diff --git a/0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch b/0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
deleted file mode 100644
index 1564060..0000000
--- a/0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From d856e14fb043b742f94170db36b812770a2591d0 Mon Sep 17 00:00:00 2001
-From: David Howells <dhowells@redhat.com>
-Date: Thu, 15 Oct 2015 17:21:37 +0100
-Subject: [PATCH 1/2] KEYS: Fix crash when attempt to garbage collect an
- uninstantiated keyring
-
-    The following sequence of commands:
-
-        i=`keyctl add user a a @s`
-        keyctl request2 keyring foo bar @t
-        keyctl unlink $i @s
-
-    tries to invoke an upcall to instantiate a keyring if one doesn't already
-    exist by that name within the user's keyring set.  However, if the upcall
-    fails, the code sets keyring->type_data.reject_error to -ENOKEY or some
-    other error code.  When the key is garbage collected, the key destroy
-    function is called unconditionally and keyring_destroy() uses list_empty()
-    on keyring->type_data.link - which is in a union with reject_error.
-    Subsequently, the kernel tries to unlink the keyring from the keyring names
-    list - which oopses like this:
-
-    	BUG: unable to handle kernel paging request at 00000000ffffff8a
-    	IP: [<ffffffff8126e051>] keyring_destroy+0x3d/0x88
-    	...
-    	Workqueue: events key_garbage_collector
-    	...
-    	RIP: 0010:[<ffffffff8126e051>] keyring_destroy+0x3d/0x88
-    	RSP: 0018:ffff88003e2f3d30  EFLAGS: 00010203
-    	RAX: 00000000ffffff82 RBX: ffff88003bf1a900 RCX: 0000000000000000
-    	RDX: 0000000000000000 RSI: 000000003bfc6901 RDI: ffffffff81a73a40
-    	RBP: ffff88003e2f3d38 R08: 0000000000000152 R09: 0000000000000000
-    	R10: ffff88003e2f3c18 R11: 000000000000865b R12: ffff88003bf1a900
-    	R13: 0000000000000000 R14: ffff88003bf1a908 R15: ffff88003e2f4000
-    	...
-    	CR2: 00000000ffffff8a CR3: 000000003e3ec000 CR4: 00000000000006f0
-    	...
-    	Call Trace:
-    	 [<ffffffff8126c756>] key_gc_unused_keys.constprop.1+0x5d/0x10f
-    	 [<ffffffff8126ca71>] key_garbage_collector+0x1fa/0x351
-    	 [<ffffffff8105ec9b>] process_one_work+0x28e/0x547
-    	 [<ffffffff8105fd17>] worker_thread+0x26e/0x361
-    	 [<ffffffff8105faa9>] ? rescuer_thread+0x2a8/0x2a8
-    	 [<ffffffff810648ad>] kthread+0xf3/0xfb
-    	 [<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
-    	 [<ffffffff815f2ccf>] ret_from_fork+0x3f/0x70
-    	 [<ffffffff810647ba>] ? kthread_create_on_node+0x1c2/0x1c2
-
-    Note the value in RAX.  This is a 32-bit representation of -ENOKEY.
-
-    The solution is to only call ->destroy() if the key was successfully
-    instantiated.
-
-    Reported-by: Dmitry Vyukov <dvyukov@google.com>
-    Signed-off-by: David Howells <dhowells@redhat.com>
----
- security/keys/gc.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/security/keys/gc.c b/security/keys/gc.c
-index c7952375ac53..11c36627adbf 100644
---- a/security/keys/gc.c
-+++ b/security/keys/gc.c
-@@ -149,7 +149,9 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
- 			atomic_dec(&key->user->nikeys);
- 
- 		/* now throw away the key memory */
--		if (key->type->destroy)
-+		if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags) &&
-+			!test_bit(KEY_FLAG_NEGATIVE, &key->flags) &&
-+			key->type->destroy)
- 			key->type->destroy(key);
- 
- 		key_user_put(key->user);
--- 
-2.4.3
-
diff --git a/0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch b/0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
deleted file mode 100644
index 6395b17..0000000
--- a/0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-From 1d8007bdee074fdffcf3539492d8a151a1fb3436 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Mon, 12 Oct 2015 13:38:32 +0200
-Subject: [PATCH] KVM: x86: build kvm_userspace_memory_region in
- x86_set_memory_region
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The next patch will make x86_set_memory_region fill the
-userspace_addr.  Since the struct is not used untouched
-anymore, it makes sense to build it in x86_set_memory_region
-directly; it also simplifies the callers.
-
-Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
-Cc: stable@vger.kernel.org
-Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
-Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- arch/x86/include/asm/kvm_host.h |  6 ++----
- arch/x86/kvm/vmx.c              | 26 ++++++--------------------
- arch/x86/kvm/x86.c              | 31 +++++++++++++------------------
- 3 files changed, 21 insertions(+), 42 deletions(-)
-
-diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index 49ec903..4e7ad7e 100644
---- a/arch/x86/include/asm/kvm_host.h
-+++ b/arch/x86/include/asm/kvm_host.h
-@@ -1199,9 +1199,7 @@ void kvm_complete_insn_gp(struct kvm_vcpu *vcpu, int err);
-
- int kvm_is_in_guest(void);
-
--int __x86_set_memory_region(struct kvm *kvm,
--			    const struct kvm_userspace_memory_region *mem);
--int x86_set_memory_region(struct kvm *kvm,
--			  const struct kvm_userspace_memory_region *mem);
-+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
-+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size);
-
- #endif /* _ASM_X86_KVM_HOST_H */
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 18c30b4..8461e0c 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -4105,17 +4105,13 @@ static void seg_setup(int seg)
- static int alloc_apic_access_page(struct kvm *kvm)
- {
- 	struct page *page;
--	struct kvm_userspace_memory_region kvm_userspace_mem;
- 	int r = 0;
-
- 	mutex_lock(&kvm->slots_lock);
- 	if (kvm->arch.apic_access_page_done)
- 		goto out;
--	kvm_userspace_mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
--	kvm_userspace_mem.flags = 0;
--	kvm_userspace_mem.guest_phys_addr = APIC_DEFAULT_PHYS_BASE;
--	kvm_userspace_mem.memory_size = PAGE_SIZE;
--	r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
-+	r = __x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT,
-+				    APIC_DEFAULT_PHYS_BASE, PAGE_SIZE);
- 	if (r)
- 		goto out;
-
-@@ -4140,17 +4136,12 @@ static int alloc_identity_pagetable(struct kvm *kvm)
- {
- 	/* Called with kvm->slots_lock held. */
-
--	struct kvm_userspace_memory_region kvm_userspace_mem;
- 	int r = 0;
-
- 	BUG_ON(kvm->arch.ept_identity_pagetable_done);
-
--	kvm_userspace_mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
--	kvm_userspace_mem.flags = 0;
--	kvm_userspace_mem.guest_phys_addr =
--		kvm->arch.ept_identity_map_addr;
--	kvm_userspace_mem.memory_size = PAGE_SIZE;
--	r = __x86_set_memory_region(kvm, &kvm_userspace_mem);
-+	r = __x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT,
-+				    kvm->arch.ept_identity_map_addr, PAGE_SIZE);
-
- 	return r;
- }
-@@ -4949,14 +4940,9 @@ static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
- static int vmx_set_tss_addr(struct kvm *kvm, unsigned int addr)
- {
- 	int ret;
--	struct kvm_userspace_memory_region tss_mem = {
--		.slot = TSS_PRIVATE_MEMSLOT,
--		.guest_phys_addr = addr,
--		.memory_size = PAGE_SIZE * 3,
--		.flags = 0,
--	};
-
--	ret = x86_set_memory_region(kvm, &tss_mem);
-+	ret = x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, addr,
-+				    PAGE_SIZE * 3);
- 	if (ret)
- 		return ret;
- 	kvm->arch.tss_addr = addr;
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 373328b..b12665b 100644
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -7721,18 +7721,21 @@ void kvm_arch_sync_events(struct kvm *kvm)
- 	kvm_free_pit(kvm);
- }
-
--int __x86_set_memory_region(struct kvm *kvm,
--			    const struct kvm_userspace_memory_region *mem)
-+int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
- {
- 	int i, r;
-
- 	/* Called with kvm->slots_lock held.  */
--	BUG_ON(mem->slot >= KVM_MEM_SLOTS_NUM);
-+	if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
-+		return -EINVAL;
-
- 	for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
--		struct kvm_userspace_memory_region m = *mem;
-+		struct kvm_userspace_memory_region m;
-
--		m.slot |= i << 16;
-+		m.slot = id | (i << 16);
-+		m.flags = 0;
-+		m.guest_phys_addr = gpa;
-+		m.memory_size = size;
- 		r = __kvm_set_memory_region(kvm, &m);
- 		if (r < 0)
- 			return r;
-@@ -7742,13 +7745,12 @@ int __x86_set_memory_region(struct kvm *kvm,
- }
- EXPORT_SYMBOL_GPL(__x86_set_memory_region);
-
--int x86_set_memory_region(struct kvm *kvm,
--			  const struct kvm_userspace_memory_region *mem)
-+int x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
- {
- 	int r;
-
- 	mutex_lock(&kvm->slots_lock);
--	r = __x86_set_memory_region(kvm, mem);
-+	r = __x86_set_memory_region(kvm, id, gpa, size);
- 	mutex_unlock(&kvm->slots_lock);
-
- 	return r;
-@@ -7763,16 +7765,9 @@ void kvm_arch_destroy_vm(struct kvm *kvm)
- 		 * unless the the memory map has changed due to process exit
- 		 * or fd copying.
- 		 */
--		struct kvm_userspace_memory_region mem;
--		memset(&mem, 0, sizeof(mem));
--		mem.slot = APIC_ACCESS_PAGE_PRIVATE_MEMSLOT;
--		x86_set_memory_region(kvm, &mem);
--
--		mem.slot = IDENTITY_PAGETABLE_PRIVATE_MEMSLOT;
--		x86_set_memory_region(kvm, &mem);
--
--		mem.slot = TSS_PRIVATE_MEMSLOT;
--		x86_set_memory_region(kvm, &mem);
-+		x86_set_memory_region(kvm, APIC_ACCESS_PAGE_PRIVATE_MEMSLOT, 0, 0);
-+		x86_set_memory_region(kvm, IDENTITY_PAGETABLE_PRIVATE_MEMSLOT, 0, 0);
-+		x86_set_memory_region(kvm, TSS_PRIVATE_MEMSLOT, 0, 0);
- 	}
- 	kvm_iommu_unmap_guest(kvm);
- 	kfree(kvm->arch.vpic);
diff --git a/0001-ipv6-Avoid-creating-RTF_CACHE-from-a-rt-that-is-not-.patch b/0001-ipv6-Avoid-creating-RTF_CACHE-from-a-rt-that-is-not-.patch
new file mode 100644
index 0000000..3390024
--- /dev/null
+++ b/0001-ipv6-Avoid-creating-RTF_CACHE-from-a-rt-that-is-not-.patch
@@ -0,0 +1,91 @@
+From 0d3f6d297bfb7af24d0508460fdb3d1ec4903fa3 Mon Sep 17 00:00:00 2001
+From: Martin KaFai Lau <kafai@fb.com>
+Date: Wed, 11 Nov 2015 11:51:06 -0800
+Subject: [PATCH] ipv6: Avoid creating RTF_CACHE from a rt that is not managed
+ by fib6 tree
+
+The original bug report:
+https://bugzilla.redhat.com/show_bug.cgi?id=1272571
+
+The setup has a IPv4 GRE tunnel running in a IPSec.  The bug
+happens when ndisc starts sending router solicitation at the gre
+interface.  The simplified oops stack is like:
+
+__lock_acquire+0x1b2/0x1c30
+lock_acquire+0xb9/0x140
+_raw_write_lock_bh+0x3f/0x50
+__ip6_ins_rt+0x2e/0x60
+ip6_ins_rt+0x49/0x50
+~~~~~~~~
+__ip6_rt_update_pmtu.part.54+0x145/0x250
+ip6_rt_update_pmtu+0x2e/0x40
+~~~~~~~~
+ip_tunnel_xmit+0x1f1/0xf40
+__gre_xmit+0x7a/0x90
+ipgre_xmit+0x15a/0x220
+dev_hard_start_xmit+0x2bd/0x480
+__dev_queue_xmit+0x696/0x730
+dev_queue_xmit+0x10/0x20
+neigh_direct_output+0x11/0x20
+ip6_finish_output2+0x21f/0x770
+ip6_finish_output+0xa7/0x1d0
+ip6_output+0x56/0x190
+~~~~~~~~
+ndisc_send_skb+0x1d9/0x400
+ndisc_send_rs+0x88/0xc0
+~~~~~~~~
+
+The rt passed to ip6_rt_update_pmtu() is created by
+icmp6_dst_alloc() and it is not managed by the fib6 tree,
+so its rt6i_table == NULL.  When __ip6_rt_update_pmtu() creates
+a RTF_CACHE clone, the newly created clone also has rt6i_table == NULL
+and it causes the ip6_ins_rt() oops.
+
+During pmtu update, we only want to create a RTF_CACHE clone
+from a rt which is currently managed (or owned) by the
+fib6 tree.  It means either rt->rt6i_node != NULL or
+rt is a RTF_PCPU clone.
+
+It is worth to note that rt6i_table may not be NULL even it is
+not (yet) managed by the fib6 tree (e.g. addrconf_dst_alloc()).
+Hence, rt6i_node is a better check instead of rt6i_table.
+
+Fixes: 45e4fd26683c ("ipv6: Only create RTF_CACHE routes after encountering pmtu")
+Signed-off-by: Martin KaFai Lau <kafai@fb.com>
+Reported-by: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
+Cc: Chris Siebenmann <cks-rhbugzilla@cs.toronto.edu>
+Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv6/route.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/net/ipv6/route.c b/net/ipv6/route.c
+index c8bc9b4..74907c5 100644
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -1322,6 +1322,12 @@ static void rt6_do_update_pmtu(struct rt6_info *rt, u32 mtu)
+ 	rt6_update_expires(rt, net->ipv6.sysctl.ip6_rt_mtu_expires);
+ }
+
++static bool rt6_cache_allowed_for_pmtu(const struct rt6_info *rt)
++{
++	return !(rt->rt6i_flags & RTF_CACHE) &&
++		(rt->rt6i_flags & RTF_PCPU || rt->rt6i_node);
++}
++
+ static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
+ 				 const struct ipv6hdr *iph, u32 mtu)
+ {
+@@ -1335,7 +1341,7 @@ static void __ip6_rt_update_pmtu(struct dst_entry *dst, const struct sock *sk,
+ 	if (mtu >= dst_mtu(dst))
+ 		return;
+
+-	if (rt6->rt6i_flags & RTF_CACHE) {
++	if (!rt6_cache_allowed_for_pmtu(rt6)) {
+ 		rt6_do_update_pmtu(rt6, mtu);
+ 	} else {
+ 		const struct in6_addr *daddr, *saddr;
+-- 
+2.5.0
+
diff --git a/0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch b/0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
new file mode 100644
index 0000000..7dab1ff
--- /dev/null
+++ b/0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
@@ -0,0 +1,63 @@
+From 721ebb3cf4788107424f92ac2da6cfce20c67297 Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Sun, 1 Nov 2015 23:54:08 +0000
+Subject: [PATCH] watchdog: omap_wdt: fix null pointer dereference
+
+Fix issue from two patches overlapping causing a kernel oops
+
+[ 3569.297449] Unable to handle kernel NULL pointer dereference at virtual address 00000088
+[ 3569.306272] pgd = dc894000
+[ 3569.309287] [00000088] *pgd=00000000
+[ 3569.313104] Internal error: Oops: 5 [#1] SMP ARM
+[ 3569.317986] Modules linked in: ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_security ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_filter ip6_tables iptable_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle musb_dsps cppi41 musb_hdrc phy_am335x udc_core phy_generic phy_am335x_control omap_sham omap_aes omap_rng omap_hwspinlock omap_mailbox hwspinlock_core musb_am335x omap_wdt at24 8250_omap leds_gpio cpufreq_dt smsc davinci_mdio mmc_block ti_cpsw cpsw_common ptp pps_core cpsw_ale davinci_cpdma omap_hsmmc omap_dma mmc_core i2c_dev
+[ 3569.386293] CPU: 0 PID: 1429 Comm: wdctl Not tainted 4.3.0-0.rc7.git0.1.fc24.armv7hl #1
+[ 3569.394740] Hardware name: Generic AM33XX (Flattened Device Tree)
+[ 3569.401179] task: dbd11a00 ti: dbaac000 task.ti: dbaac000
+[ 3569.406917] PC is at omap_wdt_get_timeleft+0xc/0x20 [omap_wdt]
+[ 3569.413106] LR is at watchdog_ioctl+0x3cc/0x42c
+[ 3569.417902] pc : [<bf0ab138>]    lr : [<c0739c54>]    psr: 600f0013
+[ 3569.417902] sp : dbaadf18  ip : 00000003  fp : 7f5d3bbe
+[ 3569.430014] r10: 00000000  r9 : 00000003  r8 : bef21ab8
+[ 3569.435535] r7 : dbbc0f7c  r6 : dbbc0f18  r5 : bef21ab8  r4 : 00000000
+[ 3569.442427] r3 : 00000000  r2 : 00000000  r1 : 8004570a  r0 : dbbc0f18
+[ 3569.449323] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
+[ 3569.456858] Control: 10c5387d  Table: 9c894019  DAC: 00000051
+[ 3569.462927] Process wdctl (pid: 1429, stack limit = 0xdbaac220)
+[ 3569.469179] Stack: (0xdbaadf18 to 0xdbaae000)
+[ 3569.473790] df00:                                                       bef21ab8 dbf60e38
+[ 3569.482441] df20: dc91b840 8004570a bef21ab8 c03988a4 dbaadf48 dc854000 00000000 dd313850
+[ 3569.491092] df40: ddf033b8 0000570a dc91b80b dbaadf3c dbf60e38 00000020 c0df9250 c0df6c48
+[ 3569.499741] df60: dc91b840 8004570a 00000000 dc91b840 dc91b840 8004570a bef21ab8 00000003
+[ 3569.508389] df80: 00000000 c03989d4 bef21b74 7f5d3bad 00000003 00000036 c020fcc4 dbaac000
+[ 3569.517037] dfa0: 00000000 c020fb00 bef21b74 7f5d3bad 00000003 8004570a bef21ab8 00000001
+[ 3569.525685] dfc0: bef21b74 7f5d3bad 00000003 00000036 00000001 00000000 7f5e4eb0 7f5d3bbe
+[ 3569.534334] dfe0: 7f5e4f10 bef21a3c 7f5d0a54 b6e97e0c a00f0010 00000003 00000000 00000000
+[ 3569.543038] [<bf0ab138>] (omap_wdt_get_timeleft [omap_wdt]) from [<c0739c54>] (watchdog_ioctl+0x3cc/0x42c)
+[ 3569.553266] [<c0739c54>] (watchdog_ioctl) from [<c03988a4>] (do_vfs_ioctl+0x5bc/0x698)
+[ 3569.561648] [<c03988a4>] (do_vfs_ioctl) from [<c03989d4>] (SyS_ioctl+0x54/0x7c)
+[ 3569.569400] [<c03989d4>] (SyS_ioctl) from [<c020fb00>] (ret_fast_syscall+0x0/0x3c)
+[ 3569.577413] Code: e12fff1e e52de004 e8bd4000 e5903060 (e5933088)
+[ 3569.584089] ---[ end trace cec3039bd3ae610a ]---
+
+Cc: <stable@vger.kernel.org> # v4.2+
+Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
+---
+ drivers/watchdog/omap_wdt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/watchdog/omap_wdt.c b/drivers/watchdog/omap_wdt.c
+index d96bee0..6f17c93 100644
+--- a/drivers/watchdog/omap_wdt.c
++++ b/drivers/watchdog/omap_wdt.c
+@@ -205,7 +205,7 @@ static int omap_wdt_set_timeout(struct watchdog_device *wdog,
+ 
+ static unsigned int omap_wdt_get_timeleft(struct watchdog_device *wdog)
+ {
+-	struct omap_wdt_dev *wdev = watchdog_get_drvdata(wdog);
++	struct omap_wdt_dev *wdev = to_omap_wdt_dev(wdog);
+ 	void __iomem *base = wdev->base;
+ 	u32 value;
+ 
+-- 
+2.5.0
+
diff --git a/0001-x86-cpu-cacheinfo-Fix-teardown-path.patch b/0001-x86-cpu-cacheinfo-Fix-teardown-path.patch
new file mode 100644
index 0000000..52e82fe
--- /dev/null
+++ b/0001-x86-cpu-cacheinfo-Fix-teardown-path.patch
@@ -0,0 +1,86 @@
+From 680ac028240f8747f31c03986fbcf18b2b521e93 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Mon, 27 Jul 2015 09:58:05 +0200
+Subject: [PATCH] x86/cpu/cacheinfo: Fix teardown path
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Philip Müller reported a hang when booting 32-bit 4.1 kernel on
+an AMD box. A fragment of the splat was enough to pinpoint the
+issue:
+
+  task: f58e0000 ti: f58e8000 task.ti: f58e800
+  EIP: 0060:[<c135a903>] EFLAGS: 00010206 CPU: 0
+  EIP is at free_cache_attributes+0x83/0xd0
+  EAX: 00000001 EBX: f589d46c ECX: 00000090 EDX: 360c2000
+  ESI: 00000000 EDI: c1724a80 EBP: f58e9ec0 ESP: f58e9ea0
+   DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
+  CR0: 8005003b CR2: 000000ac CR3: 01731000 CR4: 000006d0
+
+cache_shared_cpu_map_setup() did check sibling CPUs cacheinfo
+descriptor while the respective teardown path
+cache_shared_cpu_map_remove() didn't. Fix that.
+
+From tglx's version: to be on the safe side, move the cacheinfo
+descriptor check to free_cache_attributes(), thus cleaning up
+the hotplug path a little and making this even more robust.
+
+Reported-by: Philip Müller <philm@manjaro.org>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: <stable@vger.kernel.org> # v4.1+
+Cc: Andre Przywara <andre.przywara@arm.com>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Sudeep Holla <sudeep.holla@arm.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: linux-kernel@vger.kernel.org
+Cc: manjaro-dev@manjaro.org
+Link: http://lkml.kernel.org/r/20150727075805.GA20416@nazgul.tnic
+Link: https://lkml.kernel.org/r/55B47BB8.6080202@manjaro.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+---
+ drivers/base/cacheinfo.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c
+index 764280a91776..e9fd32e91668 100644
+--- a/drivers/base/cacheinfo.c
++++ b/drivers/base/cacheinfo.c
+@@ -148,7 +148,11 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
+ 
+ 			if (sibling == cpu) /* skip itself */
+ 				continue;
++
+ 			sib_cpu_ci = get_cpu_cacheinfo(sibling);
++			if (!sib_cpu_ci->info_list)
++				continue;
++
+ 			sib_leaf = sib_cpu_ci->info_list + index;
+ 			cpumask_clear_cpu(cpu, &sib_leaf->shared_cpu_map);
+ 			cpumask_clear_cpu(sibling, &this_leaf->shared_cpu_map);
+@@ -159,6 +163,9 @@ static void cache_shared_cpu_map_remove(unsigned int cpu)
+ 
+ static void free_cache_attributes(unsigned int cpu)
+ {
++	if (!per_cpu_cacheinfo(cpu))
++		return;
++
+ 	cache_shared_cpu_map_remove(cpu);
+ 
+ 	kfree(per_cpu_cacheinfo(cpu));
+@@ -514,8 +521,7 @@ static int cacheinfo_cpu_callback(struct notifier_block *nfb,
+ 		break;
+ 	case CPU_DEAD:
+ 		cache_remove_dev(cpu);
+-		if (per_cpu_cacheinfo(cpu))
+-			free_cache_attributes(cpu);
++		free_cache_attributes(cpu);
+ 		break;
+ 	}
+ 	return notifier_from_errno(rc);
+-- 
+2.4.3
+
diff --git a/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch b/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
deleted file mode 100644
index 727ee6a..0000000
--- a/0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 93f27344ac019135dd5ff31a518f1ef2d9e4e4a1 Mon Sep 17 00:00:00 2001
-From: David Howells <dhowells@redhat.com>
-Date: Mon, 19 Oct 2015 11:33:38 +0100
-Subject: [PATCH 2/2] KEYS: Don't permit request_key() to construct a new
- keyring
-
-    If request_key() is used to find a keyring, only do the search part - don't
-    do the construction part if the keyring was not found by the search.  We
-    don't really want keyrings in the negative instantiated state since the
-    rejected/negative instantiation error value in the payload is unioned with
-    keyring metadata.
-
-    Signed-off-by: David Howells <dhowells@redhat.com>
----
- security/keys/request_key.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/security/keys/request_key.c b/security/keys/request_key.c
-index 486ef6fa393b..0d6253124278 100644
---- a/security/keys/request_key.c
-+++ b/security/keys/request_key.c
-@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
- 
- 	kenter("");
- 
-+	if (ctx->index_key.type == &key_type_keyring)
-+		return ERR_PTR(-EPERM);
-+	
- 	user = key_user_lookup(current_fsuid());
- 	if (!user)
- 		return ERR_PTR(-ENOMEM);
--- 
-2.4.3
-
diff --git a/0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch b/0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
deleted file mode 100644
index 261c6e1..0000000
--- a/0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From f0d648bdf0a5bbc91da6099d5282f77996558ea4 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Mon, 12 Oct 2015 13:56:27 +0200
-Subject: [PATCH] KVM: x86: map/unmap private slots in __x86_set_memory_region
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Otherwise, two copies (one of them never populated and thus bogus)
-are allocated for the regular and SMM address spaces.  This breaks
-SMM with EPT but without unrestricted guest support, because the
-SMM copy of the identity page map is all zeros.
-
-By moving the allocation to the caller we also remove the last
-vestiges of kernel-allocated memory regions (not accessible anymore
-in userspace since commit b74a07beed0e, "KVM: Remove kernel-allocated
-memory regions", 2010-06-21); that is a nice bonus.
-
-Reported-by: Alexandre DERUMIER <aderumier@odiso.com>
-Cc: stable@vger.kernel.org
-Fixes: 9da0e4d5ac969909f6b435ce28ea28135a9cbd69
-Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- arch/x86/kvm/x86.c | 62 ++++++++++++++++++++++++++----------------------------
- 1 file changed, 30 insertions(+), 32 deletions(-)
-
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 7bf8096..3ac33f8 100644
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -7477,23 +7477,53 @@ void kvm_arch_sync_events(struct kvm *kvm)
- int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
- {
- 	int i, r;
-+	u64 hva;
-+	struct kvm_memslots *slots = kvm_memslots(kvm);
-+	struct kvm_memory_slot *slot, old;
-
- 	/* Called with kvm->slots_lock held.  */
- 	if (WARN_ON(id >= KVM_MEM_SLOTS_NUM))
- 		return -EINVAL;
-
-+	slot = id_to_memslot(slots, id);
-+	if (size) {
-+		if (WARN_ON(slot->npages))
-+			return -EEXIST;
-+
-+		/*
-+		 * MAP_SHARED to prevent internal slot pages from being moved
-+		 * by fork()/COW.
-+		 */
-+		hva = vm_mmap(NULL, 0, size, PROT_READ | PROT_WRITE,
-+			      MAP_SHARED | MAP_ANONYMOUS, 0);
-+		if (IS_ERR((void *)hva))
-+			return PTR_ERR((void *)hva);
-+	} else {
-+		if (!slot->npages)
-+			return 0;
-+
-+		hva = 0;
-+	}
-+
-+	old = *slot;
- 	for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
- 		struct kvm_userspace_memory_region m;
-
- 		m.slot = id | (i << 16);
- 		m.flags = 0;
- 		m.guest_phys_addr = gpa;
-+		m.userspace_addr = hva;
- 		m.memory_size = size;
- 		r = __kvm_set_memory_region(kvm, &m);
- 		if (r < 0)
- 			return r;
- 	}
-
-+	if (!size) {
-+		r = vm_munmap(old.userspace_addr, old.npages * PAGE_SIZE);
-+		WARN_ON(r < 0);
-+	}
-+
- 	return 0;
- }
- EXPORT_SYMBOL_GPL(__x86_set_memory_region);
-@@ -7623,27 +7653,6 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm,
- 				const struct kvm_userspace_memory_region *mem,
- 				enum kvm_mr_change change)
- {
--	/*
--	 * Only private memory slots need to be mapped here since
--	 * KVM_SET_MEMORY_REGION ioctl is no longer supported.
--	 */
--	if ((memslot->id >= KVM_USER_MEM_SLOTS) && (change == KVM_MR_CREATE)) {
--		unsigned long userspace_addr;
--
--		/*
--		 * MAP_SHARED to prevent internal slot pages from being moved
--		 * by fork()/COW.
--		 */
--		userspace_addr = vm_mmap(NULL, 0, memslot->npages * PAGE_SIZE,
--					 PROT_READ | PROT_WRITE,
--					 MAP_SHARED | MAP_ANONYMOUS, 0);
--
--		if (IS_ERR((void *)userspace_addr))
--			return PTR_ERR((void *)userspace_addr);
--
--		memslot->userspace_addr = userspace_addr;
--	}
--
- 	return 0;
- }
-
-@@ -7705,17 +7714,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm,
- {
- 	int nr_mmu_pages = 0;
-
--	if (change == KVM_MR_DELETE && old->id >= KVM_USER_MEM_SLOTS) {
--		int ret;
--
--		ret = vm_munmap(old->userspace_addr,
--				old->npages * PAGE_SIZE);
--		if (ret < 0)
--			printk(KERN_WARNING
--			       "kvm_vm_ioctl_set_memory_region: "
--			       "failed to munmap memory\n");
--	}
--
- 	if (!kvm->arch.n_requested_mmu_pages)
- 		nr_mmu_pages = kvm_mmu_calculate_mmu_pages(kvm);
-
--- 
-2.5.0
-
diff --git a/0003-KVM-x86-fix-previous-commit-for-32-bit.patch b/0003-KVM-x86-fix-previous-commit-for-32-bit.patch
deleted file mode 100644
index df99e60..0000000
--- a/0003-KVM-x86-fix-previous-commit-for-32-bit.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 25188b9986cf6b0cadcf1bc1d1693a2e9c50ed47 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Wed, 14 Oct 2015 15:51:08 +0200
-Subject: [PATCH] KVM: x86: fix previous commit for 32-bit
-
-Unfortunately I only noticed this after pushing.
-
-Fixes: f0d648bdf0a5bbc91da6099d5282f77996558ea4
-Cc: stable@vger.kernel.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- arch/x86/kvm/x86.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 6e03546..9a9a198 100644
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -7482,7 +7482,7 @@ void kvm_arch_sync_events(struct kvm *kvm)
- int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
- {
- 	int i, r;
--	u64 hva;
-+	unsigned long hva;
- 	struct kvm_memslots *slots = kvm_memslots(kvm);
- 	struct kvm_memory_slot *slot, old;
-
--- 
-2.5.0
-
diff --git a/ACPI-Limit-access-to-custom_method.patch b/ACPI-Limit-access-to-custom_method.patch
index 88709a3..3823675 100644
--- a/ACPI-Limit-access-to-custom_method.patch
+++ b/ACPI-Limit-access-to-custom_method.patch
@@ -1,6 +1,7 @@
+From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
-Subject: [PATCH] ACPI: Limit access to custom_method
+Subject: [PATCH 04/20] ACPI: Limit access to custom_method
 
 custom_method effectively allows arbitrary access to system memory, making
 it possible for an attacker to circumvent restrictions on module loading.
@@ -25,3 +26,6 @@ index c68e72414a67..4277938af700 100644
  	if (!(*ppos)) {
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
+-- 
+2.4.3
+
diff --git a/Add-EFI-signature-data-types.patch b/Add-EFI-signature-data-types.patch
index f24473d..57847dc 100644
--- a/Add-EFI-signature-data-types.patch
+++ b/Add-EFI-signature-data-types.patch
@@ -1,6 +1,7 @@
+From 34e3e23e08fdccbf4637deab0cf03070d4f2226d Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:30:54 -0400
-Subject: [PATCH] Add EFI signature data types
+Subject: [PATCH 15/20] Add EFI signature data types
 
 Add the data types that are used for containing hashes, keys and certificates
 for cryptographic verification.
@@ -51,3 +52,6 @@ index de3e45088d4a..fac43c611614 100644
  /*
   * All runtime access to EFI goes through this structure:
   */
+-- 
+2.4.3
+
diff --git a/Add-an-EFI-signature-blob-parser-and-key-loader.patch b/Add-an-EFI-signature-blob-parser-and-key-loader.patch
index c4feebe..06ddd15 100644
--- a/Add-an-EFI-signature-blob-parser-and-key-loader.patch
+++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch
@@ -1,6 +1,7 @@
+From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:36:28 -0400
-Subject: [PATCH] Add an EFI signature blob parser and key loader.
+Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
 
 X.509 certificates are loaded into the specified keyring as asymmetric type
 keys.
@@ -32,7 +33,7 @@ index 4870f28403f5..4a1b50d73b80 100644
 +
  endif # ASYMMETRIC_KEY_TYPE
 diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
-index e47fcd9ac5e8..6512f6596785 100644
+index cd1406f9b14a..d9db380bbe53 100644
 --- a/crypto/asymmetric_keys/Makefile
 +++ b/crypto/asymmetric_keys/Makefile
 @@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
@@ -173,3 +174,6 @@ index fac43c611614..414c3c3d988d 100644
  /**
   * efi_range_is_wc - check the WC bit on an address range
   * @start: starting kvirt address
+-- 
+2.4.3
+
diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch
index ff4fc05..015371b 100644
--- a/Add-option-to-automatically-enforce-module-signature.patch
+++ b/Add-option-to-automatically-enforce-module-signature.patch
@@ -1,7 +1,8 @@
+From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
-Subject: [PATCH] Add option to automatically enforce module signatures when in
- Secure Boot mode
+Subject: [PATCH 10/20] Add option to automatically enforce module signatures
+ when in Secure Boot mode
 
 UEFI Secure Boot provides a mechanism for ensuring that the firmware will
 only load signed bootloaders and kernels. Certain use cases may also
@@ -20,10 +21,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  7 files changed, 69 insertions(+), 1 deletion(-)
 
 diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
-index 82fbdbc1e0b0..a811210ad486 100644
+index 95a4d34af3fd..b8527c6b7646 100644
 --- a/Documentation/x86/zero-page.txt
 +++ b/Documentation/x86/zero-page.txt
-@@ -30,6 +30,8 @@ Offset	Proto	Name		Meaning
+@@ -31,6 +31,8 @@ Offset	Proto	Name		Meaning
  1E9/001	ALL	eddbuf_entries	Number of entries in eddbuf (below)
  1EA/001	ALL	edd_mbr_sig_buf_entries	Number of entries in edd_mbr_sig_buffer
  				(below)
@@ -33,10 +34,10 @@ index 82fbdbc1e0b0..a811210ad486 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 3dbb7e7909ca..4da6644b1fd0 100644
+index cc0d73eac047..14db458f4774 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1703,6 +1703,16 @@ config EFI_MIXED
+@@ -1734,6 +1734,16 @@ config EFI_MIXED
  
  	   If unsure, say N.
  
@@ -54,7 +55,7 @@ index 3dbb7e7909ca..4da6644b1fd0 100644
  	def_bool y
  	prompt "Enable seccomp to safely compute untrusted bytecode"
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 2c82bd150d43..1ef8ea7f8ed9 100644
+index ee1b6d346b98..b4de3faa3f29 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -12,6 +12,7 @@
@@ -115,7 +116,7 @@ index 2c82bd150d43..1ef8ea7f8ed9 100644
  
  	setup_efi_pci(boot_params);
 diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
-index ab456dc233b5..74ba4083e7ce 100644
+index 329254373479..b61f8533c0fd 100644
 --- a/arch/x86/include/uapi/asm/bootparam.h
 +++ b/arch/x86/include/uapi/asm/bootparam.h
 @@ -134,7 +134,8 @@ struct boot_params {
@@ -129,10 +130,10 @@ index ab456dc233b5..74ba4083e7ce 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 80f874bf999e..c2e4f52cad30 100644
+index baadbf90a7c5..1ac118146e90 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1160,6 +1160,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
  
  	io_delay_init();
  
@@ -146,10 +147,10 @@ index 80f874bf999e..c2e4f52cad30 100644
  	 * Parse the ACPI tables for possible boot-time SMP configuration.
  	 */
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 57474384b66b..b69d657c3700 100644
+index db386349cd01..4b8df91f03cd 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -189,6 +189,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
+@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
  
  struct notifier_block;
  
@@ -163,10 +164,10 @@ index 57474384b66b..b69d657c3700 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index e9869c497175..87fa14fedc88 100644
+index 7f045246e123..2b403ab0ef29 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4084,6 +4084,13 @@ void module_layout(struct module *mod,
+@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  
@@ -180,3 +181,6 @@ index e9869c497175..87fa14fedc88 100644
  bool secure_modules(void)
  {
  #ifdef CONFIG_MODULE_SIG
+-- 
+2.4.3
+
diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch
index 158e7f1..b6e039f 100644
--- a/Add-secure_modules-call.patch
+++ b/Add-secure_modules-call.patch
@@ -1,6 +1,7 @@
+From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
-Subject: [PATCH] Add secure_modules() call
+Subject: [PATCH 01/20] Add secure_modules() call
 
 Provide a single call to allow kernel code to determine whether the system
 has been configured to either disable module loading entirely or to load
@@ -16,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  2 files changed, 16 insertions(+)
 
 diff --git a/include/linux/module.h b/include/linux/module.h
-index d67b1932cc59..57474384b66b 100644
+index 3a19c79918e0..db386349cd01 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
+@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
  	return module && module->async_probe_requested;
  }
  
@@ -28,7 +29,7 @@ index d67b1932cc59..57474384b66b 100644
  #else /* !CONFIG_MODULES... */
  
  /* Given an address, look for it in the exception tables. */
-@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
+@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
  	return false;
  }
  
@@ -40,10 +41,10 @@ index d67b1932cc59..57474384b66b 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 4d2b82e610e2..e9869c497175 100644
+index b86b7bf1be38..7f045246e123 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
+@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
@@ -57,3 +58,6 @@ index 4d2b82e610e2..e9869c497175 100644
 +#endif
 +}
 +EXPORT_SYMBOL(secure_modules);
+-- 
+2.4.3
+
diff --git a/Add-sysrq-option-to-disable-secure-boot-mode.patch b/Add-sysrq-option-to-disable-secure-boot-mode.patch
index ffc4608..4600848 100644
--- a/Add-sysrq-option-to-disable-secure-boot-mode.patch
+++ b/Add-sysrq-option-to-disable-secure-boot-mode.patch
@@ -1,6 +1,7 @@
+From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
 From: Kyle McMartin <kyle@redhat.com>
 Date: Fri, 30 Aug 2013 09:28:51 -0400
-Subject: [PATCH] Add sysrq option to disable secure boot mode
+Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
 
 Bugzilla: N/A
 Upstream-status: Fedora mustard
@@ -15,7 +16,7 @@ Upstream-status: Fedora mustard
  7 files changed, 64 insertions(+), 9 deletions(-)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 5def6b4143fa..1eac9d22cb0b 100644
+index f93826b8522c..41679b1aca83 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
 @@ -70,6 +70,11 @@
@@ -30,7 +31,7 @@ index 5def6b4143fa..1eac9d22cb0b 100644
  #include <video/edid.h>
  
  #include <asm/mtrr.h>
-@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
+@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
  
  #endif /* CONFIG_X86_32 */
  
@@ -69,10 +70,10 @@ index 5def6b4143fa..1eac9d22cb0b 100644
  	.notifier_call = dump_kernel_offset
  };
 diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
-index 421e29e4cd81..61c1eb97806c 100644
+index 345df9b03aed..dea6a6c4a39b 100644
 --- a/drivers/input/misc/uinput.c
 +++ b/drivers/input/misc/uinput.c
-@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
+@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
  	if (!udev->dev)
  		return -ENOMEM;
  
@@ -81,10 +82,10 @@ index 421e29e4cd81..61c1eb97806c 100644
  	input_set_drvdata(udev->dev, udev);
  
 diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index b5b427888b24..289c7898a3b0 100644
+index 95b330a9ea98..dfa3e154a719 100644
 --- a/drivers/tty/sysrq.c
 +++ b/drivers/tty/sysrq.c
-@@ -465,6 +465,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
+@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
  	/* x: May be registered on mips for TLB dump */
  	/* x: May be registered on ppc/powerpc for xmon */
  	/* x: May be registered on sparc64 for global PMU dump */
@@ -92,7 +93,7 @@ index b5b427888b24..289c7898a3b0 100644
  	NULL,				/* x */
  	/* y: May be registered on sparc64 for global register dump */
  	NULL,				/* y */
-@@ -508,7 +509,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
+@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
                  sysrq_key_table[i] = op_p;
  }
  
@@ -101,7 +102,7 @@ index b5b427888b24..289c7898a3b0 100644
  {
  	struct sysrq_key_op *op_p;
  	int orig_log_level;
-@@ -528,11 +529,15 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
  
          op_p = __sysrq_get_key_op(key);
          if (op_p) {
@@ -118,7 +119,7 @@ index b5b427888b24..289c7898a3b0 100644
  			pr_cont("%s\n", op_p->action_msg);
  			console_loglevel = orig_log_level;
  			op_p->handler(key);
-@@ -564,7 +569,7 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
  void handle_sysrq(int key)
  {
  	if (sysrq_on())
@@ -127,7 +128,7 @@ index b5b427888b24..289c7898a3b0 100644
  }
  EXPORT_SYMBOL(handle_sysrq);
  
-@@ -645,7 +650,7 @@ static void sysrq_do_reset(unsigned long _state)
+@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
  static void sysrq_handle_reset_request(struct sysrq_state *state)
  {
  	if (state->reset_requested)
@@ -136,7 +137,7 @@ index b5b427888b24..289c7898a3b0 100644
  
  	if (sysrq_reset_downtime_ms)
  		mod_timer(&state->keyreset_timer,
-@@ -796,8 +801,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
+@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
  
  	default:
  		if (sysrq->active && value && value != 2) {
@@ -148,7 +149,7 @@ index b5b427888b24..289c7898a3b0 100644
  		}
  		break;
  	}
-@@ -1077,7 +1084,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
+@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
  
  		if (get_user(c, buf))
  			return -EFAULT;
@@ -228,7 +229,7 @@ index 4121345498e0..0ff3cef5df96 100644
  
  	return 0;
 diff --git a/kernel/module.c b/kernel/module.c
-index 87fa14fedc88..61385e686d49 100644
+index 2b403ab0ef29..7818c110e95c 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
@@ -240,3 +241,6 @@ index 87fa14fedc88..61385e686d49 100644
  #ifndef CONFIG_MODULE_SIG_FORCE
  module_param(sig_enforce, bool_enable_only, 0644);
  #endif /* !CONFIG_MODULE_SIG_FORCE */
+-- 
+2.4.3
+
diff --git a/HID-hid-input-Fix-accessing-freed-memory-during-devi.patch b/HID-hid-input-Fix-accessing-freed-memory-during-devi.patch
new file mode 100644
index 0000000..6a64910
--- /dev/null
+++ b/HID-hid-input-Fix-accessing-freed-memory-during-devi.patch
@@ -0,0 +1,53 @@
+From 0621809e37936e7c2b3eac9165cf2aad7f9189eb Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <k.kozlowski@samsung.com>
+Date: Mon, 3 Aug 2015 14:57:30 +0900
+Subject: [PATCH] HID: hid-input: Fix accessing freed memory during device
+ disconnect
+
+During unbinding the driver was dereferencing a pointer to memory
+already freed by power_supply_unregister().
+
+Driver was freeing its internal description of battery through pointers
+stored in power_supply structure. However, because the core owns the
+power supply instance, after calling power_supply_unregister() this
+memory is freed and the driver cannot access these members.
+
+Fix this by storing the pointer to internal description of battery in a
+local variable before calling power_supply_unregister(), so the pointer
+remains valid.
+
+Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
+Reported-by: H.J. Lu <hjl.tools@gmail.com>
+Fixes: 297d716f6260 ("power_supply: Change ownership from driver to core")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.com>
+---
+ drivers/hid/hid-input.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
+index 3511bbab..e3c6364 100644
+--- a/drivers/hid/hid-input.c
++++ b/drivers/hid/hid-input.c
+@@ -462,12 +462,15 @@ out:
+ 
+ static void hidinput_cleanup_battery(struct hid_device *dev)
+ {
++	const struct power_supply_desc *psy_desc;
++
+ 	if (!dev->battery)
+ 		return;
+ 
++	psy_desc = dev->battery->desc;
+ 	power_supply_unregister(dev->battery);
+-	kfree(dev->battery->desc->name);
+-	kfree(dev->battery->desc);
++	kfree(psy_desc->name);
++	kfree(psy_desc);
+ 	dev->battery = NULL;
+ }
+ #else  /* !CONFIG_HID_BATTERY_STRENGTH */
+-- 
+2.4.3
+
diff --git a/Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch b/Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch
new file mode 100644
index 0000000..8a53a43
--- /dev/null
+++ b/Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch
@@ -0,0 +1,117 @@
+From b9a532277938798b53178d5a66af6e2915cb27cf Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Wed, 30 Sep 2015 12:48:40 -0400
+Subject: [PATCH] Initialize msg/shm IPC objects before doing ipc_addid()
+
+As reported by Dmitry Vyukov, we really shouldn't do ipc_addid() before
+having initialized the IPC object state.  Yes, we initialize the IPC
+object in a locked state, but with all the lockless RCU lookup work,
+that IPC object lock no longer means that the state cannot be seen.
+
+We already did this for the IPC semaphore code (see commit e8577d1f0329:
+"ipc/sem.c: fully initialize sem_array before making it visible") but we
+clearly forgot about msg and shm.
+
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Cc: Manfred Spraul <manfred@colorfullife.com>
+Cc: Davidlohr Bueso <dbueso@suse.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ ipc/msg.c  | 14 +++++++-------
+ ipc/shm.c  | 13 +++++++------
+ ipc/util.c |  8 ++++----
+ 3 files changed, 18 insertions(+), 17 deletions(-)
+
+diff --git a/ipc/msg.c b/ipc/msg.c
+index 66c4f567eb73..1471db9a7e61 100644
+--- a/ipc/msg.c
++++ b/ipc/msg.c
+@@ -137,13 +137,6 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
+ 		return retval;
+ 	}
+ 
+-	/* ipc_addid() locks msq upon success. */
+-	id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
+-	if (id < 0) {
+-		ipc_rcu_putref(msq, msg_rcu_free);
+-		return id;
+-	}
+-
+ 	msq->q_stime = msq->q_rtime = 0;
+ 	msq->q_ctime = get_seconds();
+ 	msq->q_cbytes = msq->q_qnum = 0;
+@@ -153,6 +146,13 @@ static int newque(struct ipc_namespace *ns, struct ipc_params *params)
+ 	INIT_LIST_HEAD(&msq->q_receivers);
+ 	INIT_LIST_HEAD(&msq->q_senders);
+ 
++	/* ipc_addid() locks msq upon success. */
++	id = ipc_addid(&msg_ids(ns), &msq->q_perm, ns->msg_ctlmni);
++	if (id < 0) {
++		ipc_rcu_putref(msq, msg_rcu_free);
++		return id;
++	}
++
+ 	ipc_unlock_object(&msq->q_perm);
+ 	rcu_read_unlock();
+ 
+diff --git a/ipc/shm.c b/ipc/shm.c
+index 222131e8e38f..41787276e141 100644
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -551,12 +551,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+ 	if (IS_ERR(file))
+ 		goto no_file;
+ 
+-	id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
+-	if (id < 0) {
+-		error = id;
+-		goto no_id;
+-	}
+-
+ 	shp->shm_cprid = task_tgid_vnr(current);
+ 	shp->shm_lprid = 0;
+ 	shp->shm_atim = shp->shm_dtim = 0;
+@@ -565,6 +559,13 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+ 	shp->shm_nattch = 0;
+ 	shp->shm_file = file;
+ 	shp->shm_creator = current;
++
++	id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
++	if (id < 0) {
++		error = id;
++		goto no_id;
++	}
++
+ 	list_add(&shp->shm_clist, &current->sysvshm.shm_clist);
+ 
+ 	/*
+diff --git a/ipc/util.c b/ipc/util.c
+index be4230020a1f..0f401d94b7c6 100644
+--- a/ipc/util.c
++++ b/ipc/util.c
+@@ -237,6 +237,10 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
+ 	rcu_read_lock();
+ 	spin_lock(&new->lock);
+ 
++	current_euid_egid(&euid, &egid);
++	new->cuid = new->uid = euid;
++	new->gid = new->cgid = egid;
++
+ 	id = idr_alloc(&ids->ipcs_idr, new,
+ 		       (next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
+ 		       GFP_NOWAIT);
+@@ -249,10 +253,6 @@ int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
+ 
+ 	ids->in_use++;
+ 
+-	current_euid_egid(&euid, &egid);
+-	new->cuid = new->uid = euid;
+-	new->gid = new->cgid = egid;
+-
+ 	if (next_id < 0) {
+ 		new->seq = ids->seq++;
+ 		if (ids->seq > IPCID_SEQ_MAX)
+-- 
+2.4.3
+
diff --git a/KEYS-Add-a-system-blacklist-keyring.patch b/KEYS-Add-a-system-blacklist-keyring.patch
index fe06d51..be35564 100644
--- a/KEYS-Add-a-system-blacklist-keyring.patch
+++ b/KEYS-Add-a-system-blacklist-keyring.patch
@@ -1,6 +1,7 @@
+From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:36:24 -0400
-Subject: [PATCH] KEYS: Add a system blacklist keyring
+Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
 
 This adds an additional keyring that is used to store certificates that
 are blacklisted.  This keyring is searched first when loading signed modules
@@ -9,72 +10,15 @@ useful in cases where third party certificates are used for module signing.
 
 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
 ---
+ certs/system_keyring.c        | 27 +++++++++++++++++++++++++++
  include/keys/system_keyring.h |  4 ++++
  init/Kconfig                  |  9 +++++++++
- kernel/module_signing.c       | 12 ++++++++++++
- kernel/system_keyring.c       | 17 +++++++++++++++++
- 4 files changed, 42 insertions(+)
+ 3 files changed, 40 insertions(+)
 
-diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
-index 72665eb80692..2c7b80d31366 100644
---- a/include/keys/system_keyring.h
-+++ b/include/keys/system_keyring.h
-@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
- }
- #endif
- 
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+extern struct key *system_blacklist_keyring;
-+#endif
-+
- #endif /* _KEYS_SYSTEM_KEYRING_H */
-diff --git a/init/Kconfig b/init/Kconfig
-index af09b4fb43d2..62f6fd191e4f 100644
---- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -1752,6 +1752,15 @@ config SYSTEM_TRUSTED_KEYRING
- 
- 	  Keys in this keyring are used by module signature checking.
- 
-+config SYSTEM_BLACKLIST_KEYRING
-+	bool "Provide system-wide ring of blacklisted keys"
-+	depends on KEYS
-+	help
-+	  Provide a system keyring to which blacklisted keys can be added.
-+	  Keys in the keyring are considered entirely untrusted.  Keys in this
-+	  keyring are used by the module signature checking to reject loading
-+	  of modules signed with a blacklisted key.
-+
- config PROFILING
- 	bool "Profiling support"
- 	help
-diff --git a/kernel/module_signing.c b/kernel/module_signing.c
-index be5b8fac4bd0..fed815fcdaf2 100644
---- a/kernel/module_signing.c
-+++ b/kernel/module_signing.c
-@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
- 
- 	pr_debug("Look up: \"%s\"\n", id);
- 
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+	key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
-+				   &key_type_asymmetric, id);
-+	if (!IS_ERR(key)) {
-+		/* module is signed with a cert in the blacklist.  reject */
-+		pr_err("Module key '%s' is in blacklist\n", id);
-+		key_ref_put(key);
-+		kfree(id);
-+		return ERR_PTR(-EKEYREJECTED);
-+	}
-+#endif
-+
- 	key = keyring_search(make_key_ref(system_trusted_keyring, 1),
- 			     &key_type_asymmetric, id);
- 	if (IS_ERR(key))
-diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
-index 875f64e8935b..c15e93f5a418 100644
---- a/kernel/system_keyring.c
-+++ b/kernel/system_keyring.c
+diff --git a/certs/system_keyring.c b/certs/system_keyring.c
+index 2570598b784d..53733822993f 100644
+--- a/certs/system_keyring.c
++++ b/certs/system_keyring.c
 @@ -20,6 +20,9 @@
  
  struct key *system_trusted_keyring;
@@ -90,7 +34,7 @@ index 875f64e8935b..c15e93f5a418 100644
  
  	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
 +
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
++	#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
 +	system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
 +				    KUIDT_INIT(0), KGIDT_INIT(0),
 +				    current_cred(),
@@ -106,3 +50,56 @@ index 875f64e8935b..c15e93f5a418 100644
  	return 0;
  }
  
+@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
+ 	if (ret < 0)
+ 		goto error;
+ 
++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
++	ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
++	if (!ret) {
++		/* module is signed with a cert in the blacklist.  reject */
++		pr_err("Module key is in the blacklist\n");
++		ret = -EKEYREJECTED;
++		goto error;
++	}
++#endif
++
+ 	ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
+ 	if (ret < 0)
+ 		goto error;
+diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
+index b20cd885c1fd..51d8ddc60e0f 100644
+--- a/include/keys/system_keyring.h
++++ b/include/keys/system_keyring.h
+@@ -35,4 +35,8 @@ extern int system_verify_data(const void *data, unsigned long len,
+ 			      enum key_being_used_for usage);
+ #endif
+ 
++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
++extern struct key *system_blacklist_keyring;
++#endif
++
+ #endif /* _KEYS_SYSTEM_KEYRING_H */
+diff --git a/init/Kconfig b/init/Kconfig
+index 02da9f1fd9df..782d26f02885 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
+ 	  module verification, kexec image verification and firmware blob
+ 	  verification.
+ 
++config SYSTEM_BLACKLIST_KEYRING
++	bool "Provide system-wide ring of blacklisted keys"
++	depends on KEYS
++	help
++	  Provide a system keyring to which blacklisted keys can be added.
++	  Keys in the keyring are considered entirely untrusted.  Keys in this
++	  keyring are used by the module signature checking to reject loading
++	  of modules signed with a blacklisted key.
++
+ config PROFILING
+ 	bool "Profiling support"
+ 	help
+-- 
+2.4.3
+
diff --git a/KVM-x86-work-around-infinite-loop-in-microcode-when-.patch b/KVM-x86-work-around-infinite-loop-in-microcode-when-.patch
deleted file mode 100644
index 013af11..0000000
--- a/KVM-x86-work-around-infinite-loop-in-microcode-when-.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From adceca1789584fe567828afb7246bd35a8549e94 Mon Sep 17 00:00:00 2001
-From: Eric Northup <digitaleric@google.com>
-Date: Tue, 10 Nov 2015 13:22:52 +0100
-Subject: [PATCH 1/2] KVM: x86: work around infinite loop in microcode when #AC
- is delivered
-
-It was found that a guest can DoS a host by triggering an infinite
-stream of "alignment check" (#AC) exceptions.  This causes the
-microcode to enter an infinite loop where the core never receives
-another interrupt.  The host kernel panics pretty quickly due to the
-effects (CVE-2015-5307).
-
-Signed-off-by: Eric Northup <digitaleric@google.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- arch/x86/include/uapi/asm/svm.h | 1 +
- arch/x86/kvm/svm.c              | 8 ++++++++
- arch/x86/kvm/vmx.c              | 5 ++++-
- 3 files changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
-index b5d7640abc5d..8a4add8e4639 100644
---- a/arch/x86/include/uapi/asm/svm.h
-+++ b/arch/x86/include/uapi/asm/svm.h
-@@ -100,6 +100,7 @@
- 	{ SVM_EXIT_EXCP_BASE + UD_VECTOR,       "UD excp" }, \
- 	{ SVM_EXIT_EXCP_BASE + PF_VECTOR,       "PF excp" }, \
- 	{ SVM_EXIT_EXCP_BASE + NM_VECTOR,       "NM excp" }, \
-+	{ SVM_EXIT_EXCP_BASE + AC_VECTOR,       "AC excp" }, \
- 	{ SVM_EXIT_EXCP_BASE + MC_VECTOR,       "MC excp" }, \
- 	{ SVM_EXIT_INTR,        "interrupt" }, \
- 	{ SVM_EXIT_NMI,         "nmi" }, \
-diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index f2c8e4917688..7203b3cc71b5 100644
---- a/arch/x86/kvm/svm.c
-+++ b/arch/x86/kvm/svm.c
-@@ -1110,6 +1110,7 @@ static void init_vmcb(struct vcpu_svm *svm)
- 	set_exception_intercept(svm, PF_VECTOR);
- 	set_exception_intercept(svm, UD_VECTOR);
- 	set_exception_intercept(svm, MC_VECTOR);
-+	set_exception_intercept(svm, AC_VECTOR);
- 
- 	set_intercept(svm, INTERCEPT_INTR);
- 	set_intercept(svm, INTERCEPT_NMI);
-@@ -1798,6 +1799,12 @@ static int ud_interception(struct vcpu_svm *svm)
- 	return 1;
- }
- 
-+static int ac_interception(struct vcpu_svm *svm)
-+{
-+	kvm_queue_exception_e(&svm->vcpu, AC_VECTOR, 0);
-+	return 1;
-+}
-+
- static void svm_fpu_activate(struct kvm_vcpu *vcpu)
- {
- 	struct vcpu_svm *svm = to_svm(vcpu);
-@@ -3362,6 +3369,7 @@ static int (*const svm_exit_handlers[])(struct vcpu_svm *svm) = {
- 	[SVM_EXIT_EXCP_BASE + PF_VECTOR]	= pf_interception,
- 	[SVM_EXIT_EXCP_BASE + NM_VECTOR]	= nm_interception,
- 	[SVM_EXIT_EXCP_BASE + MC_VECTOR]	= mc_interception,
-+	[SVM_EXIT_EXCP_BASE + AC_VECTOR]	= ac_interception,
- 	[SVM_EXIT_INTR]				= intr_interception,
- 	[SVM_EXIT_NMI]				= nmi_interception,
- 	[SVM_EXIT_SMI]				= nop_on_interception,
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 5eb56ed77c1f..106aa940d3c0 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -1631,7 +1631,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
- 	u32 eb;
- 
- 	eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
--	     (1u << NM_VECTOR) | (1u << DB_VECTOR);
-+	     (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
- 	if ((vcpu->guest_debug &
- 	     (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
- 	    (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
-@@ -5266,6 +5266,9 @@ static int handle_exception(struct kvm_vcpu *vcpu)
- 		return handle_rmode_exception(vcpu, ex_no, error_code);
- 
- 	switch (ex_no) {
-+	case AC_VECTOR:
-+		kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
-+		return 1;
- 	case DB_VECTOR:
- 		dr6 = vmcs_readl(EXIT_QUALIFICATION);
- 		if (!(vcpu->guest_debug &
--- 
-2.4.3
-
diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
index dafc0a6..8a484b6 100644
--- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
+++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
@@ -1,3 +1,4 @@
+From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:42:16 -0400
 Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
@@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  create mode 100644 kernel/modsign_uefi.c
 
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 414c3c3d988d..d920a6be6c8b 100644
+index 85ef051ac6fb..a042b2ece788 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -601,6 +601,12 @@ void efi_native_runtime_setup(void);
- #define EFI_CERT_X509_GUID \
-     EFI_GUID(  0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+@@ -600,6 +600,12 @@ typedef struct {
+ 	u64 table;
+ } efi_config_table_64_t;
  
 +#define EFI_IMAGE_SECURITY_DATABASE_GUID \
 +    EFI_GUID(  0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
@@ -40,12 +41,12 @@ index 414c3c3d988d..d920a6be6c8b 100644
 +
  typedef struct {
  	efi_guid_t guid;
- 	u64 table;
+ 	u32 table;
 diff --git a/init/Kconfig b/init/Kconfig
-index 62f6fd191e4f..648bb79d6b73 100644
+index 02da9f1fd9df..90c73a0564b1 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1906,6 +1906,15 @@ config MODULE_SIG_ALL
+@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
  comment "Do not forget to sign required modules with scripts/sign-file"
  	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
  
@@ -62,26 +63,26 @@ index 62f6fd191e4f..648bb79d6b73 100644
  	prompt "Which hash algorithm should modules be signed with?"
  	depends on MODULE_SIG
 diff --git a/kernel/Makefile b/kernel/Makefile
-index 43c4c920f30a..3193574387ac 100644
+index d4988410b410..55e886239e7e 100644
 --- a/kernel/Makefile
 +++ b/kernel/Makefile
-@@ -48,6 +48,7 @@ obj-$(CONFIG_UID16) += uid16.o
- obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
+@@ -47,6 +47,7 @@ endif
+ obj-$(CONFIG_UID16) += uid16.o
  obj-$(CONFIG_MODULES) += module.o
  obj-$(CONFIG_MODULE_SIG) += module_signing.o
 +obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
  obj-$(CONFIG_KALLSYMS) += kallsyms.o
  obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
- obj-$(CONFIG_KEXEC) += kexec.o
-@@ -101,6 +102,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
+ obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
+@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
  
- $(obj)/configs.o: $(obj)/config_data.h
+ obj-$(CONFIG_HAS_IOMEM) += memremap.o
  
 +$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
 +
+ $(obj)/configs.o: $(obj)/config_data.h
+ 
  # config_data.h contains the same information as ikconfig.h but gzipped.
- # Info from config_data can be extracted from /proc/config*
- targets += config_data.gz
 diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
 new file mode 100644
 index 000000000000..94b0eb38a284
@@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284
 +	return rc;
 +}
 +late_initcall(load_uefi_certs);
+-- 
+2.4.3
+
diff --git a/MODSIGN-Support-not-importing-certs-from-db.patch b/MODSIGN-Support-not-importing-certs-from-db.patch
index 4782e73..bb5ae2a 100644
--- a/MODSIGN-Support-not-importing-certs-from-db.patch
+++ b/MODSIGN-Support-not-importing-certs-from-db.patch
@@ -1,6 +1,7 @@
+From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Thu, 3 Oct 2013 10:14:23 -0400
-Subject: [PATCH] MODSIGN: Support not importing certs from db
+Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
 
 If a user tells shim to not use the certs/hashes in the UEFI db variable
 for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
@@ -78,3 +79,6 @@ index 94b0eb38a284..ae28b974d49a 100644
  	}
  
  	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+-- 
+2.4.3
+
diff --git a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
index 92e028d..23a514f 100644
--- a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
+++ b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
@@ -1,6 +1,8 @@
+From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
-Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
+Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
+ enabled
 
 Any hardware that can potentially generate DMA has to be locked down from
 userspace in order to avoid it being possible for an attacker to modify
@@ -111,3 +113,6 @@ index b91c4da68365..98f5637304d1 100644
  		return -EPERM;
  
  	dev = pci_get_bus_and_slot(bus, dfn);
+-- 
+2.4.3
+
diff --git a/RDS-verify-the-underlying-transport-exists-before-cr.patch b/RDS-verify-the-underlying-transport-exists-before-cr.patch
new file mode 100644
index 0000000..eb39c1f
--- /dev/null
+++ b/RDS-verify-the-underlying-transport-exists-before-cr.patch
@@ -0,0 +1,79 @@
+From 74e98eb085889b0d2d4908f59f6e00026063014f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Tue, 8 Sep 2015 10:53:40 -0400
+Subject: [PATCH] RDS: verify the underlying transport exists before creating a
+ connection
+
+There was no verification that an underlying transport exists when creating
+a connection, this would cause dereferencing a NULL ptr.
+
+It might happen on sockets that weren't properly bound before attempting to
+send a message, which will cause a NULL ptr deref:
+
+[135546.047719] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
+[135546.051270] Modules linked in:
+[135546.051781] CPU: 4 PID: 15650 Comm: trinity-c4 Not tainted 4.2.0-next-20150902-sasha-00041-gbaa1222-dirty #2527
+[135546.053217] task: ffff8800835bc000 ti: ffff8800bc708000 task.ti: ffff8800bc708000
+[135546.054291] RIP: __rds_conn_create (net/rds/connection.c:194)
+[135546.055666] RSP: 0018:ffff8800bc70fab0  EFLAGS: 00010202
+[135546.056457] RAX: dffffc0000000000 RBX: 0000000000000f2c RCX: ffff8800835bc000
+[135546.057494] RDX: 0000000000000007 RSI: ffff8800835bccd8 RDI: 0000000000000038
+[135546.058530] RBP: ffff8800bc70fb18 R08: 0000000000000001 R09: 0000000000000000
+[135546.059556] R10: ffffed014d7a3a23 R11: ffffed014d7a3a21 R12: 0000000000000000
+[135546.060614] R13: 0000000000000001 R14: ffff8801ec3d0000 R15: 0000000000000000
+[135546.061668] FS:  00007faad4ffb700(0000) GS:ffff880252000000(0000) knlGS:0000000000000000
+[135546.062836] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+[135546.063682] CR2: 000000000000846a CR3: 000000009d137000 CR4: 00000000000006a0
+[135546.064723] Stack:
+[135546.065048]  ffffffffafe2055c ffffffffafe23fc1 ffffed00493097bf ffff8801ec3d0008
+[135546.066247]  0000000000000000 00000000000000d0 0000000000000000 ac194a24c0586342
+[135546.067438]  1ffff100178e1f78 ffff880320581b00 ffff8800bc70fdd0 ffff880320581b00
+[135546.068629] Call Trace:
+[135546.069028] ? __rds_conn_create (include/linux/rcupdate.h:856 net/rds/connection.c:134)
+[135546.069989] ? rds_message_copy_from_user (net/rds/message.c:298)
+[135546.071021] rds_conn_create_outgoing (net/rds/connection.c:278)
+[135546.071981] rds_sendmsg (net/rds/send.c:1058)
+[135546.072858] ? perf_trace_lock (include/trace/events/lock.h:38)
+[135546.073744] ? lockdep_init (kernel/locking/lockdep.c:3298)
+[135546.074577] ? rds_send_drop_to (net/rds/send.c:976)
+[135546.075508] ? __might_fault (./arch/x86/include/asm/current.h:14 mm/memory.c:3795)
+[135546.076349] ? __might_fault (mm/memory.c:3795)
+[135546.077179] ? rds_send_drop_to (net/rds/send.c:976)
+[135546.078114] sock_sendmsg (net/socket.c:611 net/socket.c:620)
+[135546.078856] SYSC_sendto (net/socket.c:1657)
+[135546.079596] ? SYSC_connect (net/socket.c:1628)
+[135546.080510] ? trace_dump_stack (kernel/trace/trace.c:1926)
+[135546.081397] ? ring_buffer_unlock_commit (kernel/trace/ring_buffer.c:2479 kernel/trace/ring_buffer.c:2558 kernel/trace/ring_buffer.c:2674)
+[135546.082390] ? trace_buffer_unlock_commit (kernel/trace/trace.c:1749)
+[135546.083410] ? trace_event_raw_event_sys_enter (include/trace/events/syscalls.h:16)
+[135546.084481] ? do_audit_syscall_entry (include/trace/events/syscalls.h:16)
+[135546.085438] ? trace_buffer_unlock_commit (kernel/trace/trace.c:1749)
+[135546.085515] rds_ib_laddr_check(): addr 36.74.25.172 ret -99 node type -1
+
+Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/rds/connection.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/net/rds/connection.c b/net/rds/connection.c
+index 9b2de5e67d79..49adeef8090c 100644
+--- a/net/rds/connection.c
++++ b/net/rds/connection.c
+@@ -190,6 +190,12 @@ new_conn:
+ 		}
+ 	}
+ 
++	if (trans == NULL) {
++		kmem_cache_free(rds_conn_slab, conn);
++		conn = ERR_PTR(-ENODEV);
++		goto out;
++	}
++
+ 	conn->c_trans = trans;
+ 
+ 	ret = trans->conn_alloc(conn, gfp);
+-- 
+2.4.3
+
diff --git a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
index 27e4b23..acf28cf 100644
--- a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
+++ b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
@@ -1,6 +1,7 @@
+From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
-Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
+Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
  restricted
 
 Allowing users to write to address space makes it possible for the kernel
@@ -36,3 +37,6 @@ index 53fe675f9bd7..b52c88860532 100644
  	if (p < (unsigned long) high_memory) {
  		unsigned long to_write = min_t(unsigned long, count,
  					       (unsigned long)high_memory - p);
+-- 
+2.4.3
+
diff --git a/USB-whiteheat-fix-potential-null-deref-at-probe.patch b/USB-whiteheat-fix-potential-null-deref-at-probe.patch
new file mode 100644
index 0000000..00fd557
--- /dev/null
+++ b/USB-whiteheat-fix-potential-null-deref-at-probe.patch
@@ -0,0 +1,81 @@
+From 10d98bced414c6fc1d09db123e7f762d91b5ebea Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Wed, 23 Sep 2015 11:41:42 -0700
+Subject: [PATCH] USB: whiteheat: fix potential null-deref at probe
+
+Fix potential null-pointer dereference at probe by making sure that the
+required endpoints are present.
+
+The whiteheat driver assumes there are at least five pairs of bulk
+endpoints, of which the final pair is used for the "command port". An
+attempt to bind to an interface with fewer bulk endpoints would
+currently lead to an oops.
+
+Fixes CVE-2015-5257.
+
+Reported-by: Moein Ghasemzadeh <moein@istuary.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+---
+ drivers/usb/serial/whiteheat.c | 31 +++++++++++++++++++++++++++++++
+ 1 file changed, 31 insertions(+)
+
+diff --git a/drivers/usb/serial/whiteheat.c b/drivers/usb/serial/whiteheat.c
+index 6c3734d2b45a..d3ea90bef84d 100644
+--- a/drivers/usb/serial/whiteheat.c
++++ b/drivers/usb/serial/whiteheat.c
+@@ -80,6 +80,8 @@ static int  whiteheat_firmware_download(struct usb_serial *serial,
+ static int  whiteheat_firmware_attach(struct usb_serial *serial);
+ 
+ /* function prototypes for the Connect Tech WhiteHEAT serial converter */
++static int whiteheat_probe(struct usb_serial *serial,
++				const struct usb_device_id *id);
+ static int  whiteheat_attach(struct usb_serial *serial);
+ static void whiteheat_release(struct usb_serial *serial);
+ static int  whiteheat_port_probe(struct usb_serial_port *port);
+@@ -116,6 +118,7 @@ static struct usb_serial_driver whiteheat_device = {
+ 	.description =		"Connect Tech - WhiteHEAT",
+ 	.id_table =		id_table_std,
+ 	.num_ports =		4,
++	.probe =		whiteheat_probe,
+ 	.attach =		whiteheat_attach,
+ 	.release =		whiteheat_release,
+ 	.port_probe =		whiteheat_port_probe,
+@@ -217,6 +220,34 @@ static int whiteheat_firmware_attach(struct usb_serial *serial)
+ /*****************************************************************************
+  * Connect Tech's White Heat serial driver functions
+  *****************************************************************************/
++
++static int whiteheat_probe(struct usb_serial *serial,
++				const struct usb_device_id *id)
++{
++	struct usb_host_interface *iface_desc;
++	struct usb_endpoint_descriptor *endpoint;
++	size_t num_bulk_in = 0;
++	size_t num_bulk_out = 0;
++	size_t min_num_bulk;
++	unsigned int i;
++
++	iface_desc = serial->interface->cur_altsetting;
++
++	for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
++		endpoint = &iface_desc->endpoint[i].desc;
++		if (usb_endpoint_is_bulk_in(endpoint))
++			++num_bulk_in;
++		if (usb_endpoint_is_bulk_out(endpoint))
++			++num_bulk_out;
++	}
++
++	min_num_bulk = COMMAND_PORT + 1;
++	if (num_bulk_in < min_num_bulk || num_bulk_out < min_num_bulk)
++		return -ENODEV;
++
++	return 0;
++}
++
+ static int whiteheat_attach(struct usb_serial *serial)
+ {
+ 	struct usb_serial_port *command_port;
+-- 
+2.4.3
+
diff --git a/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
index 807b598..2794b15 100644
--- a/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
+++ b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
@@ -1,7 +1,8 @@
+From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
-Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
- is restricted
+Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
+ loading is restricted
 
 This option allows userspace to pass the RSDP address to the kernel, which
 makes it possible for a user to circumvent any restrictions imposed on
@@ -13,10 +14,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 3b8963f21b36..a5ae6a7fef5e 100644
+index 739a4a6b3b9b..9ef2a020a7a9 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
-@@ -44,6 +44,7 @@
+@@ -40,6 +40,7 @@
  #include <linux/list.h>
  #include <linux/jiffies.h>
  #include <linux/semaphore.h>
@@ -24,7 +25,7 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
  
  #include <asm/io.h>
  #include <asm/uaccess.h>
-@@ -255,7 +256,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
+@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
  acpi_physical_address __init acpi_os_get_root_pointer(void)
  {
  #ifdef CONFIG_KEXEC
@@ -33,3 +34,6 @@ index 3b8963f21b36..a5ae6a7fef5e 100644
  		return acpi_rsdp;
  #endif
  
+-- 
+2.4.3
+
diff --git a/acpi-video-Add-force-native-backlight-quirk-for-Leno.patch b/acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
new file mode 100644
index 0000000..706fc54
--- /dev/null
+++ b/acpi-video-Add-force-native-backlight-quirk-for-Leno.patch
@@ -0,0 +1,81 @@
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Tue, 3 Mar 2015 08:31:24 +0100
+Subject: [PATCH] acpi: video: Add force native backlight quirk for Lenovo
+ Ideapad Z570
+
+The Lenovo Ideapad Z570 (which is an Acer in disguise like some other Ideapads)
+has a broken acpi_video interface, this was fixed in commmit a11d342fb8
+("ACPI / video: force vendor backlight on Lenovo Ideapad Z570").
+
+Which stops acpi_video from registering a backlight interface, but this is
+only a partial fix, because for people who have the ideapad-laptop module
+installed that module will now register a backlight interface, which also
+does not work, so we need to use the native intel_backlight interface.
+
+The Lenovo Ideapad 570 is a pre-win8 laptop / too old for the acpi-video code
+to automatically prefer the native backlight interface, so add a quirk for it.
+
+This commit also removes the previous incomplete fix.
+
+BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1187004
+Cc: Stepan Bujnak <stepanbujnak@fastmail.fm>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/acpi/video.c        | 17 +++++++++++++++++
+ drivers/acpi/video_detect.c |  8 --------
+ 2 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
+index 70ea37bea84f..d9bf8ba7d848 100644
+--- a/drivers/acpi/video.c
++++ b/drivers/acpi/video.c
+@@ -425,6 +425,12 @@ static int __init video_disable_native_backlight(const struct dmi_system_id *d)
+ 	return 0;
+ }
+ 
++static int __init video_enable_native_backlight(const struct dmi_system_id *d)
++{
++	use_native_backlight_dmi = NATIVE_BACKLIGHT_ON;
++	return 0;
++}
++
+ static struct dmi_system_id video_dmi_table[] __initdata = {
+ 	/*
+ 	 * Broken _BQC workaround http://bugzilla.kernel.org/show_bug.cgi?id=13121
+@@ -566,6 +572,17 @@ static struct dmi_system_id video_dmi_table[] __initdata = {
+ 		DMI_MATCH(DMI_PRODUCT_NAME, "XPS L521X"),
+ 		},
+ 	},
++
++	/* Non win8 machines which need native backlight nevertheless */
++	{
++	 /* https://bugzilla.redhat.com/show_bug.cgi?id=1187004 */
++	 .callback = video_enable_native_backlight,
++	 .ident = "Lenovo Ideapad Z570",
++	 .matches = {
++		DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
++		DMI_MATCH(DMI_PRODUCT_NAME, "102434U"),
++		},
++	},
+ 	{}
+ };
+ 
+diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
+index 27c43499977a..c42feb2bacd0 100644
+--- a/drivers/acpi/video_detect.c
++++ b/drivers/acpi/video_detect.c
+@@ -174,14 +174,6 @@ static struct dmi_system_id video_detect_dmi_table[] = {
+ 		DMI_MATCH(DMI_PRODUCT_NAME, "Inspiron 5737"),
+ 		},
+ 	},
+-	{
+-	.callback = video_detect_force_vendor,
+-	.ident = "Lenovo IdeaPad Z570",
+-	.matches = {
+-		DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+-		DMI_MATCH(DMI_PRODUCT_VERSION, "Ideapad Z570"),
+-		},
+-	},
+ 	{ },
+ };
+ 
diff --git a/acpi-video-Allow-forcing-native-backlight-on-non-win.patch b/acpi-video-Allow-forcing-native-backlight-on-non-win.patch
new file mode 100644
index 0000000..2e6627b
--- /dev/null
+++ b/acpi-video-Allow-forcing-native-backlight-on-non-win.patch
@@ -0,0 +1,73 @@
+From: Aaron Lu <aaron.lu@intel.com>
+Date: Wed, 11 Mar 2015 14:14:56 +0800
+Subject: [PATCH] acpi: video: Allow forcing native backlight on non win8
+ machines
+
+The native backlight behavior (so not registering both the acpi-video
+and the vendor backlight driver) can be useful on some non win8 machines
+too, so change the behavior of the video.use_native_backlight=1 or 0
+kernel cmdline option to be: if user has set video.use_native_backlight=1
+or 0, use that no matter if it is a win8 system or not. Also, we will
+put some known systems into the DMI table to make them either use native
+backlight interface or not, and the use_native_backlight_dmi is used to
+reflect that.
+
+Original-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Aaron Lu <aaron.lu@intel.com>
+Acked-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/acpi/video.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c
+index db70d550f526..70ea37bea84f 100644
+--- a/drivers/acpi/video.c
++++ b/drivers/acpi/video.c
+@@ -82,9 +82,15 @@ module_param(allow_duplicates, bool, 0644);
+  * For Windows 8 systems: used to decide if video module
+  * should skip registering backlight interface of its own.
+  */
+-static int use_native_backlight_param = -1;
++enum {
++	NATIVE_BACKLIGHT_NOT_SET = -1,
++	NATIVE_BACKLIGHT_OFF,
++	NATIVE_BACKLIGHT_ON,
++};
++
++static int use_native_backlight_param = NATIVE_BACKLIGHT_NOT_SET;
+ module_param_named(use_native_backlight, use_native_backlight_param, int, 0444);
+-static bool use_native_backlight_dmi = true;
++static int use_native_backlight_dmi = NATIVE_BACKLIGHT_NOT_SET;
+ 
+ static int register_count;
+ static struct mutex video_list_lock;
+@@ -237,15 +243,16 @@ static void acpi_video_switch_brightness(struct work_struct *work);
+ 
+ static bool acpi_video_use_native_backlight(void)
+ {
+-	if (use_native_backlight_param != -1)
++	if (use_native_backlight_param != NATIVE_BACKLIGHT_NOT_SET)
+ 		return use_native_backlight_param;
+-	else
++	else if (use_native_backlight_dmi != NATIVE_BACKLIGHT_NOT_SET)
+ 		return use_native_backlight_dmi;
++	return acpi_osi_is_win8();
+ }
+ 
+ bool acpi_video_verify_backlight_support(void)
+ {
+-	if (acpi_osi_is_win8() && acpi_video_use_native_backlight() &&
++	if (acpi_video_use_native_backlight() &&
+ 	    backlight_device_registered(BACKLIGHT_RAW))
+ 		return false;
+ 	return acpi_video_backlight_support();
+@@ -414,7 +421,7 @@ static int __init video_set_bqc_offset(const struct dmi_system_id *d)
+ 
+ static int __init video_disable_native_backlight(const struct dmi_system_id *d)
+ {
+-	use_native_backlight_dmi = false;
++	use_native_backlight_dmi = NATIVE_BACKLIGHT_OFF;
+ 	return 0;
+ }
+ 
diff --git a/alua_fix.patch b/alua_fix.patch
new file mode 100644
index 0000000..eb278fa
--- /dev/null
+++ b/alua_fix.patch
@@ -0,0 +1,41 @@
+From 221255aee67ec1c752001080aafec0c4e9390d95 Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@suse.de>
+Date: Tue, 1 Dec 2015 10:16:42 +0100
+Subject: scsi: ignore errors from scsi_dh_add_device()
+
+device handler initialisation might fail due to a number of
+reasons. But as device_handlers are optional this shouldn't
+cause us to disable the device entirely.
+So just ignore errors from scsi_dh_add_device().
+
+Reviewed-by: Johannes Thumshirn <jthumshirn@suse.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+---
+ drivers/scsi/scsi_sysfs.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
+index fc3cd26..d015374 100644
+--- a/drivers/scsi/scsi_sysfs.c
++++ b/drivers/scsi/scsi_sysfs.c
+@@ -1120,11 +1120,12 @@ int scsi_sysfs_add_sdev(struct scsi_device *sdev)
+ 	}
+ 
+ 	error = scsi_dh_add_device(sdev);
+-	if (error) {
++	if (error)
++		/*
++		 * device_handler is optional, so any error can be ignored
++		 */
+ 		sdev_printk(KERN_INFO, sdev,
+ 				"failed to add device handler: %d\n", error);
+-		return error;
+-	}
+ 
+ 	device_enable_async_suspend(&sdev->sdev_dev);
+ 	error = device_add(&sdev->sdev_dev);
+-- 
+cgit v0.11.2
+
diff --git a/asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/asus-wmi-Restrict-debugfs-interface-when-module-load.patch
index 12a657c..3ab7b85 100644
--- a/asus-wmi-Restrict-debugfs-interface-when-module-load.patch
+++ b/asus-wmi-Restrict-debugfs-interface-when-module-load.patch
@@ -1,7 +1,8 @@
+From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
-Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
- restricted
+Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
+ loading is restricted
 
 We have no way of validating what all of the Asus WMI methods do on a
 given machine, and there's a risk that some will allow hardware state to
@@ -48,3 +49,6 @@ index efbc3f0c592b..071171be4b7f 100644
  	status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
  				     1, asus->debug.method_id,
  				     &input, &output);
+-- 
+2.4.3
+
diff --git a/block-blkg_destroy_all-should-clear-q-root_blkg-and-.patch b/block-blkg_destroy_all-should-clear-q-root_blkg-and-.patch
new file mode 100644
index 0000000..be5edde
--- /dev/null
+++ b/block-blkg_destroy_all-should-clear-q-root_blkg-and-.patch
@@ -0,0 +1,64 @@
+From a08748fb2221ef03d54071e5ddfcc1b0cee6961c Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Sat, 5 Sep 2015 15:47:36 -0400
+Subject: [PATCH] block: blkg_destroy_all() should clear q->root_blkg and
+ ->root_rl.blkg
+
+While making the root blkg unconditional, ec13b1d6f0a0 ("blkcg: always
+create the blkcg_gq for the root blkcg") removed the part which clears
+q->root_blkg and ->root_rl.blkg during q exit.  This leaves the two
+pointers dangling after blkg_destroy_all().  blk-throttle exit path
+performs blkg traversals and dereferences ->root_blkg and can lead to
+the following oops.
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000558
+ IP: [<ffffffff81389746>] __blkg_lookup+0x26/0x70
+ ...
+ task: ffff88001b4e2580 ti: ffff88001ac0c000 task.ti: ffff88001ac0c000
+ RIP: 0010:[<ffffffff81389746>]  [<ffffffff81389746>] __blkg_lookup+0x26/0x70
+ ...
+ Call Trace:
+  [<ffffffff8138d14a>] blk_throtl_drain+0x5a/0x110
+  [<ffffffff8138a108>] blkcg_drain_queue+0x18/0x20
+  [<ffffffff81369a70>] __blk_drain_queue+0xc0/0x170
+  [<ffffffff8136a101>] blk_queue_bypass_start+0x61/0x80
+  [<ffffffff81388c59>] blkcg_deactivate_policy+0x39/0x100
+  [<ffffffff8138d328>] blk_throtl_exit+0x38/0x50
+  [<ffffffff8138a14e>] blkcg_exit_queue+0x3e/0x50
+  [<ffffffff8137016e>] blk_release_queue+0x1e/0xc0
+ ...
+
+While the bug is a straigh-forward use-after-free bug, it is tricky to
+reproduce because blkg release is RCU protected and the rest of exit
+path usually finishes before RCU grace period.
+
+This patch fixes the bug by updating blkg_destro_all() to clear
+q->root_blkg and ->root_rl.blkg.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Reported-by: "Richard W.M. Jones" <rjones@redhat.com>
+Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
+Link: http://lkml.kernel.org/g/CA+5PVA5rzQ0s4723n5rHBcxQa9t0cW8BPPBekr_9aMRoWt2aYg@mail.gmail.com
+Fixes: ec13b1d6f0a0 ("blkcg: always create the blkcg_gq for the root blkcg")
+Cc: stable@vger.kernel.org # v4.2+
+---
+ block/blk-cgroup.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
+index d6283b3f5db5..9cc48d1d7abb 100644
+--- a/block/blk-cgroup.c
++++ b/block/blk-cgroup.c
+@@ -387,6 +387,9 @@ static void blkg_destroy_all(struct request_queue *q)
+ 		blkg_destroy(blkg);
+ 		spin_unlock(&blkcg->lock);
+ 	}
++
++	q->root_blkg = NULL;
++	q->root_rl.blkg = NULL;
+ }
+ 
+ /*
+-- 
+2.4.3
+
diff --git a/config-arm-generic b/config-arm-generic
index 12c9168..c898459 100644
--- a/config-arm-generic
+++ b/config-arm-generic
@@ -40,6 +40,8 @@ CONFIG_FB_SIMPLE=y
 CONFIG_HAVE_PERF_REGS=y
 CONFIG_HAVE_PERF_USER_STACK_DUMP=y
 
+CONFIG_ARM_PMU=y
+
 # ARM AMBA generic HW
 CONFIG_ARM_AMBA=y
 CONFIG_KERNEL_MODE_NEON=y
@@ -64,6 +66,17 @@ CONFIG_RTC_DRV_PL031=y
 CONFIG_PL330_DMA=m
 CONFIG_GPIO_PL061=y
 CONFIG_USB_ISP1760=m
+CONFIG_ARM_PL172_MPMC=m
+
+# HW crypto and rng
+CONFIG_ARM_CRYPTO=y
+CONFIG_CRYPTO_AES_ARM=y
+CONFIG_CRYPTO_AES_ARM_BS=y
+CONFIG_CRYPTO_SHA1_ARM=y
+CONFIG_CRYPTO_SHA256_ARM=y
+CONFIG_CRYPTO_SHA1_ARM_NEON=y
+CONFIG_CRYPTO_SHA512_ARM_NEON=y
+CONFIG_CRYPTO_SHA512_ARM=y
 
 # ARM VExpress
 CONFIG_ARCH_VEXPRESS=y
@@ -106,6 +119,8 @@ CONFIG_OF_NET=y
 CONFIG_OF_OVERLAY=y
 CONFIG_OF_PCI_IRQ=m
 CONFIG_OF_PCI=m
+# CONFIG_PCI_HOST_GENERIC is not set
+# CONFIG_PCIE_IPROC is not set
 CONFIG_OF_RESERVED_MEM=y
 CONFIG_OF_RESOLVE=y
 CONFIG_PM_GENERIC_DOMAINS_OF=y
@@ -122,15 +137,6 @@ CONFIG_MAILBOX=y
 CONFIG_ARM_MHU=m
 # CONFIG_PL320_MBOX is not set
 
-# HW crypto and rng
-CONFIG_ARM_CRYPTO=y
-CONFIG_CRYPTO_AES_ARM=m
-# CONFIG_CRYPTO_AES_ARM_BS is not set
-CONFIG_CRYPTO_SHA1_ARM=m
-CONFIG_CRYPTO_SHA256_ARM=m
-CONFIG_CRYPTO_SHA1_ARM_NEON=m
-CONFIG_CRYPTO_SHA512_ARM_NEON=m
-CONFIG_CRYPTO_SHA512_ARM=m
 # USB
 CONFIG_USB_OHCI_HCD_PLATFORM=m
 CONFIG_USB_EHCI_HCD_PLATFORM=m
@@ -213,6 +219,7 @@ CONFIG_I2C_MUX_GPIO=m
 CONFIG_I2C_MUX_PINCTRL=m
 CONFIG_I2C_MUX_PCA9541=m
 CONFIG_I2C_MUX_PCA954x=m
+CONFIG_I2C_MUX_REG=m
 
 # spi
 CONFIG_SPI_PL022=m
@@ -280,6 +287,7 @@ CONFIG_VFIO_AMBA=m
 # CONFIG_KEYBOARD_OMAP4 is not set
 # CONFIG_KEYBOARD_BCM is not set
 # CONFIG_PHY_SAMSUNG_USB2 is not set
+# CONFIG_OMAP_GPMC_DEBUG is not set
 
 ### turn off things which make no sense on embedded SoC
 
@@ -349,3 +357,6 @@ CONFIG_VFIO_AMBA=m
 # CONFIG_BMP085_SPI is not set
 # CONFIG_TI_DAC7512 is not set
 # CONFIG_SPI_ROCKCHIP is not set
+
+# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
+CONFIG_CHECKPOINT_RESTORE=y
diff --git a/config-arm64 b/config-arm64
index 60d432f..2c2139b 100644
--- a/config-arm64
+++ b/config-arm64
@@ -18,6 +18,10 @@ CONFIG_ARCH_XGENE=y
 # CONFIG_ARCH_QCOM is not set
 # CONFIG_ARCH_SPRD is not set
 # CONFIG_ARCH_ZYNQMP is not set
+# CONFIG_ARCH_BCM_IPROC is not set
+# CONFIG_ARCH_BERLIN is not set
+# CONFIG_ARCH_ROCKCHIP is not set
+
 
 # Erratum
 CONFIG_ARM64_ERRATUM_826319=y
@@ -36,7 +40,10 @@ CONFIG_ARM_SMMU_V3=y
 CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
 CONFIG_ARCH_REQUIRE_GPIOLIB=y
 CONFIG_ARM64_64K_PAGES=y
-# CONFIG_COMPAT is not set
+
+CONFIG_ARM64_HW_AFDBM=y
+CONFIG_ARM64_PAN=y
+CONFIG_ARM64_LSE_ATOMICS=y
 
 CONFIG_BCMA_POSSIBLE=y
 CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
@@ -83,13 +90,13 @@ CONFIG_ACPI_NFIT=m
 CONFIG_PCC=y
 
 CONFIG_ARM64_CRYPTO=y
-CONFIG_CRYPTO_SHA1_ARM64_CE=m
-CONFIG_CRYPTO_SHA2_ARM64_CE=m
+CONFIG_CRYPTO_SHA1_ARM64_CE=y
+CONFIG_CRYPTO_SHA2_ARM64_CE=y
 CONFIG_CRYPTO_GHASH_ARM64_CE=m
-CONFIG_CRYPTO_AES_ARM64_CE=m
-CONFIG_CRYPTO_AES_ARM64_CE_CCM=m
-CONFIG_CRYPTO_AES_ARM64_CE_BLK=m
-CONFIG_CRYPTO_AES_ARM64_NEON_BLK=m
+CONFIG_CRYPTO_AES_ARM64_CE=y
+CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
+CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
+CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y
 CONFIG_CRYPTO_CRC32_ARM64=m
 CONFIG_CRYPTO_DEV_CCP=y
 CONFIG_CRYPTO_DEV_CCP_DD=m
@@ -138,6 +145,10 @@ CONFIG_AMD_XGBE_PHY=m
 # HiSilicon
 CONFIG_POWER_RESET_HISI=y
 CONFIG_HISI_THERMAL=m
+CONFIG_STUB_CLK_HI6220=y
+
+# ThunderX
+# CONFIG_MDIO_OCTEON is not set
 
 CONFIG_NET_VENDOR_MELLANOX=y
 CONFIG_MLX4_EN=m
@@ -165,3 +176,4 @@ CONFIG_ND_BLK=m
 CONFIG_DEBUG_SECTION_MISMATCH=y
 
 # CONFIG_FSL_MC_BUS is not set
+# CONFIG_FUJITSU_ES is not set
diff --git a/config-armv7 b/config-armv7
index b39acc2..7c81e1d 100644
--- a/config-armv7
+++ b/config-armv7
@@ -25,8 +25,6 @@ CONFIG_SOC_OMAP3430=y
 CONFIG_SOC_TI81XX=y
 # CONFIG_MACH_NOKIA_RX51 is not set
 # CONFIG_MACH_OMAP_LDP is not set
-# CONFIG_MACH_OMAP3530_LV_SOM is not set
-# CONFIG_MACH_OMAP3_TORPEDO is not set
 # CONFIG_MACH_OMAP3517EVM is not set
 # CONFIG_MACH_OMAP3_PANDORA is not set
 
@@ -284,6 +282,7 @@ CONFIG_PINCTRL_MSM8960=m
 CONFIG_PINCTRL_MSM8X74=m
 CONFIG_PINCTRL_MSM8916=m
 CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
+CONFIG_PINCTRL_QCOM_SSBI_PMIC=m
 CONFIG_COMMON_CLK_QCOM=m
 # CONFIG_MSM_GCC_8916 is not set
 # CONFIG_IPQ_LCC_806X is not set
@@ -339,6 +338,13 @@ CONFIG_SND_SOC_LPASS_PLATFORM=m
 CONFIG_SND_SOC_STORM=m
 CONFIG_PHY_QCOM_UFS=m
 CONFIG_HWSPINLOCK_QCOM=m
+CONFIG_QCOM_COINCELL=m
+CONFIG_USB_QCOM_8X16_PHY=m
+CONFIG_QCOM_SMD=m
+CONFIG_QCOM_SMD_RPM=m
+CONFIG_QCOM_SMEM=m
+CONFIG_REGULATOR_QCOM_SMD_RPM=m
+# CONFIG_QCOM_SMEM is not set
 
 # i.MX
 # CONFIG_MXC_DEBUG_BOARD is not set
@@ -348,6 +354,7 @@ CONFIG_SOC_IMX53=y
 CONFIG_SOC_IMX6Q=y
 CONFIG_SOC_IMX6SL=y
 CONFIG_SOC_IMX6SX=y
+CONFIG_SOC_IMX6UL=y
 CONFIG_SOC_IMX7D=y
 # CONFIG_SOC_LS1021A is not set
 # CONFIG_SOC_VF610 is not set
@@ -371,6 +378,7 @@ CONFIG_NET_VENDOR_FREESCALE=y
 CONFIG_FEC=m
 # CONFIG_FSL_PQ_MDIO is not set
 # CONFIG_FSL_XGMAC_MDIO is not set
+CONFIG_KEYBOARD_SNVS_PWRKEY=m
 CONFIG_KEYBOARD_IMX=m
 CONFIG_KEYBOARD_STMPE=m
 CONFIG_TOUCHSCREEN_STMPE=m
@@ -404,6 +412,7 @@ CONFIG_RTC_DRV_SNVS=m
 CONFIG_FB_MXS=m
 # CONFIG_FB_MX3 is not set
 # CONFIG_FB_IMX is not set
+CONFIG_TOUCHSCREEN_IMX6UL_TSC=m
 
 CONFIG_SND_IMX_SOC=m
 CONFIG_SND_SOC_FSL_ASOC_CARD=m
@@ -493,8 +502,6 @@ CONFIG_ARCH_EXYNOS4=y
 CONFIG_SOC_EXYNOS4212=y
 CONFIG_SOC_EXYNOS4412=y
 CONFIG_SOC_EXYNOS4415=y
-CONFIG_ARM_EXYNOS4210_CPUFREQ=y
-CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
 CONFIG_AK8975=m
 CONFIG_CM36651=m
 CONFIG_KEYBOARD_SAMSUNG=m
@@ -620,6 +627,7 @@ CONFIG_CADENCE_WATCHDOG=m
 CONFIG_REGULATOR_ISL9305=m
 CONFIG_EDAC_SYNOPSYS=m
 CONFIG_PINCTRL_ZYNQ=y
+CONFIG_AXI_DMAC=m
 
 # Multi function devices
 CONFIG_MFD_88PM800=m
diff --git a/config-armv7-generic b/config-armv7-generic
index 2b578e7..1fcaa96 100644
--- a/config-armv7-generic
+++ b/config-armv7-generic
@@ -33,6 +33,7 @@ CONFIG_XZ_DEC_ARMTHUMB=y
 CONFIG_ARCH_HAS_TICK_BROADCAST=y
 CONFIG_IRQ_CROSSBAR=y
 CONFIG_IOMMU_IO_PGTABLE_LPAE=y
+CONFIG_CPU_SW_DOMAIN_PAN=y
 
 # CONFIG_MCPM is not set
 # CONFIG_OABI_COMPAT is not set
@@ -141,7 +142,6 @@ CONFIG_XZ_DEC_ARM=y
 
 CONFIG_PCI_HOST_GENERIC=y
 # CONFIG_PCI_LAYERSCAPE is not set
-# CONFIG_PCIE_IPROC is not set
 # Do NOT enable this, it breaks stuff and makes things go slow
 # CONFIG_UACCESS_WITH_MEMCPY is not set
 
@@ -183,6 +183,7 @@ CONFIG_MACH_SUN7I=y
 CONFIG_MACH_SUN8I=y
 # CONFIG_MACH_SUN9I is not set
 CONFIG_SUNXI_SRAM=y
+CONFIG_DMA_SUN4I=m
 CONFIG_DMA_SUN6I=m
 CONFIG_SUNXI_WATCHDOG=m
 CONFIG_NET_VENDOR_ALLWINNER=y
@@ -215,6 +216,8 @@ CONFIG_MTD_NAND_SUNXI=m
 CONFIG_SERIO_SUN4I_PS2=m
 CONFIG_KEYBOARD_SUN4I_LRADC=m
 CONFIG_PWM_SUN4I=m
+CONFIG_USB_MUSB_SUNXI=m
+CONFIG_CRYPTO_DEV_SUN4I_SS=m
 
 # Exynos
 CONFIG_ARCH_EXYNOS3=y
@@ -229,8 +232,6 @@ CONFIG_SOC_EXYNOS5410=y
 CONFIG_SOC_EXYNOS5800=y
 CONFIG_SERIAL_SAMSUNG=y
 CONFIG_SERIAL_SAMSUNG_CONSOLE=y
-CONFIG_ARM_EXYNOS_CPUFREQ=m
-CONFIG_ARM_EXYNOS5250_CPUFREQ=y
 CONFIG_ARM_EXYNOS5440_CPUFREQ=m
 CONFIG_ARM_EXYNOS_CPU_FREQ_BOOST_SW=y
 # CONFIG_ARM_EXYNOS_CPUIDLE is not set
@@ -352,6 +353,9 @@ CONFIG_DRM_ROCKCHIP=m
 CONFIG_ROCKCHIP_DW_HDMI=m
 CONFIG_PHY_ROCKCHIP_USB=m
 CONFIG_DWMAC_ROCKCHIP=m
+CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
+CONFIG_SND_SOC_ROCKCHIP_RT5645=m
+CONFIG_REGULATOR_ACT8865=m
 
 # Tegra
 CONFIG_ARCH_TEGRA_114_SOC=y
@@ -393,6 +397,8 @@ CONFIG_TEGRA_SOCTHERM=m
 CONFIG_TEGRA_MC=y
 CONFIG_TEGRA124_EMC=y
 CONFIG_ARM_TEGRA_DEVFREQ=m
+# CONFIG_ARM_TEGRA20_CPUFREQ is not set
+CONFIG_ARM_TEGRA124_CPUFREQ=m
 
 # Jetson TK1
 CONFIG_PINCTRL_AS3722=y
@@ -457,6 +463,7 @@ CONFIG_COMMON_CLK_SI5351=m
 CONFIG_RTC_DRV_ARMADA38X=m
 # CONFIG_CACHE_FEROCEON_L2 is not set
 # CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
+CONFIG_LEDS_NS2=m
 
 # DRM panels
 CONFIG_DRM_PANEL=y
@@ -464,6 +471,9 @@ CONFIG_DRM_PANEL_SIMPLE=m
 CONFIG_DRM_PANEL_LD9040=m
 CONFIG_DRM_PANEL_S6E8AA0=m
 CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
+CONFIG_DRM_PANEL_LG_LG4573=m
+CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
+CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
 CONFIG_DRM_DW_HDMI=m
 
 # regmap
@@ -718,6 +728,7 @@ CONFIG_REGULATOR_DA9211=m
 CONFIG_REGULATOR_ISL9305=m
 CONFIG_REGULATOR_MAX77802=m
 CONFIG_REGULATOR_PWM=m
+# CONFIG_REGULATOR_MT6311 is not set
 CONFIG_SENSORS_LTC2978_REGULATOR=y
 
 CONFIG_POWER_AVS=y
@@ -748,6 +759,7 @@ CONFIG_SENSORS_ISL29028=m
 CONFIG_SENSORS_LIS3_SPI=m
 CONFIG_SENSORS_LM70=m
 CONFIG_SENSORS_MAX1111=m
+CONFIG_MPL3115=m
 CONFIG_SI7005=m
 CONFIG_SI7020=m
 
@@ -856,6 +868,7 @@ CONFIG_R8188EU=m
 # CONFIG_DRM_TILCDC is not set
 # CONFIG_DRM_IMX is not set
 # CONFIG_DRM_STI is not set
+# CONFIG_DRM_FSL_DCU is not set
 # CONFIG_AHCI_IMX is not set
 # CONFIG_IMX_THERMAL is not set
 # CONFIG_TI_DAC7512 is not set
diff --git a/config-armv7-lpae b/config-armv7-lpae
index 5166b6c..483c499 100644
--- a/config-armv7-lpae
+++ b/config-armv7-lpae
@@ -12,6 +12,7 @@ CONFIG_ARCH_KEYSTONE=y
 # CONFIG_ARCH_AXXIA is not set
 
 CONFIG_ARM_LPAE=y
+# CONFIG_CPU_SW_DOMAIN_PAN is not set
 CONFIG_SYS_SUPPORTS_HUGETLBFS=y
 CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
 CONFIG_ARM_VIRT_EXT=y
diff --git a/config-debug b/config-debug
index cfb1d38..d57a218 100644
--- a/config-debug
+++ b/config-debug
@@ -90,7 +90,7 @@ CONFIG_RTLWIFI_DEBUG=y
 CONFIG_DEBUG_OBJECTS_WORK=y
 
 CONFIG_DMADEVICES_DEBUG=y
-CONFIG_DMADEVICES_VDEBUG=y
+# CONFIG_DMADEVICES_VDEBUG is not set
 
 CONFIG_PM_ADVANCED_DEBUG=y
 
diff --git a/config-generic b/config-generic
index c0ef7d4..bc0e297 100644
--- a/config-generic
+++ b/config-generic
@@ -51,8 +51,10 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
 CONFIG_KALLSYMS=y
 CONFIG_KALLSYMS_ALL=y
 CONFIG_FUTEX=y
+# CONFIG_FAIL_FUTEX is not set
 CONFIG_EPOLL=y
 CONFIG_BPF_SYSCALL=y
+CONFIG_USERFAULTFD=y
 CONFIG_IOSCHED_NOOP=y
 CONFIG_IOSCHED_DEADLINE=y
 CONFIG_IOSCHED_CFQ=y
@@ -67,6 +69,7 @@ CONFIG_NET_NS=y
 CONFIG_USER_NS=y
 
 CONFIG_POSIX_MQUEUE=y
+CONFIG_KDBUS=m
 # CONFIG_PREEMPT_NONE is not set
 CONFIG_PREEMPT_VOLUNTARY=y
 # CONFIG_PREEMPT is not set
@@ -143,6 +146,8 @@ CONFIG_MMC_TIFM_SD=m
 CONFIG_MMC_WBSD=m
 CONFIG_MMC_VIA_SDMMC=m
 CONFIG_MMC_SDHCI_PLTFM=m
+# CONFIG_MMC_SDHCI_OF is not set
+# CONFIG_MMC_SDHCI_OF_AT91 is not set
 CONFIG_MMC_CB710=m
 CONFIG_MMC_RICOH_MMC=y
 CONFIG_MMC_USHC=m
@@ -172,10 +177,12 @@ CONFIG_INFINIBAND_SRPT=m
 CONFIG_INFINIBAND_USER_MAD=m
 CONFIG_INFINIBAND_USER_ACCESS=m
 CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
-CONFIG_INFINIBAND_IPATH=m
+# Deprecated and moved to staging
+# CONFIG_INFINIBAND_IPATH is not set
 CONFIG_INFINIBAND_ISER=m
 CONFIG_INFINIBAND_ISERT=m
-CONFIG_INFINIBAND_AMSO1100=m
+# Deprecated and moved to staging
+# CONFIG_INFINIBAND_AMSO1100 is not set
 # CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
 CONFIG_INFINIBAND_CXGB3=m
 CONFIG_INFINIBAND_CXGB4=m
@@ -320,6 +327,8 @@ CONFIG_MTD_CFI_I2=y
 # CONFIG_MTD_NAND_ECC_BCH is not set
 # CONFIG_MTD_NAND_DISKONCHIP is not set
 # CONFIG_MTD_NAND_HISI504 is not set
+# CONFIG_MTD_NAND_DENALI_PCI is not set
+# CONFIG_MTD_NAND_DENALI_DT is not set
 # CONFIG_MTD_LPDDR is not set
 CONFIG_MTD_UBI=m
 CONFIG_MTD_UBI_WL_THRESHOLD=4096
@@ -349,6 +358,7 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
 # CONFIG_ND_BLK is not set
 # CONFIG_BTT is not set
 
+# CONFIG_NVMEM is not set
 
 #
 # Block devices
@@ -382,6 +392,7 @@ CONFIG_BLK_DEV_RAM_SIZE=16384
 CONFIG_BLK_DEV_PMEM=m
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_BLK_DEV_IO_TRACE=y
+CONFIG_BLK_DEV_RAM_DAX=y
 
 CONFIG_BLK_DEV_BSG=y
 CONFIG_BLK_DEV_BSGLIB=y
@@ -818,6 +829,7 @@ CONFIG_IP_VS_PROTO_ESP=y
 CONFIG_IP_VS_PROTO_AH=y
 CONFIG_IP_VS_PROTO_SCTP=y
 CONFIG_IP_VS_FO=m
+CONFIG_IP_VS_OVF=m
 CONFIG_IP_VS_IPV6=y
 CONFIG_IP_VS_RR=m
 CONFIG_IP_VS_WRR=m
@@ -846,6 +858,7 @@ CONFIG_INET6_AH=m
 CONFIG_INET6_ESP=m
 CONFIG_INET6_IPCOMP=m
 CONFIG_IPV6_MIP6=y
+CONFIG_IPV6_ILA=m
 CONFIG_IPV6_VTI=m
 CONFIG_IPV6_SIT=m
 CONFIG_IPV6_SIT_6RD=y
@@ -1073,8 +1086,12 @@ CONFIG_NFT_REJECT=m
 CONFIG_NFT_COMPAT=m
 
 CONFIG_NF_TABLES_IPV4=m
+CONFIG_NF_DUP_IPV4=m
+CONFIG_NF_DUP_IPV6=m
 CONFIG_NF_REJECT_IPV6=m
 CONFIG_NFT_REJECT_IPV4=m
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_DUP_IPV6=m
 CONFIG_NFT_CHAIN_ROUTE_IPV4=m
 CONFIG_NFT_CHAIN_NAT_IPV4=m
 CONFIG_NF_TABLES_ARP=m
@@ -1262,6 +1279,7 @@ CONFIG_BATMAN_ADV_MCAST=y
 
 # CONFIG_BATMAN_ADV_DEBUG is not set
 CONFIG_OPENVSWITCH=m
+CONFIG_OPENVSWITCH_CONNTRACK=y
 CONFIG_OPENVSWITCH_GRE=y
 CONFIG_OPENVSWITCH_VXLAN=y
 CONFIG_OPENVSWITCH_GENEVE=y
@@ -1300,6 +1318,7 @@ CONFIG_TUN=m
 # CONFIG_TUN_VNET_CROSS_LE is not set
 CONFIG_VETH=m
 CONFIG_NLMON=m
+CONFIG_NET_VRF=m
 
 #
 # ATM
@@ -1353,6 +1372,8 @@ CONFIG_L2TP_ETH=m
 
 # CONFIG_CAIF is not set
 
+CONFIG_LWTUNNEL=y
+
 CONFIG_RFKILL=m
 CONFIG_RFKILL_GPIO=m
 CONFIG_RFKILL_INPUT=y
@@ -1574,6 +1595,9 @@ CONFIG_SUNGEM=m
 CONFIG_CASSINI=m
 CONFIG_NIU=m
 
+# CONFIG_NET_VENDOR_SYNOPSYS is not set
+# CONFIG_SYNOPSYS_DWC_ETH_QOS is not set
+
 CONFIG_NET_VENDOR_TEHUTI=y
 CONFIG_TEHUTI=m
 
@@ -1600,6 +1624,7 @@ CONFIG_BCM87XX_PHY=m
 CONFIG_CICADA_PHY=m
 CONFIG_DAVICOM_PHY=m
 CONFIG_DP83640_PHY=m
+CONFIG_MICROCHIP_PHY=m
 CONFIG_FIXED_PHY=y
 CONFIG_MDIO_BITBANG=m
 CONFIG_MDIO_BCM_UNIMAC=m
@@ -1617,7 +1642,10 @@ CONFIG_STE10XP=m
 CONFIG_VITESSE_PHY=m
 CONFIG_MICREL_PHY=m
 CONFIG_DP83867_PHY=m
+CONFIG_DP83848_PHY=m
 # CONFIG_MICREL_KS8995MA is not set
+CONFIG_AQUANTIA_PHY=m
+CONFIG_TERANETICS_PHY=m
 
 CONFIG_MII=m
 CONFIG_NET_CORE=y
@@ -1632,6 +1660,7 @@ CONFIG_BCMGENET=m
 CONFIG_BNX2=m
 CONFIG_BNX2X=m
 CONFIG_BNX2X_SRIOV=y
+CONFIG_BNX2X_VXLAN=y
 CONFIG_CNIC=m
 CONFIG_FEALNX=m
 CONFIG_ETHOC=m
@@ -1649,6 +1678,7 @@ CONFIG_JME=m
 # CONFIG_MLX4_EN is not set
 # CONFIG_MLX4_EN_VXLAN is not set
 # CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
 # CONFIG_SFC is not set
 
 # CONFIG_FDDI is not set
@@ -1861,6 +1891,7 @@ CONFIG_USB_NET_RNDIS_WLAN=m
 CONFIG_USB_NET_KALMIA=m
 CONFIG_USB_NET_QMI_WWAN=m
 CONFIG_USB_NET_SMSC75XX=m
+CONFIG_USB_NET_CH9200=m
 # CONFIG_WL_TI is not set
 CONFIG_ZD1211RW=m
 # CONFIG_ZD1211RW_DEBUG is not set
@@ -1893,14 +1924,15 @@ CONFIG_IEEE802154_SOCKET=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IEEE802154_FAKELB=m
+CONFIG_IEEE802154_ATUSB=m
 CONFIG_IEEE802154_CC2520=m
 # CONFIG_IEEE802154_AT86RF230 is not set
 # CONFIG_IEEE802154_MRF24J40 is not set
-CONFIG_IEEE802154_ATUSB=m
 
 CONFIG_MAC802154=m
 CONFIG_NET_MPLS_GSO=m
 CONFIG_MPLS_ROUTING=m
+CONFIG_MPLS_IPTUNNEL=m
 
 CONFIG_NET_SWITCHDEV=y
 
@@ -2017,6 +2049,7 @@ CONFIG_NFC_ST21NFCA_I2C=m
 # CONFIG_NFC_NCI_SPI is not set
 # CONFIG_NFC_NCI_UART is not set
 # CONFIG_NFC_ST_NCI is not set
+# CONFIG_NFC_S3FWRN5_I2C is not set
 
 
 #
@@ -2062,6 +2095,7 @@ CONFIG_WINBOND_FIR=m
 #
 CONFIG_BT=m
 CONFIG_BT_BREDR=y
+CONFIG_BT_HS=y
 CONFIG_BT_LE=y
 CONFIG_BT_6LOWPAN=m
 # CONFIG_BT_SELFTEST is not set
@@ -2090,6 +2124,7 @@ CONFIG_BT_HCIUART_ATH3K=y
 CONFIG_BT_HCIUART_3WIRE=y
 CONFIG_BT_HCIUART_INTEL=y
 CONFIG_BT_HCIUART_BCM=y
+CONFIG_BT_HCIUART_QCA=y
 CONFIG_BT_HCIDTL1=m
 CONFIG_BT_HCIBT3C=m
 CONFIG_BT_HCIBLUECARD=m
@@ -2103,6 +2138,7 @@ CONFIG_BT_HCIUART_LL=y
 CONFIG_BT_MRVL=m
 CONFIG_BT_MRVL_SDIO=m
 CONFIG_BT_ATH3K=m
+CONFIG_BT_QCA=m
 CONFIG_BT_WILINK=m
 
 #
@@ -2420,6 +2456,7 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
 # CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set
 # CONFIG_TOUCHSCREEN_SX8654 is not set
 # CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
+# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
 
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_E3X0_BUTTON=m
@@ -2503,6 +2540,7 @@ CONFIG_SERIAL_JSM=m
 
 # CONFIG_SERIAL_ALTERA_JTAGUART is not set
 # CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_UARTLITE is not set
 
 #
 # Non-8250 serial port support
@@ -2542,6 +2580,7 @@ CONFIG_I2C_CHARDEV=m
 # CONFIG_I2C_MUX_GPIO is not set
 # CONFIG_I2C_MUX_PCA9541 is not set
 # CONFIG_I2C_MUX_PINCTRL is not set
+# CONFIG_I2C_MUX_REG is not set
 #
 
 #
@@ -2570,6 +2609,7 @@ CONFIG_I2C_ALGOPCA=m
 # CONFIG_I2C_NFORCE2_S4985 is not set
 # CONFIG_I2C_EG20T is not set
 # CONFIG_I2C_CBUS_GPIO is not set
+# CONFIG_I2C_EMEV2 is not set
 CONFIG_I2C_VIPERBOARD=m
 
 CONFIG_EEPROM_AT24=m
@@ -2761,6 +2801,7 @@ CONFIG_SENSORS_AD7314=m
 CONFIG_PMBUS=m
 CONFIG_SENSORS_PMBUS=m
 CONFIG_SENSORS_MAX16064=m
+CONFIG_SENSORS_MAX20751=m
 CONFIG_SENSORS_LM25066=m
 CONFIG_SENSORS_LTC2978=m
 CONFIG_SENSORS_MAX34440=m
@@ -2788,7 +2829,7 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m
 # CONFIG_AD5380 is not set
 # CONFIG_AD5064 is not set
 # CONFIG_BMA180 is not set
-# CONFIG_BMC150_ACCEL is not set
+CONFIG_BMC150_ACCEL=m
 # CONFIG_MAX1363 is not set
 # CONFIG_MAX517 is not set
 # CONFIG_MAX5821 is not set
@@ -2882,6 +2923,9 @@ CONFIG_ACPI_ALS=m
 CONFIG_KXCJK1013=m
 # CONFIG_ISL29125 is not set
 # CONFIG_JSA1212 is not set
+CONFIG_RPR0521=m
+CONFIG_OPT3001=m
+CONFIG_PA12203001=m
 # CONFIG_TCS3414 is not set
 # CONFIG_AK09911 is not set
 # CONFIG_T5403 is not set
@@ -3106,6 +3150,7 @@ CONFIG_RTC_DRV_PCF85063=m
 # CONFIG_RTC_DRV_ISL12057 is not set
 # CONFIG_RTC_DRV_XGENE is not set
 # CONFIG_RTC_DRV_ABB5ZES3 is not set
+# CONFIG_RTC_DRV_ZYNQMP is not set
 
 CONFIG_R3964=m
 # CONFIG_APPLICOM is not set
@@ -3131,6 +3176,7 @@ CONFIG_VGA_ARB_MAX_GPUS=16
 
 
 CONFIG_DRM=m
+CONFIG_DRM_FBDEV_EMULATION=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_AST=m  # do not enable on f17 or older
 CONFIG_DRM_CIRRUS_QEMU=m  # do not enable on f17 or older
@@ -3159,6 +3205,8 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_I2C_ADV7511=m
 CONFIG_DRM_I2C_CH7006=m
 CONFIG_DRM_I2C_SIL164=m
+# CONFIG_DRM_NXP_PTN3460 is not set
+# CONFIG_DRM_PARADE_PS8622 is not set
 CONFIG_DRM_I2C_NXP_TDA998X=m
 CONFIG_DRM_UDL=m
 CONFIG_DRM_VMWGFX=m
@@ -3171,6 +3219,7 @@ CONFIG_DRM_PS8622=m
 # CONFIG_DRM_PANEL is not set
 # CONFIG_DRM_PANEL_SIMPLE is not set
 # CONFIG_DRM_PANEL_S6E8AA0 is not set
+# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set
 CONFIG_DRM_VGEM=m
 
 #
@@ -3342,6 +3391,7 @@ CONFIG_DVB_FIREDTV=m
 CONFIG_DVB_NGENE=m
 CONFIG_DVB_DDBRIDGE=m
 CONFIG_DVB_SMIPCIE=m
+CONFIG_DVB_NETUP_UNIDVB=m
 CONFIG_DVB_USB_TECHNISAT_USB2=m
 CONFIG_DVB_USB_V2=m
 
@@ -3443,6 +3493,7 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
 # CONFIG_VIDEO_SH_VEU is not set
 # CONFIG_VIDEO_RENESAS_VSP1 is not set
 # CONFIG_V4L_TEST_DRIVERS is not set
+# CONFIG_DVB_PLATFORM_DRIVERS is not set
 
 #
 # Broadcom Crystal HD video decoder driver
@@ -3525,6 +3576,7 @@ CONFIG_FB_EFI=y
 # CONFIG_FB_UDL is not set
 # CONFIG_FB_GOLDFISH is not set
 # CONFIG_FB_OPENCORES is not set
+# CONFIG_FB_SM712 is not set
 
 # CONFIG_FIRMWARE_EDID is not set
 
@@ -3765,6 +3817,7 @@ CONFIG_USB_SL811_HCD_ISO=y
 # CONFIG_USB_SL811_CS is not set
 # CONFIG_USB_R8A66597_HCD is not set
 CONFIG_USB_XHCI_HCD=y
+# CONFIG_USB_XHCI_PLATFORM is not set
 # CONFIG_USB_MAX3421_HCD is not set
 
 #
@@ -3873,6 +3926,7 @@ CONFIG_HID_EMS_FF=m
 CONFIG_HID_ELECOM=m
 CONFIG_HID_ELO=m
 CONFIG_HID_EZKEY=m
+CONFIG_HID_GEMBIRD=m
 CONFIG_HID_UCLOGIC=m
 CONFIG_HID_WALTOP=m
 CONFIG_HID_ACRUX=m
@@ -3976,6 +4030,7 @@ CONFIG_USB_KAWETH=m
 CONFIG_USB_PEGASUS=m
 CONFIG_USB_RTL8150=m
 CONFIG_USB_RTL8152=m
+CONFIG_USB_LAN78XX=m
 CONFIG_USB_USBNET=m
 CONFIG_USB_SPEEDTOUCH=m
 CONFIG_USB_NET_AX8817X=m
@@ -4260,6 +4315,7 @@ CONFIG_MFD_VIPERBOARD=m
 # CONFIG_MFD_RT5033 is not set
 # CONFIG_MFD_SKY81452 is not set
 # CONFIG_MFD_MAX77843 is not set
+# CONFIG_MFD_DA9062 is not set
 # CONFIG_EZX_PCAP is not set
 # CONFIG_INTEL_SOC_PMIC is not set
 
@@ -4273,7 +4329,7 @@ CONFIG_MISC_FILESYSTEMS=y
 # CONFIG_EXT2_FS is not set
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT23=y
+CONFIG_EXT4_USE_FOR_EXT2=y
 CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_ENCRYPTION is not set
@@ -4310,7 +4366,7 @@ CONFIG_AUTOFS4_FS=y
 # CONFIG_EXOFS_FS is not set
 # CONFIG_EXOFS_DEBUG is not set
 CONFIG_NILFS2_FS=m
-# CONFIG_FS_DAX is not set
+CONFIG_FS_DAX=y
 # CONFIG_LOGFS is not set
 CONFIG_CEPH_FS=m
 CONFIG_CEPH_FSCACHE=y
@@ -4609,6 +4665,7 @@ CONFIG_HEADERS_CHECK=y
 # CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
 # CONFIG_DEBUG_LOCKDEP is not set
 # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_STATIC_KEYS_SELFTEST is not set
 
 # DEBUG options that don't get enabled/disabled with 'make debug/release'
 
@@ -4846,6 +4903,7 @@ CONFIG_BACKLIGHT_LP855X=m
 # CONFIG_BACKLIGHT_GPIO is not set
 # CONFIG_BACKLIGHT_LV5207LP is not set
 # CONFIG_BACKLIGHT_BD6107 is not set
+# CONFIG_BACKLIGHT_PM8941_WLED is not set
 
 CONFIG_LCD_CLASS_DEVICE=m
 CONFIG_LCD_PLATFORM=m
@@ -4879,6 +4937,7 @@ CONFIG_CGROUPS=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_MEMCG=y
 CONFIG_MEMCG_SWAP=y
@@ -5065,6 +5124,10 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
 # CONFIG_SND_SOC_TS3A227E is not set
 # CONFIG_SND_SOC_XTFPGA_I2S is not set
 # CONFIG_SND_SOC_STA32X is not set 
+# CONFIG_SND_SOC_CS4349 is not set
+# CONFIG_SND_SOC_GTM601 is not set
+# CONFIG_SND_SOC_STI_SAS is not set
+# 
 
 CONFIG_BALLOON_COMPACTION=y
 CONFIG_COMPACTION=y
@@ -5128,6 +5191,7 @@ CONFIG_DMA_ENGINE=y
 CONFIG_DW_DMAC_CORE=m
 CONFIG_DW_DMAC=m
 CONFIG_DW_DMAC_PCI=m
+# CONFIG_IDMA64 is not set
 # CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set
 # CONFIG_TIMB_DMA is not set
 # CONFIG_DMATEST is not set
@@ -5353,6 +5417,7 @@ CONFIG_STAGING_MEDIA=y
 # CONFIG_I2C_BCM2048 is not set
 # CONFIG_DT3155 is not set
 # CONFIG_PRISM2_USB is not set
+# CONFIG_MOST is not set
 CONFIG_USB_ATMEL=m
 # CONFIG_COMEDI is not set
 # CONFIG_PANEL is not set
@@ -5404,6 +5469,7 @@ CONFIG_USBIP_HOST=m
 # CONFIG_FB_SM7XX is not set
 # CONFIG_FB_TFT is not set
 # CONFIG_FB_SM750 is not set
+# CONFIG_STAGING_RDMA is not set
 # END OF STAGING
 
 #
@@ -5481,6 +5547,8 @@ CONFIG_ZSMALLOC=y
 # CONFIG_ZSMALLOC_STAT is not set
 # CONFIG_PGTABLE_MAPPING is not set
 
+# CONFIG_IDLE_PAGE_TRACKING is not set
+
 # CONFIG_MDIO_GPIO is not set
 # CONFIG_KEYBOARD_GPIO is not set
 # CONFIG_KEYBOARD_GPIO_POLLED is not set
@@ -5528,6 +5596,7 @@ CONFIG_GPIO_VIPERBOARD=m
 # CONFIG_GPIO_MCP23S08 is not set
 # CONFIG_GPIO_XILINX is not set
 # CONFIG_GPIO_ALTERA is not set
+# CONFIG_GPIO_ZX is not set
 
 # FIXME: Why?
 
@@ -5568,6 +5637,7 @@ CONFIG_PSTORE_RAM=m
 # CONFIG_MEMTEST is not set
 # CONFIG_TEST_HEXDUMP is not set
 # CONFIG_TEST_RHASHTABLE is not set
+# CONFIG_TEST_STATIC_KEYS is not set
 
 # CONFIG_AVERAGE is not set
 # CONFIG_VMXNET3 is not set
diff --git a/config-powerpc64-generic b/config-powerpc64-generic
index ce547a8..7f0b105 100644
--- a/config-powerpc64-generic
+++ b/config-powerpc64-generic
@@ -14,6 +14,7 @@ CONFIG_PPC_PSERIES=y
 # CONFIG_PPC_PMAC is not set
 # CONFIG_PPC_PMAC64 is not set
 # CONFIG_PPC_PS3 is not set
+CONFIG_HIBERNATION=n
 
 CONFIG_EXTRA_TARGETS=""
 
@@ -127,6 +128,7 @@ CONFIG_MTD_POWERNV_FLASH=m
 CONFIG_PPC_TRANSACTIONAL_MEM=y
 CONFIG_BLK_DEV_RSXX=m
 CONFIG_CXL=m
+CONFIG_CXLFLASH=m
 CONFIG_IBMEBUS=y
 CONFIG_EHEA=m
 CONFIG_INFINIBAND_EHCA=m
@@ -209,6 +211,7 @@ CONFIG_CAPI_EICON=y
 CONFIG_LEDS_TRIGGER_TIMER=m
 CONFIG_LEDS_TRIGGER_HEARTBEAT=m
 CONFIG_LEDS_TRIGGER_GPIO=m
+CONFIG_LEDS_POWERNV=m
 
 CONFIG_USB_EHCI_HCD_PPC_OF=y
 CONFIG_USB_OHCI_HCD_PCI=y
@@ -358,6 +361,8 @@ CONFIG_I2C_MPC=m
 # CONFIG_NET_VENDOR_PASEMI is not set
 # CONFIG_NET_VENDOR_TOSHIBA is not set
 
+CONFIG_MDIO_OCTEON=m
+
 # CONFIG_OF_UNITTEST is not set
 # CONFIG_OF_OVERLAY is not set
 # CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
diff --git a/config-powerpc64le b/config-powerpc64le
index 48c8c0d..7d9f3fc 100644
--- a/config-powerpc64le
+++ b/config-powerpc64le
@@ -1,3 +1,6 @@
 CONFIG_CPU_LITTLE_ENDIAN=y
 
 CONFIG_POWER7_CPU=y
+
+# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
+CONFIG_CHECKPOINT_RESTORE=y
diff --git a/config-s390x b/config-s390x
index f58e4d8..ae94aa8 100644
--- a/config-s390x
+++ b/config-s390x
@@ -201,6 +201,7 @@ CONFIG_VMCP=y
 CONFIG_SCHED_MC=y
 CONFIG_SCHED_BOOK=y
 CONFIG_SCHED_TOPOLOGY=y
+# CONFIG_NUMA is not set
 
 # CONFIG_WARN_DYNAMIC_STACK is not set
 
@@ -290,6 +291,7 @@ CONFIG_HOTPLUG_PCI_S390=y
 # CONFIG_SH_ETH is not set
 # CONFIG_NET_VENDOR_VIA is not set
 # CONFIG_IEEE802154_DRIVERS is not set
+# CONFIG_MDIO_OCTEON is not set
 
 # CONFIG_FMC is not set
 
diff --git a/config-x86-generic b/config-x86-generic
index b82a9b1..807f602 100644
--- a/config-x86-generic
+++ b/config-x86-generic
@@ -4,6 +4,8 @@ CONFIG_X86_EXTENDED_PLATFORM=y
 
 CONFIG_X86_GENERIC=y
 
+# CONFIG_X86_LEGACY_VM86 is not set
+
 CONFIG_HPET=y
 CONFIG_HPET_TIMER=y
 # CONFIG_HPET_MMAP is not set
@@ -34,9 +36,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
 CONFIG_X86_PAT=y
 CONFIG_X86_PM_TIMER=y
 
-# This requires changes to binutils and the compiler.  Plus you can't actually
-# buy hardware with MPX yet.  So... leave it off until all of that seems set.
-# CONFIG_X86_INTEL_MPX is not set
+CONFIG_X86_INTEL_MPX=y
 
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
@@ -111,6 +111,7 @@ CONFIG_XPOWER_PMIC_OPREGION=y
 CONFIG_GPIO_CRYSTAL_COVE=y
 CONFIG_AXP288_ADC=y
 CONFIG_AXP288_FUEL_GAUGE=y
+# CONFIG_PWM_CRC is not set
 
 
 CONFIG_X86_INTEL_PSTATE=y
@@ -133,6 +134,7 @@ CONFIG_CRYPTO_DEV_CCP=y
 CONFIG_CRYPTO_DEV_CCP_DD=m
 CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
 CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
+CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
 
 CONFIG_GENERIC_ISA_DMA=y
 
@@ -310,6 +312,9 @@ CONFIG_XEN_PCIDEV_BACKEND=m
 CONFIG_XEN_ACPI_PROCESSOR=m
 # CONFIG_XEN_SCSI_FRONTEND is not set
 # CONFIG_XEN_SCSI_BACKEND is not set
+CONFIG_XEN_SYMS=y
+
+CONFIG_SPI_PXA2XX=m
 
 CONFIG_MTD_ESB2ROM=m
 CONFIG_MTD_CK804XROM=m
@@ -457,6 +462,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
 
 CONFIG_HP_ACCEL=m
 
+CONFIG_SURFACE_PRO3_BUTTON=m
+
 # CONFIG_RAPIDIO is not set
 
 CONFIG_SCHED_SMT=y
@@ -498,10 +505,14 @@ CONFIG_NFC_MICROREAD_MEI=m
 # CONFIG_X86_GOLDFISH is not set
 
 CONFIG_X86_INTEL_LPSS=y
+CONFIG_IDMA64=m
 
 # CONFIG_X86_AMD_PLATFORM_DEVICE is not set
 # CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
 
+CONFIG_MFD_INTEL_LPSS_ACPI=m
+CONFIG_MFD_INTEL_LPSS_PCI=m
+
 CONFIG_IOSF_MBI=m
 # CONFIG_IOSF_MBI_DEBUG is not set
 CONFIG_PWM_LPSS=m
@@ -536,6 +547,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
 CONFIG_INTEL_SOC_DTS_THERMAL=m
 CONFIG_INT340X_THERMAL=m
 CONFIG_INTEL_RAPL=m
+CONFIG_INTEL_PCH_THERMAL=m
 
 CONFIG_VMWARE_VMCI=m
 CONFIG_VMWARE_VMCI_VSOCKETS=m
@@ -554,6 +566,8 @@ CONFIG_MODULE_SIG_ALL=y
 # CONFIG_MODULE_SIG_SHA1 is not set
 CONFIG_MODULE_SIG_SHA256=y
 # CONFIG_MODULE_SIG_FORCE is not set
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYS=""
 CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
 CONFIG_EFI_SIGNATURE_LIST_PARSER=y
 
@@ -563,9 +577,11 @@ CONFIG_EFI_SIGNATURE_LIST_PARSER=y
 CONFIG_MODULE_SIG_UEFI=y
 
 CONFIG_VMXNET3=m
+CONFIG_FUJITSU_ES=m
 CONFIG_VFIO_PCI_VGA=y
 
 CONFIG_PCH_CAN=m
 
 # CONFIG_X86_DEBUG_FPU is not set
 # CONFIG_PUNIT_ATOM_DEBUG is not set
+# CONFIG_AMD_MCE_INJ is not set
diff --git a/config-x86_64-generic b/config-x86_64-generic
index 94c4760..2729998 100644
--- a/config-x86_64-generic
+++ b/config-x86_64-generic
@@ -86,6 +86,8 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
 CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
 CONFIG_CRYPTO_DES3_EDE_X86_64=m
+CONFIG_CRYPTO_POLY1305_X86_64=m
+CONFIG_CRYPTO_CHACHA20_X86_64=m
 # staging crypto
 # CONFIG_CRYPTO_SKEIN is not set
 
@@ -134,6 +136,7 @@ CONFIG_XEN_SYS_HYPERVISOR=y
 # CONFIG_XEN_MCE_LOG is not set
 # CONFIG_XEN_STUB is not set
 # CONFIG_XEN_PVH is not set
+CONFIG_XEN_512GB=y
 
 CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
 
@@ -199,6 +202,8 @@ CONFIG_BTT=y
 CONFIG_ND_BTT=m
 CONFIG_ND_BLK=m
 
+CONFIG_MDIO_OCTEON=m
+
 CONFIG_NO_HZ_FULL=y
 # CONFIG_NO_HZ_IDLE is not set
 # CONFIG_NO_HZ_FULL_ALL is not set
diff --git a/dcache-Handle-escaped-paths-in-prepend_path.patch b/dcache-Handle-escaped-paths-in-prepend_path.patch
new file mode 100644
index 0000000..d504060
--- /dev/null
+++ b/dcache-Handle-escaped-paths-in-prepend_path.patch
@@ -0,0 +1,65 @@
+From c0ea161a6e7158281f64bc6d41126da43cb08f14 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Sat, 15 Aug 2015 13:36:12 -0500
+Subject: [PATCH 1/2] dcache: Handle escaped paths in prepend_path
+
+commit cde93be45a8a90d8c264c776fab63487b5038a65 upstream.
+
+A rename can result in a dentry that by walking up d_parent
+will never reach it's mnt_root.  For lack of a better term
+I call this an escaped path.
+
+prepend_path is called by four different functions __d_path,
+d_absolute_path, d_path, and getcwd.
+
+__d_path only wants to see paths are connected to the root it passes
+in.  So __d_path needs prepend_path to return an error.
+
+d_absolute_path similarly wants to see paths that are connected to
+some root.  Escaped paths are not connected to any mnt_root so
+d_absolute_path needs prepend_path to return an error greater
+than 1.  So escaped paths will be treated like paths on lazily
+unmounted mounts.
+
+getcwd needs to prepend "(unreachable)" so getcwd also needs
+prepend_path to return an error.
+
+d_path is the interesting hold out.  d_path just wants to print
+something, and does not care about the weird cases.  Which raises
+the question what should be printed?
+
+Given that <escaped_path>/<anything> should result in -ENOENT I
+believe it is desirable for escaped paths to be printed as empty
+paths.  As there are not really any meaninful path components when
+considered from the perspective of a mount tree.
+
+So tweak prepend_path to return an empty path with an new error
+code of 3 when it encounters an escaped path.
+
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+---
+ fs/dcache.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/fs/dcache.c b/fs/dcache.c
+index 9b5fe503f6cb..e3b44ca75a1b 100644
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -2926,6 +2926,13 @@ restart:
+ 
+ 		if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
+ 			struct mount *parent = ACCESS_ONCE(mnt->mnt_parent);
++			/* Escaped? */
++			if (dentry != vfsmnt->mnt_root) {
++				bptr = *buffer;
++				blen = *buflen;
++				error = 3;
++				break;
++			}
+ 			/* Global root? */
+ 			if (mnt != parent) {
+ 				dentry = ACCESS_ONCE(mnt->mnt_mountpoint);
+-- 
+2.4.3
+
diff --git a/disable-i8042-check-on-apple-mac.patch b/disable-i8042-check-on-apple-mac.patch
index 970d833..e75028d 100644
--- a/disable-i8042-check-on-apple-mac.patch
+++ b/disable-i8042-check-on-apple-mac.patch
@@ -1,3 +1,4 @@
+From 31e64826785b5bafef7a6361516c060be2bca253 Mon Sep 17 00:00:00 2001
 From: Bastien Nocera <hadess@hadess.net>
 Date: Thu, 20 May 2010 10:30:31 -0400
 Subject: [PATCH] disable i8042 check on apple mac
@@ -17,11 +18,11 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
  1 file changed, 22 insertions(+)
 
 diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
-index 4022b75eaad7..1aaf06aa7b0f 100644
+index c9c98f0ab284..5137185e14a9 100644
 --- a/drivers/input/serio/i8042.c
 +++ b/drivers/input/serio/i8042.c
-@@ -1506,6 +1506,22 @@ static struct platform_driver i8042_driver = {
- 	.shutdown	= i8042_shutdown,
+@@ -1540,6 +1540,22 @@ static struct notifier_block i8042_kbd_bind_notifier_block = {
+ 	.notifier_call = i8042_kbd_bind_notifier,
  };
  
 +#ifdef CONFIG_DMI
@@ -43,7 +44,7 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
  static int __init i8042_init(void)
  {
  	struct platform_device *pdev;
-@@ -1513,6 +1529,12 @@ static int __init i8042_init(void)
+@@ -1547,6 +1563,12 @@ static int __init i8042_init(void)
  
  	dbg_init();
  
@@ -56,3 +57,6 @@ index 4022b75eaad7..1aaf06aa7b0f 100644
  	err = i8042_platform_init();
  	if (err)
  		return err;
+-- 
+2.4.3
+
diff --git a/drm-i915-hush-check-crtc-state.patch b/drm-i915-hush-check-crtc-state.patch
index 31df993..fa4baff 100644
--- a/drm-i915-hush-check-crtc-state.patch
+++ b/drm-i915-hush-check-crtc-state.patch
@@ -1,3 +1,4 @@
+From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
 From: Adam Jackson <ajax@redhat.com>
 Date: Wed, 13 Nov 2013 10:17:24 -0500
 Subject: [PATCH] drm/i915: hush check crtc state
@@ -14,15 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 647b1404c441..e102a06f26e0 100644
+index ca9278be49f7..308ac0539a87 100644
 --- a/drivers/gpu/drm/i915/intel_display.c
 +++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -12322,7 +12322,7 @@ check_crtc_state(struct drm_device *dev)
- 
- 		if (active &&
- 		    !intel_pipe_config_compare(dev, crtc->config, &pipe_config)) {
+@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
+ 		sw_config = to_intel_crtc_state(crtc->state);
+ 		if (!intel_pipe_config_compare(dev, sw_config,
+ 					       pipe_config, false)) {
 -			I915_STATE_WARN(1, "pipe state doesn't match!\n");
 +			DRM_DEBUG_KMS("pipe state doesn't match!\n");
- 			intel_dump_pipe_config(crtc, &pipe_config,
+ 			intel_dump_pipe_config(intel_crtc, pipe_config,
  					       "[hw state]");
- 			intel_dump_pipe_config(crtc, crtc->config,
+ 			intel_dump_pipe_config(intel_crtc, sw_config,
+-- 
+2.4.3
+
diff --git a/efi-Add-EFI_SECURE_BOOT-bit.patch b/efi-Add-EFI_SECURE_BOOT-bit.patch
index 318a8e7..94f7fe7 100644
--- a/efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,6 +1,7 @@
+From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
-Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
+Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
 
 UEFI machines can be booted in Secure Boot mode.  Add a EFI_SECURE_BOOT bit
 for use with efi_enabled.
@@ -12,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index c2e4f52cad30..5def6b4143fa 100644
+index 1ac118146e90..f93826b8522c 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
  
  #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
  	if (boot_params.secure_boot) {
@@ -37,3 +38,6 @@ index 85ef051ac6fb..de3e45088d4a 100644
  
  #ifdef CONFIG_EFI
  /*
+-- 
+2.4.3
+
diff --git a/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch b/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
index 6fd94c8..ba2f3ce 100644
--- a/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
+++ b/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
@@ -1,6 +1,7 @@
+From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 5 Feb 2013 19:25:05 -0500
-Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
+Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
 
 A user can manually tell the shim boot loader to disable validation of
 images it loads.  When a user does this, it creates a UEFI variable called
@@ -14,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 19 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 1ef8ea7f8ed9..d82dc9c1c19e 100644
+index b4de3faa3f29..5cc2ef570390 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -830,8 +830,9 @@ out:
@@ -52,3 +53,6 @@ index 1ef8ea7f8ed9..d82dc9c1c19e 100644
  	return 1;
  }
  
+-- 
+2.4.3
+
diff --git a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
index 5bdd21b..095bea7 100644
--- a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
+++ b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
@@ -1,6 +1,7 @@
+From 0081083434db41c15b72eced975da0bd9b80566b Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
-Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
+Subject: [PATCH 12/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
 
 The functionality of the config option is dependent upon the platform being
 UEFI based.  Reflect this in the config deps.
@@ -11,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 4da6644b1fd0..341a1457f7c7 100644
+index 14db458f4774..f6ff0a86d841 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1704,7 +1704,8 @@ config EFI_MIXED
+@@ -1735,7 +1735,8 @@ config EFI_MIXED
  	   If unsure, say N.
  
  config EFI_SECURE_BOOT_SIG_ENFORCE
@@ -24,3 +25,6 @@ index 4da6644b1fd0..341a1457f7c7 100644
  	prompt "Force module signing when UEFI Secure Boot is enabled"
  	---help---
  	  UEFI Secure Boot provides a mechanism for ensuring that the
+-- 
+2.4.3
+
diff --git a/filter-aarch64.sh b/filter-aarch64.sh
old mode 100644
new mode 100755
diff --git a/filter-armv7hl.sh b/filter-armv7hl.sh
old mode 100644
new mode 100755
diff --git a/filter-i686.sh b/filter-i686.sh
old mode 100644
new mode 100755
diff --git a/filter-ppc64.sh b/filter-ppc64.sh
old mode 100644
new mode 100755
diff --git a/filter-ppc64le.sh b/filter-ppc64le.sh
old mode 100644
new mode 100755
diff --git a/filter-ppc64p7.sh b/filter-ppc64p7.sh
old mode 100644
new mode 100755
diff --git a/filter-s390x.sh b/filter-s390x.sh
old mode 100644
new mode 100755
diff --git a/filter-x86_64.sh b/filter-x86_64.sh
old mode 100644
new mode 100755
diff --git a/hibernate-Disable-in-a-signed-modules-environment.patch b/hibernate-Disable-in-a-signed-modules-environment.patch
index 9450e8b..f62ea08 100644
--- a/hibernate-Disable-in-a-signed-modules-environment.patch
+++ b/hibernate-Disable-in-a-signed-modules-environment.patch
@@ -1,6 +1,7 @@
+From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
-Subject: [PATCH] hibernate: Disable in a signed modules environment
+Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
 
 There is currently no way to verify the resume image when returning
 from hibernate.  This might compromise the signed modules trust model,
@@ -33,3 +34,6 @@ index 690f78f210f2..037303a1cba9 100644
  }
  
  /**
+-- 
+2.4.3
+
diff --git a/ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch b/ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
deleted file mode 100644
index 9e2838f..0000000
--- a/ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 72695420d48c264b3ca0dacccda1a4789a52c2f6 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Fri, 24 Jul 2015 11:45:28 +0200
-Subject: [PATCH] ideapad-laptop: Add Lenovo Yoga 3 14 to no_hw_rfkill dmi list
-
-Like some of the other Yoga models the Lenovo Yoga 3 14 does not have a
-hw rfkill switch, and trying to read the hw rfkill switch through the
-ideapad module causes it to always reported blocking breaking wifi.
-
-This commit adds the Lenovo Yoga 3 14 to the no_hw_rfkill dmi list, fixing
-the wifi breakage.
-
-BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1239050
-Cc: stable@vger.kernel.org
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- drivers/platform/x86/ideapad-laptop.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c
-index 76b57388d01b..81c3e582309a 100644
---- a/drivers/platform/x86/ideapad-laptop.c
-+++ b/drivers/platform/x86/ideapad-laptop.c
-@@ -853,6 +853,13 @@ static const struct dmi_system_id no_hw_rfkill_list[] = {
- 		},
- 	},
- 	{
-+		.ident = "Lenovo Yoga 3 14",
-+		.matches = {
-+			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
-+			DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Yoga 3 14"),
-+		},
-+	},
-+	{
- 		.ident = "Lenovo Yoga 3 Pro 1370",
- 		.matches = {
- 			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
--- 
-2.4.3
-
diff --git a/input-silence-i8042-noise.patch b/input-silence-i8042-noise.patch
index d1103c2..f8651b3 100644
--- a/input-silence-i8042-noise.patch
+++ b/input-silence-i8042-noise.patch
@@ -16,10 +16,10 @@ Upstream-status: Fedora mustard
  3 files changed, 2 insertions(+), 9 deletions(-)
 
 diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
-index 30b7bbfdc558..95863902627f 100644
+index 9717d5f20139..a3101d2fd936 100644
 --- a/drivers/base/power/main.c
 +++ b/drivers/base/power/main.c
-@@ -123,8 +123,6 @@ void device_pm_unlock(void)
+@@ -122,8 +122,6 @@ void device_pm_unlock(void)
   */
  void device_pm_add(struct device *dev)
  {
@@ -29,7 +29,7 @@ index 30b7bbfdc558..95863902627f 100644
  	if (dev->parent && dev->parent->power.is_prepared)
  		dev_warn(dev, "parent %s should not be sleeping\n",
 diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
-index cb5ece77fd7d..4022b75eaad7 100644
+index 986a71c614b0..bfb0b2280df0 100644
 --- a/drivers/input/serio/i8042.c
 +++ b/drivers/input/serio/i8042.c
 @@ -871,7 +871,6 @@ static int __init i8042_check_aux(void)
@@ -41,7 +41,7 @@ index cb5ece77fd7d..4022b75eaad7 100644
  	}
  
 diff --git a/net/can/af_can.c b/net/can/af_can.c
-index 7933e62a7318..96a911003af7 100644
+index 32d710eaf1fc..af4a20b86ee7 100644
 --- a/net/can/af_can.c
 +++ b/net/can/af_can.c
 @@ -155,13 +155,9 @@ static int can_create(struct net *net, struct socket *sock, int protocol,
diff --git a/kbuild-AFTER_LINK.patch b/kbuild-AFTER_LINK.patch
index 2dfb637..7a18fd2 100644
--- a/kbuild-AFTER_LINK.patch
+++ b/kbuild-AFTER_LINK.patch
@@ -1,3 +1,4 @@
+From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
 From: Roland McGrath <roland@redhat.com>
 Date: Mon, 6 Oct 2008 23:03:03 -0700
 Subject: [PATCH] kbuild: AFTER_LINK
@@ -62,7 +63,7 @@ index effca9404b17..713891a92d23 100644
        cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
-index 8ad2b34ad151..e153572ab351 100644
+index ee8a18e50a25..63e33fa049f8 100644
 --- a/arch/s390/kernel/vdso32/Makefile
 +++ b/arch/s390/kernel/vdso32/Makefile
 @@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@@ -76,7 +77,7 @@ index 8ad2b34ad151..e153572ab351 100644
        cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
-index 2a8ddfd12a5b..452ca53561fe 100644
+index c4b03f9ed228..550450fc2f95 100644
 --- a/arch/s390/kernel/vdso64/Makefile
 +++ b/arch/s390/kernel/vdso64/Makefile
 @@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
@@ -90,7 +91,7 @@ index 2a8ddfd12a5b..452ca53561fe 100644
        cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
-index e97032069f88..9ea82f444dea 100644
+index a3d0767a6b29..078c9be1db8f 100644
 --- a/arch/x86/entry/vdso/Makefile
 +++ b/arch/x86/entry/vdso/Makefile
 @@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
@@ -103,7 +104,7 @@ index e97032069f88..9ea82f444dea 100644
 +		$(if $(AFTER_LINK),; $(AFTER_LINK)) && \
 +		sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
  
- VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
+ VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
  	$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
 diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
 index 1a10d8ac8162..092d0c0cf72c 100755
@@ -120,3 +121,6 @@ index 1a10d8ac8162..092d0c0cf72c 100755
  }
  
  
+-- 
+2.4.3
+
diff --git a/kernel.spec b/kernel.spec
index bcfe4b0..146c450 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -46,13 +46,13 @@ Summary: The Linux kernel
 # base_sublevel is the kernel version we're starting with and patching
 # on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
 # which yields a base_sublevel of 0.
-%define base_sublevel 2
+%define base_sublevel 3
 
 ## If this is a released kernel ##
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 8
+%define stable_update 3
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -388,8 +388,12 @@ BuildRequires: rpm-build, elfutils
 %define debuginfo_args --strict-build-id -r
 %endif
 
+%ifarch %{ix86} x86_64
+# MODULE_SIG is enabled in config-x86-generic and needs these:
+BuildRequires: openssl openssl-devel
+%endif
+
 %if %{signmodules}
-BuildRequires: openssl
 BuildRequires: pesign >= 0.10-4
 %endif
 
@@ -502,15 +506,13 @@ Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
 
 Patch456: arm64-acpi-drop-expert-patch.patch
 
-Patch457: showmem-cma-correct-reserved-memory-calculation.patch
+Patch457: ARM-tegra-usb-no-reset.patch
 
-Patch458: ARM-tegra-usb-no-reset.patch
+Patch458: ARM-dts-Add-am335x-bonegreen.patch
 
-Patch459: regulator-axp20x-module-alias.patch
+Patch459: 0001-watchdog-omap_wdt-fix-null-pointer-dereference.patch
 
-Patch460: regulator-anatop-module-alias.patch
-
-Patch461: ARM-dts-Add-am335x-bonegreen.patch
+Patch460: mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
 
 Patch463: arm-i.MX6-Utilite-device-dtb.patch
 
@@ -520,8 +522,6 @@ Patch467: die-floppy-die.patch
 
 Patch468: no-pcspkr-modalias.patch
 
-Patch469: input-silence-i8042-noise.patch
-
 Patch470: silence-fbcon-logo.patch
 
 Patch471: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
@@ -590,31 +590,11 @@ Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
 
 Patch503: drm-i915-turn-off-wc-mmaps.patch
 
-#rhbz 1244511
-Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
-
 Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
 
-#rhbz 1239050
-Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
-
-#rhbz 1253789
-Patch510: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
-
-#rhbz 1257534
-Patch513: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
-
-#rhbz 1257500
-Patch517: vmwgfx-Rework-device-initialization.patch
-Patch518: drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
-
-#rhbz 1272172
-Patch540: 0001-KEYS-Fix-crash-when-attempt-to-garbage-collect-an-un.patch
-Patch541: 0002-KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
-
 #CVE-2015-7799 rhbz 1271134 1271135
-Patch543: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
-Patch544: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
+Patch512: isdn_ppp-Add-checks-for-allocation-failure-in-isdn_p.patch
+Patch513: ppp-slip-Validate-VJ-compression-slot-parameters-com.patch
 
 #CVE-2015-8104 rhbz 1278496 1279691
 Patch551: KVM-svm-unconditionally-intercept-DB.patch
@@ -630,11 +610,6 @@ Patch556: netfilter-ipset-Fix-extension-alignment.patch
 Patch557: netfilter-ipset-Fix-hash-type-expiration.patch
 Patch558: netfilter-ipset-Fix-hash-type-expire-release-empty-h.patch
 
-#rhbz 1278688
-Patch560: 0001-KVM-x86-build-kvm_userspace_memory_region-in-x86_set.patch
-Patch561: 0002-KVM-x86-map-unmap-private-slots-in-__x86_set_memory_.patch
-Patch562: 0003-KVM-x86-fix-previous-commit-for-32-bit.patch
-
 #rhbz 1284059
 Patch566: KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch
 
@@ -650,6 +625,9 @@ Patch570: HID-multitouch-enable-palm-rejection-if-device-imple.patch
 #rhbz 1286293
 Patch571: ideapad-laptop-Add-Lenovo-ideapad-Y700-17ISK-to-no_h.patch
 
+#rhbz 1288687
+Patch572: alua_fix.patch
+
 #CVE-XXXX-XXXX rhbz 1291329 1291332
 Patch574: ovl-fix-permission-checking-for-setattr.patch
 
@@ -662,8 +640,10 @@ Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
 #CVE-2015-8569 rhbz 1292045 1292047
 Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
 
+Patch601: vrf-fix-memory-leak-on-registration.patch
+
 #CVE-2015-8575 rhbz 1292840 1292841
-Patch601: bluetooth-Validate-socket-address-length-in-sco_sock.patch
+Patch602: bluetooth-Validate-socket-address-length-in-sco_sock.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1368,11 +1348,9 @@ BuildKernel() {
     cp configs/$Config .config
 
     %if %{signmodules}
-    cp %{SOURCE11} .
+    cp %{SOURCE11} certs/.
     %endif
 
-    chmod +x scripts/sign-file
-
     Arch=`head -1 .config | cut -b 3-`
     echo USING ARCH=$Arch
 
@@ -1614,8 +1592,8 @@ BuildKernel() {
 
 %if %{signmodules}
     # Save the signing keys so we can sign the modules in __modsign_install_post
-    cp signing_key.priv signing_key.priv.sign${Flav}
-    cp signing_key.x509 signing_key.x509.sign${Flav}
+    cp certs/signing_key.pem certs/signing_key.pem.sign${Flav}
+    cp certs/signing_key.x509 certs/signing_key.x509.sign${Flav}
 %endif
 
     # Move the devel headers out of the root file system
@@ -1710,16 +1688,16 @@ popd
 %define __modsign_install_post \
   if [ "%{signmodules}" -eq "1" ]; then \
     if [ "%{with_pae}" -ne "0" ]; then \
-      %{modsign_cmd} signing_key.priv.sign+%{pae} signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
+      %{modsign_cmd} certs/signing_key.pem.sign+%{pae} certs/signing_key.x509.sign+%{pae} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}/ \
     fi \
     if [ "%{with_debug}" -ne "0" ]; then \
-      %{modsign_cmd} signing_key.priv.sign+debug signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
+      %{modsign_cmd} certs/signing_key.pem.sign+debug certs/signing_key.x509.sign+debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+debug/ \
     fi \
     if [ "%{with_pae_debug}" -ne "0" ]; then \
-      %{modsign_cmd} signing_key.priv.sign+%{pae}debug signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
+      %{modsign_cmd} certs/signing_key.pem.sign+%{pae}debug certs/signing_key.x509.sign+%{pae}debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+%{pae}debug/ \
     fi \
     if [ "%{with_up}" -ne "0" ]; then \
-      %{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
+      %{modsign_cmd} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
     fi \
   fi \
   if [ "%{zipmodules}" -eq "1" ]; then \
@@ -1980,6 +1958,7 @@ fi
 %{_libdir}/traceevent/plugins/*
 %dir %{_libexecdir}/perf-core
 %{_libexecdir}/perf-core/*
+%{_datadir}/perf-core/*
 %{_mandir}/man[1-8]/perf*
 %{_sysconfdir}/bash_completion.d/perf
 %doc linux-%{KVERREL}/tools/perf/Documentation/examples.txt
@@ -2109,9 +2088,15 @@ fi
 #
 # 
 %changelog
+* Tue Jan 05 2016 Josh Boyer <jwboyer@fedoraproject.org>
+- Merge 4.3.3 from stabilization branch
+
 * Fri Dec 18 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)
 
+* Thu Dec 17 2015 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix for memory leak in vrf
+
 * Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
 
@@ -2128,6 +2113,9 @@ fi
 * Fri Dec 11 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2013-7446 unix sockects use after free (rhbz 1282688 1282712)
 
+* Thu Dec 10 2015 Laura Abbott <labbott@redhat.com>
+- Ignore errors from scsi_dh_add_device (rhbz 1288687)
+
 * Thu Dec 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - Fix rfkill issues on ideapad Y700-17ISK (rhbz 1286293)
 
@@ -2138,6 +2126,9 @@ fi
 - Add patch to fix palm rejection on certain touchpads (rhbz 1287819)
 - Add new PCI ids for wireless, including Lenovo Yoga (rhbz 1275490)
 
+* Tue Dec 01 2015 Laura Abbott <labbott@redhat.com>
+- Enable CONFIG_X86_INTEL_MPX (rhbz 1287279)
+
 * Tue Dec 01 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2015-7515 aiptek: crash on invalid device descriptors (rhbz 1285326 1285331)
 - CVE-2015-7833 usbvision: crash on invalid device descriptors (rhbz 1270158 1270160)
@@ -2146,6 +2137,9 @@ fi
 - Fix crash in add_key (rhbz 1284059)
 - CVE-2015-8374 btrfs: info leak when truncating compressed/inlined extents (rhbz 1286261 1286262)
 
+* Sun Nov 22 2015 Peter Robinson <pbrobinson@fedoraproject.org>
+- Fix sound issue on some ARM devices (tested on Arndale)
+
 * Fri Nov 20 2015 Justin M. Forbes <jmforbes@fedoraproject.org> - 4.2.6-301
 - Fix for GRE tunnel running in IPSec (rhbz 1272571)
 - Fix KVM on specific hardware (rhbz 1278688)
@@ -2153,6 +2147,9 @@ fi
 * Mon Nov 16 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - Fix ipset netfilter issues (rhbz 1279189)
 
+* Thu Nov 12 2015 Josh Boyer <jwboyer@fedoraproject.org>
+- CVE-2015-5327 x509 time validation
+
 * Tue Nov 10 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - Fix Yoga 900 rfkill switch issues (rhbz 1275490)
 
diff --git a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
index cc82141..a5832ea 100644
--- a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
+++ b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
@@ -1,3 +1,4 @@
+From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 03:33:56 -0400
 Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
@@ -13,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 8 insertions(+)
 
 diff --git a/kernel/kexec.c b/kernel/kexec.c
-index a785c1015e25..81d6b404f33c 100644
+index 4c5edc357923..db431971dbd4 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
-@@ -36,6 +36,7 @@
- #include <linux/syscore_ops.h>
- #include <linux/compiler.h>
- #include <linux/hugetlb.h>
+@@ -10,6 +10,7 @@
+ #include <linux/mm.h>
+ #include <linux/file.h>
+ #include <linux/kexec.h>
 +#include <linux/module.h>
- 
- #include <asm/page.h>
- #include <asm/uaccess.h>
-@@ -1258,6 +1259,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+ #include <linux/mutex.h>
+ #include <linux/list.h>
+ #include <linux/syscalls.h>
+@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
  		return -EPERM;
  
  	/*
@@ -38,3 +39,6 @@ index a785c1015e25..81d6b404f33c 100644
  	 * Verify we have a legal set of flags
  	 * This leaves us room for future extensions.
  	 */
+-- 
+2.4.3
+
diff --git a/mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch b/mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
new file mode 100644
index 0000000..dfedd2a
--- /dev/null
+++ b/mfd-wm8994-Ensure-that-the-whole-MFD-is-built-into-a.patch
@@ -0,0 +1,28 @@
+From 567a18f57213647e2c31bbdc7f6b8f9991d22fad Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Fri, 13 Nov 2015 19:03:29 +0000
+Subject: [PATCH] mfd: wm8994: Ensure that the whole MFD is built into a single
+ module
+
+Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
+---
+ drivers/mfd/Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/mfd/Makefile b/drivers/mfd/Makefile
+index a59e3fc..4a767ef 100644
+--- a/drivers/mfd/Makefile
++++ b/drivers/mfd/Makefile
+@@ -61,7 +61,8 @@ wm8350-objs			:= wm8350-core.o wm8350-regmap.o wm8350-gpio.o
+ wm8350-objs			+= wm8350-irq.o
+ obj-$(CONFIG_MFD_WM8350)	+= wm8350.o
+ obj-$(CONFIG_MFD_WM8350_I2C)	+= wm8350-i2c.o
+-obj-$(CONFIG_MFD_WM8994)	+= wm8994-core.o wm8994-irq.o wm8994-regmap.o
++wm8994-objs			:= wm8994-core.o wm8994-irq.o wm8994-regmap.o
++obj-$(CONFIG_MFD_WM8994)	+= wm8994.o
+ 
+ obj-$(CONFIG_TPS6105X)		+= tps6105x.o
+ obj-$(CONFIG_TPS65010)		+= tps65010.o
+-- 
+2.5.0
+
diff --git a/net-inet-fix-race-in-reqsk_queue_unlink.patch b/net-inet-fix-race-in-reqsk_queue_unlink.patch
new file mode 100644
index 0000000..7440843
--- /dev/null
+++ b/net-inet-fix-race-in-reqsk_queue_unlink.patch
@@ -0,0 +1,76 @@
+From patchwork Thu Oct  1 12:39:26 2015
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [net] inet: fix race in reqsk_queue_unlink()
+From: Eric Dumazet <eric.dumazet@gmail.com>
+X-Patchwork-Id: 524966
+Message-Id: <1443703166.32531.47.camel@edumazet-glaptop2.roam.corp.google.com>
+To: David Miller <davem@davemloft.net>
+Cc: netdev <netdev@vger.kernel.org>, Yuchung Cheng <ycheng@google.com>
+Date: Thu, 01 Oct 2015 05:39:26 -0700
+
+From: Eric Dumazet <edumazet@google.com>
+
+reqsk_timer_handler() tests if icsk_accept_queue.listen_opt
+is NULL at its beginning.
+
+By the time it calls inet_csk_reqsk_queue_drop() and
+reqsk_queue_unlink(), listener might have been closed and
+inet_csk_listen_stop() had called reqsk_queue_yank_acceptq()
+which sets icsk_accept_queue.listen_opt to NULL
+
+We therefore need to correctly check listen_opt being NULL
+after holding syn_wait_lock for proper synchronization.
+
+Fixes: fa76ce7328b2 ("inet: get rid of central tcp/dccp listener timer")
+Fixes: b357a364c57c ("inet: fix possible panic in reqsk_queue_unlink()")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Yuchung Cheng <ycheng@google.com>
+---
+ net/ipv4/inet_connection_sock.c |   19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+
+
+--
+To unsubscribe from this list: send the line "unsubscribe netdev" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
+
+diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
+index 7bb9c39e0a4d..61b45a17fc73 100644
+--- a/net/ipv4/inet_connection_sock.c
++++ b/net/ipv4/inet_connection_sock.c
+@@ -577,21 +577,22 @@ EXPORT_SYMBOL(inet_rtx_syn_ack);
+ static bool reqsk_queue_unlink(struct request_sock_queue *queue,
+ 			       struct request_sock *req)
+ {
+-	struct listen_sock *lopt = queue->listen_opt;
+ 	struct request_sock **prev;
++	struct listen_sock *lopt;
+ 	bool found = false;
+ 
+ 	spin_lock(&queue->syn_wait_lock);
+-
+-	for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
+-	     prev = &(*prev)->dl_next) {
+-		if (*prev == req) {
+-			*prev = req->dl_next;
+-			found = true;
+-			break;
++	lopt = queue->listen_opt;
++	if (lopt) {
++		for (prev = &lopt->syn_table[req->rsk_hash]; *prev != NULL;
++		     prev = &(*prev)->dl_next) {
++			if (*prev == req) {
++				*prev = req->dl_next;
++				found = true;
++				break;
++			}
+ 		}
+ 	}
+-
+ 	spin_unlock(&queue->syn_wait_lock);
+ 	if (timer_pending(&req->rsk_timer) && del_timer_sync(&req->rsk_timer))
+ 		reqsk_put(req);
diff --git a/pinctrl-pinctrl-single-must-be-initialized-early.patch b/pinctrl-pinctrl-single-must-be-initialized-early.patch
new file mode 100644
index 0000000..96f2682
--- /dev/null
+++ b/pinctrl-pinctrl-single-must-be-initialized-early.patch
@@ -0,0 +1,34 @@
+From: Pantelis Antoniou <panto@antoniou-consulting.com>
+Date: Sat, 15 Sep 2012 12:00:41 +0300
+Subject: [PATCH] pinctrl: pinctrl-single must be initialized early.
+
+When using pinctrl-single to handle i2c initialization, it has
+to be done early. Whether this is the best way to do so, is an
+exercise left to the reader.
+---
+ drivers/pinctrl/pinctrl-single.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
+index 69e84427f913..f21cf4291476 100644
+--- a/drivers/pinctrl/pinctrl-single.c
++++ b/drivers/pinctrl/pinctrl-single.c
+@@ -2025,7 +2025,17 @@ static struct platform_driver pcs_driver = {
+ #endif
+ };
+ 
+-module_platform_driver(pcs_driver);
++static int __init pcs_init(void)
++{
++	return platform_driver_register(&pcs_driver);
++}
++postcore_initcall(pcs_init);
++
++static void __exit pcs_exit(void)
++{
++	platform_driver_unregister(&pcs_driver);
++}
++module_exit(pcs_exit);
+ 
+ MODULE_AUTHOR("Tony Lindgren <tony@atomide.com>");
+ MODULE_DESCRIPTION("One-register-per-pin type device tree based pinctrl driver");
diff --git a/regulator-anatop-module-alias.patch b/regulator-anatop-module-alias.patch
deleted file mode 100644
index 56b4097..0000000
--- a/regulator-anatop-module-alias.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From d702ffd4d1df73b9c620af1654af42ff5b8d5c09 Fri Sep 18 19:09:07 2015
-From: Luis de Bethencourt <luis@debethencourt.com>
-Date:   Fri Sep 18 19:09:07 2015 +0200
-
-    regulator: anatop: Fix module autoload for OF platform driver
-    
-    This platform driver has a OF device ID table but the OF module
-    alias information is not created so module autoloading won't work.
-    
-    Signed-off-by: Luis de Bethencourt <luisbg@osg.samsung.com>
-    Signed-off-by: Mark Brown <broonie@kernel.org>
-
-diff --git a/drivers/regulator/anatop-regulator.c b/drivers/regulator/anatop-regulator.c
-index 738adfa..52ea605 100644
---- a/drivers/regulator/anatop-regulator.c
-+++ b/drivers/regulator/anatop-regulator.c
-@@ -318,6 +318,7 @@ static const struct of_device_id of_anatop_regulator_match_tbl[] = {
- 	{ .compatible = "fsl,anatop-regulator", },
- 	{ /* end */ }
- };
-+MODULE_DEVICE_TABLE(of, of_anatop_regulator_match_tbl);
- 
- static struct platform_driver anatop_regulator_driver = {
- 	.driver = {
diff --git a/showmem-cma-correct-reserved-memory-calculation.patch b/showmem-cma-correct-reserved-memory-calculation.patch
deleted file mode 100644
index c22a849..0000000
--- a/showmem-cma-correct-reserved-memory-calculation.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 3a83eda52f34b97168b70098ef0e34dbcaeaaf8f Mon Sep 17 00:00:00 2001
-From: Vishnu Pratap Singh <vishnu.ps@samsung.com>
-Date: Tue, 25 Aug 2015 00:04:44 +0000
-Subject: lib/show_mem.c: correct reserved memory calculation
-
-CMA reserved memory is not part of total reserved memory.
-Currently when we print the total reserve memory it considers
-cma as part of reserve memory and do minus of totalcma_pages
-from reserved, which is wrong. In cases where total reserved
-is less than cma reserved we will get negative values & while
-printing we print as unsigned and we will get a very large value.
-
-Below is the show mem output on X86 ubuntu based system where
-CMA reserved is 100MB (25600 pages) & total reserved is ~40MB(10316 pages).
-And reserve memory shows a large value because of this bug.
-
-Before:
-[  127.066430] 898908 pages RAM
-[  127.066432] 671682 pages HighMem/MovableOnly
-[  127.066434] 4294952012 pages reserved
-[  127.066436] 25600 pages cma reserved
-
-After:
-[   44.663129] 898908 pages RAM
-[   44.663130] 671682 pages HighMem/MovableOnly
-[   44.663130] 10316 pages reserved
-[   44.663131] 25600 pages cma reserved
-
-Signed-off-by: Vishnu Pratap Singh <vishnu.ps@samsung.com>
-Cc: Michal Nazarewicz <mina86@mina86.com>
-Cc: Marek Szyprowski <m.szyprowski@samsung.com>
-Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
-Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
-Cc: Sasha Levin <sasha.levin@oracle.com>
-Cc: Danesh Petigara <dpetigara@broadcom.com>
-Cc: Laura Abbott <lauraa@codeaurora.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
----
- lib/show_mem.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/lib/show_mem.c b/lib/show_mem.c
-index adc98e18..1feed6a 100644
---- a/lib/show_mem.c
-+++ b/lib/show_mem.c
-@@ -38,11 +38,9 @@ void show_mem(unsigned int filter)
- 
- 	printk("%lu pages RAM\n", total);
- 	printk("%lu pages HighMem/MovableOnly\n", highmem);
-+	printk("%lu pages reserved\n", reserved);
- #ifdef CONFIG_CMA
--	printk("%lu pages reserved\n", (reserved - totalcma_pages));
- 	printk("%lu pages cma reserved\n", totalcma_pages);
--#else
--	printk("%lu pages reserved\n", reserved);
- #endif
- #ifdef CONFIG_QUICKLIST
- 	printk("%lu pages in pagetable cache\n",
--- 
-cgit v0.11.2
-
diff --git a/si2157-Bounds-check-firmware.patch b/si2157-Bounds-check-firmware.patch
new file mode 100644
index 0000000..2840061
--- /dev/null
+++ b/si2157-Bounds-check-firmware.patch
@@ -0,0 +1,39 @@
+From 526fbce5b0e44c67a97c57656b3be9911f0a9b9b Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott@fedoraproject.org>
+Date: Tue, 29 Sep 2015 16:59:20 -0700
+Subject: [PATCH 2/2] si2157: Bounds check firmware
+To: Antti Palosaari <crope@iki.fi>
+To: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Cc: Olli Salonen <olli.salonen@iki.fi>
+Cc: linux-media@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+
+When reading the firmware and sending commands, the length
+must be bounds checked to avoid overrunning the size of the command
+buffer and smashing the stack if the firmware is not in the
+expected format. Add the proper check.
+
+Cc: stable@kernel.org
+Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
+---
+ drivers/media/tuners/si2157.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/media/tuners/si2157.c b/drivers/media/tuners/si2157.c
+index 5073821..ce157ed 100644
+--- a/drivers/media/tuners/si2157.c
++++ b/drivers/media/tuners/si2157.c
+@@ -166,6 +166,10 @@ static int si2157_init(struct dvb_frontend *fe)
+ 
+ 	for (remaining = fw->size; remaining > 0; remaining -= 17) {
+ 		len = fw->data[fw->size - remaining];
++		if (len > SI2157_ARGLEN) {
++			dev_err(&client->dev, "Bad firmware length\n");
++			goto err_release_firmware;
++		}
+ 		memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len);
+ 		cmd.wlen = len;
+ 		cmd.rlen = 1;
+-- 
+2.4.3
+
diff --git a/si2168-Bounds-check-firmware.patch b/si2168-Bounds-check-firmware.patch
new file mode 100644
index 0000000..e9c5bcc
--- /dev/null
+++ b/si2168-Bounds-check-firmware.patch
@@ -0,0 +1,50 @@
+From 43018528944fa4965a4048fee91d76b47dcaf60e Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott@fedoraproject.org>
+Date: Mon, 28 Sep 2015 14:10:34 -0700
+Subject: [PATCH 1/2] si2168: Bounds check firmware
+To: Antti Palosaari <crope@iki.fi>
+To: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
+Cc: Olli Salonen <olli.salonen@iki.fi>
+Cc: linux-media@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Cc: Stuart Auchterlonie <sauchter@redhat.com>
+
+
+When reading the firmware and sending commands, the length must
+be bounds checked to avoid overrunning the size of the command
+buffer and smashing the stack if the firmware is not in the expected
+format:
+
+si2168 11-0064: found a 'Silicon Labs Si2168-B40'
+si2168 11-0064: downloading firmware from file 'dvb-demod-si2168-b40-01.fw'
+si2168 11-0064: firmware download failed -95
+Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa085708f
+
+Add the proper check.
+
+Cc: stable@kernel.org
+Reported-by: Stuart Auchterlonie <sauchter@redhat.com>
+Reviewed-by: Antti Palosaari <crope@iki.fi>
+Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
+---
+ drivers/media/dvb-frontends/si2168.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/media/dvb-frontends/si2168.c b/drivers/media/dvb-frontends/si2168.c
+index 81788c5..821a8f4 100644
+--- a/drivers/media/dvb-frontends/si2168.c
++++ b/drivers/media/dvb-frontends/si2168.c
+@@ -502,6 +502,10 @@ static int si2168_init(struct dvb_frontend *fe)
+ 		/* firmware is in the new format */
+ 		for (remaining = fw->size; remaining > 0; remaining -= 17) {
+ 			len = fw->data[fw->size - remaining];
++			if (len > SI2168_ARGLEN) {
++				ret = -EINVAL;
++				break;
++			}
+ 			memcpy(cmd.args, &fw->data[(fw->size - remaining) + 1], len);
+ 			cmd.wlen = len;
+ 			cmd.rlen = 1;
+-- 
+2.4.3
+
diff --git a/sources b/sources
index 7aef376..3a874fa 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-3d5ea06d767e2f35c999eeadafc76523  linux-4.2.tar.xz
-4c964bfba54d65b5b54cc898baddecad  perf-man-4.2.tar.gz
-c000fd7de765fc8cd60942aa52a996ed  patch-4.2.8.xz
+58b35794eee3b6d52ce7be39357801e7  linux-4.3.tar.xz
+7c516c9528b9f9aac0136944b0200b7e  perf-man-4.3.tar.gz
+d3235b3640ae6ac1ab579171943fda4b  patch-4.3.3.xz
diff --git a/vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch b/vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch
new file mode 100644
index 0000000..f9e7e6e
--- /dev/null
+++ b/vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch
@@ -0,0 +1,110 @@
+From 14588dfe2e411056df5ba85ef88ad51730a2fa0a Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Sat, 15 Aug 2015 20:27:13 -0500
+Subject: [PATCH 2/2] vfs: Test for and handle paths that are unreachable from
+ their mnt_root
+
+commit 397d425dc26da728396e66d392d5dcb8dac30c37 upstream.
+
+In rare cases a directory can be renamed out from under a bind mount.
+In those cases without special handling it becomes possible to walk up
+the directory tree to the root dentry of the filesystem and down
+from the root dentry to every other file or directory on the filesystem.
+
+Like division by zero .. from an unconnected path can not be given
+a useful semantic as there is no predicting at which path component
+the code will realize it is unconnected.  We certainly can not match
+the current behavior as the current behavior is a security hole.
+
+Therefore when encounting .. when following an unconnected path
+return -ENOENT.
+
+- Add a function path_connected to verify path->dentry is reachable
+  from path->mnt.mnt_root.  AKA to validate that rename did not do
+  something nasty to the bind mount.
+
+  To avoid races path_connected must be called after following a path
+  component to it's next path component.
+
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+---
+ fs/namei.c | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/fs/namei.c b/fs/namei.c
+index 1c2105ed20c5..29b927938b8c 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -560,6 +560,24 @@ static int __nd_alloc_stack(struct nameidata *nd)
+ 	return 0;
+ }
+ 
++/**
++ * path_connected - Verify that a path->dentry is below path->mnt.mnt_root
++ * @path: nameidate to verify
++ *
++ * Rename can sometimes move a file or directory outside of a bind
++ * mount, path_connected allows those cases to be detected.
++ */
++static bool path_connected(const struct path *path)
++{
++	struct vfsmount *mnt = path->mnt;
++
++	/* Only bind mounts can have disconnected paths */
++	if (mnt->mnt_root == mnt->mnt_sb->s_root)
++		return true;
++
++	return is_subdir(path->dentry, mnt->mnt_root);
++}
++
+ static inline int nd_alloc_stack(struct nameidata *nd)
+ {
+ 	if (likely(nd->depth != EMBEDDED_LEVELS))
+@@ -1296,6 +1314,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ 				return -ECHILD;
+ 			nd->path.dentry = parent;
+ 			nd->seq = seq;
++			if (unlikely(!path_connected(&nd->path)))
++				return -ENOENT;
+ 			break;
+ 		} else {
+ 			struct mount *mnt = real_mount(nd->path.mnt);
+@@ -1396,7 +1416,7 @@ static void follow_mount(struct path *path)
+ 	}
+ }
+ 
+-static void follow_dotdot(struct nameidata *nd)
++static int follow_dotdot(struct nameidata *nd)
+ {
+ 	if (!nd->root.mnt)
+ 		set_root(nd);
+@@ -1412,6 +1432,8 @@ static void follow_dotdot(struct nameidata *nd)
+ 			/* rare case of legitimate dget_parent()... */
+ 			nd->path.dentry = dget_parent(nd->path.dentry);
+ 			dput(old);
++			if (unlikely(!path_connected(&nd->path)))
++				return -ENOENT;
+ 			break;
+ 		}
+ 		if (!follow_up(&nd->path))
+@@ -1419,6 +1441,7 @@ static void follow_dotdot(struct nameidata *nd)
+ 	}
+ 	follow_mount(&nd->path);
+ 	nd->inode = nd->path.dentry->d_inode;
++	return 0;
+ }
+ 
+ /*
+@@ -1634,7 +1657,7 @@ static inline int handle_dots(struct nameidata *nd, int type)
+ 		if (nd->flags & LOOKUP_RCU) {
+ 			return follow_dotdot_rcu(nd);
+ 		} else
+-			follow_dotdot(nd);
++			return follow_dotdot(nd);
+ 	}
+ 	return 0;
+ }
+-- 
+2.4.3
+
diff --git a/vrf-fix-memory-leak-on-registration.patch b/vrf-fix-memory-leak-on-registration.patch
new file mode 100644
index 0000000..86c3dff
--- /dev/null
+++ b/vrf-fix-memory-leak-on-registration.patch
@@ -0,0 +1,42 @@
+From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 15 Dec 2015 15:12:43 +0000
+Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
+
+The backported version of commit 7f109f7cc371 ("vrf: fix double free
+and memory corruption on register_netdevice failure") incorrectly
+removed a kfree() from the failure path as well as the free_netdev().
+Add that back.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ drivers/net/vrf.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
+index c9e309c..6c25fd0 100644
+--- a/drivers/net/vrf.c
++++ b/drivers/net/vrf.c
+@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
+ {
+ 	struct net_vrf *vrf = netdev_priv(dev);
+ 	struct net_vrf_dev *vrf_ptr;
++	int err;
+
+ 	if (!data || !data[IFLA_VRF_TABLE])
+ 		return -EINVAL;
+@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
+
+ 	rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
+
+-	return register_netdev(dev);
++	err = register_netdev(dev);
++	if (err)
++		kfree(vrf_ptr);
++	return err;
+ }
+
+ static size_t vrf_nl_getsize(const struct net_device *dev)
+-- 
+2.5.0
+
diff --git a/x86-Lock-down-IO-port-access-when-module-security-is.patch b/x86-Lock-down-IO-port-access-when-module-security-is.patch
index 4c1211d..708006c 100644
--- a/x86-Lock-down-IO-port-access-when-module-security-is.patch
+++ b/x86-Lock-down-IO-port-access-when-module-security-is.patch
@@ -1,6 +1,8 @@
+From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
-Subject: [PATCH] x86: Lock down IO port access when module security is enabled
+Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
+ enabled
 
 IO port access would permit users to gain access to PCI configuration
 registers, which in turn (on a lot of hardware) give access to MMIO register
@@ -65,3 +67,6 @@ index 6b1721f978c2..53fe675f9bd7 100644
  	if (!access_ok(VERIFY_READ, buf, count))
  		return -EFAULT;
  	while (count-- > 0 && i < 65536) {
+-- 
+2.4.3
+
diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
index 9053f2a..5c91ab1 100644
--- a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
+++ b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
@@ -1,6 +1,8 @@
+From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
-Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
+Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
+ restricted
 
 Writing to MSRs should not be allowed if module loading is restricted,
 since it could lead to execution of arbitrary code in kernel mode. Based
@@ -37,3 +39,6 @@ index 113e70784854..26c2f83fc470 100644
  		if (copy_from_user(&regs, uregs, sizeof regs)) {
  			err = -EFAULT;
  			break;
+-- 
+2.4.3
+