); -+ BUG_ON(cpa->numpages > numpages || !cpa->numpages); - numpages -= cpa->numpages; - if (cpa->flags & (CPA_PAGES_ARRAY | CPA_ARRAY)) - cpa->curpage++; diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c index 188e3e0..5c75446 100644 --- a/arch/x86/mm/pat.c @@ -46454,7 +46413,7 @@ index b9094e9..a4885c6 100644 This option enables code in the AMD IOMMU driver to collect various statistics about whats happening in the driver and exports that diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c -index 8b2be1e..907a80f 100644 +index fc836f5..9802f00 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -695,11 +695,21 @@ static void copy_cmd_to_buffer(struct amd_iommu *iommu, @@ -49160,7 +49119,7 @@ index 42cd270..b8ebb97 100644 const struct mxr_format **fmt_array; /** size of format array */ diff --git a/drivers/media/platform/s5p-tv/mixer_grp_layer.c b/drivers/media/platform/s5p-tv/mixer_grp_layer.c -index db3163b..d7a6b4d 100644 +index db3163b2..d7a6b4d 100644 --- a/drivers/media/platform/s5p-tv/mixer_grp_layer.c +++ b/drivers/media/platform/s5p-tv/mixer_grp_layer.c @@ -235,7 +235,7 @@ struct mxr_layer *mxr_graph_layer_create(struct mxr_device *mdev, int idx) @@ -56751,7 +56710,7 @@ index dd8ad2a..5c5a30c 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c -index 21930c9..51a9e18 100644 +index c8115b4..c31cd19 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -813,7 +813,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ @@ -56866,7 +56825,7 @@ index e3cd3ec..00560ec 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 4e08d1cd..bd76e1b 100644 +index 84fa4c4..8333258 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -112,7 +112,7 @@ static int sd_resume(struct device *); @@ -56897,7 +56856,7 @@ index 4e08d1cd..bd76e1b 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 503ab8b..fee54a1 100644 +index 5e82067..8f7c2cc 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1089,7 +1089,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -56910,7 +56869,7 @@ index 503ab8b..fee54a1 100644 return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c -index 8bd54a6..58fa0d6 100644 +index 64c8674..0c13069 100644 --- a/drivers/scsi/sr.c +++ b/drivers/scsi/sr.c @@ -80,7 +80,7 @@ static DEFINE_MUTEX(sr_mutex); @@ -56922,7 +56881,7 @@ index 8bd54a6..58fa0d6 100644 static int sr_runtime_suspend(struct device *dev); static struct dev_pm_ops sr_pm_ops = { -@@ -312,13 +312,13 @@ do_tur: +@@ -315,13 +315,13 @@ do_tur: * It will be notified on the end of a SCSI read / write, and will take one * of several actions based on success or failure. */ @@ -56941,7 +56900,7 @@ index 8bd54a6..58fa0d6 100644 struct scsi_cd *cd = scsi_cd(SCpnt->request->rq_disk); #ifdef DEBUG -@@ -351,9 +351,12 @@ static int sr_done(struct scsi_cmnd *SCpnt) +@@ -354,9 +354,12 @@ static int sr_done(struct scsi_cmnd *SCpnt) if (cd->device->sector_size == 2048) error_sector <<= 2; error_sector &= ~(block_sectors - 1); @@ -58262,10 +58221,10 @@ index cf000b3..63baffa 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index a45660f..8aca6ee 100644 +index 78e9836..021d40e 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -860,8 +860,10 @@ static void __init unix98_pty_init(void) +@@ -879,8 +879,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -59873,10 +59832,10 @@ index c2d6520..04853a9 100644 /* Device for a quirk */ #define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73 diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c -index dca0a46..f07e636 100644 +index 776d59c..ae87b88 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c -@@ -4851,7 +4851,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) +@@ -4853,7 +4853,7 @@ int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks) int retval; /* Accept arbitrarily long scatter-gather lists */ @@ -60217,7 +60176,7 @@ index c42ce2f..4c8bc59 100644 "PCI", "PRO AGP", diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c -index f34ed47..026367f 100644 +index f34ed47f..026367f 100644 --- a/drivers/video/fbdev/aty/atyfb_base.c +++ b/drivers/video/fbdev/aty/atyfb_base.c @@ -1335,10 +1335,14 @@ static int atyfb_set_par(struct fb_info *info) @@ -77285,7 +77244,7 @@ index 35489e7..fac96ff 100644 /* No matter the commit succeeds or not*/ int log_transid_committed; diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c -index e0941fb..a8126a4 100644 +index 02b934d..a8126a4 100644 --- a/fs/btrfs/delayed-inode.c +++ b/fs/btrfs/delayed-inode.c @@ -462,7 +462,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node, @@ -77315,25 +77274,8 @@ index e0941fb..a8126a4 100644 ret = btrfs_wq_run_delayed_node(delayed_root, fs_info, 0); if (ret) -@@ -1694,7 +1694,7 @@ int btrfs_should_delete_dir_index(struct list_head *del_list, - * - */ - int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, -- struct list_head *ins_list) -+ struct list_head *ins_list, bool *emitted) - { - struct btrfs_dir_item *di; - struct btrfs_delayed_item *curr, *next; -@@ -1738,6 +1738,7 @@ int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, - - if (over) - return 1; -+ *emitted = true; - } - return 0; - } diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h -index f70119f..b7d2bb4 100644 +index 0167853c..b7d2bb4 100644 --- a/fs/btrfs/delayed-inode.h +++ b/fs/btrfs/delayed-inode.h @@ -43,7 +43,7 @@ struct btrfs_delayed_root { @@ -77354,15 +77296,6 @@ index f70119f..b7d2bb4 100644 delayed_root->nodes = 0; spin_lock_init(&delayed_root->lock); init_waitqueue_head(&delayed_root->wait); -@@ -144,7 +144,7 @@ void btrfs_put_delayed_items(struct list_head *ins_list, - int btrfs_should_delete_dir_index(struct list_head *del_list, - u64 index); - int btrfs_readdir_delayed_dir_index(struct dir_context *ctx, -- struct list_head *ins_list); -+ struct list_head *ins_list, bool *emitted); - - /* for init */ - int __init btrfs_delayed_inode_init(void); diff --git a/fs/btrfs/delayed-ref.c b/fs/btrfs/delayed-ref.c index e06dd75a..22221aa 100644 --- a/fs/btrfs/delayed-ref.c @@ -77386,7 +77319,7 @@ index e06dd75a..22221aa 100644 /* first set the basic ref node struct up */ atomic_set(&ref->refs, 1); diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c -index 974be09..87ba00a 100644 +index 0ddca67..ddd9880 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1263,7 +1263,7 @@ static void __setup_root(u32 nodesize, u32 sectorsize, u32 stripesize, @@ -77398,7 +77331,7 @@ index 974be09..87ba00a 100644 atomic_set(&root->orphan_inodes, 0); atomic_set(&root->refs, 1); atomic_set(&root->will_be_snapshoted, 0); -@@ -2565,7 +2565,7 @@ int open_ctree(struct super_block *sb, +@@ -2564,7 +2564,7 @@ int open_ctree(struct super_block *sb, atomic_set(&fs_info->nr_async_bios, 0); atomic_set(&fs_info->defrag_running, 0); atomic_set(&fs_info->qgroup_op_seq, 0); @@ -77455,56 +77388,6 @@ index 0f09526..000f57d 100644 /* * If the last transaction that changed this file was before the current -diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index a70c579..e31fac2 100644 ---- a/fs/btrfs/inode.c -+++ b/fs/btrfs/inode.c -@@ -5741,6 +5741,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) - char *name_ptr; - int name_len; - int is_curr = 0; /* ctx->pos points to the current index? */ -+ bool emitted; - - /* FIXME, use a real flag for deciding about the key type */ - if (root->fs_info->tree_root == root) -@@ -5769,6 +5770,7 @@ static int btrfs_real_readdir(struct file *file, struct dir_context *ctx) - if (ret < 0) - goto err; - -+ emitted = false; - while (1) { - leaf = path->nodes[0]; - slot = path->slots[0]; -@@ -5848,6 +5850,7 @@ skip: - - if (over) - goto nopos; -+ emitted = true; - di_len = btrfs_dir_name_len(leaf, di) + - btrfs_dir_data_len(leaf, di) + sizeof(*di); - di_cur += di_len; -@@ -5860,11 +5863,20 @@ next: - if (key_type == BTRFS_DIR_INDEX_KEY) { - if (is_curr) - ctx->pos++; -- ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list); -+ ret = btrfs_readdir_delayed_dir_index(ctx, &ins_list, &emitted); - if (ret) - goto nopos; - } - -+ /* -+ * If we haven't emitted any dir entry, we must not touch ctx->pos as -+ * it was was set to the termination value in previous call. We assume -+ * that "." and ".." were emitted if we reach this point and set the -+ * termination value as well for an empty directory. -+ */ -+ if (ctx->pos > 2 && !emitted) -+ goto nopos; -+ - /* Reached end of directory/root. Bump pos past the last item. */ - ctx->pos++; - diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c index 1a33d3e..4830234 100644 --- a/fs/btrfs/raid56.c @@ -77781,7 +77664,7 @@ index 6916a78..4598936 100644 static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info, diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c -index a23399e..bfac130 100644 +index 9e08447..e21fee0 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -231,7 +231,7 @@ static struct btrfs_device *__alloc_device(void) @@ -77829,7 +77712,7 @@ index a23399e..bfac130 100644 if (atomic_dec_and_test(&bbio->stripes_pending)) { /* Shoud be the original bio. */ WARN_ON(bio != bbio->orig_bio); -@@ -6768,10 +6768,10 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans, +@@ -6776,10 +6776,10 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans, if (!device->dev_stats_valid || !btrfs_dev_stats_dirty(device)) continue; @@ -78125,7 +78008,7 @@ index f446afa..0ad3b8e 100644 sb->s_bdi = &fsc->backing_dev_info; return err; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index 7febcf2..62a5721 100644 +index 50b2684..aa33a91 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -269,8 +269,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, @@ -79771,7 +79654,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index b06623a..784136d 100644 +index b06623a..d1a8125 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -80062,7 +79945,27 @@ index b06623a..784136d 100644 if (ret) ret = -EFAULT; -@@ -790,8 +866,10 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) +@@ -761,6 +837,7 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) + { + struct file *file; + int err; ++ int unsafe_flags = 0; + struct open_flags open_exec_flags = { + .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, + .acc_mode = MAY_EXEC | MAY_OPEN, +@@ -786,12 +863,22 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) + if (path_noexec(&file->f_path)) + goto exit; + ++ if (current->ptrace && !(current->ptrace & PT_PTRACE_CAP)) ++ unsafe_flags = LSM_UNSAFE_PTRACE; ++ ++ if (gr_ptrace_readexec(file, unsafe_flags)) { ++ err = -EPERM; ++ goto exit; ++ } ++ + err = deny_write_access(file); if (err) goto exit; @@ -80074,7 +79977,7 @@ index b06623a..784136d 100644 out: return file; -@@ -821,10 +899,13 @@ int kernel_read(struct file *file, loff_t offset, +@@ -821,10 +908,13 @@ int kernel_read(struct file *file, loff_t offset, loff_t pos = offset; int result; @@ -80089,7 +79992,7 @@ index b06623a..784136d 100644 set_fs(old_fs); return result; } -@@ -869,6 +950,7 @@ static int exec_mmap(struct mm_struct *mm) +@@ -869,6 +959,7 @@ static int exec_mmap(struct mm_struct *mm) tsk->mm = mm; tsk->active_mm = mm; activate_mm(active_mm, mm); @@ -80097,7 +80000,7 @@ index b06623a..784136d 100644 tsk->mm->vmacache_seqnum = 0; vmacache_flush(tsk); task_unlock(tsk); -@@ -1277,7 +1359,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) +@@ -1277,7 +1368,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -80106,7 +80009,7 @@ index b06623a..784136d 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; else p->fs->in_exec = 1; -@@ -1478,6 +1560,31 @@ static int exec_binprm(struct linux_binprm *bprm) +@@ -1478,6 +1569,31 @@ static int exec_binprm(struct linux_binprm *bprm) return ret; } @@ -80138,7 +80041,7 @@ index b06623a..784136d 100644 /* * sys_execve() executes a new program. */ -@@ -1486,6 +1593,11 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1486,6 +1602,11 @@ static int do_execveat_common(int fd, struct filename *filename, struct user_arg_ptr envp, int flags) { @@ -80150,7 +80053,7 @@ index b06623a..784136d 100644 char *pathbuf = NULL; struct linux_binprm *bprm; struct file *file; -@@ -1495,6 +1607,8 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1495,6 +1616,8 @@ static int do_execveat_common(int fd, struct filename *filename, if (IS_ERR(filename)) return PTR_ERR(filename); @@ -80159,19 +80062,7 @@ index b06623a..784136d 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1532,6 +1646,11 @@ static int do_execveat_common(int fd, struct filename *filename, - if (IS_ERR(file)) - goto out_unmark; - -+ if (gr_ptrace_readexec(file, bprm->unsafe)) { -+ retval = -EPERM; -+ goto out_unmark; -+ } -+ - sched_exec(); - - bprm->file = file; -@@ -1558,6 +1677,11 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1558,6 +1681,11 @@ static int do_execveat_common(int fd, struct filename *filename, } bprm->interp = bprm->filename; @@ -80183,7 +80074,7 @@ index b06623a..784136d 100644 retval = bprm_mm_init(bprm); if (retval) goto out_unmark; -@@ -1574,24 +1698,70 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1574,24 +1702,70 @@ static int do_execveat_common(int fd, struct filename *filename, if (retval < 0) goto out; @@ -80258,7 +80149,7 @@ index b06623a..784136d 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1603,6 +1773,14 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1603,6 +1777,14 @@ static int do_execveat_common(int fd, struct filename *filename, put_files_struct(displaced); return retval; @@ -80273,7 +80164,7 @@ index b06623a..784136d 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1749,3 +1927,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, +@@ -1749,3 +1931,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, argv, envp, flags); } #endif @@ -80663,10 +80554,10 @@ index fa70848..57b36d2 100644 cleanup: brelse(bh); diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index ec0668a..34bccf7 100644 +index fe1f50f..3f4c870 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c -@@ -562,8 +562,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, +@@ -563,8 +563,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, /* Hm, nope. Are (enough) root reserved clusters available? */ if (uid_eq(sbi->s_resuid, current_fsuid()) || (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) || @@ -80842,7 +80733,7 @@ index 61eaf74..01a829b 100644 return 0; diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c -index ad62d7a..b829af6 100644 +index 34038e3..322fe62 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -413,7 +413,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle, @@ -82854,7 +82745,7 @@ index 3a31226..2fffbe9 100644 spin_unlock(&qd->qd_lockref.lock); diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index de4bdfa..1264061 100644 +index 595ebdb..1264061 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -174,6 +174,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, @@ -82894,41 +82785,7 @@ index de4bdfa..1264061 100644 info.high_limit = TASK_SIZE; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; -@@ -463,6 +473,7 @@ hugetlb_vmdelete_list(struct rb_root *root, pgoff_t start, pgoff_t end) - */ - vma_interval_tree_foreach(vma, root, start, end ? end : ULONG_MAX) { - unsigned long v_offset; -+ unsigned long v_end; - - /* - * Can the expression below overflow on 32-bit arches? -@@ -475,15 +486,17 @@ hugetlb_vmdelete_list(struct rb_root *root, pgoff_t start, pgoff_t end) - else - v_offset = 0; - -- if (end) { -- end = ((end - start) << PAGE_SHIFT) + -- vma->vm_start + v_offset; -- if (end > vma->vm_end) -- end = vma->vm_end; -- } else -- end = vma->vm_end; -+ if (!end) -+ v_end = vma->vm_end; -+ else { -+ v_end = ((end - vma->vm_pgoff) << PAGE_SHIFT) -+ + vma->vm_start; -+ if (v_end > vma->vm_end) -+ v_end = vma->vm_end; -+ } - -- unmap_hugepage_range(vma, vma->vm_start + v_offset, end, NULL); -+ unmap_hugepage_range(vma, vma->vm_start + v_offset, v_end, -+ NULL); - } - } - -@@ -1203,7 +1216,7 @@ static struct file_system_type hugetlbfs_fs_type = { +@@ -1206,7 +1216,7 @@ static struct file_system_type hugetlbfs_fs_type = { }; MODULE_ALIAS_FS("hugetlbfs"); @@ -84000,7 +83857,7 @@ index 646cdac..cdfa595 100644 static struct callback_op callback_ops[]; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index c7e8b87..67b19ae 100644 +index 3e2071a..c09f4b6 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -1284,16 +1284,16 @@ static int nfs_check_inode_attributes(struct inode *inode, struct nfs_fattr *fat @@ -84645,10 +84502,10 @@ index b6f1e96..3108eed 100644 } putname(tmp); diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c -index 0a89834..f2690df 100644 +index eff6319..d8a12987 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c -@@ -142,7 +142,7 @@ static char *ovl_read_symlink(struct dentry *realdentry) +@@ -153,7 +153,7 @@ static char *ovl_read_symlink(struct dentry *realdentry) set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ res = inode->i_op->readlink(realdentry, @@ -84658,10 +84515,10 @@ index 0a89834..f2690df 100644 if (res < 0) { free_page((unsigned long) buf); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c -index 4060ffd..2d8b5e8 100644 +index b29036a..dcce79c 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c -@@ -343,6 +343,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) +@@ -356,6 +356,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) if (d_is_dir(dentry)) return d_backing_inode(dentry); @@ -84672,10 +84529,10 @@ index 4060ffd..2d8b5e8 100644 if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) { err = ovl_want_write(dentry); diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c -index e38ee0f..6fc10e4 100644 +index f42c940..e5ae48a 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c -@@ -172,7 +172,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path) +@@ -173,7 +173,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path) { struct ovl_entry *oe = dentry->d_fsdata; @@ -84684,7 +84541,7 @@ index e38ee0f..6fc10e4 100644 } int ovl_want_write(struct dentry *dentry) -@@ -880,8 +880,8 @@ static unsigned int ovl_split_lowerdirs(char *str) +@@ -881,8 +881,8 @@ static unsigned int ovl_split_lowerdirs(char *str) static int ovl_fill_super(struct super_block *sb, void *data, int silent) { @@ -85145,7 +85002,7 @@ index 1ade120..a86f1a2 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index d73291f..ab37ad1 100644 +index b6c00ce..ab37ad1 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -85203,7 +85060,7 @@ index d73291f..ab37ad1 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -393,9 +424,16 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -393,6 +424,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -85216,11 +85073,7 @@ index d73291f..ab37ad1 100644 + state = *get_task_state(task); vsize = eip = esp = 0; -- permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -+ permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT); - mm = get_task_mm(task); - if (mm) { - vsize = task_vsize(mm); + permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT); @@ -463,6 +501,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task_gtime(task); } @@ -85310,7 +85163,7 @@ index d73291f..ab37ad1 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 4bd5d31..3f4c151 100644 +index b7de324..417bafe 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -85353,8 +85206,7 @@ index 4bd5d31..3f4c151 100644 static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -- struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ); -+ struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); + struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); if (mm && !IS_ERR(mm)) { unsigned int nwords = 0; + @@ -85379,25 +85231,18 @@ index 4bd5d31..3f4c151 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -430,7 +459,7 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns, +@@ -430,8 +459,8 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns, wchan = get_wchan(task); -- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ) && !lookup_symbol_name(wchan, symname)) -+ if (wchan && !lookup_symbol_name(wchan, symname) && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) +- if (wchan && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS) +- && !lookup_symbol_name(wchan, symname)) ++ if (wchan && !lookup_symbol_name(wchan, symname) ++ && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) seq_printf(m, "%s", symname); else seq_putc(m, '0'); -@@ -444,7 +473,7 @@ static int lock_trace(struct task_struct *task) - int err = mutex_lock_killable(&task->signal->cred_guard_mutex); - if (err) - return err; -- if (!ptrace_may_access(task, PTRACE_MODE_ATTACH)) { -+ if (!ptrace_may_access(task, PTRACE_MODE_ATTACH_FSCREDS)) { - mutex_unlock(&task->signal->cred_guard_mutex); - return -EPERM; - } -@@ -456,7 +485,7 @@ static void unlock_trace(struct task_struct *task) +@@ -457,7 +486,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -85406,7 +85251,7 @@ index 4bd5d31..3f4c151 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -654,7 +683,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns, +@@ -655,7 +684,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -85415,7 +85260,7 @@ index 4bd5d31..3f4c151 100644 static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -687,7 +716,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, +@@ -688,7 +717,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, /************************************************************************/ /* permission checks */ @@ -85424,11 +85269,11 @@ index 4bd5d31..3f4c151 100644 { struct task_struct *task; int allowed = 0; -@@ -697,7 +726,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -698,7 +727,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { -- allowed = ptrace_may_access(task, PTRACE_MODE_READ); +- allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); + if (log) + allowed = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); + else @@ -85436,7 +85281,7 @@ index 4bd5d31..3f4c151 100644 put_task_struct(task); } return allowed; -@@ -728,11 +760,36 @@ static bool has_pid_permissions(struct pid_namespace *pid, +@@ -729,6 +761,30 @@ static bool has_pid_permissions(struct pid_namespace *pid, struct task_struct *task, int hide_pid_min) { @@ -85467,14 +85312,7 @@ index 4bd5d31..3f4c151 100644 if (pid->hide_pid < hide_pid_min) return true; if (in_group_p(pid->pid_gid)) - return true; -- return ptrace_may_access(task, PTRACE_MODE_READ); -+ -+ return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); - } - - -@@ -749,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask) +@@ -750,7 +806,11 @@ static int proc_pid_permission(struct inode *inode, int mask) put_task_struct(task); if (!has_perms) { @@ -85486,12 +85324,10 @@ index 4bd5d31..3f4c151 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -809,7 +870,11 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) - struct mm_struct *mm = ERR_PTR(-ESRCH); +@@ -811,6 +871,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode) if (task) { -- mm = mm_access(task, mode); -+ mm = mm_access(task, mode | PTRACE_MODE_FSCREDS); + mm = mm_access(task, mode | PTRACE_MODE_FSCREDS); + if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) { + mmput(mm); + mm = ERR_PTR(-EPERM); @@ -85499,7 +85335,7 @@ index 4bd5d31..3f4c151 100644 put_task_struct(task); if (!IS_ERR_OR_NULL(mm)) { -@@ -831,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -832,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) return PTR_ERR(mm); file->private_data = mm; @@ -85511,7 +85347,7 @@ index 4bd5d31..3f4c151 100644 return 0; } -@@ -852,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -853,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -85529,7 +85365,7 @@ index 4bd5d31..3f4c151 100644 if (!mm) return 0; -@@ -864,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -865,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, goto free; while (count > 0) { @@ -85538,7 +85374,7 @@ index 4bd5d31..3f4c151 100644 if (write && copy_from_user(page, buf, this_len)) { copied = -EFAULT; -@@ -956,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -957,6 +1037,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -85552,7 +85388,7 @@ index 4bd5d31..3f4c151 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -965,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -966,7 +1053,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, goto free; while (count > 0) { size_t this_len, max_len; @@ -85561,7 +85397,7 @@ index 4bd5d31..3f4c151 100644 if (src >= (mm->env_end - mm->env_start)) break; -@@ -1571,7 +1659,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie) +@@ -1572,7 +1659,7 @@ static const char *proc_pid_follow_link(struct dentry *dentry, void **cookie) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -85570,7 +85406,7 @@ index 4bd5d31..3f4c151 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1615,8 +1703,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1616,8 +1703,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -85591,7 +85427,7 @@ index 4bd5d31..3f4c151 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1666,7 +1764,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1667,7 +1764,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -85603,7 +85439,7 @@ index 4bd5d31..3f4c151 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1702,10 +1804,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1703,10 +1804,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -85623,7 +85459,7 @@ index 4bd5d31..3f4c151 100644 } } rcu_read_unlock(); -@@ -1743,11 +1854,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1744,11 +1854,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -85644,34 +85480,7 @@ index 4bd5d31..3f4c151 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -1856,7 +1976,7 @@ static int map_files_d_revalidate(struct dentry *dentry, unsigned int flags) - if (!task) - goto out_notask; - -- mm = mm_access(task, PTRACE_MODE_READ); -+ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); - if (IS_ERR_OR_NULL(mm)) - goto out; - -@@ -2007,7 +2127,7 @@ static struct dentry *proc_map_files_lookup(struct inode *dir, - goto out; - - result = -EACCES; -- if (!ptrace_may_access(task, PTRACE_MODE_READ)) -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) - goto out_put_task; - - result = -ENOENT; -@@ -2060,7 +2180,7 @@ proc_map_files_readdir(struct file *file, struct dir_context *ctx) - goto out; - - ret = -EACCES; -- if (!ptrace_may_access(task, PTRACE_MODE_READ)) -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) - goto out_put_task; - - ret = 0; -@@ -2286,6 +2406,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2287,6 +2406,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -85681,7 +85490,7 @@ index 4bd5d31..3f4c151 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2316,6 +2439,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, +@@ -2317,6 +2439,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, if (!task) return -ENOENT; @@ -85691,16 +85500,17 @@ index 4bd5d31..3f4c151 100644 if (!dir_emit_dots(file, ctx)) goto out; -@@ -2530,7 +2656,7 @@ static int do_io_accounting(struct task_struct *task, struct seq_file *m, int wh - if (result) - return result; - -- if (!ptrace_may_access(task, PTRACE_MODE_READ)) { -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) { - result = -EACCES; - goto out_unlock; - } -@@ -2749,7 +2875,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2732,7 +2857,9 @@ static const struct inode_operations proc_task_inode_operations; + static const struct pid_entry tgid_base_stuff[] = { + DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations), + DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations), ++#ifndef CONFIG_GRKERNSEC + DIR("map_files", S_IRUSR|S_IXUSR, proc_map_files_inode_operations, proc_map_files_operations), ++#endif + DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations), + DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations), + #ifdef CONFIG_NET +@@ -2750,7 +2877,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -85709,7 +85519,7 @@ index 4bd5d31..3f4c151 100644 ONE("syscall", S_IRUSR, proc_pid_syscall), #endif REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), -@@ -2774,10 +2900,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2775,10 +2902,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -85722,7 +85532,7 @@ index 4bd5d31..3f4c151 100644 ONE("stack", S_IRUSR, proc_pid_stack), #endif #ifdef CONFIG_SCHED_INFO -@@ -2811,6 +2937,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2812,6 +2939,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL ONE("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -85732,7 +85542,7 @@ index 4bd5d31..3f4c151 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2943,7 +3072,14 @@ static int proc_pid_instantiate(struct inode *dir, +@@ -2944,7 +3074,14 @@ static int proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -85747,7 +85557,7 @@ index 4bd5d31..3f4c151 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2981,7 +3117,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2982,7 +3119,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -85759,7 +85569,7 @@ index 4bd5d31..3f4c151 100644 put_task_struct(task); out: return ERR_PTR(result); -@@ -3095,7 +3235,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3096,7 +3237,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -85768,7 +85578,7 @@ index 4bd5d31..3f4c151 100644 ONE("syscall", S_IRUSR, proc_pid_syscall), #endif REG("cmdline", S_IRUGO, proc_pid_cmdline_ops), -@@ -3122,10 +3262,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3123,10 +3264,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -86166,28 +85976,6 @@ index 9155a5a..abe1823 100644 #endif #ifdef CONFIG_TRANSPARENT_HUGEPAGE , K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) * -diff --git a/fs/proc/namespaces.c b/fs/proc/namespaces.c -index f6e8354..1b0ea4a 100644 ---- a/fs/proc/namespaces.c -+++ b/fs/proc/namespaces.c -@@ -42,7 +42,7 @@ static const char *proc_ns_follow_link(struct dentry *dentry, void **cookie) - if (!task) - return error; - -- if (ptrace_may_access(task, PTRACE_MODE_READ)) { -+ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) { - error = ns_get_path(&ns_path, task, ns_ops); - if (!error) - nd_jump_link(&ns_path); -@@ -63,7 +63,7 @@ static int proc_ns_readlink(struct dentry *dentry, char __user *buffer, int bufl - if (!task) - return res; - -- if (ptrace_may_access(task, PTRACE_MODE_READ)) { -+ if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) { - res = ns_get_name(name, sizeof(name), task, ns_ops); - if (res >= 0) - res = readlink_copy(buffer, buflen, name); diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c index f8595e8..e0d13cbd 100644 --- a/fs/proc/nommu.c @@ -86623,7 +86411,7 @@ index 510413eb..34d9a8c 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 187b3b5..709bb98 100644 +index 09cd3ed..862cbb3 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -14,12 +14,19 @@ @@ -86791,7 +86579,7 @@ index 187b3b5..709bb98 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1517,6 +1568,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1518,6 +1569,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -86805,7 +86593,7 @@ index 187b3b5..709bb98 100644 if (!mm) return 0; -@@ -1531,11 +1589,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1532,11 +1590,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy); } @@ -95397,10 +95185,10 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..21646aa +index 0000000..9c6684d --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,304 @@ +@@ -0,0 +1,291 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <asm/uaccess.h> @@ -95567,19 +95355,6 @@ index 0000000..21646aa + return ret; +} + -+static int -+proc_is_setxid(const struct cred *cred) -+{ -+ if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) || -+ !uid_eq(cred->uid, cred->fsuid)) -+ return 1; -+ if (!gid_eq(cred->gid, cred->egid) || !gid_eq(cred->gid, cred->sgid) || -+ !gid_eq(cred->gid, cred->fsgid)) -+ return 1; -+ -+ return 0; -+} -+ +extern int gr_fake_force_sig(int sig, struct task_struct *t); + +void @@ -95615,7 +95390,7 @@ index 0000000..21646aa + time_after(curr->expires, get_seconds())) { + rcu_read_lock(); + cred = __task_cred(task); -+ if (gr_is_global_nonroot(cred->uid) && proc_is_setxid(cred)) { ++ if (gr_is_global_nonroot(cred->uid) && is_privileged_binary(task->mm->exe_file->f_path.dentry)) { + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max); + spin_lock(&gr_uid_lock); + gr_insert_uid(cred->uid, curr->expires); @@ -97969,7 +97744,7 @@ index 0000000..304c518 +} diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c new file mode 100644 -index 0000000..f50742d +index 0000000..a2b8b8f --- /dev/null +++ b/grsecurity/grsec_sig.c @@ -0,0 +1,245 @@ @@ -98066,7 +97841,8 @@ index 0000000..f50742d + rcu_read_lock(); + read_lock(&tasklist_lock); + read_lock(&grsec_exec_file_lock); -+ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file)) { ++ if (p->real_parent && gr_is_same_file(p->real_parent->exec_file, p->exec_file) && ++ !is_privileged_binary(p->mm->exe_file->f_path.dentry)) { + p->real_parent->brute_expires = get_seconds() + GR_DAEMON_BRUTE_TIME; + p->real_parent->brute = 1; + daemon = 1; @@ -98211,8 +97987,7 @@ index 0000000..f50742d + if (sugid_ban_expired(user)) + return 0; + /* disallow execution of suid/sgid binaries only */ -+ else if (!uid_eq(bprm->cred->euid, current->cred->uid) || -+ !gid_eq(bprm->cred->egid, current->cred->gid)) ++ else if (is_privileged_binary(bprm->file->f_path.dentry)) + return -EPERM; + } +#endif @@ -100375,6 +100150,19 @@ index 8609d57..86e4d79 100644 /* handle uniform packets for scsi type devices (scsi,atapi) */ int (*generic_packet) (struct cdrom_device_info *, struct packet_command *); +diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h +index 06b77f9d..d08b456 100644 +--- a/include/linux/cgroup-defs.h ++++ b/include/linux/cgroup-defs.h +@@ -407,7 +407,7 @@ struct cftype { + #ifdef CONFIG_DEBUG_LOCK_ALLOC + struct lock_class_key lockdep_key; + #endif +-}; ++} __do_const; + + /* + * Control Group subsystem type. diff --git a/include/linux/cleancache.h b/include/linux/cleancache.h index bda5ec0b4..51d8ea1 100644 --- a/include/linux/cleancache.h @@ -100486,7 +100274,7 @@ index 22ab246..bfa81b0 100644 * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 4dac103..0e2c40f 100644 +index 6fc9a6d..8ad4c2b 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,11 +5,14 @@ @@ -102809,6 +102597,48 @@ index bb3f329..9daed55 100644 static inline void zero_user_segments(struct page *page, unsigned start1, unsigned end1, unsigned start2, unsigned end2) +diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h +index 685c262..5d42d36 100644 +--- a/include/linux/hugetlb.h ++++ b/include/linux/hugetlb.h +@@ -317,7 +317,7 @@ struct hstate { + unsigned int surplus_huge_pages_node[MAX_NUMNODES]; + #ifdef CONFIG_CGROUP_HUGETLB + /* cgroup control files */ +- struct cftype cgroup_files[5]; ++ struct cftype (*cgroup_files)[5]; + #endif + char name[HSTATE_NAME_LEN]; + }; +diff --git a/include/linux/hugetlb_cgroup.h b/include/linux/hugetlb_cgroup.h +index 24154c2..43ac947 100644 +--- a/include/linux/hugetlb_cgroup.h ++++ b/include/linux/hugetlb_cgroup.h +@@ -26,6 +26,13 @@ struct hugetlb_cgroup; + + #ifdef CONFIG_CGROUP_HUGETLB + ++enum { ++ RES_USAGE, ++ RES_LIMIT, ++ RES_MAX_USAGE, ++ RES_FAILCNT, ++}; ++ + static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page) + { + VM_BUG_ON_PAGE(!PageHuge(page), page); +@@ -64,6 +71,10 @@ extern void hugetlb_cgroup_file_init(void) __init; + extern void hugetlb_cgroup_migrate(struct page *oldhpage, + struct page *newhpage); + ++ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off); ++ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of, char *buf, size_t nbytes, loff_t off); ++u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css, struct cftype *cft); ++ + #else + static inline struct hugetlb_cgroup *hugetlb_cgroup_from_page(struct page *page) + { diff --git a/include/linux/hwmon-sysfs.h b/include/linux/hwmon-sysfs.h index 1c7b89a..7dda400 100644 --- a/include/linux/hwmon-sysfs.h @@ -104789,41 +104619,6 @@ index 12c4865..2cd7c41 100644 extern struct psci_operations psci_ops; -diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h -index 061265f..504c98a 100644 ---- a/include/linux/ptrace.h -+++ b/include/linux/ptrace.h -@@ -57,7 +57,29 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead); - #define PTRACE_MODE_READ 0x01 - #define PTRACE_MODE_ATTACH 0x02 - #define PTRACE_MODE_NOAUDIT 0x04 --/* Returns true on success, false on denial. */ -+#define PTRACE_MODE_FSCREDS 0x08 -+#define PTRACE_MODE_REALCREDS 0x10 -+ -+/* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */ -+#define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS) -+#define PTRACE_MODE_READ_REALCREDS (PTRACE_MODE_READ | PTRACE_MODE_REALCREDS) -+#define PTRACE_MODE_ATTACH_FSCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_FSCREDS) -+#define PTRACE_MODE_ATTACH_REALCREDS (PTRACE_MODE_ATTACH | PTRACE_MODE_REALCREDS) -+ -+/** -+ * ptrace_may_access - check whether the caller is permitted to access -+ * a target task. -+ * @task: target task -+ * @mode: selects type of access and caller credentials -+ * -+ * Returns true on success, false on denial. -+ * -+ * One of the flags PTRACE_MODE_FSCREDS and PTRACE_MODE_REALCREDS must -+ * be set in @mode to specify whether the access was requested through -+ * a filesystem syscall (should use effective capabilities and fsuid -+ * of the caller) or through an explicit syscall such as -+ * process_vm_writev or ptrace (and should use the real credentials). -+ */ - extern bool ptrace_may_access(struct task_struct *task, unsigned int mode); - - static inline int ptrace_reparented(struct task_struct *child) diff --git a/include/linux/quota.h b/include/linux/quota.h index b2505ac..5f7ab55 100644 --- a/include/linux/quota.h @@ -104837,52 +104632,6 @@ index b2505ac..5f7ab55 100644 extern qid_t from_kqid_munged(struct user_namespace *to, struct kqid qid); extern bool qid_valid(struct kqid qid); -diff --git a/include/linux/radix-tree.h b/include/linux/radix-tree.h -index 33170db..5d5174b 100644 ---- a/include/linux/radix-tree.h -+++ b/include/linux/radix-tree.h -@@ -370,12 +370,28 @@ void **radix_tree_next_chunk(struct radix_tree_root *root, - struct radix_tree_iter *iter, unsigned flags); - - /** -+ * radix_tree_iter_retry - retry this chunk of the iteration -+ * @iter: iterator state -+ * -+ * If we iterate over a tree protected only by the RCU lock, a race -+ * against deletion or creation may result in seeing a slot for which -+ * radix_tree_deref_retry() returns true. If so, call this function -+ * and continue the iteration. -+ */ -+static inline __must_check -+void **radix_tree_iter_retry(struct radix_tree_iter *iter) -+{ -+ iter->next_index = iter->index; -+ return NULL; -+} -+ -+/** - * radix_tree_chunk_size - get current chunk size - * - * @iter: pointer to radix tree iterator - * Returns: current chunk size - */ --static __always_inline unsigned -+static __always_inline long - radix_tree_chunk_size(struct radix_tree_iter *iter) - { - return iter->next_index - iter->index; -@@ -409,9 +425,9 @@ radix_tree_next_slot(void **slot, struct radix_tree_iter *iter, unsigned flags) - return slot + offset + 1; - } - } else { -- unsigned size = radix_tree_chunk_size(iter) - 1; -+ long size = radix_tree_chunk_size(iter); - -- while (size--) { -+ while (--size > 0) { - slot++; - iter->index++; - if (likely(*slot)) diff --git a/include/linux/random.h b/include/linux/random.h index a75840c..e7c4305 100644 --- a/include/linux/random.h @@ -105141,10 +104890,10 @@ index cde976e..ebd6033 100644 #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index 29446ae..2a70d02 100644 +index ddda2ac..4c6b6e1 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h -@@ -149,8 +149,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma) +@@ -135,8 +135,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma) void anon_vma_init(void); /* create anon_vma_cachep */ int anon_vma_prepare(struct vm_area_struct *); void unlink_anon_vmas(struct vm_area_struct *); @@ -107917,7 +107666,7 @@ index f80e74c..1e64f3c 100644 struct inet_skb_parm h4; #if IS_ENABLED(CONFIG_IPV6) diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index d6f6e50..a173aa7 100644 +index d6f6e50..6fea29e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -284,7 +284,6 @@ struct xfrm_dst; @@ -107964,6 +107713,15 @@ index d6f6e50..a173aa7 100644 u32 priority; u32 index; struct xfrm_mark mark; +@@ -603,7 +602,7 @@ struct xfrm_mgr { + int num_bundles, + const struct xfrm_kmaddress *k); + bool (*is_alive)(const struct km_event *c); +-}; ++} __do_const; + + int xfrm_register_km(struct xfrm_mgr *km); + int xfrm_unregister_km(struct xfrm_mgr *km); @@ -1172,6 +1171,7 @@ static inline void xfrm_sk_free_policy(struct sock *sk) } @@ -109206,7 +108964,7 @@ index b471e5a..cb0c603 100644 /* diff --git a/ipc/shm.c b/ipc/shm.c -index 4178727..b22c4d0 100644 +index 3174634..215d679 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -72,9 +72,17 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -109228,7 +108986,7 @@ index 4178727..b22c4d0 100644 ns->shm_ctlall = SHMALL; ns->shm_ctlmni = SHMMNI; ns->shm_rmid_forced = 0; -@@ -555,6 +563,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -588,6 +596,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); @@ -109238,7 +108996,7 @@ index 4178727..b22c4d0 100644 shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -1098,6 +1109,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1131,6 +1142,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -109251,7 +109009,7 @@ index 4178727..b22c4d0 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1122,6 +1139,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1155,6 +1172,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, if (err) goto out_unlock; @@ -109267,7 +109025,7 @@ index 4178727..b22c4d0 100644 ipc_lock_object(&shp->shm_perm); /* check if shm_destroy() is tearing down shp */ -@@ -1134,6 +1160,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1167,6 +1193,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, path = shp->shm_file->f_path; path_get(&path); shp->shm_nattch++; @@ -109277,7 +109035,7 @@ index 4178727..b22c4d0 100644 size = i_size_read(d_inode(path.dentry)); ipc_unlock_object(&shp->shm_perm); rcu_read_unlock(); -@@ -1332,7 +1361,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) +@@ -1365,7 +1394,8 @@ SYSCALL_DEFINE1(shmdt, char __user *, shmaddr) static int sysvipc_shm_proc_show(struct seq_file *s, void *it) { struct user_namespace *user_ns = seq_user_ns(s); @@ -109548,10 +109306,92 @@ index 45432b5..988f1e4 100644 +} +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 470f653..1aa51fc 100644 +index 470f653..5ea1e67 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5725,6 +5725,9 @@ static void cgroup_release_agent(struct work_struct *work) +@@ -3345,7 +3345,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp, + key = &cft->lockdep_key; + #endif + kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name), +- cgroup_file_mode(cft), 0, cft->kf_ops, cft, ++ cgroup_file_mode(cft), 0, cft->kf_ops, (void *)cft, + NULL, key); + if (IS_ERR(kn)) + return PTR_ERR(kn); +@@ -3449,11 +3449,14 @@ static void cgroup_exit_cftypes(struct cftype *cfts) + /* free copy for custom atomic_write_len, see init_cftypes() */ + if (cft->max_write_len && cft->max_write_len != PAGE_SIZE) + kfree(cft->kf_ops); +- cft->kf_ops = NULL; +- cft->ss = NULL; ++ ++ pax_open_kernel(); ++ *(void **)&cft->kf_ops = NULL; ++ *(void **)&cft->ss = NULL; + + /* revert flags set by cgroup core while adding @cfts */ +- cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL); ++ *(unsigned int *)&cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL); ++ pax_close_kernel(); + } + } + +@@ -3484,8 +3487,10 @@ static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) + kf_ops->atomic_write_len = cft->max_write_len; + } + +- cft->kf_ops = kf_ops; +- cft->ss = ss; ++ pax_open_kernel(); ++ *(void **)&cft->kf_ops = kf_ops; ++ *(void **)&cft->ss = ss; ++ pax_close_kernel(); + } + + return 0; +@@ -3498,7 +3503,7 @@ static int cgroup_rm_cftypes_locked(struct cftype *cfts) + if (!cfts || !cfts[0].ss) + return -ENOENT; + +- list_del(&cfts->node); ++ pax_list_del((struct list_head *)&cfts->node); + cgroup_apply_cftypes(cfts, false); + cgroup_exit_cftypes(cfts); + return 0; +@@ -3555,7 +3560,7 @@ static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) + + mutex_lock(&cgroup_mutex); + +- list_add_tail(&cfts->node, &ss->cfts); ++ pax_list_add_tail((struct list_head *)&cfts->node, &ss->cfts); + ret = cgroup_apply_cftypes(cfts, true); + if (ret) + cgroup_rm_cftypes_locked(cfts); +@@ -3576,8 +3581,10 @@ int cgroup_add_dfl_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) + { + struct cftype *cft; + ++ pax_open_kernel(); + for (cft = cfts; cft && cft->name[0] != '\0'; cft++) +- cft->flags |= __CFTYPE_ONLY_ON_DFL; ++ *(unsigned int *)&cft->flags |= __CFTYPE_ONLY_ON_DFL; ++ pax_close_kernel(); + return cgroup_add_cftypes(ss, cfts); + } + +@@ -3593,8 +3600,10 @@ int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts) + { + struct cftype *cft; + ++ pax_open_kernel(); + for (cft = cfts; cft && cft->name[0] != '\0'; cft++) +- cft->flags |= __CFTYPE_NOT_ON_DFL; ++ *(unsigned int *)&cft->flags |= __CFTYPE_NOT_ON_DFL; ++ pax_close_kernel(); + return cgroup_add_cftypes(ss, cfts); + } + +@@ -5725,6 +5734,9 @@ static void cgroup_release_agent(struct work_struct *work) if (!pathbuf || !agentbuf) goto out; @@ -109561,7 +109401,7 @@ index 470f653..1aa51fc 100644 path = cgroup_path(cgrp, pathbuf, PATH_MAX); if (!path) goto out; -@@ -5900,7 +5903,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) +@@ -5900,7 +5912,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) struct task_struct *task; int count = 0; @@ -109980,7 +109820,7 @@ index 41213454..861e178 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index cfc227c..d0f51f0 100644 +index 1087bbe..d0f51f0 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -175,8 +175,15 @@ static struct srcu_struct pmus_srcu; @@ -110018,15 +109858,6 @@ index cfc227c..d0f51f0 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -3434,7 +3441,7 @@ find_lively_task_by_vpid(pid_t vpid) - - /* Reuse ptrace permission checks for now. */ - err = -EACCES; -- if (!ptrace_may_access(task, PTRACE_MODE_READ)) -+ if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS)) - goto errout; - - return task; @@ -3898,9 +3905,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) total += perf_event_count(event); @@ -110820,7 +110651,7 @@ index 1155eac..0c9bd1f 100644 int threads = max_threads; int min = MIN_THREADS; diff --git a/kernel/futex.c b/kernel/futex.c -index 684d754..ef2bb0f 100644 +index 461c72b..b4f4bd8 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -202,7 +202,7 @@ struct futex_pi_state { @@ -110862,16 +110693,7 @@ index 684d754..ef2bb0f 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -2881,7 +2886,7 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, - } - - ret = -EPERM; -- if (!ptrace_may_access(p, PTRACE_MODE_READ)) -+ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS)) - goto err_unlock; - - head = p->robust_list; -@@ -3131,6 +3136,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -3136,6 +3141,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -110879,7 +110701,7 @@ index 684d754..ef2bb0f 100644 /* * This will fail and we want it. Some arch implementations do -@@ -3142,8 +3148,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3147,8 +3153,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -110892,7 +110714,7 @@ index 684d754..ef2bb0f 100644 } diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c -index 55c8c93..5adee02 100644 +index 4ae3232..5adee02 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c @@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry, @@ -110904,15 +110726,6 @@ index 55c8c93..5adee02 100644 compat_long_t futex_offset) { compat_uptr_t base = ptr_to_compat(entry); -@@ -155,7 +155,7 @@ COMPAT_SYSCALL_DEFINE3(get_robust_list, int, pid, - } - - ret = -EPERM; -- if (!ptrace_may_access(p, PTRACE_MODE_READ)) -+ if (!ptrace_may_access(p, PTRACE_MODE_READ_REALCREDS)) - goto err_unlock; - - head = p->compat_robust_list; diff --git a/kernel/gcov/base.c b/kernel/gcov/base.c index 7080ae1..c9b3761 100644 --- a/kernel/gcov/base.c @@ -111147,7 +110960,7 @@ index 5c5987f..bc502b0 100644 type, iter->name, iter->module_name); } else diff --git a/kernel/kcmp.c b/kernel/kcmp.c -index 0aa69ea..bcb17e3 100644 +index 3a47fa9..bcb17e3 100644 --- a/kernel/kcmp.c +++ b/kernel/kcmp.c @@ -100,6 +100,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, @@ -111161,17 +110974,6 @@ index 0aa69ea..bcb17e3 100644 rcu_read_lock(); /* -@@ -122,8 +126,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, - &task2->signal->cred_guard_mutex); - if (ret) - goto err; -- if (!ptrace_may_access(task1, PTRACE_MODE_READ) || -- !ptrace_may_access(task2, PTRACE_MODE_READ)) { -+ if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) || -+ !ptrace_may_access(task2, PTRACE_MODE_READ_REALCREDS)) { - ret = -EPERM; - goto err_unlock; - } diff --git a/kernel/kexec.c b/kernel/kexec.c index d873b64..61f7c59 100644 --- a/kernel/kexec.c @@ -111637,7 +111439,7 @@ index 0551c21..f753f95 100644 debug_mutex_free_waiter(&waiter); mutex_release(&lock->dep_map, 1, ip); diff --git a/kernel/module.c b/kernel/module.c -index 38c7bd5..e1be102 100644 +index 14833e6..659a51a 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -59,6 +59,7 @@ @@ -112567,7 +112369,7 @@ index 38c7bd5..e1be102 100644 module_deallocate(mod, info); free_copy: -@@ -3655,10 +3841,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3660,10 +3846,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -112587,7 +112389,7 @@ index 38c7bd5..e1be102 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3905,7 +4097,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3909,7 +4101,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -112596,7 +112398,7 @@ index 38c7bd5..e1be102 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3914,7 +4106,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3918,7 +4110,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading" : "Live"); /* Used by oprofile and other similar tools. */ @@ -112605,7 +112407,7 @@ index 38c7bd5..e1be102 100644 /* Taints info */ if (mod->taints) -@@ -3950,7 +4142,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3954,7 +4146,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -112623,7 +112425,7 @@ index 38c7bd5..e1be102 100644 return 0; } module_init(proc_modules_init); -@@ -4011,7 +4213,8 @@ struct module *__module_address(unsigned long addr) +@@ -4015,7 +4217,8 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -112633,7 +112435,7 @@ index 38c7bd5..e1be102 100644 return NULL; module_assert_mutex_or_preempt(); -@@ -4054,11 +4257,20 @@ bool is_module_text_address(unsigned long addr) +@@ -4058,11 +4261,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -112977,10 +112779,10 @@ index 99513e1..0caa643 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index b760bae..fe8f48d 100644 +index 3189e51..fcc8509 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -207,18 +207,46 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state) +@@ -207,12 +207,32 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state) return ret; } @@ -113016,65 +112818,16 @@ index b760bae..fe8f48d 100644 } /* Returns 0 on success, -errno on denial. */ - static int __ptrace_may_access(struct task_struct *task, unsigned int mode) - { - const struct cred *cred = current_cred(), *tcred; -+ kuid_t caller_uid; -+ kgid_t caller_gid; -+ int dumpable = 0; -+ -+ if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) { -+ WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n"); -+ return -EPERM; -+ } - - /* May we inspect the given task? - * This check is used both for attaching with ptrace -@@ -228,20 +256,35 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) - * because setting up the necessary parent/child relationship - * or halting the specified task is impossible. - */ -- int dumpable = 0; -+ - /* Don't let security modules deny introspection */ - if (same_thread_group(task, current)) - return 0; - rcu_read_lock(); -+ if (mode & PTRACE_MODE_FSCREDS) { -+ caller_uid = cred->fsuid; -+ caller_gid = cred->fsgid; -+ } else { -+ /* -+ * Using the euid would make more sense here, but something -+ * in userland might rely on the old behavior, and this -+ * shouldn't be a security problem since -+ * PTRACE_MODE_REALCREDS implies that the caller explicitly -+ * used a syscall that requests access to another process -+ * (and not a filesystem syscall to procfs). -+ */ -+ caller_uid = cred->uid; -+ caller_gid = cred->gid; -+ } - tcred = __task_cred(task); -- if (uid_eq(cred->uid, tcred->euid) && -- uid_eq(cred->uid, tcred->suid) && -- uid_eq(cred->uid, tcred->uid) && -- gid_eq(cred->gid, tcred->egid) && -- gid_eq(cred->gid, tcred->sgid) && -- gid_eq(cred->gid, tcred->gid)) -+ if (uid_eq(caller_uid, tcred->euid) && -+ uid_eq(caller_uid, tcred->suid) && -+ uid_eq(caller_uid, tcred->uid) && -+ gid_eq(caller_gid, tcred->egid) && -+ gid_eq(caller_gid, tcred->sgid) && -+ gid_eq(caller_gid, tcred->gid)) +@@ -264,7 +284,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) + gid_eq(caller_gid, tcred->sgid) && + gid_eq(caller_gid, tcred->gid)) goto ok; - if (ptrace_has_cap(tcred->user_ns, mode)) + if (ptrace_has_cap(tcred, mode)) goto ok; rcu_read_unlock(); return -EPERM; -@@ -252,7 +295,7 @@ ok: +@@ -275,7 +295,7 @@ ok: dumpable = get_dumpable(task->mm); rcu_read_lock(); if (dumpable != SUID_DUMP_USER && @@ -113083,16 +112836,7 @@ index b760bae..fe8f48d 100644 rcu_read_unlock(); return -EPERM; } -@@ -306,7 +349,7 @@ static int ptrace_attach(struct task_struct *task, long request, - goto out; - - task_lock(task); -- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH); -+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS); - task_unlock(task); - if (retval) - goto unlock_creds; -@@ -321,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -344,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; rcu_read_lock(); @@ -113101,7 +112845,7 @@ index b760bae..fe8f48d 100644 flags |= PT_PTRACE_CAP; rcu_read_unlock(); task->ptrace = flags; -@@ -514,7 +557,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -537,7 +557,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -113110,7 +112854,7 @@ index b760bae..fe8f48d 100644 return -EFAULT; copied += retval; src += retval; -@@ -815,7 +858,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -838,7 +858,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -113119,7 +112863,7 @@ index b760bae..fe8f48d 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -1066,14 +1109,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -1089,14 +1109,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -113142,7 +112886,7 @@ index b760bae..fe8f48d 100644 goto out_put_task_struct; } -@@ -1101,7 +1151,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -1124,7 +1151,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -113151,7 +112895,7 @@ index b760bae..fe8f48d 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1194,7 +1244,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, +@@ -1217,7 +1244,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, } COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, @@ -113160,7 +112904,7 @@ index b760bae..fe8f48d 100644 { struct task_struct *child; long ret; -@@ -1210,14 +1260,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, +@@ -1233,14 +1260,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, goto out; } @@ -114261,7 +114005,7 @@ index 479e443..66d845e1 100644 .thread_should_run = ksoftirqd_should_run, .thread_fn = run_ksoftirqd, diff --git a/kernel/sys.c b/kernel/sys.c -index 6af9212..e1f1adf 100644 +index 78947de..cb182d1 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -160,6 +160,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -114915,7 +114659,7 @@ index f5e86d2..33a4099 100644 .clock_get = thread_cpu_clock_get, .timer_create = thread_cpu_timer_create, diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c -index 31d11ac..5a3bb13 100644 +index f2826c3..c8d9d80 100644 --- a/kernel/time/posix-timers.c +++ b/kernel/time/posix-timers.c @@ -43,6 +43,7 @@ @@ -116229,7 +115973,7 @@ index 62a698a..32327d08 100644 u32 high = divisor >> 32; u64 quot; diff --git a/lib/dma-debug.c b/lib/dma-debug.c -index d34bd24..77b953c 100644 +index 4a1515f4..baea985 100644 --- a/lib/dma-debug.c +++ b/lib/dma-debug.c @@ -982,7 +982,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti @@ -116695,7 +116439,7 @@ index 6111bcb..02e816b 100644 static DECLARE_WAIT_QUEUE_HEAD(percpu_ref_switch_waitq); diff --git a/lib/radix-tree.c b/lib/radix-tree.c -index fcf5d98..4811f49 100644 +index 6b79e90..4811f49 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -68,7 +68,7 @@ struct radix_tree_preload { @@ -116707,36 +116451,6 @@ index fcf5d98..4811f49 100644 static inline void *ptr_to_indirect(void *ptr) { -@@ -1019,9 +1019,13 @@ radix_tree_gang_lookup(struct radix_tree_root *root, void **results, - return 0; - - radix_tree_for_each_slot(slot, root, &iter, first_index) { -- results[ret] = indirect_to_ptr(rcu_dereference_raw(*slot)); -+ results[ret] = rcu_dereference_raw(*slot); - if (!results[ret]) - continue; -+ if (radix_tree_is_indirect_ptr(results[ret])) { -+ slot = radix_tree_iter_retry(&iter); -+ continue; -+ } - if (++ret == max_items) - break; - } -@@ -1098,9 +1102,13 @@ radix_tree_gang_lookup_tag(struct radix_tree_root *root, void **results, - return 0; - - radix_tree_for_each_tagged(slot, root, &iter, first_index, tag) { -- results[ret] = indirect_to_ptr(rcu_dereference_raw(*slot)); -+ results[ret] = rcu_dereference_raw(*slot); - if (!results[ret]) - continue; -+ if (radix_tree_is_indirect_ptr(results[ret])) { -+ slot = radix_tree_iter_retry(&iter); -+ continue; -+ } - if (++ret == max_items) - break; - } diff --git a/lib/random32.c b/lib/random32.c index 1211191..63e8a83 100644 --- a/lib/random32.c @@ -117188,10 +116902,72 @@ index 123bcd3..c2c85db 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index ef6963b..753a1e6 100644 +index ef6963b..09c45dc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2780,6 +2780,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -39,7 +39,60 @@ int hugepages_treat_as_movable; + + int hugetlb_max_hstate __read_mostly; + unsigned int default_hstate_idx; +-struct hstate hstates[HUGE_MAX_HSTATE]; ++ ++#ifdef CONFIG_CGROUP_HUGETLB ++static struct cftype hugetlb_files[HUGE_MAX_HSTATE][5] = { ++# define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val)) ++# define CFTYPE_INIT(idx) \ ++ { /* Add the limit file */ \ ++ [0] = { .private = MEMFILE_PRIVATE(idx, RES_LIMIT), \ ++ .read_u64 = hugetlb_cgroup_read_u64, \ ++ .write = hugetlb_cgroup_write, }, \ ++ /* Add the usage file */ \ ++ [1] = { .private = MEMFILE_PRIVATE(idx, RES_USAGE), \ ++ .read_u64 = hugetlb_cgroup_read_u64, }, \ ++ /* Add the MAX usage file */ \ ++ [2] = { .private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE), \ ++ .write = hugetlb_cgroup_reset, \ ++ .read_u64 = hugetlb_cgroup_read_u64, }, \ ++ /* Add the failcntfile */ \ ++ [3] = { .private = MEMFILE_PRIVATE(idx, RES_FAILCNT), \ ++ .write = hugetlb_cgroup_reset, \ ++ .read_u64 = hugetlb_cgroup_read_u64, }, \ ++ [4] = { /* NULL terminator */ }, \ ++ } ++ ++# if HUGE_MAX_HSTATE > 0 ++ [0] = CFTYPE_INIT(0), ++# endif ++# if HUGE_MAX_HSTATE > 1 ++ [1] = CFTYPE_INIT(1), ++# endif ++# if HUGE_MAX_HSTATE > 2 ++# error PaX: add more initializers... ++# endif ++ ++# undef CFTYPE_INIT ++}; ++#endif ++ ++struct hstate hstates[HUGE_MAX_HSTATE] = { ++#ifdef CONFIG_CGROUP_HUGETLB ++# define HSTATE_INIT(idx) [idx] = { .cgroup_files = &hugetlb_files[idx] } ++ ++# if HUGE_MAX_HSTATE > 0 ++ HSTATE_INIT(0), ++# endif ++# if HUGE_MAX_HSTATE > 1 ++ HSTATE_INIT(1), ++# endif ++# if HUGE_MAX_HSTATE > 2 ++# error PaX: add more initializers... ++# endif ++ ++# undef HSTATE_INIT ++#endif ++}; + /* + * Minimum page order among possible hugepage sizes, set to a proper value + * at boot time. +@@ -2780,6 +2833,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, struct ctl_table *table, int write, void __user *buffer, size_t *length, loff_t *ppos) { @@ -117199,7 +116975,7 @@ index ef6963b..753a1e6 100644 struct hstate *h = &default_hstate; unsigned long tmp = h->max_huge_pages; int ret; -@@ -2787,9 +2788,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2787,9 +2841,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, if (!hugepages_supported()) return -ENOTSUPP; @@ -117213,7 +116989,7 @@ index ef6963b..753a1e6 100644 if (ret) goto out; -@@ -2824,6 +2826,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2824,6 +2879,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -117221,7 +116997,7 @@ index ef6963b..753a1e6 100644 if (!hugepages_supported()) return -ENOTSUPP; -@@ -2833,9 +2836,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2833,9 +2889,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, if (write && hstate_is_gigantic(h)) return -EINVAL; @@ -117235,7 +117011,7 @@ index ef6963b..753a1e6 100644 if (ret) goto out; -@@ -3341,6 +3345,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3341,6 +3398,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, i_mmap_unlock_write(mapping); } @@ -117263,7 +117039,7 @@ index ef6963b..753a1e6 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -3454,6 +3479,11 @@ retry_avoidcopy: +@@ -3454,6 +3532,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -117275,7 +117051,7 @@ index ef6963b..753a1e6 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -3627,6 +3657,10 @@ retry: +@@ -3627,6 +3710,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -117286,7 +117062,7 @@ index ef6963b..753a1e6 100644 hugetlb_count_add(pages_per_huge_page(h), mm); if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ -@@ -3695,6 +3729,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3695,6 +3782,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, struct address_space *mapping; int need_wait_lock = 0; @@ -117297,7 +117073,7 @@ index ef6963b..753a1e6 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -3712,6 +3750,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3712,6 +3803,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, return VM_FAULT_OOM; } @@ -117324,6 +117100,112 @@ index ef6963b..753a1e6 100644 mapping = vma->vm_file->f_mapping; idx = vma_hugecache_offset(h, vma, address); +diff --git a/mm/hugetlb_cgroup.c b/mm/hugetlb_cgroup.c +index d8fb10d..8606223 100644 +--- a/mm/hugetlb_cgroup.c ++++ b/mm/hugetlb_cgroup.c +@@ -27,7 +27,6 @@ struct hugetlb_cgroup { + struct page_counter hugepage[HUGE_MAX_HSTATE]; + }; + +-#define MEMFILE_PRIVATE(x, val) (((x) << 16) | (val)) + #define MEMFILE_IDX(val) (((val) >> 16) & 0xffff) + #define MEMFILE_ATTR(val) ((val) & 0xffff) + +@@ -238,14 +237,7 @@ void hugetlb_cgroup_uncharge_cgroup(int idx, unsigned long nr_pages, + return; + } + +-enum { +- RES_USAGE, +- RES_LIMIT, +- RES_MAX_USAGE, +- RES_FAILCNT, +-}; +- +-static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css, ++u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css, + struct cftype *cft) + { + struct page_counter *counter; +@@ -269,7 +261,7 @@ static u64 hugetlb_cgroup_read_u64(struct cgroup_subsys_state *css, + + static DEFINE_MUTEX(hugetlb_limit_mutex); + +-static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of, ++ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of, + char *buf, size_t nbytes, loff_t off) + { + int ret, idx; +@@ -299,7 +291,7 @@ static ssize_t hugetlb_cgroup_write(struct kernfs_open_file *of, + return ret ?: nbytes; + } + +-static ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of, ++ssize_t hugetlb_cgroup_reset(struct kernfs_open_file *of, + char *buf, size_t nbytes, loff_t off) + { + int ret = 0; +@@ -335,46 +327,26 @@ static char *mem_fmt(char *buf, int size, unsigned long hsize) + + static void __init __hugetlb_cgroup_file_init(int idx) + { ++ char names[4][MAX_CFTYPE_NAME]; + char buf[32]; +- struct cftype *cft; + struct hstate *h = &hstates[idx]; + + /* format the size */ + mem_fmt(buf, 32, huge_page_size(h)); +- +- /* Add the limit file */ +- cft = &h->cgroup_files[0]; +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf); +- cft->private = MEMFILE_PRIVATE(idx, RES_LIMIT); +- cft->read_u64 = hugetlb_cgroup_read_u64; +- cft->write = hugetlb_cgroup_write; +- +- /* Add the usage file */ +- cft = &h->cgroup_files[1]; +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf); +- cft->private = MEMFILE_PRIVATE(idx, RES_USAGE); +- cft->read_u64 = hugetlb_cgroup_read_u64; +- +- /* Add the MAX usage file */ +- cft = &h->cgroup_files[2]; +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf); +- cft->private = MEMFILE_PRIVATE(idx, RES_MAX_USAGE); +- cft->write = hugetlb_cgroup_reset; +- cft->read_u64 = hugetlb_cgroup_read_u64; +- +- /* Add the failcntfile */ +- cft = &h->cgroup_files[3]; +- snprintf(cft->name, MAX_CFTYPE_NAME, "%s.failcnt", buf); +- cft->private = MEMFILE_PRIVATE(idx, RES_FAILCNT); +- cft->write = hugetlb_cgroup_reset; +- cft->read_u64 = hugetlb_cgroup_read_u64; +- +- /* NULL terminate the last cft */ +- cft = &h->cgroup_files[4]; +- memset(cft, 0, sizeof(*cft)); ++ snprintf(names[0], MAX_CFTYPE_NAME, "%s.limit_in_bytes", buf); ++ snprintf(names[1], MAX_CFTYPE_NAME, "%s.usage_in_bytes", buf); ++ snprintf(names[2], MAX_CFTYPE_NAME, "%s.max_usage_in_bytes", buf); ++ snprintf(names[3], MAX_CFTYPE_NAME, "%s.failcnt", buf); ++ ++ pax_open_kernel(); ++ strncpy((void *)h->cgroup_files[0]->name, names[0], MAX_CFTYPE_NAME); ++ strncpy((void *)h->cgroup_files[1]->name, names[1], MAX_CFTYPE_NAME); ++ strncpy((void *)h->cgroup_files[2]->name, names[2], MAX_CFTYPE_NAME); ++ strncpy((void *)h->cgroup_files[3]->name, names[3], MAX_CFTYPE_NAME); ++ pax_close_kernel(); + + WARN_ON(cgroup_add_legacy_cftypes(&hugetlb_cgrp_subsys, +- h->cgroup_files)); ++ *h->cgroup_files)); + } + + void __init hugetlb_cgroup_file_init(void) diff --git a/mm/internal.h b/mm/internal.h index 38e24b8..73ff43d 100644 --- a/mm/internal.h @@ -117468,7 +117350,7 @@ index c889fcb..f181221 100644 if (end == start) return error; diff --git a/mm/memcontrol.c b/mm/memcontrol.c -index fc10620..cfa8635 100644 +index ee6acd2..e83259e 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -809,7 +809,7 @@ static void memcg_check_events(struct mem_cgroup *memcg, struct page *page) @@ -117499,7 +117381,7 @@ index fc10620..cfa8635 100644 } diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 8424b64..4bc9d7d 100644 +index 750b789..b1b1b59 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -64,7 +64,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -118293,7 +118175,7 @@ index 7890d0b..00200c6 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index 339d9e0..03bc5fa 100644 +index d6006b1..a72cbda 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -14,6 +14,7 @@ @@ -118390,7 +118272,7 @@ index fdadf91..5f527d1 100644 .priority = IPC_CALLBACK_PRI, /* use lowest priority */ }; diff --git a/mm/mmap.c b/mm/mmap.c -index 2ce04a6..c085c24 100644 +index 455772a..5ce0964 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -42,6 +42,7 @@ @@ -118486,7 +118368,7 @@ index 2ce04a6..c085c24 100644 mm->end_data, mm->start_data)) goto out; -@@ -973,6 +1002,12 @@ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -977,6 +1006,12 @@ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, pgoff_t vm_pgoff, struct vm_userfaultfd_ctx vm_userfaultfd_ctx) { @@ -118499,7 +118381,7 @@ index 2ce04a6..c085c24 100644 if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -994,6 +1029,12 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -998,6 +1033,12 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, pgoff_t vm_pgoff, struct vm_userfaultfd_ctx vm_userfaultfd_ctx) { @@ -118512,7 +118394,7 @@ index 2ce04a6..c085c24 100644 if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -1044,6 +1085,13 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1048,6 +1089,13 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *area, *next; int err; @@ -118526,7 +118408,7 @@ index 2ce04a6..c085c24 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -1059,6 +1107,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1063,6 +1111,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -118542,7 +118424,7 @@ index 2ce04a6..c085c24 100644 /* * Can it merge with the predecessor? */ -@@ -1081,9 +1138,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1085,9 +1142,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -118568,7 +118450,7 @@ index 2ce04a6..c085c24 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev, vm_flags); -@@ -1098,12 +1170,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1102,12 +1174,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen, vm_userfaultfd_ctx)) { @@ -118598,7 +118480,7 @@ index 2ce04a6..c085c24 100644 if (err) return NULL; khugepaged_enter_vma_merge(area, vm_flags); -@@ -1212,8 +1299,10 @@ none: +@@ -1216,8 +1303,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -118611,7 +118493,7 @@ index 2ce04a6..c085c24 100644 mm->total_vm += pages; -@@ -1221,7 +1310,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1225,7 +1314,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -118620,7 +118502,7 @@ index 2ce04a6..c085c24 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1251,6 +1340,10 @@ static inline int mlock_future_check(struct mm_struct *mm, +@@ -1255,6 +1344,10 @@ static inline int mlock_future_check(struct mm_struct *mm, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -118631,7 +118513,7 @@ index 2ce04a6..c085c24 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1278,7 +1371,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr, +@@ -1282,7 +1375,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -118640,7 +118522,7 @@ index 2ce04a6..c085c24 100644 if (!(file && path_noexec(&file->f_path))) prot |= PROT_EXEC; -@@ -1301,7 +1394,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr, +@@ -1305,7 +1398,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -118649,7 +118531,7 @@ index 2ce04a6..c085c24 100644 if (offset_in_page(addr)) return addr; -@@ -1312,6 +1405,43 @@ unsigned long do_mmap(struct file *file, unsigned long addr, +@@ -1316,6 +1409,43 @@ unsigned long do_mmap(struct file *file, unsigned long addr, vm_flags |= calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -118693,7 +118575,7 @@ index 2ce04a6..c085c24 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1399,6 +1529,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr, +@@ -1403,6 +1533,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } @@ -118703,7 +118585,7 @@ index 2ce04a6..c085c24 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1492,7 +1625,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1496,7 +1629,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) const struct vm_operations_struct *vm_ops = vma->vm_ops; /* If it was private or non-writable, the write bit is already clear */ @@ -118712,7 +118594,7 @@ index 2ce04a6..c085c24 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1543,7 +1676,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1547,7 +1680,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, struct rb_node **rb_link, *rb_parent; unsigned long charged = 0; @@ -118735,7 +118617,7 @@ index 2ce04a6..c085c24 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) { unsigned long nr_pages; -@@ -1565,6 +1713,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1569,6 +1717,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, &rb_parent)) { if (do_munmap(mm, addr, len)) return -ENOMEM; @@ -118743,7 +118625,7 @@ index 2ce04a6..c085c24 100644 } /* -@@ -1596,6 +1745,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1600,6 +1749,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr, goto unacct_error; } @@ -118760,7 +118642,7 @@ index 2ce04a6..c085c24 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1626,6 +1785,13 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1630,6 +1789,13 @@ unsigned long mmap_region(struct file *file, unsigned long addr, if (error) goto unmap_and_free_vma; @@ -118774,7 +118656,7 @@ index 2ce04a6..c085c24 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1644,6 +1810,12 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1648,6 +1814,12 @@ unsigned long mmap_region(struct file *file, unsigned long addr, } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -118787,7 +118669,7 @@ index 2ce04a6..c085c24 100644 /* Once vma denies write, undo our temporary denial count */ if (file) { if (vm_flags & VM_SHARED) -@@ -1656,6 +1828,7 @@ out: +@@ -1660,6 +1832,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -118795,7 +118677,7 @@ index 2ce04a6..c085c24 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1693,6 +1866,12 @@ allow_write_and_free_vma: +@@ -1697,6 +1870,12 @@ allow_write_and_free_vma: if (vm_flags & VM_DENYWRITE) allow_write_access(file); free_vma: @@ -118808,7 +118690,7 @@ index 2ce04a6..c085c24 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1700,7 +1879,63 @@ unacct_error: +@@ -1704,7 +1883,63 @@ unacct_error: return error; } @@ -118873,7 +118755,7 @@ index 2ce04a6..c085c24 100644 { /* * We implement the search by looking for an rbtree node that -@@ -1748,11 +1983,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) +@@ -1752,11 +1987,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) } } @@ -118904,7 +118786,7 @@ index 2ce04a6..c085c24 100644 if (gap_end >= low_limit && gap_end - gap_start >= length) goto found; -@@ -1802,7 +2055,7 @@ found: +@@ -1806,7 +2059,7 @@ found: return gap_start; } @@ -118913,7 +118795,7 @@ index 2ce04a6..c085c24 100644 { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; -@@ -1856,6 +2109,24 @@ check_current: +@@ -1860,6 +2113,24 @@ check_current: gap_end = vma->vm_start; if (gap_end < low_limit) return -ENOMEM; @@ -118938,7 +118820,7 @@ index 2ce04a6..c085c24 100644 if (gap_start <= high_limit && gap_end - gap_start >= length) goto found; -@@ -1919,6 +2190,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1923,6 +2194,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -118946,7 +118828,7 @@ index 2ce04a6..c085c24 100644 if (len > TASK_SIZE - mmap_min_addr) return -ENOMEM; -@@ -1926,11 +2198,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1930,11 +2202,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -118963,7 +118845,7 @@ index 2ce04a6..c085c24 100644 return addr; } -@@ -1939,6 +2215,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1943,6 +2219,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, info.low_limit = mm->mmap_base; info.high_limit = TASK_SIZE; info.align_mask = 0; @@ -118971,7 +118853,7 @@ index 2ce04a6..c085c24 100644 return vm_unmapped_area(&info); } #endif -@@ -1957,6 +2234,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1961,6 +2238,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -118979,7 +118861,7 @@ index 2ce04a6..c085c24 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE - mmap_min_addr) -@@ -1965,12 +2243,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1969,12 +2247,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -118997,7 +118879,7 @@ index 2ce04a6..c085c24 100644 return addr; } -@@ -1979,6 +2261,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1983,6 +2265,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = max(PAGE_SIZE, mmap_min_addr); info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -119005,7 +118887,7 @@ index 2ce04a6..c085c24 100644 addr = vm_unmapped_area(&info); /* -@@ -1991,6 +2274,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1995,6 +2278,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -119018,7 +118900,7 @@ index 2ce04a6..c085c24 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -2090,6 +2379,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2094,6 +2383,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -119047,7 +118929,7 @@ index 2ce04a6..c085c24 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2107,8 +2418,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2111,8 +2422,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns /* Stack limit test */ actual_size = size; @@ -119057,7 +118939,7 @@ index 2ce04a6..c085c24 100644 if (actual_size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2119,6 +2429,10 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2123,6 +2433,10 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = READ_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -119068,7 +118950,7 @@ index 2ce04a6..c085c24 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2144,38 +2458,49 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2148,17 +2462,21 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -119078,46 +118960,38 @@ index 2ce04a6..c085c24 100644 int expand_upwards(struct vm_area_struct *vma, unsigned long address) { struct mm_struct *mm = vma->vm_mm; - int error; + int error = 0; + bool locknext; if (!(vma->vm_flags & VM_GROWSUP)) return -EFAULT; -+ /* Also guard against wrapping around to address 0. */ + /* Guard against wrapping around to address 0. */ +- if (address < PAGE_ALIGN(address+4)) +- address = PAGE_ALIGN(address+4); + if (address < PAGE_ALIGN(address+1)) + address = PAGE_ALIGN(address+1); -+ else -+ return -ENOMEM; -+ - /* - * We must make sure the anon_vma is allocated - * so that the anon_vma locking is not a noop. - */ + else + return -ENOMEM; + +@@ -2166,15 +2484,24 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) if (unlikely(anon_vma_prepare(vma))) return -ENOMEM; + + locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN); + if (locknext && anon_vma_prepare(vma->vm_next)) + return -ENOMEM; - vma_lock_anon_vma(vma); -+ if (locknext) -+ vma_lock_anon_vma(vma->vm_next); - ++ /* * vma->vm_start/vm_end cannot change under us because the caller * is required to hold the mmap_sem in read mode. We need the - * anon_vma lock to serialize against concurrent expand_stacks. -- * Also guard against wrapping around to address 0. + * anon_vma locks to serialize against concurrent expand_stacks + * and expand_upwards. */ -- if (address < PAGE_ALIGN(address+4)) -- address = PAGE_ALIGN(address+4); -- else { -- vma_unlock_anon_vma(vma); -- return -ENOMEM; -- } - error = 0; + anon_vma_lock_write(vma->anon_vma); ++ if (locknext) ++ anon_vma_lock_write(vma->vma_next->anon_vma); /* Somebody else might have raced and expanded it already */ - if (address > vma->vm_end) { @@ -119127,27 +119001,27 @@ index 2ce04a6..c085c24 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2214,6 +2539,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2213,6 +2540,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } + if (locknext) -+ vma_unlock_anon_vma(vma->vm_next); - vma_unlock_anon_vma(vma); ++ anon_vma_unlock_write(vma->vm_next->anon_vma); + anon_vma_unlock_write(vma->anon_vma); khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(mm); -@@ -2229,6 +2556,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2228,6 +2557,8 @@ int expand_downwards(struct vm_area_struct *vma, { struct mm_struct *mm = vma->vm_mm; int error; + bool lockprev = false; + struct vm_area_struct *prev; - /* - * We must make sure the anon_vma is allocated -@@ -2242,6 +2571,15 @@ int expand_downwards(struct vm_area_struct *vma, - if (error) - return error; + address &= PAGE_MASK; + error = security_mmap_addr(address); +@@ -2238,6 +2569,15 @@ int expand_downwards(struct vm_area_struct *vma, + if (unlikely(anon_vma_prepare(vma))) + return -ENOMEM; + prev = vma->vm_prev; +#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64) @@ -119156,13 +119030,13 @@ index 2ce04a6..c085c24 100644 + if (lockprev && anon_vma_prepare(prev)) + return -ENOMEM; + if (lockprev) -+ vma_lock_anon_vma(prev); ++ anon_vma_lock_write(prev->anon_vma); + - vma_lock_anon_vma(vma); - /* -@@ -2251,9 +2589,17 @@ int expand_downwards(struct vm_area_struct *vma, - */ + * vma->vm_start/vm_end cannot change under us because the caller + * is required to hold the mmap_sem in read mode. We need the +@@ -2246,9 +2586,17 @@ int expand_downwards(struct vm_area_struct *vma, + anon_vma_lock_write(vma->anon_vma); /* Somebody else might have raced and expanded it already */ - if (address < vma->vm_start) { @@ -119180,7 +119054,7 @@ index 2ce04a6..c085c24 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2282,13 +2628,27 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2277,13 +2625,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -119202,13 +119076,13 @@ index 2ce04a6..c085c24 100644 } } } - vma_unlock_anon_vma(vma); + anon_vma_unlock_write(vma->anon_vma); + if (lockprev) -+ vma_unlock_anon_vma(prev); ++ anon_vma_unlock_write(prev->anon_vma); khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(mm); return error; -@@ -2388,6 +2748,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2383,6 +2745,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -119222,7 +119096,7 @@ index 2ce04a6..c085c24 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2432,6 +2799,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2427,6 +2796,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -119239,7 +119113,7 @@ index 2ce04a6..c085c24 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2459,14 +2836,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2454,14 +2833,33 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *new; int err; @@ -119273,7 +119147,7 @@ index 2ce04a6..c085c24 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2479,6 +2875,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2474,6 +2872,22 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -119296,7 +119170,7 @@ index 2ce04a6..c085c24 100644 err = vma_dup_policy(vma, new); if (err) goto out_free_vma; -@@ -2499,6 +2911,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2494,6 +2908,38 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -119335,7 +119209,7 @@ index 2ce04a6..c085c24 100644 /* Success. */ if (!err) return 0; -@@ -2508,10 +2952,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2503,10 +2949,18 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -119355,7 +119229,7 @@ index 2ce04a6..c085c24 100644 kmem_cache_free(vm_area_cachep, new); return err; } -@@ -2523,6 +2975,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2518,6 +2972,15 @@ static int __split_vma(struct mm_struct *mm, struct vm_area_struct *vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -119371,7 +119245,7 @@ index 2ce04a6..c085c24 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2534,11 +2995,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2529,11 +2992,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -119402,7 +119276,7 @@ index 2ce04a6..c085c24 100644 if ((offset_in_page(start)) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2616,6 +3096,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2611,6 +3093,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -119411,7 +119285,7 @@ index 2ce04a6..c085c24 100644 return 0; } -@@ -2624,6 +3106,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2619,6 +3103,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -119425,7 +119299,7 @@ index 2ce04a6..c085c24 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2670,6 +3159,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -2665,6 +3156,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, down_write(&mm->mmap_sem); vma = find_vma(mm, start); @@ -119437,7 +119311,7 @@ index 2ce04a6..c085c24 100644 if (!vma || !(vma->vm_flags & VM_SHARED)) goto out; -@@ -2706,16 +3200,6 @@ out: +@@ -2725,16 +3221,6 @@ out: return ret; } @@ -119454,7 +119328,7 @@ index 2ce04a6..c085c24 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2729,6 +3213,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2748,6 +3234,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node **rb_link, *rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -119462,7 +119336,7 @@ index 2ce04a6..c085c24 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2736,10 +3221,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2755,10 +3242,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -119487,7 +119361,7 @@ index 2ce04a6..c085c24 100644 error = mlock_future_check(mm, mm->def_flags, len); if (error) return error; -@@ -2757,16 +3256,17 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2776,16 +3277,17 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) &rb_parent)) { if (do_munmap(mm, addr, len)) return -ENOMEM; @@ -119507,7 +119381,7 @@ index 2ce04a6..c085c24 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2780,7 +3280,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2799,7 +3301,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -119516,7 +119390,7 @@ index 2ce04a6..c085c24 100644 return -ENOMEM; } -@@ -2794,10 +3294,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2813,10 +3315,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -119530,7 +119404,7 @@ index 2ce04a6..c085c24 100644 return addr; } -@@ -2859,6 +3360,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2878,6 +3381,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -119538,7 +119412,7 @@ index 2ce04a6..c085c24 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2873,6 +3375,10 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2892,6 +3396,10 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -119549,7 +119423,7 @@ index 2ce04a6..c085c24 100644 if (find_vma_links(mm, vma->vm_start, vma->vm_end, &prev, &rb_link, &rb_parent)) return -ENOMEM; -@@ -2880,6 +3386,9 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2899,6 +3407,9 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -119559,7 +119433,7 @@ index 2ce04a6..c085c24 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2897,7 +3406,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2916,7 +3427,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) vma->vm_pgoff = vma->vm_start >> PAGE_SHIFT; } @@ -119581,7 +119455,7 @@ index 2ce04a6..c085c24 100644 return 0; } -@@ -2916,6 +3439,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2935,6 +3460,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; bool faulted_in_anon_vma = true; @@ -119590,7 +119464,7 @@ index 2ce04a6..c085c24 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2982,6 +3507,39 @@ out: +@@ -3001,6 +3528,39 @@ out: return NULL; } @@ -119630,7 +119504,7 @@ index 2ce04a6..c085c24 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2993,6 +3551,11 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -3012,6 +3572,11 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -119642,7 +119516,7 @@ index 2ce04a6..c085c24 100644 if (cur + npages > lim) return 0; return 1; -@@ -3067,6 +3630,22 @@ static struct vm_area_struct *__install_special_mapping( +@@ -3086,6 +3651,22 @@ static struct vm_area_struct *__install_special_mapping( vma->vm_start = addr; vma->vm_end = addr + len; @@ -120250,7 +120124,7 @@ index 8a943b9..29d8b8d 100644 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c -index e88d071..4043093 100644 +index 5d453e5..4043093 100644 --- a/mm/process_vm_access.c +++ b/mm/process_vm_access.c @@ -13,6 +13,7 @@ @@ -120288,20 +120162,18 @@ index e88d071..4043093 100644 } if (nr_pages == 0) -@@ -194,7 +195,12 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter, +@@ -194,6 +195,11 @@ static ssize_t process_vm_rw_core(pid_t pid, struct iov_iter *iter, goto free_proc_pages; } -- mm = mm_access(task, PTRACE_MODE_ATTACH); + if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) { + rc = -EPERM; + goto put_task_struct; + } + -+ mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS); + mm = mm_access(task, PTRACE_MODE_ATTACH_REALCREDS); if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; - /* diff --git a/mm/rmap.c b/mm/rmap.c index b577fbb..ccd4d4e 100644 --- a/mm/rmap.c @@ -130218,7 +130090,7 @@ index b5e665b..3030b1d 100644 } diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c -index 9895a8c..e1f3bfb 100644 +index 9895a8c..705c302 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -166,12 +166,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) @@ -130325,6 +130197,24 @@ index 9895a8c..e1f3bfb 100644 } while (!res); return res; +@@ -1883,7 +1890,7 @@ static DEFINE_SPINLOCK(xfrm_km_lock); + int xfrm_register_km(struct xfrm_mgr *km) + { + spin_lock_bh(&xfrm_km_lock); +- list_add_tail_rcu(&km->list, &xfrm_km_list); ++ pax_list_add_tail_rcu((struct list_head *)&km->list, &xfrm_km_list); + spin_unlock_bh(&xfrm_km_lock); + return 0; + } +@@ -1892,7 +1899,7 @@ EXPORT_SYMBOL(xfrm_register_km); + int xfrm_unregister_km(struct xfrm_mgr *km) + { + spin_lock_bh(&xfrm_km_lock); +- list_del_rcu(&km->list); ++ pax_list_del_rcu((struct list_head *)&km->list); + spin_unlock_bh(&xfrm_km_lock); + synchronize_rcu(); + return 0; diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c index 05a6e3d..6716ec9 100644 --- a/net/xfrm/xfrm_sysctl.c @@ -132425,29 +132315,10 @@ index 705c287..81257f1 100644 /* freed below */ name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL); diff --git a/security/commoncap.c b/security/commoncap.c -index 1832cf7..b805e0f 100644 +index 48071ed..b805e0f 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -137,12 +137,17 @@ int cap_ptrace_access_check(struct task_struct *child, unsigned int mode) - { - int ret = 0; - const struct cred *cred, *child_cred; -+ const kernel_cap_t *caller_caps; - - rcu_read_lock(); - cred = current_cred(); - child_cred = __task_cred(child); -+ if (mode & PTRACE_MODE_FSCREDS) -+ caller_caps = &cred->cap_effective; -+ else -+ caller_caps = &cred->cap_permitted; - if (cred->user_ns == child_cred->user_ns && -- cap_issubset(child_cred->cap_permitted, cred->cap_permitted)) -+ cap_issubset(child_cred->cap_permitted, *caller_caps)) - goto out; - if (ns_capable(child_cred->user_ns, CAP_SYS_PTRACE)) - goto out; -@@ -433,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data +@@ -438,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data return 0; } @@ -132480,7 +132351,7 @@ index 1832cf7..b805e0f 100644 /* * Attempt to get the on-exec apply capability sets for an executable file from * its xattrs and, if present, apply them to the proposed credentials being -@@ -623,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -628,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); kuid_t root_uid = make_kuid(cred->user_ns, 0); @@ -133067,10 +132938,10 @@ index 9630e9f..2071ac2 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index a8b27cd..e3c4bb3 100644 +index 4ba64fd..49be507 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -3002,11 +3002,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -3014,11 +3014,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -133189,7 +133060,7 @@ index 062c446..a4b6f4c 100644 }; diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c -index 8010766..4bd361f 100644 +index c850345..71c5fd4 100644 --- a/sound/core/seq/seq_memory.c +++ b/sound/core/seq/seq_memory.c @@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event, @@ -134571,10 +134442,10 @@ index 0000000..eec3fd1 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..e5f1fb0 +index 0000000..b52a700 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,518 @@ +@@ -0,0 +1,521 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011-2016 by PaX Team <pageexec@freemail.hu> @@ -134784,7 +134655,10 @@ index 0000000..e5f1fb0 + if (TYPE_P(*node)) { + type = *node; + } else { -+ gcc_assert(TREE_CODE(*node) == TYPE_DECL); ++ if (TREE_CODE(*node) != TYPE_DECL) { ++ error("%qE attribute does not apply to %qD (%qT)", name, *node, TREE_TYPE(*node)); ++ return NULL_TREE; ++ } + type = TREE_TYPE(*node); + } + @@ -135095,10 +134969,10 @@ index 0000000..e5f1fb0 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..28c3242 +index 0000000..a910e1c --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,819 @@ +@@ -0,0 +1,831 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -135239,10 +135113,10 @@ index 0000000..28c3242 +#include "builtins.h" +#endif + -+//#include "expr.h" where are you... ++/* #include "expr.h" where are you... */ +extern rtx emit_move_insn(rtx x, rtx y); + -+// missing from basic_block.h... ++/* missing from basic_block.h... */ +extern void debug_dominance_info(enum cdi_direction dir); +extern void debug_dominance_tree(enum cdi_direction dir, basic_block root); + @@ -135277,13 +135151,17 @@ index 0000000..28c3242 +#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node)) +#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node)) + -+// should come from c-tree.h if only it were installed for gcc 4.5... ++/* should come from c-tree.h if only it were installed for gcc 4.5... */ +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) + +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls, (I) = 0; vars && ((D) = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), (I)++) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) \ ++ for (tree vars = (FUN)->local_decls, (I) = 0; \ ++ vars && ((D) = TREE_VALUE(vars)); \ ++ vars = TREE_CHAIN(vars), (I)++) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) -+#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) ++#define FOR_EACH_VEC_ELT(T, V, I, P) \ ++ for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 +#define SCOPE_FILE_SCOPE_P(EXP) (!(EXP)) + @@ -135357,7 +135235,8 @@ index 0000000..28c3242 + sscanf(get_random_seed(noinit), "%" HOST_WIDE_INT_PRINT "x", &seed); \ + seed * seed; }) + -+#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0) ++#define int_const_binop(code, arg1, arg2) \ ++ int_const_binop((code), (arg1), (arg2), 0) + +static inline bool gimple_clobber_p(gimple s __unused) +{ @@ -135370,6 +135249,7 @@ index 0000000..28c3242 + + for (i = 0; i < gimple_asm_nclobbers(stmt); i++) { + tree op = gimple_asm_clobber_op(stmt, i); ++ + if (!strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "memory")) + return true; + } @@ -135428,8 +135308,10 @@ index 0000000..28c3242 +#endif + +#if BUILDING_GCC_VERSION <= 4007 -+#define FOR_EACH_FUNCTION(node) for (node = cgraph_nodes; node; node = node->next) -+#define FOR_EACH_VARIABLE(node) for (node = varpool_nodes; node; node = node->next) ++#define FOR_EACH_FUNCTION(node) \ ++ for (node = cgraph_nodes; node; node = node->next) ++#define FOR_EACH_VARIABLE(node) \ ++ for (node = varpool_nodes; node; node = node->next) +#define PROP_loops 0 +#define NODE_SYMBOL(node) (node) +#define NODE_DECL(node) (node)->decl @@ -135443,6 +135325,7 @@ index 0000000..28c3242 +static inline bool gimple_store_p(gimple gs) +{ + tree lhs = gimple_get_lhs(gs); ++ + return lhs && !is_gimple_reg(lhs); +} +#endif @@ -135713,7 +135596,7 @@ index 0000000..28c3242 +#endif + +#if BUILDING_GCC_VERSION >= 5000 && BUILDING_GCC_VERSION < 6000 -+// gimple related ++/* gimple related */ +template <> +template <> +inline bool is_a_helper<const gassign *>::test(const_gimple gs) @@ -135732,7 +135615,7 @@ index 0000000..28c3242 + +#define INSN_DELETED_P(insn) (insn)->deleted() + -+// symtab/cgraph related ++/* symtab/cgraph related */ +#define debug_cgraph_node(node) (node)->debug() +#define cgraph_get_node(decl) cgraph_node::get(decl) +#define cgraph_get_create_node(decl) cgraph_node::get_create(decl) @@ -135830,7 +135713,7 @@ index 0000000..28c3242 +#define gimple gimple_ptr +#endif + -+// gimple related ++/* gimple related */ +static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL) +{ + return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT); @@ -135893,9 +135776,11 @@ index 0000000..28c3242 + return as_a<const greturn *>(stmt); +} + -+// IPA/LTO related -+#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P)) -+#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P)) ++/* IPA/LTO related */ ++#define ipa_ref_list_referring_iterate(L, I, P) \ ++ (L)->referring.iterate((I), &(P)) ++#define ipa_ref_list_reference_iterate(L, I, P) \ ++ (L)->reference.iterate((I), &(P)) + +static inline cgraph_node_ptr ipa_ref_referring_node(struct ipa_ref *ref) +{ @@ -135909,7 +135794,8 @@ index 0000000..28c3242 +#endif + +#if BUILDING_GCC_VERSION < 6000 -+#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) ++#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) \ ++ get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) +#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) +#endif + @@ -135920,10 +135806,10 @@ index 0000000..28c3242 +#endif diff --git a/tools/gcc/gcc-generate-gimple-pass.h b/tools/gcc/gcc-generate-gimple-pass.h new file mode 100644 -index 0000000..1abbd0f +index 0000000..0ba6a0d --- /dev/null +++ b/tools/gcc/gcc-generate-gimple-pass.h -@@ -0,0 +1,172 @@ +@@ -0,0 +1,173 @@ +/* + * Generator for GIMPLE pass related boilerplate code/data + * @@ -135935,7 +135821,8 @@ index 0000000..1abbd0f + * 2. before inclusion define NO_* for unimplemented callbacks + * NO_GATE + * NO_EXECUTE -+ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override the default 0 values ++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override ++ * the default 0 values + * 4. for convenience, all the above will be undefined after inclusion! + * 5. the only exported name is make_PASS_NAME_pass() to register with gcc + */ @@ -135945,25 +135832,25 @@ index 0000000..1abbd0f +#else +#define __GCC_PLUGIN_STRINGIFY(n) #n +#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n) -+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y -+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z + -+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data) ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data) +#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME) + -+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass) ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass) +#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME) + +#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME) + -+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass) ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass) +#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME) + +#ifdef NO_GATE +#define _GATE NULL +#define _HAS_GATE false +#else -+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate) ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate) +#define _GATE __GATE(PASS_NAME) +#define _HAS_GATE true +#endif @@ -135972,7 +135859,7 @@ index 0000000..1abbd0f +#define _EXECUTE NULL +#define _HAS_EXECUTE false +#else -+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute) ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute) +#define _EXECUTE __EXECUTE(PASS_NAME) +#define _HAS_EXECUTE true +#endif @@ -136040,7 +135927,7 @@ index 0000000..1abbd0f +#if BUILDING_GCC_VERSION >= 5000 + virtual bool gate(function *) { return _GATE(); } +#else -+ bool gate() { return _GATE(); } ++ bool gate(void) { return _GATE(); } +#endif +#endif + @@ -136048,7 +135935,7 @@ index 0000000..1abbd0f +#if BUILDING_GCC_VERSION >= 5000 + virtual unsigned int execute(function *) { return _EXECUTE(); } +#else -+ unsigned int execute() { return _EXECUTE(); } ++ unsigned int execute(void) { return _EXECUTE(); } +#endif +#endif +}; @@ -136065,7 +135952,7 @@ index 0000000..1abbd0f +} +#endif + -+// clean up user provided defines ++/* clean up user provided defines */ +#undef PASS_NAME +#undef NO_GATE +#undef NO_EXECUTE @@ -136076,7 +135963,7 @@ index 0000000..1abbd0f +#undef TODO_FLAGS_FINISH +#undef TODO_FLAGS_START + -+// clean up generated defines ++/* clean up generated defines */ +#undef _EXECUTE +#undef __EXECUTE +#undef _GATE @@ -136095,13 +135982,13 @@ index 0000000..1abbd0f +#undef _PASS_NAME_PASS_DATA +#undef __PASS_NAME_PASS_DATA + -+#endif // PASS_NAME ++#endif /* PASS_NAME */ diff --git a/tools/gcc/gcc-generate-ipa-pass.h b/tools/gcc/gcc-generate-ipa-pass.h new file mode 100644 -index 0000000..5eba6a0 +index 0000000..283c2e1 --- /dev/null +++ b/tools/gcc/gcc-generate-ipa-pass.h -@@ -0,0 +1,286 @@ +@@ -0,0 +1,287 @@ +/* + * Generator for IPA pass related boilerplate code/data + * @@ -136121,7 +136008,8 @@ index 0000000..5eba6a0 + * NO_VARIABLE_TRANSFORM + * NO_GATE + * NO_EXECUTE -+ * 3. before inclusion define PROPERTIES_* and *TODO_FLAGS_* to override the default 0 values ++ * 3. before inclusion define PROPERTIES_* and *TODO_FLAGS_* to override ++ * the default 0 values + * 4. for convenience, all the above will be undefined after inclusion! + * 5. the only exported name is make_PASS_NAME_pass() to register with gcc + */ @@ -136131,73 +136019,73 @@ index 0000000..5eba6a0 +#else +#define __GCC_PLUGIN_STRINGIFY(n) #n +#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n) -+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y -+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z + -+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data) ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data) +#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME) + -+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass) ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass) +#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME) + +#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME) + -+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass) ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass) +#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME) + +#ifdef NO_GENERATE_SUMMARY +#define _GENERATE_SUMMARY NULL +#else -+#define __GENERATE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_generate_summary) ++#define __GENERATE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _generate_summary) +#define _GENERATE_SUMMARY __GENERATE_SUMMARY(PASS_NAME) +#endif + +#ifdef NO_READ_SUMMARY +#define _READ_SUMMARY NULL +#else -+#define __READ_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_read_summary) ++#define __READ_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _read_summary) +#define _READ_SUMMARY __READ_SUMMARY(PASS_NAME) +#endif + +#ifdef NO_WRITE_SUMMARY +#define _WRITE_SUMMARY NULL +#else -+#define __WRITE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_write_summary) ++#define __WRITE_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _write_summary) +#define _WRITE_SUMMARY __WRITE_SUMMARY(PASS_NAME) +#endif + +#ifdef NO_READ_OPTIMIZATION_SUMMARY +#define _READ_OPTIMIZATION_SUMMARY NULL +#else -+#define __READ_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_read_optimization_summary) ++#define __READ_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _read_optimization_summary) +#define _READ_OPTIMIZATION_SUMMARY __READ_OPTIMIZATION_SUMMARY(PASS_NAME) +#endif + +#ifdef NO_WRITE_OPTIMIZATION_SUMMARY +#define _WRITE_OPTIMIZATION_SUMMARY NULL +#else -+#define __WRITE_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n,_write_optimization_summary) ++#define __WRITE_OPTIMIZATION_SUMMARY(n) _GCC_PLUGIN_CONCAT2(n, _write_optimization_summary) +#define _WRITE_OPTIMIZATION_SUMMARY __WRITE_OPTIMIZATION_SUMMARY(PASS_NAME) +#endif + +#ifdef NO_STMT_FIXUP +#define _STMT_FIXUP NULL +#else -+#define __STMT_FIXUP(n) _GCC_PLUGIN_CONCAT2(n,_stmt_fixup) ++#define __STMT_FIXUP(n) _GCC_PLUGIN_CONCAT2(n, _stmt_fixup) +#define _STMT_FIXUP __STMT_FIXUP(PASS_NAME) +#endif + +#ifdef NO_FUNCTION_TRANSFORM +#define _FUNCTION_TRANSFORM NULL +#else -+#define __FUNCTION_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n,_function_transform) ++#define __FUNCTION_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n, _function_transform) +#define _FUNCTION_TRANSFORM __FUNCTION_TRANSFORM(PASS_NAME) +#endif + +#ifdef NO_VARIABLE_TRANSFORM +#define _VARIABLE_TRANSFORM NULL +#else -+#define __VARIABLE_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n,_variable_transform) ++#define __VARIABLE_TRANSFORM(n) _GCC_PLUGIN_CONCAT2(n, _variable_transform) +#define _VARIABLE_TRANSFORM __VARIABLE_TRANSFORM(PASS_NAME) +#endif + @@ -136205,7 +136093,7 @@ index 0000000..5eba6a0 +#define _GATE NULL +#define _HAS_GATE false +#else -+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate) ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate) +#define _GATE __GATE(PASS_NAME) +#define _HAS_GATE true +#endif @@ -136214,7 +136102,7 @@ index 0000000..5eba6a0 +#define _EXECUTE NULL +#define _HAS_EXECUTE false +#else -+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute) ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute) +#define _EXECUTE __EXECUTE(PASS_NAME) +#define _HAS_EXECUTE true +#endif @@ -136307,7 +136195,7 @@ index 0000000..5eba6a0 +#if BUILDING_GCC_VERSION >= 5000 + virtual bool gate(function *) { return _GATE(); } +#else -+ bool gate() { return _GATE(); } ++ bool gate(void) { return _GATE(); } +#endif +#endif + @@ -136315,7 +136203,7 @@ index 0000000..5eba6a0 +#if BUILDING_GCC_VERSION >= 5000 + virtual unsigned int execute(function *) { return _EXECUTE(); } +#else -+ unsigned int execute() { return _EXECUTE(); } ++ unsigned int execute(void) { return _EXECUTE(); } +#endif +#endif +}; @@ -136332,7 +136220,7 @@ index 0000000..5eba6a0 +} +#endif + -+// clean up user provided defines ++/* clean up user provided defines */ +#undef PASS_NAME +#undef NO_GENERATE_SUMMARY +#undef NO_WRITE_SUMMARY @@ -136352,7 +136240,7 @@ index 0000000..5eba6a0 +#undef TODO_FLAGS_FINISH +#undef TODO_FLAGS_START + -+// clean up generated defines ++/* clean up generated defines */ +#undef _EXECUTE +#undef __EXECUTE +#undef _FUNCTION_TRANSFORM @@ -136387,13 +136275,13 @@ index 0000000..5eba6a0 +#undef _WRITE_SUMMARY +#undef __WRITE_SUMMARY + -+#endif // PASS_NAME ++#endif /* PASS_NAME */ diff --git a/tools/gcc/gcc-generate-rtl-pass.h b/tools/gcc/gcc-generate-rtl-pass.h new file mode 100644 -index 0000000..c5cc187 +index 0000000..f4cc205 --- /dev/null +++ b/tools/gcc/gcc-generate-rtl-pass.h -@@ -0,0 +1,172 @@ +@@ -0,0 +1,173 @@ +/* + * Generator for RTL pass related boilerplate code/data + * @@ -136405,7 +136293,8 @@ index 0000000..c5cc187 + * 2. before inclusion define NO_* for unimplemented callbacks + * NO_GATE + * NO_EXECUTE -+ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override the default 0 values ++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override ++ * the default 0 values + * 4. for convenience, all the above will be undefined after inclusion! + * 5. the only exported name is make_PASS_NAME_pass() to register with gcc + */ @@ -136415,25 +136304,25 @@ index 0000000..c5cc187 +#else +#define __GCC_PLUGIN_STRINGIFY(n) #n +#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n) -+#define _GCC_PLUGIN_CONCAT2(x,y) x ## y -+#define _GCC_PLUGIN_CONCAT3(x,y,z) x ## y ## z ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z + -+#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n,_pass_data) ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data) +#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME) + -+#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n,_pass) ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass) +#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME) + +#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME) + -+#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_,n,_pass) ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass) +#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME) + +#ifdef NO_GATE +#define _GATE NULL +#define _HAS_GATE false +#else -+#define __GATE(n) _GCC_PLUGIN_CONCAT2(n,_gate) ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate) +#define _GATE __GATE(PASS_NAME) +#define _HAS_GATE true +#endif @@ -136442,7 +136331,7 @@ index 0000000..c5cc187 +#define _EXECUTE NULL +#define _HAS_EXECUTE false +#else -+#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n,_execute) ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute) +#define _EXECUTE __EXECUTE(PASS_NAME) +#define _HAS_EXECUTE true +#endif @@ -136510,7 +136399,7 @@ index 0000000..c5cc187 +#if BUILDING_GCC_VERSION >= 5000 + virtual bool gate(function *) { return _GATE(); } +#else -+ bool gate() { return _GATE(); } ++ bool gate(void) { return _GATE(); } +#endif +#endif + @@ -136518,7 +136407,7 @@ index 0000000..c5cc187 +#if BUILDING_GCC_VERSION >= 5000 + virtual unsigned int execute(function *) { return _EXECUTE(); } +#else -+ unsigned int execute() { return _EXECUTE(); } ++ unsigned int execute(void) { return _EXECUTE(); } +#endif +#endif +}; @@ -136535,7 +136424,7 @@ index 0000000..c5cc187 +} +#endif + -+// clean up user provided defines ++/* clean up user provided defines */ +#undef PASS_NAME +#undef NO_GATE +#undef NO_EXECUTE @@ -136546,7 +136435,7 @@ index 0000000..c5cc187 +#undef TODO_FLAGS_FINISH +#undef TODO_FLAGS_START + -+// clean up generated defines ++/* clean up generated defines */ +#undef _EXECUTE +#undef __EXECUTE +#undef _GATE @@ -136565,7 +136454,186 @@ index 0000000..c5cc187 +#undef _PASS_NAME_PASS_DATA +#undef __PASS_NAME_PASS_DATA + -+#endif // PASS_NAME ++#endif /* PASS_NAME */ +diff --git a/tools/gcc/gcc-generate-simple_ipa-pass.h b/tools/gcc/gcc-generate-simple_ipa-pass.h +new file mode 100644 +index 0000000..159d5ae +--- /dev/null ++++ b/tools/gcc/gcc-generate-simple_ipa-pass.h +@@ -0,0 +1,173 @@ ++/* ++ * Generator for SIMPLE_IPA pass related boilerplate code/data ++ * ++ * Supports gcc 4.5-6 ++ * ++ * Usage: ++ * ++ * 1. before inclusion define PASS_NAME ++ * 2. before inclusion define NO_* for unimplemented callbacks ++ * NO_GATE ++ * NO_EXECUTE ++ * 3. before inclusion define PROPERTIES_* and TODO_FLAGS_* to override ++ * the default 0 values ++ * 4. for convenience, all the above will be undefined after inclusion! ++ * 5. the only exported name is make_PASS_NAME_pass() to register with gcc ++ */ ++ ++#ifndef PASS_NAME ++#error at least PASS_NAME must be defined ++#else ++#define __GCC_PLUGIN_STRINGIFY(n) #n ++#define _GCC_PLUGIN_STRINGIFY(n) __GCC_PLUGIN_STRINGIFY(n) ++#define _GCC_PLUGIN_CONCAT2(x, y) x ## y ++#define _GCC_PLUGIN_CONCAT3(x, y, z) x ## y ## z ++ ++#define __PASS_NAME_PASS_DATA(n) _GCC_PLUGIN_CONCAT2(n, _pass_data) ++#define _PASS_NAME_PASS_DATA __PASS_NAME_PASS_DATA(PASS_NAME) ++ ++#define __PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT2(n, _pass) ++#define _PASS_NAME_PASS __PASS_NAME_PASS(PASS_NAME) ++ ++#define _PASS_NAME_NAME _GCC_PLUGIN_STRINGIFY(PASS_NAME) ++ ++#define __MAKE_PASS_NAME_PASS(n) _GCC_PLUGIN_CONCAT3(make_, n, _pass) ++#define _MAKE_PASS_NAME_PASS __MAKE_PASS_NAME_PASS(PASS_NAME) ++ ++#ifdef NO_GATE ++#define _GATE NULL ++#define _HAS_GATE false ++#else ++#define __GATE(n) _GCC_PLUGIN_CONCAT2(n, _gate) ++#define _GATE __GATE(PASS_NAME) ++#define _HAS_GATE true ++#endif ++ ++#ifdef NO_EXECUTE ++#define _EXECUTE NULL ++#define _HAS_EXECUTE false ++#else ++#define __EXECUTE(n) _GCC_PLUGIN_CONCAT2(n, _execute) ++#define _EXECUTE __EXECUTE(PASS_NAME) ++#define _HAS_EXECUTE true ++#endif ++ ++#ifndef PROPERTIES_REQUIRED ++#define PROPERTIES_REQUIRED 0 ++#endif ++ ++#ifndef PROPERTIES_PROVIDED ++#define PROPERTIES_PROVIDED 0 ++#endif ++ ++#ifndef PROPERTIES_DESTROYED ++#define PROPERTIES_DESTROYED 0 ++#endif ++ ++#ifndef TODO_FLAGS_START ++#define TODO_FLAGS_START 0 ++#endif ++ ++#ifndef TODO_FLAGS_FINISH ++#define TODO_FLAGS_FINISH 0 ++#endif ++ ++#if BUILDING_GCC_VERSION >= 4009 ++namespace { ++static const pass_data _PASS_NAME_PASS_DATA = { ++#else ++static struct simple_ipa_opt_pass _PASS_NAME_PASS = { ++ .pass = { ++#endif ++ .type = SIMPLE_IPA_PASS, ++ .name = _PASS_NAME_NAME, ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif ++#if BUILDING_GCC_VERSION >= 5000 ++#elif BUILDING_GCC_VERSION == 4009 ++ .has_gate = _HAS_GATE, ++ .has_execute = _HAS_EXECUTE, ++#else ++ .gate = _GATE, ++ .execute = _EXECUTE, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++#endif ++ .tv_id = TV_NONE, ++ .properties_required = PROPERTIES_REQUIRED, ++ .properties_provided = PROPERTIES_PROVIDED, ++ .properties_destroyed = PROPERTIES_DESTROYED, ++ .todo_flags_start = TODO_FLAGS_START, ++ .todo_flags_finish = TODO_FLAGS_FINISH, ++#if BUILDING_GCC_VERSION < 4009 ++ } ++#endif ++}; ++ ++#if BUILDING_GCC_VERSION >= 4009 ++class _PASS_NAME_PASS : public simple_ipa_opt_pass { ++public: ++ _PASS_NAME_PASS() : simple_ipa_opt_pass(_PASS_NAME_PASS_DATA, g) {} ++ ++#ifndef NO_GATE ++#if BUILDING_GCC_VERSION >= 5000 ++ virtual bool gate(function *) { return _GATE(); } ++#else ++ bool gate(void) { return _GATE(); } ++#endif ++#endif ++ ++#ifndef NO_EXECUTE ++#if BUILDING_GCC_VERSION >= 5000 ++ virtual unsigned int execute(function *) { return _EXECUTE(); } ++#else ++ unsigned int execute(void) { return _EXECUTE(); } ++#endif ++#endif ++}; ++} ++ ++opt_pass *_MAKE_PASS_NAME_PASS(void) ++{ ++ return new _PASS_NAME_PASS(); ++} ++#else ++struct opt_pass *_MAKE_PASS_NAME_PASS(void) ++{ ++ return &_PASS_NAME_PASS.pass; ++} ++#endif ++ ++/* clean up user provided defines */ ++#undef PASS_NAME ++#undef NO_GATE ++#undef NO_EXECUTE ++ ++#undef PROPERTIES_DESTROYED ++#undef PROPERTIES_PROVIDED ++#undef PROPERTIES_REQUIRED ++#undef TODO_FLAGS_FINISH ++#undef TODO_FLAGS_START ++ ++/* clean up generated defines */ ++#undef _EXECUTE ++#undef __EXECUTE ++#undef _GATE ++#undef __GATE ++#undef _GCC_PLUGIN_CONCAT2 ++#undef _GCC_PLUGIN_CONCAT3 ++#undef _GCC_PLUGIN_STRINGIFY ++#undef __GCC_PLUGIN_STRINGIFY ++#undef _HAS_EXECUTE ++#undef _HAS_GATE ++#undef _MAKE_PASS_NAME_PASS ++#undef __MAKE_PASS_NAME_PASS ++#undef _PASS_NAME_NAME ++#undef _PASS_NAME_PASS ++#undef __PASS_NAME_PASS ++#undef _PASS_NAME_PASS_DATA ++#undef __PASS_NAME_PASS_DATA ++ ++#endif /* PASS_NAME */ diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh new file mode 100644 index 0000000..7514850 @@ -139038,10 +139106,10 @@ index 0000000..f74d85a +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 -index 0000000..e141179 +index 0000000..f4a8606 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data -@@ -0,0 +1,12434 @@ +@@ -0,0 +1,12437 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -142510,7 +142578,8 @@ index 0000000..e141179 +disable_so_rs5c372_get_datetime_fndecl_18451 rs5c372_get_datetime fndecl 0 18451 NULL +disable_so_diolan_set_clock_synch_fndecl_18461 diolan_set_clock_synch fndecl 0 18461 NULL nohasharray +disable_so_tcp_timeout_ip_vs_timeout_user_18461 tcp_timeout ip_vs_timeout_user 0 18461 &disable_so_diolan_set_clock_synch_fndecl_18461 -+disable_so_mac_addr_low_nes_adapter_18465 mac_addr_low nes_adapter 0 18465 NULL ++disable_so_mac_addr_low_nes_adapter_18465 mac_addr_low nes_adapter 0 18465 NULL nohasharray ++enable_so_get_next_ino_fndecl_18465 get_next_ino fndecl 0 18465 &disable_so_mac_addr_low_nes_adapter_18465 +disable_so_sci_interrupt_acpi_table_fadt_18467 sci_interrupt acpi_table_fadt 0 18467 NULL +disable_so_mii_bmsr_bnx2_18468 mii_bmsr bnx2 0 18468 NULL +disable_so_qla4xxx_fw_timestamp_show_fndecl_18474 qla4xxx_fw_timestamp_show fndecl 0 18474 NULL @@ -149744,7 +149813,8 @@ index 0000000..e141179 +disable_so_get_cpufreq_driver_56334 get cpufreq_driver 0-1 56334 NULL +disable_so_cg_spll_spread_spectrum_2_rv770_clock_registers_56343 cg_spll_spread_spectrum_2 rv770_clock_registers 0 56343 NULL +disable_so_dsa_slave_set_mac_address_fndecl_56363 dsa_slave_set_mac_address fndecl 0 56363 NULL nohasharray -+disable_so_log2secsize_adfs_discrecord_56363 log2secsize adfs_discrecord 0 56363 &disable_so_dsa_slave_set_mac_address_fndecl_56363 ++disable_so_log2secsize_adfs_discrecord_56363 log2secsize adfs_discrecord 0 56363 &disable_so_dsa_slave_set_mac_address_fndecl_56363 nohasharray ++enable_so_i_ino_xfs_inode_56363 i_ino xfs_inode 0 56363 &disable_so_log2secsize_adfs_discrecord_56363 +disable_so_offset_bit_entry_56370 offset bit_entry 0 56370 NULL +disable_so_serio_interrupt_fndecl_56371 serio_interrupt fndecl 2 56371 NULL +disable_so_nla_put_s8_fndecl_56378 nla_put_s8 fndecl 0 56378 NULL @@ -151476,6 +151546,7 @@ index 0000000..e141179 +enable_so_deh_offset_reiserfs_de_head_42314 deh_offset reiserfs_de_head 0 42314 NULL +enable_so_dsack_tcp_options_received_27706 dsack tcp_options_received 0 27706 NULL +enable_so_inbufBits_bunzip_data_13788 inbufBits bunzip_data 0 13788 NULL ++enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d @@ -153764,10 +153835,10 @@ index 0000000..fc58e16 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..35efc61 +index 0000000..acc340b --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,21513 @@ +@@ -0,0 +1,21510 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL +enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL @@ -156489,7 +156560,6 @@ index 0000000..35efc61 +enable_so_wNdpOutPayloadRemainder_usb_cdc_ncm_ntb_parameters_8415 wNdpOutPayloadRemainder usb_cdc_ncm_ntb_parameters 0 8415 NULL +enable_so_ring_blocks_vxge_hw_ring_config_8417 ring_blocks vxge_hw_ring_config 0 8417 NULL nohasharray +enable_so_lbs_lowrssi_read_fndecl_8417 lbs_lowrssi_read fndecl 3 8417 &enable_so_ring_blocks_vxge_hw_ring_config_8417 -+enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL +enable_so_rtsx_pci_dma_transfer_fndecl_8439 rtsx_pci_dma_transfer fndecl 0 8439 NULL +enable_so_block_dm_buffer_8440 block dm_buffer 0 8440 NULL +enable_so_offset_l2tp_session_8443 offset l2tp_session 0 8443 NULL @@ -159812,7 +159882,6 @@ index 0000000..35efc61 +enable_so_mp_tx_agg_buf_size_sdio_mmc_card_18449 mp_tx_agg_buf_size sdio_mmc_card 0 18449 &enable_so_data_len_hfa384x_tx_frame_18449 +enable_so_copy_range_nfulnl_instance_18460 copy_range nfulnl_instance 0 18460 NULL nohasharray +enable_so_error_bar_retry_read_fndecl_18460 error_bar_retry_read fndecl 3 18460 &enable_so_copy_range_nfulnl_instance_18460 -+enable_so_get_next_ino_fndecl_18465 get_next_ino fndecl 0 18465 NULL +enable_so_bsize_jfs_sb_info_18477 bsize jfs_sb_info 0 18477 NULL +enable_so_xfs_free_extent_fndecl_18480 xfs_free_extent fndecl 2-3 18480 NULL +enable_so_exynos4_jpeg_get_stream_size_fndecl_18485 exynos4_jpeg_get_stream_size fndecl 0 18485 NULL nohasharray @@ -172297,7 +172366,6 @@ index 0000000..35efc61 +enable_so_mapping_level_fndecl_56350 mapping_level fndecl 0-2 56350 NULL +enable_so_dccp_ackvec_add_new_fndecl_56359 dccp_ackvec_add_new fndecl 2-3 56359 NULL +enable_so_acl_permission_check_fndecl_56360 acl_permission_check fndecl 0 56360 NULL -+enable_so_i_ino_xfs_inode_56363 i_ino xfs_inode 0 56363 NULL +enable_so_interrupt_out_endpointAddress_usb_serial_port_56364 interrupt_out_endpointAddress usb_serial_port 0 56364 NULL +enable_so_ide_set_pio_mode_fndecl_56371 ide_set_pio_mode fndecl 2 56371 NULL +enable_so_len_asd_ha_addrspace_56381 len asd_ha_addrspace 0 56381 NULL diff --git a/4.4.2/4425_grsec_remove_EI_PAX.patch b/4.4.3/4425_grsec_remove_EI_PAX.patch index 2a1aa6c..2a1aa6c 100644 --- a/4.4.2/4425_grsec_remove_EI_PAX.patch +++ b/4.4.3/4425_grsec_remove_EI_PAX.patch diff --git a/4.4.2/4427_force_XATTR_PAX_tmpfs.patch b/4.4.3/4427_force_XATTR_PAX_tmpfs.patch index f6aea64..f6aea64 100644 --- a/4.4.2/4427_force_XATTR_PAX_tmpfs.patch +++ b/4.4.3/4427_force_XATTR_PAX_tmpfs.patch diff --git a/4.4.2/4430_grsec-remove-localversion-grsec.patch b/4.4.3/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/4.4.2/4430_grsec-remove-localversion-grsec.patch +++ b/4.4.3/4430_grsec-remove-localversion-grsec.patch diff --git a/4.4.2/4435_grsec-mute-warnings.patch b/4.4.3/4435_grsec-mute-warnings.patch index b7564e4..b7564e4 100644 --- a/4.4.2/4435_grsec-mute-warnings.patch +++ b/4.4.3/4435_grsec-mute-warnings.patch diff --git a/4.4.2/4440_grsec-remove-protected-paths.patch b/4.4.3/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/4.4.2/4440_grsec-remove-protected-paths.patch +++ b/4.4.3/4440_grsec-remove-protected-paths.patch diff --git a/4.4.2/4450_grsec-kconfig-default-gids.patch b/4.4.3/4450_grsec-kconfig-default-gids.patch index 77f9706..77f9706 100644 --- a/4.4.2/4450_grsec-kconfig-default-gids.patch +++ b/4.4.3/4450_grsec-kconfig-default-gids.patch diff --git a/4.4.2/4465_selinux-avc_audit-log-curr_ip.patch b/4.4.3/4465_selinux-avc_audit-log-curr_ip.patch index f1c4923..f1c4923 100644 --- a/4.4.2/4465_selinux-avc_audit-log-curr_ip.patch +++ b/4.4.3/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/4.4.2/4470_disable-compat_vdso.patch b/4.4.3/4470_disable-compat_vdso.patch index 281aad9..281aad9 100644 --- a/4.4.2/4470_disable-compat_vdso.patch +++ b/4.4.3/4470_disable-compat_vdso.patch diff --git a/4.4.2/4475_emutramp_default_on.patch b/4.4.3/4475_emutramp_default_on.patch index afd6019..afd6019 100644 --- a/4.4.2/4475_emutramp_default_on.patch +++ b/4.4.3/4475_emutramp_default_on.patch |