Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/kernel-alx/patches-3.14/0108-3.14.9-all-fixes.patch

    Contents of /trunk/kernel-alx/patches-3.14/0108-3.14.9-all-fixes.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 2506 - (show annotations) (download)
    Fri Oct 17 07:55:45 2014 UTC (9 years, 6 months ago) by niro
    File size: 108101 byte(s) 
    -patches for 3.14
    1 diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
    2 index f1c5cc9d17a8..4c3efe434806 100644
    3 --- a/Documentation/ABI/testing/ima_policy
    4 +++ b/Documentation/ABI/testing/ima_policy
    5 @@ -23,7 +23,7 @@ Description:
    6 [fowner]]
    7 lsm: [[subj_user=] [subj_role=] [subj_type=]
    8 [obj_user=] [obj_role=] [obj_type=]]
    9 - option: [[appraise_type=]]
    10 + option: [[appraise_type=]] [permit_directio]
    11
    12 base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]
    13 mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
    14 diff --git a/Makefile b/Makefile
    15 index ef1d59b750ea..ee247656432f 100644
    16 --- a/Makefile
    17 +++ b/Makefile
    18 @@ -1,6 +1,6 @@
    19 VERSION = 3
    20 PATCHLEVEL = 14
    21 -SUBLEVEL = 8
    22 +SUBLEVEL = 9
    23 EXTRAVERSION =
    24 NAME = Remembering Coco
    25
    26 diff --git a/arch/arm/mach-at91/sysirq_mask.c b/arch/arm/mach-at91/sysirq_mask.c
    27 index 2ba694f9626b..f8bc3511a8c8 100644
    28 --- a/arch/arm/mach-at91/sysirq_mask.c
    29 +++ b/arch/arm/mach-at91/sysirq_mask.c
    30 @@ -25,24 +25,28 @@
    31
    32 #include "generic.h"
    33
    34 -#define AT91_RTC_IDR 0x24 /* Interrupt Disable Register */
    35 -#define AT91_RTC_IMR 0x28 /* Interrupt Mask Register */
    36 +#define AT91_RTC_IDR 0x24 /* Interrupt Disable Register */
    37 +#define AT91_RTC_IMR 0x28 /* Interrupt Mask Register */
    38 +#define AT91_RTC_IRQ_MASK 0x1f /* Available IRQs mask */
    39
    40 void __init at91_sysirq_mask_rtc(u32 rtc_base)
    41 {
    42 void __iomem *base;
    43 - u32 mask;
    44
    45 base = ioremap(rtc_base, 64);
    46 if (!base)
    47 return;
    48
    49 - mask = readl_relaxed(base + AT91_RTC_IMR);
    50 - if (mask) {
    51 - pr_info("AT91: Disabling rtc irq\n");
    52 - writel_relaxed(mask, base + AT91_RTC_IDR);
    53 - (void)readl_relaxed(base + AT91_RTC_IMR); /* flush */
    54 - }
    55 + /*
    56 + * sam9x5 SoCs have the following errata:
    57 + * "RTC: Interrupt Mask Register cannot be used
    58 + * Interrupt Mask Register read always returns 0."
    59 + *
    60 + * Hence we're not relying on IMR values to disable
    61 + * interrupts.
    62 + */
    63 + writel_relaxed(AT91_RTC_IRQ_MASK, base + AT91_RTC_IDR);
    64 + (void)readl_relaxed(base + AT91_RTC_IMR); /* flush */
    65
    66 iounmap(base);
    67 }
    68 diff --git a/arch/mips/kvm/kvm_mips.c b/arch/mips/kvm/kvm_mips.c
    69 index da5186fbd77a..5efce56f0df0 100644
    70 --- a/arch/mips/kvm/kvm_mips.c
    71 +++ b/arch/mips/kvm/kvm_mips.c
    72 @@ -304,7 +304,7 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
    73 if (cpu_has_veic || cpu_has_vint) {
    74 size = 0x200 + VECTORSPACING * 64;
    75 } else {
    76 - size = 0x200;
    77 + size = 0x4000;
    78 }
    79
    80 /* Save Linux EBASE */
    81 diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c
    82 index 01fe9946d388..44d258da0a1b 100644
    83 --- a/arch/sparc/net/bpf_jit_comp.c
    84 +++ b/arch/sparc/net/bpf_jit_comp.c
    85 @@ -83,9 +83,9 @@ static void bpf_flush_icache(void *start_, void *end_)
    86 #define BNE (F2(0, 2) | CONDNE)
    87
    88 #ifdef CONFIG_SPARC64
    89 -#define BNE_PTR (F2(0, 1) | CONDNE | (2 << 20))
    90 +#define BE_PTR (F2(0, 1) | CONDE | (2 << 20))
    91 #else
    92 -#define BNE_PTR BNE
    93 +#define BE_PTR BE
    94 #endif
    95
    96 #define SETHI(K, REG) \
    97 @@ -600,7 +600,7 @@ void bpf_jit_compile(struct sk_filter *fp)
    98 case BPF_S_ANC_IFINDEX:
    99 emit_skb_loadptr(dev, r_A);
    100 emit_cmpi(r_A, 0);
    101 - emit_branch(BNE_PTR, cleanup_addr + 4);
    102 + emit_branch(BE_PTR, cleanup_addr + 4);
    103 emit_nop();
    104 emit_load32(r_A, struct net_device, ifindex, r_A);
    105 break;
    106 @@ -613,7 +613,7 @@ void bpf_jit_compile(struct sk_filter *fp)
    107 case BPF_S_ANC_HATYPE:
    108 emit_skb_loadptr(dev, r_A);
    109 emit_cmpi(r_A, 0);
    110 - emit_branch(BNE_PTR, cleanup_addr + 4);
    111 + emit_branch(BE_PTR, cleanup_addr + 4);
    112 emit_nop();
    113 emit_load16(r_A, struct net_device, type, r_A);
    114 break;
    115 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
    116 index 9736529ade08..006911858174 100644
    117 --- a/arch/x86/kvm/lapic.c
    118 +++ b/arch/x86/kvm/lapic.c
    119 @@ -360,6 +360,8 @@ static inline void apic_clear_irr(int vec, struct kvm_lapic *apic)
    120
    121 static inline void apic_set_isr(int vec, struct kvm_lapic *apic)
    122 {
    123 + /* Note that we never get here with APIC virtualization enabled. */
    124 +
    125 if (!__apic_test_and_set_vector(vec, apic->regs + APIC_ISR))
    126 ++apic->isr_count;
    127 BUG_ON(apic->isr_count > MAX_APIC_VECTOR);
    128 @@ -371,12 +373,48 @@ static inline void apic_set_isr(int vec, struct kvm_lapic *apic)
    129 apic->highest_isr_cache = vec;
    130 }
    131
    132 +static inline int apic_find_highest_isr(struct kvm_lapic *apic)
    133 +{
    134 + int result;
    135 +
    136 + /*
    137 + * Note that isr_count is always 1, and highest_isr_cache
    138 + * is always -1, with APIC virtualization enabled.
    139 + */
    140 + if (!apic->isr_count)
    141 + return -1;
    142 + if (likely(apic->highest_isr_cache != -1))
    143 + return apic->highest_isr_cache;
    144 +
    145 + result = find_highest_vector(apic->regs + APIC_ISR);
    146 + ASSERT(result == -1 || result >= 16);
    147 +
    148 + return result;
    149 +}
    150 +
    151 static inline void apic_clear_isr(int vec, struct kvm_lapic *apic)
    152 {
    153 - if (__apic_test_and_clear_vector(vec, apic->regs + APIC_ISR))
    154 + struct kvm_vcpu *vcpu;
    155 + if (!__apic_test_and_clear_vector(vec, apic->regs + APIC_ISR))
    156 + return;
    157 +
    158 + vcpu = apic->vcpu;
    159 +
    160 + /*
    161 + * We do get here for APIC virtualization enabled if the guest
    162 + * uses the Hyper-V APIC enlightenment. In this case we may need
    163 + * to trigger a new interrupt delivery by writing the SVI field;
    164 + * on the other hand isr_count and highest_isr_cache are unused
    165 + * and must be left alone.
    166 + */
    167 + if (unlikely(kvm_apic_vid_enabled(vcpu->kvm)))
    168 + kvm_x86_ops->hwapic_isr_update(vcpu->kvm,
    169 + apic_find_highest_isr(apic));
    170 + else {
    171 --apic->isr_count;
    172 - BUG_ON(apic->isr_count < 0);
    173 - apic->highest_isr_cache = -1;
    174 + BUG_ON(apic->isr_count < 0);
    175 + apic->highest_isr_cache = -1;
    176 + }
    177 }
    178
    179 int kvm_lapic_find_highest_irr(struct kvm_vcpu *vcpu)
    180 @@ -456,22 +494,6 @@ static void pv_eoi_clr_pending(struct kvm_vcpu *vcpu)
    181 __clear_bit(KVM_APIC_PV_EOI_PENDING, &vcpu->arch.apic_attention);
    182 }
    183
    184 -static inline int apic_find_highest_isr(struct kvm_lapic *apic)
    185 -{
    186 - int result;
    187 -
    188 - /* Note that isr_count is always 1 with vid enabled */
    189 - if (!apic->isr_count)
    190 - return -1;
    191 - if (likely(apic->highest_isr_cache != -1))
    192 - return apic->highest_isr_cache;
    193 -
    194 - result = find_highest_vector(apic->regs + APIC_ISR);
    195 - ASSERT(result == -1 || result >= 16);
    196 -
    197 - return result;
    198 -}
    199 -
    200 void kvm_apic_update_tmr(struct kvm_vcpu *vcpu, u32 *tmr)
    201 {
    202 struct kvm_lapic *apic = vcpu->arch.apic;
    203 @@ -1605,6 +1627,8 @@ int kvm_get_apic_interrupt(struct kvm_vcpu *vcpu)
    204 int vector = kvm_apic_has_interrupt(vcpu);
    205 struct kvm_lapic *apic = vcpu->arch.apic;
    206
    207 + /* Note that we never get here with APIC virtualization enabled. */
    208 +
    209 if (vector == -1)
    210 return -1;
    211
    212 diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
    213 index 1512e41cd93d..43665d0d0905 100644
    214 --- a/crypto/crypto_user.c
    215 +++ b/crypto/crypto_user.c
    216 @@ -466,7 +466,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
    217 type -= CRYPTO_MSG_BASE;
    218 link = &crypto_dispatch[type];
    219
    220 - if (!capable(CAP_NET_ADMIN))
    221 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    222 return -EPERM;
    223
    224 if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
    225 diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
    226 index 18c5b9b16645..3165811e2407 100644
    227 --- a/drivers/connector/cn_proc.c
    228 +++ b/drivers/connector/cn_proc.c
    229 @@ -369,7 +369,7 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg,
    230 return;
    231
    232 /* Can only change if privileged. */
    233 - if (!capable(CAP_NET_ADMIN)) {
    234 + if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) {
    235 err = EPERM;
    236 goto out;
    237 }
    238 diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
    239 index 2e7801af466e..05827eccc53a 100644
    240 --- a/drivers/hv/connection.c
    241 +++ b/drivers/hv/connection.c
    242 @@ -224,8 +224,8 @@ cleanup:
    243 vmbus_connection.int_page = NULL;
    244 }
    245
    246 - free_pages((unsigned long)vmbus_connection.monitor_pages[0], 1);
    247 - free_pages((unsigned long)vmbus_connection.monitor_pages[1], 1);
    248 + free_pages((unsigned long)vmbus_connection.monitor_pages[0], 0);
    249 + free_pages((unsigned long)vmbus_connection.monitor_pages[1], 0);
    250 vmbus_connection.monitor_pages[0] = NULL;
    251 vmbus_connection.monitor_pages[1] = NULL;
    252
    253 diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
    254 index 7e17a5495e02..393fd8a98735 100644
    255 --- a/drivers/hv/hv_balloon.c
    256 +++ b/drivers/hv/hv_balloon.c
    257 @@ -19,6 +19,7 @@
    258 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
    259
    260 #include <linux/kernel.h>
    261 +#include <linux/jiffies.h>
    262 #include <linux/mman.h>
    263 #include <linux/delay.h>
    264 #include <linux/init.h>
    265 @@ -459,6 +460,11 @@ static bool do_hot_add;
    266 */
    267 static uint pressure_report_delay = 45;
    268
    269 +/*
    270 + * The last time we posted a pressure report to host.
    271 + */
    272 +static unsigned long last_post_time;
    273 +
    274 module_param(hot_add, bool, (S_IRUGO | S_IWUSR));
    275 MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add");
    276
    277 @@ -542,6 +548,7 @@ struct hv_dynmem_device {
    278
    279 static struct hv_dynmem_device dm_device;
    280
    281 +static void post_status(struct hv_dynmem_device *dm);
    282 #ifdef CONFIG_MEMORY_HOTPLUG
    283
    284 static void hv_bring_pgs_online(unsigned long start_pfn, unsigned long size)
    285 @@ -612,7 +619,7 @@ static void hv_mem_hot_add(unsigned long start, unsigned long size,
    286 * have not been "onlined" within the allowed time.
    287 */
    288 wait_for_completion_timeout(&dm_device.ol_waitevent, 5*HZ);
    289 -
    290 + post_status(&dm_device);
    291 }
    292
    293 return;
    294 @@ -951,11 +958,17 @@ static void post_status(struct hv_dynmem_device *dm)
    295 {
    296 struct dm_status status;
    297 struct sysinfo val;
    298 + unsigned long now = jiffies;
    299 + unsigned long last_post = last_post_time;
    300
    301 if (pressure_report_delay > 0) {
    302 --pressure_report_delay;
    303 return;
    304 }
    305 +
    306 + if (!time_after(now, (last_post_time + HZ)))
    307 + return;
    308 +
    309 si_meminfo(&val);
    310 memset(&status, 0, sizeof(struct dm_status));
    311 status.hdr.type = DM_STATUS_REPORT;
    312 @@ -983,6 +996,14 @@ static void post_status(struct hv_dynmem_device *dm)
    313 if (status.hdr.trans_id != atomic_read(&trans_id))
    314 return;
    315
    316 + /*
    317 + * If the last post time that we sampled has changed,
    318 + * we have raced, don't post the status.
    319 + */
    320 + if (last_post != last_post_time)
    321 + return;
    322 +
    323 + last_post_time = jiffies;
    324 vmbus_sendpacket(dm->dev->channel, &status,
    325 sizeof(struct dm_status),
    326 (unsigned long)NULL,
    327 @@ -1117,7 +1138,7 @@ static void balloon_up(struct work_struct *dummy)
    328
    329 if (ret == -EAGAIN)
    330 msleep(20);
    331 -
    332 + post_status(&dm_device);
    333 } while (ret == -EAGAIN);
    334
    335 if (ret) {
    336 @@ -1144,8 +1165,10 @@ static void balloon_down(struct hv_dynmem_device *dm,
    337 struct dm_unballoon_response resp;
    338 int i;
    339
    340 - for (i = 0; i < range_count; i++)
    341 + for (i = 0; i < range_count; i++) {
    342 free_balloon_pages(dm, &range_array[i]);
    343 + post_status(&dm_device);
    344 + }
    345
    346 if (req->more_pages == 1)
    347 return;
    348 diff --git a/drivers/iio/adc/at91_adc.c b/drivers/iio/adc/at91_adc.c
    349 index bbba014c9939..e6bf77d1ec08 100644
    350 --- a/drivers/iio/adc/at91_adc.c
    351 +++ b/drivers/iio/adc/at91_adc.c
    352 @@ -322,12 +322,11 @@ static int at91_adc_channel_init(struct iio_dev *idev)
    353 return idev->num_channels;
    354 }
    355
    356 -static u8 at91_adc_get_trigger_value_by_name(struct iio_dev *idev,
    357 +static int at91_adc_get_trigger_value_by_name(struct iio_dev *idev,
    358 struct at91_adc_trigger *triggers,
    359 const char *trigger_name)
    360 {
    361 struct at91_adc_state *st = iio_priv(idev);
    362 - u8 value = 0;
    363 int i;
    364
    365 for (i = 0; i < st->trigger_number; i++) {
    366 @@ -340,15 +339,16 @@ static u8 at91_adc_get_trigger_value_by_name(struct iio_dev *idev,
    367 return -ENOMEM;
    368
    369 if (strcmp(trigger_name, name) == 0) {
    370 - value = triggers[i].value;
    371 kfree(name);
    372 - break;
    373 + if (triggers[i].value == 0)
    374 + return -EINVAL;
    375 + return triggers[i].value;
    376 }
    377
    378 kfree(name);
    379 }
    380
    381 - return value;
    382 + return -EINVAL;
    383 }
    384
    385 static int at91_adc_configure_trigger(struct iio_trigger *trig, bool state)
    386 @@ -358,14 +358,14 @@ static int at91_adc_configure_trigger(struct iio_trigger *trig, bool state)
    387 struct iio_buffer *buffer = idev->buffer;
    388 struct at91_adc_reg_desc *reg = st->registers;
    389 u32 status = at91_adc_readl(st, reg->trigger_register);
    390 - u8 value;
    391 + int value;
    392 u8 bit;
    393
    394 value = at91_adc_get_trigger_value_by_name(idev,
    395 st->trigger_list,
    396 idev->trig->name);
    397 - if (value == 0)
    398 - return -EINVAL;
    399 + if (value < 0)
    400 + return value;
    401
    402 if (state) {
    403 st->buffer = kmalloc(idev->scan_bytes, GFP_KERNEL);
    404 diff --git a/drivers/iio/adc/max1363.c b/drivers/iio/adc/max1363.c
    405 index 360259266d4f..ef5ffc0c37a4 100644
    406 --- a/drivers/iio/adc/max1363.c
    407 +++ b/drivers/iio/adc/max1363.c
    408 @@ -1258,8 +1258,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
    409 .num_modes = ARRAY_SIZE(max1238_mode_list),
    410 .default_mode = s0to11,
    411 .info = &max1238_info,
    412 - .channels = max1238_channels,
    413 - .num_channels = ARRAY_SIZE(max1238_channels),
    414 + .channels = max1038_channels,
    415 + .num_channels = ARRAY_SIZE(max1038_channels),
    416 },
    417 [max11605] = {
    418 .bits = 8,
    419 @@ -1268,8 +1268,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
    420 .num_modes = ARRAY_SIZE(max1238_mode_list),
    421 .default_mode = s0to11,
    422 .info = &max1238_info,
    423 - .channels = max1238_channels,
    424 - .num_channels = ARRAY_SIZE(max1238_channels),
    425 + .channels = max1038_channels,
    426 + .num_channels = ARRAY_SIZE(max1038_channels),
    427 },
    428 [max11606] = {
    429 .bits = 10,
    430 @@ -1318,8 +1318,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
    431 .num_modes = ARRAY_SIZE(max1238_mode_list),
    432 .default_mode = s0to11,
    433 .info = &max1238_info,
    434 - .channels = max1238_channels,
    435 - .num_channels = ARRAY_SIZE(max1238_channels),
    436 + .channels = max1138_channels,
    437 + .num_channels = ARRAY_SIZE(max1138_channels),
    438 },
    439 [max11611] = {
    440 .bits = 10,
    441 @@ -1328,8 +1328,8 @@ static const struct max1363_chip_info max1363_chip_info_tbl[] = {
    442 .num_modes = ARRAY_SIZE(max1238_mode_list),
    443 .default_mode = s0to11,
    444 .info = &max1238_info,
    445 - .channels = max1238_channels,
    446 - .num_channels = ARRAY_SIZE(max1238_channels),
    447 + .channels = max1138_channels,
    448 + .num_channels = ARRAY_SIZE(max1138_channels),
    449 },
    450 [max11612] = {
    451 .bits = 12,
    452 diff --git a/drivers/iio/magnetometer/ak8975.c b/drivers/iio/magnetometer/ak8975.c
    453 index 05423543f89d..053117c02bbc 100644
    454 --- a/drivers/iio/magnetometer/ak8975.c
    455 +++ b/drivers/iio/magnetometer/ak8975.c
    456 @@ -352,8 +352,6 @@ static int ak8975_read_axis(struct iio_dev *indio_dev, int index, int *val)
    457 {
    458 struct ak8975_data *data = iio_priv(indio_dev);
    459 struct i2c_client *client = data->client;
    460 - u16 meas_reg;
    461 - s16 raw;
    462 int ret;
    463
    464 mutex_lock(&data->lock);
    465 @@ -401,16 +399,11 @@ static int ak8975_read_axis(struct iio_dev *indio_dev, int index, int *val)
    466 dev_err(&client->dev, "Read axis data fails\n");
    467 goto exit;
    468 }
    469 - meas_reg = ret;
    470
    471 mutex_unlock(&data->lock);
    472
    473 - /* Endian conversion of the measured values. */
    474 - raw = (s16) (le16_to_cpu(meas_reg));
    475 -
    476 /* Clamp to valid range. */
    477 - raw = clamp_t(s16, raw, -4096, 4095);
    478 - *val = raw;
    479 + *val = clamp_t(s16, ret, -4096, 4095);
    480 return IIO_VAL_INT;
    481
    482 exit:
    483 diff --git a/drivers/iio/pressure/mpl3115.c b/drivers/iio/pressure/mpl3115.c
    484 index ac8c8ab723e5..fe53669eeeeb 100644
    485 --- a/drivers/iio/pressure/mpl3115.c
    486 +++ b/drivers/iio/pressure/mpl3115.c
    487 @@ -98,7 +98,7 @@ static int mpl3115_read_raw(struct iio_dev *indio_dev,
    488 mutex_unlock(&data->lock);
    489 if (ret < 0)
    490 return ret;
    491 - *val = sign_extend32(be32_to_cpu(tmp) >> 12, 23);
    492 + *val = be32_to_cpu(tmp) >> 12;
    493 return IIO_VAL_INT;
    494 case IIO_TEMP: /* in 0.0625 celsius / LSB */
    495 mutex_lock(&data->lock);
    496 @@ -112,7 +112,7 @@ static int mpl3115_read_raw(struct iio_dev *indio_dev,
    497 mutex_unlock(&data->lock);
    498 if (ret < 0)
    499 return ret;
    500 - *val = sign_extend32(be32_to_cpu(tmp) >> 20, 15);
    501 + *val = sign_extend32(be32_to_cpu(tmp) >> 20, 11);
    502 return IIO_VAL_INT;
    503 default:
    504 return -EINVAL;
    505 @@ -185,7 +185,7 @@ static const struct iio_chan_spec mpl3115_channels[] = {
    506 BIT(IIO_CHAN_INFO_SCALE),
    507 .scan_index = 0,
    508 .scan_type = {
    509 - .sign = 's',
    510 + .sign = 'u',
    511 .realbits = 20,
    512 .storagebits = 32,
    513 .shift = 12,
    514 diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
    515 index 95c316bb7a42..4a13b0001471 100644
    516 --- a/drivers/net/ethernet/mellanox/mlx4/main.c
    517 +++ b/drivers/net/ethernet/mellanox/mlx4/main.c
    518 @@ -2275,13 +2275,8 @@ static int __mlx4_init_one(struct pci_dev *pdev, int pci_dev_data)
    519 /* Allow large DMA segments, up to the firmware limit of 1 GB */
    520 dma_set_max_seg_size(&pdev->dev, 1024 * 1024 * 1024);
    521
    522 - priv = kzalloc(sizeof(*priv), GFP_KERNEL);
    523 - if (!priv) {
    524 - err = -ENOMEM;
    525 - goto err_release_regions;
    526 - }
    527 -
    528 - dev = &priv->dev;
    529 + dev = pci_get_drvdata(pdev);
    530 + priv = mlx4_priv(dev);
    531 dev->pdev = pdev;
    532 INIT_LIST_HEAD(&priv->ctx_list);
    533 spin_lock_init(&priv->ctx_lock);
    534 @@ -2465,8 +2460,7 @@ slave_start:
    535 mlx4_sense_init(dev);
    536 mlx4_start_sense(dev);
    537
    538 - priv->pci_dev_data = pci_dev_data;
    539 - pci_set_drvdata(pdev, dev);
    540 + priv->removed = 0;
    541
    542 return 0;
    543
    544 @@ -2532,84 +2526,108 @@ err_disable_pdev:
    545
    546 static int mlx4_init_one(struct pci_dev *pdev, const struct pci_device_id *id)
    547 {
    548 + struct mlx4_priv *priv;
    549 + struct mlx4_dev *dev;
    550 +
    551 printk_once(KERN_INFO "%s", mlx4_version);
    552
    553 + priv = kzalloc(sizeof(*priv), GFP_KERNEL);
    554 + if (!priv)
    555 + return -ENOMEM;
    556 +
    557 + dev = &priv->dev;
    558 + pci_set_drvdata(pdev, dev);
    559 + priv->pci_dev_data = id->driver_data;
    560 +
    561 return __mlx4_init_one(pdev, id->driver_data);
    562 }
    563
    564 -static void mlx4_remove_one(struct pci_dev *pdev)
    565 +static void __mlx4_remove_one(struct pci_dev *pdev)
    566 {
    567 struct mlx4_dev *dev = pci_get_drvdata(pdev);
    568 struct mlx4_priv *priv = mlx4_priv(dev);
    569 + int pci_dev_data;
    570 int p;
    571
    572 - if (dev) {
    573 - /* in SRIOV it is not allowed to unload the pf's
    574 - * driver while there are alive vf's */
    575 - if (mlx4_is_master(dev)) {
    576 - if (mlx4_how_many_lives_vf(dev))
    577 - printk(KERN_ERR "Removing PF when there are assigned VF's !!!\n");
    578 - }
    579 - mlx4_stop_sense(dev);
    580 - mlx4_unregister_device(dev);
    581 + if (priv->removed)
    582 + return;
    583
    584 - for (p = 1; p <= dev->caps.num_ports; p++) {
    585 - mlx4_cleanup_port_info(&priv->port[p]);
    586 - mlx4_CLOSE_PORT(dev, p);
    587 - }
    588 + pci_dev_data = priv->pci_dev_data;
    589
    590 - if (mlx4_is_master(dev))
    591 - mlx4_free_resource_tracker(dev,
    592 - RES_TR_FREE_SLAVES_ONLY);
    593 -
    594 - mlx4_cleanup_counters_table(dev);
    595 - mlx4_cleanup_qp_table(dev);
    596 - mlx4_cleanup_srq_table(dev);
    597 - mlx4_cleanup_cq_table(dev);
    598 - mlx4_cmd_use_polling(dev);
    599 - mlx4_cleanup_eq_table(dev);
    600 - mlx4_cleanup_mcg_table(dev);
    601 - mlx4_cleanup_mr_table(dev);
    602 - mlx4_cleanup_xrcd_table(dev);
    603 - mlx4_cleanup_pd_table(dev);
    604 + /* in SRIOV it is not allowed to unload the pf's
    605 + * driver while there are alive vf's */
    606 + if (mlx4_is_master(dev) && mlx4_how_many_lives_vf(dev))
    607 + printk(KERN_ERR "Removing PF when there are assigned VF's !!!\n");
    608 + mlx4_stop_sense(dev);
    609 + mlx4_unregister_device(dev);
    610
    611 - if (mlx4_is_master(dev))
    612 - mlx4_free_resource_tracker(dev,
    613 - RES_TR_FREE_STRUCTS_ONLY);
    614 -
    615 - iounmap(priv->kar);
    616 - mlx4_uar_free(dev, &priv->driver_uar);
    617 - mlx4_cleanup_uar_table(dev);
    618 - if (!mlx4_is_slave(dev))
    619 - mlx4_clear_steering(dev);
    620 - mlx4_free_eq_table(dev);
    621 - if (mlx4_is_master(dev))
    622 - mlx4_multi_func_cleanup(dev);
    623 - mlx4_close_hca(dev);
    624 - if (mlx4_is_slave(dev))
    625 - mlx4_multi_func_cleanup(dev);
    626 - mlx4_cmd_cleanup(dev);
    627 -
    628 - if (dev->flags & MLX4_FLAG_MSI_X)
    629 - pci_disable_msix(pdev);
    630 - if (dev->flags & MLX4_FLAG_SRIOV) {
    631 - mlx4_warn(dev, "Disabling SR-IOV\n");
    632 - pci_disable_sriov(pdev);
    633 - }
    634 + for (p = 1; p <= dev->caps.num_ports; p++) {
    635 + mlx4_cleanup_port_info(&priv->port[p]);
    636 + mlx4_CLOSE_PORT(dev, p);
    637 + }
    638
    639 - if (!mlx4_is_slave(dev))
    640 - mlx4_free_ownership(dev);
    641 + if (mlx4_is_master(dev))
    642 + mlx4_free_resource_tracker(dev,
    643 + RES_TR_FREE_SLAVES_ONLY);
    644 +
    645 + mlx4_cleanup_counters_table(dev);
    646 + mlx4_cleanup_qp_table(dev);
    647 + mlx4_cleanup_srq_table(dev);
    648 + mlx4_cleanup_cq_table(dev);
    649 + mlx4_cmd_use_polling(dev);
    650 + mlx4_cleanup_eq_table(dev);
    651 + mlx4_cleanup_mcg_table(dev);
    652 + mlx4_cleanup_mr_table(dev);
    653 + mlx4_cleanup_xrcd_table(dev);
    654 + mlx4_cleanup_pd_table(dev);
    655
    656 - kfree(dev->caps.qp0_tunnel);
    657 - kfree(dev->caps.qp0_proxy);
    658 - kfree(dev->caps.qp1_tunnel);
    659 - kfree(dev->caps.qp1_proxy);
    660 + if (mlx4_is_master(dev))
    661 + mlx4_free_resource_tracker(dev,
    662 + RES_TR_FREE_STRUCTS_ONLY);
    663
    664 - kfree(priv);
    665 - pci_release_regions(pdev);
    666 - pci_disable_device(pdev);
    667 - pci_set_drvdata(pdev, NULL);
    668 + iounmap(priv->kar);
    669 + mlx4_uar_free(dev, &priv->driver_uar);
    670 + mlx4_cleanup_uar_table(dev);
    671 + if (!mlx4_is_slave(dev))
    672 + mlx4_clear_steering(dev);
    673 + mlx4_free_eq_table(dev);
    674 + if (mlx4_is_master(dev))
    675 + mlx4_multi_func_cleanup(dev);
    676 + mlx4_close_hca(dev);
    677 + if (mlx4_is_slave(dev))
    678 + mlx4_multi_func_cleanup(dev);
    679 + mlx4_cmd_cleanup(dev);
    680 +
    681 + if (dev->flags & MLX4_FLAG_MSI_X)
    682 + pci_disable_msix(pdev);
    683 + if (dev->flags & MLX4_FLAG_SRIOV) {
    684 + mlx4_warn(dev, "Disabling SR-IOV\n");
    685 + pci_disable_sriov(pdev);
    686 }
    687 +
    688 + if (!mlx4_is_slave(dev))
    689 + mlx4_free_ownership(dev);
    690 +
    691 + kfree(dev->caps.qp0_tunnel);
    692 + kfree(dev->caps.qp0_proxy);
    693 + kfree(dev->caps.qp1_tunnel);
    694 + kfree(dev->caps.qp1_proxy);
    695 +
    696 + pci_release_regions(pdev);
    697 + pci_disable_device(pdev);
    698 + memset(priv, 0, sizeof(*priv));
    699 + priv->pci_dev_data = pci_dev_data;
    700 + priv->removed = 1;
    701 +}
    702 +
    703 +static void mlx4_remove_one(struct pci_dev *pdev)
    704 +{
    705 + struct mlx4_dev *dev = pci_get_drvdata(pdev);
    706 + struct mlx4_priv *priv = mlx4_priv(dev);
    707 +
    708 + __mlx4_remove_one(pdev);
    709 + kfree(priv);
    710 + pci_set_drvdata(pdev, NULL);
    711 }
    712
    713 int mlx4_restart_one(struct pci_dev *pdev)
    714 @@ -2619,7 +2637,7 @@ int mlx4_restart_one(struct pci_dev *pdev)
    715 int pci_dev_data;
    716
    717 pci_dev_data = priv->pci_dev_data;
    718 - mlx4_remove_one(pdev);
    719 + __mlx4_remove_one(pdev);
    720 return __mlx4_init_one(pdev, pci_dev_data);
    721 }
    722
    723 @@ -2674,7 +2692,7 @@ MODULE_DEVICE_TABLE(pci, mlx4_pci_table);
    724 static pci_ers_result_t mlx4_pci_err_detected(struct pci_dev *pdev,
    725 pci_channel_state_t state)
    726 {
    727 - mlx4_remove_one(pdev);
    728 + __mlx4_remove_one(pdev);
    729
    730 return state == pci_channel_io_perm_failure ?
    731 PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_NEED_RESET;
    732 @@ -2682,11 +2700,11 @@ static pci_ers_result_t mlx4_pci_err_detected(struct pci_dev *pdev,
    733
    734 static pci_ers_result_t mlx4_pci_slot_reset(struct pci_dev *pdev)
    735 {
    736 - const struct pci_device_id *id;
    737 - int ret;
    738 + struct mlx4_dev *dev = pci_get_drvdata(pdev);
    739 + struct mlx4_priv *priv = mlx4_priv(dev);
    740 + int ret;
    741
    742 - id = pci_match_id(mlx4_pci_table, pdev);
    743 - ret = __mlx4_init_one(pdev, id->driver_data);
    744 + ret = __mlx4_init_one(pdev, priv->pci_dev_data);
    745
    746 return ret ? PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_RECOVERED;
    747 }
    748 @@ -2700,7 +2718,7 @@ static struct pci_driver mlx4_driver = {
    749 .name = DRV_NAME,
    750 .id_table = mlx4_pci_table,
    751 .probe = mlx4_init_one,
    752 - .shutdown = mlx4_remove_one,
    753 + .shutdown = __mlx4_remove_one,
    754 .remove = mlx4_remove_one,
    755 .err_handler = &mlx4_err_handler,
    756 };
    757 diff --git a/drivers/net/ethernet/mellanox/mlx4/mlx4.h b/drivers/net/ethernet/mellanox/mlx4/mlx4.h
    758 index 7aec6c833973..99d7a28a2ada 100644
    759 --- a/drivers/net/ethernet/mellanox/mlx4/mlx4.h
    760 +++ b/drivers/net/ethernet/mellanox/mlx4/mlx4.h
    761 @@ -796,6 +796,7 @@ struct mlx4_priv {
    762 spinlock_t ctx_lock;
    763
    764 int pci_dev_data;
    765 + int removed;
    766
    767 struct list_head pgdir_list;
    768 struct mutex pgdir_mutex;
    769 diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
    770 index 7d4f54912bad..3e46c894a107 100644
    771 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
    772 +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_dcb.c
    773 @@ -1022,6 +1022,7 @@ static int qlcnic_dcb_peer_app_info(struct net_device *netdev,
    774 struct qlcnic_dcb_cee *peer;
    775 int i;
    776
    777 + memset(info, 0, sizeof(*info));
    778 *app_count = 0;
    779
    780 if (!test_bit(QLCNIC_DCB_STATE, &adapter->dcb->state))
    781 diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
    782 index 040cb94e8219..957f0ffe31c4 100644
    783 --- a/drivers/net/ethernet/renesas/sh_eth.c
    784 +++ b/drivers/net/ethernet/renesas/sh_eth.c
    785 @@ -301,6 +301,27 @@ static const u16 sh_eth_offset_fast_sh4[SH_ETH_MAX_REGISTER_OFFSET] = {
    786 };
    787
    788 static const u16 sh_eth_offset_fast_sh3_sh2[SH_ETH_MAX_REGISTER_OFFSET] = {
    789 + [EDMR] = 0x0000,
    790 + [EDTRR] = 0x0004,
    791 + [EDRRR] = 0x0008,
    792 + [TDLAR] = 0x000c,
    793 + [RDLAR] = 0x0010,
    794 + [EESR] = 0x0014,
    795 + [EESIPR] = 0x0018,
    796 + [TRSCER] = 0x001c,
    797 + [RMFCR] = 0x0020,
    798 + [TFTR] = 0x0024,
    799 + [FDR] = 0x0028,
    800 + [RMCR] = 0x002c,
    801 + [EDOCR] = 0x0030,
    802 + [FCFTR] = 0x0034,
    803 + [RPADIR] = 0x0038,
    804 + [TRIMD] = 0x003c,
    805 + [RBWAR] = 0x0040,
    806 + [RDFAR] = 0x0044,
    807 + [TBRAR] = 0x004c,
    808 + [TDFAR] = 0x0050,
    809 +
    810 [ECMR] = 0x0160,
    811 [ECSR] = 0x0164,
    812 [ECSIPR] = 0x0168,
    813 @@ -539,7 +560,6 @@ static struct sh_eth_cpu_data sh7757_data = {
    814 .register_type = SH_ETH_REG_FAST_SH4,
    815
    816 .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003fffff,
    817 - .rmcr_value = RMCR_RNC,
    818
    819 .tx_check = EESR_FTC | EESR_CND | EESR_DLC | EESR_CD | EESR_RTO,
    820 .eesr_err_check = EESR_TWB | EESR_TABT | EESR_RABT | EESR_RFE |
    821 @@ -617,7 +637,6 @@ static struct sh_eth_cpu_data sh7757_data_giga = {
    822 EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
    823 EESR_TDE | EESR_ECI,
    824 .fdr_value = 0x0000072f,
    825 - .rmcr_value = RMCR_RNC,
    826
    827 .irq_flags = IRQF_SHARED,
    828 .apr = 1,
    829 @@ -745,7 +764,6 @@ static struct sh_eth_cpu_data r8a7740_data = {
    830 EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
    831 EESR_TDE | EESR_ECI,
    832 .fdr_value = 0x0000070f,
    833 - .rmcr_value = RMCR_RNC,
    834
    835 .apr = 1,
    836 .mpr = 1,
    837 @@ -777,7 +795,6 @@ static struct sh_eth_cpu_data r7s72100_data = {
    838 EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
    839 EESR_TDE | EESR_ECI,
    840 .fdr_value = 0x0000070f,
    841 - .rmcr_value = RMCR_RNC,
    842
    843 .no_psr = 1,
    844 .apr = 1,
    845 @@ -826,9 +843,6 @@ static void sh_eth_set_default_cpu_data(struct sh_eth_cpu_data *cd)
    846 if (!cd->fdr_value)
    847 cd->fdr_value = DEFAULT_FDR_INIT;
    848
    849 - if (!cd->rmcr_value)
    850 - cd->rmcr_value = DEFAULT_RMCR_VALUE;
    851 -
    852 if (!cd->tx_check)
    853 cd->tx_check = DEFAULT_TX_CHECK;
    854
    855 @@ -1281,8 +1295,8 @@ static int sh_eth_dev_init(struct net_device *ndev, bool start)
    856 sh_eth_write(ndev, mdp->cd->fdr_value, FDR);
    857 sh_eth_write(ndev, 0, TFTR);
    858
    859 - /* Frame recv control */
    860 - sh_eth_write(ndev, mdp->cd->rmcr_value, RMCR);
    861 + /* Frame recv control (enable multiple-packets per rx irq) */
    862 + sh_eth_write(ndev, RMCR_RNC, RMCR);
    863
    864 sh_eth_write(ndev, DESC_I_RINT8 | DESC_I_RINT5 | DESC_I_TINT2, TRSCER);
    865
    866 diff --git a/drivers/net/ethernet/renesas/sh_eth.h b/drivers/net/ethernet/renesas/sh_eth.h
    867 index 6075915b88ec..a096b4bf9799 100644
    868 --- a/drivers/net/ethernet/renesas/sh_eth.h
    869 +++ b/drivers/net/ethernet/renesas/sh_eth.h
    870 @@ -320,7 +320,6 @@ enum TD_STS_BIT {
    871 enum RMCR_BIT {
    872 RMCR_RNC = 0x00000001,
    873 };
    874 -#define DEFAULT_RMCR_VALUE 0x00000000
    875
    876 /* ECMR */
    877 enum FELIC_MODE_BIT {
    878 @@ -467,7 +466,6 @@ struct sh_eth_cpu_data {
    879 unsigned long fdr_value;
    880 unsigned long fcftr_value;
    881 unsigned long rpadir_value;
    882 - unsigned long rmcr_value;
    883
    884 /* interrupt checking mask */
    885 unsigned long tx_check;
    886 diff --git a/drivers/net/ethernet/sfc/io.h b/drivers/net/ethernet/sfc/io.h
    887 index 4d3f119b67b3..afb94aa2c15e 100644
    888 --- a/drivers/net/ethernet/sfc/io.h
    889 +++ b/drivers/net/ethernet/sfc/io.h
    890 @@ -66,10 +66,17 @@
    891 #define EFX_USE_QWORD_IO 1
    892 #endif
    893
    894 +/* Hardware issue requires that only 64-bit naturally aligned writes
    895 + * are seen by hardware. Its not strictly necessary to restrict to
    896 + * x86_64 arch, but done for safety since unusual write combining behaviour
    897 + * can break PIO.
    898 + */
    899 +#ifdef CONFIG_X86_64
    900 /* PIO is a win only if write-combining is possible */
    901 #ifdef ARCH_HAS_IOREMAP_WC
    902 #define EFX_USE_PIO 1
    903 #endif
    904 +#endif
    905
    906 #ifdef EFX_USE_QWORD_IO
    907 static inline void _efx_writeq(struct efx_nic *efx, __le64 value,
    908 diff --git a/drivers/net/ethernet/sfc/tx.c b/drivers/net/ethernet/sfc/tx.c
    909 index 75d11fa4eb0a..d79c842680a5 100644
    910 --- a/drivers/net/ethernet/sfc/tx.c
    911 +++ b/drivers/net/ethernet/sfc/tx.c
    912 @@ -189,6 +189,18 @@ struct efx_short_copy_buffer {
    913 u8 buf[L1_CACHE_BYTES];
    914 };
    915
    916 +/* Copy in explicit 64-bit writes. */
    917 +static void efx_memcpy_64(void __iomem *dest, void *src, size_t len)
    918 +{
    919 + u64 *src64 = src;
    920 + u64 __iomem *dest64 = dest;
    921 + size_t l64 = len / 8;
    922 + size_t i;
    923 +
    924 + for (i = 0; i < l64; i++)
    925 + writeq(src64[i], &dest64[i]);
    926 +}
    927 +
    928 /* Copy to PIO, respecting that writes to PIO buffers must be dword aligned.
    929 * Advances piobuf pointer. Leaves additional data in the copy buffer.
    930 */
    931 @@ -198,7 +210,7 @@ static void efx_memcpy_toio_aligned(struct efx_nic *efx, u8 __iomem **piobuf,
    932 {
    933 int block_len = len & ~(sizeof(copy_buf->buf) - 1);
    934
    935 - memcpy_toio(*piobuf, data, block_len);
    936 + efx_memcpy_64(*piobuf, data, block_len);
    937 *piobuf += block_len;
    938 len -= block_len;
    939
    940 @@ -230,7 +242,7 @@ static void efx_memcpy_toio_aligned_cb(struct efx_nic *efx, u8 __iomem **piobuf,
    941 if (copy_buf->used < sizeof(copy_buf->buf))
    942 return;
    943
    944 - memcpy_toio(*piobuf, copy_buf->buf, sizeof(copy_buf->buf));
    945 + efx_memcpy_64(*piobuf, copy_buf->buf, sizeof(copy_buf->buf));
    946 *piobuf += sizeof(copy_buf->buf);
    947 data += copy_to_buf;
    948 len -= copy_to_buf;
    949 @@ -245,7 +257,7 @@ static void efx_flush_copy_buffer(struct efx_nic *efx, u8 __iomem *piobuf,
    950 {
    951 /* if there's anything in it, write the whole buffer, including junk */
    952 if (copy_buf->used)
    953 - memcpy_toio(piobuf, copy_buf->buf, sizeof(copy_buf->buf));
    954 + efx_memcpy_64(piobuf, copy_buf->buf, sizeof(copy_buf->buf));
    955 }
    956
    957 /* Traverse skb structure and copy fragments in to PIO buffer.
    958 @@ -304,8 +316,8 @@ efx_enqueue_skb_pio(struct efx_tx_queue *tx_queue, struct sk_buff *skb)
    959 */
    960 BUILD_BUG_ON(L1_CACHE_BYTES >
    961 SKB_DATA_ALIGN(sizeof(struct skb_shared_info)));
    962 - memcpy_toio(tx_queue->piobuf, skb->data,
    963 - ALIGN(skb->len, L1_CACHE_BYTES));
    964 + efx_memcpy_64(tx_queue->piobuf, skb->data,
    965 + ALIGN(skb->len, L1_CACHE_BYTES));
    966 }
    967
    968 EFX_POPULATE_QWORD_5(buffer->option,
    969 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
    970 index 20bb66944c4a..5adecc5f52b7 100644
    971 --- a/drivers/net/macvlan.c
    972 +++ b/drivers/net/macvlan.c
    973 @@ -1043,7 +1043,6 @@ static int macvlan_device_event(struct notifier_block *unused,
    974 list_for_each_entry_safe(vlan, next, &port->vlans, list)
    975 vlan->dev->rtnl_link_ops->dellink(vlan->dev, &list_kill);
    976 unregister_netdevice_many(&list_kill);
    977 - list_del(&list_kill);
    978 break;
    979 case NETDEV_PRE_TYPE_CHANGE:
    980 /* Forbid underlaying device to change its type. */
    981 diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
    982 index c8624a8235ab..26d8c29b59de 100644
    983 --- a/drivers/net/team/team.c
    984 +++ b/drivers/net/team/team.c
    985 @@ -1732,6 +1732,7 @@ static int team_change_mtu(struct net_device *dev, int new_mtu)
    986 * to traverse list in reverse under rcu_read_lock
    987 */
    988 mutex_lock(&team->lock);
    989 + team->port_mtu_change_allowed = true;
    990 list_for_each_entry(port, &team->port_list, list) {
    991 err = dev_set_mtu(port->dev, new_mtu);
    992 if (err) {
    993 @@ -1740,6 +1741,7 @@ static int team_change_mtu(struct net_device *dev, int new_mtu)
    994 goto unwind;
    995 }
    996 }
    997 + team->port_mtu_change_allowed = false;
    998 mutex_unlock(&team->lock);
    999
    1000 dev->mtu = new_mtu;
    1001 @@ -1749,6 +1751,7 @@ static int team_change_mtu(struct net_device *dev, int new_mtu)
    1002 unwind:
    1003 list_for_each_entry_continue_reverse(port, &team->port_list, list)
    1004 dev_set_mtu(port->dev, dev->mtu);
    1005 + team->port_mtu_change_allowed = false;
    1006 mutex_unlock(&team->lock);
    1007
    1008 return err;
    1009 @@ -2857,7 +2860,9 @@ static int team_device_event(struct notifier_block *unused,
    1010 break;
    1011 case NETDEV_PRECHANGEMTU:
    1012 /* Forbid to change mtu of underlaying device */
    1013 - return NOTIFY_BAD;
    1014 + if (!port->team->port_mtu_change_allowed)
    1015 + return NOTIFY_BAD;
    1016 + break;
    1017 case NETDEV_PRE_TYPE_CHANGE:
    1018 /* Forbid to change type of underlaying device */
    1019 return NOTIFY_BAD;
    1020 diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
    1021 index 48c4902c0d62..b71120842c4f 100644
    1022 --- a/drivers/net/usb/qmi_wwan.c
    1023 +++ b/drivers/net/usb/qmi_wwan.c
    1024 @@ -752,7 +752,12 @@ static const struct usb_device_id products[] = {
    1025 {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */
    1026 {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
    1027 {QMI_FIXED_INTF(0x1bc7, 0x1201, 2)}, /* Telit LE920 */
    1028 - {QMI_FIXED_INTF(0x0b3c, 0xc005, 6)}, /* Olivetti Olicard 200 */
    1029 + {QMI_FIXED_INTF(0x0b3c, 0xc000, 4)}, /* Olivetti Olicard 100 */
    1030 + {QMI_FIXED_INTF(0x0b3c, 0xc001, 4)}, /* Olivetti Olicard 120 */
    1031 + {QMI_FIXED_INTF(0x0b3c, 0xc002, 4)}, /* Olivetti Olicard 140 */
    1032 + {QMI_FIXED_INTF(0x0b3c, 0xc004, 6)}, /* Olivetti Olicard 155 */
    1033 + {QMI_FIXED_INTF(0x0b3c, 0xc005, 6)}, /* Olivetti Olicard 200 */
    1034 + {QMI_FIXED_INTF(0x0b3c, 0xc00a, 6)}, /* Olivetti Olicard 160 */
    1035 {QMI_FIXED_INTF(0x0b3c, 0xc00b, 4)}, /* Olivetti Olicard 500 */
    1036 {QMI_FIXED_INTF(0x1e2d, 0x0060, 4)}, /* Cinterion PLxx */
    1037 {QMI_FIXED_INTF(0x1e2d, 0x0053, 4)}, /* Cinterion PHxx,PXxx */
    1038 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
    1039 index d091e52b00e1..40ad25d7f28b 100644
    1040 --- a/drivers/net/vxlan.c
    1041 +++ b/drivers/net/vxlan.c
    1042 @@ -2282,9 +2282,9 @@ static void vxlan_setup(struct net_device *dev)
    1043 eth_hw_addr_random(dev);
    1044 ether_setup(dev);
    1045 if (vxlan->default_dst.remote_ip.sa.sa_family == AF_INET6)
    1046 - dev->hard_header_len = ETH_HLEN + VXLAN6_HEADROOM;
    1047 + dev->needed_headroom = ETH_HLEN + VXLAN6_HEADROOM;
    1048 else
    1049 - dev->hard_header_len = ETH_HLEN + VXLAN_HEADROOM;
    1050 + dev->needed_headroom = ETH_HLEN + VXLAN_HEADROOM;
    1051
    1052 dev->netdev_ops = &vxlan_netdev_ops;
    1053 dev->destructor = free_netdev;
    1054 @@ -2667,8 +2667,7 @@ static int vxlan_newlink(struct net *net, struct net_device *dev,
    1055 if (!tb[IFLA_MTU])
    1056 dev->mtu = lowerdev->mtu - (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
    1057
    1058 - /* update header length based on lower device */
    1059 - dev->hard_header_len = lowerdev->hard_header_len +
    1060 + dev->needed_headroom = lowerdev->hard_header_len +
    1061 (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
    1062 } else if (use_ipv6)
    1063 vxlan->flags |= VXLAN_F_IPV6;
    1064 diff --git a/drivers/rtc/rtc-at91rm9200.c b/drivers/rtc/rtc-at91rm9200.c
    1065 index 3281c90691c3..44fe83ee9bee 100644
    1066 --- a/drivers/rtc/rtc-at91rm9200.c
    1067 +++ b/drivers/rtc/rtc-at91rm9200.c
    1068 @@ -48,6 +48,7 @@ struct at91_rtc_config {
    1069
    1070 static const struct at91_rtc_config *at91_rtc_config;
    1071 static DECLARE_COMPLETION(at91_rtc_updated);
    1072 +static DECLARE_COMPLETION(at91_rtc_upd_rdy);
    1073 static unsigned int at91_alarm_year = AT91_RTC_EPOCH;
    1074 static void __iomem *at91_rtc_regs;
    1075 static int irq;
    1076 @@ -161,6 +162,8 @@ static int at91_rtc_settime(struct device *dev, struct rtc_time *tm)
    1077 1900 + tm->tm_year, tm->tm_mon, tm->tm_mday,
    1078 tm->tm_hour, tm->tm_min, tm->tm_sec);
    1079
    1080 + wait_for_completion(&at91_rtc_upd_rdy);
    1081 +
    1082 /* Stop Time/Calendar from counting */
    1083 cr = at91_rtc_read(AT91_RTC_CR);
    1084 at91_rtc_write(AT91_RTC_CR, cr | AT91_RTC_UPDCAL | AT91_RTC_UPDTIM);
    1085 @@ -183,7 +186,9 @@ static int at91_rtc_settime(struct device *dev, struct rtc_time *tm)
    1086
    1087 /* Restart Time/Calendar */
    1088 cr = at91_rtc_read(AT91_RTC_CR);
    1089 + at91_rtc_write(AT91_RTC_SCCR, AT91_RTC_SECEV);
    1090 at91_rtc_write(AT91_RTC_CR, cr & ~(AT91_RTC_UPDCAL | AT91_RTC_UPDTIM));
    1091 + at91_rtc_write_ier(AT91_RTC_SECEV);
    1092
    1093 return 0;
    1094 }
    1095 @@ -290,8 +295,10 @@ static irqreturn_t at91_rtc_interrupt(int irq, void *dev_id)
    1096 if (rtsr) { /* this interrupt is shared! Is it ours? */
    1097 if (rtsr & AT91_RTC_ALARM)
    1098 events |= (RTC_AF | RTC_IRQF);
    1099 - if (rtsr & AT91_RTC_SECEV)
    1100 - events |= (RTC_UF | RTC_IRQF);
    1101 + if (rtsr & AT91_RTC_SECEV) {
    1102 + complete(&at91_rtc_upd_rdy);
    1103 + at91_rtc_write_idr(AT91_RTC_SECEV);
    1104 + }
    1105 if (rtsr & AT91_RTC_ACKUPD)
    1106 complete(&at91_rtc_updated);
    1107
    1108 @@ -413,6 +420,11 @@ static int __init at91_rtc_probe(struct platform_device *pdev)
    1109 return PTR_ERR(rtc);
    1110 platform_set_drvdata(pdev, rtc);
    1111
    1112 + /* enable SECEV interrupt in order to initialize at91_rtc_upd_rdy
    1113 + * completion.
    1114 + */
    1115 + at91_rtc_write_ier(AT91_RTC_SECEV);
    1116 +
    1117 dev_info(&pdev->dev, "AT91 Real Time Clock driver.\n");
    1118 return 0;
    1119 }
    1120 diff --git a/drivers/scsi/scsi_netlink.c b/drivers/scsi/scsi_netlink.c
    1121 index fe30ea94ffe6..109802f776ed 100644
    1122 --- a/drivers/scsi/scsi_netlink.c
    1123 +++ b/drivers/scsi/scsi_netlink.c
    1124 @@ -77,7 +77,7 @@ scsi_nl_rcv_msg(struct sk_buff *skb)
    1125 goto next_msg;
    1126 }
    1127
    1128 - if (!capable(CAP_SYS_ADMIN)) {
    1129 + if (!netlink_capable(skb, CAP_SYS_ADMIN)) {
    1130 err = -EPERM;
    1131 goto next_msg;
    1132 }
    1133 diff --git a/drivers/staging/iio/adc/mxs-lradc.c b/drivers/staging/iio/adc/mxs-lradc.c
    1134 index 514844efac75..9ec1df9cff95 100644
    1135 --- a/drivers/staging/iio/adc/mxs-lradc.c
    1136 +++ b/drivers/staging/iio/adc/mxs-lradc.c
    1137 @@ -846,6 +846,14 @@ static int mxs_lradc_read_single(struct iio_dev *iio_dev, int chan, int *val)
    1138 LRADC_CTRL1);
    1139 mxs_lradc_reg_clear(lradc, 0xff, LRADC_CTRL0);
    1140
    1141 + /* Enable / disable the divider per requirement */
    1142 + if (test_bit(chan, &lradc->is_divided))
    1143 + mxs_lradc_reg_set(lradc, 1 << LRADC_CTRL2_DIVIDE_BY_TWO_OFFSET,
    1144 + LRADC_CTRL2);
    1145 + else
    1146 + mxs_lradc_reg_clear(lradc,
    1147 + 1 << LRADC_CTRL2_DIVIDE_BY_TWO_OFFSET, LRADC_CTRL2);
    1148 +
    1149 /* Clean the slot's previous content, then set new one. */
    1150 mxs_lradc_reg_clear(lradc, LRADC_CTRL4_LRADCSELECT_MASK(0), LRADC_CTRL4);
    1151 mxs_lradc_reg_set(lradc, chan, LRADC_CTRL4);
    1152 @@ -964,15 +972,11 @@ static int mxs_lradc_write_raw(struct iio_dev *iio_dev,
    1153 if (val == scale_avail[MXS_LRADC_DIV_DISABLED].integer &&
    1154 val2 == scale_avail[MXS_LRADC_DIV_DISABLED].nano) {
    1155 /* divider by two disabled */
    1156 - writel(1 << LRADC_CTRL2_DIVIDE_BY_TWO_OFFSET,
    1157 - lradc->base + LRADC_CTRL2 + STMP_OFFSET_REG_CLR);
    1158 clear_bit(chan->channel, &lradc->is_divided);
    1159 ret = 0;
    1160 } else if (val == scale_avail[MXS_LRADC_DIV_ENABLED].integer &&
    1161 val2 == scale_avail[MXS_LRADC_DIV_ENABLED].nano) {
    1162 /* divider by two enabled */
    1163 - writel(1 << LRADC_CTRL2_DIVIDE_BY_TWO_OFFSET,
    1164 - lradc->base + LRADC_CTRL2 + STMP_OFFSET_REG_SET);
    1165 set_bit(chan->channel, &lradc->is_divided);
    1166 ret = 0;
    1167 }
    1168 diff --git a/drivers/staging/iio/light/tsl2x7x_core.c b/drivers/staging/iio/light/tsl2x7x_core.c
    1169 index 1e538086d48b..ce1e74e000bb 100644
    1170 --- a/drivers/staging/iio/light/tsl2x7x_core.c
    1171 +++ b/drivers/staging/iio/light/tsl2x7x_core.c
    1172 @@ -667,9 +667,13 @@ static int tsl2x7x_chip_on(struct iio_dev *indio_dev)
    1173 chip->tsl2x7x_config[TSL2X7X_PRX_COUNT] =
    1174 chip->tsl2x7x_settings.prox_pulse_count;
    1175 chip->tsl2x7x_config[TSL2X7X_PRX_MINTHRESHLO] =
    1176 - chip->tsl2x7x_settings.prox_thres_low;
    1177 + (chip->tsl2x7x_settings.prox_thres_low) & 0xFF;
    1178 + chip->tsl2x7x_config[TSL2X7X_PRX_MINTHRESHHI] =
    1179 + (chip->tsl2x7x_settings.prox_thres_low >> 8) & 0xFF;
    1180 chip->tsl2x7x_config[TSL2X7X_PRX_MAXTHRESHLO] =
    1181 - chip->tsl2x7x_settings.prox_thres_high;
    1182 + (chip->tsl2x7x_settings.prox_thres_high) & 0xFF;
    1183 + chip->tsl2x7x_config[TSL2X7X_PRX_MAXTHRESHHI] =
    1184 + (chip->tsl2x7x_settings.prox_thres_high >> 8) & 0xFF;
    1185
    1186 /* and make sure we're not already on */
    1187 if (chip->tsl2x7x_chip_status == TSL2X7X_CHIP_WORKING) {
    1188 diff --git a/drivers/target/iscsi/iscsi_target_auth.c b/drivers/target/iscsi/iscsi_target_auth.c
    1189 index de77d9aa22c6..6689de6c5591 100644
    1190 --- a/drivers/target/iscsi/iscsi_target_auth.c
    1191 +++ b/drivers/target/iscsi/iscsi_target_auth.c
    1192 @@ -314,6 +314,16 @@ static int chap_server_compute_md5(
    1193 goto out;
    1194 }
    1195 /*
    1196 + * During mutual authentication, the CHAP_C generated by the
    1197 + * initiator must not match the original CHAP_C generated by
    1198 + * the target.
    1199 + */
    1200 + if (!memcmp(challenge_binhex, chap->challenge, CHAP_CHALLENGE_LENGTH)) {
    1201 + pr_err("initiator CHAP_C matches target CHAP_C, failing"
    1202 + " login attempt\n");
    1203 + goto out;
    1204 + }
    1205 + /*
    1206 * Generate CHAP_N and CHAP_R for mutual authentication.
    1207 */
    1208 tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
    1209 diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
    1210 index 98b48d400a3a..c39cf37800d3 100644
    1211 --- a/drivers/target/target_core_transport.c
    1212 +++ b/drivers/target/target_core_transport.c
    1213 @@ -2342,6 +2342,10 @@ static void target_release_cmd_kref(struct kref *kref)
    1214 */
    1215 int target_put_sess_cmd(struct se_session *se_sess, struct se_cmd *se_cmd)
    1216 {
    1217 + if (!se_sess) {
    1218 + se_cmd->se_tfo->release_cmd(se_cmd);
    1219 + return 1;
    1220 + }
    1221 return kref_put_spinlock_irqsave(&se_cmd->cmd_kref, target_release_cmd_kref,
    1222 &se_sess->sess_cmd_lock);
    1223 }
    1224 diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
    1225 index 7783acabe443..eabccd45f4e8 100644
    1226 --- a/drivers/usb/class/cdc-acm.c
    1227 +++ b/drivers/usb/class/cdc-acm.c
    1228 @@ -122,13 +122,23 @@ static void acm_release_minor(struct acm *acm)
    1229 static int acm_ctrl_msg(struct acm *acm, int request, int value,
    1230 void *buf, int len)
    1231 {
    1232 - int retval = usb_control_msg(acm->dev, usb_sndctrlpipe(acm->dev, 0),
    1233 + int retval;
    1234 +
    1235 + retval = usb_autopm_get_interface(acm->control);
    1236 + if (retval)
    1237 + return retval;
    1238 +
    1239 + retval = usb_control_msg(acm->dev, usb_sndctrlpipe(acm->dev, 0),
    1240 request, USB_RT_ACM, value,
    1241 acm->control->altsetting[0].desc.bInterfaceNumber,
    1242 buf, len, 5000);
    1243 +
    1244 dev_dbg(&acm->control->dev,
    1245 "%s - rq 0x%02x, val %#x, len %#x, result %d\n",
    1246 __func__, request, value, len, retval);
    1247 +
    1248 + usb_autopm_put_interface(acm->control);
    1249 +
    1250 return retval < 0 ? retval : 0;
    1251 }
    1252
    1253 @@ -496,6 +506,7 @@ static int acm_port_activate(struct tty_port *port, struct tty_struct *tty)
    1254 {
    1255 struct acm *acm = container_of(port, struct acm, port);
    1256 int retval = -ENODEV;
    1257 + int i;
    1258
    1259 dev_dbg(&acm->control->dev, "%s\n", __func__);
    1260
    1261 @@ -544,6 +555,8 @@ static int acm_port_activate(struct tty_port *port, struct tty_struct *tty)
    1262 return 0;
    1263
    1264 error_submit_read_urbs:
    1265 + for (i = 0; i < acm->rx_buflimit; i++)
    1266 + usb_kill_urb(acm->read_urbs[i]);
    1267 acm->ctrlout = 0;
    1268 acm_set_control(acm, acm->ctrlout);
    1269 error_set_control:
    1270 @@ -571,21 +584,35 @@ static void acm_port_destruct(struct tty_port *port)
    1271 static void acm_port_shutdown(struct tty_port *port)
    1272 {
    1273 struct acm *acm = container_of(port, struct acm, port);
    1274 + struct urb *urb;
    1275 + struct acm_wb *wb;
    1276 int i;
    1277 + int pm_err;
    1278
    1279 dev_dbg(&acm->control->dev, "%s\n", __func__);
    1280
    1281 mutex_lock(&acm->mutex);
    1282 if (!acm->disconnected) {
    1283 - usb_autopm_get_interface(acm->control);
    1284 + pm_err = usb_autopm_get_interface(acm->control);
    1285 acm_set_control(acm, acm->ctrlout = 0);
    1286 +
    1287 + for (;;) {
    1288 + urb = usb_get_from_anchor(&acm->delayed);
    1289 + if (!urb)
    1290 + break;
    1291 + wb = urb->context;
    1292 + wb->use = 0;
    1293 + usb_autopm_put_interface_async(acm->control);
    1294 + }
    1295 +
    1296 usb_kill_urb(acm->ctrlurb);
    1297 for (i = 0; i < ACM_NW; i++)
    1298 usb_kill_urb(acm->wb[i].urb);
    1299 for (i = 0; i < acm->rx_buflimit; i++)
    1300 usb_kill_urb(acm->read_urbs[i]);
    1301 acm->control->needs_remote_wakeup = 0;
    1302 - usb_autopm_put_interface(acm->control);
    1303 + if (!pm_err)
    1304 + usb_autopm_put_interface(acm->control);
    1305 }
    1306 mutex_unlock(&acm->mutex);
    1307 }
    1308 @@ -644,14 +671,17 @@ static int acm_tty_write(struct tty_struct *tty,
    1309 memcpy(wb->buf, buf, count);
    1310 wb->len = count;
    1311
    1312 - usb_autopm_get_interface_async(acm->control);
    1313 + stat = usb_autopm_get_interface_async(acm->control);
    1314 + if (stat) {
    1315 + wb->use = 0;
    1316 + spin_unlock_irqrestore(&acm->write_lock, flags);
    1317 + return stat;
    1318 + }
    1319 +
    1320 if (acm->susp_count) {
    1321 - if (!acm->delayed_wb)
    1322 - acm->delayed_wb = wb;
    1323 - else
    1324 - usb_autopm_put_interface_async(acm->control);
    1325 + usb_anchor_urb(wb->urb, &acm->delayed);
    1326 spin_unlock_irqrestore(&acm->write_lock, flags);
    1327 - return count; /* A white lie */
    1328 + return count;
    1329 }
    1330 usb_mark_last_busy(acm->dev);
    1331
    1332 @@ -1267,6 +1297,7 @@ made_compressed_probe:
    1333 acm->bInterval = epread->bInterval;
    1334 tty_port_init(&acm->port);
    1335 acm->port.ops = &acm_port_ops;
    1336 + init_usb_anchor(&acm->delayed);
    1337
    1338 buf = usb_alloc_coherent(usb_dev, ctrlsize, GFP_KERNEL, &acm->ctrl_dma);
    1339 if (!buf) {
    1340 @@ -1512,18 +1543,15 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
    1341 struct acm *acm = usb_get_intfdata(intf);
    1342 int cnt;
    1343
    1344 + spin_lock_irq(&acm->read_lock);
    1345 + spin_lock(&acm->write_lock);
    1346 if (PMSG_IS_AUTO(message)) {
    1347 - int b;
    1348 -
    1349 - spin_lock_irq(&acm->write_lock);
    1350 - b = acm->transmitting;
    1351 - spin_unlock_irq(&acm->write_lock);
    1352 - if (b)
    1353 + if (acm->transmitting) {
    1354 + spin_unlock(&acm->write_lock);
    1355 + spin_unlock_irq(&acm->read_lock);
    1356 return -EBUSY;
    1357 + }
    1358 }
    1359 -
    1360 - spin_lock_irq(&acm->read_lock);
    1361 - spin_lock(&acm->write_lock);
    1362 cnt = acm->susp_count++;
    1363 spin_unlock(&acm->write_lock);
    1364 spin_unlock_irq(&acm->read_lock);
    1365 @@ -1531,8 +1559,7 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
    1366 if (cnt)
    1367 return 0;
    1368
    1369 - if (test_bit(ASYNCB_INITIALIZED, &acm->port.flags))
    1370 - stop_data_traffic(acm);
    1371 + stop_data_traffic(acm);
    1372
    1373 return 0;
    1374 }
    1375 @@ -1540,29 +1567,24 @@ static int acm_suspend(struct usb_interface *intf, pm_message_t message)
    1376 static int acm_resume(struct usb_interface *intf)
    1377 {
    1378 struct acm *acm = usb_get_intfdata(intf);
    1379 - struct acm_wb *wb;
    1380 + struct urb *urb;
    1381 int rv = 0;
    1382 - int cnt;
    1383
    1384 spin_lock_irq(&acm->read_lock);
    1385 - acm->susp_count -= 1;
    1386 - cnt = acm->susp_count;
    1387 - spin_unlock_irq(&acm->read_lock);
    1388 + spin_lock(&acm->write_lock);
    1389
    1390 - if (cnt)
    1391 - return 0;
    1392 + if (--acm->susp_count)
    1393 + goto out;
    1394
    1395 if (test_bit(ASYNCB_INITIALIZED, &acm->port.flags)) {
    1396 - rv = usb_submit_urb(acm->ctrlurb, GFP_NOIO);
    1397 -
    1398 - spin_lock_irq(&acm->write_lock);
    1399 - if (acm->delayed_wb) {
    1400 - wb = acm->delayed_wb;
    1401 - acm->delayed_wb = NULL;
    1402 - spin_unlock_irq(&acm->write_lock);
    1403 - acm_start_wb(acm, wb);
    1404 - } else {
    1405 - spin_unlock_irq(&acm->write_lock);
    1406 + rv = usb_submit_urb(acm->ctrlurb, GFP_ATOMIC);
    1407 +
    1408 + for (;;) {
    1409 + urb = usb_get_from_anchor(&acm->delayed);
    1410 + if (!urb)
    1411 + break;
    1412 +
    1413 + acm_start_wb(acm, urb->context);
    1414 }
    1415
    1416 /*
    1417 @@ -1570,12 +1592,14 @@ static int acm_resume(struct usb_interface *intf)
    1418 * do the write path at all cost
    1419 */
    1420 if (rv < 0)
    1421 - goto err_out;
    1422 + goto out;
    1423
    1424 - rv = acm_submit_read_urbs(acm, GFP_NOIO);
    1425 + rv = acm_submit_read_urbs(acm, GFP_ATOMIC);
    1426 }
    1427 +out:
    1428 + spin_unlock(&acm->write_lock);
    1429 + spin_unlock_irq(&acm->read_lock);
    1430
    1431 -err_out:
    1432 return rv;
    1433 }
    1434
    1435 diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
    1436 index e38dc785808f..80826f843e04 100644
    1437 --- a/drivers/usb/class/cdc-acm.h
    1438 +++ b/drivers/usb/class/cdc-acm.h
    1439 @@ -120,7 +120,7 @@ struct acm {
    1440 unsigned int throttled:1; /* actually throttled */
    1441 unsigned int throttle_req:1; /* throttle requested */
    1442 u8 bInterval;
    1443 - struct acm_wb *delayed_wb; /* write queued for a device about to be woken */
    1444 + struct usb_anchor delayed; /* writes queued for a device about to be woken */
    1445 };
    1446
    1447 #define CDC_DATA_INTERFACE_TYPE 0x0a
    1448 diff --git a/include/linux/if_team.h b/include/linux/if_team.h
    1449 index a899dc24be15..a6aa970758a2 100644
    1450 --- a/include/linux/if_team.h
    1451 +++ b/include/linux/if_team.h
    1452 @@ -194,6 +194,7 @@ struct team {
    1453 bool user_carrier_enabled;
    1454 bool queue_override_enabled;
    1455 struct list_head *qom_lists; /* array of queue override mapping lists */
    1456 + bool port_mtu_change_allowed;
    1457 struct {
    1458 unsigned int count;
    1459 unsigned int interval; /* in ms */
    1460 diff --git a/include/linux/netlink.h b/include/linux/netlink.h
    1461 index aad8eeaf416d..034cda789a15 100644
    1462 --- a/include/linux/netlink.h
    1463 +++ b/include/linux/netlink.h
    1464 @@ -16,9 +16,10 @@ static inline struct nlmsghdr *nlmsg_hdr(const struct sk_buff *skb)
    1465 }
    1466
    1467 enum netlink_skb_flags {
    1468 - NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
    1469 - NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
    1470 - NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
    1471 + NETLINK_SKB_MMAPED = 0x1, /* Packet data is mmaped */
    1472 + NETLINK_SKB_TX = 0x2, /* Packet was sent by userspace */
    1473 + NETLINK_SKB_DELIVERED = 0x4, /* Packet was delivered */
    1474 + NETLINK_SKB_DST = 0x8, /* Dst set in sendto or sendmsg */
    1475 };
    1476
    1477 struct netlink_skb_parms {
    1478 @@ -169,4 +170,11 @@ struct netlink_tap {
    1479 extern int netlink_add_tap(struct netlink_tap *nt);
    1480 extern int netlink_remove_tap(struct netlink_tap *nt);
    1481
    1482 +bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
    1483 + struct user_namespace *ns, int cap);
    1484 +bool netlink_ns_capable(const struct sk_buff *skb,
    1485 + struct user_namespace *ns, int cap);
    1486 +bool netlink_capable(const struct sk_buff *skb, int cap);
    1487 +bool netlink_net_capable(const struct sk_buff *skb, int cap);
    1488 +
    1489 #endif /* __LINUX_NETLINK_H */
    1490 diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
    1491 index 302ab805b0bb..46cca4c06848 100644
    1492 --- a/include/linux/sock_diag.h
    1493 +++ b/include/linux/sock_diag.h
    1494 @@ -23,7 +23,7 @@ int sock_diag_check_cookie(void *sk, __u32 *cookie);
    1495 void sock_diag_save_cookie(void *sk, __u32 *cookie);
    1496
    1497 int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attr);
    1498 -int sock_diag_put_filterinfo(struct sock *sk,
    1499 +int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk,
    1500 struct sk_buff *skb, int attrtype);
    1501
    1502 #endif
    1503 diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
    1504 index 6efe73c79c52..058271bde27a 100644
    1505 --- a/include/net/inetpeer.h
    1506 +++ b/include/net/inetpeer.h
    1507 @@ -177,16 +177,9 @@ static inline void inet_peer_refcheck(const struct inet_peer *p)
    1508 /* can be called with or without local BH being disabled */
    1509 static inline int inet_getid(struct inet_peer *p, int more)
    1510 {
    1511 - int old, new;
    1512 more++;
    1513 inet_peer_refcheck(p);
    1514 - do {
    1515 - old = atomic_read(&p->ip_id_count);
    1516 - new = old + more;
    1517 - if (!new)
    1518 - new = 1;
    1519 - } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old);
    1520 - return new;
    1521 + return atomic_add_return(more, &p->ip_id_count) - more;
    1522 }
    1523
    1524 #endif /* _NET_INETPEER_H */
    1525 diff --git a/include/net/sock.h b/include/net/sock.h
    1526 index b9586a137cad..57c31dd15e64 100644
    1527 --- a/include/net/sock.h
    1528 +++ b/include/net/sock.h
    1529 @@ -2278,6 +2278,11 @@ int sock_get_timestampns(struct sock *, struct timespec __user *);
    1530 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level,
    1531 int type);
    1532
    1533 +bool sk_ns_capable(const struct sock *sk,
    1534 + struct user_namespace *user_ns, int cap);
    1535 +bool sk_capable(const struct sock *sk, int cap);
    1536 +bool sk_net_capable(const struct sock *sk, int cap);
    1537 +
    1538 /*
    1539 * Enable debug/info messages
    1540 */
    1541 diff --git a/include/sound/core.h b/include/sound/core.h
    1542 index 2a14f1f02d4f..d6bc9616058b 100644
    1543 --- a/include/sound/core.h
    1544 +++ b/include/sound/core.h
    1545 @@ -121,6 +121,8 @@ struct snd_card {
    1546 int user_ctl_count; /* count of all user controls */
    1547 struct list_head controls; /* all controls for this card */
    1548 struct list_head ctl_files; /* active control files */
    1549 + struct mutex user_ctl_lock; /* protects user controls against
    1550 + concurrent access */
    1551
    1552 struct snd_info_entry *proc_root; /* root for soundcard specific files */
    1553 struct snd_info_entry *proc_id; /* the card id */
    1554 diff --git a/include/uapi/sound/compress_offload.h b/include/uapi/sound/compress_offload.h
    1555 index 5759810e1c1b..21eed488783f 100644
    1556 --- a/include/uapi/sound/compress_offload.h
    1557 +++ b/include/uapi/sound/compress_offload.h
    1558 @@ -80,7 +80,7 @@ struct snd_compr_tstamp {
    1559 struct snd_compr_avail {
    1560 __u64 avail;
    1561 struct snd_compr_tstamp tstamp;
    1562 -};
    1563 +} __attribute__((packed));
    1564
    1565 enum snd_compr_direction {
    1566 SND_COMPRESS_PLAYBACK = 0,
    1567 diff --git a/kernel/audit.c b/kernel/audit.c
    1568 index d5f31c17813a..0c9dc860cc15 100644
    1569 --- a/kernel/audit.c
    1570 +++ b/kernel/audit.c
    1571 @@ -639,13 +639,13 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
    1572 case AUDIT_TTY_SET:
    1573 case AUDIT_TRIM:
    1574 case AUDIT_MAKE_EQUIV:
    1575 - if (!capable(CAP_AUDIT_CONTROL))
    1576 + if (!netlink_capable(skb, CAP_AUDIT_CONTROL))
    1577 err = -EPERM;
    1578 break;
    1579 case AUDIT_USER:
    1580 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
    1581 case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
    1582 - if (!capable(CAP_AUDIT_WRITE))
    1583 + if (!netlink_capable(skb, CAP_AUDIT_WRITE))
    1584 err = -EPERM;
    1585 break;
    1586 default: /* bad msg */
    1587 diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
    1588 index df6839e3ce08..99a03acb7d47 100644
    1589 --- a/lib/lz4/lz4_decompress.c
    1590 +++ b/lib/lz4/lz4_decompress.c
    1591 @@ -72,6 +72,8 @@ static int lz4_uncompress(const char *source, char *dest, int osize)
    1592 len = *ip++;
    1593 for (; len == 255; length += 255)
    1594 len = *ip++;
    1595 + if (unlikely(length > (size_t)(length + len)))
    1596 + goto _output_error;
    1597 length += len;
    1598 }
    1599
    1600 diff --git a/lib/lzo/lzo1x_decompress_safe.c b/lib/lzo/lzo1x_decompress_safe.c
    1601 index 569985d522d5..8563081e8da3 100644
    1602 --- a/lib/lzo/lzo1x_decompress_safe.c
    1603 +++ b/lib/lzo/lzo1x_decompress_safe.c
    1604 @@ -19,11 +19,31 @@
    1605 #include <linux/lzo.h>
    1606 #include "lzodefs.h"
    1607
    1608 -#define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
    1609 -#define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
    1610 -#define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
    1611 -#define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
    1612 -#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
    1613 +#define HAVE_IP(t, x) \
    1614 + (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
    1615 + (((t + x) >= t) && ((t + x) >= x)))
    1616 +
    1617 +#define HAVE_OP(t, x) \
    1618 + (((size_t)(op_end - op) >= (size_t)(t + x)) && \
    1619 + (((t + x) >= t) && ((t + x) >= x)))
    1620 +
    1621 +#define NEED_IP(t, x) \
    1622 + do { \
    1623 + if (!HAVE_IP(t, x)) \
    1624 + goto input_overrun; \
    1625 + } while (0)
    1626 +
    1627 +#define NEED_OP(t, x) \
    1628 + do { \
    1629 + if (!HAVE_OP(t, x)) \
    1630 + goto output_overrun; \
    1631 + } while (0)
    1632 +
    1633 +#define TEST_LB(m_pos) \
    1634 + do { \
    1635 + if ((m_pos) < out) \
    1636 + goto lookbehind_overrun; \
    1637 + } while (0)
    1638
    1639 int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
    1640 unsigned char *out, size_t *out_len)
    1641 @@ -58,14 +78,14 @@ int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
    1642 while (unlikely(*ip == 0)) {
    1643 t += 255;
    1644 ip++;
    1645 - NEED_IP(1);
    1646 + NEED_IP(1, 0);
    1647 }
    1648 t += 15 + *ip++;
    1649 }
    1650 t += 3;
    1651 copy_literal_run:
    1652 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
    1653 - if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
    1654 + if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
    1655 const unsigned char *ie = ip + t;
    1656 unsigned char *oe = op + t;
    1657 do {
    1658 @@ -81,8 +101,8 @@ copy_literal_run:
    1659 } else
    1660 #endif
    1661 {
    1662 - NEED_OP(t);
    1663 - NEED_IP(t + 3);
    1664 + NEED_OP(t, 0);
    1665 + NEED_IP(t, 3);
    1666 do {
    1667 *op++ = *ip++;
    1668 } while (--t > 0);
    1669 @@ -95,7 +115,7 @@ copy_literal_run:
    1670 m_pos -= t >> 2;
    1671 m_pos -= *ip++ << 2;
    1672 TEST_LB(m_pos);
    1673 - NEED_OP(2);
    1674 + NEED_OP(2, 0);
    1675 op[0] = m_pos[0];
    1676 op[1] = m_pos[1];
    1677 op += 2;
    1678 @@ -119,10 +139,10 @@ copy_literal_run:
    1679 while (unlikely(*ip == 0)) {
    1680 t += 255;
    1681 ip++;
    1682 - NEED_IP(1);
    1683 + NEED_IP(1, 0);
    1684 }
    1685 t += 31 + *ip++;
    1686 - NEED_IP(2);
    1687 + NEED_IP(2, 0);
    1688 }
    1689 m_pos = op - 1;
    1690 next = get_unaligned_le16(ip);
    1691 @@ -137,10 +157,10 @@ copy_literal_run:
    1692 while (unlikely(*ip == 0)) {
    1693 t += 255;
    1694 ip++;
    1695 - NEED_IP(1);
    1696 + NEED_IP(1, 0);
    1697 }
    1698 t += 7 + *ip++;
    1699 - NEED_IP(2);
    1700 + NEED_IP(2, 0);
    1701 }
    1702 next = get_unaligned_le16(ip);
    1703 ip += 2;
    1704 @@ -154,7 +174,7 @@ copy_literal_run:
    1705 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
    1706 if (op - m_pos >= 8) {
    1707 unsigned char *oe = op + t;
    1708 - if (likely(HAVE_OP(t + 15))) {
    1709 + if (likely(HAVE_OP(t, 15))) {
    1710 do {
    1711 COPY8(op, m_pos);
    1712 op += 8;
    1713 @@ -164,7 +184,7 @@ copy_literal_run:
    1714 m_pos += 8;
    1715 } while (op < oe);
    1716 op = oe;
    1717 - if (HAVE_IP(6)) {
    1718 + if (HAVE_IP(6, 0)) {
    1719 state = next;
    1720 COPY4(op, ip);
    1721 op += next;
    1722 @@ -172,7 +192,7 @@ copy_literal_run:
    1723 continue;
    1724 }
    1725 } else {
    1726 - NEED_OP(t);
    1727 + NEED_OP(t, 0);
    1728 do {
    1729 *op++ = *m_pos++;
    1730 } while (op < oe);
    1731 @@ -181,7 +201,7 @@ copy_literal_run:
    1732 #endif
    1733 {
    1734 unsigned char *oe = op + t;
    1735 - NEED_OP(t);
    1736 + NEED_OP(t, 0);
    1737 op[0] = m_pos[0];
    1738 op[1] = m_pos[1];
    1739 op += 2;
    1740 @@ -194,15 +214,15 @@ match_next:
    1741 state = next;
    1742 t = next;
    1743 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
    1744 - if (likely(HAVE_IP(6) && HAVE_OP(4))) {
    1745 + if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
    1746 COPY4(op, ip);
    1747 op += t;
    1748 ip += t;
    1749 } else
    1750 #endif
    1751 {
    1752 - NEED_IP(t + 3);
    1753 - NEED_OP(t);
    1754 + NEED_IP(t, 3);
    1755 + NEED_OP(t, 0);
    1756 while (t > 0) {
    1757 *op++ = *ip++;
    1758 t--;
    1759 diff --git a/lib/nlattr.c b/lib/nlattr.c
    1760 index fc6754720ced..10ad042d01be 100644
    1761 --- a/lib/nlattr.c
    1762 +++ b/lib/nlattr.c
    1763 @@ -201,8 +201,8 @@ int nla_parse(struct nlattr **tb, int maxtype, const struct nlattr *head,
    1764 }
    1765
    1766 if (unlikely(rem > 0))
    1767 - printk(KERN_WARNING "netlink: %d bytes leftover after parsing "
    1768 - "attributes.\n", rem);
    1769 + pr_warn_ratelimited("netlink: %d bytes leftover after parsing attributes in process `%s'.\n",
    1770 + rem, current->comm);
    1771
    1772 err = 0;
    1773 errout:
    1774 diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
    1775 index 7985deaff52f..04d6348fd530 100644
    1776 --- a/net/bridge/br_input.c
    1777 +++ b/net/bridge/br_input.c
    1778 @@ -147,8 +147,8 @@ static int br_handle_local_finish(struct sk_buff *skb)
    1779 struct net_bridge_port *p = br_port_get_rcu(skb->dev);
    1780 u16 vid = 0;
    1781
    1782 - br_vlan_get_tag(skb, &vid);
    1783 - if (p->flags & BR_LEARNING)
    1784 + /* check if vlan is allowed, to avoid spoofing */
    1785 + if (p->flags & BR_LEARNING && br_should_learn(p, skb, &vid))
    1786 br_fdb_update(p->br, p, eth_hdr(skb)->h_source, vid, false);
    1787 return 0; /* process further */
    1788 }
    1789 diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
    1790 index 3ba11bc99b65..f2d254b69353 100644
    1791 --- a/net/bridge/br_private.h
    1792 +++ b/net/bridge/br_private.h
    1793 @@ -581,6 +581,7 @@ bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
    1794 struct sk_buff *skb, u16 *vid);
    1795 bool br_allowed_egress(struct net_bridge *br, const struct net_port_vlans *v,
    1796 const struct sk_buff *skb);
    1797 +bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid);
    1798 struct sk_buff *br_handle_vlan(struct net_bridge *br,
    1799 const struct net_port_vlans *v,
    1800 struct sk_buff *skb);
    1801 @@ -648,6 +649,12 @@ static inline bool br_allowed_egress(struct net_bridge *br,
    1802 return true;
    1803 }
    1804
    1805 +static inline bool br_should_learn(struct net_bridge_port *p,
    1806 + struct sk_buff *skb, u16 *vid)
    1807 +{
    1808 + return true;
    1809 +}
    1810 +
    1811 static inline struct sk_buff *br_handle_vlan(struct net_bridge *br,
    1812 const struct net_port_vlans *v,
    1813 struct sk_buff *skb)
    1814 diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
    1815 index ba7757b7737d..b1c637208497 100644
    1816 --- a/net/bridge/br_vlan.c
    1817 +++ b/net/bridge/br_vlan.c
    1818 @@ -241,6 +241,34 @@ bool br_allowed_egress(struct net_bridge *br,
    1819 return false;
    1820 }
    1821
    1822 +/* Called under RCU */
    1823 +bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
    1824 +{
    1825 + struct net_bridge *br = p->br;
    1826 + struct net_port_vlans *v;
    1827 +
    1828 + if (!br->vlan_enabled)
    1829 + return true;
    1830 +
    1831 + v = rcu_dereference(p->vlan_info);
    1832 + if (!v)
    1833 + return false;
    1834 +
    1835 + br_vlan_get_tag(skb, vid);
    1836 + if (!*vid) {
    1837 + *vid = br_get_pvid(v);
    1838 + if (*vid == VLAN_N_VID)
    1839 + return false;
    1840 +
    1841 + return true;
    1842 + }
    1843 +
    1844 + if (test_bit(*vid, v->vlan_bitmap))
    1845 + return true;
    1846 +
    1847 + return false;
    1848 +}
    1849 +
    1850 /* Must be protected by RTNL.
    1851 * Must be called with vid in range from 1 to 4094 inclusive.
    1852 */
    1853 diff --git a/net/can/gw.c b/net/can/gw.c
    1854 index ac31891967da..050a2110d43f 100644
    1855 --- a/net/can/gw.c
    1856 +++ b/net/can/gw.c
    1857 @@ -804,7 +804,7 @@ static int cgw_create_job(struct sk_buff *skb, struct nlmsghdr *nlh)
    1858 u8 limhops = 0;
    1859 int err = 0;
    1860
    1861 - if (!capable(CAP_NET_ADMIN))
    1862 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    1863 return -EPERM;
    1864
    1865 if (nlmsg_len(nlh) < sizeof(*r))
    1866 @@ -893,7 +893,7 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh)
    1867 u8 limhops = 0;
    1868 int err = 0;
    1869
    1870 - if (!capable(CAP_NET_ADMIN))
    1871 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    1872 return -EPERM;
    1873
    1874 if (nlmsg_len(nlh) < sizeof(*r))
    1875 diff --git a/net/core/dev.c b/net/core/dev.c
    1876 index fccc195e0fc8..4c1b483f7c07 100644
    1877 --- a/net/core/dev.c
    1878 +++ b/net/core/dev.c
    1879 @@ -6548,6 +6548,9 @@ EXPORT_SYMBOL(unregister_netdevice_queue);
    1880 /**
    1881 * unregister_netdevice_many - unregister many devices
    1882 * @head: list of devices
    1883 + *
    1884 + * Note: As most callers use a stack allocated list_head,
    1885 + * we force a list_del() to make sure stack wont be corrupted later.
    1886 */
    1887 void unregister_netdevice_many(struct list_head *head)
    1888 {
    1889 @@ -6557,6 +6560,7 @@ void unregister_netdevice_many(struct list_head *head)
    1890 rollback_registered_many(head);
    1891 list_for_each_entry(dev, head, unreg_list)
    1892 net_set_todo(dev);
    1893 + list_del(head);
    1894 }
    1895 }
    1896 EXPORT_SYMBOL(unregister_netdevice_many);
    1897 @@ -7012,7 +7016,6 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
    1898 }
    1899 }
    1900 unregister_netdevice_many(&dev_kill_list);
    1901 - list_del(&dev_kill_list);
    1902 rtnl_unlock();
    1903 }
    1904
    1905 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
    1906 index 83b9d6ae5119..aef1500ebc05 100644
    1907 --- a/net/core/rtnetlink.c
    1908 +++ b/net/core/rtnetlink.c
    1909 @@ -1166,6 +1166,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
    1910 struct nlattr *tb[IFLA_MAX+1];
    1911 u32 ext_filter_mask = 0;
    1912 int err;
    1913 + int hdrlen;
    1914
    1915 s_h = cb->args[0];
    1916 s_idx = cb->args[1];
    1917 @@ -1173,8 +1174,17 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
    1918 rcu_read_lock();
    1919 cb->seq = net->dev_base_seq;
    1920
    1921 - if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
    1922 - ifla_policy) >= 0) {
    1923 + /* A hack to preserve kernel<->userspace interface.
    1924 + * The correct header is ifinfomsg. It is consistent with rtnl_getlink.
    1925 + * However, before Linux v3.9 the code here assumed rtgenmsg and that's
    1926 + * what iproute2 < v3.9.0 used.
    1927 + * We can detect the old iproute2. Even including the IFLA_EXT_MASK
    1928 + * attribute, its netlink message is shorter than struct ifinfomsg.
    1929 + */
    1930 + hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ?
    1931 + sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
    1932 +
    1933 + if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
    1934
    1935 if (tb[IFLA_EXT_MASK])
    1936 ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
    1937 @@ -1428,7 +1438,8 @@ static int do_set_master(struct net_device *dev, int ifindex)
    1938 return 0;
    1939 }
    1940
    1941 -static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
    1942 +static int do_setlink(const struct sk_buff *skb,
    1943 + struct net_device *dev, struct ifinfomsg *ifm,
    1944 struct nlattr **tb, char *ifname, int modified)
    1945 {
    1946 const struct net_device_ops *ops = dev->netdev_ops;
    1947 @@ -1440,7 +1451,7 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
    1948 err = PTR_ERR(net);
    1949 goto errout;
    1950 }
    1951 - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
    1952 + if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
    1953 err = -EPERM;
    1954 goto errout;
    1955 }
    1956 @@ -1694,7 +1705,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
    1957 if (err < 0)
    1958 goto errout;
    1959
    1960 - err = do_setlink(dev, ifm, tb, ifname, 0);
    1961 + err = do_setlink(skb, dev, ifm, tb, ifname, 0);
    1962 errout:
    1963 return err;
    1964 }
    1965 @@ -1734,7 +1745,6 @@ static int rtnl_dellink(struct sk_buff *skb, struct nlmsghdr *nlh)
    1966
    1967 ops->dellink(dev, &list_kill);
    1968 unregister_netdevice_many(&list_kill);
    1969 - list_del(&list_kill);
    1970 return 0;
    1971 }
    1972
    1973 @@ -1811,7 +1821,8 @@ err:
    1974 }
    1975 EXPORT_SYMBOL(rtnl_create_link);
    1976
    1977 -static int rtnl_group_changelink(struct net *net, int group,
    1978 +static int rtnl_group_changelink(const struct sk_buff *skb,
    1979 + struct net *net, int group,
    1980 struct ifinfomsg *ifm,
    1981 struct nlattr **tb)
    1982 {
    1983 @@ -1820,7 +1831,7 @@ static int rtnl_group_changelink(struct net *net, int group,
    1984
    1985 for_each_netdev(net, dev) {
    1986 if (dev->group == group) {
    1987 - err = do_setlink(dev, ifm, tb, NULL, 0);
    1988 + err = do_setlink(skb, dev, ifm, tb, NULL, 0);
    1989 if (err < 0)
    1990 return err;
    1991 }
    1992 @@ -1962,12 +1973,12 @@ replay:
    1993 modified = 1;
    1994 }
    1995
    1996 - return do_setlink(dev, ifm, tb, ifname, modified);
    1997 + return do_setlink(skb, dev, ifm, tb, ifname, modified);
    1998 }
    1999
    2000 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
    2001 if (ifm->ifi_index == 0 && tb[IFLA_GROUP])
    2002 - return rtnl_group_changelink(net,
    2003 + return rtnl_group_changelink(skb, net,
    2004 nla_get_u32(tb[IFLA_GROUP]),
    2005 ifm, tb);
    2006 return -ENODEV;
    2007 @@ -2084,9 +2095,13 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
    2008 struct nlattr *tb[IFLA_MAX+1];
    2009 u32 ext_filter_mask = 0;
    2010 u16 min_ifinfo_dump_size = 0;
    2011 + int hdrlen;
    2012 +
    2013 + /* Same kernel<->userspace interface hack as in rtnl_dump_ifinfo. */
    2014 + hdrlen = nlmsg_len(nlh) < sizeof(struct ifinfomsg) ?
    2015 + sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
    2016
    2017 - if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
    2018 - ifla_policy) >= 0) {
    2019 + if (nlmsg_parse(nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
    2020 if (tb[IFLA_EXT_MASK])
    2021 ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
    2022 }
    2023 @@ -2354,7 +2369,7 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh)
    2024 int err = -EINVAL;
    2025 __u8 *addr;
    2026
    2027 - if (!capable(CAP_NET_ADMIN))
    2028 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2029 return -EPERM;
    2030
    2031 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
    2032 @@ -2806,7 +2821,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
    2033 sz_idx = type>>2;
    2034 kind = type&3;
    2035
    2036 - if (kind != 2 && !ns_capable(net->user_ns, CAP_NET_ADMIN))
    2037 + if (kind != 2 && !netlink_net_capable(skb, CAP_NET_ADMIN))
    2038 return -EPERM;
    2039
    2040 if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
    2041 diff --git a/net/core/sock.c b/net/core/sock.c
    2042 index c0fc6bdad1e3..c8069561bdb7 100644
    2043 --- a/net/core/sock.c
    2044 +++ b/net/core/sock.c
    2045 @@ -145,6 +145,55 @@
    2046 static DEFINE_MUTEX(proto_list_mutex);
    2047 static LIST_HEAD(proto_list);
    2048
    2049 +/**
    2050 + * sk_ns_capable - General socket capability test
    2051 + * @sk: Socket to use a capability on or through
    2052 + * @user_ns: The user namespace of the capability to use
    2053 + * @cap: The capability to use
    2054 + *
    2055 + * Test to see if the opener of the socket had when the socket was
    2056 + * created and the current process has the capability @cap in the user
    2057 + * namespace @user_ns.
    2058 + */
    2059 +bool sk_ns_capable(const struct sock *sk,
    2060 + struct user_namespace *user_ns, int cap)
    2061 +{
    2062 + return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
    2063 + ns_capable(user_ns, cap);
    2064 +}
    2065 +EXPORT_SYMBOL(sk_ns_capable);
    2066 +
    2067 +/**
    2068 + * sk_capable - Socket global capability test
    2069 + * @sk: Socket to use a capability on or through
    2070 + * @cap: The global capbility to use
    2071 + *
    2072 + * Test to see if the opener of the socket had when the socket was
    2073 + * created and the current process has the capability @cap in all user
    2074 + * namespaces.
    2075 + */
    2076 +bool sk_capable(const struct sock *sk, int cap)
    2077 +{
    2078 + return sk_ns_capable(sk, &init_user_ns, cap);
    2079 +}
    2080 +EXPORT_SYMBOL(sk_capable);
    2081 +
    2082 +/**
    2083 + * sk_net_capable - Network namespace socket capability test
    2084 + * @sk: Socket to use a capability on or through
    2085 + * @cap: The capability to use
    2086 + *
    2087 + * Test to see if the opener of the socket had when the socke was created
    2088 + * and the current process has the capability @cap over the network namespace
    2089 + * the socket is a member of.
    2090 + */
    2091 +bool sk_net_capable(const struct sock *sk, int cap)
    2092 +{
    2093 + return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
    2094 +}
    2095 +EXPORT_SYMBOL(sk_net_capable);
    2096 +
    2097 +
    2098 #ifdef CONFIG_MEMCG_KMEM
    2099 int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
    2100 {
    2101 diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
    2102 index 6a7fae228634..c38e7a2b5a8e 100644
    2103 --- a/net/core/sock_diag.c
    2104 +++ b/net/core/sock_diag.c
    2105 @@ -49,7 +49,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype)
    2106 }
    2107 EXPORT_SYMBOL_GPL(sock_diag_put_meminfo);
    2108
    2109 -int sock_diag_put_filterinfo(struct sock *sk,
    2110 +int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk,
    2111 struct sk_buff *skb, int attrtype)
    2112 {
    2113 struct nlattr *attr;
    2114 @@ -57,7 +57,7 @@ int sock_diag_put_filterinfo(struct sock *sk,
    2115 unsigned int len;
    2116 int err = 0;
    2117
    2118 - if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
    2119 + if (!may_report_filterinfo) {
    2120 nla_reserve(skb, attrtype, 0);
    2121 return 0;
    2122 }
    2123 diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
    2124 index 553644402670..f8b98d89c285 100644
    2125 --- a/net/dcb/dcbnl.c
    2126 +++ b/net/dcb/dcbnl.c
    2127 @@ -1669,7 +1669,7 @@ static int dcb_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
    2128 struct nlmsghdr *reply_nlh = NULL;
    2129 const struct reply_func *fn;
    2130
    2131 - if ((nlh->nlmsg_type == RTM_SETDCB) && !capable(CAP_NET_ADMIN))
    2132 + if ((nlh->nlmsg_type == RTM_SETDCB) && !netlink_capable(skb, CAP_NET_ADMIN))
    2133 return -EPERM;
    2134
    2135 ret = nlmsg_parse(nlh, sizeof(*dcb), tb, DCB_ATTR_MAX,
    2136 diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
    2137 index a603823a3e27..3b726f31c64c 100644
    2138 --- a/net/decnet/dn_dev.c
    2139 +++ b/net/decnet/dn_dev.c
    2140 @@ -574,7 +574,7 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh)
    2141 struct dn_ifaddr __rcu **ifap;
    2142 int err = -EINVAL;
    2143
    2144 - if (!capable(CAP_NET_ADMIN))
    2145 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2146 return -EPERM;
    2147
    2148 if (!net_eq(net, &init_net))
    2149 @@ -618,7 +618,7 @@ static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh)
    2150 struct dn_ifaddr *ifa;
    2151 int err;
    2152
    2153 - if (!capable(CAP_NET_ADMIN))
    2154 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2155 return -EPERM;
    2156
    2157 if (!net_eq(net, &init_net))
    2158 diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
    2159 index 57dc159245ec..d332aefb0846 100644
    2160 --- a/net/decnet/dn_fib.c
    2161 +++ b/net/decnet/dn_fib.c
    2162 @@ -505,7 +505,7 @@ static int dn_fib_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh)
    2163 struct nlattr *attrs[RTA_MAX+1];
    2164 int err;
    2165
    2166 - if (!capable(CAP_NET_ADMIN))
    2167 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2168 return -EPERM;
    2169
    2170 if (!net_eq(net, &init_net))
    2171 @@ -530,7 +530,7 @@ static int dn_fib_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh)
    2172 struct nlattr *attrs[RTA_MAX+1];
    2173 int err;
    2174
    2175 - if (!capable(CAP_NET_ADMIN))
    2176 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2177 return -EPERM;
    2178
    2179 if (!net_eq(net, &init_net))
    2180 diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
    2181 index e83015cecfa7..e4d9560a910b 100644
    2182 --- a/net/decnet/netfilter/dn_rtmsg.c
    2183 +++ b/net/decnet/netfilter/dn_rtmsg.c
    2184 @@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
    2185 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
    2186 return;
    2187
    2188 - if (!capable(CAP_NET_ADMIN))
    2189 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2190 RCV_SKB_FAIL(-EPERM);
    2191
    2192 /* Eventually we might send routing messages too */
    2193 diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
    2194 index 8b5134c582f1..a3095fdefbed 100644
    2195 --- a/net/ipv4/datagram.c
    2196 +++ b/net/ipv4/datagram.c
    2197 @@ -86,18 +86,26 @@ out:
    2198 }
    2199 EXPORT_SYMBOL(ip4_datagram_connect);
    2200
    2201 +/* Because UDP xmit path can manipulate sk_dst_cache without holding
    2202 + * socket lock, we need to use sk_dst_set() here,
    2203 + * even if we own the socket lock.
    2204 + */
    2205 void ip4_datagram_release_cb(struct sock *sk)
    2206 {
    2207 const struct inet_sock *inet = inet_sk(sk);
    2208 const struct ip_options_rcu *inet_opt;
    2209 __be32 daddr = inet->inet_daddr;
    2210 + struct dst_entry *dst;
    2211 struct flowi4 fl4;
    2212 struct rtable *rt;
    2213
    2214 - if (! __sk_dst_get(sk) || __sk_dst_check(sk, 0))
    2215 - return;
    2216 -
    2217 rcu_read_lock();
    2218 +
    2219 + dst = __sk_dst_get(sk);
    2220 + if (!dst || !dst->obsolete || dst->ops->check(dst, 0)) {
    2221 + rcu_read_unlock();
    2222 + return;
    2223 + }
    2224 inet_opt = rcu_dereference(inet->inet_opt);
    2225 if (inet_opt && inet_opt->opt.srr)
    2226 daddr = inet_opt->opt.faddr;
    2227 @@ -105,8 +113,10 @@ void ip4_datagram_release_cb(struct sock *sk)
    2228 inet->inet_saddr, inet->inet_dport,
    2229 inet->inet_sport, sk->sk_protocol,
    2230 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if);
    2231 - if (!IS_ERR(rt))
    2232 - __sk_dst_set(sk, &rt->dst);
    2233 +
    2234 + dst = !IS_ERR(rt) ? &rt->dst : NULL;
    2235 + sk_dst_set(sk, dst);
    2236 +
    2237 rcu_read_unlock();
    2238 }
    2239 EXPORT_SYMBOL_GPL(ip4_datagram_release_cb);
    2240 diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
    2241 index 812b18351462..62eaa005e146 100644
    2242 --- a/net/ipv4/ipip.c
    2243 +++ b/net/ipv4/ipip.c
    2244 @@ -149,13 +149,13 @@ static int ipip_err(struct sk_buff *skb, u32 info)
    2245
    2246 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
    2247 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
    2248 - t->dev->ifindex, 0, IPPROTO_IPIP, 0);
    2249 + t->parms.link, 0, IPPROTO_IPIP, 0);
    2250 err = 0;
    2251 goto out;
    2252 }
    2253
    2254 if (type == ICMP_REDIRECT) {
    2255 - ipv4_redirect(skb, dev_net(skb->dev), t->dev->ifindex, 0,
    2256 + ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
    2257 IPPROTO_IPIP, 0);
    2258 err = 0;
    2259 goto out;
    2260 @@ -486,4 +486,5 @@ static void __exit ipip_fini(void)
    2261 module_init(ipip_init);
    2262 module_exit(ipip_fini);
    2263 MODULE_LICENSE("GPL");
    2264 +MODULE_ALIAS_RTNL_LINK("ipip");
    2265 MODULE_ALIAS_NETDEV("tunl0");
    2266 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
    2267 index eeaac399420d..e3647465138b 100644
    2268 --- a/net/ipv4/tcp_input.c
    2269 +++ b/net/ipv4/tcp_input.c
    2270 @@ -2683,13 +2683,12 @@ static void tcp_process_loss(struct sock *sk, int flag, bool is_dupack)
    2271 bool recovered = !before(tp->snd_una, tp->high_seq);
    2272
    2273 if (tp->frto) { /* F-RTO RFC5682 sec 3.1 (sack enhanced version). */
    2274 - if (flag & FLAG_ORIG_SACK_ACKED) {
    2275 - /* Step 3.b. A timeout is spurious if not all data are
    2276 - * lost, i.e., never-retransmitted data are (s)acked.
    2277 - */
    2278 - tcp_try_undo_loss(sk, true);
    2279 + /* Step 3.b. A timeout is spurious if not all data are
    2280 + * lost, i.e., never-retransmitted data are (s)acked.
    2281 + */
    2282 + if (tcp_try_undo_loss(sk, flag & FLAG_ORIG_SACK_ACKED))
    2283 return;
    2284 - }
    2285 +
    2286 if (after(tp->snd_nxt, tp->high_seq) &&
    2287 (flag & FLAG_DATA_SACKED || is_dupack)) {
    2288 tp->frto = 0; /* Loss was real: 2nd part of step 3.a */
    2289 diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
    2290 index 77bd16fa9f34..b25e852625d8 100644
    2291 --- a/net/ipv4/udp.c
    2292 +++ b/net/ipv4/udp.c
    2293 @@ -1833,6 +1833,10 @@ static struct sock *__udp4_lib_mcast_demux_lookup(struct net *net,
    2294 unsigned int count, slot = udp_hashfn(net, hnum, udp_table.mask);
    2295 struct udp_hslot *hslot = &udp_table.hash[slot];
    2296
    2297 + /* Do not bother scanning a too big list */
    2298 + if (hslot->count > 10)
    2299 + return NULL;
    2300 +
    2301 rcu_read_lock();
    2302 begin:
    2303 count = 0;
    2304 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
    2305 index 0e51f68ab163..912033957ad3 100644
    2306 --- a/net/ipv6/ip6_tunnel.c
    2307 +++ b/net/ipv6/ip6_tunnel.c
    2308 @@ -61,6 +61,7 @@
    2309 MODULE_AUTHOR("Ville Nuorvala");
    2310 MODULE_DESCRIPTION("IPv6 tunneling device");
    2311 MODULE_LICENSE("GPL");
    2312 +MODULE_ALIAS_RTNL_LINK("ip6tnl");
    2313 MODULE_ALIAS_NETDEV("ip6tnl0");
    2314
    2315 #ifdef IP6_TNL_DEBUG
    2316 diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
    2317 index 827f795209cf..b31a01263185 100644
    2318 --- a/net/ipv6/output_core.c
    2319 +++ b/net/ipv6/output_core.c
    2320 @@ -10,7 +10,7 @@
    2321 void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
    2322 {
    2323 static atomic_t ipv6_fragmentation_id;
    2324 - int old, new;
    2325 + int ident;
    2326
    2327 #if IS_ENABLED(CONFIG_IPV6)
    2328 if (rt && !(rt->dst.flags & DST_NOPEER)) {
    2329 @@ -26,13 +26,8 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
    2330 }
    2331 }
    2332 #endif
    2333 - do {
    2334 - old = atomic_read(&ipv6_fragmentation_id);
    2335 - new = old + 1;
    2336 - if (!new)
    2337 - new = 1;
    2338 - } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old);
    2339 - fhdr->identification = htonl(new);
    2340 + ident = atomic_inc_return(&ipv6_fragmentation_id);
    2341 + fhdr->identification = htonl(ident);
    2342 }
    2343 EXPORT_SYMBOL(ipv6_select_ident);
    2344
    2345 diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
    2346 index b4d74c86586c..fe548ba72687 100644
    2347 --- a/net/ipv6/sit.c
    2348 +++ b/net/ipv6/sit.c
    2349 @@ -560,12 +560,12 @@ static int ipip6_err(struct sk_buff *skb, u32 info)
    2350
    2351 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
    2352 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
    2353 - t->dev->ifindex, 0, IPPROTO_IPV6, 0);
    2354 + t->parms.link, 0, IPPROTO_IPV6, 0);
    2355 err = 0;
    2356 goto out;
    2357 }
    2358 if (type == ICMP_REDIRECT) {
    2359 - ipv4_redirect(skb, dev_net(skb->dev), t->dev->ifindex, 0,
    2360 + ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
    2361 IPPROTO_IPV6, 0);
    2362 err = 0;
    2363 goto out;
    2364 @@ -1850,4 +1850,5 @@ xfrm_tunnel_failed:
    2365 module_init(sit_init);
    2366 module_exit(sit_cleanup);
    2367 MODULE_LICENSE("GPL");
    2368 +MODULE_ALIAS_RTNL_LINK("sit");
    2369 MODULE_ALIAS_NETDEV("sit0");
    2370 diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
    2371 index 1e586d92260e..20b63d2ab70f 100644
    2372 --- a/net/ipv6/udp.c
    2373 +++ b/net/ipv6/udp.c
    2374 @@ -716,15 +716,15 @@ static struct sock *udp_v6_mcast_next(struct net *net, struct sock *sk,
    2375 if (inet->inet_dport != rmt_port)
    2376 continue;
    2377 }
    2378 - if (!ipv6_addr_any(&sk->sk_v6_daddr) &&
    2379 - !ipv6_addr_equal(&sk->sk_v6_daddr, rmt_addr))
    2380 + if (!ipv6_addr_any(&s->sk_v6_daddr) &&
    2381 + !ipv6_addr_equal(&s->sk_v6_daddr, rmt_addr))
    2382 continue;
    2383
    2384 if (s->sk_bound_dev_if && s->sk_bound_dev_if != dif)
    2385 continue;
    2386
    2387 - if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) {
    2388 - if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, loc_addr))
    2389 + if (!ipv6_addr_any(&s->sk_v6_rcv_saddr)) {
    2390 + if (!ipv6_addr_equal(&s->sk_v6_rcv_saddr, loc_addr))
    2391 continue;
    2392 }
    2393 if (!inet6_mc_check(s, loc_addr, rmt_addr))
    2394 diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
    2395 index ce1c44370610..8f7fabc46c97 100644
    2396 --- a/net/mac80211/iface.c
    2397 +++ b/net/mac80211/iface.c
    2398 @@ -1761,7 +1761,6 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
    2399 }
    2400 mutex_unlock(&local->iflist_mtx);
    2401 unregister_netdevice_many(&unreg_list);
    2402 - list_del(&unreg_list);
    2403
    2404 list_for_each_entry_safe(sdata, tmp, &wdev_list, list) {
    2405 list_del(&sdata->list);
    2406 diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
    2407 index 880418d3ee50..bf8a108b46e2 100644
    2408 --- a/net/netfilter/nfnetlink.c
    2409 +++ b/net/netfilter/nfnetlink.c
    2410 @@ -367,7 +367,7 @@ static void nfnetlink_rcv(struct sk_buff *skb)
    2411 skb->len < nlh->nlmsg_len)
    2412 return;
    2413
    2414 - if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
    2415 + if (!netlink_net_capable(skb, CAP_NET_ADMIN)) {
    2416 netlink_ack(skb, nlh, -EPERM);
    2417 return;
    2418 }
    2419 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
    2420 index 04748ab649c2..7f40fd25acae 100644
    2421 --- a/net/netlink/af_netlink.c
    2422 +++ b/net/netlink/af_netlink.c
    2423 @@ -1360,7 +1360,74 @@ retry:
    2424 return err;
    2425 }
    2426
    2427 -static inline int netlink_capable(const struct socket *sock, unsigned int flag)
    2428 +/**
    2429 + * __netlink_ns_capable - General netlink message capability test
    2430 + * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
    2431 + * @user_ns: The user namespace of the capability to use
    2432 + * @cap: The capability to use
    2433 + *
    2434 + * Test to see if the opener of the socket we received the message
    2435 + * from had when the netlink socket was created and the sender of the
    2436 + * message has has the capability @cap in the user namespace @user_ns.
    2437 + */
    2438 +bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
    2439 + struct user_namespace *user_ns, int cap)
    2440 +{
    2441 + return ((nsp->flags & NETLINK_SKB_DST) ||
    2442 + file_ns_capable(nsp->sk->sk_socket->file, user_ns, cap)) &&
    2443 + ns_capable(user_ns, cap);
    2444 +}
    2445 +EXPORT_SYMBOL(__netlink_ns_capable);
    2446 +
    2447 +/**
    2448 + * netlink_ns_capable - General netlink message capability test
    2449 + * @skb: socket buffer holding a netlink command from userspace
    2450 + * @user_ns: The user namespace of the capability to use
    2451 + * @cap: The capability to use
    2452 + *
    2453 + * Test to see if the opener of the socket we received the message
    2454 + * from had when the netlink socket was created and the sender of the
    2455 + * message has has the capability @cap in the user namespace @user_ns.
    2456 + */
    2457 +bool netlink_ns_capable(const struct sk_buff *skb,
    2458 + struct user_namespace *user_ns, int cap)
    2459 +{
    2460 + return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
    2461 +}
    2462 +EXPORT_SYMBOL(netlink_ns_capable);
    2463 +
    2464 +/**
    2465 + * netlink_capable - Netlink global message capability test
    2466 + * @skb: socket buffer holding a netlink command from userspace
    2467 + * @cap: The capability to use
    2468 + *
    2469 + * Test to see if the opener of the socket we received the message
    2470 + * from had when the netlink socket was created and the sender of the
    2471 + * message has has the capability @cap in all user namespaces.
    2472 + */
    2473 +bool netlink_capable(const struct sk_buff *skb, int cap)
    2474 +{
    2475 + return netlink_ns_capable(skb, &init_user_ns, cap);
    2476 +}
    2477 +EXPORT_SYMBOL(netlink_capable);
    2478 +
    2479 +/**
    2480 + * netlink_net_capable - Netlink network namespace message capability test
    2481 + * @skb: socket buffer holding a netlink command from userspace
    2482 + * @cap: The capability to use
    2483 + *
    2484 + * Test to see if the opener of the socket we received the message
    2485 + * from had when the netlink socket was created and the sender of the
    2486 + * message has has the capability @cap over the network namespace of
    2487 + * the socket we received the message from.
    2488 + */
    2489 +bool netlink_net_capable(const struct sk_buff *skb, int cap)
    2490 +{
    2491 + return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
    2492 +}
    2493 +EXPORT_SYMBOL(netlink_net_capable);
    2494 +
    2495 +static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
    2496 {
    2497 return (nl_table[sock->sk->sk_protocol].flags & flag) ||
    2498 ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
    2499 @@ -1428,7 +1495,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
    2500
    2501 /* Only superuser is allowed to listen multicasts */
    2502 if (nladdr->nl_groups) {
    2503 - if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
    2504 + if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
    2505 return -EPERM;
    2506 err = netlink_realloc_groups(sk);
    2507 if (err)
    2508 @@ -1490,7 +1557,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
    2509 return -EINVAL;
    2510
    2511 if ((nladdr->nl_groups || nladdr->nl_pid) &&
    2512 - !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
    2513 + !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
    2514 return -EPERM;
    2515
    2516 if (!nlk->portid)
    2517 @@ -2096,7 +2163,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
    2518 break;
    2519 case NETLINK_ADD_MEMBERSHIP:
    2520 case NETLINK_DROP_MEMBERSHIP: {
    2521 - if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
    2522 + if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
    2523 return -EPERM;
    2524 err = netlink_realloc_groups(sk);
    2525 if (err)
    2526 @@ -2228,6 +2295,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
    2527 struct sk_buff *skb;
    2528 int err;
    2529 struct scm_cookie scm;
    2530 + u32 netlink_skb_flags = 0;
    2531
    2532 if (msg->msg_flags&MSG_OOB)
    2533 return -EOPNOTSUPP;
    2534 @@ -2247,8 +2315,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
    2535 dst_group = ffs(addr->nl_groups);
    2536 err = -EPERM;
    2537 if ((dst_group || dst_portid) &&
    2538 - !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
    2539 + !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
    2540 goto out;
    2541 + netlink_skb_flags |= NETLINK_SKB_DST;
    2542 } else {
    2543 dst_portid = nlk->dst_portid;
    2544 dst_group = nlk->dst_group;
    2545 @@ -2278,6 +2347,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
    2546 NETLINK_CB(skb).portid = nlk->portid;
    2547 NETLINK_CB(skb).dst_group = dst_group;
    2548 NETLINK_CB(skb).creds = siocb->scm->creds;
    2549 + NETLINK_CB(skb).flags = netlink_skb_flags;
    2550
    2551 err = -EFAULT;
    2552 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
    2553 diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
    2554 index b1dcdb932a86..a3ba3ca0ff92 100644
    2555 --- a/net/netlink/genetlink.c
    2556 +++ b/net/netlink/genetlink.c
    2557 @@ -561,7 +561,7 @@ static int genl_family_rcv_msg(struct genl_family *family,
    2558 return -EOPNOTSUPP;
    2559
    2560 if ((ops->flags & GENL_ADMIN_PERM) &&
    2561 - !capable(CAP_NET_ADMIN))
    2562 + !netlink_capable(skb, CAP_NET_ADMIN))
    2563 return -EPERM;
    2564
    2565 if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
    2566 diff --git a/net/packet/diag.c b/net/packet/diag.c
    2567 index 435ff99ba8c7..92f2c7107eec 100644
    2568 --- a/net/packet/diag.c
    2569 +++ b/net/packet/diag.c
    2570 @@ -128,6 +128,7 @@ static int pdiag_put_fanout(struct packet_sock *po, struct sk_buff *nlskb)
    2571
    2572 static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
    2573 struct packet_diag_req *req,
    2574 + bool may_report_filterinfo,
    2575 struct user_namespace *user_ns,
    2576 u32 portid, u32 seq, u32 flags, int sk_ino)
    2577 {
    2578 @@ -172,7 +173,8 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
    2579 goto out_nlmsg_trim;
    2580
    2581 if ((req->pdiag_show & PACKET_SHOW_FILTER) &&
    2582 - sock_diag_put_filterinfo(sk, skb, PACKET_DIAG_FILTER))
    2583 + sock_diag_put_filterinfo(may_report_filterinfo, sk, skb,
    2584 + PACKET_DIAG_FILTER))
    2585 goto out_nlmsg_trim;
    2586
    2587 return nlmsg_end(skb, nlh);
    2588 @@ -188,9 +190,11 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
    2589 struct packet_diag_req *req;
    2590 struct net *net;
    2591 struct sock *sk;
    2592 + bool may_report_filterinfo;
    2593
    2594 net = sock_net(skb->sk);
    2595 req = nlmsg_data(cb->nlh);
    2596 + may_report_filterinfo = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
    2597
    2598 mutex_lock(&net->packet.sklist_lock);
    2599 sk_for_each(sk, &net->packet.sklist) {
    2600 @@ -200,6 +204,7 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
    2601 goto next;
    2602
    2603 if (sk_diag_fill(sk, skb, req,
    2604 + may_report_filterinfo,
    2605 sk_user_ns(NETLINK_CB(cb->skb).sk),
    2606 NETLINK_CB(cb->skb).portid,
    2607 cb->nlh->nlmsg_seq, NLM_F_MULTI,
    2608 diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
    2609 index dc15f4300808..b64151ade6b3 100644
    2610 --- a/net/phonet/pn_netlink.c
    2611 +++ b/net/phonet/pn_netlink.c
    2612 @@ -70,10 +70,10 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
    2613 int err;
    2614 u8 pnaddr;
    2615
    2616 - if (!capable(CAP_NET_ADMIN))
    2617 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2618 return -EPERM;
    2619
    2620 - if (!capable(CAP_SYS_ADMIN))
    2621 + if (!netlink_capable(skb, CAP_SYS_ADMIN))
    2622 return -EPERM;
    2623
    2624 ASSERT_RTNL();
    2625 @@ -233,10 +233,10 @@ static int route_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
    2626 int err;
    2627 u8 dst;
    2628
    2629 - if (!capable(CAP_NET_ADMIN))
    2630 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2631 return -EPERM;
    2632
    2633 - if (!capable(CAP_SYS_ADMIN))
    2634 + if (!netlink_capable(skb, CAP_SYS_ADMIN))
    2635 return -EPERM;
    2636
    2637 ASSERT_RTNL();
    2638 diff --git a/net/sched/act_api.c b/net/sched/act_api.c
    2639 index 72bdc7166345..3b2265523552 100644
    2640 --- a/net/sched/act_api.c
    2641 +++ b/net/sched/act_api.c
    2642 @@ -908,7 +908,7 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n)
    2643 u32 portid = skb ? NETLINK_CB(skb).portid : 0;
    2644 int ret = 0, ovr = 0;
    2645
    2646 - if ((n->nlmsg_type != RTM_GETACTION) && !capable(CAP_NET_ADMIN))
    2647 + if ((n->nlmsg_type != RTM_GETACTION) && !netlink_capable(skb, CAP_NET_ADMIN))
    2648 return -EPERM;
    2649
    2650 ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL);
    2651 diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
    2652 index 29a30a14c315..bdbdb1a7920a 100644
    2653 --- a/net/sched/cls_api.c
    2654 +++ b/net/sched/cls_api.c
    2655 @@ -134,7 +134,7 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n)
    2656 int err;
    2657 int tp_created = 0;
    2658
    2659 - if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN))
    2660 + if ((n->nlmsg_type != RTM_GETTFILTER) && !netlink_capable(skb, CAP_NET_ADMIN))
    2661 return -EPERM;
    2662
    2663 replay:
    2664 diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
    2665 index a07d55e75698..98532cfa7823 100644
    2666 --- a/net/sched/sch_api.c
    2667 +++ b/net/sched/sch_api.c
    2668 @@ -1084,7 +1084,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
    2669 struct Qdisc *p = NULL;
    2670 int err;
    2671
    2672 - if ((n->nlmsg_type != RTM_GETQDISC) && !capable(CAP_NET_ADMIN))
    2673 + if ((n->nlmsg_type != RTM_GETQDISC) && !netlink_capable(skb, CAP_NET_ADMIN))
    2674 return -EPERM;
    2675
    2676 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
    2677 @@ -1151,7 +1151,7 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
    2678 struct Qdisc *q, *p;
    2679 int err;
    2680
    2681 - if (!capable(CAP_NET_ADMIN))
    2682 + if (!netlink_capable(skb, CAP_NET_ADMIN))
    2683 return -EPERM;
    2684
    2685 replay:
    2686 @@ -1491,7 +1491,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n)
    2687 u32 qid;
    2688 int err;
    2689
    2690 - if ((n->nlmsg_type != RTM_GETTCLASS) && !capable(CAP_NET_ADMIN))
    2691 + if ((n->nlmsg_type != RTM_GETTCLASS) && !netlink_capable(skb, CAP_NET_ADMIN))
    2692 return -EPERM;
    2693
    2694 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
    2695 diff --git a/net/sctp/associola.c b/net/sctp/associola.c
    2696 index 878e17aafbe5..a4d570126f5d 100644
    2697 --- a/net/sctp/associola.c
    2698 +++ b/net/sctp/associola.c
    2699 @@ -330,7 +330,7 @@ void sctp_association_free(struct sctp_association *asoc)
    2700 /* Only real associations count against the endpoint, so
    2701 * don't bother for if this is a temporary association.
    2702 */
    2703 - if (!asoc->temp) {
    2704 + if (!list_empty(&asoc->asocs)) {
    2705 list_del(&asoc->asocs);
    2706
    2707 /* Decrement the backlog value for a TCP-style listening
    2708 diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
    2709 index 3aaf73de9e2d..ad844d365340 100644
    2710 --- a/net/tipc/netlink.c
    2711 +++ b/net/tipc/netlink.c
    2712 @@ -47,7 +47,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
    2713 int hdr_space = nlmsg_total_size(GENL_HDRLEN + TIPC_GENL_HDRLEN);
    2714 u16 cmd;
    2715
    2716 - if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN)))
    2717 + if ((req_userhdr->cmd & 0xC000) && (!netlink_capable(skb, CAP_NET_ADMIN)))
    2718 cmd = TIPC_CMD_NOT_NET_ADMIN;
    2719 else
    2720 cmd = req_userhdr->cmd;
    2721 diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
    2722 index 2f7ddc3a59b4..b10d04fa3933 100644
    2723 --- a/net/xfrm/xfrm_user.c
    2724 +++ b/net/xfrm/xfrm_user.c
    2725 @@ -2350,7 +2350,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
    2726 link = &xfrm_dispatch[type];
    2727
    2728 /* All operations require privileges, even GET */
    2729 - if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
    2730 + if (!netlink_net_capable(skb, CAP_NET_ADMIN))
    2731 return -EPERM;
    2732
    2733 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
    2734 diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
    2735 index 336b3ddfe63f..3c5cbb977254 100644
    2736 --- a/security/integrity/evm/evm_main.c
    2737 +++ b/security/integrity/evm/evm_main.c
    2738 @@ -285,12 +285,20 @@ out:
    2739 * @xattr_value: pointer to the new extended attribute value
    2740 * @xattr_value_len: pointer to the new extended attribute value length
    2741 *
    2742 - * Updating 'security.evm' requires CAP_SYS_ADMIN privileges and that
    2743 - * the current value is valid.
    2744 + * Before allowing the 'security.evm' protected xattr to be updated,
    2745 + * verify the existing value is valid. As only the kernel should have
    2746 + * access to the EVM encrypted key needed to calculate the HMAC, prevent
    2747 + * userspace from writing HMAC value. Writing 'security.evm' requires
    2748 + * requires CAP_SYS_ADMIN privileges.
    2749 */
    2750 int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name,
    2751 const void *xattr_value, size_t xattr_value_len)
    2752 {
    2753 + const struct evm_ima_xattr_data *xattr_data = xattr_value;
    2754 +
    2755 + if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0)
    2756 + && (xattr_data->type == EVM_XATTR_HMAC))
    2757 + return -EPERM;
    2758 return evm_protect_xattr(dentry, xattr_name, xattr_value,
    2759 xattr_value_len);
    2760 }
    2761 diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
    2762 index c38bbce8c6a6..025824af08e0 100644
    2763 --- a/security/integrity/ima/ima_api.c
    2764 +++ b/security/integrity/ima/ima_api.c
    2765 @@ -199,6 +199,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
    2766 struct evm_ima_xattr_data **xattr_value,
    2767 int *xattr_len)
    2768 {
    2769 + const char *audit_cause = "failed";
    2770 struct inode *inode = file_inode(file);
    2771 const char *filename = file->f_dentry->d_name.name;
    2772 int result = 0;
    2773 @@ -213,6 +214,12 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
    2774 if (!(iint->flags & IMA_COLLECTED)) {
    2775 u64 i_version = file_inode(file)->i_version;
    2776
    2777 + if (file->f_flags & O_DIRECT) {
    2778 + audit_cause = "failed(directio)";
    2779 + result = -EACCES;
    2780 + goto out;
    2781 + }
    2782 +
    2783 /* use default hash algorithm */
    2784 hash.hdr.algo = ima_hash_algo;
    2785
    2786 @@ -233,9 +240,10 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
    2787 result = -ENOMEM;
    2788 }
    2789 }
    2790 +out:
    2791 if (result)
    2792 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode,
    2793 - filename, "collect_data", "failed",
    2794 + filename, "collect_data", audit_cause,
    2795 result, 0);
    2796 return result;
    2797 }
    2798 diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
    2799 index fdf60def52e9..b5c126fe0bd9 100644
    2800 --- a/security/integrity/ima/ima_crypto.c
    2801 +++ b/security/integrity/ima/ima_crypto.c
    2802 @@ -25,6 +25,36 @@
    2803
    2804 static struct crypto_shash *ima_shash_tfm;
    2805
    2806 +/**
    2807 + * ima_kernel_read - read file content
    2808 + *
    2809 + * This is a function for reading file content instead of kernel_read().
    2810 + * It does not perform locking checks to ensure it cannot be blocked.
    2811 + * It does not perform security checks because it is irrelevant for IMA.
    2812 + *
    2813 + */
    2814 +static int ima_kernel_read(struct file *file, loff_t offset,
    2815 + char *addr, unsigned long count)
    2816 +{
    2817 + mm_segment_t old_fs;
    2818 + char __user *buf = addr;
    2819 + ssize_t ret;
    2820 +
    2821 + if (!(file->f_mode & FMODE_READ))
    2822 + return -EBADF;
    2823 + if (!file->f_op->read && !file->f_op->aio_read)
    2824 + return -EINVAL;
    2825 +
    2826 + old_fs = get_fs();
    2827 + set_fs(get_ds());
    2828 + if (file->f_op->read)
    2829 + ret = file->f_op->read(file, buf, count, &offset);
    2830 + else
    2831 + ret = do_sync_read(file, buf, count, &offset);
    2832 + set_fs(old_fs);
    2833 + return ret;
    2834 +}
    2835 +
    2836 int ima_init_crypto(void)
    2837 {
    2838 long rc;
    2839 @@ -98,7 +128,7 @@ static int ima_calc_file_hash_tfm(struct file *file,
    2840 while (offset < i_size) {
    2841 int rbuf_len;
    2842
    2843 - rbuf_len = kernel_read(file, offset, rbuf, PAGE_SIZE);
    2844 + rbuf_len = ima_kernel_read(file, offset, rbuf, PAGE_SIZE);
    2845 if (rbuf_len < 0) {
    2846 rc = rbuf_len;
    2847 break;
    2848 diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
    2849 index 149ee1119f87..76d8aad146a8 100644
    2850 --- a/security/integrity/ima/ima_main.c
    2851 +++ b/security/integrity/ima/ima_main.c
    2852 @@ -217,8 +217,11 @@ static int process_measurement(struct file *file, const char *filename,
    2853 xattr_ptr = &xattr_value;
    2854
    2855 rc = ima_collect_measurement(iint, file, xattr_ptr, &xattr_len);
    2856 - if (rc != 0)
    2857 + if (rc != 0) {
    2858 + if (file->f_flags & O_DIRECT)
    2859 + rc = (iint->flags & IMA_PERMIT_DIRECTIO) ? 0 : -EACCES;
    2860 goto out_digsig;
    2861 + }
    2862
    2863 pathname = !filename ? ima_d_path(&file->f_path, &pathbuf) : filename;
    2864 if (!pathname)
    2865 diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
    2866 index a9c3d3cd1990..085c4964be99 100644
    2867 --- a/security/integrity/ima/ima_policy.c
    2868 +++ b/security/integrity/ima/ima_policy.c
    2869 @@ -351,7 +351,7 @@ enum {
    2870 Opt_obj_user, Opt_obj_role, Opt_obj_type,
    2871 Opt_subj_user, Opt_subj_role, Opt_subj_type,
    2872 Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner,
    2873 - Opt_appraise_type, Opt_fsuuid
    2874 + Opt_appraise_type, Opt_fsuuid, Opt_permit_directio
    2875 };
    2876
    2877 static match_table_t policy_tokens = {
    2878 @@ -373,6 +373,7 @@ static match_table_t policy_tokens = {
    2879 {Opt_uid, "uid=%s"},
    2880 {Opt_fowner, "fowner=%s"},
    2881 {Opt_appraise_type, "appraise_type=%s"},
    2882 + {Opt_permit_directio, "permit_directio"},
    2883 {Opt_err, NULL}
    2884 };
    2885
    2886 @@ -621,6 +622,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
    2887 else
    2888 result = -EINVAL;
    2889 break;
    2890 + case Opt_permit_directio:
    2891 + entry->flags |= IMA_PERMIT_DIRECTIO;
    2892 + break;
    2893 case Opt_err:
    2894 ima_log_string(ab, "UNKNOWN", p);
    2895 result = -EINVAL;
    2896 diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
    2897 index 2fb5e53e927f..33c0a70f6b15 100644
    2898 --- a/security/integrity/integrity.h
    2899 +++ b/security/integrity/integrity.h
    2900 @@ -30,6 +30,7 @@
    2901 #define IMA_ACTION_FLAGS 0xff000000
    2902 #define IMA_DIGSIG 0x01000000
    2903 #define IMA_DIGSIG_REQUIRED 0x02000000
    2904 +#define IMA_PERMIT_DIRECTIO 0x04000000
    2905
    2906 #define IMA_DO_MASK (IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \
    2907 IMA_APPRAISE_SUBMASK)
    2908 diff --git a/sound/core/control.c b/sound/core/control.c
    2909 index d8aa206e8bde..98a29b26c5f4 100644
    2910 --- a/sound/core/control.c
    2911 +++ b/sound/core/control.c
    2912 @@ -289,6 +289,10 @@ static bool snd_ctl_remove_numid_conflict(struct snd_card *card,
    2913 {
    2914 struct snd_kcontrol *kctl;
    2915
    2916 + /* Make sure that the ids assigned to the control do not wrap around */
    2917 + if (card->last_numid >= UINT_MAX - count)
    2918 + card->last_numid = 0;
    2919 +
    2920 list_for_each_entry(kctl, &card->controls, list) {
    2921 if (kctl->id.numid < card->last_numid + 1 + count &&
    2922 kctl->id.numid + kctl->count > card->last_numid + 1) {
    2923 @@ -331,6 +335,7 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
    2924 {
    2925 struct snd_ctl_elem_id id;
    2926 unsigned int idx;
    2927 + unsigned int count;
    2928 int err = -EINVAL;
    2929
    2930 if (! kcontrol)
    2931 @@ -338,6 +343,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
    2932 if (snd_BUG_ON(!card || !kcontrol->info))
    2933 goto error;
    2934 id = kcontrol->id;
    2935 + if (id.index > UINT_MAX - kcontrol->count)
    2936 + goto error;
    2937 +
    2938 down_write(&card->controls_rwsem);
    2939 if (snd_ctl_find_id(card, &id)) {
    2940 up_write(&card->controls_rwsem);
    2941 @@ -359,8 +367,9 @@ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
    2942 card->controls_count += kcontrol->count;
    2943 kcontrol->id.numid = card->last_numid + 1;
    2944 card->last_numid += kcontrol->count;
    2945 + count = kcontrol->count;
    2946 up_write(&card->controls_rwsem);
    2947 - for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
    2948 + for (idx = 0; idx < count; idx++, id.index++, id.numid++)
    2949 snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
    2950 return 0;
    2951
    2952 @@ -389,6 +398,7 @@ int snd_ctl_replace(struct snd_card *card, struct snd_kcontrol *kcontrol,
    2953 bool add_on_replace)
    2954 {
    2955 struct snd_ctl_elem_id id;
    2956 + unsigned int count;
    2957 unsigned int idx;
    2958 struct snd_kcontrol *old;
    2959 int ret;
    2960 @@ -424,8 +434,9 @@ add:
    2961 card->controls_count += kcontrol->count;
    2962 kcontrol->id.numid = card->last_numid + 1;
    2963 card->last_numid += kcontrol->count;
    2964 + count = kcontrol->count;
    2965 up_write(&card->controls_rwsem);
    2966 - for (idx = 0; idx < kcontrol->count; idx++, id.index++, id.numid++)
    2967 + for (idx = 0; idx < count; idx++, id.index++, id.numid++)
    2968 snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
    2969 return 0;
    2970
    2971 @@ -898,9 +909,9 @@ static int snd_ctl_elem_write(struct snd_card *card, struct snd_ctl_file *file,
    2972 result = kctl->put(kctl, control);
    2973 }
    2974 if (result > 0) {
    2975 + struct snd_ctl_elem_id id = control->id;
    2976 up_read(&card->controls_rwsem);
    2977 - snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE,
    2978 - &control->id);
    2979 + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_VALUE, &id);
    2980 return 0;
    2981 }
    2982 }
    2983 @@ -992,6 +1003,7 @@ static int snd_ctl_elem_unlock(struct snd_ctl_file *file,
    2984
    2985 struct user_element {
    2986 struct snd_ctl_elem_info info;
    2987 + struct snd_card *card;
    2988 void *elem_data; /* element data */
    2989 unsigned long elem_data_size; /* size of element data in bytes */
    2990 void *tlv_data; /* TLV data */
    2991 @@ -1035,7 +1047,9 @@ static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol,
    2992 {
    2993 struct user_element *ue = kcontrol->private_data;
    2994
    2995 + mutex_lock(&ue->card->user_ctl_lock);
    2996 memcpy(&ucontrol->value, ue->elem_data, ue->elem_data_size);
    2997 + mutex_unlock(&ue->card->user_ctl_lock);
    2998 return 0;
    2999 }
    3000
    3001 @@ -1044,10 +1058,12 @@ static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol,
    3002 {
    3003 int change;
    3004 struct user_element *ue = kcontrol->private_data;
    3005 -
    3006 +
    3007 + mutex_lock(&ue->card->user_ctl_lock);
    3008 change = memcmp(&ucontrol->value, ue->elem_data, ue->elem_data_size) != 0;
    3009 if (change)
    3010 memcpy(ue->elem_data, &ucontrol->value, ue->elem_data_size);
    3011 + mutex_unlock(&ue->card->user_ctl_lock);
    3012 return change;
    3013 }
    3014
    3015 @@ -1067,19 +1083,32 @@ static int snd_ctl_elem_user_tlv(struct snd_kcontrol *kcontrol,
    3016 new_data = memdup_user(tlv, size);
    3017 if (IS_ERR(new_data))
    3018 return PTR_ERR(new_data);
    3019 + mutex_lock(&ue->card->user_ctl_lock);
    3020 change = ue->tlv_data_size != size;
    3021 if (!change)
    3022 change = memcmp(ue->tlv_data, new_data, size);
    3023 kfree(ue->tlv_data);
    3024 ue->tlv_data = new_data;
    3025 ue->tlv_data_size = size;
    3026 + mutex_unlock(&ue->card->user_ctl_lock);
    3027 } else {
    3028 - if (! ue->tlv_data_size || ! ue->tlv_data)
    3029 - return -ENXIO;
    3030 - if (size < ue->tlv_data_size)
    3031 - return -ENOSPC;
    3032 + int ret = 0;
    3033 +
    3034 + mutex_lock(&ue->card->user_ctl_lock);
    3035 + if (!ue->tlv_data_size || !ue->tlv_data) {
    3036 + ret = -ENXIO;
    3037 + goto err_unlock;
    3038 + }
    3039 + if (size < ue->tlv_data_size) {
    3040 + ret = -ENOSPC;
    3041 + goto err_unlock;
    3042 + }
    3043 if (copy_to_user(tlv, ue->tlv_data, ue->tlv_data_size))
    3044 - return -EFAULT;
    3045 + ret = -EFAULT;
    3046 +err_unlock:
    3047 + mutex_unlock(&ue->card->user_ctl_lock);
    3048 + if (ret)
    3049 + return ret;
    3050 }
    3051 return change;
    3052 }
    3053 @@ -1137,8 +1166,6 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
    3054 struct user_element *ue;
    3055 int idx, err;
    3056
    3057 - if (!replace && card->user_ctl_count >= MAX_USER_CONTROLS)
    3058 - return -ENOMEM;
    3059 if (info->count < 1)
    3060 return -EINVAL;
    3061 access = info->access == 0 ? SNDRV_CTL_ELEM_ACCESS_READWRITE :
    3062 @@ -1147,21 +1174,16 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
    3063 SNDRV_CTL_ELEM_ACCESS_TLV_READWRITE));
    3064 info->id.numid = 0;
    3065 memset(&kctl, 0, sizeof(kctl));
    3066 - down_write(&card->controls_rwsem);
    3067 - _kctl = snd_ctl_find_id(card, &info->id);
    3068 - err = 0;
    3069 - if (_kctl) {
    3070 - if (replace)
    3071 - err = snd_ctl_remove(card, _kctl);
    3072 - else
    3073 - err = -EBUSY;
    3074 - } else {
    3075 - if (replace)
    3076 - err = -ENOENT;
    3077 +
    3078 + if (replace) {
    3079 + err = snd_ctl_remove_user_ctl(file, &info->id);
    3080 + if (err)
    3081 + return err;
    3082 }
    3083 - up_write(&card->controls_rwsem);
    3084 - if (err < 0)
    3085 - return err;
    3086 +
    3087 + if (card->user_ctl_count >= MAX_USER_CONTROLS)
    3088 + return -ENOMEM;
    3089 +
    3090 memcpy(&kctl.id, &info->id, sizeof(info->id));
    3091 kctl.count = info->owner ? info->owner : 1;
    3092 access |= SNDRV_CTL_ELEM_ACCESS_USER;
    3093 @@ -1211,6 +1233,7 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file,
    3094 ue = kzalloc(sizeof(struct user_element) + private_size, GFP_KERNEL);
    3095 if (ue == NULL)
    3096 return -ENOMEM;
    3097 + ue->card = card;
    3098 ue->info = *info;
    3099 ue->info.access = 0;
    3100 ue->elem_data = (char *)ue + sizeof(*ue);
    3101 @@ -1322,8 +1345,9 @@ static int snd_ctl_tlv_ioctl(struct snd_ctl_file *file,
    3102 }
    3103 err = kctl->tlv.c(kctl, op_flag, tlv.length, _tlv->tlv);
    3104 if (err > 0) {
    3105 + struct snd_ctl_elem_id id = kctl->id;
    3106 up_read(&card->controls_rwsem);
    3107 - snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &kctl->id);
    3108 + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_TLV, &id);
    3109 return 0;
    3110 }
    3111 } else {
    3112 diff --git a/sound/core/init.c b/sound/core/init.c
    3113 index 0d42fcda0de2..39c25167add8 100644
    3114 --- a/sound/core/init.c
    3115 +++ b/sound/core/init.c
    3116 @@ -218,6 +218,7 @@ int snd_card_create(int idx, const char *xid,
    3117 INIT_LIST_HEAD(&card->devices);
    3118 init_rwsem(&card->controls_rwsem);
    3119 rwlock_init(&card->ctl_files_rwlock);
    3120 + mutex_init(&card->user_ctl_lock);
    3121 INIT_LIST_HEAD(&card->controls);
    3122 INIT_LIST_HEAD(&card->ctl_files);
    3123 spin_lock_init(&card->files_lock);
    3124 diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
    3125 index 0b6ee2b37bdb..2a16a90fd952 100644
    3126 --- a/sound/pci/hda/patch_realtek.c
    3127 +++ b/sound/pci/hda/patch_realtek.c
    3128 @@ -3932,6 +3932,7 @@ enum {
    3129 ALC269_FIXUP_HEADSET_MIC,
    3130 ALC269_FIXUP_QUANTA_MUTE,
    3131 ALC269_FIXUP_LIFEBOOK,
    3132 + ALC269_FIXUP_LIFEBOOK_EXTMIC,
    3133 ALC269_FIXUP_AMIC,
    3134 ALC269_FIXUP_DMIC,
    3135 ALC269VB_FIXUP_AMIC,
    3136 @@ -4059,6 +4060,13 @@ static const struct hda_fixup alc269_fixups[] = {
    3137 .chained = true,
    3138 .chain_id = ALC269_FIXUP_QUANTA_MUTE
    3139 },
    3140 + [ALC269_FIXUP_LIFEBOOK_EXTMIC] = {
    3141 + .type = HDA_FIXUP_PINS,
    3142 + .v.pins = (const struct hda_pintbl[]) {
    3143 + { 0x19, 0x01a1903c }, /* headset mic, with jack detect */
    3144 + { }
    3145 + },
    3146 + },
    3147 [ALC269_FIXUP_AMIC] = {
    3148 .type = HDA_FIXUP_PINS,
    3149 .v.pins = (const struct hda_pintbl[]) {
    3150 @@ -4427,14 +4435,24 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
    3151 SND_PCI_QUIRK(0x103c, 0x1983, "HP Pavilion", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3152 SND_PCI_QUIRK(0x103c, 0x218b, "HP", ALC269_FIXUP_LIMIT_INT_MIC_BOOST_MUTE_LED),
    3153 /* ALC282 */
    3154 + SND_PCI_QUIRK(0x103c, 0x220d, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3155 + SND_PCI_QUIRK(0x103c, 0x220e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3156 SND_PCI_QUIRK(0x103c, 0x220f, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3157 + SND_PCI_QUIRK(0x103c, 0x2210, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3158 + SND_PCI_QUIRK(0x103c, 0x2211, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3159 + SND_PCI_QUIRK(0x103c, 0x2212, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3160 SND_PCI_QUIRK(0x103c, 0x2213, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3161 + SND_PCI_QUIRK(0x103c, 0x2214, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3162 SND_PCI_QUIRK(0x103c, 0x2266, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3163 SND_PCI_QUIRK(0x103c, 0x2267, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3164 SND_PCI_QUIRK(0x103c, 0x2268, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3165 SND_PCI_QUIRK(0x103c, 0x2269, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3166 SND_PCI_QUIRK(0x103c, 0x226a, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3167 SND_PCI_QUIRK(0x103c, 0x226b, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3168 + SND_PCI_QUIRK(0x103c, 0x226c, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3169 + SND_PCI_QUIRK(0x103c, 0x226d, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3170 + SND_PCI_QUIRK(0x103c, 0x226e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3171 + SND_PCI_QUIRK(0x103c, 0x226f, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3172 SND_PCI_QUIRK(0x103c, 0x227a, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3173 SND_PCI_QUIRK(0x103c, 0x227b, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3174 SND_PCI_QUIRK(0x103c, 0x229e, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3175 @@ -4474,6 +4492,10 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
    3176 SND_PCI_QUIRK(0x103c, 0x22c8, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3177 SND_PCI_QUIRK(0x103c, 0x22c3, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3178 SND_PCI_QUIRK(0x103c, 0x22c4, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3179 + SND_PCI_QUIRK(0x103c, 0x2334, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3180 + SND_PCI_QUIRK(0x103c, 0x2335, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3181 + SND_PCI_QUIRK(0x103c, 0x2336, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3182 + SND_PCI_QUIRK(0x103c, 0x2337, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1),
    3183 SND_PCI_QUIRK_VENDOR(0x103c, "HP", ALC269_FIXUP_HP_MUTE_LED),
    3184 SND_PCI_QUIRK(0x1043, 0x103f, "ASUS TX300", ALC282_FIXUP_ASUS_TX300),
    3185 SND_PCI_QUIRK(0x1043, 0x106d, "Asus K53BE", ALC269_FIXUP_LIMIT_INT_MIC_BOOST),
    3186 @@ -4496,6 +4518,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
    3187 SND_PCI_QUIRK(0x104d, 0x9084, "Sony VAIO", ALC275_FIXUP_SONY_HWEQ),
    3188 SND_PCI_QUIRK_VENDOR(0x104d, "Sony VAIO", ALC269_FIXUP_SONY_VAIO),
    3189 SND_PCI_QUIRK(0x10cf, 0x1475, "Lifebook", ALC269_FIXUP_LIFEBOOK),
    3190 + SND_PCI_QUIRK(0x10cf, 0x1845, "Lifebook U904", ALC269_FIXUP_LIFEBOOK_EXTMIC),
    3191 SND_PCI_QUIRK(0x17aa, 0x20f2, "Thinkpad SL410/510", ALC269_FIXUP_SKU_IGNORE),
    3192 SND_PCI_QUIRK(0x17aa, 0x215e, "Thinkpad L512", ALC269_FIXUP_SKU_IGNORE),
    3193 SND_PCI_QUIRK(0x17aa, 0x21b8, "Thinkpad Edge 14", ALC269_FIXUP_SKU_IGNORE),
    3194 @@ -5536,6 +5559,7 @@ static const struct hda_codec_preset snd_hda_preset_realtek[] = {
    3195 { .id = 0x10ec0670, .name = "ALC670", .patch = patch_alc662 },
    3196 { .id = 0x10ec0671, .name = "ALC671", .patch = patch_alc662 },
    3197 { .id = 0x10ec0680, .name = "ALC680", .patch = patch_alc680 },
    3198 + { .id = 0x10ec0867, .name = "ALC891", .patch = patch_alc882 },
    3199 { .id = 0x10ec0880, .name = "ALC880", .patch = patch_alc880 },
    3200 { .id = 0x10ec0882, .name = "ALC882", .patch = patch_alc882 },
    3201 { .id = 0x10ec0883, .name = "ALC883", .patch = patch_alc882 },
    3202 diff --git a/sound/soc/codecs/max98090.c b/sound/soc/codecs/max98090.c
    3203 index 9f714ea86613..b3f7c9026a29 100644
    3204 --- a/sound/soc/codecs/max98090.c
    3205 +++ b/sound/soc/codecs/max98090.c
    3206 @@ -255,6 +255,7 @@ static struct reg_default max98090_reg[] = {
    3207 static bool max98090_volatile_register(struct device *dev, unsigned int reg)
    3208 {
    3209 switch (reg) {
    3210 + case M98090_REG_SOFTWARE_RESET:
    3211 case M98090_REG_DEVICE_STATUS:
    3212 case M98090_REG_JACK_STATUS:
    3213 case M98090_REG_REVISION_ID:
    3214 @@ -2360,6 +2361,8 @@ static int max98090_runtime_resume(struct device *dev)
    3215
    3216 regcache_cache_only(max98090->regmap, false);
    3217
    3218 + max98090_reset(max98090);
    3219 +
    3220 regcache_sync(max98090->regmap);
    3221
    3222 return 0;
    3223 diff --git a/sound/soc/codecs/tlv320aic3x.c b/sound/soc/codecs/tlv320aic3x.c
    3224 index 470fbfb4b386..eb241c6571a9 100644
    3225 --- a/sound/soc/codecs/tlv320aic3x.c
    3226 +++ b/sound/soc/codecs/tlv320aic3x.c
    3227 @@ -169,7 +169,7 @@ static int snd_soc_dapm_put_volsw_aic3x(struct snd_kcontrol *kcontrol,
    3228 mask <<= shift;
    3229 val <<= shift;
    3230
    3231 - change = snd_soc_test_bits(codec, val, mask, reg);
    3232 + change = snd_soc_test_bits(codec, reg, mask, val);
    3233 if (change) {
    3234 update.kcontrol = kcontrol;
    3235 update.reg = reg;
    3236 diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
    3237 index c1369c3ad643..731d47b64daa 100644
    3238 --- a/sound/soc/soc-dapm.c
    3239 +++ b/sound/soc/soc-dapm.c
    3240 @@ -2888,22 +2888,19 @@ int snd_soc_dapm_put_volsw(struct snd_kcontrol *kcontrol,
    3241 mutex_lock_nested(&card->dapm_mutex, SND_SOC_DAPM_CLASS_RUNTIME);
    3242
    3243 change = dapm_kcontrol_set_value(kcontrol, val);
    3244 -
    3245 - if (reg != SND_SOC_NOPM) {
    3246 - mask = mask << shift;
    3247 - val = val << shift;
    3248 -
    3249 - change = snd_soc_test_bits(codec, reg, mask, val);
    3250 - }
    3251 -
    3252 if (change) {
    3253 if (reg != SND_SOC_NOPM) {
    3254 - update.kcontrol = kcontrol;
    3255 - update.reg = reg;
    3256 - update.mask = mask;
    3257 - update.val = val;
    3258 + mask = mask << shift;
    3259 + val = val << shift;
    3260 +
    3261 + if (snd_soc_test_bits(codec, reg, mask, val)) {
    3262 + update.kcontrol = kcontrol;
    3263 + update.reg = reg;
    3264 + update.mask = mask;
    3265 + update.val = val;
    3266 + card->update = &update;
    3267 + }
    3268
    3269 - card->update = &update;
    3270 }
    3271
    3272 ret = soc_dapm_mixer_update_power(card, kcontrol, connect);