--- /dev/null
+From 7194eda1ba0872d917faf3b322540b4f57f11ba5 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 23 Nov 2018 15:44:00 +0100
+Subject: ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 7194eda1ba0872d917faf3b322540b4f57f11ba5 upstream.
+
+The function snd_ac97_put_spsa() gets the bit shift value from the
+associated private_value, but it extracts too much; the current code
+extracts 8 bit values in bits 8-15, but this is a combination of two
+nibbles (bits 8-11 and bits 12-15) for left and right shifts.
+Due to the incorrect bits extraction, the actual shift may go beyond
+the 32bit value, as spotted recently by UBSAN check:
+ UBSAN: Undefined behaviour in sound/pci/ac97/ac97_codec.c:836:7
+ shift exponent 68 is too large for 32-bit type 'int'
+
+This patch fixes the shift value extraction by masking the properly
+with 0x0f instead of 0xff.
+
+Reported-and-tested-by: Meelis Roos <mroos@linux.ee>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/ac97/ac97_codec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/ac97/ac97_codec.c
++++ b/sound/pci/ac97/ac97_codec.c
+@@ -824,7 +824,7 @@ static int snd_ac97_put_spsa(struct snd_
+ {
+ struct snd_ac97 *ac97 = snd_kcontrol_chip(kcontrol);
+ int reg = kcontrol->private_value & 0xff;
+- int shift = (kcontrol->private_value >> 8) & 0xff;
++ int shift = (kcontrol->private_value >> 8) & 0x0f;
+ int mask = (kcontrol->private_value >> 16) & 0xff;
+ // int invert = (kcontrol->private_value >> 24) & 0xff;
+ unsigned short value, old, new;
--- /dev/null
+From e1a7bfe3807974e66f971f2589d4e0197ec0fced Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 22 Nov 2018 14:36:17 +0100
+Subject: ALSA: control: Fix race between adding and removing a user element
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit e1a7bfe3807974e66f971f2589d4e0197ec0fced upstream.
+
+The procedure for adding a user control element has some window opened
+for race against the concurrent removal of a user element. This was
+caught by syzkaller, hitting a KASAN use-after-free error.
+
+This patch addresses the bug by wrapping the whole procedure to add a
+user control element with the card->controls_rwsem, instead of only
+around the increment of card->user_ctl_count.
+
+This required a slight code refactoring, too. The function
+snd_ctl_add() is split to two parts: a core function to add the
+control element and a part calling it. The former is called from the
+function for adding a user control element inside the controls_rwsem.
+
+One change to be noted is that snd_ctl_notify() for adding a control
+element gets called inside the controls_rwsem as well while it was
+called outside the rwsem. But this should be OK, as snd_ctl_notify()
+takes another (finer) rwlock instead of rwsem, and the call of
+snd_ctl_notify() inside rwsem is already done in another code path.
+
+Reported-by: syzbot+dc09047bce3820621ba2@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/core/control.c | 80 ++++++++++++++++++++++++++++-----------------------
+ 1 file changed, 45 insertions(+), 35 deletions(-)
+
+--- a/sound/core/control.c
++++ b/sound/core/control.c
+@@ -346,6 +346,40 @@ static int snd_ctl_find_hole(struct snd_
+ return 0;
+ }
+
++/* add a new kcontrol object; call with card->controls_rwsem locked */
++static int __snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
++{
++ struct snd_ctl_elem_id id;
++ unsigned int idx;
++ unsigned int count;
++
++ id = kcontrol->id;
++ if (id.index > UINT_MAX - kcontrol->count)
++ return -EINVAL;
++
++ if (snd_ctl_find_id(card, &id)) {
++ dev_err(card->dev,
++ "control %i:%i:%i:%s:%i is already present\n",
++ id.iface, id.device, id.subdevice, id.name, id.index);
++ return -EBUSY;
++ }
++
++ if (snd_ctl_find_hole(card, kcontrol->count) < 0)
++ return -ENOMEM;
++
++ list_add_tail(&kcontrol->list, &card->controls);
++ card->controls_count += kcontrol->count;
++ kcontrol->id.numid = card->last_numid + 1;
++ card->last_numid += kcontrol->count;
++
++ id = kcontrol->id;
++ count = kcontrol->count;
++ for (idx = 0; idx < count; idx++, id.index++, id.numid++)
++ snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
++
++ return 0;
++}
++
+ /**
+ * snd_ctl_add - add the control instance to the card
+ * @card: the card instance
+@@ -362,45 +396,18 @@ static int snd_ctl_find_hole(struct snd_
+ */
+ int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol)
+ {
+- struct snd_ctl_elem_id id;
+- unsigned int idx;
+- unsigned int count;
+ int err = -EINVAL;
+
+ if (! kcontrol)
+ return err;
+ if (snd_BUG_ON(!card || !kcontrol->info))
+ goto error;
+- id = kcontrol->id;
+- if (id.index > UINT_MAX - kcontrol->count)
+- goto error;
+
+ down_write(&card->controls_rwsem);
+- if (snd_ctl_find_id(card, &id)) {
+- up_write(&card->controls_rwsem);
+- dev_err(card->dev, "control %i:%i:%i:%s:%i is already present\n",
+- id.iface,
+- id.device,
+- id.subdevice,
+- id.name,
+- id.index);
+- err = -EBUSY;
+- goto error;
+- }
+- if (snd_ctl_find_hole(card, kcontrol->count) < 0) {
+- up_write(&card->controls_rwsem);
+- err = -ENOMEM;
+- goto error;
+- }
+- list_add_tail(&kcontrol->list, &card->controls);
+- card->controls_count += kcontrol->count;
+- kcontrol->id.numid = card->last_numid + 1;
+- card->last_numid += kcontrol->count;
+- id = kcontrol->id;
+- count = kcontrol->count;
++ err = __snd_ctl_add(card, kcontrol);
+ up_write(&card->controls_rwsem);
+- for (idx = 0; idx < count; idx++, id.index++, id.numid++)
+- snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id);
++ if (err < 0)
++ goto error;
+ return 0;
+
+ error:
+@@ -1322,9 +1329,12 @@ static int snd_ctl_elem_add(struct snd_c
+ kctl->tlv.c = snd_ctl_elem_user_tlv;
+
+ /* This function manage to free the instance on failure. */
+- err = snd_ctl_add(card, kctl);
+- if (err < 0)
+- return err;
++ down_write(&card->controls_rwsem);
++ err = __snd_ctl_add(card, kctl);
++ if (err < 0) {
++ snd_ctl_free_one(kctl);
++ goto unlock;
++ }
+ offset = snd_ctl_get_ioff(kctl, &info->id);
+ snd_ctl_build_ioff(&info->id, kctl, offset);
+ /*
+@@ -1335,10 +1345,10 @@ static int snd_ctl_elem_add(struct snd_c
+ * which locks the element.
+ */
+
+- down_write(&card->controls_rwsem);
+ card->user_ctl_count++;
+- up_write(&card->controls_rwsem);
+
++ unlock:
++ up_write(&card->controls_rwsem);
+ return 0;
+ }
+
--- /dev/null
+From 9a20332ab373b1f8f947e0a9c923652b32dab031 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 23 Nov 2018 18:18:30 +0100
+Subject: ALSA: sparc: Fix invalid snd_free_pages() at error path
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 9a20332ab373b1f8f947e0a9c923652b32dab031 upstream.
+
+Some spurious calls of snd_free_pages() have been overlooked and
+remain in the error paths of sparc cs4231 driver code. Since
+runtime->dma_area is managed by the PCM core helper, we shouldn't
+release manually.
+
+Drop the superfluous calls.
+
+Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/sparc/cs4231.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+--- a/sound/sparc/cs4231.c
++++ b/sound/sparc/cs4231.c
+@@ -1146,10 +1146,8 @@ static int snd_cs4231_playback_open(stru
+ runtime->hw = snd_cs4231_playback;
+
+ err = snd_cs4231_open(chip, CS4231_MODE_PLAY);
+- if (err < 0) {
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes);
++ if (err < 0)
+ return err;
+- }
+ chip->playback_substream = substream;
+ chip->p_periods_sent = 0;
+ snd_pcm_set_sync(substream);
+@@ -1167,10 +1165,8 @@ static int snd_cs4231_capture_open(struc
+ runtime->hw = snd_cs4231_capture;
+
+ err = snd_cs4231_open(chip, CS4231_MODE_RECORD);
+- if (err < 0) {
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes);
++ if (err < 0)
+ return err;
+- }
+ chip->capture_substream = substream;
+ chip->c_periods_sent = 0;
+ snd_pcm_set_sync(substream);
--- /dev/null
+From 7b69154171b407844c273ab4c10b5f0ddcd6aa29 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 23 Nov 2018 18:16:33 +0100
+Subject: ALSA: wss: Fix invalid snd_free_pages() at error path
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 7b69154171b407844c273ab4c10b5f0ddcd6aa29 upstream.
+
+Some spurious calls of snd_free_pages() have been overlooked and
+remain in the error paths of wss driver code. Since runtime->dma_area
+is managed by the PCM core helper, we shouldn't release manually.
+
+Drop the superfluous calls.
+
+Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/isa/wss/wss_lib.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/sound/isa/wss/wss_lib.c
++++ b/sound/isa/wss/wss_lib.c
+@@ -1531,7 +1531,6 @@ static int snd_wss_playback_open(struct
+ if (err < 0) {
+ if (chip->release_dma)
+ chip->release_dma(chip, chip->dma_private_data, chip->dma1);
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes);
+ return err;
+ }
+ chip->playback_substream = substream;
+@@ -1572,7 +1571,6 @@ static int snd_wss_capture_open(struct s
+ if (err < 0) {
+ if (chip->release_dma)
+ chip->release_dma(chip, chip->dma_private_data, chip->dma2);
+- snd_free_pages(runtime->dma_area, runtime->dma_bytes);
+ return err;
+ }
+ chip->capture_substream = substream;
--- /dev/null
+From f505754fd6599230371cb01b9332754ddc104be1 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Wed, 14 Nov 2018 11:35:24 +0000
+Subject: Btrfs: ensure path name is null terminated at btrfs_control_ioctl
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit f505754fd6599230371cb01b9332754ddc104be1 upstream.
+
+We were using the path name received from user space without checking that
+it is null terminated. While btrfs-progs is well behaved and does proper
+validation and null termination, someone could call the ioctl and pass
+a non-null terminated patch, leading to buffer overrun problems in the
+kernel. The ioctl is protected by CAP_SYS_ADMIN.
+
+So just set the last byte of the path to a null character, similar to what
+we do in other ioctls (add/remove/resize device, snapshot creation, etc).
+
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Anand Jain <anand.jain@oracle.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/super.c
++++ b/fs/btrfs/super.c
+@@ -2104,6 +2104,7 @@ static long btrfs_control_ioctl(struct f
+ vol = memdup_user((void __user *)arg, sizeof(*vol));
+ if (IS_ERR(vol))
+ return PTR_ERR(vol);
++ vol->name[BTRFS_PATH_NAME_MAX] = '\0';
+
+ switch (cmd) {
+ case BTRFS_IOC_SCAN_DEV:
--- /dev/null
+From 0e0fee5c539b61fdd098332e0e2cc375d9073706 Mon Sep 17 00:00:00 2001
+From: Junaid Shahid <junaids@google.com>
+Date: Wed, 31 Oct 2018 14:53:57 -0700
+Subject: kvm: mmu: Fix race in emulated page table writes
+
+From: Junaid Shahid <junaids@google.com>
+
+commit 0e0fee5c539b61fdd098332e0e2cc375d9073706 upstream.
+
+When a guest page table is updated via an emulated write,
+kvm_mmu_pte_write() is called to update the shadow PTE using the just
+written guest PTE value. But if two emulated guest PTE writes happened
+concurrently, it is possible that the guest PTE and the shadow PTE end
+up being out of sync. Emulated writes do not mark the shadow page as
+unsync-ed, so this inconsistency will not be resolved even by a guest TLB
+flush (unless the page was marked as unsync-ed at some other point).
+
+This is fixed by re-reading the current value of the guest PTE after the
+MMU lock has been acquired instead of just using the value that was
+written prior to calling kvm_mmu_pte_write().
+
+Signed-off-by: Junaid Shahid <junaids@google.com>
+Reviewed-by: Wanpeng Li <wanpengli@tencent.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/mmu.c | 27 +++++++++------------------
+ 1 file changed, 9 insertions(+), 18 deletions(-)
+
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -4174,9 +4174,9 @@ static void mmu_pte_write_flush_tlb(stru
+ }
+
+ static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa,
+- const u8 *new, int *bytes)
++ int *bytes)
+ {
+- u64 gentry;
++ u64 gentry = 0;
+ int r;
+
+ /*
+@@ -4188,22 +4188,12 @@ static u64 mmu_pte_write_fetch_gpte(stru
+ /* Handle a 32-bit guest writing two halves of a 64-bit gpte */
+ *gpa &= ~(gpa_t)7;
+ *bytes = 8;
+- r = kvm_vcpu_read_guest(vcpu, *gpa, &gentry, 8);
+- if (r)
+- gentry = 0;
+- new = (const u8 *)&gentry;
+ }
+
+- switch (*bytes) {
+- case 4:
+- gentry = *(const u32 *)new;
+- break;
+- case 8:
+- gentry = *(const u64 *)new;
+- break;
+- default:
+- gentry = 0;
+- break;
++ if (*bytes == 4 || *bytes == 8) {
++ r = kvm_vcpu_read_guest_atomic(vcpu, *gpa, &gentry, *bytes);
++ if (r)
++ gentry = 0;
+ }
+
+ return gentry;
+@@ -4313,8 +4303,6 @@ void kvm_mmu_pte_write(struct kvm_vcpu *
+
+ pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes);
+
+- gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, new, &bytes);
+-
+ /*
+ * No need to care whether allocation memory is successful
+ * or not since pte prefetch is skiped if it does not have
+@@ -4323,6 +4311,9 @@ void kvm_mmu_pte_write(struct kvm_vcpu *
+ mmu_topup_memory_caches(vcpu);
+
+ spin_lock(&vcpu->kvm->mmu_lock);
++
++ gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, &bytes);
++
+ ++vcpu->kvm->stat.mmu_pte_write;
+ kvm_mmu_audit(vcpu, AUDIT_PRE_PTE_WRITE);
+
rapidio-rionet-do-not-free-skb-before-reading-its-length.patch
s390-qeth-fix-length-check-in-snmp-processing.patch
usbnet-ipheth-fix-potential-recvmsg-bug-and-recvmsg-bug-2.patch
+kvm-mmu-fix-race-in-emulated-page-table-writes.patch
+xtensa-enable-coprocessors-that-are-being-flushed.patch
+xtensa-fix-coprocessor-context-offset-definitions.patch
+btrfs-ensure-path-name-is-null-terminated-at-btrfs_control_ioctl.patch
+alsa-wss-fix-invalid-snd_free_pages-at-error-path.patch
+alsa-ac97-fix-incorrect-bit-shift-at-ac97-spsa-control-write.patch
+alsa-control-fix-race-between-adding-and-removing-a-user-element.patch
+alsa-sparc-fix-invalid-snd_free_pages-at-error-path.patch
--- /dev/null
+From 2958b66694e018c552be0b60521fec27e8d12988 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Mon, 26 Nov 2018 13:29:41 -0800
+Subject: xtensa: enable coprocessors that are being flushed
+
+From: Max Filippov <jcmvbkbc@gmail.com>
+
+commit 2958b66694e018c552be0b60521fec27e8d12988 upstream.
+
+coprocessor_flush_all may be called from a context of a thread that is
+different from the thread being flushed. In that case contents of the
+cpenable special register may not match ti->cpenable of the target
+thread, resulting in unhandled coprocessor exception in the kernel
+context.
+Set cpenable special register to the ti->cpenable of the target register
+for the duration of the flush and restore it afterwards.
+This fixes the following crash caused by coprocessor register inspection
+in native gdb:
+
+ (gdb) p/x $w0
+ Illegal instruction in kernel: sig: 9 [#1] PREEMPT
+ Call Trace:
+ ___might_sleep+0x184/0x1a4
+ __might_sleep+0x41/0xac
+ exit_signals+0x14/0x218
+ do_exit+0xc9/0x8b8
+ die+0x99/0xa0
+ do_illegal_instruction+0x18/0x6c
+ common_exception+0x77/0x77
+ coprocessor_flush+0x16/0x3c
+ arch_ptrace+0x46c/0x674
+ sys_ptrace+0x2ce/0x3b4
+ system_call+0x54/0x80
+ common_exception+0x77/0x77
+ note: gdb[100] exited with preempt_count 1
+ Killed
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/xtensa/kernel/process.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/arch/xtensa/kernel/process.c
++++ b/arch/xtensa/kernel/process.c
+@@ -83,18 +83,21 @@ void coprocessor_release_all(struct thre
+
+ void coprocessor_flush_all(struct thread_info *ti)
+ {
+- unsigned long cpenable;
++ unsigned long cpenable, old_cpenable;
+ int i;
+
+ preempt_disable();
+
++ RSR_CPENABLE(old_cpenable);
+ cpenable = ti->cpenable;
++ WSR_CPENABLE(cpenable);
+
+ for (i = 0; i < XCHAL_CP_MAX; i++) {
+ if ((cpenable & 1) != 0 && coprocessor_owner[i] == ti)
+ coprocessor_flush(ti, i);
+ cpenable >>= 1;
+ }
++ WSR_CPENABLE(old_cpenable);
+
+ preempt_enable();
+ }
--- /dev/null
+From 03bc996af0cc71c7f30c384d8ce7260172423b34 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Mon, 26 Nov 2018 15:18:26 -0800
+Subject: xtensa: fix coprocessor context offset definitions
+
+From: Max Filippov <jcmvbkbc@gmail.com>
+
+commit 03bc996af0cc71c7f30c384d8ce7260172423b34 upstream.
+
+Coprocessor context offsets are used by the assembly code that moves
+coprocessor context between the individual fields of the
+thread_info::xtregs_cp structure and coprocessor registers.
+This fixes coprocessor context clobbering on flushing and reloading
+during normal user code execution and user process debugging in the
+presence of more than one coprocessor in the core configuration.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/xtensa/kernel/asm-offsets.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/arch/xtensa/kernel/asm-offsets.c
++++ b/arch/xtensa/kernel/asm-offsets.c
+@@ -90,14 +90,14 @@ int main(void)
+ DEFINE(THREAD_SP, offsetof (struct task_struct, thread.sp));
+ DEFINE(THREAD_CPENABLE, offsetof (struct thread_info, cpenable));
+ #if XTENSA_HAVE_COPROCESSORS
+- DEFINE(THREAD_XTREGS_CP0, offsetof (struct thread_info, xtregs_cp));
+- DEFINE(THREAD_XTREGS_CP1, offsetof (struct thread_info, xtregs_cp));
+- DEFINE(THREAD_XTREGS_CP2, offsetof (struct thread_info, xtregs_cp));
+- DEFINE(THREAD_XTREGS_CP3, offsetof (struct thread_info, xtregs_cp));
+- DEFINE(THREAD_XTREGS_CP4, offsetof (struct thread_info, xtregs_cp));
+- DEFINE(THREAD_XTREGS_CP5, offsetof (struct thread_info, xtregs_cp));
+- DEFINE(THREAD_XTREGS_CP6, offsetof (struct thread_info, xtregs_cp));
+- DEFINE(THREAD_XTREGS_CP7, offsetof (struct thread_info, xtregs_cp));
++ DEFINE(THREAD_XTREGS_CP0, offsetof(struct thread_info, xtregs_cp.cp0));
++ DEFINE(THREAD_XTREGS_CP1, offsetof(struct thread_info, xtregs_cp.cp1));
++ DEFINE(THREAD_XTREGS_CP2, offsetof(struct thread_info, xtregs_cp.cp2));
++ DEFINE(THREAD_XTREGS_CP3, offsetof(struct thread_info, xtregs_cp.cp3));
++ DEFINE(THREAD_XTREGS_CP4, offsetof(struct thread_info, xtregs_cp.cp4));
++ DEFINE(THREAD_XTREGS_CP5, offsetof(struct thread_info, xtregs_cp.cp5));
++ DEFINE(THREAD_XTREGS_CP6, offsetof(struct thread_info, xtregs_cp.cp6));
++ DEFINE(THREAD_XTREGS_CP7, offsetof(struct thread_info, xtregs_cp.cp7));
+ #endif
+ DEFINE(THREAD_XTREGS_USER, offsetof (struct thread_info, xtregs_user));
+ DEFINE(XTREGS_USER_SIZE, sizeof(xtregs_user_t));
projects / thirdparty / kernel / stable-queue.git / commitdiff
