diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2017-01-01 14:54:26 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2017-01-01 14:54:26 -0500 |
| commit | 1b413d517df92fadb5758bba4463c8bd6f73fb25 (patch) | |
| tree | 03e0d9b20b142ffbdfbdd68bb7dfa101b7167dd0 | |
| parent | grsecurity-3.1-4.8.15-201612151923 (diff) | |
| download | hardened-patchset-1b413d517df92fadb5758bba4463c8bd6f73fb25.tar.gz hardened-patchset-1b413d517df92fadb5758bba4463c8bd6f73fb25.tar.bz2 hardened-patchset-1b413d517df92fadb5758bba4463c8bd6f73fb25.zip | |
grsecurity-3.1-4.8.15-20161230194920161230
| -rw-r--r-- | 4.8.15/0000_README | 18 | ||||
| -rw-r--r-- | 4.8.15/1012_linux-4.8.13.patch | 1063 | ||||
| -rw-r--r-- | 4.8.15/1013_linux-4.8.14.patch | 1725 | ||||
| -rw-r--r-- | 4.8.15/1014_linux-4.8.15.patch | 1042 | ||||
| -rw-r--r-- | 4.8.15/4420_grsecurity-3.1-4.8.15-201612301949.patch (renamed from 4.8.15/4420_grsecurity-3.1-4.8.15-201612151923.patch) | 14 | ||||
| -rw-r--r-- | 4.8.15/4426_default_XATTR_PAX_FLAGS.patch | 36 |
6 files changed, 50 insertions, 3848 deletions
diff --git a/4.8.15/0000_README b/4.8.15/0000_README index cd91d08..97a03a1 100644 --- a/4.8.15/0000_README +++ b/4.8.15/0000_README @@ -2,19 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1012_linux-4.8.13.patch -From: http://www.kernel.org -Desc: Linux 4.8.13 - -Patch: 1013_linux-4.8.14.patch -From: http://www.kernel.org -Desc: Linux 4.8.14 - -Patch: 1014_linux-4.8.15.patch -From: http://www.kernel.org -Desc: Linux 4.8.15 - -Patch: 4420_grsecurity-3.1-4.8.15-201612151923.patch +Patch: 4420_grsecurity-3.1-4.8.15-201612301949.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity @@ -22,6 +10,10 @@ Patch: 4425_grsec_remove_EI_PAX.patch From: Anthony G. Basile <blueness@gentoo.org> Desc: Remove EI_PAX option and force off +Patch: 4426_default_XATTR_PAX_FLAGS.patch +From: Anthony G. Basile <blueness@gentoo.org> +Desc: Defalut PT_PAX_FLAGS off and XATTR_PAX_FLAGS on + Patch: 4427_force_XATTR_PAX_tmpfs.patch From: Anthony G. Basile <blueness@gentoo.org> Desc: Force XATTR_PAX on tmpfs diff --git a/4.8.15/1012_linux-4.8.13.patch b/4.8.15/1012_linux-4.8.13.patch deleted file mode 100644 index c742393..0000000 --- a/4.8.15/1012_linux-4.8.13.patch +++ /dev/null @@ -1,1063 +0,0 @@ -diff --git a/Makefile b/Makefile -index 7b0c92f..b38abe9 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 4 - PATCHLEVEL = 8 --SUBLEVEL = 12 -+SUBLEVEL = 13 - EXTRAVERSION = - NAME = Psychotic Stoned Sheep - -diff --git a/arch/arc/include/asm/delay.h b/arch/arc/include/asm/delay.h -index 08e7e2a..a36e860 100644 ---- a/arch/arc/include/asm/delay.h -+++ b/arch/arc/include/asm/delay.h -@@ -22,10 +22,11 @@ - static inline void __delay(unsigned long loops) - { - __asm__ __volatile__( -- " lp 1f \n" -- " nop \n" -- "1: \n" -- : "+l"(loops)); -+ " mov lp_count, %0 \n" -+ " lp 1f \n" -+ " nop \n" -+ "1: \n" -+ : : "r"(loops)); - } - - extern void __bad_udelay(void); -diff --git a/arch/arc/include/asm/pgtable.h b/arch/arc/include/asm/pgtable.h -index 89eeb37..e94ca72 100644 ---- a/arch/arc/include/asm/pgtable.h -+++ b/arch/arc/include/asm/pgtable.h -@@ -280,7 +280,7 @@ static inline void pmd_set(pmd_t *pmdp, pte_t *ptep) - - #define pte_page(pte) pfn_to_page(pte_pfn(pte)) - #define mk_pte(page, prot) pfn_pte(page_to_pfn(page), prot) --#define pfn_pte(pfn, prot) __pte(((pfn) << PAGE_SHIFT) | pgprot_val(prot)) -+#define pfn_pte(pfn, prot) __pte(__pfn_to_phys(pfn) | pgprot_val(prot)) - - /* Don't use virt_to_pfn for macros below: could cause truncations for PAE40*/ - #define pte_pfn(pte) (pte_val(pte) >> PAGE_SHIFT) -diff --git a/arch/arm64/boot/dts/arm/juno-r1.dts b/arch/arm64/boot/dts/arm/juno-r1.dts -index 123a58b..f0b857d 100644 ---- a/arch/arm64/boot/dts/arm/juno-r1.dts -+++ b/arch/arm64/boot/dts/arm/juno-r1.dts -@@ -76,7 +76,7 @@ - compatible = "arm,idle-state"; - arm,psci-suspend-param = <0x1010000>; - local-timer-stop; -- entry-latency-us = <300>; -+ entry-latency-us = <400>; - exit-latency-us = <1200>; - min-residency-us = <2500>; - }; -diff --git a/arch/arm64/boot/dts/arm/juno-r2.dts b/arch/arm64/boot/dts/arm/juno-r2.dts -index 007be82..26aaa6a 100644 ---- a/arch/arm64/boot/dts/arm/juno-r2.dts -+++ b/arch/arm64/boot/dts/arm/juno-r2.dts -@@ -76,7 +76,7 @@ - compatible = "arm,idle-state"; - arm,psci-suspend-param = <0x1010000>; - local-timer-stop; -- entry-latency-us = <300>; -+ entry-latency-us = <400>; - exit-latency-us = <1200>; - min-residency-us = <2500>; - }; -diff --git a/arch/arm64/boot/dts/arm/juno.dts b/arch/arm64/boot/dts/arm/juno.dts -index a7270ef..6e154d9 100644 ---- a/arch/arm64/boot/dts/arm/juno.dts -+++ b/arch/arm64/boot/dts/arm/juno.dts -@@ -76,7 +76,7 @@ - compatible = "arm,idle-state"; - arm,psci-suspend-param = <0x1010000>; - local-timer-stop; -- entry-latency-us = <300>; -+ entry-latency-us = <400>; - exit-latency-us = <1200>; - min-residency-us = <2500>; - }; -diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h -index 7099f26..b96346b 100644 ---- a/arch/arm64/include/asm/cpufeature.h -+++ b/arch/arm64/include/asm/cpufeature.h -@@ -90,7 +90,7 @@ struct arm64_cpu_capabilities { - u16 capability; - int def_scope; /* default scope */ - bool (*matches)(const struct arm64_cpu_capabilities *caps, int scope); -- void (*enable)(void *); /* Called on all active CPUs */ -+ int (*enable)(void *); /* Called on all active CPUs */ - union { - struct { /* To be used for erratum handling only */ - u32 midr_model; -diff --git a/arch/arm64/include/asm/exec.h b/arch/arm64/include/asm/exec.h -index db0563c..f7865dd 100644 ---- a/arch/arm64/include/asm/exec.h -+++ b/arch/arm64/include/asm/exec.h -@@ -18,6 +18,9 @@ - #ifndef __ASM_EXEC_H - #define __ASM_EXEC_H - -+#include <linux/sched.h> -+ - extern unsigned long arch_align_stack(unsigned long sp); -+void uao_thread_switch(struct task_struct *next); - - #endif /* __ASM_EXEC_H */ -diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h -index ace0a96..3be0ab0 100644 ---- a/arch/arm64/include/asm/processor.h -+++ b/arch/arm64/include/asm/processor.h -@@ -190,8 +190,8 @@ static inline void spin_lock_prefetch(const void *ptr) - - #endif - --void cpu_enable_pan(void *__unused); --void cpu_enable_uao(void *__unused); --void cpu_enable_cache_maint_trap(void *__unused); -+int cpu_enable_pan(void *__unused); -+int cpu_enable_uao(void *__unused); -+int cpu_enable_cache_maint_trap(void *__unused); - - #endif /* __ASM_PROCESSOR_H */ -diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index 62272ea..94a0330 100644 ---- a/arch/arm64/kernel/cpufeature.c -+++ b/arch/arm64/kernel/cpufeature.c -@@ -19,7 +19,9 @@ - #define pr_fmt(fmt) "CPU features: " fmt - - #include <linux/bsearch.h> -+#include <linux/cpumask.h> - #include <linux/sort.h> -+#include <linux/stop_machine.h> - #include <linux/types.h> - #include <asm/cpu.h> - #include <asm/cpufeature.h> -@@ -936,7 +938,13 @@ void __init enable_cpu_capabilities(const struct arm64_cpu_capabilities *caps) - { - for (; caps->matches; caps++) - if (caps->enable && cpus_have_cap(caps->capability)) -- on_each_cpu(caps->enable, NULL, true); -+ /* -+ * Use stop_machine() as it schedules the work allowing -+ * us to modify PSTATE, instead of on_each_cpu() which -+ * uses an IPI, giving us a PSTATE that disappears when -+ * we return. -+ */ -+ stop_machine(caps->enable, NULL, cpu_online_mask); - } - - /* -diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c -index 6cd2612..9cc8667 100644 ---- a/arch/arm64/kernel/process.c -+++ b/arch/arm64/kernel/process.c -@@ -49,6 +49,7 @@ - #include <asm/alternative.h> - #include <asm/compat.h> - #include <asm/cacheflush.h> -+#include <asm/exec.h> - #include <asm/fpsimd.h> - #include <asm/mmu_context.h> - #include <asm/processor.h> -@@ -303,7 +304,7 @@ static void tls_thread_switch(struct task_struct *next) - } - - /* Restore the UAO state depending on next's addr_limit */ --static void uao_thread_switch(struct task_struct *next) -+void uao_thread_switch(struct task_struct *next) - { - if (IS_ENABLED(CONFIG_ARM64_UAO)) { - if (task_thread_info(next)->addr_limit == KERNEL_DS) -diff --git a/arch/arm64/kernel/suspend.c b/arch/arm64/kernel/suspend.c -index b616e365..23ddf55 100644 ---- a/arch/arm64/kernel/suspend.c -+++ b/arch/arm64/kernel/suspend.c -@@ -1,8 +1,11 @@ - #include <linux/ftrace.h> - #include <linux/percpu.h> - #include <linux/slab.h> -+#include <asm/alternative.h> - #include <asm/cacheflush.h> -+#include <asm/cpufeature.h> - #include <asm/debug-monitors.h> -+#include <asm/exec.h> - #include <asm/pgtable.h> - #include <asm/memory.h> - #include <asm/mmu_context.h> -@@ -48,6 +51,14 @@ void notrace __cpu_suspend_exit(void) - set_my_cpu_offset(per_cpu_offset(smp_processor_id())); - - /* -+ * PSTATE was not saved over suspend/resume, re-enable any detected -+ * features that might not have been set correctly. -+ */ -+ asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_HAS_PAN, -+ CONFIG_ARM64_PAN)); -+ uao_thread_switch(current); -+ -+ /* - * Restore HW breakpoint registers to sane values - * before debug exceptions are possibly reenabled - * through local_dbg_restore. -diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c -index 771a01a7f..9595d3d 100644 ---- a/arch/arm64/kernel/traps.c -+++ b/arch/arm64/kernel/traps.c -@@ -428,9 +428,10 @@ asmlinkage void __exception do_undefinstr(struct pt_regs *regs) - force_signal_inject(SIGILL, ILL_ILLOPC, regs, 0); - } - --void cpu_enable_cache_maint_trap(void *__unused) -+int cpu_enable_cache_maint_trap(void *__unused) - { - config_sctlr_el1(SCTLR_EL1_UCI, 0); -+ return 0; - } - - #define __user_cache_maint(insn, address, res) \ -diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c -index 05d2bd7..67506c3 100644 ---- a/arch/arm64/mm/fault.c -+++ b/arch/arm64/mm/fault.c -@@ -29,7 +29,9 @@ - #include <linux/sched.h> - #include <linux/highmem.h> - #include <linux/perf_event.h> -+#include <linux/preempt.h> - -+#include <asm/bug.h> - #include <asm/cpufeature.h> - #include <asm/exception.h> - #include <asm/debug-monitors.h> -@@ -671,9 +673,17 @@ asmlinkage int __exception do_debug_exception(unsigned long addr, - NOKPROBE_SYMBOL(do_debug_exception); - - #ifdef CONFIG_ARM64_PAN --void cpu_enable_pan(void *__unused) -+int cpu_enable_pan(void *__unused) - { -+ /* -+ * We modify PSTATE. This won't work from irq context as the PSTATE -+ * is discarded once we return from the exception. -+ */ -+ WARN_ON_ONCE(in_interrupt()); -+ - config_sctlr_el1(SCTLR_EL1_SPAN, 0); -+ asm(SET_PSTATE_PAN(1)); -+ return 0; - } - #endif /* CONFIG_ARM64_PAN */ - -@@ -684,8 +694,9 @@ void cpu_enable_pan(void *__unused) - * We need to enable the feature at runtime (instead of adding it to - * PSR_MODE_EL1h) as the feature may not be implemented by the cpu. - */ --void cpu_enable_uao(void *__unused) -+int cpu_enable_uao(void *__unused) - { - asm(SET_PSTATE_UAO(1)); -+ return 0; - } - #endif /* CONFIG_ARM64_UAO */ -diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c -index d0efb5c..a4e070a 100644 ---- a/arch/x86/events/core.c -+++ b/arch/x86/events/core.c -@@ -2344,7 +2344,7 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent - frame.next_frame = 0; - frame.return_address = 0; - -- if (!access_ok(VERIFY_READ, fp, 8)) -+ if (!valid_user_frame(fp, sizeof(frame))) - break; - - bytes = __copy_from_user_nmi(&frame.next_frame, fp, 4); -@@ -2354,9 +2354,6 @@ perf_callchain_user32(struct pt_regs *regs, struct perf_callchain_entry_ctx *ent - if (bytes != 0) - break; - -- if (!valid_user_frame(fp, sizeof(frame))) -- break; -- - perf_callchain_store(entry, cs_base + frame.return_address); - fp = compat_ptr(ss_base + frame.next_frame); - } -@@ -2405,7 +2402,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs - frame.next_frame = NULL; - frame.return_address = 0; - -- if (!access_ok(VERIFY_READ, fp, sizeof(*fp) * 2)) -+ if (!valid_user_frame(fp, sizeof(frame))) - break; - - bytes = __copy_from_user_nmi(&frame.next_frame, fp, sizeof(*fp)); -@@ -2415,9 +2412,6 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs - if (bytes != 0) - break; - -- if (!valid_user_frame(fp, sizeof(frame))) -- break; -- - perf_callchain_store(entry, frame.return_address); - fp = (void __user *)frame.next_frame; - } -diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c -index e207b33..1e007a9 100644 ---- a/drivers/ata/libata-scsi.c -+++ b/drivers/ata/libata-scsi.c -@@ -1088,7 +1088,7 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) - desc[1] = tf->command; /* status */ - desc[2] = tf->device; - desc[3] = tf->nsect; -- desc[0] = 0; -+ desc[7] = 0; - if (tf->flags & ATA_TFLAG_LBA48) { - desc[8] |= 0x80; - if (tf->hob_nsect) -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 04365b1..5163c8f 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1403,7 +1403,8 @@ static ssize_t hot_remove_store(struct class *class, - zram = idr_find(&zram_index_idr, dev_id); - if (zram) { - ret = zram_remove(zram); -- idr_remove(&zram_index_idr, dev_id); -+ if (!ret) -+ idr_remove(&zram_index_idr, dev_id); - } else { - ret = -ENODEV; - } -diff --git a/drivers/clk/sunxi/clk-sunxi.c b/drivers/clk/sunxi/clk-sunxi.c -index 838b22a..f2c9274 100644 ---- a/drivers/clk/sunxi/clk-sunxi.c -+++ b/drivers/clk/sunxi/clk-sunxi.c -@@ -373,7 +373,7 @@ static void sun4i_get_apb1_factors(struct factors_request *req) - else - calcp = 3; - -- calcm = (req->parent_rate >> calcp) - 1; -+ calcm = (div >> calcp) - 1; - - req->rate = (req->parent_rate >> calcp) / (calcm + 1); - req->m = calcm; -diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c -index 10b5ddf..1ed085f 100644 ---- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c -+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c -@@ -33,6 +33,7 @@ struct amdgpu_atpx { - - static struct amdgpu_atpx_priv { - bool atpx_detected; -+ bool bridge_pm_usable; - /* handle for device - and atpx */ - acpi_handle dhandle; - acpi_handle other_handle; -@@ -200,7 +201,11 @@ static int amdgpu_atpx_validate(struct amdgpu_atpx *atpx) - atpx->is_hybrid = false; - if (valid_bits & ATPX_MS_HYBRID_GFX_SUPPORTED) { - printk("ATPX Hybrid Graphics\n"); -- atpx->functions.power_cntl = false; -+ /* -+ * Disable legacy PM methods only when pcie port PM is usable, -+ * otherwise the device might fail to power off or power on. -+ */ -+ atpx->functions.power_cntl = !amdgpu_atpx_priv.bridge_pm_usable; - atpx->is_hybrid = true; - } - -@@ -546,17 +551,25 @@ static bool amdgpu_atpx_detect(void) - struct pci_dev *pdev = NULL; - bool has_atpx = false; - int vga_count = 0; -+ bool d3_supported = false; -+ struct pci_dev *parent_pdev; - - while ((pdev = pci_get_class(PCI_CLASS_DISPLAY_VGA << 8, pdev)) != NULL) { - vga_count++; - - has_atpx |= (amdgpu_atpx_pci_probe_handle(pdev) == true); -+ -+ parent_pdev = pci_upstream_bridge(pdev); -+ d3_supported |= parent_pdev && parent_pdev->bridge_d3; - } - - while ((pdev = pci_get_class(PCI_CLASS_DISPLAY_OTHER << 8, pdev)) != NULL) { - vga_count++; - - has_atpx |= (amdgpu_atpx_pci_probe_handle(pdev) == true); -+ -+ parent_pdev = pci_upstream_bridge(pdev); -+ d3_supported |= parent_pdev && parent_pdev->bridge_d3; - } - - if (has_atpx && vga_count == 2) { -@@ -564,6 +577,7 @@ static bool amdgpu_atpx_detect(void) - printk(KERN_INFO "vga_switcheroo: detected switching method %s handle\n", - acpi_method_name); - amdgpu_atpx_priv.atpx_detected = true; -+ amdgpu_atpx_priv.bridge_pm_usable = d3_supported; - amdgpu_atpx_init(); - return true; - } -diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c -index a77ce99..b8e3854 100644 ---- a/drivers/gpu/drm/i915/i915_gem.c -+++ b/drivers/gpu/drm/i915/i915_gem.c -@@ -2540,7 +2540,7 @@ i915_gem_object_get_pages_gtt(struct drm_i915_gem_object *obj) - page = shmem_read_mapping_page(mapping, i); - if (IS_ERR(page)) { - ret = PTR_ERR(page); -- goto err_pages; -+ goto err_sg; - } - } - #ifdef CONFIG_SWIOTLB -@@ -2583,8 +2583,9 @@ i915_gem_object_get_pages_gtt(struct drm_i915_gem_object *obj) - - return 0; - --err_pages: -+err_sg: - sg_mark_end(sg); -+err_pages: - for_each_sgt_page(page, sgt_iter, st) - put_page(page); - sg_free_table(st); -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index e26f889..35d385d 100644 ---- a/drivers/gpu/drm/i915/intel_display.c -+++ b/drivers/gpu/drm/i915/intel_display.c -@@ -11791,7 +11791,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, - intel_crtc->reset_counter = i915_reset_counter(&dev_priv->gpu_error); - if (__i915_reset_in_progress_or_wedged(intel_crtc->reset_counter)) { - ret = -EIO; -- goto cleanup; -+ goto unlock; - } - - atomic_inc(&intel_crtc->unpin_work_count); -@@ -11877,6 +11877,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, - if (!IS_ERR_OR_NULL(request)) - i915_add_request_no_flush(request); - atomic_dec(&intel_crtc->unpin_work_count); -+unlock: - mutex_unlock(&dev->struct_mutex); - cleanup: - crtc->primary->fb = old_fb; -diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c -index 8f62671f..54acfcc 100644 ---- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c -+++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c -@@ -249,13 +249,6 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) - if (irq < 0) - return irq; - -- ret = devm_request_irq(dev, irq, mtk_disp_ovl_irq_handler, -- IRQF_TRIGGER_NONE, dev_name(dev), priv); -- if (ret < 0) { -- dev_err(dev, "Failed to request irq %d: %d\n", irq, ret); -- return ret; -- } -- - comp_id = mtk_ddp_comp_get_id(dev->of_node, MTK_DISP_OVL); - if (comp_id < 0) { - dev_err(dev, "Failed to identify by alias: %d\n", comp_id); -@@ -271,6 +264,13 @@ static int mtk_disp_ovl_probe(struct platform_device *pdev) - - platform_set_drvdata(pdev, priv); - -+ ret = devm_request_irq(dev, irq, mtk_disp_ovl_irq_handler, -+ IRQF_TRIGGER_NONE, dev_name(dev), priv); -+ if (ret < 0) { -+ dev_err(dev, "Failed to request irq %d: %d\n", irq, ret); -+ return ret; -+ } -+ - ret = component_add(dev, &mtk_disp_ovl_component_ops); - if (ret) - dev_err(dev, "Failed to add component: %d\n", ret); -diff --git a/drivers/gpu/drm/radeon/radeon_atpx_handler.c b/drivers/gpu/drm/radeon/radeon_atpx_handler.c -index ddef0d4..34b4ace 100644 ---- a/drivers/gpu/drm/radeon/radeon_atpx_handler.c -+++ b/drivers/gpu/drm/radeon/radeon_atpx_handler.c -@@ -33,6 +33,7 @@ struct radeon_atpx { - - static struct radeon_atpx_priv { - bool atpx_detected; -+ bool bridge_pm_usable; - /* handle for device - and atpx */ - acpi_handle dhandle; - struct radeon_atpx atpx; -@@ -198,7 +199,11 @@ static int radeon_atpx_validate(struct radeon_atpx *atpx) - atpx->is_hybrid = false; - if (valid_bits & ATPX_MS_HYBRID_GFX_SUPPORTED) { - printk("ATPX Hybrid Graphics\n"); -- atpx->functions.power_cntl = false; -+ /* -+ * Disable legacy PM methods only when pcie port PM is usable, -+ * otherwise the device might fail to power off or power on. -+ */ -+ atpx->functions.power_cntl = !radeon_atpx_priv.bridge_pm_usable; - atpx->is_hybrid = true; - } - -@@ -543,11 +548,16 @@ static bool radeon_atpx_detect(void) - struct pci_dev *pdev = NULL; - bool has_atpx = false; - int vga_count = 0; -+ bool d3_supported = false; -+ struct pci_dev *parent_pdev; - - while ((pdev = pci_get_class(PCI_CLASS_DISPLAY_VGA << 8, pdev)) != NULL) { - vga_count++; - - has_atpx |= (radeon_atpx_pci_probe_handle(pdev) == true); -+ -+ parent_pdev = pci_upstream_bridge(pdev); -+ d3_supported |= parent_pdev && parent_pdev->bridge_d3; - } - - /* some newer PX laptops mark the dGPU as a non-VGA display device */ -@@ -555,6 +565,9 @@ static bool radeon_atpx_detect(void) - vga_count++; - - has_atpx |= (radeon_atpx_pci_probe_handle(pdev) == true); -+ -+ parent_pdev = pci_upstream_bridge(pdev); -+ d3_supported |= parent_pdev && parent_pdev->bridge_d3; - } - - if (has_atpx && vga_count == 2) { -@@ -562,6 +575,7 @@ static bool radeon_atpx_detect(void) - printk(KERN_INFO "vga_switcheroo: detected switching method %s handle\n", - acpi_method_name); - radeon_atpx_priv.atpx_detected = true; -+ radeon_atpx_priv.bridge_pm_usable = d3_supported; - radeon_atpx_init(); - return true; - } -diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c -index 5784e20..9f6203c 100644 ---- a/drivers/input/mouse/psmouse-base.c -+++ b/drivers/input/mouse/psmouse-base.c -@@ -1115,10 +1115,6 @@ static int psmouse_extensions(struct psmouse *psmouse, - if (psmouse_try_protocol(psmouse, PSMOUSE_TOUCHKIT_PS2, - &max_proto, set_properties, true)) - return PSMOUSE_TOUCHKIT_PS2; -- -- if (psmouse_try_protocol(psmouse, PSMOUSE_BYD, -- &max_proto, set_properties, true)) -- return PSMOUSE_BYD; - } - - /* -diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c -index a8ff969..cbc7dfa 100644 ---- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c -+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c -@@ -2203,8 +2203,9 @@ mwifiex_cfg80211_assoc(struct mwifiex_private *priv, size_t ssid_len, - is_scanning_required = 1; - } else { - mwifiex_dbg(priv->adapter, MSG, -- "info: trying to associate to '%s' bssid %pM\n", -- (char *)req_ssid.ssid, bss->bssid); -+ "info: trying to associate to '%.*s' bssid %pM\n", -+ req_ssid.ssid_len, (char *)req_ssid.ssid, -+ bss->bssid); - memcpy(&priv->cfg_bssid, bss->bssid, ETH_ALEN); - break; - } -@@ -2264,8 +2265,8 @@ mwifiex_cfg80211_connect(struct wiphy *wiphy, struct net_device *dev, - } - - mwifiex_dbg(adapter, INFO, -- "info: Trying to associate to %s and bssid %pM\n", -- (char *)sme->ssid, sme->bssid); -+ "info: Trying to associate to %.*s and bssid %pM\n", -+ (int)sme->ssid_len, (char *)sme->ssid, sme->bssid); - - if (!mwifiex_stop_bg_scan(priv)) - cfg80211_sched_scan_stopped_rtnl(priv->wdev.wiphy); -@@ -2398,8 +2399,8 @@ mwifiex_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *dev, - } - - mwifiex_dbg(priv->adapter, MSG, -- "info: trying to join to %s and bssid %pM\n", -- (char *)params->ssid, params->bssid); -+ "info: trying to join to %.*s and bssid %pM\n", -+ params->ssid_len, (char *)params->ssid, params->bssid); - - mwifiex_set_ibss_params(priv, params); - -diff --git a/drivers/pci/pcie/aer/aer_inject.c b/drivers/pci/pcie/aer/aer_inject.c -index db553dc..2b6a592 100644 ---- a/drivers/pci/pcie/aer/aer_inject.c -+++ b/drivers/pci/pcie/aer/aer_inject.c -@@ -307,20 +307,6 @@ static int pci_bus_set_aer_ops(struct pci_bus *bus) - return 0; - } - --static struct pci_dev *pcie_find_root_port(struct pci_dev *dev) --{ -- while (1) { -- if (!pci_is_pcie(dev)) -- break; -- if (pci_pcie_type(dev) == PCI_EXP_TYPE_ROOT_PORT) -- return dev; -- if (!dev->bus->self) -- break; -- dev = dev->bus->self; -- } -- return NULL; --} -- - static int find_aer_device_iter(struct device *device, void *data) - { - struct pcie_device **result = data; -diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 93f280d..f6eff4a 100644 ---- a/drivers/pci/probe.c -+++ b/drivers/pci/probe.c -@@ -1439,6 +1439,21 @@ static void program_hpp_type1(struct pci_dev *dev, struct hpp_type1 *hpp) - dev_warn(&dev->dev, "PCI-X settings not supported\n"); - } - -+static bool pcie_root_rcb_set(struct pci_dev *dev) -+{ -+ struct pci_dev *rp = pcie_find_root_port(dev); -+ u16 lnkctl; -+ -+ if (!rp) -+ return false; -+ -+ pcie_capability_read_word(rp, PCI_EXP_LNKCTL, &lnkctl); -+ if (lnkctl & PCI_EXP_LNKCTL_RCB) -+ return true; -+ -+ return false; -+} -+ - static void program_hpp_type2(struct pci_dev *dev, struct hpp_type2 *hpp) - { - int pos; -@@ -1468,9 +1483,20 @@ static void program_hpp_type2(struct pci_dev *dev, struct hpp_type2 *hpp) - ~hpp->pci_exp_devctl_and, hpp->pci_exp_devctl_or); - - /* Initialize Link Control Register */ -- if (pcie_cap_has_lnkctl(dev)) -+ if (pcie_cap_has_lnkctl(dev)) { -+ -+ /* -+ * If the Root Port supports Read Completion Boundary of -+ * 128, set RCB to 128. Otherwise, clear it. -+ */ -+ hpp->pci_exp_lnkctl_and |= PCI_EXP_LNKCTL_RCB; -+ hpp->pci_exp_lnkctl_or &= ~PCI_EXP_LNKCTL_RCB; -+ if (pcie_root_rcb_set(dev)) -+ hpp->pci_exp_lnkctl_or |= PCI_EXP_LNKCTL_RCB; -+ - pcie_capability_clear_and_set_word(dev, PCI_EXP_LNKCTL, - ~hpp->pci_exp_lnkctl_and, hpp->pci_exp_lnkctl_or); -+ } - - /* Find Advanced Error Reporting Enhanced Capability */ - pos = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ERR); -diff --git a/drivers/pwm/sysfs.c b/drivers/pwm/sysfs.c -index 0296d81..a813239 100644 ---- a/drivers/pwm/sysfs.c -+++ b/drivers/pwm/sysfs.c -@@ -425,6 +425,8 @@ void pwmchip_sysfs_unexport_children(struct pwm_chip *chip) - if (test_bit(PWMF_EXPORTED, &pwm->flags)) - pwm_unexport_child(parent, pwm); - } -+ -+ put_device(parent); - } - - static int __init pwm_sysfs_init(void) -diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 030d002..5138a84 100644 ---- a/drivers/scsi/hpsa.c -+++ b/drivers/scsi/hpsa.c -@@ -2007,7 +2007,7 @@ static struct hpsa_scsi_dev_t *lookup_hpsa_scsi_dev(struct ctlr_info *h, - - static int hpsa_slave_alloc(struct scsi_device *sdev) - { -- struct hpsa_scsi_dev_t *sd; -+ struct hpsa_scsi_dev_t *sd = NULL; - unsigned long flags; - struct ctlr_info *h; - -@@ -2024,7 +2024,8 @@ static int hpsa_slave_alloc(struct scsi_device *sdev) - sd->target = sdev_id(sdev); - sd->lun = sdev->lun; - } -- } else -+ } -+ if (!sd) - sd = lookup_hpsa_scsi_dev(h, sdev_channel(sdev), - sdev_id(sdev), sdev->lun); - -@@ -3805,6 +3806,7 @@ static int hpsa_update_device_info(struct ctlr_info *h, - sizeof(this_device->vendor)); - memcpy(this_device->model, &inq_buff[16], - sizeof(this_device->model)); -+ this_device->rev = inq_buff[2]; - memset(this_device->device_id, 0, - sizeof(this_device->device_id)); - hpsa_get_device_id(h, scsi3addr, this_device->device_id, 8, -@@ -3887,10 +3889,14 @@ static void figure_bus_target_lun(struct ctlr_info *h, - - if (!is_logical_dev_addr_mode(lunaddrbytes)) { - /* physical device, target and lun filled in later */ -- if (is_hba_lunid(lunaddrbytes)) -+ if (is_hba_lunid(lunaddrbytes)) { -+ int bus = HPSA_HBA_BUS; -+ -+ if (!device->rev) -+ bus = HPSA_LEGACY_HBA_BUS; - hpsa_set_bus_target_lun(device, -- HPSA_HBA_BUS, 0, lunid & 0x3fff); -- else -+ bus, 0, lunid & 0x3fff); -+ } else - /* defer target, lun assignment for physical devices */ - hpsa_set_bus_target_lun(device, - HPSA_PHYSICAL_DEVICE_BUS, -1, -1); -diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h -index a1487e6..9d45dde 100644 ---- a/drivers/scsi/hpsa.h -+++ b/drivers/scsi/hpsa.h -@@ -69,6 +69,7 @@ struct hpsa_scsi_dev_t { - u64 sas_address; - unsigned char vendor[8]; /* bytes 8-15 of inquiry data */ - unsigned char model[16]; /* bytes 16-31 of inquiry data */ -+ unsigned char rev; /* byte 2 of inquiry data */ - unsigned char raid_level; /* from inquiry page 0xC1 */ - unsigned char volume_offline; /* discovered via TUR or VPD */ - u16 queue_depth; /* max queue_depth for this device */ -@@ -403,6 +404,7 @@ struct offline_device_entry { - #define HPSA_RAID_VOLUME_BUS 1 - #define HPSA_EXTERNAL_RAID_VOLUME_BUS 2 - #define HPSA_HBA_BUS 0 -+#define HPSA_LEGACY_HBA_BUS 3 - - /* - Send the command to the hardware -diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c -index 04ce7cf..50c7167 100644 ---- a/drivers/scsi/libfc/fc_lport.c -+++ b/drivers/scsi/libfc/fc_lport.c -@@ -308,7 +308,7 @@ struct fc_host_statistics *fc_get_host_stats(struct Scsi_Host *shost) - fc_stats = &lport->host_stats; - memset(fc_stats, 0, sizeof(struct fc_host_statistics)); - -- fc_stats->seconds_since_last_reset = (lport->boot_time - jiffies) / HZ; -+ fc_stats->seconds_since_last_reset = (jiffies - lport->boot_time) / HZ; - - for_each_possible_cpu(cpu) { - struct fc_stats *stats; -diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c -index a78415d..78be4ae 100644 ---- a/fs/overlayfs/super.c -+++ b/fs/overlayfs/super.c -@@ -329,11 +329,11 @@ static struct dentry *ovl_d_real(struct dentry *dentry, - if (!real) - goto bug; - -+ /* Handle recursion */ -+ real = d_real(real, inode, open_flags); -+ - if (!inode || inode == d_inode(real)) - return real; -- -- /* Handle recursion */ -- return d_real(real, inode, open_flags); - bug: - WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry, - inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0); -diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h -index 573c5a1..0a0b2d5 100644 ---- a/include/linux/compiler-gcc.h -+++ b/include/linux/compiler-gcc.h -@@ -256,7 +256,9 @@ - #endif - #endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP && !__CHECKER__ */ - --#if GCC_VERSION >= 50000 -+#if GCC_VERSION >= 70000 -+#define KASAN_ABI_VERSION 5 -+#elif GCC_VERSION >= 50000 - #define KASAN_ABI_VERSION 4 - #elif GCC_VERSION >= 40902 - #define KASAN_ABI_VERSION 3 -diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h -index 01e8443..d47cc4a 100644 ---- a/include/linux/pagemap.h -+++ b/include/linux/pagemap.h -@@ -364,16 +364,13 @@ static inline struct page *read_mapping_page(struct address_space *mapping, - } - - /* -- * Get the offset in PAGE_SIZE. -- * (TODO: hugepage should have ->index in PAGE_SIZE) -+ * Get index of the page with in radix-tree -+ * (TODO: remove once hugetlb pages will have ->index in PAGE_SIZE) - */ --static inline pgoff_t page_to_pgoff(struct page *page) -+static inline pgoff_t page_to_index(struct page *page) - { - pgoff_t pgoff; - -- if (unlikely(PageHeadHuge(page))) -- return page->index << compound_order(page); -- - if (likely(!PageTransTail(page))) - return page->index; - -@@ -387,6 +384,18 @@ static inline pgoff_t page_to_pgoff(struct page *page) - } - - /* -+ * Get the offset in PAGE_SIZE. -+ * (TODO: hugepage should have ->index in PAGE_SIZE) -+ */ -+static inline pgoff_t page_to_pgoff(struct page *page) -+{ -+ if (unlikely(PageHeadHuge(page))) -+ return page->index << compound_order(page); -+ -+ return page_to_index(page); -+} -+ -+/* - * Return byte-offset into filesystem object for page. - */ - static inline loff_t page_offset(struct page *page) -diff --git a/include/linux/pci.h b/include/linux/pci.h -index 0ab8359..03f3df0 100644 ---- a/include/linux/pci.h -+++ b/include/linux/pci.h -@@ -1896,6 +1896,20 @@ static inline int pci_pcie_type(const struct pci_dev *dev) - return (pcie_caps_reg(dev) & PCI_EXP_FLAGS_TYPE) >> 4; - } - -+static inline struct pci_dev *pcie_find_root_port(struct pci_dev *dev) -+{ -+ while (1) { -+ if (!pci_is_pcie(dev)) -+ break; -+ if (pci_pcie_type(dev) == PCI_EXP_TYPE_ROOT_PORT) -+ return dev; -+ if (!dev->bus->self) -+ break; -+ dev = dev->bus->self; -+ } -+ return NULL; -+} -+ - void pci_request_acs(void); - bool pci_acs_enabled(struct pci_dev *pdev, u16 acs_flags); - bool pci_acs_path_enabled(struct pci_dev *start, -diff --git a/include/uapi/linux/input-event-codes.h b/include/uapi/linux/input-event-codes.h -index d6d071f..3af60ee 100644 ---- a/include/uapi/linux/input-event-codes.h -+++ b/include/uapi/linux/input-event-codes.h -@@ -640,7 +640,7 @@ - * Control a data application associated with the currently viewed channel, - * e.g. teletext or data broadcast application (MHEG, MHP, HbbTV, etc.) - */ --#define KEY_DATA 0x275 -+#define KEY_DATA 0x277 - - #define BTN_TRIGGER_HAPPY 0x2c0 - #define BTN_TRIGGER_HAPPY1 0x2c0 -diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h -index 0082fce..85c5a88 100644 ---- a/kernel/rcu/tree_plugin.h -+++ b/kernel/rcu/tree_plugin.h -@@ -2173,6 +2173,7 @@ static int rcu_nocb_kthread(void *arg) - cl++; - c++; - local_bh_enable(); -+ cond_resched_rcu_qs(); - list = next; - } - trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1); -diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h -index e5c2181f..03f4545 100644 ---- a/mm/kasan/kasan.h -+++ b/mm/kasan/kasan.h -@@ -53,6 +53,9 @@ struct kasan_global { - #if KASAN_ABI_VERSION >= 4 - struct kasan_source_location *location; - #endif -+#if KASAN_ABI_VERSION >= 5 -+ char *odr_indicator; -+#endif - }; - - /** -diff --git a/mm/khugepaged.c b/mm/khugepaged.c -index 728d779..87e1a7ca 100644 ---- a/mm/khugepaged.c -+++ b/mm/khugepaged.c -@@ -103,6 +103,7 @@ static struct khugepaged_scan khugepaged_scan = { - .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head), - }; - -+#ifdef CONFIG_SYSFS - static ssize_t scan_sleep_millisecs_show(struct kobject *kobj, - struct kobj_attribute *attr, - char *buf) -@@ -295,6 +296,7 @@ struct attribute_group khugepaged_attr_group = { - .attrs = khugepaged_attr, - .name = "khugepaged", - }; -+#endif /* CONFIG_SYSFS */ - - #define VM_NO_KHUGEPAGED (VM_SPECIAL | VM_HUGETLB) - -diff --git a/mm/mlock.c b/mm/mlock.c -index 14645be..9c91acc 100644 ---- a/mm/mlock.c -+++ b/mm/mlock.c -@@ -190,10 +190,13 @@ unsigned int munlock_vma_page(struct page *page) - */ - spin_lock_irq(zone_lru_lock(zone)); - -- nr_pages = hpage_nr_pages(page); -- if (!TestClearPageMlocked(page)) -+ if (!TestClearPageMlocked(page)) { -+ /* Potentially, PTE-mapped THP: do not skip the rest PTEs */ -+ nr_pages = 1; - goto unlock_out; -+ } - -+ nr_pages = hpage_nr_pages(page); - __mod_zone_page_state(zone, NR_MLOCK, -nr_pages); - - if (__munlock_isolate_lru_page(page, true)) { -diff --git a/mm/truncate.c b/mm/truncate.c -index a01cce4..8d8c62d 100644 ---- a/mm/truncate.c -+++ b/mm/truncate.c -@@ -283,7 +283,7 @@ void truncate_inode_pages_range(struct address_space *mapping, - - if (!trylock_page(page)) - continue; -- WARN_ON(page_to_pgoff(page) != index); -+ WARN_ON(page_to_index(page) != index); - if (PageWriteback(page)) { - unlock_page(page); - continue; -@@ -371,7 +371,7 @@ void truncate_inode_pages_range(struct address_space *mapping, - } - - lock_page(page); -- WARN_ON(page_to_pgoff(page) != index); -+ WARN_ON(page_to_index(page) != index); - wait_on_page_writeback(page); - truncate_inode_page(mapping, page); - unlock_page(page); -@@ -492,7 +492,7 @@ unsigned long invalidate_mapping_pages(struct address_space *mapping, - if (!trylock_page(page)) - continue; - -- WARN_ON(page_to_pgoff(page) != index); -+ WARN_ON(page_to_index(page) != index); - - /* Middle of THP: skip */ - if (PageTransTail(page)) { -@@ -612,7 +612,7 @@ int invalidate_inode_pages2_range(struct address_space *mapping, - } - - lock_page(page); -- WARN_ON(page_to_pgoff(page) != index); -+ WARN_ON(page_to_index(page) != index); - if (page->mapping != mapping) { - unlock_page(page); - continue; -diff --git a/mm/workingset.c b/mm/workingset.c -index 617475f..fb1f918 100644 ---- a/mm/workingset.c -+++ b/mm/workingset.c -@@ -348,7 +348,7 @@ static unsigned long count_shadow_nodes(struct shrinker *shrinker, - shadow_nodes = list_lru_shrink_count(&workingset_shadow_nodes, sc); - local_irq_enable(); - -- if (memcg_kmem_enabled()) { -+ if (sc->memcg) { - pages = mem_cgroup_node_nr_lru_pages(sc->memcg, sc->nid, - LRU_ALL_FILE); - } else { -diff --git a/net/batman-adv/tp_meter.c b/net/batman-adv/tp_meter.c -index 2333777..8af1611 100644 ---- a/net/batman-adv/tp_meter.c -+++ b/net/batman-adv/tp_meter.c -@@ -837,6 +837,7 @@ static int batadv_tp_send(void *arg) - primary_if = batadv_primary_if_get_selected(bat_priv); - if (unlikely(!primary_if)) { - err = BATADV_TP_REASON_DST_UNREACHABLE; -+ tp_vars->reason = err; - goto out; - } - -diff --git a/virt/kvm/arm/vgic/vgic-v2.c b/virt/kvm/arm/vgic/vgic-v2.c -index 0bf6709..6fb4314 100644 ---- a/virt/kvm/arm/vgic/vgic-v2.c -+++ b/virt/kvm/arm/vgic/vgic-v2.c -@@ -50,8 +50,10 @@ void vgic_v2_process_maintenance(struct kvm_vcpu *vcpu) - - WARN_ON(cpuif->vgic_lr[lr] & GICH_LR_STATE); - -- kvm_notify_acked_irq(vcpu->kvm, 0, -- intid - VGIC_NR_PRIVATE_IRQS); -+ /* Only SPIs require notification */ -+ if (vgic_valid_spi(vcpu->kvm, intid)) -+ kvm_notify_acked_irq(vcpu->kvm, 0, -+ intid - VGIC_NR_PRIVATE_IRQS); - } - } - -diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c -index 9f0dae3..5c9f974 100644 ---- a/virt/kvm/arm/vgic/vgic-v3.c -+++ b/virt/kvm/arm/vgic/vgic-v3.c -@@ -41,8 +41,10 @@ void vgic_v3_process_maintenance(struct kvm_vcpu *vcpu) - - WARN_ON(cpuif->vgic_lr[lr] & ICH_LR_STATE); - -- kvm_notify_acked_irq(vcpu->kvm, 0, -- intid - VGIC_NR_PRIVATE_IRQS); -+ /* Only SPIs require notification */ -+ if (vgic_valid_spi(vcpu->kvm, intid)) -+ kvm_notify_acked_irq(vcpu->kvm, 0, -+ intid - VGIC_NR_PRIVATE_IRQS); - } - - /* -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 1950782..690d15e 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -2852,10 +2852,10 @@ static int kvm_ioctl_create_device(struct kvm *kvm, - - ret = anon_inode_getfd(ops->name, &kvm_device_fops, dev, O_RDWR | O_CLOEXEC); - if (ret < 0) { -- ops->destroy(dev); - mutex_lock(&kvm->lock); - list_del(&dev->vm_node); - mutex_unlock(&kvm->lock); -+ ops->destroy(dev); - return ret; - } - diff --git a/4.8.15/1013_linux-4.8.14.patch b/4.8.15/1013_linux-4.8.14.patch deleted file mode 100644 index 63d837b..0000000 --- a/4.8.15/1013_linux-4.8.14.patch +++ /dev/null @@ -1,1725 +0,0 @@ -diff --git a/Makefile b/Makefile -index b38abe9..6a74924 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 4 - PATCHLEVEL = 8 --SUBLEVEL = 13 -+SUBLEVEL = 14 - EXTRAVERSION = - NAME = Psychotic Stoned Sheep - -diff --git a/arch/sparc/kernel/signal_32.c b/arch/sparc/kernel/signal_32.c -index c3c12ef..9c0c8fd 100644 ---- a/arch/sparc/kernel/signal_32.c -+++ b/arch/sparc/kernel/signal_32.c -@@ -89,7 +89,7 @@ asmlinkage void do_sigreturn(struct pt_regs *regs) - sf = (struct signal_frame __user *) regs->u_regs[UREG_FP]; - - /* 1. Make sure we are not getting garbage from the user */ -- if (!invalid_frame_pointer(sf, sizeof(*sf))) -+ if (invalid_frame_pointer(sf, sizeof(*sf))) - goto segv_and_exit; - - if (get_user(ufp, &sf->info.si_regs.u_regs[UREG_FP])) -@@ -150,7 +150,7 @@ asmlinkage void do_rt_sigreturn(struct pt_regs *regs) - - synchronize_user_stack(); - sf = (struct rt_signal_frame __user *) regs->u_regs[UREG_FP]; -- if (!invalid_frame_pointer(sf, sizeof(*sf))) -+ if (invalid_frame_pointer(sf, sizeof(*sf))) - goto segv; - - if (get_user(ufp, &sf->regs.u_regs[UREG_FP])) -diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c -index 7ac6b62..05c7708 100644 ---- a/arch/sparc/mm/init_64.c -+++ b/arch/sparc/mm/init_64.c -@@ -802,8 +802,10 @@ struct mdesc_mblock { - }; - static struct mdesc_mblock *mblocks; - static int num_mblocks; -+static int find_numa_node_for_addr(unsigned long pa, -+ struct node_mem_mask *pnode_mask); - --static unsigned long ra_to_pa(unsigned long addr) -+static unsigned long __init ra_to_pa(unsigned long addr) - { - int i; - -@@ -819,8 +821,11 @@ static unsigned long ra_to_pa(unsigned long addr) - return addr; - } - --static int find_node(unsigned long addr) -+static int __init find_node(unsigned long addr) - { -+ static bool search_mdesc = true; -+ static struct node_mem_mask last_mem_mask = { ~0UL, ~0UL }; -+ static int last_index; - int i; - - addr = ra_to_pa(addr); -@@ -830,13 +835,30 @@ static int find_node(unsigned long addr) - if ((addr & p->mask) == p->val) - return i; - } -- /* The following condition has been observed on LDOM guests.*/ -- WARN_ONCE(1, "find_node: A physical address doesn't match a NUMA node" -- " rule. Some physical memory will be owned by node 0."); -- return 0; -+ /* The following condition has been observed on LDOM guests because -+ * node_masks only contains the best latency mask and value. -+ * LDOM guest's mdesc can contain a single latency group to -+ * cover multiple address range. Print warning message only if the -+ * address cannot be found in node_masks nor mdesc. -+ */ -+ if ((search_mdesc) && -+ ((addr & last_mem_mask.mask) != last_mem_mask.val)) { -+ /* find the available node in the mdesc */ -+ last_index = find_numa_node_for_addr(addr, &last_mem_mask); -+ numadbg("find_node: latency group for address 0x%lx is %d\n", -+ addr, last_index); -+ if ((last_index < 0) || (last_index >= num_node_masks)) { -+ /* WARN_ONCE() and use default group 0 */ -+ WARN_ONCE(1, "find_node: A physical address doesn't match a NUMA node rule. Some physical memory will be owned by node 0."); -+ search_mdesc = false; -+ last_index = 0; -+ } -+ } -+ -+ return last_index; - } - --static u64 memblock_nid_range(u64 start, u64 end, int *nid) -+static u64 __init memblock_nid_range(u64 start, u64 end, int *nid) - { - *nid = find_node(start); - start += PAGE_SIZE; -@@ -1160,6 +1182,41 @@ int __node_distance(int from, int to) - return numa_latency[from][to]; - } - -+static int find_numa_node_for_addr(unsigned long pa, -+ struct node_mem_mask *pnode_mask) -+{ -+ struct mdesc_handle *md = mdesc_grab(); -+ u64 node, arc; -+ int i = 0; -+ -+ node = mdesc_node_by_name(md, MDESC_NODE_NULL, "latency-groups"); -+ if (node == MDESC_NODE_NULL) -+ goto out; -+ -+ mdesc_for_each_node_by_name(md, node, "group") { -+ mdesc_for_each_arc(arc, md, node, MDESC_ARC_TYPE_FWD) { -+ u64 target = mdesc_arc_target(md, arc); -+ struct mdesc_mlgroup *m = find_mlgroup(target); -+ -+ if (!m) -+ continue; -+ if ((pa & m->mask) == m->match) { -+ if (pnode_mask) { -+ pnode_mask->mask = m->mask; -+ pnode_mask->val = m->match; -+ } -+ mdesc_release(md); -+ return i; -+ } -+ } -+ i++; -+ } -+ -+out: -+ mdesc_release(md); -+ return -1; -+} -+ - static int __init find_best_numa_node_for_mlgroup(struct mdesc_mlgroup *grp) - { - int i; -diff --git a/block/blk-map.c b/block/blk-map.c -index b8657fa..27fd8d92 100644 ---- a/block/blk-map.c -+++ b/block/blk-map.c -@@ -118,6 +118,9 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, - struct iov_iter i; - int ret; - -+ if (!iter_is_iovec(iter)) -+ goto fail; -+ - if (map_data) - copy = true; - else if (iov_iter_alignment(iter) & align) -@@ -140,6 +143,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, - - unmap_rq: - __blk_rq_unmap_user(bio); -+fail: - rq->bio = NULL; - return -EINVAL; - } -diff --git a/drivers/net/dsa/b53/b53_common.c b/drivers/net/dsa/b53/b53_common.c -index bda37d3..b081929 100644 ---- a/drivers/net/dsa/b53/b53_common.c -+++ b/drivers/net/dsa/b53/b53_common.c -@@ -904,9 +904,10 @@ static void b53_vlan_add(struct dsa_switch *ds, int port, - - vl->members |= BIT(port) | BIT(cpu_port); - if (untagged) -- vl->untag |= BIT(port) | BIT(cpu_port); -+ vl->untag |= BIT(port); - else -- vl->untag &= ~(BIT(port) | BIT(cpu_port)); -+ vl->untag &= ~BIT(port); -+ vl->untag &= ~BIT(cpu_port); - - b53_set_vlan_entry(dev, vid, vl); - b53_fast_age_vlan(dev, vid); -@@ -915,8 +916,6 @@ static void b53_vlan_add(struct dsa_switch *ds, int port, - if (pvid) { - b53_write16(dev, B53_VLAN_PAGE, B53_VLAN_PORT_DEF_TAG(port), - vlan->vid_end); -- b53_write16(dev, B53_VLAN_PAGE, B53_VLAN_PORT_DEF_TAG(cpu_port), -- vlan->vid_end); - b53_fast_age_vlan(dev, vid); - } - } -@@ -926,7 +925,6 @@ static int b53_vlan_del(struct dsa_switch *ds, int port, - { - struct b53_device *dev = ds_to_priv(ds); - bool untagged = vlan->flags & BRIDGE_VLAN_INFO_UNTAGGED; -- unsigned int cpu_port = dev->cpu_port; - struct b53_vlan *vl; - u16 vid; - u16 pvid; -@@ -939,8 +937,6 @@ static int b53_vlan_del(struct dsa_switch *ds, int port, - b53_get_vlan_entry(dev, vid, vl); - - vl->members &= ~BIT(port); -- if ((vl->members & BIT(cpu_port)) == BIT(cpu_port)) -- vl->members = 0; - - if (pvid == vid) { - if (is5325(dev) || is5365(dev)) -@@ -949,18 +945,14 @@ static int b53_vlan_del(struct dsa_switch *ds, int port, - pvid = 0; - } - -- if (untagged) { -+ if (untagged) - vl->untag &= ~(BIT(port)); -- if ((vl->untag & BIT(cpu_port)) == BIT(cpu_port)) -- vl->untag = 0; -- } - - b53_set_vlan_entry(dev, vid, vl); - b53_fast_age_vlan(dev, vid); - } - - b53_write16(dev, B53_VLAN_PAGE, B53_VLAN_PORT_DEF_TAG(port), pvid); -- b53_write16(dev, B53_VLAN_PAGE, B53_VLAN_PORT_DEF_TAG(cpu_port), pvid); - b53_fast_age_vlan(dev, pvid); - - return 0; -diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c -index b2b8387..4036865 100644 ---- a/drivers/net/dsa/bcm_sf2.c -+++ b/drivers/net/dsa/bcm_sf2.c -@@ -1167,6 +1167,7 @@ static void bcm_sf2_sw_adjust_link(struct dsa_switch *ds, int port, - struct phy_device *phydev) - { - struct bcm_sf2_priv *priv = ds_to_priv(ds); -+ struct ethtool_eee *p = &priv->port_sts[port].eee; - u32 id_mode_dis = 0, port_mode; - const char *str = NULL; - u32 reg; -@@ -1241,6 +1242,9 @@ static void bcm_sf2_sw_adjust_link(struct dsa_switch *ds, int port, - reg |= DUPLX_MODE; - - core_writel(priv, reg, CORE_STS_OVERRIDE_GMIIP_PORT(port)); -+ -+ if (!phydev->is_pseudo_fixed_link) -+ p->eee_enabled = bcm_sf2_eee_init(ds, port, phydev); - } - - static void bcm_sf2_sw_fixed_link_update(struct dsa_switch *ds, int port, -diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c -index 5414563..842d8b9 100644 ---- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c -+++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c -@@ -1172,6 +1172,7 @@ static unsigned int __bcmgenet_tx_reclaim(struct net_device *dev, - struct bcmgenet_tx_ring *ring) - { - struct bcmgenet_priv *priv = netdev_priv(dev); -+ struct device *kdev = &priv->pdev->dev; - struct enet_cb *tx_cb_ptr; - struct netdev_queue *txq; - unsigned int pkts_compl = 0; -@@ -1199,13 +1200,13 @@ static unsigned int __bcmgenet_tx_reclaim(struct net_device *dev, - if (tx_cb_ptr->skb) { - pkts_compl++; - bytes_compl += GENET_CB(tx_cb_ptr->skb)->bytes_sent; -- dma_unmap_single(&dev->dev, -+ dma_unmap_single(kdev, - dma_unmap_addr(tx_cb_ptr, dma_addr), - dma_unmap_len(tx_cb_ptr, dma_len), - DMA_TO_DEVICE); - bcmgenet_free_cb(tx_cb_ptr); - } else if (dma_unmap_addr(tx_cb_ptr, dma_addr)) { -- dma_unmap_page(&dev->dev, -+ dma_unmap_page(kdev, - dma_unmap_addr(tx_cb_ptr, dma_addr), - dma_unmap_len(tx_cb_ptr, dma_len), - DMA_TO_DEVICE); -@@ -1775,6 +1776,7 @@ static int bcmgenet_alloc_rx_buffers(struct bcmgenet_priv *priv, - - static void bcmgenet_free_rx_buffers(struct bcmgenet_priv *priv) - { -+ struct device *kdev = &priv->pdev->dev; - struct enet_cb *cb; - int i; - -@@ -1782,7 +1784,7 @@ static void bcmgenet_free_rx_buffers(struct bcmgenet_priv *priv) - cb = &priv->rx_cbs[i]; - - if (dma_unmap_addr(cb, dma_addr)) { -- dma_unmap_single(&priv->dev->dev, -+ dma_unmap_single(kdev, - dma_unmap_addr(cb, dma_addr), - priv->rx_buf_len, DMA_FROM_DEVICE); - dma_unmap_addr_set(cb, dma_addr, 0); -diff --git a/drivers/net/ethernet/cadence/macb.c b/drivers/net/ethernet/cadence/macb.c -index d954a97..ef0dbcf 100644 ---- a/drivers/net/ethernet/cadence/macb.c -+++ b/drivers/net/ethernet/cadence/macb.c -@@ -959,6 +959,7 @@ static inline void macb_init_rx_ring(struct macb *bp) - addr += bp->rx_buffer_size; - } - bp->rx_ring[RX_RING_SIZE - 1].addr |= MACB_BIT(RX_WRAP); -+ bp->rx_tail = 0; - } - - static int macb_rx(struct macb *bp, int budget) -@@ -1597,8 +1598,6 @@ static void macb_init_rings(struct macb *bp) - bp->queues[0].tx_head = 0; - bp->queues[0].tx_tail = 0; - bp->queues[0].tx_ring[TX_RING_SIZE - 1].ctrl |= MACB_BIT(TX_WRAP); -- -- bp->rx_tail = 0; - } - - static void macb_reset_hw(struct macb *bp) -diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c -index 467138b..d747e17 100644 ---- a/drivers/net/ethernet/marvell/sky2.c -+++ b/drivers/net/ethernet/marvell/sky2.c -@@ -5220,6 +5220,19 @@ static SIMPLE_DEV_PM_OPS(sky2_pm_ops, sky2_suspend, sky2_resume); - - static void sky2_shutdown(struct pci_dev *pdev) - { -+ struct sky2_hw *hw = pci_get_drvdata(pdev); -+ int port; -+ -+ for (port = 0; port < hw->ports; port++) { -+ struct net_device *ndev = hw->dev[port]; -+ -+ rtnl_lock(); -+ if (netif_running(ndev)) { -+ dev_close(ndev); -+ netif_device_detach(ndev); -+ } -+ rtnl_unlock(); -+ } - sky2_suspend(&pdev->dev); - pci_wake_from_d3(pdev, device_may_wakeup(&pdev->dev)); - pci_set_power_state(pdev, PCI_D3hot); -diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c -index 054e795..92c9a95 100644 ---- a/drivers/net/ethernet/renesas/sh_eth.c -+++ b/drivers/net/ethernet/renesas/sh_eth.c -@@ -518,7 +518,7 @@ static struct sh_eth_cpu_data r7s72100_data = { - - .ecsr_value = ECSR_ICD, - .ecsipr_value = ECSIPR_ICDIP, -- .eesipr_value = 0xff7f009f, -+ .eesipr_value = 0xe77f009f, - - .tx_check = EESR_TC1 | EESR_FTC, - .eesr_err_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_RABT | -diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c -index 16af1ce..5ad706b 100644 ---- a/drivers/net/geneve.c -+++ b/drivers/net/geneve.c -@@ -844,7 +844,6 @@ static netdev_tx_t geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev, - struct geneve_dev *geneve = netdev_priv(dev); - struct geneve_sock *gs4 = geneve->sock4; - struct rtable *rt = NULL; -- const struct iphdr *iip; /* interior IP header */ - int err = -EINVAL; - struct flowi4 fl4; - __u8 tos, ttl; -@@ -871,8 +870,6 @@ static netdev_tx_t geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev, - sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true); - skb_reset_mac_header(skb); - -- iip = ip_hdr(skb); -- - if (info) { - const struct ip_tunnel_key *key = &info->key; - u8 *opts = NULL; -@@ -892,7 +889,7 @@ static netdev_tx_t geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev, - if (unlikely(err)) - goto tx_error; - -- tos = ip_tunnel_ecn_encap(key->tos, iip, skb); -+ tos = ip_tunnel_ecn_encap(key->tos, ip_hdr(skb), skb); - ttl = key->ttl; - df = key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0; - } else { -@@ -901,7 +898,7 @@ static netdev_tx_t geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev, - if (unlikely(err)) - goto tx_error; - -- tos = ip_tunnel_ecn_encap(fl4.flowi4_tos, iip, skb); -+ tos = ip_tunnel_ecn_encap(fl4.flowi4_tos, ip_hdr(skb), skb); - ttl = geneve->ttl; - if (!ttl && IN_MULTICAST(ntohl(fl4.daddr))) - ttl = 1; -@@ -934,7 +931,6 @@ static netdev_tx_t geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev, - struct geneve_dev *geneve = netdev_priv(dev); - struct geneve_sock *gs6 = geneve->sock6; - struct dst_entry *dst = NULL; -- const struct iphdr *iip; /* interior IP header */ - int err = -EINVAL; - struct flowi6 fl6; - __u8 prio, ttl; -@@ -959,8 +955,6 @@ static netdev_tx_t geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev, - sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true); - skb_reset_mac_header(skb); - -- iip = ip_hdr(skb); -- - if (info) { - const struct ip_tunnel_key *key = &info->key; - u8 *opts = NULL; -@@ -981,7 +975,7 @@ static netdev_tx_t geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev, - if (unlikely(err)) - goto tx_error; - -- prio = ip_tunnel_ecn_encap(key->tos, iip, skb); -+ prio = ip_tunnel_ecn_encap(key->tos, ip_hdr(skb), skb); - ttl = key->ttl; - label = info->key.label; - } else { -@@ -991,7 +985,7 @@ static netdev_tx_t geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev, - goto tx_error; - - prio = ip_tunnel_ecn_encap(ip6_tclass(fl6.flowlabel), -- iip, skb); -+ ip_hdr(skb), skb); - ttl = geneve->ttl; - if (!ttl && ipv6_addr_is_multicast(&fl6.daddr)) - ttl = 1; -diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cdc_ether.c -index c47ec0a..dd623f6 100644 ---- a/drivers/net/usb/cdc_ether.c -+++ b/drivers/net/usb/cdc_ether.c -@@ -388,12 +388,6 @@ void usbnet_cdc_status(struct usbnet *dev, struct urb *urb) - case USB_CDC_NOTIFY_NETWORK_CONNECTION: - netif_dbg(dev, timer, dev->net, "CDC: carrier %s\n", - event->wValue ? "on" : "off"); -- -- /* Work-around for devices with broken off-notifications */ -- if (event->wValue && -- !test_bit(__LINK_STATE_NOCARRIER, &dev->net->state)) -- usbnet_link_change(dev, 0, 0); -- - usbnet_link_change(dev, !!event->wValue, 0); - break; - case USB_CDC_NOTIFY_SPEED_CHANGE: /* tx/rx rates */ -@@ -466,6 +460,36 @@ static int usbnet_cdc_zte_rx_fixup(struct usbnet *dev, struct sk_buff *skb) - return 1; - } - -+/* Ensure correct link state -+ * -+ * Some devices (ZTE MF823/831/910) export two carrier on notifications when -+ * connected. This causes the link state to be incorrect. Work around this by -+ * always setting the state to off, then on. -+ */ -+void usbnet_cdc_zte_status(struct usbnet *dev, struct urb *urb) -+{ -+ struct usb_cdc_notification *event; -+ -+ if (urb->actual_length < sizeof(*event)) -+ return; -+ -+ event = urb->transfer_buffer; -+ -+ if (event->bNotificationType != USB_CDC_NOTIFY_NETWORK_CONNECTION) { -+ usbnet_cdc_status(dev, urb); -+ return; -+ } -+ -+ netif_dbg(dev, timer, dev->net, "CDC: carrier %s\n", -+ event->wValue ? "on" : "off"); -+ -+ if (event->wValue && -+ netif_carrier_ok(dev->net)) -+ netif_carrier_off(dev->net); -+ -+ usbnet_link_change(dev, !!event->wValue, 0); -+} -+ - static const struct driver_info cdc_info = { - .description = "CDC Ethernet Device", - .flags = FLAG_ETHER | FLAG_POINTTOPOINT, -@@ -481,7 +505,7 @@ static const struct driver_info zte_cdc_info = { - .flags = FLAG_ETHER | FLAG_POINTTOPOINT, - .bind = usbnet_cdc_zte_bind, - .unbind = usbnet_cdc_unbind, -- .status = usbnet_cdc_status, -+ .status = usbnet_cdc_zte_status, - .set_rx_mode = usbnet_cdc_update_filter, - .manage_power = usbnet_manage_power, - .rx_fixup = usbnet_cdc_zte_rx_fixup, -diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c -index bf3fd34..d807209 100644 ---- a/drivers/net/virtio_net.c -+++ b/drivers/net/virtio_net.c -@@ -1468,6 +1468,11 @@ static void virtnet_free_queues(struct virtnet_info *vi) - netif_napi_del(&vi->rq[i].napi); - } - -+ /* We called napi_hash_del() before netif_napi_del(), -+ * we need to respect an RCU grace period before freeing vi->rq -+ */ -+ synchronize_net(); -+ - kfree(vi->rq); - kfree(vi->sq); - } -diff --git a/include/linux/uio.h b/include/linux/uio.h -index 75b4aaf..944e7ba 100644 ---- a/include/linux/uio.h -+++ b/include/linux/uio.h -@@ -102,12 +102,12 @@ int iov_iter_npages(const struct iov_iter *i, int maxpages); - - const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags); - --static inline size_t iov_iter_count(struct iov_iter *i) -+static inline size_t iov_iter_count(const struct iov_iter *i) - { - return i->count; - } - --static inline bool iter_is_iovec(struct iov_iter *i) -+static inline bool iter_is_iovec(const struct iov_iter *i) - { - return !(i->type & (ITER_BVEC | ITER_KVEC)); - } -diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h -index d15214d..2a1abbf 100644 ---- a/include/net/gro_cells.h -+++ b/include/net/gro_cells.h -@@ -68,6 +68,9 @@ static inline int gro_cells_init(struct gro_cells *gcells, struct net_device *de - struct gro_cell *cell = per_cpu_ptr(gcells->cells, i); - - __skb_queue_head_init(&cell->napi_skbs); -+ -+ set_bit(NAPI_STATE_NO_BUSY_POLL, &cell->napi.state); -+ - netif_napi_add(dev, &cell->napi, gro_cell_poll, 64); - napi_enable(&cell->napi); - } -diff --git a/net/core/flow.c b/net/core/flow.c -index 3937b1b..18e8893 100644 ---- a/net/core/flow.c -+++ b/net/core/flow.c -@@ -95,7 +95,6 @@ static void flow_cache_gc_task(struct work_struct *work) - list_for_each_entry_safe(fce, n, &gc_list, u.gc_list) { - flow_entry_kill(fce, xfrm); - atomic_dec(&xfrm->flow_cache_gc_count); -- WARN_ON(atomic_read(&xfrm->flow_cache_gc_count) < 0); - } - } - -@@ -236,9 +235,8 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir, - if (fcp->hash_count > fc->high_watermark) - flow_cache_shrink(fc, fcp); - -- if (fcp->hash_count > 2 * fc->high_watermark || -- atomic_read(&net->xfrm.flow_cache_gc_count) > fc->high_watermark) { -- atomic_inc(&net->xfrm.flow_cache_genid); -+ if (atomic_read(&net->xfrm.flow_cache_gc_count) > -+ 2 * num_online_cpus() * fc->high_watermark) { - flo = ERR_PTR(-ENOBUFS); - goto ret_object; - } -diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c -index 2c2eb1b..2e9a1c2 100644 ---- a/net/core/net_namespace.c -+++ b/net/core/net_namespace.c -@@ -217,6 +217,8 @@ int peernet2id_alloc(struct net *net, struct net *peer) - bool alloc; - int id; - -+ if (atomic_read(&net->count) == 0) -+ return NETNSA_NSID_NOT_ASSIGNED; - spin_lock_irqsave(&net->nsid_lock, flags); - alloc = atomic_read(&peer->count) == 0 ? false : true; - id = __peernet2id_alloc(net, peer, &alloc); -diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 189cc78..08c3702 100644 ---- a/net/core/rtnetlink.c -+++ b/net/core/rtnetlink.c -@@ -1578,7 +1578,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) - head = &net->dev_index_head[h]; - hlist_for_each_entry(dev, head, index_hlist) { - if (link_dump_filtered(dev, master_idx, kind_ops)) -- continue; -+ goto cont; - if (idx < s_idx) - goto cont; - err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, -@@ -2791,7 +2791,10 @@ static int nlmsg_populate_fdb_fill(struct sk_buff *skb, - - static inline size_t rtnl_fdb_nlmsg_size(void) - { -- return NLMSG_ALIGN(sizeof(struct ndmsg)) + nla_total_size(ETH_ALEN); -+ return NLMSG_ALIGN(sizeof(struct ndmsg)) + -+ nla_total_size(ETH_ALEN) + /* NDA_LLADDR */ -+ nla_total_size(sizeof(u16)) + /* NDA_VLAN */ -+ 0; - } - - static void rtnl_fdb_notify(struct net_device *dev, u8 *addr, u16 vid, int type, -diff --git a/net/core/sock.c b/net/core/sock.c -index 10acacc..ba27920 100644 ---- a/net/core/sock.c -+++ b/net/core/sock.c -@@ -715,7 +715,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, - val = min_t(u32, val, sysctl_wmem_max); - set_sndbuf: - sk->sk_userlocks |= SOCK_SNDBUF_LOCK; -- sk->sk_sndbuf = max_t(u32, val * 2, SOCK_MIN_SNDBUF); -+ sk->sk_sndbuf = max_t(int, val * 2, SOCK_MIN_SNDBUF); - /* Wake up sending tasks if we upped the value. */ - sk->sk_write_space(sk); - break; -@@ -751,7 +751,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname, - * returning the value we actually used in getsockopt - * is the most desirable behavior. - */ -- sk->sk_rcvbuf = max_t(u32, val * 2, SOCK_MIN_RCVBUF); -+ sk->sk_rcvbuf = max_t(int, val * 2, SOCK_MIN_RCVBUF); - break; - - case SO_RCVBUFFORCE: -diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c -index b567c87..edbe59d 100644 ---- a/net/dccp/ipv4.c -+++ b/net/dccp/ipv4.c -@@ -700,6 +700,7 @@ int dccp_invalid_packet(struct sk_buff *skb) - { - const struct dccp_hdr *dh; - unsigned int cscov; -+ u8 dccph_doff; - - if (skb->pkt_type != PACKET_HOST) - return 1; -@@ -721,18 +722,19 @@ int dccp_invalid_packet(struct sk_buff *skb) - /* - * If P.Data Offset is too small for packet type, drop packet and return - */ -- if (dh->dccph_doff < dccp_hdr_len(skb) / sizeof(u32)) { -- DCCP_WARN("P.Data Offset(%u) too small\n", dh->dccph_doff); -+ dccph_doff = dh->dccph_doff; -+ if (dccph_doff < dccp_hdr_len(skb) / sizeof(u32)) { -+ DCCP_WARN("P.Data Offset(%u) too small\n", dccph_doff); - return 1; - } - /* - * If P.Data Offset is too too large for packet, drop packet and return - */ -- if (!pskb_may_pull(skb, dh->dccph_doff * sizeof(u32))) { -- DCCP_WARN("P.Data Offset(%u) too large\n", dh->dccph_doff); -+ if (!pskb_may_pull(skb, dccph_doff * sizeof(u32))) { -+ DCCP_WARN("P.Data Offset(%u) too large\n", dccph_doff); - return 1; - } -- -+ dh = dccp_hdr(skb); - /* - * If P.type is not Data, Ack, or DataAck and P.X == 0 (the packet - * has short sequence numbers), drop packet and return -diff --git a/net/dsa/dsa2.c b/net/dsa/dsa2.c -index f30bad9..3bdecd2 100644 ---- a/net/dsa/dsa2.c -+++ b/net/dsa/dsa2.c -@@ -28,8 +28,10 @@ static struct dsa_switch_tree *dsa_get_dst(u32 tree) - struct dsa_switch_tree *dst; - - list_for_each_entry(dst, &dsa_switch_trees, list) -- if (dst->tree == tree) -+ if (dst->tree == tree) { -+ kref_get(&dst->refcount); - return dst; -+ } - return NULL; - } - -diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c -index eebbc0f..ed22af6 100644 ---- a/net/ipv4/af_inet.c -+++ b/net/ipv4/af_inet.c -@@ -1237,7 +1237,7 @@ struct sk_buff *inet_gso_segment(struct sk_buff *skb, - fixedid = !!(skb_shinfo(skb)->gso_type & SKB_GSO_TCP_FIXEDID); - - /* fixed ID is invalid if DF bit is not set */ -- if (fixedid && !(iph->frag_off & htons(IP_DF))) -+ if (fixedid && !(ip_hdr(skb)->frag_off & htons(IP_DF))) - goto out; - } - -diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c -index d95631d..20fb25e 100644 ---- a/net/ipv4/esp4.c -+++ b/net/ipv4/esp4.c -@@ -476,7 +476,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb) - esph = (void *)skb_push(skb, 4); - *seqhi = esph->spi; - esph->spi = esph->seq_no; -- esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi); -+ esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi; - aead_request_set_callback(req, 0, esp_input_done_esn, skb); - } - -diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c -index 1b25daf..9301308 100644 ---- a/net/ipv4/fib_frontend.c -+++ b/net/ipv4/fib_frontend.c -@@ -157,7 +157,7 @@ static void fib_replace_table(struct net *net, struct fib_table *old, - - int fib_unmerge(struct net *net) - { -- struct fib_table *old, *new; -+ struct fib_table *old, *new, *main_table; - - /* attempt to fetch local table if it has been allocated */ - old = fib_get_table(net, RT_TABLE_LOCAL); -@@ -168,11 +168,21 @@ int fib_unmerge(struct net *net) - if (!new) - return -ENOMEM; - -+ /* table is already unmerged */ -+ if (new == old) -+ return 0; -+ - /* replace merged table with clean table */ -- if (new != old) { -- fib_replace_table(net, old, new); -- fib_free_table(old); -- } -+ fib_replace_table(net, old, new); -+ fib_free_table(old); -+ -+ /* attempt to fetch main table if it has been allocated */ -+ main_table = fib_get_table(net, RT_TABLE_MAIN); -+ if (!main_table) -+ return 0; -+ -+ /* flush local entries from main table */ -+ fib_table_flush_external(main_table); - - return 0; - } -diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c -index 7ef7031..84fd7272 100644 ---- a/net/ipv4/fib_trie.c -+++ b/net/ipv4/fib_trie.c -@@ -681,6 +681,13 @@ static unsigned char update_suffix(struct key_vector *tn) - { - unsigned char slen = tn->pos; - unsigned long stride, i; -+ unsigned char slen_max; -+ -+ /* only vector 0 can have a suffix length greater than or equal to -+ * tn->pos + tn->bits, the second highest node will have a suffix -+ * length at most of tn->pos + tn->bits - 1 -+ */ -+ slen_max = min_t(unsigned char, tn->pos + tn->bits - 1, tn->slen); - - /* search though the list of children looking for nodes that might - * have a suffix greater than the one we currently have. This is -@@ -698,12 +705,8 @@ static unsigned char update_suffix(struct key_vector *tn) - slen = n->slen; - i &= ~(stride - 1); - -- /* if slen covers all but the last bit we can stop here -- * there will be nothing longer than that since only node -- * 0 and 1 << (bits - 1) could have that as their suffix -- * length. -- */ -- if ((slen + 1) >= (tn->pos + tn->bits)) -+ /* stop searching if we have hit the maximum possible value */ -+ if (slen >= slen_max) - break; - } - -@@ -875,39 +878,27 @@ static struct key_vector *resize(struct trie *t, struct key_vector *tn) - return collapse(t, tn); - - /* update parent in case halve failed */ -- tp = node_parent(tn); -- -- /* Return if at least one deflate was run */ -- if (max_work != MAX_WORK) -- return tp; -- -- /* push the suffix length to the parent node */ -- if (tn->slen > tn->pos) { -- unsigned char slen = update_suffix(tn); -- -- if (slen > tp->slen) -- tp->slen = slen; -- } -- -- return tp; -+ return node_parent(tn); - } - --static void leaf_pull_suffix(struct key_vector *tp, struct key_vector *l) -+static void node_pull_suffix(struct key_vector *tn, unsigned char slen) - { -- while ((tp->slen > tp->pos) && (tp->slen > l->slen)) { -- if (update_suffix(tp) > l->slen) -+ unsigned char node_slen = tn->slen; -+ -+ while ((node_slen > tn->pos) && (node_slen > slen)) { -+ slen = update_suffix(tn); -+ if (node_slen == slen) - break; -- tp = node_parent(tp); -+ -+ tn = node_parent(tn); -+ node_slen = tn->slen; - } - } - --static void leaf_push_suffix(struct key_vector *tn, struct key_vector *l) -+static void node_push_suffix(struct key_vector *tn, unsigned char slen) - { -- /* if this is a new leaf then tn will be NULL and we can sort -- * out parent suffix lengths as a part of trie_rebalance -- */ -- while (tn->slen < l->slen) { -- tn->slen = l->slen; -+ while (tn->slen < slen) { -+ tn->slen = slen; - tn = node_parent(tn); - } - } -@@ -1028,6 +1019,7 @@ static int fib_insert_node(struct trie *t, struct key_vector *tp, - } - - /* Case 3: n is NULL, and will just insert a new leaf */ -+ node_push_suffix(tp, new->fa_slen); - NODE_INIT_PARENT(l, tp); - put_child_root(tp, key, l); - trie_rebalance(t, tp); -@@ -1069,7 +1061,7 @@ static int fib_insert_alias(struct trie *t, struct key_vector *tp, - /* if we added to the tail node then we need to update slen */ - if (l->slen < new->fa_slen) { - l->slen = new->fa_slen; -- leaf_push_suffix(tp, l); -+ node_push_suffix(tp, new->fa_slen); - } - - return 0; -@@ -1470,6 +1462,8 @@ static void fib_remove_alias(struct trie *t, struct key_vector *tp, - * out parent suffix lengths as a part of trie_rebalance - */ - if (hlist_empty(&l->leaf)) { -+ if (tp->slen == l->slen) -+ node_pull_suffix(tp, tp->pos); - put_child_root(tp, l->key, NULL); - node_free(l); - trie_rebalance(t, tp); -@@ -1482,7 +1476,7 @@ static void fib_remove_alias(struct trie *t, struct key_vector *tp, - - /* update the trie with the latest suffix length */ - l->slen = fa->fa_slen; -- leaf_pull_suffix(tp, l); -+ node_pull_suffix(tp, fa->fa_slen); - } - - /* Caller must hold RTNL. */ -@@ -1713,8 +1707,10 @@ struct fib_table *fib_trie_unmerge(struct fib_table *oldtb) - local_l = fib_find_node(lt, &local_tp, l->key); - - if (fib_insert_alias(lt, local_tp, local_l, new_fa, -- NULL, l->key)) -+ NULL, l->key)) { -+ kmem_cache_free(fn_alias_kmem, new_fa); - goto out; -+ } - } - - /* stop loop if key wrapped back to 0 */ -@@ -1751,6 +1747,10 @@ void fib_table_flush_external(struct fib_table *tb) - if (IS_TRIE(pn)) - break; - -+ /* update the suffix to address pulled leaves */ -+ if (pn->slen > pn->pos) -+ update_suffix(pn); -+ - /* resize completed node */ - pn = resize(t, pn); - cindex = get_index(pkey, pn); -@@ -1826,6 +1826,10 @@ int fib_table_flush(struct fib_table *tb) - if (IS_TRIE(pn)) - break; - -+ /* update the suffix to address pulled leaves */ -+ if (pn->slen > pn->pos) -+ update_suffix(pn); -+ - /* resize completed node */ - pn = resize(t, pn); - cindex = get_index(pkey, pn); -diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c -index 307daed..f4790c3 100644 ---- a/net/ipv4/ip_output.c -+++ b/net/ipv4/ip_output.c -@@ -98,6 +98,9 @@ int __ip_local_out(struct net *net, struct sock *sk, struct sk_buff *skb) - - iph->tot_len = htons(skb->len); - ip_send_check(iph); -+ -+ skb->protocol = htons(ETH_P_IP); -+ - return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, - net, sk, skb, NULL, skb_dst(skb)->dev, - dst_output); -diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 66ddcb6..dcdd5ae 100644 ---- a/net/ipv4/ping.c -+++ b/net/ipv4/ping.c -@@ -662,6 +662,10 @@ int ping_common_sendmsg(int family, struct msghdr *msg, size_t len, - if (len > 0xFFFF) - return -EMSGSIZE; - -+ /* Must have at least a full ICMP header. */ -+ if (len < icmph_len) -+ return -EINVAL; -+ - /* - * Check the flags. - */ -diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index c0d71e7..a2d54f5 100644 ---- a/net/ipv4/udp.c -+++ b/net/ipv4/udp.c -@@ -1451,7 +1451,7 @@ static void udp_v4_rehash(struct sock *sk) - udp_lib_rehash(sk, new_hash); - } - --static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) -+int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) - { - int rc; - -diff --git a/net/ipv4/udp_impl.h b/net/ipv4/udp_impl.h -index 7e0fe4b..feb50a1 100644 ---- a/net/ipv4/udp_impl.h -+++ b/net/ipv4/udp_impl.h -@@ -25,7 +25,7 @@ int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, - int flags, int *addr_len); - int udp_sendpage(struct sock *sk, struct page *page, int offset, size_t size, - int flags); --int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); -+int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); - void udp_destroy_sock(struct sock *sk); - - #ifdef CONFIG_PROC_FS -diff --git a/net/ipv4/udplite.c b/net/ipv4/udplite.c -index 2eea073..705d9fb 100644 ---- a/net/ipv4/udplite.c -+++ b/net/ipv4/udplite.c -@@ -50,7 +50,7 @@ struct proto udplite_prot = { - .sendmsg = udp_sendmsg, - .recvmsg = udp_recvmsg, - .sendpage = udp_sendpage, -- .backlog_rcv = udp_queue_rcv_skb, -+ .backlog_rcv = __udp_queue_rcv_skb, - .hash = udp_lib_hash, - .unhash = udp_lib_unhash, - .get_port = udp_v4_get_port, -diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index f5432d6..8f2e36f 100644 ---- a/net/ipv6/addrconf.c -+++ b/net/ipv6/addrconf.c -@@ -163,7 +163,7 @@ static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx, - - static void addrconf_dad_start(struct inet6_ifaddr *ifp); - static void addrconf_dad_work(struct work_struct *w); --static void addrconf_dad_completed(struct inet6_ifaddr *ifp); -+static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id); - static void addrconf_dad_run(struct inet6_dev *idev); - static void addrconf_rs_timer(unsigned long data); - static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa); -@@ -2893,6 +2893,7 @@ static void add_addr(struct inet6_dev *idev, const struct in6_addr *addr, - spin_lock_bh(&ifp->lock); - ifp->flags &= ~IFA_F_TENTATIVE; - spin_unlock_bh(&ifp->lock); -+ rt_genid_bump_ipv6(dev_net(idev->dev)); - ipv6_ifa_notify(RTM_NEWADDR, ifp); - in6_ifa_put(ifp); - } -@@ -3736,7 +3737,7 @@ static void addrconf_dad_begin(struct inet6_ifaddr *ifp) - { - struct inet6_dev *idev = ifp->idev; - struct net_device *dev = idev->dev; -- bool notify = false; -+ bool bump_id, notify = false; - - addrconf_join_solict(dev, &ifp->addr); - -@@ -3751,11 +3752,12 @@ static void addrconf_dad_begin(struct inet6_ifaddr *ifp) - idev->cnf.accept_dad < 1 || - !(ifp->flags&IFA_F_TENTATIVE) || - ifp->flags & IFA_F_NODAD) { -+ bump_id = ifp->flags & IFA_F_TENTATIVE; - ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED); - spin_unlock(&ifp->lock); - read_unlock_bh(&idev->lock); - -- addrconf_dad_completed(ifp); -+ addrconf_dad_completed(ifp, bump_id); - return; - } - -@@ -3815,8 +3817,8 @@ static void addrconf_dad_work(struct work_struct *w) - struct inet6_ifaddr, - dad_work); - struct inet6_dev *idev = ifp->idev; -+ bool bump_id, disable_ipv6 = false; - struct in6_addr mcaddr; -- bool disable_ipv6 = false; - - enum { - DAD_PROCESS, -@@ -3886,11 +3888,12 @@ static void addrconf_dad_work(struct work_struct *w) - * DAD was successful - */ - -+ bump_id = ifp->flags & IFA_F_TENTATIVE; - ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED); - spin_unlock(&ifp->lock); - write_unlock_bh(&idev->lock); - -- addrconf_dad_completed(ifp); -+ addrconf_dad_completed(ifp, bump_id); - - goto out; - } -@@ -3927,7 +3930,7 @@ static bool ipv6_lonely_lladdr(struct inet6_ifaddr *ifp) - return true; - } - --static void addrconf_dad_completed(struct inet6_ifaddr *ifp) -+static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id) - { - struct net_device *dev = ifp->idev->dev; - struct in6_addr lladdr; -@@ -3978,6 +3981,9 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp) - spin_unlock(&ifp->lock); - write_unlock_bh(&ifp->idev->lock); - } -+ -+ if (bump_id) -+ rt_genid_bump_ipv6(dev_net(dev)); - } - - static void addrconf_dad_run(struct inet6_dev *idev) -diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c -index 060a60b..111ba55 100644 ---- a/net/ipv6/esp6.c -+++ b/net/ipv6/esp6.c -@@ -418,7 +418,7 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb) - esph = (void *)skb_push(skb, 4); - *seqhi = esph->spi; - esph->spi = esph->seq_no; -- esph->seq_no = htonl(XFRM_SKB_CB(skb)->seq.input.hi); -+ esph->seq_no = XFRM_SKB_CB(skb)->seq.input.hi; - aead_request_set_callback(req, 0, esp_input_done_esn, skb); - } - -diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c -index a09418b..93294cf 100644 ---- a/net/ipv6/ip6_offload.c -+++ b/net/ipv6/ip6_offload.c -@@ -98,7 +98,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, - segs = ops->callbacks.gso_segment(skb, features); - } - -- if (IS_ERR(segs)) -+ if (IS_ERR_OR_NULL(segs)) - goto out; - - for (skb = segs; skb; skb = skb->next) { -diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index 41489f3..da4e7b3 100644 ---- a/net/ipv6/ip6_tunnel.c -+++ b/net/ipv6/ip6_tunnel.c -@@ -1014,6 +1014,7 @@ int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield, - int mtu; - unsigned int psh_hlen = sizeof(struct ipv6hdr) + t->encap_hlen; - unsigned int max_headroom = psh_hlen; -+ bool use_cache = false; - int err = -1; - - /* NBMA tunnel */ -@@ -1038,7 +1039,15 @@ int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield, - - memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr)); - neigh_release(neigh); -- } else if (!fl6->flowi6_mark) -+ } else if (!(t->parms.flags & -+ (IP6_TNL_F_USE_ORIG_TCLASS | IP6_TNL_F_USE_ORIG_FWMARK))) { -+ /* enable the cache only only if the routing decision does -+ * not depend on the current inner header value -+ */ -+ use_cache = true; -+ } -+ -+ if (use_cache) - dst = dst_cache_get(&t->dst_cache); - - if (!ip6_tnl_xmit_ctl(t, &fl6->saddr, &fl6->daddr)) -@@ -1113,7 +1122,7 @@ int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield, - skb = new_skb; - } - -- if (!fl6->flowi6_mark && ndst) -+ if (use_cache && ndst) - dst_cache_set_ip6(&t->dst_cache, ndst, &fl6->saddr); - skb_dst_set(skb, dst); - -@@ -1134,7 +1143,6 @@ int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield, - if (err) - return err; - -- skb->protocol = htons(ETH_P_IPV6); - skb_push(skb, sizeof(struct ipv6hdr)); - skb_reset_network_header(skb); - ipv6h = ipv6_hdr(skb); -diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c -index 462f2a76b..1d18432 100644 ---- a/net/ipv6/output_core.c -+++ b/net/ipv6/output_core.c -@@ -148,6 +148,8 @@ int __ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb) - ipv6_hdr(skb)->payload_len = htons(len); - IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); - -+ skb->protocol = htons(ETH_P_IPV6); -+ - return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, - net, sk, skb, NULL, skb_dst(skb)->dev, - dst_output); -diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index c2a8656..fa39ab8 100644 ---- a/net/ipv6/udp.c -+++ b/net/ipv6/udp.c -@@ -514,7 +514,7 @@ void __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt, - return; - } - --static int __udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) -+int __udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) - { - int rc; - -diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h -index 0682c03..3c1dbc9 100644 ---- a/net/ipv6/udp_impl.h -+++ b/net/ipv6/udp_impl.h -@@ -26,7 +26,7 @@ int compat_udpv6_getsockopt(struct sock *sk, int level, int optname, - int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len); - int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, - int flags, int *addr_len); --int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); -+int __udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb); - void udpv6_destroy_sock(struct sock *sk); - - void udp_v6_clear_sk(struct sock *sk, int size); -diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c -index fd6ef41..af2895c 100644 ---- a/net/ipv6/udplite.c -+++ b/net/ipv6/udplite.c -@@ -45,7 +45,7 @@ struct proto udplitev6_prot = { - .getsockopt = udpv6_getsockopt, - .sendmsg = udpv6_sendmsg, - .recvmsg = udpv6_recvmsg, -- .backlog_rcv = udpv6_queue_rcv_skb, -+ .backlog_rcv = __udpv6_queue_rcv_skb, - .hash = udp_lib_hash, - .unhash = udp_lib_unhash, - .get_port = udp_v6_get_port, -diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c -index 42de4cc..d0e906d 100644 ---- a/net/l2tp/l2tp_ip.c -+++ b/net/l2tp/l2tp_ip.c -@@ -251,8 +251,6 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) - int ret; - int chk_addr_ret; - -- if (!sock_flag(sk, SOCK_ZAPPED)) -- return -EINVAL; - if (addr_len < sizeof(struct sockaddr_l2tpip)) - return -EINVAL; - if (addr->l2tp_family != AF_INET) -@@ -267,6 +265,9 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) - read_unlock_bh(&l2tp_ip_lock); - - lock_sock(sk); -+ if (!sock_flag(sk, SOCK_ZAPPED)) -+ goto out; -+ - if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_l2tpip)) - goto out; - -diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c -index ea2ae66..b9c6a41 100644 ---- a/net/l2tp/l2tp_ip6.c -+++ b/net/l2tp/l2tp_ip6.c -@@ -269,8 +269,6 @@ static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) - int addr_type; - int err; - -- if (!sock_flag(sk, SOCK_ZAPPED)) -- return -EINVAL; - if (addr->l2tp_family != AF_INET6) - return -EINVAL; - if (addr_len < sizeof(*addr)) -@@ -296,6 +294,9 @@ static int l2tp_ip6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) - lock_sock(sk); - - err = -EINVAL; -+ if (!sock_flag(sk, SOCK_ZAPPED)) -+ goto out_unlock; -+ - if (sk->sk_state != TCP_CLOSE) - goto out_unlock; - -diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 62bea45..246f29d 100644 ---- a/net/netlink/af_netlink.c -+++ b/net/netlink/af_netlink.c -@@ -329,7 +329,6 @@ static void netlink_sock_destruct(struct sock *sk) - if (nlk->cb_running) { - if (nlk->cb.done) - nlk->cb.done(&nlk->cb); -- - module_put(nlk->cb.module); - kfree_skb(nlk->cb.skb); - } -@@ -346,6 +345,14 @@ static void netlink_sock_destruct(struct sock *sk) - WARN_ON(nlk_sk(sk)->groups); - } - -+static void netlink_sock_destruct_work(struct work_struct *work) -+{ -+ struct netlink_sock *nlk = container_of(work, struct netlink_sock, -+ work); -+ -+ sk_free(&nlk->sk); -+} -+ - /* This lock without WQ_FLAG_EXCLUSIVE is good on UP and it is _very_ bad on - * SMP. Look, when several writers sleep and reader wakes them up, all but one - * immediately hit write lock and grab all the cpus. Exclusive sleep solves -@@ -648,8 +655,18 @@ static int netlink_create(struct net *net, struct socket *sock, int protocol, - static void deferred_put_nlk_sk(struct rcu_head *head) - { - struct netlink_sock *nlk = container_of(head, struct netlink_sock, rcu); -+ struct sock *sk = &nlk->sk; -+ -+ if (!atomic_dec_and_test(&sk->sk_refcnt)) -+ return; -+ -+ if (nlk->cb_running && nlk->cb.done) { -+ INIT_WORK(&nlk->work, netlink_sock_destruct_work); -+ schedule_work(&nlk->work); -+ return; -+ } - -- sock_put(&nlk->sk); -+ sk_free(sk); - } - - static int netlink_release(struct socket *sock) -diff --git a/net/netlink/af_netlink.h b/net/netlink/af_netlink.h -index 3cfd6cc..4fdb383 100644 ---- a/net/netlink/af_netlink.h -+++ b/net/netlink/af_netlink.h -@@ -3,6 +3,7 @@ - - #include <linux/rhashtable.h> - #include <linux/atomic.h> -+#include <linux/workqueue.h> - #include <net/sock.h> - - #define NLGRPSZ(x) (ALIGN(x, sizeof(unsigned long) * 8) / 8) -@@ -33,6 +34,7 @@ struct netlink_sock { - - struct rhash_head node; - struct rcu_head rcu; -+ struct work_struct work; - }; - - static inline struct netlink_sock *nlk_sk(struct sock *sk) -diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index d2238b2..dd23323 100644 ---- a/net/packet/af_packet.c -+++ b/net/packet/af_packet.c -@@ -3648,19 +3648,25 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv - - if (optlen != sizeof(val)) - return -EINVAL; -- if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) -- return -EBUSY; - if (copy_from_user(&val, optval, sizeof(val))) - return -EFAULT; - switch (val) { - case TPACKET_V1: - case TPACKET_V2: - case TPACKET_V3: -- po->tp_version = val; -- return 0; -+ break; - default: - return -EINVAL; - } -+ lock_sock(sk); -+ if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) { -+ ret = -EBUSY; -+ } else { -+ po->tp_version = val; -+ ret = 0; -+ } -+ release_sock(sk); -+ return ret; - } - case PACKET_RESERVE: - { -@@ -4164,6 +4170,7 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - /* Added to avoid minimal code churn */ - struct tpacket_req *req = &req_u->req; - -+ lock_sock(sk); - /* Opening a Tx-ring is NOT supported in TPACKET_V3 */ - if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) { - net_warn_ratelimited("Tx-ring is not supported.\n"); -@@ -4245,7 +4252,6 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - goto out; - } - -- lock_sock(sk); - - /* Detach socket from network */ - spin_lock(&po->bind_lock); -@@ -4294,11 +4300,11 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - if (!tx_ring) - prb_shutdown_retire_blk_timer(po, rb_queue); - } -- release_sock(sk); - - if (pg_vec) - free_pg_vec(pg_vec, order, req->tp_block_nr); - out: -+ release_sock(sk); - return err; - } - -diff --git a/net/sched/act_pedit.c b/net/sched/act_pedit.c -index b54d56d..cf9b2fe 100644 ---- a/net/sched/act_pedit.c -+++ b/net/sched/act_pedit.c -@@ -108,6 +108,17 @@ static void tcf_pedit_cleanup(struct tc_action *a, int bind) - kfree(keys); - } - -+static bool offset_valid(struct sk_buff *skb, int offset) -+{ -+ if (offset > 0 && offset > skb->len) -+ return false; -+ -+ if (offset < 0 && -offset > skb_headroom(skb)) -+ return false; -+ -+ return true; -+} -+ - static int tcf_pedit(struct sk_buff *skb, const struct tc_action *a, - struct tcf_result *res) - { -@@ -134,6 +145,11 @@ static int tcf_pedit(struct sk_buff *skb, const struct tc_action *a, - if (tkey->offmask) { - char *d, _d; - -+ if (!offset_valid(skb, off + tkey->at)) { -+ pr_info("tc filter pedit 'at' offset %d out of bounds\n", -+ off + tkey->at); -+ goto bad; -+ } - d = skb_header_pointer(skb, off + tkey->at, 1, - &_d); - if (!d) -@@ -146,10 +162,10 @@ static int tcf_pedit(struct sk_buff *skb, const struct tc_action *a, - " offset must be on 32 bit boundaries\n"); - goto bad; - } -- if (offset > 0 && offset > skb->len) { -- pr_info("tc filter pedit" -- " offset %d can't exceed pkt length %d\n", -- offset, skb->len); -+ -+ if (!offset_valid(skb, off + offset)) { -+ pr_info("tc filter pedit offset %d out of bounds\n", -+ offset); - goto bad; - } - -diff --git a/net/sched/cls_basic.c b/net/sched/cls_basic.c -index 0b8c3ac..1bf1f451 100644 ---- a/net/sched/cls_basic.c -+++ b/net/sched/cls_basic.c -@@ -62,9 +62,6 @@ static unsigned long basic_get(struct tcf_proto *tp, u32 handle) - struct basic_head *head = rtnl_dereference(tp->root); - struct basic_filter *f; - -- if (head == NULL) -- return 0UL; -- - list_for_each_entry(f, &head->flist, link) { - if (f->handle == handle) { - l = (unsigned long) f; -@@ -109,7 +106,6 @@ static bool basic_destroy(struct tcf_proto *tp, bool force) - tcf_unbind_filter(tp, &f->res); - call_rcu(&f->rcu, basic_delete_filter); - } -- RCU_INIT_POINTER(tp->root, NULL); - kfree_rcu(head, rcu); - return true; - } -diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c -index c3002c2..dbec458 100644 ---- a/net/sched/cls_bpf.c -+++ b/net/sched/cls_bpf.c -@@ -200,7 +200,6 @@ static bool cls_bpf_destroy(struct tcf_proto *tp, bool force) - call_rcu(&prog->rcu, __cls_bpf_delete_prog); - } - -- RCU_INIT_POINTER(tp->root, NULL); - kfree_rcu(head, rcu); - return true; - } -@@ -211,9 +210,6 @@ static unsigned long cls_bpf_get(struct tcf_proto *tp, u32 handle) - struct cls_bpf_prog *prog; - unsigned long ret = 0UL; - -- if (head == NULL) -- return 0UL; -- - list_for_each_entry(prog, &head->plist, link) { - if (prog->handle == handle) { - ret = (unsigned long) prog; -diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c -index 4c85bd3..c104c20 100644 ---- a/net/sched/cls_cgroup.c -+++ b/net/sched/cls_cgroup.c -@@ -130,11 +130,10 @@ static bool cls_cgroup_destroy(struct tcf_proto *tp, bool force) - - if (!force) - return false; -- -- if (head) { -- RCU_INIT_POINTER(tp->root, NULL); -+ /* Head can still be NULL due to cls_cgroup_init(). */ -+ if (head) - call_rcu(&head->rcu, cls_cgroup_destroy_rcu); -- } -+ - return true; - } - -diff --git a/net/sched/cls_flow.c b/net/sched/cls_flow.c -index fbfec6a..d7ba2b4 100644 ---- a/net/sched/cls_flow.c -+++ b/net/sched/cls_flow.c -@@ -583,7 +583,6 @@ static bool flow_destroy(struct tcf_proto *tp, bool force) - list_del_rcu(&f->list); - call_rcu(&f->rcu, flow_destroy_filter); - } -- RCU_INIT_POINTER(tp->root, NULL); - kfree_rcu(head, rcu); - return true; - } -diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c -index 5060801..a411571 100644 ---- a/net/sched/cls_flower.c -+++ b/net/sched/cls_flower.c -@@ -13,6 +13,7 @@ - #include <linux/init.h> - #include <linux/module.h> - #include <linux/rhashtable.h> -+#include <linux/workqueue.h> - - #include <linux/if_ether.h> - #include <linux/in6.h> -@@ -55,7 +56,10 @@ struct cls_fl_head { - bool mask_assigned; - struct list_head filters; - struct rhashtable_params ht_params; -- struct rcu_head rcu; -+ union { -+ struct work_struct work; -+ struct rcu_head rcu; -+ }; - }; - - struct cls_fl_filter { -@@ -239,6 +243,24 @@ static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f) - dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc); - } - -+static void fl_destroy_sleepable(struct work_struct *work) -+{ -+ struct cls_fl_head *head = container_of(work, struct cls_fl_head, -+ work); -+ if (head->mask_assigned) -+ rhashtable_destroy(&head->ht); -+ kfree(head); -+ module_put(THIS_MODULE); -+} -+ -+static void fl_destroy_rcu(struct rcu_head *rcu) -+{ -+ struct cls_fl_head *head = container_of(rcu, struct cls_fl_head, rcu); -+ -+ INIT_WORK(&head->work, fl_destroy_sleepable); -+ schedule_work(&head->work); -+} -+ - static bool fl_destroy(struct tcf_proto *tp, bool force) - { - struct cls_fl_head *head = rtnl_dereference(tp->root); -@@ -252,10 +274,9 @@ static bool fl_destroy(struct tcf_proto *tp, bool force) - list_del_rcu(&f->list); - call_rcu(&f->rcu, fl_destroy_filter); - } -- RCU_INIT_POINTER(tp->root, NULL); -- if (head->mask_assigned) -- rhashtable_destroy(&head->ht); -- kfree_rcu(head, rcu); -+ -+ __module_get(THIS_MODULE); -+ call_rcu(&head->rcu, fl_destroy_rcu); - return true; - } - -diff --git a/net/sched/cls_matchall.c b/net/sched/cls_matchall.c -index 25927b6..f935429 100644 ---- a/net/sched/cls_matchall.c -+++ b/net/sched/cls_matchall.c -@@ -114,7 +114,6 @@ static bool mall_destroy(struct tcf_proto *tp, bool force) - - call_rcu(&f->rcu, mall_destroy_filter); - } -- RCU_INIT_POINTER(tp->root, NULL); - kfree_rcu(head, rcu); - return true; - } -diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h -index f9c9fc0..9992dfa 100644 ---- a/net/sched/cls_rsvp.h -+++ b/net/sched/cls_rsvp.h -@@ -152,7 +152,8 @@ static int rsvp_classify(struct sk_buff *skb, const struct tcf_proto *tp, - return -1; - nhptr = ip_hdr(skb); - #endif -- -+ if (unlikely(!head)) -+ return -1; - restart: - - #if RSVP_DST_LEN == 4 -diff --git a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c -index 944c8ff..403746b 100644 ---- a/net/sched/cls_tcindex.c -+++ b/net/sched/cls_tcindex.c -@@ -503,7 +503,6 @@ static bool tcindex_destroy(struct tcf_proto *tp, bool force) - walker.fn = tcindex_destroy_element; - tcindex_walk(tp, &walker); - -- RCU_INIT_POINTER(tp->root, NULL); - call_rcu(&p->rcu, __tcindex_destroy); - return true; - } -diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c -index 65b1bbf..6167699 100644 ---- a/net/tipc/bearer.c -+++ b/net/tipc/bearer.c -@@ -402,6 +402,10 @@ int tipc_enable_l2_media(struct net *net, struct tipc_bearer *b, - dev = dev_get_by_name(net, driver_name); - if (!dev) - return -ENODEV; -+ if (tipc_mtu_bad(dev, 0)) { -+ dev_put(dev); -+ return -EINVAL; -+ } - - /* Associate TIPC bearer with L2 bearer */ - rcu_assign_pointer(b->media_ptr, dev); -@@ -606,8 +610,6 @@ static int tipc_l2_device_event(struct notifier_block *nb, unsigned long evt, - if (!b) - return NOTIFY_DONE; - -- b->mtu = dev->mtu; -- - switch (evt) { - case NETDEV_CHANGE: - if (netif_carrier_ok(dev)) -@@ -621,6 +623,11 @@ static int tipc_l2_device_event(struct notifier_block *nb, unsigned long evt, - tipc_reset_bearer(net, b); - break; - case NETDEV_CHANGEMTU: -+ if (tipc_mtu_bad(dev, 0)) { -+ bearer_disable(net, b); -+ break; -+ } -+ b->mtu = dev->mtu; - tipc_reset_bearer(net, b); - break; - case NETDEV_CHANGEADDR: -diff --git a/net/tipc/bearer.h b/net/tipc/bearer.h -index 43757f1..d93f1f1 100644 ---- a/net/tipc/bearer.h -+++ b/net/tipc/bearer.h -@@ -39,6 +39,7 @@ - - #include "netlink.h" - #include "core.h" -+#include "msg.h" - #include <net/genetlink.h> - - #define MAX_MEDIA 3 -@@ -59,6 +60,9 @@ - #define TIPC_MEDIA_TYPE_IB 2 - #define TIPC_MEDIA_TYPE_UDP 3 - -+/* minimum bearer MTU */ -+#define TIPC_MIN_BEARER_MTU (MAX_H_SIZE + INT_H_SIZE) -+ - /** - * struct tipc_media_addr - destination address used by TIPC bearers - * @value: address info (format defined by media) -@@ -213,4 +217,13 @@ void tipc_bearer_xmit(struct net *net, u32 bearer_id, - void tipc_bearer_bc_xmit(struct net *net, u32 bearer_id, - struct sk_buff_head *xmitq); - -+/* check if device MTU is too low for tipc headers */ -+static inline bool tipc_mtu_bad(struct net_device *dev, unsigned int reserve) -+{ -+ if (dev->mtu >= TIPC_MIN_BEARER_MTU + reserve) -+ return false; -+ netdev_warn(dev, "MTU too low for tipc bearer\n"); -+ return true; -+} -+ - #endif /* _TIPC_BEARER_H */ -diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c -index ae7e14c..f60f346 100644 ---- a/net/tipc/udp_media.c -+++ b/net/tipc/udp_media.c -@@ -372,6 +372,11 @@ static int tipc_udp_enable(struct net *net, struct tipc_bearer *b, - udp_conf.local_ip.s_addr = htonl(INADDR_ANY); - udp_conf.use_udp_checksums = false; - ub->ifindex = dev->ifindex; -+ if (tipc_mtu_bad(dev, sizeof(struct iphdr) + -+ sizeof(struct udphdr))) { -+ err = -EINVAL; -+ goto err; -+ } - b->mtu = dev->mtu - sizeof(struct iphdr) - - sizeof(struct udphdr); - #if IS_ENABLED(CONFIG_IPV6) -diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 8309687..568f307 100644 ---- a/net/unix/af_unix.c -+++ b/net/unix/af_unix.c -@@ -2199,7 +2199,8 @@ static int unix_dgram_recvmsg(struct socket *sock, struct msghdr *msg, - * Sleep until more data has arrived. But check for races.. - */ - static long unix_stream_data_wait(struct sock *sk, long timeo, -- struct sk_buff *last, unsigned int last_len) -+ struct sk_buff *last, unsigned int last_len, -+ bool freezable) - { - struct sk_buff *tail; - DEFINE_WAIT(wait); -@@ -2220,7 +2221,10 @@ static long unix_stream_data_wait(struct sock *sk, long timeo, - - sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); - unix_state_unlock(sk); -- timeo = freezable_schedule_timeout(timeo); -+ if (freezable) -+ timeo = freezable_schedule_timeout(timeo); -+ else -+ timeo = schedule_timeout(timeo); - unix_state_lock(sk); - - if (sock_flag(sk, SOCK_DEAD)) -@@ -2250,7 +2254,8 @@ struct unix_stream_read_state { - unsigned int splice_flags; - }; - --static int unix_stream_read_generic(struct unix_stream_read_state *state) -+static int unix_stream_read_generic(struct unix_stream_read_state *state, -+ bool freezable) - { - struct scm_cookie scm; - struct socket *sock = state->socket; -@@ -2330,7 +2335,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) - mutex_unlock(&u->iolock); - - timeo = unix_stream_data_wait(sk, timeo, last, -- last_len); -+ last_len, freezable); - - if (signal_pending(current)) { - err = sock_intr_errno(timeo); -@@ -2472,7 +2477,7 @@ static int unix_stream_recvmsg(struct socket *sock, struct msghdr *msg, - .flags = flags - }; - -- return unix_stream_read_generic(&state); -+ return unix_stream_read_generic(&state, true); - } - - static ssize_t skb_unix_socket_splice(struct sock *sk, -@@ -2518,7 +2523,7 @@ static ssize_t unix_stream_splice_read(struct socket *sock, loff_t *ppos, - flags & SPLICE_F_NONBLOCK) - state.flags = MSG_DONTWAIT; - -- return unix_stream_read_generic(&state); -+ return unix_stream_read_generic(&state, false); - } - - static int unix_shutdown(struct socket *sock, int mode) diff --git a/4.8.15/1014_linux-4.8.15.patch b/4.8.15/1014_linux-4.8.15.patch deleted file mode 100644 index 9b7b2f4..0000000 --- a/4.8.15/1014_linux-4.8.15.patch +++ /dev/null @@ -1,1042 +0,0 @@ -diff --git a/Makefile b/Makefile -index 6a74924..c7f0e79 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 4 - PATCHLEVEL = 8 --SUBLEVEL = 14 -+SUBLEVEL = 15 - EXTRAVERSION = - NAME = Psychotic Stoned Sheep - -diff --git a/arch/arm/boot/dts/imx7s.dtsi b/arch/arm/boot/dts/imx7s.dtsi -index 1e90bdb..fb307de 100644 ---- a/arch/arm/boot/dts/imx7s.dtsi -+++ b/arch/arm/boot/dts/imx7s.dtsi -@@ -640,9 +640,8 @@ - reg = <0x30730000 0x10000>; - interrupts = <GIC_SPI 5 IRQ_TYPE_LEVEL_HIGH>; - clocks = <&clks IMX7D_LCDIF_PIXEL_ROOT_CLK>, -- <&clks IMX7D_CLK_DUMMY>, -- <&clks IMX7D_CLK_DUMMY>; -- clock-names = "pix", "axi", "disp_axi"; -+ <&clks IMX7D_LCDIF_PIXEL_ROOT_CLK>; -+ clock-names = "pix", "axi"; - status = "disabled"; - }; - }; -diff --git a/arch/arm/boot/dts/orion5x-linkstation-lsgl.dts b/arch/arm/boot/dts/orion5x-linkstation-lsgl.dts -index 1cf644b..51dc734 100644 ---- a/arch/arm/boot/dts/orion5x-linkstation-lsgl.dts -+++ b/arch/arm/boot/dts/orion5x-linkstation-lsgl.dts -@@ -82,6 +82,10 @@ - gpios = <&gpio0 9 GPIO_ACTIVE_HIGH>; - }; - -+&sata { -+ nr-ports = <2>; -+}; -+ - &ehci1 { - status = "okay"; - }; -diff --git a/arch/m68k/include/asm/delay.h b/arch/m68k/include/asm/delay.h -index d28fa8f..c598d84 100644 ---- a/arch/m68k/include/asm/delay.h -+++ b/arch/m68k/include/asm/delay.h -@@ -114,6 +114,6 @@ static inline void __udelay(unsigned long usecs) - */ - #define HZSCALE (268435456 / (1000000 / HZ)) - --#define ndelay(n) __delay(DIV_ROUND_UP((n) * ((((HZSCALE) >> 11) * (loops_per_jiffy >> 11)) >> 6), 1000)); -+#define ndelay(n) __delay(DIV_ROUND_UP((n) * ((((HZSCALE) >> 11) * (loops_per_jiffy >> 11)) >> 6), 1000)) - - #endif /* defined(_M68K_DELAY_H) */ -diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h -index c2c43f7..3a4ed9f 100644 ---- a/arch/parisc/include/asm/pgtable.h -+++ b/arch/parisc/include/asm/pgtable.h -@@ -65,9 +65,9 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) - unsigned long flags; \ - spin_lock_irqsave(&pa_tlb_lock, flags); \ - old_pte = *ptep; \ -- set_pte(ptep, pteval); \ - if (pte_inserted(old_pte)) \ - purge_tlb_entries(mm, addr); \ -+ set_pte(ptep, pteval); \ - spin_unlock_irqrestore(&pa_tlb_lock, flags); \ - } while (0) - -@@ -478,8 +478,8 @@ static inline int ptep_test_and_clear_young(struct vm_area_struct *vma, unsigned - spin_unlock_irqrestore(&pa_tlb_lock, flags); - return 0; - } -- set_pte(ptep, pte_mkold(pte)); - purge_tlb_entries(vma->vm_mm, addr); -+ set_pte(ptep, pte_mkold(pte)); - spin_unlock_irqrestore(&pa_tlb_lock, flags); - return 1; - } -@@ -492,9 +492,9 @@ static inline pte_t ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, - - spin_lock_irqsave(&pa_tlb_lock, flags); - old_pte = *ptep; -- set_pte(ptep, __pte(0)); - if (pte_inserted(old_pte)) - purge_tlb_entries(mm, addr); -+ set_pte(ptep, __pte(0)); - spin_unlock_irqrestore(&pa_tlb_lock, flags); - - return old_pte; -@@ -504,8 +504,8 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, - { - unsigned long flags; - spin_lock_irqsave(&pa_tlb_lock, flags); -- set_pte(ptep, pte_wrprotect(*ptep)); - purge_tlb_entries(mm, addr); -+ set_pte(ptep, pte_wrprotect(*ptep)); - spin_unlock_irqrestore(&pa_tlb_lock, flags); - } - -diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c -index c2259d4..bbb314eb 100644 ---- a/arch/parisc/kernel/cache.c -+++ b/arch/parisc/kernel/cache.c -@@ -393,6 +393,15 @@ void __init parisc_setup_cache_timing(void) - - /* calculate TLB flush threshold */ - -+ /* On SMP machines, skip the TLB measure of kernel text which -+ * has been mapped as huge pages. */ -+ if (num_online_cpus() > 1 && !parisc_requires_coherency()) { -+ threshold = max(cache_info.it_size, cache_info.dt_size); -+ threshold *= PAGE_SIZE; -+ threshold /= num_online_cpus(); -+ goto set_tlb_threshold; -+ } -+ - alltime = mfctl(16); - flush_tlb_all(); - alltime = mfctl(16) - alltime; -@@ -411,6 +420,8 @@ void __init parisc_setup_cache_timing(void) - alltime, size, rangetime); - - threshold = PAGE_ALIGN(num_online_cpus() * size * alltime / rangetime); -+ -+set_tlb_threshold: - if (threshold) - parisc_tlb_flush_threshold = threshold; - printk(KERN_INFO "TLB flush threshold set to %lu KiB\n", -diff --git a/arch/parisc/kernel/pacache.S b/arch/parisc/kernel/pacache.S -index 6755219..a4761b7 100644 ---- a/arch/parisc/kernel/pacache.S -+++ b/arch/parisc/kernel/pacache.S -@@ -886,19 +886,10 @@ ENTRY(flush_dcache_page_asm) - fdc,m r31(%r28) - fdc,m r31(%r28) - fdc,m r31(%r28) -- cmpb,COND(<<) %r28, %r25,1b -+ cmpb,COND(<<) %r28, %r25,1b - fdc,m r31(%r28) - - sync -- --#ifdef CONFIG_PA20 -- pdtlb,l %r0(%r25) --#else -- tlb_lock %r20,%r21,%r22 -- pdtlb %r0(%r25) -- tlb_unlock %r20,%r21,%r22 --#endif -- - bv %r0(%r2) - nop - .exit -@@ -973,17 +964,6 @@ ENTRY(flush_icache_page_asm) - fic,m %r31(%sr4,%r28) - - sync -- --#ifdef CONFIG_PA20 -- pdtlb,l %r0(%r28) -- pitlb,l %r0(%sr4,%r25) --#else -- tlb_lock %r20,%r21,%r22 -- pdtlb %r0(%r28) -- pitlb %r0(%sr4,%r25) -- tlb_unlock %r20,%r21,%r22 --#endif -- - bv %r0(%r2) - nop - .exit -diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile -index 1a2a6e8..1894beb 100644 ---- a/arch/powerpc/boot/Makefile -+++ b/arch/powerpc/boot/Makefile -@@ -78,7 +78,8 @@ src-wlib-y := string.S crt0.S crtsavres.S stdio.c main.c \ - ns16550.c serial.c simple_alloc.c div64.S util.S \ - gunzip_util.c elf_util.c $(zlib) devtree.c stdlib.c \ - oflib.c ofconsole.c cuboot.c mpsc.c cpm-serial.c \ -- uartlite.c mpc52xx-psc.c opal.c opal-calls.S -+ uartlite.c mpc52xx-psc.c opal.c -+src-wlib-$(CONFIG_PPC64_BOOT_WRAPPER) += opal-calls.S - src-wlib-$(CONFIG_40x) += 4xx.c planetcore.c - src-wlib-$(CONFIG_44x) += 4xx.c ebony.c bamboo.c - src-wlib-$(CONFIG_8xx) += mpc8xx.c planetcore.c fsl-soc.c -diff --git a/arch/powerpc/boot/opal.c b/arch/powerpc/boot/opal.c -index d7b4fd4..0272570 100644 ---- a/arch/powerpc/boot/opal.c -+++ b/arch/powerpc/boot/opal.c -@@ -13,7 +13,7 @@ - #include <libfdt.h> - #include "../include/asm/opal-api.h" - --#ifdef __powerpc64__ -+#ifdef CONFIG_PPC64_BOOT_WRAPPER - - /* Global OPAL struct used by opal-call.S */ - struct opal { -diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c -index 29aa8d1..248f28b 100644 ---- a/arch/powerpc/kernel/eeh_driver.c -+++ b/arch/powerpc/kernel/eeh_driver.c -@@ -671,8 +671,10 @@ static int eeh_reset_device(struct eeh_pe *pe, struct pci_bus *bus, - - /* Clear frozen state */ - rc = eeh_clear_pe_frozen_state(pe, false); -- if (rc) -+ if (rc) { -+ pci_unlock_rescan_remove(); - return rc; -+ } - - /* Give the system 5 seconds to finish running the user-space - * hotplug shutdown scripts, e.g. ifdown for ethernet. Yes, -diff --git a/arch/powerpc/mm/hash64_4k.c b/arch/powerpc/mm/hash64_4k.c -index 42c702b..6fa450c 100644 ---- a/arch/powerpc/mm/hash64_4k.c -+++ b/arch/powerpc/mm/hash64_4k.c -@@ -55,7 +55,7 @@ int __hash_page_4K(unsigned long ea, unsigned long access, unsigned long vsid, - */ - rflags = htab_convert_pte_flags(new_pte); - -- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) && -+ if (cpu_has_feature(CPU_FTR_NOEXECUTE) && - !cpu_has_feature(CPU_FTR_COHERENT_ICACHE)) - rflags = hash_page_do_lazy_icache(rflags, __pte(old_pte), trap); - -diff --git a/arch/powerpc/mm/hash64_64k.c b/arch/powerpc/mm/hash64_64k.c -index 3bbbea0..1a68cb1 100644 ---- a/arch/powerpc/mm/hash64_64k.c -+++ b/arch/powerpc/mm/hash64_64k.c -@@ -87,7 +87,7 @@ int __hash_page_4K(unsigned long ea, unsigned long access, unsigned long vsid, - subpg_pte = new_pte & ~subpg_prot; - rflags = htab_convert_pte_flags(subpg_pte); - -- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) && -+ if (cpu_has_feature(CPU_FTR_NOEXECUTE) && - !cpu_has_feature(CPU_FTR_COHERENT_ICACHE)) { - - /* -@@ -258,7 +258,7 @@ int __hash_page_64K(unsigned long ea, unsigned long access, - - rflags = htab_convert_pte_flags(new_pte); - -- if (!cpu_has_feature(CPU_FTR_NOEXECUTE) && -+ if (cpu_has_feature(CPU_FTR_NOEXECUTE) && - !cpu_has_feature(CPU_FTR_COHERENT_ICACHE)) - rflags = hash_page_do_lazy_icache(rflags, __pte(old_pte), trap); - -diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c -index a4e070a..8c925ec 100644 ---- a/arch/x86/events/core.c -+++ b/arch/x86/events/core.c -@@ -68,7 +68,7 @@ u64 x86_perf_event_update(struct perf_event *event) - int shift = 64 - x86_pmu.cntval_bits; - u64 prev_raw_count, new_raw_count; - int idx = hwc->idx; -- s64 delta; -+ u64 delta; - - if (idx == INTEL_PMC_IDX_FIXED_BTS) - return 0; -diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c -index 4c9a79b..3ef34c6 100644 ---- a/arch/x86/events/intel/core.c -+++ b/arch/x86/events/intel/core.c -@@ -4024,7 +4024,7 @@ __init int intel_pmu_init(void) - - /* Support full width counters using alternative MSR range */ - if (x86_pmu.intel_cap.full_width_write) { -- x86_pmu.max_period = x86_pmu.cntval_mask; -+ x86_pmu.max_period = x86_pmu.cntval_mask >> 1; - x86_pmu.perfctr = MSR_IA32_PMC0; - pr_cont("full-width counters, "); - } -diff --git a/crypto/Makefile b/crypto/Makefile -index 99cc64ac..bd6a029 100644 ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -40,6 +40,7 @@ obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o - - $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h - $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h -+$(obj)/rsa_helper.o: $(obj)/rsapubkey-asn1.h $(obj)/rsaprivkey-asn1.h - clean-files += rsapubkey-asn1.c rsapubkey-asn1.h - clean-files += rsaprivkey-asn1.c rsaprivkey-asn1.h - -diff --git a/crypto/mcryptd.c b/crypto/mcryptd.c -index 86fb59b..c6e9920 100644 ---- a/crypto/mcryptd.c -+++ b/crypto/mcryptd.c -@@ -254,18 +254,22 @@ static void *mcryptd_alloc_instance(struct crypto_alg *alg, unsigned int head, - goto out; - } - --static inline void mcryptd_check_internal(struct rtattr **tb, u32 *type, -+static inline bool mcryptd_check_internal(struct rtattr **tb, u32 *type, - u32 *mask) - { - struct crypto_attr_type *algt; - - algt = crypto_get_attr_type(tb); - if (IS_ERR(algt)) -- return; -- if ((algt->type & CRYPTO_ALG_INTERNAL)) -- *type |= CRYPTO_ALG_INTERNAL; -- if ((algt->mask & CRYPTO_ALG_INTERNAL)) -- *mask |= CRYPTO_ALG_INTERNAL; -+ return false; -+ -+ *type |= algt->type & CRYPTO_ALG_INTERNAL; -+ *mask |= algt->mask & CRYPTO_ALG_INTERNAL; -+ -+ if (*type & *mask & CRYPTO_ALG_INTERNAL) -+ return true; -+ else -+ return false; - } - - static int mcryptd_hash_init_tfm(struct crypto_tfm *tfm) -@@ -492,7 +496,8 @@ static int mcryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb, - u32 mask = 0; - int err; - -- mcryptd_check_internal(tb, &type, &mask); -+ if (!mcryptd_check_internal(tb, &type, &mask)) -+ return -EINVAL; - - halg = ahash_attr_alg(tb[1], type, mask); - if (IS_ERR(halg)) -diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c -index 2accf78..93e0d83 100644 ---- a/drivers/acpi/nfit/core.c -+++ b/drivers/acpi/nfit/core.c -@@ -94,7 +94,7 @@ static struct acpi_device *to_acpi_dev(struct acpi_nfit_desc *acpi_desc) - return to_acpi_device(acpi_desc->dev); - } - --static int xlat_status(void *buf, unsigned int cmd, u32 status) -+static int xlat_bus_status(void *buf, unsigned int cmd, u32 status) - { - struct nd_cmd_clear_error *clear_err; - struct nd_cmd_ars_status *ars_status; -@@ -113,7 +113,7 @@ static int xlat_status(void *buf, unsigned int cmd, u32 status) - flags = ND_ARS_PERSISTENT | ND_ARS_VOLATILE; - if ((status >> 16 & flags) == 0) - return -ENOTTY; -- break; -+ return 0; - case ND_CMD_ARS_START: - /* ARS is in progress */ - if ((status & 0xffff) == NFIT_ARS_START_BUSY) -@@ -122,7 +122,7 @@ static int xlat_status(void *buf, unsigned int cmd, u32 status) - /* Command failed */ - if (status & 0xffff) - return -EIO; -- break; -+ return 0; - case ND_CMD_ARS_STATUS: - ars_status = buf; - /* Command failed */ -@@ -146,7 +146,8 @@ static int xlat_status(void *buf, unsigned int cmd, u32 status) - * then just continue with the returned results. - */ - if (status == NFIT_ARS_STATUS_INTR) { -- if (ars_status->flags & NFIT_ARS_F_OVERFLOW) -+ if (ars_status->out_length >= 40 && (ars_status->flags -+ & NFIT_ARS_F_OVERFLOW)) - return -ENOSPC; - return 0; - } -@@ -154,7 +155,7 @@ static int xlat_status(void *buf, unsigned int cmd, u32 status) - /* Unknown status */ - if (status >> 16) - return -EIO; -- break; -+ return 0; - case ND_CMD_CLEAR_ERROR: - clear_err = buf; - if (status & 0xffff) -@@ -163,7 +164,7 @@ static int xlat_status(void *buf, unsigned int cmd, u32 status) - return -EIO; - if (clear_err->length > clear_err->cleared) - return clear_err->cleared; -- break; -+ return 0; - default: - break; - } -@@ -174,6 +175,16 @@ static int xlat_status(void *buf, unsigned int cmd, u32 status) - return 0; - } - -+static int xlat_status(struct nvdimm *nvdimm, void *buf, unsigned int cmd, -+ u32 status) -+{ -+ if (!nvdimm) -+ return xlat_bus_status(buf, cmd, status); -+ if (status) -+ return -EIO; -+ return 0; -+} -+ - static int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, - struct nvdimm *nvdimm, unsigned int cmd, void *buf, - unsigned int buf_len, int *cmd_rc) -@@ -298,7 +309,8 @@ static int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, - - for (i = 0, offset = 0; i < desc->out_num; i++) { - u32 out_size = nd_cmd_out_size(nvdimm, cmd, desc, i, buf, -- (u32 *) out_obj->buffer.pointer); -+ (u32 *) out_obj->buffer.pointer, -+ out_obj->buffer.length - offset); - - if (offset + out_size > out_obj->buffer.length) { - dev_dbg(dev, "%s:%s output object underflow cmd: %s field: %d\n", -@@ -333,7 +345,8 @@ static int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, - */ - rc = buf_len - offset - in_buf.buffer.length; - if (cmd_rc) -- *cmd_rc = xlat_status(buf, cmd, fw_status); -+ *cmd_rc = xlat_status(nvdimm, buf, cmd, -+ fw_status); - } else { - dev_err(dev, "%s:%s underrun cmd: %s buf_len: %d out_len: %d\n", - __func__, dimm_name, cmd_name, buf_len, -@@ -343,7 +356,7 @@ static int acpi_nfit_ctl(struct nvdimm_bus_descriptor *nd_desc, - } else { - rc = 0; - if (cmd_rc) -- *cmd_rc = xlat_status(buf, cmd, fw_status); -+ *cmd_rc = xlat_status(nvdimm, buf, cmd, fw_status); - } - - out: -@@ -1857,19 +1870,32 @@ static int ars_get_status(struct acpi_nfit_desc *acpi_desc) - return cmd_rc; - } - --static int ars_status_process_records(struct nvdimm_bus *nvdimm_bus, -+static int ars_status_process_records(struct acpi_nfit_desc *acpi_desc, - struct nd_cmd_ars_status *ars_status) - { -+ struct nvdimm_bus *nvdimm_bus = acpi_desc->nvdimm_bus; - int rc; - u32 i; - -+ /* -+ * First record starts at 44 byte offset from the start of the -+ * payload. -+ */ -+ if (ars_status->out_length < 44) -+ return 0; - for (i = 0; i < ars_status->num_records; i++) { -+ /* only process full records */ -+ if (ars_status->out_length -+ < 44 + sizeof(struct nd_ars_record) * (i + 1)) -+ break; - rc = nvdimm_bus_add_poison(nvdimm_bus, - ars_status->records[i].err_address, - ars_status->records[i].length); - if (rc) - return rc; - } -+ if (i < ars_status->num_records) -+ dev_warn(acpi_desc->dev, "detected truncated ars results\n"); - - return 0; - } -@@ -2122,8 +2148,7 @@ static int acpi_nfit_query_poison(struct acpi_nfit_desc *acpi_desc, - if (rc < 0 && rc != -ENOSPC) - return rc; - -- if (ars_status_process_records(acpi_desc->nvdimm_bus, -- acpi_desc->ars_status)) -+ if (ars_status_process_records(acpi_desc, acpi_desc->ars_status)) - return -ENOMEM; - - return 0; -diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c -index 2b38c1b..7a2e4d4 100644 ---- a/drivers/acpi/sleep.c -+++ b/drivers/acpi/sleep.c -@@ -47,32 +47,15 @@ static void acpi_sleep_tts_switch(u32 acpi_state) - } - } - --static void acpi_sleep_pts_switch(u32 acpi_state) --{ -- acpi_status status; -- -- status = acpi_execute_simple_method(NULL, "\\_PTS", acpi_state); -- if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) { -- /* -- * OS can't evaluate the _PTS object correctly. Some warning -- * message will be printed. But it won't break anything. -- */ -- printk(KERN_NOTICE "Failure in evaluating _PTS object\n"); -- } --} -- --static int sleep_notify_reboot(struct notifier_block *this, -+static int tts_notify_reboot(struct notifier_block *this, - unsigned long code, void *x) - { - acpi_sleep_tts_switch(ACPI_STATE_S5); -- -- acpi_sleep_pts_switch(ACPI_STATE_S5); -- - return NOTIFY_DONE; - } - --static struct notifier_block sleep_notifier = { -- .notifier_call = sleep_notify_reboot, -+static struct notifier_block tts_notifier = { -+ .notifier_call = tts_notify_reboot, - .next = NULL, - .priority = 0, - }; -@@ -916,9 +899,9 @@ int __init acpi_sleep_init(void) - pr_info(PREFIX "(supports%s)\n", supported); - - /* -- * Register the sleep_notifier to reboot notifier list so that the _TTS -- * and _PTS object can also be evaluated when the system enters S5. -+ * Register the tts_notifier to reboot notifier list so that the _TTS -+ * object can also be evaluated when the system enters S5. - */ -- register_reboot_notifier(&sleep_notifier); -+ register_reboot_notifier(&tts_notifier); - return 0; - } -diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c -index 5163c8f..5497f7f 100644 ---- a/drivers/block/zram/zram_drv.c -+++ b/drivers/block/zram/zram_drv.c -@@ -1413,8 +1413,14 @@ static ssize_t hot_remove_store(struct class *class, - return ret ? ret : count; - } - -+/* -+ * NOTE: hot_add attribute is not the usual read-only sysfs attribute. In a -+ * sense that reading from this file does alter the state of your system -- it -+ * creates a new un-initialized zram device and returns back this device's -+ * device_id (or an error code if it fails to create a new device). -+ */ - static struct class_attribute zram_control_class_attrs[] = { -- __ATTR_RO(hot_add), -+ __ATTR(hot_add, 0400, hot_add_show, NULL), - __ATTR_WO(hot_remove), - __ATTR_NULL, - }; -diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c -index 0ec112e..2341f37 100644 ---- a/drivers/crypto/caam/ctrl.c -+++ b/drivers/crypto/caam/ctrl.c -@@ -557,8 +557,9 @@ static int caam_probe(struct platform_device *pdev) - * Enable DECO watchdogs and, if this is a PHYS_ADDR_T_64BIT kernel, - * long pointers in master configuration register - */ -- clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK, MCFGR_AWCACHE_CACH | -- MCFGR_AWCACHE_BUFF | MCFGR_WDENABLE | MCFGR_LARGE_BURST | -+ clrsetbits_32(&ctrl->mcr, MCFGR_AWCACHE_MASK | MCFGR_LONG_PTR, -+ MCFGR_AWCACHE_CACH | MCFGR_AWCACHE_BUFF | -+ MCFGR_WDENABLE | MCFGR_LARGE_BURST | - (sizeof(dma_addr_t) == sizeof(u64) ? MCFGR_LONG_PTR : 0)); - - /* -diff --git a/drivers/crypto/marvell/hash.c b/drivers/crypto/marvell/hash.c -index b111e14..13e89af 100644 ---- a/drivers/crypto/marvell/hash.c -+++ b/drivers/crypto/marvell/hash.c -@@ -168,12 +168,11 @@ static void mv_cesa_ahash_std_step(struct ahash_request *req) - mv_cesa_adjust_op(engine, &creq->op_tmpl); - memcpy_toio(engine->sram, &creq->op_tmpl, sizeof(creq->op_tmpl)); - -- digsize = crypto_ahash_digestsize(crypto_ahash_reqtfm(req)); -- for (i = 0; i < digsize / 4; i++) -- writel_relaxed(creq->state[i], engine->regs + CESA_IVDIG(i)); -- -- mv_cesa_adjust_op(engine, &creq->op_tmpl); -- memcpy_toio(engine->sram, &creq->op_tmpl, sizeof(creq->op_tmpl)); -+ if (!sreq->offset) { -+ digsize = crypto_ahash_digestsize(crypto_ahash_reqtfm(req)); -+ for (i = 0; i < digsize / 4; i++) -+ writel_relaxed(creq->state[i], engine->regs + CESA_IVDIG(i)); -+ } - - if (creq->cache_ptr) - memcpy_toio(engine->sram + CESA_SA_DATA_SRAM_OFFSET, -diff --git a/drivers/dax/dax.c b/drivers/dax/dax.c -index ff64313..4894199 100644 ---- a/drivers/dax/dax.c -+++ b/drivers/dax/dax.c -@@ -324,7 +324,7 @@ static int check_vma(struct dax_dev *dax_dev, struct vm_area_struct *vma, - return -ENXIO; - - /* prevent private mappings from being established */ -- if ((vma->vm_flags & VM_SHARED) != VM_SHARED) { -+ if ((vma->vm_flags & VM_MAYSHARE) != VM_MAYSHARE) { - dev_info(dev, "%s: %s: fail, attempted private mapping\n", - current->comm, func); - return -EINVAL; -diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_core.c b/drivers/net/can/usb/peak_usb/pcan_usb_core.c -index bfb91d8..1006af4 100644 ---- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c -+++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c -@@ -872,23 +872,25 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter, - static void peak_usb_disconnect(struct usb_interface *intf) - { - struct peak_usb_device *dev; -+ struct peak_usb_device *dev_prev_siblings; - - /* unregister as many netdev devices as siblings */ -- for (dev = usb_get_intfdata(intf); dev; dev = dev->prev_siblings) { -+ for (dev = usb_get_intfdata(intf); dev; dev = dev_prev_siblings) { - struct net_device *netdev = dev->netdev; - char name[IFNAMSIZ]; - -+ dev_prev_siblings = dev->prev_siblings; - dev->state &= ~PCAN_USB_STATE_CONNECTED; - strncpy(name, netdev->name, IFNAMSIZ); - - unregister_netdev(netdev); -- free_candev(netdev); - - kfree(dev->cmd_buf); - dev->next_siblings = NULL; - if (dev->adapter->dev_free) - dev->adapter->dev_free(dev); - -+ free_candev(netdev); - dev_info(&intf->dev, "%s removed\n", name); - } - -diff --git a/drivers/nvdimm/bus.c b/drivers/nvdimm/bus.c -index a8b6949..23d4a17 100644 ---- a/drivers/nvdimm/bus.c -+++ b/drivers/nvdimm/bus.c -@@ -715,7 +715,7 @@ EXPORT_SYMBOL_GPL(nd_cmd_in_size); - - u32 nd_cmd_out_size(struct nvdimm *nvdimm, int cmd, - const struct nd_cmd_desc *desc, int idx, const u32 *in_field, -- const u32 *out_field) -+ const u32 *out_field, unsigned long remainder) - { - if (idx >= desc->out_num) - return UINT_MAX; -@@ -727,9 +727,24 @@ u32 nd_cmd_out_size(struct nvdimm *nvdimm, int cmd, - return in_field[1]; - else if (nvdimm && cmd == ND_CMD_VENDOR && idx == 2) - return out_field[1]; -- else if (!nvdimm && cmd == ND_CMD_ARS_STATUS && idx == 2) -- return out_field[1] - 8; -- else if (cmd == ND_CMD_CALL) { -+ else if (!nvdimm && cmd == ND_CMD_ARS_STATUS && idx == 2) { -+ /* -+ * Per table 9-276 ARS Data in ACPI 6.1, out_field[1] is -+ * "Size of Output Buffer in bytes, including this -+ * field." -+ */ -+ if (out_field[1] < 4) -+ return 0; -+ /* -+ * ACPI 6.1 is ambiguous if 'status' is included in the -+ * output size. If we encounter an output size that -+ * overshoots the remainder by 4 bytes, assume it was -+ * including 'status'. -+ */ -+ if (out_field[1] - 8 == remainder) -+ return remainder; -+ return out_field[1] - 4; -+ } else if (cmd == ND_CMD_CALL) { - struct nd_cmd_pkg *pkg = (struct nd_cmd_pkg *) in_field; - - return pkg->nd_size_out; -@@ -876,7 +891,7 @@ static int __nd_ioctl(struct nvdimm_bus *nvdimm_bus, struct nvdimm *nvdimm, - /* process an output envelope */ - for (i = 0; i < desc->out_num; i++) { - u32 out_size = nd_cmd_out_size(nvdimm, cmd, desc, i, -- (u32 *) in_env, (u32 *) out_env); -+ (u32 *) in_env, (u32 *) out_env, 0); - u32 copy; - - if (out_size == UINT_MAX) { -diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c -index 7080ce2..8214eba 100644 ---- a/drivers/scsi/lpfc/lpfc_sli.c -+++ b/drivers/scsi/lpfc/lpfc_sli.c -@@ -1323,18 +1323,20 @@ lpfc_sli_ringtxcmpl_put(struct lpfc_hba *phba, struct lpfc_sli_ring *pring, - { - lockdep_assert_held(&phba->hbalock); - -- BUG_ON(!piocb || !piocb->vport); -+ BUG_ON(!piocb); - - list_add_tail(&piocb->list, &pring->txcmplq); - piocb->iocb_flag |= LPFC_IO_ON_TXCMPLQ; - - if ((unlikely(pring->ringno == LPFC_ELS_RING)) && - (piocb->iocb.ulpCommand != CMD_ABORT_XRI_CN) && -- (piocb->iocb.ulpCommand != CMD_CLOSE_XRI_CN) && -- (!(piocb->vport->load_flag & FC_UNLOADING))) -- mod_timer(&piocb->vport->els_tmofunc, -- jiffies + -- msecs_to_jiffies(1000 * (phba->fc_ratov << 1))); -+ (piocb->iocb.ulpCommand != CMD_CLOSE_XRI_CN)) { -+ BUG_ON(!piocb->vport); -+ if (!(piocb->vport->load_flag & FC_UNLOADING)) -+ mod_timer(&piocb->vport->els_tmofunc, -+ jiffies + -+ msecs_to_jiffies(1000 * (phba->fc_ratov << 1))); -+ } - - return 0; - } -diff --git a/drivers/vhost/vsock.c b/drivers/vhost/vsock.c -index e3b30ea..a504e2e0 100644 ---- a/drivers/vhost/vsock.c -+++ b/drivers/vhost/vsock.c -@@ -506,7 +506,7 @@ static void vhost_vsock_reset_orphans(struct sock *sk) - * executing. - */ - -- if (!vhost_vsock_get(vsk->local_addr.svm_cid)) { -+ if (!vhost_vsock_get(vsk->remote_addr.svm_cid)) { - sock_set_flag(sk, SOCK_DONE); - vsk->peer_shutdown = SHUTDOWN_MASK; - sk->sk_state = SS_UNCONNECTED; -diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index df4b3e6..93142bf 100644 ---- a/fs/ceph/dir.c -+++ b/fs/ceph/dir.c -@@ -1257,26 +1257,30 @@ static int ceph_d_revalidate(struct dentry *dentry, unsigned int flags) - return -ECHILD; - - op = ceph_snap(dir) == CEPH_SNAPDIR ? -- CEPH_MDS_OP_LOOKUPSNAP : CEPH_MDS_OP_LOOKUP; -+ CEPH_MDS_OP_LOOKUPSNAP : CEPH_MDS_OP_GETATTR; - req = ceph_mdsc_create_request(mdsc, op, USE_ANY_MDS); - if (!IS_ERR(req)) { - req->r_dentry = dget(dentry); -- req->r_num_caps = 2; -+ req->r_num_caps = op == CEPH_MDS_OP_GETATTR ? 1 : 2; - - mask = CEPH_STAT_CAP_INODE | CEPH_CAP_AUTH_SHARED; - if (ceph_security_xattr_wanted(dir)) - mask |= CEPH_CAP_XATTR_SHARED; - req->r_args.getattr.mask = mask; - -- req->r_locked_dir = dir; - err = ceph_mdsc_do_request(mdsc, NULL, req); -- if (err == 0 || err == -ENOENT) { -- if (dentry == req->r_dentry) { -- valid = !d_unhashed(dentry); -- } else { -- d_invalidate(req->r_dentry); -- err = -EAGAIN; -- } -+ switch (err) { -+ case 0: -+ if (d_really_is_positive(dentry) && -+ d_inode(dentry) == req->r_target_inode) -+ valid = 1; -+ break; -+ case -ENOENT: -+ if (d_really_is_negative(dentry)) -+ valid = 1; -+ /* Fallthrough */ -+ default: -+ break; - } - ceph_mdsc_put_request(req); - dout("d_revalidate %p lookup result=%d\n", -diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 4ff9251..eb5373a 100644 ---- a/fs/fuse/dir.c -+++ b/fs/fuse/dir.c -@@ -1709,8 +1709,6 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr) - return -EACCES; - - if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) { -- int kill; -- - attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | - ATTR_MODE); - /* -@@ -1722,12 +1720,11 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr) - return ret; - - attr->ia_mode = inode->i_mode; -- kill = should_remove_suid(entry); -- if (kill & ATTR_KILL_SUID) { -+ if (inode->i_mode & S_ISUID) { - attr->ia_valid |= ATTR_MODE; - attr->ia_mode &= ~S_ISUID; - } -- if (kill & ATTR_KILL_SGID) { -+ if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { - attr->ia_valid |= ATTR_MODE; - attr->ia_mode &= ~S_ISGID; - } -diff --git a/include/linux/cpu.h b/include/linux/cpu.h -index 797d9c8..c8938eb 100644 ---- a/include/linux/cpu.h -+++ b/include/linux/cpu.h -@@ -105,22 +105,16 @@ extern bool cpuhp_tasks_frozen; - { .notifier_call = fn, .priority = pri }; \ - __register_cpu_notifier(&fn##_nb); \ - } --#else /* #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) */ --#define cpu_notifier(fn, pri) do { (void)(fn); } while (0) --#define __cpu_notifier(fn, pri) do { (void)(fn); } while (0) --#endif /* #else #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) */ - --#ifdef CONFIG_HOTPLUG_CPU - extern int register_cpu_notifier(struct notifier_block *nb); - extern int __register_cpu_notifier(struct notifier_block *nb); - extern void unregister_cpu_notifier(struct notifier_block *nb); - extern void __unregister_cpu_notifier(struct notifier_block *nb); --#else - --#ifndef MODULE --extern int register_cpu_notifier(struct notifier_block *nb); --extern int __register_cpu_notifier(struct notifier_block *nb); --#else -+#else /* #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) */ -+#define cpu_notifier(fn, pri) do { (void)(fn); } while (0) -+#define __cpu_notifier(fn, pri) do { (void)(fn); } while (0) -+ - static inline int register_cpu_notifier(struct notifier_block *nb) - { - return 0; -@@ -130,7 +124,6 @@ static inline int __register_cpu_notifier(struct notifier_block *nb) - { - return 0; - } --#endif - - static inline void unregister_cpu_notifier(struct notifier_block *nb) - { -diff --git a/include/linux/libnvdimm.h b/include/linux/libnvdimm.h -index bbfce62..d02d65d 100644 ---- a/include/linux/libnvdimm.h -+++ b/include/linux/libnvdimm.h -@@ -153,7 +153,7 @@ u32 nd_cmd_in_size(struct nvdimm *nvdimm, int cmd, - const struct nd_cmd_desc *desc, int idx, void *buf); - u32 nd_cmd_out_size(struct nvdimm *nvdimm, int cmd, - const struct nd_cmd_desc *desc, int idx, const u32 *in_field, -- const u32 *out_field); -+ const u32 *out_field, unsigned long remainder); - int nvdimm_bus_check_dimm_count(struct nvdimm_bus *nvdimm_bus, int dimm_count); - struct nd_region *nvdimm_pmem_region_create(struct nvdimm_bus *nvdimm_bus, - struct nd_region_desc *ndr_desc); -diff --git a/include/uapi/linux/can.h b/include/uapi/linux/can.h -index 9692cda..c48d93a 100644 ---- a/include/uapi/linux/can.h -+++ b/include/uapi/linux/can.h -@@ -196,5 +196,6 @@ struct can_filter { - }; - - #define CAN_INV_FILTER 0x20000000U /* to be set in can_filter.can_id */ -+#define CAN_RAW_FILTER_MAX 512 /* maximum number of can_filter set via setsockopt() */ - - #endif /* !_UAPI_CAN_H */ -diff --git a/kernel/cpu.c b/kernel/cpu.c -index 341bf80..73fb59f 100644 ---- a/kernel/cpu.c -+++ b/kernel/cpu.c -@@ -578,7 +578,6 @@ void __init cpuhp_threads_init(void) - kthread_unpark(this_cpu_read(cpuhp_state.thread)); - } - --#ifdef CONFIG_HOTPLUG_CPU - EXPORT_SYMBOL(register_cpu_notifier); - EXPORT_SYMBOL(__register_cpu_notifier); - void unregister_cpu_notifier(struct notifier_block *nb) -@@ -595,6 +594,7 @@ void __unregister_cpu_notifier(struct notifier_block *nb) - } - EXPORT_SYMBOL(__unregister_cpu_notifier); - -+#ifdef CONFIG_HOTPLUG_CPU - /** - * clear_tasks_mm_cpumask - Safely clear tasks' mm_cpumask for a CPU - * @cpu: a CPU id -diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c -index 1ec0f48..2c49d76 100644 ---- a/kernel/locking/rtmutex.c -+++ b/kernel/locking/rtmutex.c -@@ -65,8 +65,72 @@ static inline void clear_rt_mutex_waiters(struct rt_mutex *lock) - - static void fixup_rt_mutex_waiters(struct rt_mutex *lock) - { -- if (!rt_mutex_has_waiters(lock)) -- clear_rt_mutex_waiters(lock); -+ unsigned long owner, *p = (unsigned long *) &lock->owner; -+ -+ if (rt_mutex_has_waiters(lock)) -+ return; -+ -+ /* -+ * The rbtree has no waiters enqueued, now make sure that the -+ * lock->owner still has the waiters bit set, otherwise the -+ * following can happen: -+ * -+ * CPU 0 CPU 1 CPU2 -+ * l->owner=T1 -+ * rt_mutex_lock(l) -+ * lock(l->lock) -+ * l->owner = T1 | HAS_WAITERS; -+ * enqueue(T2) -+ * boost() -+ * unlock(l->lock) -+ * block() -+ * -+ * rt_mutex_lock(l) -+ * lock(l->lock) -+ * l->owner = T1 | HAS_WAITERS; -+ * enqueue(T3) -+ * boost() -+ * unlock(l->lock) -+ * block() -+ * signal(->T2) signal(->T3) -+ * lock(l->lock) -+ * dequeue(T2) -+ * deboost() -+ * unlock(l->lock) -+ * lock(l->lock) -+ * dequeue(T3) -+ * ==> wait list is empty -+ * deboost() -+ * unlock(l->lock) -+ * lock(l->lock) -+ * fixup_rt_mutex_waiters() -+ * if (wait_list_empty(l) { -+ * l->owner = owner -+ * owner = l->owner & ~HAS_WAITERS; -+ * ==> l->owner = T1 -+ * } -+ * lock(l->lock) -+ * rt_mutex_unlock(l) fixup_rt_mutex_waiters() -+ * if (wait_list_empty(l) { -+ * owner = l->owner & ~HAS_WAITERS; -+ * cmpxchg(l->owner, T1, NULL) -+ * ===> Success (l->owner = NULL) -+ * -+ * l->owner = owner -+ * ==> l->owner = T1 -+ * } -+ * -+ * With the check for the waiter bit in place T3 on CPU2 will not -+ * overwrite. All tasks fiddling with the waiters bit are -+ * serialized by l->lock, so nothing else can modify the waiters -+ * bit. If the bit is set then nothing can change l->owner either -+ * so the simple RMW is safe. The cmpxchg() will simply fail if it -+ * happens in the middle of the RMW because the waiters bit is -+ * still set. -+ */ -+ owner = READ_ONCE(*p); -+ if (owner & RT_MUTEX_HAS_WAITERS) -+ WRITE_ONCE(*p, owner & ~RT_MUTEX_HAS_WAITERS); - } - - /* -diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h -index 4f5f83c..e317e1c 100644 ---- a/kernel/locking/rtmutex_common.h -+++ b/kernel/locking/rtmutex_common.h -@@ -75,8 +75,9 @@ task_top_pi_waiter(struct task_struct *p) - - static inline struct task_struct *rt_mutex_owner(struct rt_mutex *lock) - { -- return (struct task_struct *) -- ((unsigned long)lock->owner & ~RT_MUTEX_OWNER_MASKALL); -+ unsigned long owner = (unsigned long) READ_ONCE(lock->owner); -+ -+ return (struct task_struct *) (owner & ~RT_MUTEX_OWNER_MASKALL); - } - - /* -diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c -index a5d966c..418d9b6 100644 ---- a/kernel/sched/auto_group.c -+++ b/kernel/sched/auto_group.c -@@ -192,6 +192,7 @@ int proc_sched_autogroup_set_nice(struct task_struct *p, int nice) - { - static unsigned long next = INITIAL_JIFFIES; - struct autogroup *ag; -+ unsigned long shares; - int err; - - if (nice < MIN_NICE || nice > MAX_NICE) -@@ -210,9 +211,10 @@ int proc_sched_autogroup_set_nice(struct task_struct *p, int nice) - - next = HZ / 10 + jiffies; - ag = autogroup_task_get(p); -+ shares = scale_load(sched_prio_to_weight[nice + 20]); - - down_write(&ag->lock); -- err = sched_group_set_shares(ag->tg, sched_prio_to_weight[nice + 20]); -+ err = sched_group_set_shares(ag->tg, shares); - if (!err) - ag->nice = nice; - up_write(&ag->lock); -diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c -index 7e6df7a..67f8fa9 100644 ---- a/net/batman-adv/translation-table.c -+++ b/net/batman-adv/translation-table.c -@@ -2849,7 +2849,7 @@ static bool batadv_send_my_tt_response(struct batadv_priv *bat_priv, - &tvlv_tt_data, - &tt_change, - &tt_len); -- if (!tt_len) -+ if (!tt_len || !tvlv_len) - goto unlock; - - /* Copy the last orig_node's OGM buffer */ -@@ -2867,7 +2867,7 @@ static bool batadv_send_my_tt_response(struct batadv_priv *bat_priv, - &tvlv_tt_data, - &tt_change, - &tt_len); -- if (!tt_len) -+ if (!tt_len || !tvlv_len) - goto out; - - /* fill the rest of the tvlv with the real TT entries */ -diff --git a/net/can/raw.c b/net/can/raw.c -index 972c187..b075f02 100644 ---- a/net/can/raw.c -+++ b/net/can/raw.c -@@ -499,6 +499,9 @@ static int raw_setsockopt(struct socket *sock, int level, int optname, - if (optlen % sizeof(struct can_filter) != 0) - return -EINVAL; - -+ if (optlen > CAN_RAW_FILTER_MAX * sizeof(struct can_filter)) -+ return -EINVAL; -+ - count = optlen / sizeof(struct can_filter); - - if (count > 1) { diff --git a/4.8.15/4420_grsecurity-3.1-4.8.15-201612151923.patch b/4.8.15/4420_grsecurity-3.1-4.8.15-201612301949.patch index f7b8b72..b16a42d 100644 --- a/4.8.15/4420_grsecurity-3.1-4.8.15-201612151923.patch +++ b/4.8.15/4420_grsecurity-3.1-4.8.15-201612301949.patch @@ -22150,24 +22150,28 @@ index 6ca9fd6..4c0aa55 100644 * Vectors 0x30-0x3f are used for ISA interrupts. * round up to the next 16-vector boundary diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h -index b77f5ed..3862b91 100644 +index b77f5ed..cbf5ec6 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h -@@ -23,11 +23,13 @@ static inline unsigned long native_save_fl(void) +@@ -23,11 +23,17 @@ static inline unsigned long native_save_fl(void) : /* no input */ : "memory"); ++#if !defined(CONFIG_GRKERNSEC_CONFIG_VIRT_HOST) || !defined(CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) + BUG_ON(flags & X86_EFLAGS_AC); ++#endif return flags; } static inline void native_restore_fl(unsigned long flags) { ++#if !defined(CONFIG_GRKERNSEC_CONFIG_VIRT_HOST) || !defined(CONFIG_GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) + BUG_ON(flags & X86_EFLAGS_AC); ++#endif asm volatile("push %0 ; popf" : /* no output */ :"g" (flags) -@@ -137,6 +139,11 @@ static inline notrace unsigned long arch_local_irq_save(void) +@@ -137,6 +143,11 @@ static inline notrace unsigned long arch_local_irq_save(void) swapgs; \ sysretl @@ -120398,7 +120402,7 @@ index fd6be45..6be6542 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..307ca55 +index 0000000..f1c1ee2 --- /dev/null +++ b/grsecurity/Kconfig @@ -0,0 +1,1206 @@ @@ -120600,7 +120604,7 @@ index 0000000..307ca55 +config GRKERNSEC_HIDESYM + bool "Hide kernel symbols" + default y if GRKERNSEC_CONFIG_AUTO -+ select PAX_USERCOPY_SLABS ++ select PAX_USERCOPY + help + If you say Y here, getting information on loaded modules, and + displaying all kernel symbols through a syscall will be restricted diff --git a/4.8.15/4426_default_XATTR_PAX_FLAGS.patch b/4.8.15/4426_default_XATTR_PAX_FLAGS.patch new file mode 100644 index 0000000..f7e97b5 --- /dev/null +++ b/4.8.15/4426_default_XATTR_PAX_FLAGS.patch @@ -0,0 +1,36 @@ +diff -Naur linux-4.8.15-hardened-r1.orig/security/Kconfig linux-4.8.15-hardened-r1/security/Kconfig +--- linux-4.8.15-hardened-r1.orig/security/Kconfig 2017-01-01 12:10:19.638828792 -0500 ++++ linux-4.8.15-hardened-r1/security/Kconfig 2017-01-01 12:14:05.434836657 -0500 +@@ -293,7 +293,7 @@ + + config PAX_PT_PAX_FLAGS + bool 'Use ELF program header marking' +- default y if GRKERNSEC_CONFIG_AUTO ++ default n + help + Enabling this option will allow you to control PaX features on + a per executable basis via the 'paxctl' utility available at +@@ -312,9 +312,12 @@ + If you enable none of the marking options then all applications + will run with PaX enabled on them by default. + ++ Note for Gentoo: PT_PAX_FLAGS has been deprecated in Gentoo. Enable ++ this only for legacy systems. ++ + config PAX_XATTR_PAX_FLAGS + bool 'Use filesystem extended attributes marking' +- default y if GRKERNSEC_CONFIG_AUTO ++ default y + select CIFS_XATTR if CIFS + select EXT2_FS_XATTR if EXT2_FS + select EXT3_FS_XATTR if EXT3_FS +@@ -343,6 +346,9 @@ + If you enable none of the marking options then all applications + will run with PaX enabled on them by default. + ++ Note for Gentoo: XATTR_PAX_FLAGS is now the default in Gentoo. Do ++ not disable this unless you know what you're doing. ++ + choice + prompt 'MAC system integration' + default PAX_HAVE_ACL_FLAGS |