--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Rabin Vincent <rabinv@axis.com>
+Date: Wed, 23 Nov 2016 13:02:32 +0100
+Subject: ARM: 8632/1: ftrace: fix syscall name matching
+
+From: Rabin Vincent <rabinv@axis.com>
+
+
+[ Upstream commit 270c8cf1cacc69cb8d99dea812f06067a45e4609 ]
+
+ARM has a few system calls (most notably mmap) for which the names of
+the functions which are referenced in the syscall table do not match the
+names of the syscall tracepoints. As a consequence of this, these
+tracepoints are not made available. Implement
+arch_syscall_match_sym_name to fix this and allow tracing even these
+system calls.
+
+Signed-off-by: Rabin Vincent <rabinv@axis.com>
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/include/asm/ftrace.h | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+--- a/arch/arm/include/asm/ftrace.h
++++ b/arch/arm/include/asm/ftrace.h
+@@ -54,6 +54,24 @@ static inline void *return_address(unsig
+
+ #define ftrace_return_address(n) return_address(n)
+
++#define ARCH_HAS_SYSCALL_MATCH_SYM_NAME
++
++static inline bool arch_syscall_match_sym_name(const char *sym,
++ const char *name)
++{
++ if (!strcmp(sym, "sys_mmap2"))
++ sym = "sys_mmap_pgoff";
++ else if (!strcmp(sym, "sys_statfs64_wrapper"))
++ sym = "sys_statfs64";
++ else if (!strcmp(sym, "sys_fstatfs64_wrapper"))
++ sym = "sys_fstatfs64";
++ else if (!strcmp(sym, "sys_arm_fadvise64_64"))
++ sym = "sys_fadvise64_64";
++
++ /* Ignore case since sym may start with "SyS" instead of "sys" */
++ return !strcasecmp(sym, name);
++}
++
+ #endif /* ifndef __ASSEMBLY__ */
+
+ #endif /* _ASM_ARM_FTRACE */
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: zheng li <james.z.li@ericsson.com>
+Date: Mon, 12 Dec 2016 09:56:05 +0800
+Subject: ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output
+
+From: zheng li <james.z.li@ericsson.com>
+
+
+[ Upstream commit 0a28cfd51e17f4f0a056bcf66bfbe492c3b99f38 ]
+
+There is an inconsistent conditional judgement in __ip_append_data and
+ip_finish_output functions, the variable length in __ip_append_data just
+include the length of application's payload and udp header, don't include
+the length of ip header, but in ip_finish_output use
+(skb->len > ip_skb_dst_mtu(skb)) as judgement, and skb->len include the
+length of ip header.
+
+That causes some particular application's udp payload whose length is
+between (MTU - IP Header) and MTU were fragmented by ip_fragment even
+though the rst->dev support UFO feature.
+
+Add the length of ip header to length in __ip_append_data to keep
+consistent conditional judgement as ip_finish_output for ip fragment.
+
+Signed-off-by: Zheng Li <james.z.li@ericsson.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/ip_output.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/ip_output.c
++++ b/net/ipv4/ip_output.c
+@@ -888,7 +888,7 @@ static int __ip_append_data(struct sock
+ csummode = CHECKSUM_PARTIAL;
+
+ cork->length += length;
+- if (((length > mtu) || (skb && skb_is_gso(skb))) &&
++ if ((((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb))) &&
+ (sk->sk_protocol == IPPROTO_UDP) &&
+ (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len &&
+ (sk->sk_type == SOCK_DGRAM)) {
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Date: Tue, 10 Jan 2017 16:57:45 -0800
+Subject: lib/Kconfig.debug: fix frv build failure
+
+From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+
+
+[ Upstream commit da0510c47519fe0999cffe316e1d370e29f952be ]
+
+The build of frv allmodconfig was failing with the errors like:
+
+ /tmp/cc0JSPc3.s: Assembler messages:
+ /tmp/cc0JSPc3.s:1839: Error: symbol `.LSLT0' is already defined
+ /tmp/cc0JSPc3.s:1842: Error: symbol `.LASLTP0' is already defined
+ /tmp/cc0JSPc3.s:1969: Error: symbol `.LELTP0' is already defined
+ /tmp/cc0JSPc3.s:1970: Error: symbol `.LELT0' is already defined
+
+Commit 866ced950bcd ("kbuild: Support split debug info v4") introduced
+splitting the debug info and keeping that in a separate file. Somehow,
+the frv-linux gcc did not like that and I am guessing that instead of
+splitting it started copying. The first report about this is at:
+
+ https://lists.01.org/pipermail/kbuild-all/2015-July/010527.html.
+
+I will try and see if this can work with frv and if still fails I will
+open a bug report with gcc. But meanwhile this is the easiest option to
+solve build failure of frv.
+
+Fixes: 866ced950bcd ("kbuild: Support split debug info v4")
+Link: http://lkml.kernel.org/r/1482062348-5352-1-git-send-email-sudipm.mukherjee@gmail.com
+Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
+Reported-by: Fengguang Wu <fengguang.wu@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: David Howells <dhowells@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/Kconfig.debug | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/Kconfig.debug
++++ b/lib/Kconfig.debug
+@@ -145,7 +145,7 @@ config DEBUG_INFO_REDUCED
+
+ config DEBUG_INFO_SPLIT
+ bool "Produce split debuginfo in .dwo files"
+- depends on DEBUG_INFO
++ depends on DEBUG_INFO && !FRV
+ help
+ Generate debug info into separate .dwo files. This significantly
+ reduces the build directory size for builds with DEBUG_INFO,
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 10 Jan 2017 16:58:00 -0800
+Subject: mm: don't dereference struct page fields of invalid pages
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+
+[ Upstream commit f073bdc51771f5a5c7a8d1191bfc3ae371d44de7 ]
+
+The VM_BUG_ON() check in move_freepages() checks whether the node id of
+a page matches the node id of its zone. However, it does this before
+having checked whether the struct page pointer refers to a valid struct
+page to begin with. This is guaranteed in most cases, but may not be
+the case if CONFIG_HOLES_IN_ZONE=y.
+
+So reorder the VM_BUG_ON() with the pfn_valid_within() check.
+
+Link: http://lkml.kernel.org/r/1481706707-6211-2-git-send-email-ard.biesheuvel@linaro.org
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Cc: Catalin Marinas <catalin.marinas@arm.com>
+Cc: Hanjun Guo <hanjun.guo@linaro.org>
+Cc: Yisheng Xie <xieyisheng1@huawei.com>
+Cc: Robert Richter <rrichter@cavium.com>
+Cc: James Morse <james.morse@arm.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/page_alloc.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -1029,14 +1029,14 @@ int move_freepages(struct zone *zone,
+ #endif
+
+ for (page = start_page; page <= end_page;) {
+- /* Make sure we are not inadvertently changing nodes */
+- VM_BUG_ON_PAGE(page_to_nid(page) != zone_to_nid(zone), page);
+-
+ if (!pfn_valid_within(page_to_pfn(page))) {
+ page++;
+ continue;
+ }
+
++ /* Make sure we are not inadvertently changing nodes */
++ VM_BUG_ON_PAGE(page_to_nid(page) != zone_to_nid(zone), page);
++
+ if (!PageBuddy(page)) {
+ page++;
+ continue;
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Michal Hocko <mhocko@suse.com>
+Date: Tue, 10 Jan 2017 16:57:27 -0800
+Subject: mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER
+
+From: Michal Hocko <mhocko@suse.com>
+
+
+[ Upstream commit bb1107f7c6052c863692a41f78c000db792334bf ]
+
+Andrey Konovalov has reported the following warning triggered by the
+syzkaller fuzzer.
+
+ WARNING: CPU: 1 PID: 9935 at mm/page_alloc.c:3511 __alloc_pages_nodemask+0x159c/0x1e20
+ Kernel panic - not syncing: panic_on_warn set ...
+ CPU: 1 PID: 9935 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #34
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+ Call Trace:
+ __alloc_pages_slowpath mm/page_alloc.c:3511
+ __alloc_pages_nodemask+0x159c/0x1e20 mm/page_alloc.c:3781
+ alloc_pages_current+0x1c7/0x6b0 mm/mempolicy.c:2072
+ alloc_pages include/linux/gfp.h:469
+ kmalloc_order+0x1f/0x70 mm/slab_common.c:1015
+ kmalloc_order_trace+0x1f/0x160 mm/slab_common.c:1026
+ kmalloc_large include/linux/slab.h:422
+ __kmalloc+0x210/0x2d0 mm/slub.c:3723
+ kmalloc include/linux/slab.h:495
+ ep_write_iter+0x167/0xb50 drivers/usb/gadget/legacy/inode.c:664
+ new_sync_write fs/read_write.c:499
+ __vfs_write+0x483/0x760 fs/read_write.c:512
+ vfs_write+0x170/0x4e0 fs/read_write.c:560
+ SYSC_write fs/read_write.c:607
+ SyS_write+0xfb/0x230 fs/read_write.c:599
+ entry_SYSCALL_64_fastpath+0x1f/0xc2
+
+The issue is caused by a lack of size check for the request size in
+ep_write_iter which should be fixed. It, however, points to another
+problem, that SLUB defines KMALLOC_MAX_SIZE too large because the its
+KMALLOC_SHIFT_MAX is (MAX_ORDER + PAGE_SHIFT) which means that the
+resulting page allocator request might be MAX_ORDER which is too large
+(see __alloc_pages_slowpath).
+
+The same applies to the SLOB allocator which allows even larger sizes.
+Make sure that they are capped properly and never request more than
+MAX_ORDER order.
+
+Link: http://lkml.kernel.org/r/20161220130659.16461-2-mhocko@kernel.org
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Reported-by: Andrey Konovalov <andreyknvl@google.com>
+Acked-by: Christoph Lameter <cl@linux.com>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/slab.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/linux/slab.h
++++ b/include/linux/slab.h
+@@ -186,7 +186,7 @@ size_t ksize(const void *);
+ * (PAGE_SIZE*2). Larger requests are passed to the page allocator.
+ */
+ #define KMALLOC_SHIFT_HIGH (PAGE_SHIFT + 1)
+-#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT)
++#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT - 1)
+ #ifndef KMALLOC_SHIFT_LOW
+ #define KMALLOC_SHIFT_LOW 3
+ #endif
+@@ -199,7 +199,7 @@ size_t ksize(const void *);
+ * be allocated from the same page.
+ */
+ #define KMALLOC_SHIFT_HIGH PAGE_SHIFT
+-#define KMALLOC_SHIFT_MAX 30
++#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT - 1)
+ #ifndef KMALLOC_SHIFT_LOW
+ #define KMALLOC_SHIFT_LOW 3
+ #endif
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: "Milan P. Gandhi" <mgandhi@redhat.com>
+Date: Sat, 24 Dec 2016 22:02:46 +0530
+Subject: scsi: qla2xxx: Get mutex lock before checking optrom_state
+
+From: "Milan P. Gandhi" <mgandhi@redhat.com>
+
+
+[ Upstream commit c7702b8c22712a06080e10f1d2dee1a133ec8809 ]
+
+There is a race condition with qla2xxx optrom functions where one thread
+might modify optrom buffer, optrom_state while other thread is still
+reading from it.
+
+In couple of crashes, it was found that we had successfully passed the
+following 'if' check where we confirm optrom_state to be
+QLA_SREADING. But by the time we acquired mutex lock to proceed with
+memory_read_from_buffer function, some other thread/process had already
+modified that option rom buffer and optrom_state from QLA_SREADING to
+QLA_SWAITING. Then we got ha->optrom_buffer 0x0 and crashed the system:
+
+ if (ha->optrom_state != QLA_SREADING)
+ return 0;
+
+ mutex_lock(&ha->optrom_mutex);
+ rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer,
+ ha->optrom_region_size);
+ mutex_unlock(&ha->optrom_mutex);
+
+With current optrom function we get following crash due to a race
+condition:
+
+[ 1479.466679] BUG: unable to handle kernel NULL pointer dereference at (null)
+[ 1479.466707] IP: [<ffffffff81326756>] memcpy+0x6/0x110
+[...]
+[ 1479.473673] Call Trace:
+[ 1479.474296] [<ffffffff81225cbc>] ? memory_read_from_buffer+0x3c/0x60
+[ 1479.474941] [<ffffffffa01574dc>] qla2x00_sysfs_read_optrom+0x9c/0xc0 [qla2xxx]
+[ 1479.475571] [<ffffffff8127e76b>] read+0xdb/0x1f0
+[ 1479.476206] [<ffffffff811fdf9e>] vfs_read+0x9e/0x170
+[ 1479.476839] [<ffffffff811feb6f>] SyS_read+0x7f/0xe0
+[ 1479.477466] [<ffffffff816964c9>] system_call_fastpath+0x16/0x1b
+
+Below patch modifies qla2x00_sysfs_read_optrom,
+qla2x00_sysfs_write_optrom functions to get the mutex_lock before
+checking ha->optrom_state to avoid similar crashes.
+
+The patch was applied and tested and same crashes were no longer
+observed again.
+
+Tested-by: Milan P. Gandhi <mgandhi@redhat.com>
+Signed-off-by: Milan P. Gandhi <mgandhi@redhat.com>
+Reviewed-by: Laurence Oberman <loberman@redhat.com>
+Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_attr.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_attr.c
++++ b/drivers/scsi/qla2xxx/qla_attr.c
+@@ -329,12 +329,15 @@ qla2x00_sysfs_read_optrom(struct file *f
+ struct qla_hw_data *ha = vha->hw;
+ ssize_t rval = 0;
+
++ mutex_lock(&ha->optrom_mutex);
++
+ if (ha->optrom_state != QLA_SREADING)
+- return 0;
++ goto out;
+
+- mutex_lock(&ha->optrom_mutex);
+ rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer,
+ ha->optrom_region_size);
++
++out:
+ mutex_unlock(&ha->optrom_mutex);
+
+ return rval;
+@@ -349,14 +352,19 @@ qla2x00_sysfs_write_optrom(struct file *
+ struct device, kobj)));
+ struct qla_hw_data *ha = vha->hw;
+
+- if (ha->optrom_state != QLA_SWRITING)
++ mutex_lock(&ha->optrom_mutex);
++
++ if (ha->optrom_state != QLA_SWRITING) {
++ mutex_unlock(&ha->optrom_mutex);
+ return -EINVAL;
+- if (off > ha->optrom_region_size)
++ }
++ if (off > ha->optrom_region_size) {
++ mutex_unlock(&ha->optrom_mutex);
+ return -ERANGE;
++ }
+ if (off + count > ha->optrom_region_size)
+ count = ha->optrom_region_size - off;
+
+- mutex_lock(&ha->optrom_mutex);
+ memcpy(&ha->optrom_buffer[off], buf, count);
+ mutex_unlock(&ha->optrom_mutex);
+
net-phy-correctly-process-phy_halted-in-phy_stop_machine.patch
xen-netback-correctly-schedule-rate-limited-queues.patch
wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch
+sh_eth-r8a7740-supports-packet-shecksumming.patch
+tg3-fix-race-condition-in-tg3_get_stats64.patch
+x86-boot-add-missing-declaration-of-string-functions.patch
+scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch
+arm-8632-1-ftrace-fix-syscall-name-matching.patch
+mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch
+lib-kconfig.debug-fix-frv-build-failure.patch
+signal-protect-signal_unkillable-from-unintentional-clearing.patch
+mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch
+ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Date: Thu, 5 Jan 2017 00:29:32 +0300
+Subject: sh_eth: R8A7740 supports packet shecksumming
+
+From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+
+
+[ Upstream commit 0f1f9cbc04dbb3cc310f70a11cba0cf1f2109d9c ]
+
+The R8A7740 GEther controller supports the packet checksum offloading
+but the 'hw_crc' (bad name, I'll fix it) flag isn't set in the R8A7740
+data, thus CSMR isn't cleared...
+
+Fixes: 73a0d907301e ("net: sh_eth: add support R8A7740")
+Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/renesas/sh_eth.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/ethernet/renesas/sh_eth.c
++++ b/drivers/net/ethernet/renesas/sh_eth.c
+@@ -781,6 +781,7 @@ static struct sh_eth_cpu_data r8a7740_da
+ .rpadir_value = 2 << 16,
+ .no_trimd = 1,
+ .no_ade = 1,
++ .hw_crc = 1,
+ .tsu = 1,
+ .select_mii = 1,
+ .shift_rd0 = 1,
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Jamie Iles <jamie.iles@oracle.com>
+Date: Tue, 10 Jan 2017 16:57:54 -0800
+Subject: signal: protect SIGNAL_UNKILLABLE from unintentional clearing.
+
+From: Jamie Iles <jamie.iles@oracle.com>
+
+
+[ Upstream commit 2d39b3cd34e6d323720d4c61bd714f5ae202c022 ]
+
+Since commit 00cd5c37afd5 ("ptrace: permit ptracing of /sbin/init") we
+can now trace init processes. init is initially protected with
+SIGNAL_UNKILLABLE which will prevent fatal signals such as SIGSTOP, but
+there are a number of paths during tracing where SIGNAL_UNKILLABLE can
+be implicitly cleared.
+
+This can result in init becoming stoppable/killable after tracing. For
+example, running:
+
+ while true; do kill -STOP 1; done &
+ strace -p 1
+
+and then stopping strace and the kill loop will result in init being
+left in state TASK_STOPPED. Sending SIGCONT to init will resume it, but
+init will now respond to future SIGSTOP signals rather than ignoring
+them.
+
+Make sure that when setting SIGNAL_STOP_CONTINUED/SIGNAL_STOP_STOPPED
+that we don't clear SIGNAL_UNKILLABLE.
+
+Link: http://lkml.kernel.org/r/20170104122017.25047-1-jamie.iles@oracle.com
+Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/sched.h | 10 ++++++++++
+ kernel/signal.c | 4 ++--
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+--- a/include/linux/sched.h
++++ b/include/linux/sched.h
+@@ -729,6 +729,16 @@ struct signal_struct {
+
+ #define SIGNAL_UNKILLABLE 0x00000040 /* for init: ignore fatal signals */
+
++#define SIGNAL_STOP_MASK (SIGNAL_CLD_MASK | SIGNAL_STOP_STOPPED | \
++ SIGNAL_STOP_CONTINUED)
++
++static inline void signal_set_stop_flags(struct signal_struct *sig,
++ unsigned int flags)
++{
++ WARN_ON(sig->flags & (SIGNAL_GROUP_EXIT|SIGNAL_GROUP_COREDUMP));
++ sig->flags = (sig->flags & ~SIGNAL_STOP_MASK) | flags;
++}
++
+ /* If true, all threads except ->group_exit_task have pending SIGKILL */
+ static inline int signal_group_exit(const struct signal_struct *sig)
+ {
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -346,7 +346,7 @@ static bool task_participate_group_stop(
+ * fresh group stop. Read comment in do_signal_stop() for details.
+ */
+ if (!sig->group_stop_count && !(sig->flags & SIGNAL_STOP_STOPPED)) {
+- sig->flags = SIGNAL_STOP_STOPPED;
++ signal_set_stop_flags(sig, SIGNAL_STOP_STOPPED);
+ return true;
+ }
+ return false;
+@@ -896,7 +896,7 @@ static bool prepare_signal(int sig, stru
+ * will take ->siglock, notice SIGNAL_CLD_MASK, and
+ * notify its parent. See get_signal_to_deliver().
+ */
+- signal->flags = why | SIGNAL_STOP_CONTINUED;
++ signal_set_stop_flags(signal, why | SIGNAL_STOP_CONTINUED);
+ signal->group_stop_count = 0;
+ signal->group_exit_code = 0;
+ }
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Michael Chan <michael.chan@broadcom.com>
+Date: Fri, 6 Jan 2017 16:18:53 -0500
+Subject: tg3: Fix race condition in tg3_get_stats64().
+
+From: Michael Chan <michael.chan@broadcom.com>
+
+
+[ Upstream commit f5992b72ebe0dde488fa8f706b887194020c66fc ]
+
+The driver's ndo_get_stats64() method is not always called under RTNL.
+So it can race with driver close or ethtool reconfigurations. Fix the
+race condition by taking tp->lock spinlock in tg3_free_consistent()
+when freeing the tp->hw_stats memory block. tg3_get_stats64() is
+already taking tp->lock.
+
+Reported-by: Wang Yufen <wangyufen@huawei.com>
+Signed-off-by: Michael Chan <michael.chan@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/tg3.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/ethernet/broadcom/tg3.c
++++ b/drivers/net/ethernet/broadcom/tg3.c
+@@ -8705,11 +8705,14 @@ static void tg3_free_consistent(struct t
+ tg3_mem_rx_release(tp);
+ tg3_mem_tx_release(tp);
+
++ /* Protect tg3_get_stats64() from reading freed tp->hw_stats. */
++ tg3_full_lock(tp, 0);
+ if (tp->hw_stats) {
+ dma_free_coherent(&tp->pdev->dev, sizeof(struct tg3_hw_stats),
+ tp->hw_stats, tp->stats_mapping);
+ tp->hw_stats = NULL;
+ }
++ tg3_full_unlock(tp);
+ }
+
+ /*
--- /dev/null
+From foo@baz Wed Aug 9 12:42:27 PDT 2017
+From: Nicholas Mc Guire <hofrat@osadl.org>
+Date: Sat, 7 Jan 2017 10:38:31 +0100
+Subject: x86/boot: Add missing declaration of string functions
+
+From: Nicholas Mc Guire <hofrat@osadl.org>
+
+
+[ Upstream commit fac69d0efad08fc15e4dbfc116830782acc0dc9a ]
+
+Add the missing declarations of basic string functions to string.h to allow
+a clean build.
+
+Fixes: 5be865661516 ("String-handling functions for the new x86 setup code.")
+Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
+Link: http://lkml.kernel.org/r/1483781911-21399-1-git-send-email-hofrat@osadl.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/boot/string.c | 1 +
+ arch/x86/boot/string.h | 9 +++++++++
+ 2 files changed, 10 insertions(+)
+
+--- a/arch/x86/boot/string.c
++++ b/arch/x86/boot/string.c
+@@ -14,6 +14,7 @@
+
+ #include <linux/types.h>
+ #include "ctype.h"
++#include "string.h"
+
+ int memcmp(const void *s1, const void *s2, size_t len)
+ {
+--- a/arch/x86/boot/string.h
++++ b/arch/x86/boot/string.h
+@@ -18,4 +18,13 @@ int memcmp(const void *s1, const void *s
+ #define memset(d,c,l) __builtin_memset(d,c,l)
+ #define memcmp __builtin_memcmp
+
++extern int strcmp(const char *str1, const char *str2);
++extern int strncmp(const char *cs, const char *ct, size_t count);
++extern size_t strlen(const char *s);
++extern char *strstr(const char *s1, const char *s2);
++extern size_t strnlen(const char *s, size_t maxlen);
++extern unsigned int atou(const char *s);
++extern unsigned long long simple_strtoull(const char *cp, char **endp,
++ unsigned int base);
++
+ #endif /* BOOT_STRING_H */
projects / thirdparty / kernel / stable-queue.git / commitdiff
