commit: e735967d53114565a8f1cca6fee1f471490c4b2b Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Sun Apr 8 14:25:12 2018 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Sun Apr 8 14:25:12 2018 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=e735967d
Linux patch 4.4.127 0000_README | 8 +- 1126_linux-4.4.127.patch | 2344 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 2350 insertions(+), 2 deletions(-) diff --git a/0000_README b/0000_README index a22a4ac..67e1c31 100644 --- a/0000_README +++ b/0000_README @@ -543,9 +543,13 @@ Patch: 1124_linux-4.4.125.patch From: http://www.kernel.org Desc: Linux 4.4.125 -Patch: 1125_linux-4.4.125.patch +Patch: 1125_linux-4.4.126.patch From: http://www.kernel.org -Desc: Linux 4.4.125 +Desc: Linux 4.4.126 + +Patch: 1126_linux-4.4.127.patch +From: http://www.kernel.org +Desc: Linux 4.4.127 Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 diff --git a/1126_linux-4.4.127.patch b/1126_linux-4.4.127.patch new file mode 100644 index 0000000..8cd3c43 --- /dev/null +++ b/1126_linux-4.4.127.patch @@ -0,0 +1,2344 @@ +diff --git a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt +index caf297bee1fb..c28d4eb83b76 100644 +--- a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt ++++ b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt +@@ -35,6 +35,15 @@ Optional properties: + - ti,palmas-enable-dvfs2: Enable DVFS2. Configure pins for DVFS2 mode. + Selection primary or secondary function associated to GPADC_START + and SYSEN2 pin/pad for DVFS2 interface ++- ti,palmas-override-powerhold: This is applicable for PMICs for which ++ GPIO7 is configured in POWERHOLD mode which has higher priority ++ over DEV_ON bit and keeps the PMIC supplies on even after the DEV_ON ++ bit is turned off. This property enables driver to over ride the ++ POWERHOLD value to GPIO7 so as to turn off the PMIC in power off ++ scenarios. So for GPIO7 if ti,palmas-override-powerhold is set ++ then the GPIO_7 field should never be muxed to anything else. ++ It should be set to POWERHOLD by default and only in case of ++ power off scenarios the driver will over ride the mux value. + + This binding uses the following generic properties as defined in + pinctrl-bindings.txt: +diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt +index 6716413c17ba..6d2689ebf824 100644 +--- a/Documentation/filesystems/proc.txt ++++ b/Documentation/filesystems/proc.txt +@@ -383,32 +383,6 @@ is not associated with a file: + + or if empty, the mapping is anonymous. + +-The /proc/PID/task/TID/maps is a view of the virtual memory from the viewpoint +-of the individual tasks of a process. In this file you will see a mapping marked +-as [stack] if that task sees it as a stack. Hence, for the example above, the +-task-level map, i.e. /proc/PID/task/TID/maps for thread 1001 will look like this: +- +-08048000-08049000 r-xp 00000000 03:00 8312 /opt/test +-08049000-0804a000 rw-p 00001000 03:00 8312 /opt/test +-0804a000-0806b000 rw-p 00000000 00:00 0 [heap] +-a7cb1000-a7cb2000 ---p 00000000 00:00 0 +-a7cb2000-a7eb2000 rw-p 00000000 00:00 0 +-a7eb2000-a7eb3000 ---p 00000000 00:00 0 +-a7eb3000-a7ed5000 rw-p 00000000 00:00 0 [stack] +-a7ed5000-a8008000 r-xp 00000000 03:00 4222 /lib/libc.so.6 +-a8008000-a800a000 r--p 00133000 03:00 4222 /lib/libc.so.6 +-a800a000-a800b000 rw-p 00135000 03:00 4222 /lib/libc.so.6 +-a800b000-a800e000 rw-p 00000000 00:00 0 +-a800e000-a8022000 r-xp 00000000 03:00 14462 /lib/libpthread.so.0 +-a8022000-a8023000 r--p 00013000 03:00 14462 /lib/libpthread.so.0 +-a8023000-a8024000 rw-p 00014000 03:00 14462 /lib/libpthread.so.0 +-a8024000-a8027000 rw-p 00000000 00:00 0 +-a8027000-a8043000 r-xp 00000000 03:00 8317 /lib/ld-linux.so.2 +-a8043000-a8044000 r--p 0001b000 03:00 8317 /lib/ld-linux.so.2 +-a8044000-a8045000 rw-p 0001c000 03:00 8317 /lib/ld-linux.so.2 +-aff35000-aff4a000 rw-p 00000000 00:00 0 +-ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] +- + The /proc/PID/smaps is an extension based on maps, showing the memory + consumption for each of the process's mappings. For each of mappings there + is a series of lines such as the following: +diff --git a/Makefile b/Makefile +index 2b699c5f6de4..58c0390573c1 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 4 +-SUBLEVEL = 126 ++SUBLEVEL = 127 + EXTRAVERSION = + NAME = Blurry Fish Butt + +diff --git a/arch/arm/boot/dts/am335x-pepper.dts b/arch/arm/boot/dts/am335x-pepper.dts +index 2dbe13a3d89b..7106114c7464 100644 +--- a/arch/arm/boot/dts/am335x-pepper.dts ++++ b/arch/arm/boot/dts/am335x-pepper.dts +@@ -139,7 +139,7 @@ + &audio_codec { + status = "okay"; + +- reset-gpios = <&gpio1 16 GPIO_ACTIVE_LOW>; ++ gpio-reset = <&gpio1 16 GPIO_ACTIVE_LOW>; + AVDD-supply = <&ldo3_reg>; + IOVDD-supply = <&ldo3_reg>; + DRVDD-supply = <&ldo3_reg>; +diff --git a/arch/arm/boot/dts/am57xx-beagle-x15.dts b/arch/arm/boot/dts/am57xx-beagle-x15.dts +index 00352e761b8c..5c3bd34af9fd 100644 +--- a/arch/arm/boot/dts/am57xx-beagle-x15.dts ++++ b/arch/arm/boot/dts/am57xx-beagle-x15.dts +@@ -411,6 +411,7 @@ + interrupt-controller; + + ti,system-power-controller; ++ ti,palmas-override-powerhold; + + tps659038_pmic { + compatible = "ti,tps659038-pmic"; +diff --git a/arch/arm/boot/dts/dra7-evm.dts b/arch/arm/boot/dts/dra7-evm.dts +index 864f60020124..0736d04f032e 100644 +--- a/arch/arm/boot/dts/dra7-evm.dts ++++ b/arch/arm/boot/dts/dra7-evm.dts +@@ -410,6 +410,8 @@ + tps659038: tps659038@58 { + compatible = "ti,tps659038"; + reg = <0x58>; ++ ti,palmas-override-powerhold; ++ ti,system-power-controller; + + tps659038_pmic { + compatible = "ti,tps659038-pmic"; +diff --git a/arch/arm/boot/dts/omap3-n900.dts b/arch/arm/boot/dts/omap3-n900.dts +index 731860314ab5..27cd4abfc74d 100644 +--- a/arch/arm/boot/dts/omap3-n900.dts ++++ b/arch/arm/boot/dts/omap3-n900.dts +@@ -488,7 +488,7 @@ + tlv320aic3x: tlv320aic3x@18 { + compatible = "ti,tlv320aic3x"; + reg = <0x18>; +- reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */ ++ gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */ + ai3x-gpio-func = < + 0 /* AIC3X_GPIO1_FUNC_DISABLED */ + 5 /* AIC3X_GPIO2_FUNC_DIGITAL_MIC_INPUT */ +@@ -505,7 +505,7 @@ + tlv320aic3x_aux: tlv320aic3x@19 { + compatible = "ti,tlv320aic3x"; + reg = <0x19>; +- reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */ ++ gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */ + + AVDD-supply = <&vmmc2>; + DRVDD-supply = <&vmmc2>; +diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h +index 853953cd1f08..b42b930cc19a 100644 +--- a/arch/arm64/include/asm/memory.h ++++ b/arch/arm64/include/asm/memory.h +@@ -49,8 +49,10 @@ + * and PAGE_OFFSET - it must be within 128MB of the kernel text. + */ + #define VA_BITS (CONFIG_ARM64_VA_BITS) +-#define VA_START (UL(0xffffffffffffffff) << VA_BITS) +-#define PAGE_OFFSET (UL(0xffffffffffffffff) << (VA_BITS - 1)) ++#define VA_START (UL(0xffffffffffffffff) - \ ++ (UL(1) << VA_BITS) + 1) ++#define PAGE_OFFSET (UL(0xffffffffffffffff) - \ ++ (UL(1) << (VA_BITS - 1)) + 1) + #define MODULES_END (PAGE_OFFSET) + #define MODULES_VADDR (MODULES_END - SZ_64M) + #define PCI_IO_END (MODULES_VADDR - SZ_2M) +diff --git a/arch/frv/include/asm/timex.h b/arch/frv/include/asm/timex.h +index a89bddefdacf..139093fab326 100644 +--- a/arch/frv/include/asm/timex.h ++++ b/arch/frv/include/asm/timex.h +@@ -16,5 +16,11 @@ static inline cycles_t get_cycles(void) + #define vxtime_lock() do {} while (0) + #define vxtime_unlock() do {} while (0) + ++/* This attribute is used in include/linux/jiffies.h alongside with ++ * __cacheline_aligned_in_smp. It is assumed that __cacheline_aligned_in_smp ++ * for frv does not contain another section specification. ++ */ ++#define __jiffy_arch_data __attribute__((__section__(".data"))) ++ + #endif + +diff --git a/arch/x86/crypto/cast5_avx_glue.c b/arch/x86/crypto/cast5_avx_glue.c +index 8648158f3916..f8fe11d24cde 100644 +--- a/arch/x86/crypto/cast5_avx_glue.c ++++ b/arch/x86/crypto/cast5_avx_glue.c +@@ -66,8 +66,6 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk, + void (*fn)(struct cast5_ctx *ctx, u8 *dst, const u8 *src); + int err; + +- fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way; +- + err = blkcipher_walk_virt(desc, walk); + desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; + +@@ -79,6 +77,7 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk, + + /* Process multi-block batch */ + if (nbytes >= bsize * CAST5_PARALLEL_BLOCKS) { ++ fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way; + do { + fn(ctx, wdst, wsrc); + +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c +index 565e24e9ddf2..df9be5b91270 100644 +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -49,6 +49,7 @@ + #include <linux/kdebug.h> + #include <linux/kallsyms.h> + #include <linux/ftrace.h> ++#include <linux/moduleloader.h> + + #include <asm/cacheflush.h> + #include <asm/desc.h> +@@ -402,6 +403,14 @@ int __copy_instruction(u8 *dest, u8 *src) + return length; + } + ++/* Recover page to RW mode before releasing it */ ++void free_insn_page(void *page) ++{ ++ set_memory_nx((unsigned long)page & PAGE_MASK, 1); ++ set_memory_rw((unsigned long)page & PAGE_MASK, 1); ++ module_memfree(page); ++} ++ + static int arch_copy_kprobe(struct kprobe *p) + { + int ret; +diff --git a/block/partitions/msdos.c b/block/partitions/msdos.c +index 5610cd537da7..7d8d50c11ce7 100644 +--- a/block/partitions/msdos.c ++++ b/block/partitions/msdos.c +@@ -300,7 +300,9 @@ static void parse_bsd(struct parsed_partitions *state, + continue; + bsd_start = le32_to_cpu(p->p_offset); + bsd_size = le32_to_cpu(p->p_size); +- if (memcmp(flavour, "bsd\0", 4) == 0) ++ /* FreeBSD has relative offset if C partition offset is zero */ ++ if (memcmp(flavour, "bsd\0", 4) == 0 && ++ le32_to_cpu(l->d_partitions[2].p_offset) == 0) + bsd_start += offset; + if (offset == bsd_start && size == bsd_size) + /* full parent partition, we have it already */ +diff --git a/crypto/ahash.c b/crypto/ahash.c +index 7006dbfd39bd..6978ad86e516 100644 +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -91,13 +91,14 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err) + + if (nbytes && walk->offset & alignmask && !err) { + walk->offset = ALIGN(walk->offset, alignmask + 1); +- walk->data += walk->offset; +- + nbytes = min(nbytes, + ((unsigned int)(PAGE_SIZE)) - walk->offset); + walk->entrylen -= nbytes; + +- return nbytes; ++ if (nbytes) { ++ walk->data += walk->offset; ++ return nbytes; ++ } + } + + if (walk->flags & CRYPTO_ALG_ASYNC) +diff --git a/drivers/acpi/pci_irq.c b/drivers/acpi/pci_irq.c +index 8a10a7ae6a8a..c8e169e46673 100644 +--- a/drivers/acpi/pci_irq.c ++++ b/drivers/acpi/pci_irq.c +@@ -131,9 +131,6 @@ static void do_prt_fixups(struct acpi_prt_entry *entry, + quirk = &prt_quirks[i]; + + /* All current quirks involve link devices, not GSIs */ +- if (!prt->source) +- continue; +- + if (dmi_check_system(quirk->system) && + entry->id.segment == quirk->segment && + entry->id.bus == quirk->bus && +diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c +index 9ba89315dae1..55d3d1da72de 100644 +--- a/drivers/block/mtip32xx/mtip32xx.c ++++ b/drivers/block/mtip32xx/mtip32xx.c +@@ -169,25 +169,6 @@ static bool mtip_check_surprise_removal(struct pci_dev *pdev) + return false; /* device present */ + } + +-/* we have to use runtime tag to setup command header */ +-static void mtip_init_cmd_header(struct request *rq) +-{ +- struct driver_data *dd = rq->q->queuedata; +- struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq); +- u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64; +- +- /* Point the command headers at the command tables. */ +- cmd->command_header = dd->port->command_list + +- (sizeof(struct mtip_cmd_hdr) * rq->tag); +- cmd->command_header_dma = dd->port->command_list_dma + +- (sizeof(struct mtip_cmd_hdr) * rq->tag); +- +- if (host_cap_64) +- cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16); +- +- cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF); +-} +- + static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd) + { + struct request *rq; +@@ -199,9 +180,6 @@ static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd) + if (IS_ERR(rq)) + return NULL; + +- /* Internal cmd isn't submitted via .queue_rq */ +- mtip_init_cmd_header(rq); +- + return blk_mq_rq_to_pdu(rq); + } + +@@ -3840,8 +3818,6 @@ static int mtip_queue_rq(struct blk_mq_hw_ctx *hctx, + struct request *rq = bd->rq; + int ret; + +- mtip_init_cmd_header(rq); +- + if (unlikely(mtip_check_unal_depth(hctx, rq))) + return BLK_MQ_RQ_QUEUE_BUSY; + +@@ -3873,6 +3849,7 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx, + { + struct driver_data *dd = data; + struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq); ++ u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64; + + /* + * For flush requests, request_idx starts at the end of the +@@ -3889,6 +3866,17 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx, + + memset(cmd->command, 0, CMD_DMA_ALLOC_SZ); + ++ /* Point the command headers at the command tables. */ ++ cmd->command_header = dd->port->command_list + ++ (sizeof(struct mtip_cmd_hdr) * request_idx); ++ cmd->command_header_dma = dd->port->command_list_dma + ++ (sizeof(struct mtip_cmd_hdr) * request_idx); ++ ++ if (host_cap_64) ++ cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16); ++ ++ cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF); ++ + sg_init_table(cmd->sg, MTIP_MAX_SG); + return 0; + } +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index c0fb6f12f547..ebed319657e7 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -551,8 +551,6 @@ static int cpufreq_parse_governor(char *str_governor, unsigned int *policy, + *governor = t; + err = 0; + } +- if (t && !try_module_get(t->owner)) +- t = NULL; + + mutex_unlock(&cpufreq_governor_mutex); + } +@@ -671,10 +669,6 @@ static ssize_t store_scaling_governor(struct cpufreq_policy *policy, + return -EINVAL; + + ret = cpufreq_set_policy(policy, &new_policy); +- +- if (new_policy.governor) +- module_put(new_policy.governor->owner); +- + return ret ? ret : count; + } + +diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c +index 6a8024d9d742..864a7c8d82d3 100644 +--- a/drivers/infiniband/core/addr.c ++++ b/drivers/infiniband/core/addr.c +@@ -86,6 +86,22 @@ int rdma_addr_size(struct sockaddr *addr) + } + EXPORT_SYMBOL(rdma_addr_size); + ++int rdma_addr_size_in6(struct sockaddr_in6 *addr) ++{ ++ int ret = rdma_addr_size((struct sockaddr *) addr); ++ ++ return ret <= sizeof(*addr) ? ret : 0; ++} ++EXPORT_SYMBOL(rdma_addr_size_in6); ++ ++int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr) ++{ ++ int ret = rdma_addr_size((struct sockaddr *) addr); ++ ++ return ret <= sizeof(*addr) ? ret : 0; ++} ++EXPORT_SYMBOL(rdma_addr_size_kss); ++ + static struct rdma_addr_client self; + + void rdma_addr_register_client(struct rdma_addr_client *client) +diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c +index cdac2c9421ab..960fcb613198 100644 +--- a/drivers/infiniband/core/ucma.c ++++ b/drivers/infiniband/core/ucma.c +@@ -131,7 +131,7 @@ static inline struct ucma_context *_ucma_find_context(int id, + ctx = idr_find(&ctx_idr, id); + if (!ctx) + ctx = ERR_PTR(-ENOENT); +- else if (ctx->file != file) ++ else if (ctx->file != file || !ctx->cm_id) + ctx = ERR_PTR(-EINVAL); + return ctx; + } +@@ -453,6 +453,7 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf, + struct rdma_ucm_create_id cmd; + struct rdma_ucm_create_id_resp resp; + struct ucma_context *ctx; ++ struct rdma_cm_id *cm_id; + enum ib_qp_type qp_type; + int ret; + +@@ -473,10 +474,10 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf, + return -ENOMEM; + + ctx->uid = cmd.uid; +- ctx->cm_id = rdma_create_id(current->nsproxy->net_ns, +- ucma_event_handler, ctx, cmd.ps, qp_type); +- if (IS_ERR(ctx->cm_id)) { +- ret = PTR_ERR(ctx->cm_id); ++ cm_id = rdma_create_id(current->nsproxy->net_ns, ++ ucma_event_handler, ctx, cmd.ps, qp_type); ++ if (IS_ERR(cm_id)) { ++ ret = PTR_ERR(cm_id); + goto err1; + } + +@@ -486,14 +487,19 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf, + ret = -EFAULT; + goto err2; + } ++ ++ ctx->cm_id = cm_id; + return 0; + + err2: +- rdma_destroy_id(ctx->cm_id); ++ rdma_destroy_id(cm_id); + err1: + mutex_lock(&mut); + idr_remove(&ctx_idr, ctx->id); + mutex_unlock(&mut); ++ mutex_lock(&file->mut); ++ list_del(&ctx->list); ++ mutex_unlock(&file->mut); + kfree(ctx); + return ret; + } +@@ -623,6 +629,9 @@ static ssize_t ucma_bind_ip(struct ucma_file *file, const char __user *inbuf, + if (copy_from_user(&cmd, inbuf, sizeof(cmd))) + return -EFAULT; + ++ if (!rdma_addr_size_in6(&cmd.addr)) ++ return -EINVAL; ++ + ctx = ucma_get_ctx(file, cmd.id); + if (IS_ERR(ctx)) + return PTR_ERR(ctx); +@@ -636,22 +645,21 @@ static ssize_t ucma_bind(struct ucma_file *file, const char __user *inbuf, + int in_len, int out_len) + { + struct rdma_ucm_bind cmd; +- struct sockaddr *addr; + struct ucma_context *ctx; + int ret; + + if (copy_from_user(&cmd, inbuf, sizeof(cmd))) + return -EFAULT; + +- addr = (struct sockaddr *) &cmd.addr; +- if (cmd.reserved || !cmd.addr_size || (cmd.addr_size != rdma_addr_size(addr))) ++ if (cmd.reserved || !cmd.addr_size || ++ cmd.addr_size != rdma_addr_size_kss(&cmd.addr)) + return -EINVAL; + + ctx = ucma_get_ctx(file, cmd.id); + if (IS_ERR(ctx)) + return PTR_ERR(ctx); + +- ret = rdma_bind_addr(ctx->cm_id, addr); ++ ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr); + ucma_put_ctx(ctx); + return ret; + } +@@ -667,13 +675,16 @@ static ssize_t ucma_resolve_ip(struct ucma_file *file, + if (copy_from_user(&cmd, inbuf, sizeof(cmd))) + return -EFAULT; + ++ if (!rdma_addr_size_in6(&cmd.src_addr) || ++ !rdma_addr_size_in6(&cmd.dst_addr)) ++ return -EINVAL; ++ + ctx = ucma_get_ctx(file, cmd.id); + if (IS_ERR(ctx)) + return PTR_ERR(ctx); + + ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr, +- (struct sockaddr *) &cmd.dst_addr, +- cmd.timeout_ms); ++ (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms); + ucma_put_ctx(ctx); + return ret; + } +@@ -683,24 +694,23 @@ static ssize_t ucma_resolve_addr(struct ucma_file *file, + int in_len, int out_len) + { + struct rdma_ucm_resolve_addr cmd; +- struct sockaddr *src, *dst; + struct ucma_context *ctx; + int ret; + + if (copy_from_user(&cmd, inbuf, sizeof(cmd))) + return -EFAULT; + +- src = (struct sockaddr *) &cmd.src_addr; +- dst = (struct sockaddr *) &cmd.dst_addr; +- if (cmd.reserved || (cmd.src_size && (cmd.src_size != rdma_addr_size(src))) || +- !cmd.dst_size || (cmd.dst_size != rdma_addr_size(dst))) ++ if (cmd.reserved || ++ (cmd.src_size && (cmd.src_size != rdma_addr_size_kss(&cmd.src_addr))) || ++ !cmd.dst_size || (cmd.dst_size != rdma_addr_size_kss(&cmd.dst_addr))) + return -EINVAL; + + ctx = ucma_get_ctx(file, cmd.id); + if (IS_ERR(ctx)) + return PTR_ERR(ctx); + +- ret = rdma_resolve_addr(ctx->cm_id, src, dst, cmd.timeout_ms); ++ ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr, ++ (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms); + ucma_put_ctx(ctx); + return ret; + } +@@ -1145,6 +1155,11 @@ static ssize_t ucma_init_qp_attr(struct ucma_file *file, + if (IS_ERR(ctx)) + return PTR_ERR(ctx); + ++ if (!ctx->cm_id->device) { ++ ret = -EINVAL; ++ goto out; ++ } ++ + resp.qp_attr_mask = 0; + memset(&qp_attr, 0, sizeof qp_attr); + qp_attr.qp_state = cmd.qp_state; +@@ -1301,7 +1316,7 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf, + { + struct rdma_ucm_notify cmd; + struct ucma_context *ctx; +- int ret; ++ int ret = -EINVAL; + + if (copy_from_user(&cmd, inbuf, sizeof(cmd))) + return -EFAULT; +@@ -1310,7 +1325,9 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf, + if (IS_ERR(ctx)) + return PTR_ERR(ctx); + +- ret = rdma_notify(ctx->cm_id, (enum ib_event_type) cmd.event); ++ if (ctx->cm_id->device) ++ ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event); ++ + ucma_put_ctx(ctx); + return ret; + } +@@ -1328,7 +1345,7 @@ static ssize_t ucma_process_join(struct ucma_file *file, + return -ENOSPC; + + addr = (struct sockaddr *) &cmd->addr; +- if (cmd->reserved || !cmd->addr_size || (cmd->addr_size != rdma_addr_size(addr))) ++ if (cmd->reserved || (cmd->addr_size != rdma_addr_size(addr))) + return -EINVAL; + + ctx = ucma_get_ctx(file, cmd->id); +@@ -1387,7 +1404,10 @@ static ssize_t ucma_join_ip_multicast(struct ucma_file *file, + join_cmd.response = cmd.response; + join_cmd.uid = cmd.uid; + join_cmd.id = cmd.id; +- join_cmd.addr_size = rdma_addr_size((struct sockaddr *) &cmd.addr); ++ join_cmd.addr_size = rdma_addr_size_in6(&cmd.addr); ++ if (!join_cmd.addr_size) ++ return -EINVAL; ++ + join_cmd.reserved = 0; + memcpy(&join_cmd.addr, &cmd.addr, join_cmd.addr_size); + +@@ -1403,6 +1423,9 @@ static ssize_t ucma_join_multicast(struct ucma_file *file, + if (copy_from_user(&cmd, inbuf, sizeof(cmd))) + return -EFAULT; + ++ if (!rdma_addr_size_kss(&cmd.addr)) ++ return -EINVAL; ++ + return ucma_process_join(file, &cmd, out_len); + } + +diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c +index b604564dec5c..30328e57fdda 100644 +--- a/drivers/input/mousedev.c ++++ b/drivers/input/mousedev.c +@@ -15,6 +15,7 @@ + #define MOUSEDEV_MINORS 31 + #define MOUSEDEV_MIX 63 + ++#include <linux/bitops.h> + #include <linux/sched.h> + #include <linux/slab.h> + #include <linux/poll.h> +@@ -103,7 +104,7 @@ struct mousedev_client { + spinlock_t packet_lock; + int pos_x, pos_y; + +- signed char ps2[6]; ++ u8 ps2[6]; + unsigned char ready, buffer, bufsiz; + unsigned char imexseq, impsseq; + enum mousedev_emul mode; +@@ -291,11 +292,10 @@ static void mousedev_notify_readers(struct mousedev *mousedev, + } + + client->pos_x += packet->dx; +- client->pos_x = client->pos_x < 0 ? +- 0 : (client->pos_x >= xres ? xres : client->pos_x); ++ client->pos_x = clamp_val(client->pos_x, 0, xres); ++ + client->pos_y += packet->dy; +- client->pos_y = client->pos_y < 0 ? +- 0 : (client->pos_y >= yres ? yres : client->pos_y); ++ client->pos_y = clamp_val(client->pos_y, 0, yres); + + p->dx += packet->dx; + p->dy += packet->dy; +@@ -571,44 +571,50 @@ static int mousedev_open(struct inode *inode, struct file *file) + return error; + } + +-static inline int mousedev_limit_delta(int delta, int limit) +-{ +- return delta > limit ? limit : (delta < -limit ? -limit : delta); +-} +- +-static void mousedev_packet(struct mousedev_client *client, +- signed char *ps2_data) ++static void mousedev_packet(struct mousedev_client *client, u8 *ps2_data) + { + struct mousedev_motion *p = &client->packets[client->tail]; ++ s8 dx, dy, dz; ++ ++ dx = clamp_val(p->dx, -127, 127); ++ p->dx -= dx; ++ ++ dy = clamp_val(p->dy, -127, 127); ++ p->dy -= dy; + +- ps2_data[0] = 0x08 | +- ((p->dx < 0) << 4) | ((p->dy < 0) << 5) | (p->buttons & 0x07); +- ps2_data[1] = mousedev_limit_delta(p->dx, 127); +- ps2_data[2] = mousedev_limit_delta(p->dy, 127); +- p->dx -= ps2_data[1]; +- p->dy -= ps2_data[2]; ++ ps2_data[0] = BIT(3); ++ ps2_data[0] |= ((dx & BIT(7)) >> 3) | ((dy & BIT(7)) >> 2); ++ ps2_data[0] |= p->buttons & 0x07; ++ ps2_data[1] = dx; ++ ps2_data[2] = dy; + + switch (client->mode) { + case MOUSEDEV_EMUL_EXPS: +- ps2_data[3] = mousedev_limit_delta(p->dz, 7); +- p->dz -= ps2_data[3]; +- ps2_data[3] = (ps2_data[3] & 0x0f) | ((p->buttons & 0x18) << 1); ++ dz = clamp_val(p->dz, -7, 7); ++ p->dz -= dz; ++ ++ ps2_data[3] = (dz & 0x0f) | ((p->buttons & 0x18) << 1); + client->bufsiz = 4; + break; + + case MOUSEDEV_EMUL_IMPS: +- ps2_data[0] |= +- ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1); +- ps2_data[3] = mousedev_limit_delta(p->dz, 127); +- p->dz -= ps2_data[3]; ++ dz = clamp_val(p->dz, -127, 127); ++ p->dz -= dz; ++ ++ ps2_data[0] |= ((p->buttons & 0x10) >> 3) | ++ ((p->buttons & 0x08) >> 1); ++ ps2_data[3] = dz; ++ + client->bufsiz = 4; + break; + + case MOUSEDEV_EMUL_PS2: + default: +- ps2_data[0] |= +- ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1); + p->dz = 0; ++ ++ ps2_data[0] |= ((p->buttons & 0x10) >> 3) | ++ ((p->buttons & 0x08) >> 1); ++ + client->bufsiz = 3; + break; + } +@@ -714,7 +720,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, + { + struct mousedev_client *client = file->private_data; + struct mousedev *mousedev = client->mousedev; +- signed char data[sizeof(client->ps2)]; ++ u8 data[sizeof(client->ps2)]; + int retval = 0; + + if (!client->ready && !client->buffer && mousedev->exist && +diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h +index d1051e3ce819..e484ea2dc787 100644 +--- a/drivers/input/serio/i8042-x86ia64io.h ++++ b/drivers/input/serio/i8042-x86ia64io.h +@@ -530,6 +530,20 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = { + { } + }; + ++static const struct dmi_system_id i8042_dmi_forcemux_table[] __initconst = { ++ { ++ /* ++ * Sony Vaio VGN-CS series require MUX or the touch sensor ++ * buttons will disturb touchpad operation ++ */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-CS"), ++ }, ++ }, ++ { } ++}; ++ + /* + * On some Asus laptops, just running self tests cause problems. + */ +@@ -692,6 +706,13 @@ static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "20046"), + }, + }, ++ { ++ /* Lenovo ThinkPad L460 */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L460"), ++ }, ++ }, + { + /* Clevo P650RS, 650RP6, Sager NP8152-S, and others */ + .matches = { +@@ -1223,6 +1244,9 @@ static int __init i8042_platform_init(void) + if (dmi_check_system(i8042_dmi_nomux_table)) + i8042_nomux = true; + ++ if (dmi_check_system(i8042_dmi_forcemux_table)) ++ i8042_nomux = false; ++ + if (dmi_check_system(i8042_dmi_notimeout_table)) + i8042_notimeout = true; + +diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c +index e503279c34fc..6865b186f749 100644 +--- a/drivers/md/dm-ioctl.c ++++ b/drivers/md/dm-ioctl.c +@@ -1773,12 +1773,12 @@ static int validate_params(uint cmd, struct dm_ioctl *param) + cmd == DM_LIST_VERSIONS_CMD) + return 0; + +- if ((cmd == DM_DEV_CREATE_CMD)) { ++ if (cmd == DM_DEV_CREATE_CMD) { + if (!*param->name) { + DMWARN("name not supplied when creating device"); + return -EINVAL; + } +- } else if ((*param->uuid && *param->name)) { ++ } else if (*param->uuid && *param->name) { + DMWARN("only supply one of name or uuid, cmd(%u)", cmd); + return -EINVAL; + } +diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c +index 3a0d557146c7..bf0410403a6f 100644 +--- a/drivers/md/raid10.c ++++ b/drivers/md/raid10.c +@@ -3638,6 +3638,7 @@ static int run(struct mddev *mddev) + + if (blk_queue_discard(bdev_get_queue(rdev->bdev))) + discard_supported = true; ++ first = 0; + } + + if (mddev->queue) { +diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c +index 3bbc77aa6a33..483457d4904f 100644 +--- a/drivers/media/usb/usbtv/usbtv-core.c ++++ b/drivers/media/usb/usbtv/usbtv-core.c +@@ -95,6 +95,8 @@ static int usbtv_probe(struct usb_interface *intf, + return 0; + + usbtv_audio_fail: ++ /* we must not free at this point */ ++ usb_get_dev(usbtv->udev); + usbtv_video_free(usbtv); + + usbtv_video_fail: +diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c +index 4ef189a7a2fb..8c04e342e30a 100644 +--- a/drivers/misc/mei/main.c ++++ b/drivers/misc/mei/main.c +@@ -571,7 +571,6 @@ static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data) + break; + + default: +- dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd); + rets = -ENOIOCTLCMD; + } + +diff --git a/drivers/mtd/chips/jedec_probe.c b/drivers/mtd/chips/jedec_probe.c +index 7c0b27d132b1..b479bd81120b 100644 +--- a/drivers/mtd/chips/jedec_probe.c ++++ b/drivers/mtd/chips/jedec_probe.c +@@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct map_info *map, uint32_t base, + do { + uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi); + mask = (1 << (cfi->device_type * 8)) - 1; ++ if (ofs >= map->size) ++ return 0; + result = map_read(map, base + ofs); + bank++; + } while ((result.x[0] & mask) == CFI_MFR_CONTINUATION); +diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c +index cc1725616f9d..50747573f42e 100644 +--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c ++++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c +@@ -2823,7 +2823,7 @@ static int liquidio_xmit(struct sk_buff *skb, struct net_device *netdev) + if (!g) { + netif_info(lio, tx_err, lio->netdev, + "Transmit scatter gather: glist null!\n"); +- goto lio_xmit_dma_failed; ++ goto lio_xmit_failed; + } + + cmdsetup.s.gather = 1; +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c +index a20bd8362712..b8517b00e706 100644 +--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c ++++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c +@@ -648,7 +648,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data) + + static int hns_gmac_get_sset_count(int stringset) + { +- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) ++ if (stringset == ETH_SS_STATS) + return ARRAY_SIZE(g_gmac_stats_string); + + return 0; +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c +index 6634aef0e841..67f33f185a44 100644 +--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c ++++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c +@@ -384,7 +384,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb) + + int hns_ppe_get_sset_count(int stringset) + { +- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) ++ if (stringset == ETH_SS_STATS) + return ETH_PPE_STATIC_NUM; + return 0; + } +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c +index 1d5b18d7a1d7..4db32c62f062 100644 +--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c ++++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c +@@ -807,7 +807,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data) + */ + int hns_rcb_get_ring_sset_count(int stringset) + { +- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) ++ if (stringset == ETH_SS_STATS) + return HNS_RING_STATIC_REG_NUM; + + return 0; +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c +index a0332129970b..4b91eb70c683 100644 +--- a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c ++++ b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c +@@ -1000,8 +1000,10 @@ int hns_get_sset_count(struct net_device *netdev, int stringset) + cnt--; + + return cnt; +- } else { ++ } else if (stringset == ETH_SS_STATS) { + return (HNS_NET_STATS_CNT + ops->get_sset_count(h, stringset)); ++ } else { ++ return -EOPNOTSUPP; + } + } + +diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c +index 78530d1714dc..bdce0679674c 100644 +--- a/drivers/parport/parport_pc.c ++++ b/drivers/parport/parport_pc.c +@@ -2646,6 +2646,7 @@ enum parport_pc_pci_cards { + netmos_9901, + netmos_9865, + quatech_sppxp100, ++ wch_ch382l, + }; + + +@@ -2708,6 +2709,7 @@ static struct parport_pc_pci { + /* netmos_9901 */ { 1, { { 0, -1 }, } }, + /* netmos_9865 */ { 1, { { 0, -1 }, } }, + /* quatech_sppxp100 */ { 1, { { 0, 1 }, } }, ++ /* wch_ch382l */ { 1, { { 2, -1 }, } }, + }; + + static const struct pci_device_id parport_pc_pci_tbl[] = { +@@ -2797,6 +2799,8 @@ static const struct pci_device_id parport_pc_pci_tbl[] = { + /* Quatech SPPXP-100 Parallel port PCI ExpressCard */ + { PCI_VENDOR_ID_QUATECH, PCI_DEVICE_ID_QUATECH_SPPXP_100, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, quatech_sppxp100 }, ++ /* WCH CH382L PCI-E single parallel port card */ ++ { 0x1c00, 0x3050, 0x1c00, 0x3050, 0, 0, wch_ch382l }, + { 0, } /* terminate list */ + }; + MODULE_DEVICE_TABLE(pci, parport_pc_pci_tbl); +diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c +index 5e42b5f2f565..32bd8ab79d53 100644 +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -463,6 +463,8 @@ static void pci_device_shutdown(struct device *dev) + + if (drv && drv->shutdown) + drv->shutdown(pci_dev); ++ pci_msi_shutdown(pci_dev); ++ pci_msix_shutdown(pci_dev); + + #ifdef CONFIG_KEXEC_CORE + /* +diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c +index 193ac13de49b..566897f24dee 100644 +--- a/drivers/pci/probe.c ++++ b/drivers/pci/probe.c +@@ -230,7 +230,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, + res->flags |= IORESOURCE_ROM_ENABLE; + l64 = l & PCI_ROM_ADDRESS_MASK; + sz64 = sz & PCI_ROM_ADDRESS_MASK; +- mask64 = (u32)PCI_ROM_ADDRESS_MASK; ++ mask64 = PCI_ROM_ADDRESS_MASK; + } + + if (res->flags & IORESOURCE_MEM_64) { +diff --git a/drivers/pci/setup-res.c b/drivers/pci/setup-res.c +index 25062966cbfa..8b2f8b2a574e 100644 +--- a/drivers/pci/setup-res.c ++++ b/drivers/pci/setup-res.c +@@ -63,7 +63,7 @@ static void pci_std_update_resource(struct pci_dev *dev, int resno) + mask = (u32)PCI_BASE_ADDRESS_IO_MASK; + new |= res->flags & ~PCI_BASE_ADDRESS_IO_MASK; + } else if (resno == PCI_ROM_RESOURCE) { +- mask = (u32)PCI_ROM_ADDRESS_MASK; ++ mask = PCI_ROM_ADDRESS_MASK; + } else { + mask = (u32)PCI_BASE_ADDRESS_MEM_MASK; + new |= res->flags & ~PCI_BASE_ADDRESS_MEM_MASK; +diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c +index 578fae4d474f..8ef905cbfc9c 100644 +--- a/drivers/scsi/virtio_scsi.c ++++ b/drivers/scsi/virtio_scsi.c +@@ -819,6 +819,7 @@ static struct scsi_host_template virtscsi_host_template_multi = { + .eh_abort_handler = virtscsi_abort, + .eh_device_reset_handler = virtscsi_device_reset, + ++ .slave_alloc = virtscsi_device_alloc, + .can_queue = 1024, + .dma_boundary = UINT_MAX, + .use_clustering = ENABLE_CLUSTERING, +diff --git a/drivers/spi/spi-davinci.c b/drivers/spi/spi-davinci.c +index 1ddba9ae8c0f..c872a2e54c4b 100644 +--- a/drivers/spi/spi-davinci.c ++++ b/drivers/spi/spi-davinci.c +@@ -651,7 +651,7 @@ static int davinci_spi_bufs(struct spi_device *spi, struct spi_transfer *t) + buf = t->rx_buf; + t->rx_dma = dma_map_single(&spi->dev, buf, + t->len, DMA_FROM_DEVICE); +- if (dma_mapping_error(&spi->dev, !t->rx_dma)) { ++ if (dma_mapping_error(&spi->dev, t->rx_dma)) { + ret = -EFAULT; + goto err_rx_map; + } +diff --git a/drivers/staging/comedi/drivers/ni_mio_common.c b/drivers/staging/comedi/drivers/ni_mio_common.c +index c975f6e8be49..8f181caffca3 100644 +--- a/drivers/staging/comedi/drivers/ni_mio_common.c ++++ b/drivers/staging/comedi/drivers/ni_mio_common.c +@@ -1348,6 +1348,8 @@ static void ack_a_interrupt(struct comedi_device *dev, unsigned short a_status) + ack |= NISTC_INTA_ACK_AI_START; + if (a_status & NISTC_AI_STATUS1_STOP) + ack |= NISTC_INTA_ACK_AI_STOP; ++ if (a_status & NISTC_AI_STATUS1_OVER) ++ ack |= NISTC_INTA_ACK_AI_ERR; + if (ack) + ni_stc_writew(dev, ack, NISTC_INTA_ACK_REG); + } +diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c +index 251315c35747..ff3286fc22d8 100644 +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -1312,6 +1312,11 @@ static void csi_m(struct vc_data *vc) + case 3: + vc->vc_italic = 1; + break; ++ case 21: ++ /* ++ * No console drivers support double underline, so ++ * convert it to a single underline. ++ */ + case 4: + vc->vc_underline = 1; + break; +@@ -1348,7 +1353,6 @@ static void csi_m(struct vc_data *vc) + vc->vc_disp_ctrl = 1; + vc->vc_toggle_meta = 1; + break; +- case 21: + case 22: + vc->vc_intensity = 1; + break; +diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c +index 88bd950665fa..85fb6226770c 100644 +--- a/drivers/usb/dwc2/hcd.c ++++ b/drivers/usb/dwc2/hcd.c +@@ -1385,7 +1385,6 @@ static void dwc2_conn_id_status_change(struct work_struct *work) + dwc2_core_init(hsotg, false, -1); + dwc2_enable_global_interrupts(hsotg); + spin_lock_irqsave(&hsotg->lock, flags); +- dwc2_hsotg_disconnect(hsotg); + dwc2_hsotg_core_init_disconnected(hsotg, false); + spin_unlock_irqrestore(&hsotg->lock, flags); + dwc2_hsotg_core_connect(hsotg); +@@ -1403,8 +1402,12 @@ static void dwc2_conn_id_status_change(struct work_struct *work) + if (count > 250) + dev_err(hsotg->dev, + "Connection id status change timed out\n"); +- hsotg->op_state = OTG_STATE_A_HOST; + ++ spin_lock_irqsave(&hsotg->lock, flags); ++ dwc2_hsotg_disconnect(hsotg); ++ spin_unlock_irqrestore(&hsotg->lock, flags); ++ ++ hsotg->op_state = OTG_STATE_A_HOST; + /* Initialize the Core for Host mode */ + dwc2_core_init(hsotg, false, -1); + dwc2_enable_global_interrupts(hsotg); +diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c +index ee579ba2b59e..a5dae5bb62ab 100644 +--- a/drivers/usb/gadget/function/f_hid.c ++++ b/drivers/usb/gadget/function/f_hid.c +@@ -223,6 +223,13 @@ static ssize_t f_hidg_read(struct file *file, char __user *buffer, + /* pick the first one */ + list = list_first_entry(&hidg->completed_out_req, + struct f_hidg_req_list, list); ++ ++ /* ++ * Remove this from list to protect it from beign free() ++ * while host disables our function ++ */ ++ list_del(&list->list); ++ + req = list->req; + count = min_t(unsigned int, count, req->actual - list->pos); + spin_unlock_irqrestore(&hidg->spinlock, flags); +@@ -238,15 +245,20 @@ static ssize_t f_hidg_read(struct file *file, char __user *buffer, + * call, taking into account its current read position. + */ + if (list->pos == req->actual) { +- spin_lock_irqsave(&hidg->spinlock, flags); +- list_del(&list->list); + kfree(list); +- spin_unlock_irqrestore(&hidg->spinlock, flags); + + req->length = hidg->report_length; + ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); +- if (ret < 0) ++ if (ret < 0) { ++ free_ep_req(hidg->out_ep, req); + return ret; ++ } ++ } else { ++ spin_lock_irqsave(&hidg->spinlock, flags); ++ list_add(&list->list, &hidg->completed_out_req); ++ spin_unlock_irqrestore(&hidg->spinlock, flags); ++ ++ wake_up(&hidg->read_queue); + } + + return count; +@@ -490,14 +502,18 @@ static void hidg_disable(struct usb_function *f) + { + struct f_hidg *hidg = func_to_hidg(f); + struct f_hidg_req_list *list, *next; ++ unsigned long flags; + + usb_ep_disable(hidg->in_ep); + usb_ep_disable(hidg->out_ep); + ++ spin_lock_irqsave(&hidg->spinlock, flags); + list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { ++ free_ep_req(hidg->out_ep, list->req); + list_del(&list->list); + kfree(list); + } ++ spin_unlock_irqrestore(&hidg->spinlock, flags); + } + + static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) +diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c +index af60cc3714c1..5ead414586a1 100644 +--- a/drivers/usb/gadget/function/f_midi.c ++++ b/drivers/usb/gadget/function/f_midi.c +@@ -201,12 +201,6 @@ static inline struct usb_request *midi_alloc_ep_req(struct usb_ep *ep, + return alloc_ep_req(ep, length, length); + } + +-static void free_ep_req(struct usb_ep *ep, struct usb_request *req) +-{ +- kfree(req->buf); +- usb_ep_free_request(ep, req); +-} +- + static const uint8_t f_midi_cin_length[] = { + 0, 0, 2, 3, 3, 1, 2, 3, 3, 3, 3, 3, 2, 2, 3, 1 + }; +diff --git a/drivers/usb/gadget/function/f_sourcesink.c b/drivers/usb/gadget/function/f_sourcesink.c +index 9f3ced62d916..67b243989938 100644 +--- a/drivers/usb/gadget/function/f_sourcesink.c ++++ b/drivers/usb/gadget/function/f_sourcesink.c +@@ -303,12 +303,6 @@ static inline struct usb_request *ss_alloc_ep_req(struct usb_ep *ep, int len) + return alloc_ep_req(ep, len, ss->buflen); + } + +-void free_ep_req(struct usb_ep *ep, struct usb_request *req) +-{ +- kfree(req->buf); +- usb_ep_free_request(ep, req); +-} +- + static void disable_ep(struct usb_composite_dev *cdev, struct usb_ep *ep) + { + int value; +diff --git a/drivers/usb/gadget/function/g_zero.h b/drivers/usb/gadget/function/g_zero.h +index 15f180904f8a..5ed90b437f18 100644 +--- a/drivers/usb/gadget/function/g_zero.h ++++ b/drivers/usb/gadget/function/g_zero.h +@@ -59,7 +59,6 @@ void lb_modexit(void); + int lb_modinit(void); + + /* common utilities */ +-void free_ep_req(struct usb_ep *ep, struct usb_request *req); + void disable_endpoints(struct usb_composite_dev *cdev, + struct usb_ep *in, struct usb_ep *out, + struct usb_ep *iso_in, struct usb_ep *iso_out); +diff --git a/drivers/usb/gadget/u_f.c b/drivers/usb/gadget/u_f.c +index c6276f0268ae..907f8144813c 100644 +--- a/drivers/usb/gadget/u_f.c ++++ b/drivers/usb/gadget/u_f.c +@@ -11,16 +11,18 @@ + * published by the Free Software Foundation. + */ + +-#include <linux/usb/gadget.h> + #include "u_f.h" ++#include <linux/usb/ch9.h> + +-struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len) ++struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len) + { + struct usb_request *req; + + req = usb_ep_alloc_request(ep, GFP_ATOMIC); + if (req) { + req->length = len ?: default_len; ++ if (usb_endpoint_dir_out(ep->desc)) ++ req->length = usb_ep_align(ep, req->length); + req->buf = kmalloc(req->length, GFP_ATOMIC); + if (!req->buf) { + usb_ep_free_request(ep, req); +diff --git a/drivers/usb/gadget/u_f.h b/drivers/usb/gadget/u_f.h +index 1d5f0eb68552..69a1d10df04f 100644 +--- a/drivers/usb/gadget/u_f.h ++++ b/drivers/usb/gadget/u_f.h +@@ -16,6 +16,8 @@ + #ifndef __U_F_H__ + #define __U_F_H__ + ++#include <linux/usb/gadget.h> ++ + /* Variable Length Array Macros **********************************************/ + #define vla_group(groupname) size_t groupname##__next = 0 + #define vla_group_size(groupname) groupname##__next +@@ -45,8 +47,26 @@ + struct usb_ep; + struct usb_request; + +-struct usb_request *alloc_ep_req(struct usb_ep *ep, int len, int default_len); +- +-#endif /* __U_F_H__ */ ++/** ++ * alloc_ep_req - returns a usb_request allocated by the gadget driver and ++ * allocates the request's buffer. ++ * ++ * @ep: the endpoint to allocate a usb_request ++ * @len: usb_requests's buffer suggested size ++ * @default_len: used if @len is not provided, ie, is 0 ++ * ++ * In case @ep direction is OUT, the @len will be aligned to ep's ++ * wMaxPacketSize. In order to avoid memory leaks or drops, *always* use ++ * usb_requests's length (req->length) to refer to the allocated buffer size. ++ * Requests allocated via alloc_ep_req() *must* be freed by free_ep_req(). ++ */ ++struct usb_request *alloc_ep_req(struct usb_ep *ep, size_t len, int default_len); + ++/* Frees a usb_request previously allocated by alloc_ep_req() */ ++static inline void free_ep_req(struct usb_ep *ep, struct usb_request *req) ++{ ++ kfree(req->buf); ++ usb_ep_free_request(ep, req); ++} + ++#endif /* __U_F_H__ */ +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index a4ab4fdf5ba3..64a4427678b0 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -151,6 +151,7 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */ + { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */ + { USB_DEVICE(0x1555, 0x0004) }, /* Owen AC4 USB-RS485 Converter */ ++ { USB_DEVICE(0x155A, 0x1006) }, /* ELDAT Easywave RX09 */ + { USB_DEVICE(0x166A, 0x0201) }, /* Clipsal 5500PACA C-Bus Pascal Automation Controller */ + { USB_DEVICE(0x166A, 0x0301) }, /* Clipsal 5800PC C-Bus Wireless PC Interface */ + { USB_DEVICE(0x166A, 0x0303) }, /* Clipsal 5500PCU C-Bus USB interface */ +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index 64fe9dc25ed4..a224c7a3ce09 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -773,6 +773,7 @@ static const struct usb_device_id id_table_combined[] = { + .driver_info = (kernel_ulong_t)&ftdi_NDI_device_quirk }, + { USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) }, + { USB_DEVICE(NOVITUS_VID, NOVITUS_BONO_E_PID) }, ++ { USB_DEVICE(FTDI_VID, RTSYSTEMS_USB_VX8_PID) }, + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_S03_PID) }, + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_59_PID) }, + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_57A_PID) }, +@@ -935,6 +936,7 @@ static const struct usb_device_id id_table_combined[] = { + { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_CINTERION_MC55I_PID) }, ++ { USB_DEVICE(FTDI_VID, FTDI_FHE_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) }, + { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID), + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index 543d2801632b..76a10b222ff9 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -922,6 +922,9 @@ + /* + * RT Systems programming cables for various ham radios + */ ++/* This device uses the VID of FTDI */ ++#define RTSYSTEMS_USB_VX8_PID 0x9e50 /* USB-VX8 USB to 7 pin modular plug for Yaesu VX-8 radio */ ++ + #define RTSYSTEMS_VID 0x2100 /* Vendor ID */ + #define RTSYSTEMS_USB_S03_PID 0x9001 /* RTS-03 USB to Serial Adapter */ + #define RTSYSTEMS_USB_59_PID 0x9e50 /* USB-59 USB to 8 pin plug */ +@@ -1440,6 +1443,12 @@ + */ + #define FTDI_CINTERION_MC55I_PID 0xA951 + ++/* ++ * Product: FirmwareHubEmulator ++ * Manufacturer: Harman Becker Automotive Systems ++ */ ++#define FTDI_FHE_PID 0xA9A0 ++ + /* + * Product: Comet Caller ID decoder + * Manufacturer: Crucible Technologies +diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c +index dcf26537c935..a52ca5cba015 100644 +--- a/fs/compat_ioctl.c ++++ b/fs/compat_ioctl.c +@@ -811,7 +811,7 @@ static int compat_ioctl_preallocate(struct file *file, + */ + #define XFORM(i) (((i) ^ ((i) << 27) ^ ((i) << 17)) & 0xffffffff) + +-#define COMPATIBLE_IOCTL(cmd) XFORM(cmd), ++#define COMPATIBLE_IOCTL(cmd) XFORM((u32)cmd), + /* ioctl should not be warned about even if it's not implemented. + Valid reasons to use this: + - It is implemented with ->compat_ioctl on some device, but programs +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c +index 07ef85e19fbc..75691a20313c 100644 +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -253,24 +253,15 @@ static int do_maps_open(struct inode *inode, struct file *file, + * /proc/PID/maps that is the stack of the main task. + */ + static int is_stack(struct proc_maps_private *priv, +- struct vm_area_struct *vma, int is_pid) ++ struct vm_area_struct *vma) + { +- int stack = 0; +- +- if (is_pid) { +- stack = vma->vm_start <= vma->vm_mm->start_stack && +- vma->vm_end >= vma->vm_mm->start_stack; +- } else { +- struct inode *inode = priv->inode; +- struct task_struct *task; +- +- rcu_read_lock(); +- task = pid_task(proc_pid(inode), PIDTYPE_PID); +- if (task) +- stack = vma_is_stack_for_task(vma, task); +- rcu_read_unlock(); +- } +- return stack; ++ /* ++ * We make no effort to guess what a given thread considers to be ++ * its "stack". It's not even well-defined for programs written ++ * languages like Go. ++ */ ++ return vma->vm_start <= vma->vm_mm->start_stack && ++ vma->vm_end >= vma->vm_mm->start_stack; + } + + static void +@@ -337,7 +328,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) + goto done; + } + +- if (is_stack(priv, vma, is_pid)) ++ if (is_stack(priv, vma)) + name = "[stack]"; + } + +@@ -1560,7 +1551,7 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) + seq_file_path(m, file, "\n\t= "); + } else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) { + seq_puts(m, " heap"); +- } else if (is_stack(proc_priv, vma, is_pid)) { ++ } else if (is_stack(proc_priv, vma)) { + seq_puts(m, " stack"); + } + +diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c +index faacb0c0d857..37175621e890 100644 +--- a/fs/proc/task_nommu.c ++++ b/fs/proc/task_nommu.c +@@ -124,25 +124,17 @@ unsigned long task_statm(struct mm_struct *mm, + } + + static int is_stack(struct proc_maps_private *priv, +- struct vm_area_struct *vma, int is_pid) ++ struct vm_area_struct *vma) + { + struct mm_struct *mm = vma->vm_mm; +- int stack = 0; +- +- if (is_pid) { +- stack = vma->vm_start <= mm->start_stack && +- vma->vm_end >= mm->start_stack; +- } else { +- struct inode *inode = priv->inode; +- struct task_struct *task; +- +- rcu_read_lock(); +- task = pid_task(proc_pid(inode), PIDTYPE_PID); +- if (task) +- stack = vma_is_stack_for_task(vma, task); +- rcu_read_unlock(); +- } +- return stack; ++ ++ /* ++ * We make no effort to guess what a given thread considers to be ++ * its "stack". It's not even well-defined for programs written ++ * languages like Go. ++ */ ++ return vma->vm_start <= mm->start_stack && ++ vma->vm_end >= mm->start_stack; + } + + /* +@@ -184,7 +176,7 @@ static int nommu_vma_show(struct seq_file *m, struct vm_area_struct *vma, + if (file) { + seq_pad(m, ' '); + seq_file_path(m, file, ""); +- } else if (mm && is_stack(priv, vma, is_pid)) { ++ } else if (mm && is_stack(priv, vma)) { + seq_pad(m, ' '); + seq_printf(m, "[stack]"); + } +diff --git a/include/linux/audit.h b/include/linux/audit.h +index faac391badac..9b95bb222e73 100644 +--- a/include/linux/audit.h ++++ b/include/linux/audit.h +@@ -26,6 +26,7 @@ + #include <linux/sched.h> + #include <linux/ptrace.h> + #include <uapi/linux/audit.h> ++#include <linux/tty.h> + + #define AUDIT_INO_UNSET ((unsigned long)-1) + #define AUDIT_DEV_UNSET ((dev_t)-1) +@@ -239,6 +240,23 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk) + return tsk->sessionid; + } + ++static inline struct tty_struct *audit_get_tty(struct task_struct *tsk) ++{ ++ struct tty_struct *tty = NULL; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&tsk->sighand->siglock, flags); ++ if (tsk->signal) ++ tty = tty_kref_get(tsk->signal->tty); ++ spin_unlock_irqrestore(&tsk->sighand->siglock, flags); ++ return tty; ++} ++ ++static inline void audit_put_tty(struct tty_struct *tty) ++{ ++ tty_kref_put(tty); ++} ++ + extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); + extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); + extern void __audit_bprm(struct linux_binprm *bprm); +@@ -410,6 +428,12 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk) + { + return -1; + } ++static inline struct tty_struct *audit_get_tty(struct task_struct *tsk) ++{ ++ return NULL; ++} ++static inline void audit_put_tty(struct tty_struct *tty) ++{ } + static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) + { } + static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, +diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h +index a91b3b75da0f..bb3a4bb35183 100644 +--- a/include/linux/cpumask.h ++++ b/include/linux/cpumask.h +@@ -661,6 +661,11 @@ void alloc_bootmem_cpumask_var(cpumask_var_t *mask); + void free_cpumask_var(cpumask_var_t mask); + void free_bootmem_cpumask_var(cpumask_var_t mask); + ++static inline bool cpumask_available(cpumask_var_t mask) ++{ ++ return mask != NULL; ++} ++ + #else + typedef struct cpumask cpumask_var_t[1]; + +@@ -701,6 +706,11 @@ static inline void free_cpumask_var(cpumask_var_t mask) + static inline void free_bootmem_cpumask_var(cpumask_var_t mask) + { + } ++ ++static inline bool cpumask_available(cpumask_var_t mask) ++{ ++ return true; ++} + #endif /* CONFIG_CPUMASK_OFFSTACK */ + + /* It's common to want to use cpu_all_mask in struct member initializers, +diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h +index 5fdc55312334..2fb10601febe 100644 +--- a/include/linux/jiffies.h ++++ b/include/linux/jiffies.h +@@ -1,6 +1,7 @@ + #ifndef _LINUX_JIFFIES_H + #define _LINUX_JIFFIES_H + ++#include <linux/cache.h> + #include <linux/math64.h> + #include <linux/kernel.h> + #include <linux/types.h> +@@ -63,19 +64,17 @@ extern int register_refined_jiffies(long clock_tick_rate); + /* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */ + #define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ) + +-/* some arch's have a small-data section that can be accessed register-relative +- * but that can only take up to, say, 4-byte variables. jiffies being part of +- * an 8-byte variable may not be correctly accessed unless we force the issue +- */ +-#define __jiffy_data __attribute__((section(".data"))) ++#ifndef __jiffy_arch_data ++#define __jiffy_arch_data ++#endif + + /* + * The 64-bit value is not atomic - you MUST NOT read it + * without sampling the sequence number in jiffies_lock. + * get_jiffies_64() will do this for you as appropriate. + */ +-extern u64 __jiffy_data jiffies_64; +-extern unsigned long volatile __jiffy_data jiffies; ++extern u64 __cacheline_aligned_in_smp jiffies_64; ++extern unsigned long volatile __cacheline_aligned_in_smp __jiffy_arch_data jiffies; + + #if (BITS_PER_LONG < 64) + u64 get_jiffies_64(void); +diff --git a/include/linux/llist.h b/include/linux/llist.h +index fd4ca0b4fe0f..ac6796138ba0 100644 +--- a/include/linux/llist.h ++++ b/include/linux/llist.h +@@ -87,6 +87,23 @@ static inline void init_llist_head(struct llist_head *list) + #define llist_entry(ptr, type, member) \ + container_of(ptr, type, member) + ++/** ++ * member_address_is_nonnull - check whether the member address is not NULL ++ * @ptr: the object pointer (struct type * that contains the llist_node) ++ * @member: the name of the llist_node within the struct. ++ * ++ * This macro is conceptually the same as ++ * &ptr->member != NULL ++ * but it works around the fact that compilers can decide that taking a member ++ * address is never a NULL pointer. ++ * ++ * Real objects that start at a high address and have a member at NULL are ++ * unlikely to exist, but such pointers may be returned e.g. by the ++ * container_of() macro. ++ */ ++#define member_address_is_nonnull(ptr, member) \ ++ ((uintptr_t)(ptr) + offsetof(typeof(*(ptr)), member) != 0) ++ + /** + * llist_for_each - iterate over some deleted entries of a lock-less list + * @pos: the &struct llist_node to use as a loop cursor +@@ -121,7 +138,7 @@ static inline void init_llist_head(struct llist_head *list) + */ + #define llist_for_each_entry(pos, node, member) \ + for ((pos) = llist_entry((node), typeof(*(pos)), member); \ +- &(pos)->member != NULL; \ ++ member_address_is_nonnull(pos, member); \ + (pos) = llist_entry((pos)->member.next, typeof(*(pos)), member)) + + /** +@@ -143,7 +160,7 @@ static inline void init_llist_head(struct llist_head *list) + */ + #define llist_for_each_entry_safe(pos, n, node, member) \ + for (pos = llist_entry((node), typeof(*pos), member); \ +- &pos->member != NULL && \ ++ member_address_is_nonnull(pos, member) && \ + (n = llist_entry(pos->member.next, typeof(*n), member), true); \ + pos = n) + +diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h +index 53e361a9af79..6923e4049de3 100644 +--- a/include/linux/netfilter/x_tables.h ++++ b/include/linux/netfilter/x_tables.h +@@ -247,6 +247,8 @@ unsigned int *xt_alloc_entry_offsets(unsigned int size); + bool xt_find_jump_offset(const unsigned int *offsets, + unsigned int target, unsigned int size); + ++int xt_check_proc_name(const char *name, unsigned int size); ++ + int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto, + bool inv_proto); + int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto, +diff --git a/include/linux/nospec.h b/include/linux/nospec.h +index 115381228203..e791ebc65c9c 100644 +--- a/include/linux/nospec.h ++++ b/include/linux/nospec.h +@@ -20,20 +20,6 @@ + static inline unsigned long array_index_mask_nospec(unsigned long index, + unsigned long size) + { +- /* +- * Warn developers about inappropriate array_index_nospec() usage. +- * +- * Even if the CPU speculates past the WARN_ONCE branch, the +- * sign bit of @index is taken into account when generating the +- * mask. +- * +- * This warning is compiled out when the compiler can infer that +- * @index and @size are less than LONG_MAX. +- */ +- if (WARN_ONCE(index > LONG_MAX || size > LONG_MAX, +- "array_index_nospec() limited to range of [0, LONG_MAX]\n")) +- return 0; +- + /* + * Always calculate and emit the mask even if the compiler + * thinks the mask is not needed. The compiler does not take +diff --git a/include/linux/tty.h b/include/linux/tty.h +index 83b264c52898..a1042afff99a 100644 +--- a/include/linux/tty.h ++++ b/include/linux/tty.h +@@ -372,6 +372,7 @@ extern void proc_clear_tty(struct task_struct *p); + extern struct tty_struct *get_current_tty(void); + /* tty_io.c */ + extern int __init tty_init(void); ++extern const char *tty_name(const struct tty_struct *tty); + #else + static inline void console_init(void) + { } +@@ -392,6 +393,8 @@ static inline struct tty_struct *get_current_tty(void) + /* tty_io.c */ + static inline int __init tty_init(void) + { return 0; } ++static inline const char *tty_name(const struct tty_struct *tty) ++{ return "(none)"; } + #endif + + extern void tty_write_flush(struct tty_struct *); +@@ -420,7 +423,6 @@ static inline struct tty_struct *tty_kref_get(struct tty_struct *tty) + + extern int tty_paranoia_check(struct tty_struct *tty, struct inode *inode, + const char *routine); +-extern const char *tty_name(const struct tty_struct *tty); + extern void tty_wait_until_sent(struct tty_struct *tty, long timeout); + extern int __tty_check_change(struct tty_struct *tty, int sig); + extern int tty_check_change(struct tty_struct *tty); +diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h +index 3d583a10b926..7e84aac39ade 100644 +--- a/include/linux/usb/gadget.h ++++ b/include/linux/usb/gadget.h +@@ -662,9 +662,21 @@ static inline struct usb_gadget *dev_to_usb_gadget(struct device *dev) + #define gadget_for_each_ep(tmp, gadget) \ + list_for_each_entry(tmp, &(gadget)->ep_list, ep_list) + ++/** ++ * usb_ep_align - returns @len aligned to ep's maxpacketsize. ++ * @ep: the endpoint whose maxpacketsize is used to align @len ++ * @len: buffer size's length to align to @ep's maxpacketsize ++ * ++ * This helper is used to align buffer's size to an ep's maxpacketsize. ++ */ ++static inline size_t usb_ep_align(struct usb_ep *ep, size_t len) ++{ ++ return round_up(len, (size_t)le16_to_cpu(ep->desc->wMaxPacketSize)); ++} ++ + /** + * usb_ep_align_maybe - returns @len aligned to ep's maxpacketsize if gadget +- * requires quirk_ep_out_aligned_size, otherwise reguens len. ++ * requires quirk_ep_out_aligned_size, otherwise returns len. + * @g: controller to check for quirk + * @ep: the endpoint whose maxpacketsize is used to align @len + * @len: buffer size's length to align to @ep's maxpacketsize +@@ -675,8 +687,7 @@ static inline struct usb_gadget *dev_to_usb_gadget(struct device *dev) + static inline size_t + usb_ep_align_maybe(struct usb_gadget *g, struct usb_ep *ep, size_t len) + { +- return !g->quirk_ep_out_aligned_size ? len : +- round_up(len, (size_t)ep->desc->wMaxPacketSize); ++ return g->quirk_ep_out_aligned_size ? usb_ep_align(ep, len) : len; + } + + /** +diff --git a/include/rdma/ib_addr.h b/include/rdma/ib_addr.h +index a78ff97eb249..d77416963f05 100644 +--- a/include/rdma/ib_addr.h ++++ b/include/rdma/ib_addr.h +@@ -123,6 +123,8 @@ int rdma_copy_addr(struct rdma_dev_addr *dev_addr, struct net_device *dev, + const unsigned char *dst_dev_addr); + + int rdma_addr_size(struct sockaddr *addr); ++int rdma_addr_size_in6(struct sockaddr_in6 *addr); ++int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr); + + int rdma_addr_find_smac_by_sgid(union ib_gid *sgid, u8 *smac, u16 *vlan_id); + int rdma_addr_find_dmac_by_grh(const union ib_gid *sgid, const union ib_gid *dgid, +diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h +index 1becea86c73c..eb3c786afa70 100644 +--- a/include/uapi/linux/pci_regs.h ++++ b/include/uapi/linux/pci_regs.h +@@ -106,7 +106,7 @@ + #define PCI_SUBSYSTEM_ID 0x2e + #define PCI_ROM_ADDRESS 0x30 /* Bits 31..11 are address, 10..1 reserved */ + #define PCI_ROM_ADDRESS_ENABLE 0x01 +-#define PCI_ROM_ADDRESS_MASK (~0x7ffUL) ++#define PCI_ROM_ADDRESS_MASK (~0x7ffU) + + #define PCI_CAPABILITY_LIST 0x34 /* Offset of first capability list entry */ + +diff --git a/kernel/audit.c b/kernel/audit.c +index 41f9a38bb800..6881b485aa2a 100644 +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -64,7 +64,6 @@ + #include <linux/security.h> + #endif + #include <linux/freezer.h> +-#include <linux/tty.h> + #include <linux/pid_namespace.h> + #include <net/netns/generic.h> + +@@ -1876,21 +1875,14 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) + { + const struct cred *cred; + char comm[sizeof(tsk->comm)]; +- char *tty; ++ struct tty_struct *tty; + + if (!ab) + return; + + /* tsk == current */ + cred = current_cred(); +- +- spin_lock_irq(&tsk->sighand->siglock); +- if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) +- tty = tsk->signal->tty->name; +- else +- tty = "(none)"; +- spin_unlock_irq(&tsk->sighand->siglock); +- ++ tty = audit_get_tty(tsk); + audit_log_format(ab, + " ppid=%d pid=%d auid=%u uid=%u gid=%u" + " euid=%u suid=%u fsuid=%u" +@@ -1906,11 +1898,11 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) + from_kgid(&init_user_ns, cred->egid), + from_kgid(&init_user_ns, cred->sgid), + from_kgid(&init_user_ns, cred->fsgid), +- tty, audit_get_sessionid(tsk)); +- ++ tty ? tty_name(tty) : "(none)", ++ audit_get_sessionid(tsk)); ++ audit_put_tty(tty); + audit_log_format(ab, " comm="); + audit_log_untrustedstring(ab, get_task_comm(comm, tsk)); +- + audit_log_d_path_exe(ab, tsk->mm); + audit_log_task_context(ab); + } +diff --git a/kernel/auditsc.c b/kernel/auditsc.c +index 48f45987dc6c..4bdea31cf6ce 100644 +--- a/kernel/auditsc.c ++++ b/kernel/auditsc.c +@@ -1976,6 +1976,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, + { + struct audit_buffer *ab; + uid_t uid, oldloginuid, loginuid; ++ struct tty_struct *tty; + + if (!audit_enabled) + return; +@@ -1983,14 +1984,17 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid, + uid = from_kuid(&init_user_ns, task_uid(current)); + oldloginuid = from_kuid(&init_user_ns, koldloginuid); + loginuid = from_kuid(&init_user_ns, kloginuid), ++ tty = audit_get_tty(current); + + ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN); + if (!ab) + return; + audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid); + audit_log_task_context(ab); +- audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d", +- oldloginuid, loginuid, oldsessionid, sessionid, !rc); ++ audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d", ++ oldloginuid, loginuid, tty ? tty_name(tty) : "(none)", ++ oldsessionid, sessionid, !rc); ++ audit_put_tty(tty); + audit_log_end(ab); + } + +diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c +index 92ce5f4ccc26..a27245fdcd81 100644 +--- a/kernel/events/hw_breakpoint.c ++++ b/kernel/events/hw_breakpoint.c +@@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_breakpoint); + * modify_user_hw_breakpoint - modify a user-space hardware breakpoint + * @bp: the breakpoint structure to modify + * @attr: new breakpoint attributes +- * @triggered: callback to trigger when we hit the breakpoint +- * @tsk: pointer to 'task_struct' of the process to which the address belongs + */ + int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr) + { +- u64 old_addr = bp->attr.bp_addr; +- u64 old_len = bp->attr.bp_len; +- int old_type = bp->attr.bp_type; +- int err = 0; +- + /* + * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it + * will not be possible to raise IPIs that invoke __perf_event_disable. +@@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *att + bp->attr.bp_addr = attr->bp_addr; + bp->attr.bp_type = attr->bp_type; + bp->attr.bp_len = attr->bp_len; ++ bp->attr.disabled = 1; + +- if (attr->disabled) +- goto end; +- +- err = validate_hw_breakpoint(bp); +- if (!err) +- perf_event_enable(bp); ++ if (!attr->disabled) { ++ int err = validate_hw_breakpoint(bp); + +- if (err) { +- bp->attr.bp_addr = old_addr; +- bp->attr.bp_type = old_type; +- bp->attr.bp_len = old_len; +- if (!bp->attr.disabled) +- perf_event_enable(bp); ++ if (err) ++ return err; + +- return err; ++ perf_event_enable(bp); ++ bp->attr.disabled = 0; + } + +-end: +- bp->attr.disabled = attr->disabled; +- + return 0; + } + EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint); +diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c +index a079ed14f230..5f55a8bf5264 100644 +--- a/kernel/irq/manage.c ++++ b/kernel/irq/manage.c +@@ -836,7 +836,7 @@ irq_thread_check_affinity(struct irq_desc *desc, struct irqaction *action) + * This code is triggered unconditionally. Check the affinity + * mask pointer. For CPU_MASK_OFFSTACK=n this is optimized out. + */ +- if (desc->irq_common_data.affinity) ++ if (cpumask_available(desc->irq_common_data.affinity)) + cpumask_copy(mask, desc->irq_common_data.affinity); + else + valid = false; +diff --git a/kernel/kprobes.c b/kernel/kprobes.c +index 695763516908..bbe9dd0886bd 100644 +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -125,7 +125,7 @@ static void *alloc_insn_page(void) + return module_alloc(PAGE_SIZE); + } + +-static void free_insn_page(void *page) ++void __weak free_insn_page(void *page) + { + module_memfree(page); + } +diff --git a/mm/backing-dev.c b/mm/backing-dev.c +index a988d4ef39da..7f80b1a1bc34 100644 +--- a/mm/backing-dev.c ++++ b/mm/backing-dev.c +@@ -922,7 +922,7 @@ static atomic_t nr_wb_congested[2]; + void clear_wb_congested(struct bdi_writeback_congested *congested, int sync) + { + wait_queue_head_t *wqh = &congestion_wqh[sync]; +- enum wb_state bit; ++ enum wb_congested_state bit; + + bit = sync ? WB_sync_congested : WB_async_congested; + if (test_and_clear_bit(bit, &congested->state)) +@@ -935,7 +935,7 @@ EXPORT_SYMBOL(clear_wb_congested); + + void set_wb_congested(struct bdi_writeback_congested *congested, int sync) + { +- enum wb_state bit; ++ enum wb_congested_state bit; + + bit = sync ? WB_sync_congested : WB_async_congested; + if (!test_and_set_bit(bit, &congested->state)) +diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c +index 906f88550cd8..0dc27d2e8f18 100644 +--- a/net/bluetooth/smp.c ++++ b/net/bluetooth/smp.c +@@ -2251,8 +2251,14 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb) + else + sec_level = authreq_to_seclevel(auth); + +- if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) ++ if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) { ++ /* If link is already encrypted with sufficient security we ++ * still need refresh encryption as per Core Spec 5.0 Vol 3, ++ * Part H 2.4.6 ++ */ ++ smp_ltk_encrypt(conn, hcon->sec_level); + return 0; ++ } + + if (sec_level > hcon->pending_sec_level) + hcon->pending_sec_level = sec_level; +diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c +index 9637a681bdda..9adf16258cab 100644 +--- a/net/bridge/netfilter/ebt_among.c ++++ b/net/bridge/netfilter/ebt_among.c +@@ -177,6 +177,28 @@ static bool poolsize_invalid(const struct ebt_mac_wormhash *w) + return w && w->poolsize >= (INT_MAX / sizeof(struct ebt_mac_wormhash_tuple)); + } + ++static bool wormhash_offset_invalid(int off, unsigned int len) ++{ ++ if (off == 0) /* not present */ ++ return false; ++ ++ if (off < (int)sizeof(struct ebt_among_info) || ++ off % __alignof__(struct ebt_mac_wormhash)) ++ return true; ++ ++ off += sizeof(struct ebt_mac_wormhash); ++ ++ return off > len; ++} ++ ++static bool wormhash_sizes_valid(const struct ebt_mac_wormhash *wh, int a, int b) ++{ ++ if (a == 0) ++ a = sizeof(struct ebt_among_info); ++ ++ return ebt_mac_wormhash_size(wh) + a == b; ++} ++ + static int ebt_among_mt_check(const struct xt_mtchk_param *par) + { + const struct ebt_among_info *info = par->matchinfo; +@@ -189,6 +211,10 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par) + if (expected_length > em->match_size) + return -EINVAL; + ++ if (wormhash_offset_invalid(info->wh_dst_ofs, em->match_size) || ++ wormhash_offset_invalid(info->wh_src_ofs, em->match_size)) ++ return -EINVAL; ++ + wh_dst = ebt_among_wh_dst(info); + if (poolsize_invalid(wh_dst)) + return -EINVAL; +@@ -201,6 +227,14 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par) + if (poolsize_invalid(wh_src)) + return -EINVAL; + ++ if (info->wh_src_ofs < info->wh_dst_ofs) { ++ if (!wormhash_sizes_valid(wh_src, info->wh_src_ofs, info->wh_dst_ofs)) ++ return -EINVAL; ++ } else { ++ if (!wormhash_sizes_valid(wh_dst, info->wh_dst_ofs, info->wh_src_ofs)) ++ return -EINVAL; ++ } ++ + expected_length += ebt_mac_wormhash_size(wh_src); + + if (em->match_size != EBT_ALIGN(expected_length)) { +diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c +index 574f7ebba0b6..ac8342dcb55e 100644 +--- a/net/ipv4/netfilter/nf_nat_h323.c ++++ b/net/ipv4/netfilter/nf_nat_h323.c +@@ -252,16 +252,16 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, + if (set_h245_addr(skb, protoff, data, dataoff, taddr, + &ct->tuplehash[!dir].tuple.dst.u3, + htons((port & htons(1)) ? nated_port + 1 : +- nated_port)) == 0) { +- /* Save ports */ +- info->rtp_port[i][dir] = rtp_port; +- info->rtp_port[i][!dir] = htons(nated_port); +- } else { ++ nated_port))) { + nf_ct_unexpect_related(rtp_exp); + nf_ct_unexpect_related(rtcp_exp); + return -1; + } + ++ /* Save ports */ ++ info->rtp_port[i][dir] = rtp_port; ++ info->rtp_port[i][!dir] = htons(nated_port); ++ + /* Success */ + pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n", + &rtp_exp->tuple.src.u3.ip, +@@ -370,15 +370,15 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, + /* Modify signal */ + if (set_h225_addr(skb, protoff, data, dataoff, taddr, + &ct->tuplehash[!dir].tuple.dst.u3, +- htons(nated_port)) == 0) { +- /* Save ports */ +- info->sig_port[dir] = port; +- info->sig_port[!dir] = htons(nated_port); +- } else { ++ htons(nated_port))) { + nf_ct_unexpect_related(exp); + return -1; + } + ++ /* Save ports */ ++ info->sig_port[dir] = port; ++ info->sig_port[!dir] = htons(nated_port); ++ + pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n", + &exp->tuple.src.u3.ip, + ntohs(exp->tuple.src.u.tcp.port), +@@ -462,24 +462,27 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, + /* Modify signal */ + if (set_h225_addr(skb, protoff, data, 0, &taddr[idx], + &ct->tuplehash[!dir].tuple.dst.u3, +- htons(nated_port)) == 0) { +- /* Save ports */ +- info->sig_port[dir] = port; +- info->sig_port[!dir] = htons(nated_port); +- +- /* Fix for Gnomemeeting */ +- if (idx > 0 && +- get_h225_addr(ct, *data, &taddr[0], &addr, &port) && +- (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { +- set_h225_addr(skb, protoff, data, 0, &taddr[0], +- &ct->tuplehash[!dir].tuple.dst.u3, +- info->sig_port[!dir]); +- } +- } else { ++ htons(nated_port))) { + nf_ct_unexpect_related(exp); + return -1; + } + ++ /* Save ports */ ++ info->sig_port[dir] = port; ++ info->sig_port[!dir] = htons(nated_port); ++ ++ /* Fix for Gnomemeeting */ ++ if (idx > 0 && ++ get_h225_addr(ct, *data, &taddr[0], &addr, &port) && ++ (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { ++ if (set_h225_addr(skb, protoff, data, 0, &taddr[0], ++ &ct->tuplehash[!dir].tuple.dst.u3, ++ info->sig_port[!dir])) { ++ nf_ct_unexpect_related(exp); ++ return -1; ++ } ++ } ++ + /* Success */ + pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n", + &exp->tuple.src.u3.ip, +@@ -550,9 +553,9 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, + } + + /* Modify signal */ +- if (!set_h225_addr(skb, protoff, data, dataoff, taddr, +- &ct->tuplehash[!dir].tuple.dst.u3, +- htons(nated_port)) == 0) { ++ if (set_h225_addr(skb, protoff, data, dataoff, taddr, ++ &ct->tuplehash[!dir].tuple.dst.u3, ++ htons(nated_port))) { + nf_ct_unexpect_related(exp); + return -1; + } +diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c +index e4b0fb2f06a3..d7105422bc63 100644 +--- a/net/ipv6/ip6_vti.c ++++ b/net/ipv6/ip6_vti.c +@@ -614,7 +614,6 @@ static void vti6_link_config(struct ip6_tnl *t) + { + struct net_device *dev = t->dev; + struct __ip6_tnl_parm *p = &t->parms; +- struct net_device *tdev = NULL; + + memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr)); + memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr)); +@@ -627,25 +626,6 @@ static void vti6_link_config(struct ip6_tnl *t) + dev->flags |= IFF_POINTOPOINT; + else + dev->flags &= ~IFF_POINTOPOINT; +- +- if (p->flags & IP6_TNL_F_CAP_XMIT) { +- int strict = (ipv6_addr_type(&p->raddr) & +- (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL)); +- struct rt6_info *rt = rt6_lookup(t->net, +- &p->raddr, &p->laddr, +- p->link, strict); +- +- if (rt) +- tdev = rt->dst.dev; +- ip6_rt_put(rt); +- } +- +- if (!tdev && p->link) +- tdev = __dev_get_by_index(t->net, p->link); +- +- if (tdev) +- dev->mtu = max_t(int, tdev->mtu - dev->hard_header_len, +- IPV6_MIN_MTU); + } + + /** +diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c +index 660939df7c94..4ece07c68b3f 100644 +--- a/net/netfilter/nf_conntrack_netlink.c ++++ b/net/netfilter/nf_conntrack_netlink.c +@@ -999,9 +999,8 @@ static const struct nla_policy tuple_nla_policy[CTA_TUPLE_MAX+1] = { + + static int + ctnetlink_parse_tuple(const struct nlattr * const cda[], +- struct nf_conntrack_tuple *tuple, +- enum ctattr_type type, u_int8_t l3num, +- struct nf_conntrack_zone *zone) ++ struct nf_conntrack_tuple *tuple, u32 type, ++ u_int8_t l3num, struct nf_conntrack_zone *zone) + { + struct nlattr *tb[CTA_TUPLE_MAX+1]; + int err; +@@ -2416,7 +2415,7 @@ static struct nfnl_ct_hook ctnetlink_glue_hook = { + static inline int + ctnetlink_exp_dump_tuple(struct sk_buff *skb, + const struct nf_conntrack_tuple *tuple, +- enum ctattr_expect type) ++ u32 type) + { + struct nlattr *nest_parms; + +diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c +index 34ae20490c94..1f3c305df45d 100644 +--- a/net/netfilter/x_tables.c ++++ b/net/netfilter/x_tables.c +@@ -366,6 +366,36 @@ textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto) + return buf; + } + ++/** ++ * xt_check_proc_name - check that name is suitable for /proc file creation ++ * ++ * @name: file name candidate ++ * @size: length of buffer ++ * ++ * some x_tables modules wish to create a file in /proc. ++ * This function makes sure that the name is suitable for this ++ * purpose, it checks that name is NUL terminated and isn't a 'special' ++ * name, like "..". ++ * ++ * returns negative number on error or 0 if name is useable. ++ */ ++int xt_check_proc_name(const char *name, unsigned int size) ++{ ++ if (name[0] == '\0') ++ return -EINVAL; ++ ++ if (strnlen(name, size) == size) ++ return -ENAMETOOLONG; ++ ++ if (strcmp(name, ".") == 0 || ++ strcmp(name, "..") == 0 || ++ strchr(name, '/')) ++ return -EINVAL; ++ ++ return 0; ++} ++EXPORT_SYMBOL(xt_check_proc_name); ++ + int xt_check_match(struct xt_mtchk_param *par, + unsigned int size, u_int8_t proto, bool inv_proto) + { +diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c +index 178696852bde..7381be0cdcdf 100644 +--- a/net/netfilter/xt_hashlimit.c ++++ b/net/netfilter/xt_hashlimit.c +@@ -668,8 +668,9 @@ static int hashlimit_mt_check(const struct xt_mtchk_param *par) + + if (info->cfg.gc_interval == 0 || info->cfg.expire == 0) + return -EINVAL; +- if (info->name[sizeof(info->name)-1] != '\0') +- return -EINVAL; ++ ret = xt_check_proc_name(info->name, sizeof(info->name)); ++ if (ret) ++ return ret; + if (par->family == NFPROTO_IPV4) { + if (info->cfg.srcmask > 32 || info->cfg.dstmask > 32) + return -EINVAL; +diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c +index d725a27743a1..cd53b861a15c 100644 +--- a/net/netfilter/xt_recent.c ++++ b/net/netfilter/xt_recent.c +@@ -364,9 +364,9 @@ static int recent_mt_check(const struct xt_mtchk_param *par, + info->hit_count, XT_RECENT_MAX_NSTAMPS - 1); + return -EINVAL; + } +- if (info->name[0] == '\0' || +- strnlen(info->name, XT_RECENT_NAME_LEN) == XT_RECENT_NAME_LEN) +- return -EINVAL; ++ ret = xt_check_proc_name(info->name, sizeof(info->name)); ++ if (ret) ++ return ret; + + if (ip_pkt_list_tot && info->hit_count < ip_pkt_list_tot) + nstamp_mask = roundup_pow_of_two(ip_pkt_list_tot) - 1; +diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c +index ccfdc7115a83..a00ec715aa46 100644 +--- a/net/xfrm/xfrm_ipcomp.c ++++ b/net/xfrm/xfrm_ipcomp.c +@@ -283,7 +283,7 @@ static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name) + struct crypto_comp *tfm; + + /* This can be any valid CPU ID so we don't need locking. */ +- tfm = __this_cpu_read(*pos->tfms); ++ tfm = this_cpu_read(*pos->tfms); + + if (!strcmp(crypto_comp_name(tfm), alg_name)) { + pos->users++; +diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c +index 96d664e198bf..34b5b4bcf5cb 100644 +--- a/net/xfrm/xfrm_state.c ++++ b/net/xfrm/xfrm_state.c +@@ -1845,6 +1845,11 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen + struct xfrm_mgr *km; + struct xfrm_policy *pol = NULL; + ++#ifdef CONFIG_COMPAT ++ if (is_compat_task()) ++ return -EOPNOTSUPP; ++#endif ++ + if (!optval && !optlen) { + xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL); + xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL); +diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c +index fa856a07e40b..5d9f25cb6426 100644 +--- a/net/xfrm/xfrm_user.c ++++ b/net/xfrm/xfrm_user.c +@@ -121,22 +121,17 @@ static inline int verify_replay(struct xfrm_usersa_info *p, + struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; + struct xfrm_replay_state_esn *rs; + +- if (p->flags & XFRM_STATE_ESN) { +- if (!rt) +- return -EINVAL; ++ if (!rt) ++ return (p->flags & XFRM_STATE_ESN) ? -EINVAL : 0; + +- rs = nla_data(rt); ++ rs = nla_data(rt); + +- if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8) +- return -EINVAL; +- +- if (nla_len(rt) < xfrm_replay_state_esn_len(rs) && +- nla_len(rt) != sizeof(*rs)) +- return -EINVAL; +- } ++ if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8) ++ return -EINVAL; + +- if (!rt) +- return 0; ++ if (nla_len(rt) < xfrm_replay_state_esn_len(rs) && ++ nla_len(rt) != sizeof(*rs)) ++ return -EINVAL; + + /* As only ESP and AH support ESN feature. */ + if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH)) +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c +index 4c7db967b7bb..4f690ab0feed 100644 +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -333,18 +333,6 @@ static void superblock_free_security(struct super_block *sb) + kfree(sbsec); + } + +-/* The file system's label must be initialized prior to use. */ +- +-static const char *labeling_behaviors[7] = { +- "uses xattr", +- "uses transition SIDs", +- "uses task SIDs", +- "uses genfs_contexts", +- "not configured for labeling", +- "uses mountpoint labeling", +- "uses native labeling", +-}; +- + static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry); + + static inline int inode_doinit(struct inode *inode) +@@ -456,10 +444,6 @@ static int sb_finish_set_opts(struct super_block *sb) + } + } + +- if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) +- printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", +- sb->s_id, sb->s_type->name); +- + sbsec->flags |= SE_SBINITIALIZED; + if (selinux_is_sblabel_mnt(sb)) + sbsec->flags |= SBLABEL_MNT; +diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c +index db7eff3573a9..23dca68ffe25 100644 +--- a/security/selinux/ss/services.c ++++ b/security/selinux/ss/services.c +@@ -155,7 +155,7 @@ static int selinux_set_mapping(struct policydb *pol, + } + + k = 0; +- while (p_in->perms && p_in->perms[k]) { ++ while (p_in->perms[k]) { + /* An empty permission string skips ahead */ + if (!*p_in->perms[k]) { + k++; +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c +index daa1feac66bf..6cd8aec146f2 100644 +--- a/sound/core/oss/pcm_oss.c ++++ b/sound/core/oss/pcm_oss.c +@@ -1361,7 +1361,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha + static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes) + { + size_t xfer = 0; +- ssize_t tmp; ++ ssize_t tmp = 0; + struct snd_pcm_runtime *runtime = substream->runtime; + + if (atomic_read(&substream->mmap_count)) +@@ -1468,7 +1468,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf, + static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes) + { + size_t xfer = 0; +- ssize_t tmp; ++ ssize_t tmp = 0; + struct snd_pcm_runtime *runtime = substream->runtime; + + if (atomic_read(&substream->mmap_count)) +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c +index 4ba64fd49759..ce2954a31238 100644 +--- a/sound/core/pcm_native.c ++++ b/sound/core/pcm_native.c +@@ -3408,7 +3408,7 @@ int snd_pcm_lib_default_mmap(struct snd_pcm_substream *substream, + area, + substream->runtime->dma_area, + substream->runtime->dma_addr, +- area->vm_end - area->vm_start); ++ substream->runtime->dma_bytes); + #endif /* CONFIG_X86 */ + /* mmap with fault handler */ + area->vm_ops = &snd_pcm_vm_ops_data_fault;
