Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
authorLinus Torvalds <torvalds@linux-foundation.org>
Thu, 7 Mar 2019 19:44:01 +0000 (11:44 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Thu, 7 Mar 2019 19:44:01 +0000 (11:44 -0800)
Pull security subsystem updates from James Morris:

 - Extend LSM stacking to allow sharing of cred, file, ipc, inode, and
   task blobs. This paves the way for more full-featured LSMs to be
   merged, and is specifically aimed at LandLock and SARA LSMs. This
   work is from Casey and Kees.

 - There's a new LSM from Micah Morton: "SafeSetID gates the setid
   family of syscalls to restrict UID/GID transitions from a given
   UID/GID to only those approved by a system-wide whitelist." This
   feature is currently shipping in ChromeOS.

* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (62 commits)
  keys: fix missing __user in KEYCTL_PKEY_QUERY
  LSM: Update list of SECURITYFS users in Kconfig
  LSM: Ignore "security=" when "lsm=" is specified
  LSM: Update function documentation for cap_capable
  security: mark expected switch fall-throughs and add a missing break
  tomoyo: Bump version.
  LSM: fix return value check in safesetid_init_securityfs()
  LSM: SafeSetID: add selftest
  LSM: SafeSetID: remove unused include
  LSM: SafeSetID: 'depend' on CONFIG_SECURITY
  LSM: Add 'name' field for SafeSetID in DEFINE_LSM
  LSM: add SafeSetID module that gates setid calls
  LSM: add SafeSetID module that gates setid calls
  tomoyo: Allow multiple use_group lines.
  tomoyo: Coding style fix.
  tomoyo: Swicth from cred->security to task_struct->security.
  security: keys: annotate implicit fall throughs
  security: keys: annotate implicit fall throughs
  security: keys: annotate implicit fall through
  capabilities:: annotate implicit fall through
  ...

1  2 
Documentation/admin-guide/kernel-parameters.txt
MAINTAINERS
fs/proc/base.c
fs/proc/internal.h
kernel/seccomp.c
security/apparmor/domain.c
security/apparmor/lsm.c
security/keys/keyctl.c
security/keys/keyring.c
security/keys/process_keys.c
security/keys/request_key.c

index a422560fbc15a7c6fb66afd85db48ed4e53e2b27,91c0251fdb8664ad40c8f808203299f1c795ac7f..42379633801f4741a1af5a03c1153b1230d948eb
                        possible to determine what the correct size should be.
                        This option provides an override for these situations.
  
 +      carrier_timeout=
 +                      [NET] Specifies amount of time (in seconds) that
 +                      the kernel should wait for a network carrier. By default
 +                      it waits 120 seconds.
 +
        ca_keys=        [KEYS] This parameter identifies a specific key(s) on
                        the system trusted keyring to be used for certificate
                        trust validation.
                        The filter can be disabled or changed to another
                        driver later using sysfs.
  
 +      driver_async_probe=  [KNL]
 +                      List of driver names to be probed asynchronously.
 +                      Format: <driver_name1>,<driver_name2>...
 +
        drm.edid_firmware=[<connector>:]<file>[,[<connector>:]<file>]
                        Broken monitors, graphic adapters, KVMs and EDIDless
                        panels may send no or incorrect EDID data sets.
                        specified address. The serial port must already be
                        setup and configured. Options are not yet supported.
  
 +              efifb,[options]
 +                      Start an early, unaccelerated console on the EFI
 +                      memory mapped framebuffer (if available). On cache
 +                      coherent non-x86 systems that use system memory for
 +                      the framebuffer, pass the 'ram' option so that it is
 +                      mapped with the correct attributes.
 +
        earlyprintk=    [X86,SH,ARM,M68k,S390]
                        earlyprintk=vga
 -                      earlyprintk=efi
                        earlyprintk=sclp
                        earlyprintk=xen
                        earlyprintk=serial[,ttySn[,baudrate]]
                        By default, super page will be supported if Intel IOMMU
                        has the capability. With this option, super page will
                        not be supported.
 -              sm_off [Default Off]
 -                      By default, scalable mode will be supported if the
 +              sm_on [Default Off]
 +                      By default, scalable mode will be disabled even if the
                        hardware advertises that it has support for the scalable
                        mode translation. With this option set, scalable mode
 -                      will not be used even on hardware which claims to support
 -                      it.
 +                      will be used on hardware which claims to support it.
                tboot_noforce [Default Off]
                        Do not force the Intel IOMMU enabled under tboot.
                        By default, tboot will force Intel IOMMU on, which
  
        lsm.debug       [SECURITY] Enable LSM initialization debugging output.
  
+       lsm=lsm1,...,lsmN
+                       [SECURITY] Choose order of LSM initialization. This
+                       overrides CONFIG_LSM, and the "security=" parameter.
        machvec=        [IA-64] Force the use of a particular machine-vector
                        (machvec) in a generic kernel.
                        Example: machvec=hpzx1_swiotlb
                        latencies, which will choose a value aligned
                        with the appropriate hardware boundaries.
  
 -      rcutree.jiffies_till_sched_qs= [KNL]
 -                      Set required age in jiffies for a
 -                      given grace period before RCU starts
 -                      soliciting quiescent-state help from
 -                      rcu_note_context_switch().  If not specified, the
 -                      kernel will calculate a value based on the most
 -                      recent settings of rcutree.jiffies_till_first_fqs
 -                      and rcutree.jiffies_till_next_fqs.
 -                      This calculated value may be viewed in
 -                      rcutree.jiffies_to_sched_qs.  Any attempt to
 -                      set rcutree.jiffies_to_sched_qs will be
 -                      cheerfully overwritten.
 -
        rcutree.jiffies_till_first_fqs= [KNL]
                        Set delay from grace-period initialization to
                        first attempt to force quiescent states.
                        quiescent states.  Units are jiffies, minimum
                        value is one, and maximum value is HZ.
  
 +      rcutree.jiffies_till_sched_qs= [KNL]
 +                      Set required age in jiffies for a
 +                      given grace period before RCU starts
 +                      soliciting quiescent-state help from
 +                      rcu_note_context_switch() and cond_resched().
 +                      If not specified, the kernel will calculate
 +                      a value based on the most recent settings
 +                      of rcutree.jiffies_till_first_fqs
 +                      and rcutree.jiffies_till_next_fqs.
 +                      This calculated value may be viewed in
 +                      rcutree.jiffies_to_sched_qs.  Any attempt to set
 +                      rcutree.jiffies_to_sched_qs will be cheerfully
 +                      overwritten.
 +
        rcutree.kthread_prio=    [KNL,BOOT]
                        Set the SCHED_FIFO priority of the RCU per-CPU
                        kthreads (rcuc/N). This value is also used for
                        This wake_up() will be accompanied by a
                        WARN_ONCE() splat and an ftrace_dump().
  
 +      rcutree.sysrq_rcu= [KNL]
 +                      Commandeer a sysrq key to dump out Tree RCU's
 +                      rcu_node tree with an eye towards determining
 +                      why a new grace period has not yet started.
 +
        rcuperf.gp_async= [KNL]
                        Measure performance of asynchronous
                        grace-period primitives such as call_rcu().
                        Note: increases power consumption, thus should only be
                        enabled if running jitter sensitive (HPC/RT) workloads.
  
-       security=       [SECURITY] Choose a security module to enable at boot.
-                       If this boot parameter is not specified, only the first
-                       security module asking for security registration will be
-                       loaded. An invalid security module name will be treated
-                       as if no module has been chosen.
+       security=       [SECURITY] Choose a legacy "major" security module to
+                       enable at boot. This has been deprecated by the
+                       "lsm=" parameter.
  
        selinux=        [SELINUX] Disable or enable SELinux at boot time.
                        Format: { "0" | "1" }
        usbcore.authorized_default=
                        [USB] Default USB device authorization:
                        (default -1 = authorized except for wireless USB,
 -                      0 = not authorized, 1 = authorized)
 +                      0 = not authorized, 1 = authorized, 2 = authorized
 +                      if device connected to internal port)
  
        usbcore.autosuspend=
                        [USB] The autosuspend time delay (in seconds) used
diff --combined MAINTAINERS
index da98f27cf1b582f303a9616d44259ddf83e8b9cd,6fd9e0015dac246492ca36bb24405ee5232b1fc3..09d47cd02a146bbfe8c7d039ad9fb53f6ce0a74e
@@@ -331,7 -331,6 +331,7 @@@ ACPI APE
  M:    "Rafael J. Wysocki" <rjw@rjwysocki.net>
  M:    Len Brown <lenb@kernel.org>
  L:    linux-acpi@vger.kernel.org
 +R:    James Morse <james.morse@arm.com>
  R:    Tony Luck <tony.luck@intel.com>
  R:    Borislav Petkov <bp@alien8.de>
  F:    drivers/acpi/apei/
@@@ -410,7 -409,8 +410,7 @@@ F: drivers/platform/x86/wmi.
  F:    include/uapi/linux/wmi.h
  
  AD1889 ALSA SOUND DRIVER
 -M:    Thibaut Varene <T-Bone@parisc-linux.org>
 -W:    http://wiki.parisc-linux.org/AD1889
 +W:    https://parisc.wiki.kernel.org/index.php/AD1889
  L:    linux-parisc@vger.kernel.org
  S:    Maintained
  F:    sound/pci/ad1889.*
@@@ -854,22 -854,6 +854,22 @@@ S:       Supporte
  F:    drivers/iio/adc/ad7124.c
  F:    Documentation/devicetree/bindings/iio/adc/adi,ad7124.txt
  
 +ANALOG DEVICES INC AD7606 DRIVER
 +M:    Stefan Popa <stefan.popa@analog.com>
 +L:    linux-iio@vger.kernel.org
 +W:    http://ez.analog.com/community/linux-device-drivers
 +S:    Supported
 +F:    drivers/iio/adc/ad7606.c
 +F:    Documentation/devicetree/bindings/iio/adc/ad7606.txt
 +
 +ANALOG DEVICES INC AD7768-1 DRIVER
 +M:    Stefan Popa <stefan.popa@analog.com>
 +L:    linux-iio@vger.kernel.org
 +W:    http://ez.analog.com/community/linux-device-drivers
 +S:    Supported
 +F:    drivers/iio/adc/ad7768-1.c
 +F:    Documentation/devicetree/bindings/iio/adc/adi,ad7768-1.txt
 +
  ANALOG DEVICES INC AD9389B DRIVER
  M:    Hans Verkuil <hans.verkuil@cisco.com>
  L:    linux-media@vger.kernel.org
@@@ -1053,26 -1037,26 +1053,26 @@@ F:   drivers/net/appletalk
  F:    net/appletalk/
  
  APPLIED MICRO (APM) X-GENE DEVICE TREE SUPPORT
 -M:    Duc Dang <dhdang@apm.com>
 +M:    Khuong Dinh <khuong@os.amperecomputing.com>
  S:    Supported
  F:    arch/arm64/boot/dts/apm/
  
  APPLIED MICRO (APM) X-GENE SOC EDAC
 -M:    Loc Ho <lho@apm.com>
 +M:    Khuong Dinh <khuong@os.amperecomputing.com>
  S:    Supported
  F:    drivers/edac/xgene_edac.c
  F:    Documentation/devicetree/bindings/edac/apm-xgene-edac.txt
  
  APPLIED MICRO (APM) X-GENE SOC ETHERNET (V2) DRIVER
 -M:    Iyappan Subramanian <isubramanian@apm.com>
 -M:    Keyur Chudgar <kchudgar@apm.com>
 +M:    Iyappan Subramanian <iyappan@os.amperecomputing.com>
 +M:    Keyur Chudgar <keyur@os.amperecomputing.com>
  S:    Supported
  F:    drivers/net/ethernet/apm/xgene-v2/
  
  APPLIED MICRO (APM) X-GENE SOC ETHERNET DRIVER
 -M:    Iyappan Subramanian <isubramanian@apm.com>
 -M:    Keyur Chudgar <kchudgar@apm.com>
 -M:    Quan Nguyen <qnguyen@apm.com>
 +M:    Iyappan Subramanian <iyappan@os.amperecomputing.com>
 +M:    Keyur Chudgar <keyur@os.amperecomputing.com>
 +M:    Quan Nguyen <quan@os.amperecomputing.com>
  S:    Supported
  F:    drivers/net/ethernet/apm/xgene/
  F:    drivers/net/phy/mdio-xgene.c
@@@ -1080,7 -1064,7 +1080,7 @@@ F:      Documentation/devicetree/bindings/ne
  F:    Documentation/devicetree/bindings/net/apm-xgene-mdio.txt
  
  APPLIED MICRO (APM) X-GENE SOC PMU
 -M:    Tai Nguyen <ttnguyen@apm.com>
 +M:    Khuong Dinh <khuong@os.amperecomputing.com>
  S:    Supported
  F:    drivers/perf/xgene_pmu.c
  F:    Documentation/perf/xgene-pmu.txt
@@@ -1388,13 -1372,6 +1388,13 @@@ F:    arch/arm/mach-aspeed
  F:    arch/arm/boot/dts/aspeed-*
  N:    aspeed
  
 +ARM/BITMAIN ARCHITECTURE
 +M:    Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
 +L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
 +S:    Maintained
 +F:    arch/arm64/boot/dts/bitmain/
 +F:    Documentation/devicetree/bindings/arm/bitmain.yaml
 +
  ARM/CALXEDA HIGHBANK ARCHITECTURE
  M:    Rob Herring <robh@kernel.org>
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
@@@ -1554,14 -1531,21 +1554,14 @@@ ARM/FREESCALE IMX / MXC ARM ARCHITECTUR
  M:    Shawn Guo <shawnguo@kernel.org>
  M:    Sascha Hauer <s.hauer@pengutronix.de>
  R:    Pengutronix Kernel Team <kernel@pengutronix.de>
 -R:    Fabio Estevam <fabio.estevam@nxp.com>
 +R:    Fabio Estevam <festevam@gmail.com>
  R:    NXP Linux Team <linux-imx@nxp.com>
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
  S:    Maintained
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux.git
 -F:    arch/arm/mach-imx/
 -F:    arch/arm/mach-mxs/
 -F:    arch/arm/boot/dts/imx*
 -F:    arch/arm/configs/imx*_defconfig
 -F:    arch/arm64/boot/dts/freescale/imx*
 -F:    drivers/clk/imx/
 -F:    drivers/firmware/imx/
 -F:    drivers/soc/imx/
 -F:    include/linux/firmware/imx/
 -F:    include/soc/imx/
 +N:    imx
 +N:    mxs
 +X:    drivers/media/i2c/
  
  ARM/FREESCALE VYBRID ARM ARCHITECTURE
  M:    Shawn Guo <shawnguo@kernel.org>
@@@ -1753,7 -1737,6 +1753,7 @@@ F:      arch/arm/configs/mvebu_*_defconfi
  F:    arch/arm/mach-mvebu/
  F:    arch/arm64/boot/dts/marvell/armada*
  F:    drivers/cpufreq/armada-37xx-cpufreq.c
 +F:    drivers/cpufreq/armada-8k-cpufreq.c
  F:    drivers/cpufreq/mvebu-cpufreq.c
  F:    drivers/irqchip/irq-armada-370-xp.c
  F:    drivers/irqchip/irq-mvebu-*
@@@ -1965,37 -1948,19 +1965,37 @@@ M:   David Brown <david.brown@linaro.org
  L:    linux-arm-msm@vger.kernel.org
  S:    Maintained
  F:    Documentation/devicetree/bindings/soc/qcom/
 +F:    Documentation/devicetree/bindings/*/qcom*
  F:    arch/arm/boot/dts/qcom-*.dts
  F:    arch/arm/boot/dts/qcom-*.dtsi
  F:    arch/arm/mach-qcom/
 -F:    arch/arm64/boot/dts/qcom/*
 +F:    arch/arm64/boot/dts/qcom/
 +F:    drivers/*/qcom/
 +F:    drivers/*/qcom*
 +F:    drivers/*/*/qcom/
 +F:    drivers/*/*/qcom*
 +F:    drivers/*/pm8???-*
 +F:    drivers/bluetooth/btqcomsmd.c
 +F:    drivers/clocksource/timer-qcom.c
 +F:    drivers/extcon/extcon-qcom*
 +F:    drivers/iommu/msm*
  F:    drivers/i2c/busses/i2c-qup.c
 -F:    drivers/clk/qcom/
 -F:    drivers/dma/qcom/
 -F:    drivers/soc/qcom/
 +F:    drivers/i2c/busses/i2c-qcom-geni.c
 +F:    drivers/mfd/ssbi.c
 +F:    drivers/mmc/host/mmci_qcom*
 +F:    drivers/mmc/host/sdhci_msm.c
 +F:    drivers/pci/controller/dwc/pcie-qcom.c
 +F:    drivers/phy/qualcomm/
 +F:    drivers/power/*/msm*
 +F:    drivers/reset/reset-qcom-*
 +F:    drivers/scsi/ufs/ufs-qcom.*
  F:    drivers/spi/spi-qup.c
 +F:    drivers/spi/spi-geni-qcom.c
 +F:    drivers/spi/spi-qcom-qspi.c
  F:    drivers/tty/serial/msm_serial.c
 -F:    drivers/*/pm8???-*
 -F:    drivers/mfd/ssbi.c
 -F:    drivers/firmware/qcom_scm*
 +F:    drivers/usb/dwc3/dwc3-qcom.c
 +F:    include/dt-bindings/*/qcom*
 +F:    include/linux/*/qcom*
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux.git
  
  ARM/RADISYS ENP2611 MACHINE SUPPORT
@@@ -2032,7 -1997,7 +2032,7 @@@ Q:      http://patchwork.kernel.org/project/
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas.git next
  S:    Supported
  F:    arch/arm64/boot/dts/renesas/
 -F:    Documentation/devicetree/bindings/arm/shmobile.txt
 +F:    Documentation/devicetree/bindings/arm/renesas.yaml
  F:    drivers/soc/renesas/
  F:    include/linux/soc/renesas/
  
@@@ -2144,8 -2109,6 +2144,8 @@@ Q:      http://patchwork.kernel.org/project/
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas.git next
  S:    Supported
  F:    arch/arm/boot/dts/emev2*
 +F:    arch/arm/boot/dts/gr-peach*
 +F:    arch/arm/boot/dts/iwg20d-q7*
  F:    arch/arm/boot/dts/r7s*
  F:    arch/arm/boot/dts/r8a*
  F:    arch/arm/boot/dts/r9a*
@@@ -2153,7 -2116,7 +2153,7 @@@ F:      arch/arm/boot/dts/sh
  F:    arch/arm/configs/shmobile_defconfig
  F:    arch/arm/include/debug/renesas-scif.S
  F:    arch/arm/mach-shmobile/
 -F:    Documentation/devicetree/bindings/arm/shmobile.txt
 +F:    Documentation/devicetree/bindings/arm/renesas.yaml
  F:    drivers/soc/renesas/
  F:    include/linux/soc/renesas/
  
@@@ -2646,7 -2609,6 +2646,7 @@@ L:      linux-kernel@vger.kernel.or
  S:    Maintained
  F:    arch/*/include/asm/atomic*.h
  F:    include/*/atomic*.h
 +F:    scripts/atomic/
  
  ATTO EXPRESSSAS SAS/SATA RAID SCSI DRIVER
  M:    Bradley Grove <linuxdrivers@attotech.com>
@@@ -2886,11 -2848,8 +2886,11 @@@ F:    include/uapi/linux/if_bonding.
  BPF (Safe dynamic programs and tools)
  M:    Alexei Starovoitov <ast@kernel.org>
  M:    Daniel Borkmann <daniel@iogearbox.net>
 +R:    Martin KaFai Lau <kafai@fb.com>
 +R:    Song Liu <songliubraving@fb.com>
 +R:    Yonghong Song <yhs@fb.com>
  L:    netdev@vger.kernel.org
 -L:    linux-kernel@vger.kernel.org
 +L:    bpf@vger.kernel.org
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git
  Q:    https://patchwork.ozlabs.org/project/netdev/list/?delegate=77147
@@@ -2914,13 -2873,10 +2914,13 @@@ F:   samples/bpf
  F:    tools/bpf/
  F:    tools/lib/bpf/
  F:    tools/testing/selftests/bpf/
 +K:    bpf
 +N:    bpf
  
  BPF JIT for ARM
  M:    Shubham Bansal <illusionist.neo@gmail.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    arch/arm/net/
  
@@@ -2929,21 -2885,18 +2929,21 @@@ M:   Daniel Borkmann <daniel@iogearbox.ne
  M:    Alexei Starovoitov <ast@kernel.org>
  M:    Zi Shen Lim <zlim.lnx@gmail.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Supported
  F:    arch/arm64/net/
  
  BPF JIT for MIPS (32-BIT AND 64-BIT)
  M:    Paul Burton <paul.burton@mips.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    arch/mips/net/
  
  BPF JIT for NFP NICs
  M:    Jakub Kicinski <jakub.kicinski@netronome.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/netronome/nfp/bpf/
  
@@@ -2951,21 -2904,13 +2951,21 @@@ BPF JIT for POWERPC (32-BIT AND 64-BIT
  M:    Naveen N. Rao <naveen.n.rao@linux.ibm.com>
  M:    Sandipan Das <sandipan@linux.ibm.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    arch/powerpc/net/
  
 +BPF JIT for RISC-V (RV64G)
 +M:    Björn Töpel <bjorn.topel@gmail.com>
 +L:    netdev@vger.kernel.org
 +S:    Maintained
 +F:    arch/riscv/net/
 +
  BPF JIT for S390
  M:    Martin Schwidefsky <schwidefsky@de.ibm.com>
  M:    Heiko Carstens <heiko.carstens@de.ibm.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    arch/s390/net/
  X:    arch/s390/net/pnet.c
  BPF JIT for SPARC (32-BIT AND 64-BIT)
  M:    David S. Miller <davem@davemloft.net>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    arch/sparc/net/
  
  BPF JIT for X86 32-BIT
  M:    Wang YanQing <udknight@gmail.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    arch/x86/net/bpf_jit_comp32.c
  
@@@ -2988,7 -2931,6 +2988,7 @@@ BPF JIT for X86 64-BI
  M:    Alexei Starovoitov <ast@kernel.org>
  M:    Daniel Borkmann <daniel@iogearbox.net>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Supported
  F:    arch/x86/net/
  X:    arch/x86/net/bpf_jit_comp32.c
@@@ -3110,8 -3052,8 +3110,8 @@@ F:      include/linux/bcm963xx_nvram.
  F:    include/linux/bcm963xx_tag.h
  
  BROADCOM BNX2 GIGABIT ETHERNET DRIVER
 -M:    Rasesh Mody <rasesh.mody@cavium.com>
 -M:    Dept-GELinuxNICDev@cavium.com
 +M:    Rasesh Mody <rmody@marvell.com>
 +M:    GR-Linux-NIC-Dev@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/broadcom/bnx2.*
@@@ -3130,9 -3072,9 +3130,9 @@@ S:      Supporte
  F:    drivers/scsi/bnx2i/
  
  BROADCOM BNX2X 10 GIGABIT ETHERNET DRIVER
 -M:    Ariel Elior <ariel.elior@cavium.com>
 -M:    Sudarsana Kalluru <sudarsana.kalluru@cavium.com>
 -M:    everest-linux-l2@cavium.com
 +M:    Ariel Elior <aelior@marvell.com>
 +M:    Sudarsana Kalluru <skalluru@marvell.com>
 +M:    GR-everest-linux-l2@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/broadcom/bnx2x/
@@@ -3307,9 -3249,9 +3307,9 @@@ S:      Supporte
  F:    drivers/scsi/bfa/
  
  BROCADE BNA 10 GIGABIT ETHERNET DRIVER
 -M:    Rasesh Mody <rasesh.mody@cavium.com>
 -M:    Sudarsana Kalluru <sudarsana.kalluru@cavium.com>
 -M:    Dept-GELinuxNICDev@cavium.com
 +M:    Rasesh Mody <rmody@marvell.com>
 +M:    Sudarsana Kalluru <skalluru@marvell.com>
 +M:    GR-Linux-NIC-Dev@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/brocade/bna/
@@@ -3443,8 -3385,9 +3443,8 @@@ F:      Documentation/media/v4l-drivers/cafe
  F:    drivers/media/platform/marvell-ccic/
  
  CAIF NETWORK LAYER
 -M:    Dmitry Tarnyagin <dmitry.tarnyagin@lockless.no>
  L:    netdev@vger.kernel.org
 -S:    Supported
 +S:    Orphan
  F:    Documentation/networking/caif/
  F:    drivers/net/caif/
  F:    include/uapi/linux/caif/
@@@ -3568,6 -3511,7 +3568,6 @@@ F:      include/linux/spi/cc2520.
  F:    Documentation/devicetree/bindings/net/ieee802154/cc2520.txt
  
  CCREE ARM TRUSTZONE CRYPTOCELL REE DRIVER
 -M:    Yael Chemla <yael.chemla@foss.arm.com>
  M:    Gilad Ben-Yossef <gilad@benyossef.com>
  L:    linux-crypto@vger.kernel.org
  S:    Supported
@@@ -3743,14 -3687,6 +3743,14 @@@ N:    cros_e
  N:    cros-ec
  F:    drivers/power/supply/cros_usbpd-charger.c
  
 +CHROMEOS EC CODEC DRIVER
 +M:    Cheng-Yi Chiang <cychiang@chromium.org>
 +S:    Maintained
 +R:    Enric Balletbo i Serra <enric.balletbo@collabora.com>
 +R:    Guenter Roeck <groeck@chromium.org>
 +F:    Documentation/devicetree/bindings/sound/google,cros-ec-codec.txt
 +F:    sound/soc/codecs/cros_ec_codec.*
 +
  CIRRUS LOGIC AUDIO CODEC DRIVERS
  M:    Brian Austin <brian.austin@cirrus.com>
  M:    Paul Handrigan <Paul.Handrigan@cirrus.com>
@@@ -3970,10 -3906,9 +3970,10 @@@ M:    Johannes Weiner <hannes@cmpxchg.org
  L:    cgroups@vger.kernel.org
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git
  S:    Maintained
 -F:    Documentation/cgroup*
 +F:    Documentation/admin-guide/cgroup-v2.rst
 +F:    Documentation/cgroup-v1/
  F:    include/linux/cgroup*
 -F:    kernel/cgroup*
 +F:    kernel/cgroup/
  
  CONTROL GROUP - CPUSET
  M:    Li Zefan <lizefan@huawei.com>
@@@ -4021,7 -3956,7 +4021,7 @@@ M:      Viresh Kumar <viresh.kumar@linaro.or
  L:    linux-pm@vger.kernel.org
  S:    Maintained
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git
 -T:    git git://git.linaro.org/people/vireshk/linux.git (For ARM Updates)
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm.git (For ARM Updates)
  B:    https://bugzilla.kernel.org
  F:    Documentation/admin-guide/pm/cpufreq.rst
  F:    Documentation/admin-guide/pm/intel_pstate.rst
@@@ -4043,7 -3978,6 +4043,7 @@@ F:      drivers/cpufreq/arm_big_little.
  CPU POWER MONITORING SUBSYSTEM
  M:    Thomas Renninger <trenn@suse.com>
  M:    Shuah Khan <shuah@kernel.org>
 +M:    Shuah Khan <skhan@linuxfoundation.org>
  L:    linux-pm@vger.kernel.org
  S:    Maintained
  F:    tools/power/cpupower/
@@@ -4081,7 -4015,6 +4081,7 @@@ S:      Maintaine
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git
  B:    https://bugzilla.kernel.org
  F:    Documentation/admin-guide/pm/cpuidle.rst
 +F:    Documentation/driver-api/pm/cpuidle.rst
  F:    drivers/cpuidle/*
  F:    include/linux/cpuidle.h
  
@@@ -4189,7 -4122,7 +4189,7 @@@ S:      Maintaine
  F:    drivers/media/dvb-frontends/cxd2820r*
  
  CXGB3 ETHERNET DRIVER (CXGB3)
 -M:    Arjun Vynipadath <arjun@chelsio.com>
 +M:    Vishal Kulkarni <vishal@chelsio.com>
  L:    netdev@vger.kernel.org
  W:    http://www.chelsio.com
  S:    Supported
@@@ -4218,7 -4151,7 +4218,7 @@@ S:      Supporte
  F:    drivers/crypto/chelsio
  
  CXGB4 ETHERNET DRIVER (CXGB4)
 -M:    Arjun Vynipadath <arjun@chelsio.com>
 +M:    Vishal Kulkarni <vishal@chelsio.com>
  L:    netdev@vger.kernel.org
  W:    http://www.chelsio.com
  S:    Supported
@@@ -5247,7 -5180,7 +5247,7 @@@ DRM DRIVERS FOR XE
  M:    Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
  T:    git git://anongit.freedesktop.org/drm/drm-misc
  L:    dri-devel@lists.freedesktop.org
 -L:    xen-devel@lists.xen.org
 +L:    xen-devel@lists.xenproject.org (moderated for non-subscribers)
  S:    Supported
  F:    drivers/gpu/drm/xen/
  F:    Documentation/gpu/xen-front.rst
@@@ -5948,7 -5881,6 +5948,7 @@@ L:      linux-fsdevel@vger.kernel.or
  S:    Maintained
  F:    fs/*
  F:    include/linux/fs.h
 +F:    include/linux/fs_types.h
  F:    include/uapi/linux/fs.h
  
  FINTEK F75375S HARDWARE MONITOR AND FAN CONTROLLER DRIVER
@@@ -6091,12 -6023,6 +6091,12 @@@ L:    linuxppc-dev@lists.ozlabs.or
  S:    Maintained
  F:    drivers/dma/fsldma.*
  
 +FREESCALE ENETC ETHERNET DRIVERS
 +M:    Claudiu Manoil <claudiu.manoil@nxp.com>
 +L:    netdev@vger.kernel.org
 +S:    Maintained
 +F:    drivers/net/ethernet/freescale/enetc/
 +
  FREESCALE eTSEC ETHERNET DRIVER (GIANFAR)
  M:    Claudiu Manoil <claudiu.manoil@nxp.com>
  L:    netdev@vger.kernel.org
@@@ -6160,17 -6086,15 +6160,17 @@@ FREESCALE QORIQ PTP CLOCK DRIVE
  M:    Yangbo Lu <yangbo.lu@nxp.com>
  L:    netdev@vger.kernel.org
  S:    Maintained
 +F:    drivers/net/ethernet/freescale/enetc/enetc_ptp.c
  F:    drivers/ptp/ptp_qoriq.c
 +F:    drivers/ptp/ptp_qoriq_debugfs.c
  F:    include/linux/fsl/ptp_qoriq.h
  F:    Documentation/devicetree/bindings/ptp/ptp-qoriq.txt
  
  FREESCALE QUAD SPI DRIVER
  M:    Han Xu <han.xu@nxp.com>
 -L:    linux-mtd@lists.infradead.org
 +L:    linux-spi@vger.kernel.org
  S:    Maintained
 -F:    drivers/mtd/spi-nor/fsl-quadspi.c
 +F:    drivers/spi/spi-fsl-qspi.c
  
  FREESCALE QUICC ENGINE LIBRARY
  M:    Qiang Zhao <qiang.zhao@nxp.com>
@@@ -6221,7 -6145,7 +6221,7 @@@ FREESCALE SOC SOUND DRIVER
  M:    Timur Tabi <timur@kernel.org>
  M:    Nicolin Chen <nicoleotsuka@gmail.com>
  M:    Xiubo Li <Xiubo.Lee@gmail.com>
 -R:    Fabio Estevam <fabio.estevam@nxp.com>
 +R:    Fabio Estevam <festevam@gmail.com>
  L:    alsa-devel@alsa-project.org (moderated for non-subscribers)
  L:    linuxppc-dev@lists.ozlabs.org
  S:    Maintained
@@@ -6717,15 -6641,6 +6717,15 @@@ F:    drivers/clocksource/h8300_*.
  F:    drivers/clk/h8300/
  F:    drivers/irqchip/irq-renesas-h8*.c
  
 +HABANALABS PCI DRIVER
 +M:    Oded Gabbay <oded.gabbay@gmail.com>
 +T:    git https://github.com/HabanaAI/linux.git
 +S:    Supported
 +F:    drivers/misc/habanalabs/
 +F:    include/uapi/misc/habanalabs.h
 +F:    Documentation/ABI/testing/sysfs-driver-habanalabs
 +F:    Documentation/ABI/testing/debugfs-driver-habanalabs
 +
  HACKRF MEDIA DRIVER
  M:    Antti Palosaari <crope@iki.fi>
  L:    linux-media@vger.kernel.org
@@@ -7083,7 -6998,7 +7083,7 @@@ M:      Haiyang Zhang <haiyangz@microsoft.co
  M:    Stephen Hemminger <sthemmin@microsoft.com>
  M:    Sasha Levin <sashal@kernel.org>
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git
 -L:    devel@linuxdriverproject.org
 +L:    linux-hyperv@vger.kernel.org
  S:    Supported
  F:    Documentation/networking/device_drivers/microsoft/netvsc.txt
  F:    arch/x86/include/asm/mshyperv.h
@@@ -7248,7 -7163,6 +7248,7 @@@ F:      drivers/i2c/i2c-stub.
  I3C SUBSYSTEM
  M:    Boris Brezillon <bbrezillon@kernel.org>
  L:    linux-i3c@lists.infradead.org
 +C:    irc://chat.freenode.net/linux-i3c
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux.git
  S:    Maintained
  F:    Documentation/ABI/testing/sysfs-bus-i3c
@@@ -7968,16 -7882,6 +7968,16 @@@ L:    linux-gpio@vger.kernel.or
  S:    Maintained
  F:    drivers/gpio/gpio-intel-mid.c
  
 +INTERCONNECT API
 +M:    Georgi Djakov <georgi.djakov@linaro.org>
 +S:    Maintained
 +F:    Documentation/interconnect/
 +F:    Documentation/devicetree/bindings/interconnect/
 +F:    drivers/interconnect/
 +F:    include/dt-bindings/interconnect/
 +F:    include/linux/interconnect-provider.h
 +F:    include/linux/interconnect.h
 +
  INVENSENSE MPU-3050 GYROSCOPE DRIVER
  M:    Linus Walleij <linus.walleij@linaro.org>
  L:    linux-iio@vger.kernel.org
@@@ -8354,7 -8258,6 +8354,7 @@@ F:      include/uapi/linux/sunrpc
  
  KERNEL SELFTEST FRAMEWORK
  M:    Shuah Khan <shuah@kernel.org>
 +M:    Shuah Khan <skhan@linuxfoundation.org>
  L:    linux-kselftest@vger.kernel.org
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git
  Q:    https://patchwork.kernel.org/project/linux-kselftest/list/
@@@ -8577,7 -8480,6 +8577,7 @@@ L7 BPF FRAMEWOR
  M:    John Fastabend <john.fastabend@gmail.com>
  M:    Daniel Borkmann <daniel@iogearbox.net>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    include/linux/skmsg.h
  F:    net/core/skmsg.c
@@@ -9180,14 -9082,6 +9180,14 @@@ F:    drivers/gpu/drm/armada
  F:    include/uapi/drm/armada_drm.h
  F:    Documentation/devicetree/bindings/display/armada/
  
 +MARVELL ARMADA 3700 PHY DRIVERS
 +M:    Miquel Raynal <miquel.raynal@bootlin.com>
 +S:    Maintained
 +F:    drivers/phy/marvell/phy-mvebu-a3700-comphy.c
 +F:    drivers/phy/marvell/phy-mvebu-a3700-utmi.c
 +F:    Documentation/devicetree/bindings/phy/phy-mvebu-comphy.txt
 +F:    Documentation/devicetree/bindings/phy/phy-mvebu-utmi.txt
 +
  MARVELL CRYPTO DRIVER
  M:    Boris Brezillon <bbrezillon@kernel.org>
  M:    Arnaud Ebalard <arno@natisbad.org>
@@@ -9891,14 -9785,6 +9891,14 @@@ F:    kernel/sched/membarrier.
  F:    include/uapi/linux/membarrier.h
  F:    arch/powerpc/include/asm/membarrier.h
  
 +MEMBLOCK
 +M:    Mike Rapoport <rppt@linux.ibm.com>
 +L:    linux-mm@kvack.org
 +S:    Maintained
 +F:    include/linux/memblock.h
 +F:    mm/memblock.c
 +F:    Documentation/core-api/boot-time-mm.rst
 +
  MEMORY MANAGEMENT
  L:    linux-mm@kvack.org
  W:    http://www.linux-mm.org
@@@ -9965,18 -9851,6 +9965,18 @@@ F:    drivers/media/platform/meson/ao-cec.
  F:    Documentation/devicetree/bindings/media/meson-ao-cec.txt
  T:    git git://linuxtv.org/media_tree.git
  
 +MESON NAND CONTROLLER DRIVER FOR AMLOGIC SOCS
 +M:    Liang Yang <liang.yang@amlogic.com>
 +L:    linux-mtd@lists.infradead.org
 +S:    Maintained
 +F:    drivers/mtd/nand/raw/meson_*
 +F:    Documentation/devicetree/bindings/mtd/amlogic,meson-nand.txt
 +
 +METHODE UDPU SUPPORT
 +M:    Vladimir Vid <vladimir.vid@sartura.hr>
 +S:    Maintained
 +F:    arch/arm64/boot/dts/marvell/armada-3720-uDPU.dts
 +
  MICROBLAZE ARCHITECTURE
  M:    Michal Simek <monstr@monstr.eu>
  W:    http://www.monstr.eu/fdt/
@@@ -10701,7 -10575,6 +10701,7 @@@ F:   Documentation/devicetree/bindings/ne
  F:    net/dsa/
  F:    include/net/dsa.h
  F:    include/linux/dsa/
 +F:    include/linux/platform_data/dsa.h
  F:    drivers/net/dsa/
  
  NETWORKING [GENERAL]
@@@ -10815,9 -10688,9 +10815,9 @@@ S:   Maintaine
  F:    drivers/net/netdevsim/*
  
  NETXEN (1/10) GbE SUPPORT
 -M:    Manish Chopra <manish.chopra@cavium.com>
 -M:    Rahul Verma <rahul.verma@cavium.com>
 -M:    Dept-GELinuxNICDev@cavium.com
 +M:    Manish Chopra <manishc@marvell.com>
 +M:    Rahul Verma <rahulv@marvell.com>
 +M:    GR-Linux-NIC-Dev@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/qlogic/netxen/
@@@ -10917,12 -10790,6 +10917,12 @@@ F: drivers/power/supply/bq27xxx_battery
  F:    drivers/power/supply/isp1704_charger.c
  F:    drivers/power/supply/rx51_battery.c
  
 +NOLIBC HEADER FILE
 +M:    Willy Tarreau <w@1wt.eu>
 +S:    Maintained
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/wtarreau/nolibc.git
 +F:    tools/include/nolibc/
 +
  NTB AMD DRIVER
  M:    Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
  L:    linux-ntb@googlegroups.com
@@@ -11024,7 -10891,7 +11024,7 @@@ F:   include/linux/nvmem-consumer.
  F:    include/linux/nvmem-provider.h
  
  NXP SGTL5000 DRIVER
 -M:    Fabio Estevam <fabio.estevam@nxp.com>
 +M:    Fabio Estevam <festevam@gmail.com>
  L:    alsa-devel@alsa-project.org (moderated for non-subscribers)
  S:    Maintained
  F:    Documentation/devicetree/bindings/sound/sgtl5000.txt
@@@ -11062,14 -10929,6 +11062,14 @@@ F: lib/objagg.
  F:    lib/test_objagg.c
  F:    include/linux/objagg.h
  
 +NXP FSPI DRIVER
 +R:    Yogesh Gaur <yogeshgaur.83@gmail.com>
 +M:    Ashish Kumar <ashish.kumar@nxp.com>
 +L:    linux-spi@vger.kernel.org
 +S:    Maintained
 +F:    drivers/spi/spi-nxp-fspi.c
 +F:    Documentation/devicetree/bindings/spi/spi-nxp-fspi.txt
 +
  OBJTOOL
  M:    Josh Poimboeuf <jpoimboe@redhat.com>
  M:    Peter Zijlstra <peterz@infradead.org>
@@@ -11403,11 -11262,6 +11403,11 @@@ M: Jens Wiklander <jens.wiklander@linar
  S:    Maintained
  F:    drivers/tee/optee/
  
 +OP-TEE RANDOM NUMBER GENERATOR (RNG) DRIVER
 +M:    Sumit Garg <sumit.garg@linaro.org>
 +S:    Maintained
 +F:    drivers/char/hw_random/optee-rng.c
 +
  OPA-VNIC DRIVER
  M:    Dennis Dalessandro <dennis.dalessandro@intel.com>
  M:    Niranjana Vishwanathapura <niranjana.vishwanathapura@intel.com>
@@@ -11451,12 -11305,10 +11451,12 @@@ F:        include/dt-bindings
  
  OPENCORES I2C BUS DRIVER
  M:    Peter Korsgaard <peter@korsgaard.com>
 +M:    Andrew Lunn <andrew@lunn.ch>
  L:    linux-i2c@vger.kernel.org
  S:    Maintained
  F:    Documentation/i2c/busses/i2c-ocores
  F:    drivers/i2c/busses/i2c-ocores.c
 +F:    include/linux/platform_data/i2c-ocores.h
  
  OPENRISC ARCHITECTURE
  M:    Jonas Bonn <jonas@southpole.se>
@@@ -11627,7 -11479,7 +11627,7 @@@ F:   Documentation/blockdev/paride.tx
  F:    drivers/block/paride/
  
  PARISC ARCHITECTURE
 -M:    "James E.J. Bottomley" <jejb@parisc-linux.org>
 +M:    "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
  M:    Helge Deller <deller@gmx.de>
  L:    linux-parisc@vger.kernel.org
  W:    http://www.parisc-linux.org/
@@@ -11707,7 -11559,7 +11707,7 @@@ F:   Documentation/devicetree/bindings/pc
  F:    drivers/pci/controller/pcie-altera.c
  
  PCI DRIVER FOR APPLIEDMICRO XGENE
 -M:    Tanmay Inamdar <tinamdar@apm.com>
 +M:    Toan Le <toan@os.amperecomputing.com>
  L:    linux-pci@vger.kernel.org
  L:    linux-arm-kernel@lists.infradead.org
  S:    Maintained
@@@ -11885,7 -11737,7 +11885,7 @@@ F:   Documentation/devicetree/bindings/pc
  F:    drivers/pci/controller/pcie-altera-msi.c
  
  PCI MSI DRIVER FOR APPLIEDMICRO XGENE
 -M:    Duc Dang <dhdang@apm.com>
 +M:    Toan Le <toan@os.amperecomputing.com>
  L:    linux-pci@vger.kernel.org
  L:    linux-arm-kernel@lists.infradead.org
  S:    Maintained
@@@ -12374,6 -12226,14 +12374,6 @@@ S:  Maintaine
  F:    drivers/net/ppp/pptp.c
  W:    http://sourceforge.net/projects/accel-pptp
  
 -PREEMPTIBLE KERNEL
 -M:    Robert Love <rml@tech9.net>
 -L:    kpreempt-tech@lists.sourceforge.net
 -W:    https://www.kernel.org/pub/linux/kernel/people/rml/preempt-kernel
 -S:    Supported
 -F:    Documentation/preempt-locking.txt
 -F:    include/linux/preempt.h
 -
  PRINTK
  M:    Petr Mladek <pmladek@suse.com>
  M:    Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
@@@ -12614,8 -12474,8 +12614,8 @@@ S:   Supporte
  F:    drivers/scsi/qedi/
  
  QLOGIC QL4xxx ETHERNET DRIVER
 -M:    Ariel Elior <Ariel.Elior@cavium.com>
 -M:    everest-linux-l2@cavium.com
 +M:    Ariel Elior <aelior@marvell.com>
 +M:    GR-everest-linux-l2@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/qlogic/qed/
@@@ -12623,8 -12483,8 +12623,8 @@@ F:   include/linux/qed
  F:    drivers/net/ethernet/qlogic/qede/
  
  QLOGIC QL4xxx RDMA DRIVER
 -M:    Michal Kalderon <Michal.Kalderon@cavium.com>
 -M:    Ariel Elior <Ariel.Elior@cavium.com>
 +M:    Michal Kalderon <mkalderon@marvell.com>
 +M:    Ariel Elior <aelior@marvell.com>
  L:    linux-rdma@vger.kernel.org
  S:    Supported
  F:    drivers/infiniband/hw/qedr/
@@@ -12644,7 -12504,7 +12644,7 @@@ F:   Documentation/scsi/LICENSE.qla2xx
  F:    drivers/scsi/qla2xxx/
  
  QLOGIC QLA3XXX NETWORK DRIVER
 -M:    Dept-GELinuxNICDev@cavium.com
 +M:    GR-Linux-NIC-Dev@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    Documentation/networking/device_drivers/qlogic/LICENSE.qla3xxx
@@@ -12658,16 -12518,16 +12658,16 @@@ F:        Documentation/scsi/LICENSE.qla4xx
  F:    drivers/scsi/qla4xxx/
  
  QLOGIC QLCNIC (1/10)Gb ETHERNET DRIVER
 -M:    Shahed Shaikh <Shahed.Shaikh@cavium.com>
 -M:    Manish Chopra <manish.chopra@cavium.com>
 -M:    Dept-GELinuxNICDev@cavium.com
 +M:    Shahed Shaikh <shshaikh@marvell.com>
 +M:    Manish Chopra <manishc@marvell.com>
 +M:    GR-Linux-NIC-Dev@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/qlogic/qlcnic/
  
  QLOGIC QLGE 10Gb ETHERNET DRIVER
 -M:    Manish Chopra <manish.chopra@cavium.com>
 -M:    Dept-GELinuxNICDev@cavium.com
 +M:    Manish Chopra <manishc@marvell.com>
 +M:    GR-Linux-NIC-Dev@marvell.com
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/qlogic/qlge/
@@@ -12735,11 -12595,11 +12735,11 @@@ F:        Documentation/media/v4l-drivers/qcom
  F:    drivers/media/platform/qcom/camss/
  
  QUALCOMM CPUFREQ DRIVER MSM8996/APQ8096
 -M:  Ilia Lin <ilia.lin@gmail.com>
 -L:  linux-pm@vger.kernel.org
 -S:  Maintained
 -F:  Documentation/devicetree/bindings/opp/kryo-cpufreq.txt
 -F:  drivers/cpufreq/qcom-cpufreq-kryo.c
 +M:    Ilia Lin <ilia.lin@kernel.org>
 +L:    linux-pm@vger.kernel.org
 +S:    Maintained
 +F:    Documentation/devicetree/bindings/opp/kryo-cpufreq.txt
 +F:    drivers/cpufreq/qcom-cpufreq-kryo.c
  
  QUALCOMM EMAC GIGABIT ETHERNET DRIVER
  M:    Timur Tabi <timur@kernel.org>
@@@ -12747,14 -12607,6 +12747,14 @@@ L: netdev@vger.kernel.or
  S:    Maintained
  F:    drivers/net/ethernet/qualcomm/emac/
  
 +QUALCOMM ETHQOS ETHERNET DRIVER
 +M:    Vinod Koul <vkoul@kernel.org>
 +M:    Niklas Cassel <niklas.cassel@linaro.org>
 +L:    netdev@vger.kernel.org
 +S:    Maintained
 +F:    drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c
 +F:    Documentation/devicetree/bindings/net/qcom,dwmac.txt
 +
  QUALCOMM GENERIC INTERFACE I2C DRIVER
  M:    Alok Chauhan <alokc@codeaurora.org>
  M:    Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
@@@ -13014,13 -12866,6 +13014,13 @@@ F: Documentation/devicetree/bindings/ne
  F:    drivers/net/dsa/realtek-smi*
  F:    drivers/net/dsa/rtl83*
  
 +REDPINE WIRELESS DRIVER
 +M:    Amitkumar Karwar <amitkarwar@gmail.com>
 +M:    Siva Rebbagondla <siva8118@gmail.com>
 +L:    linux-wireless@vger.kernel.org
 +S:    Maintained
 +F:    drivers/net/wireless/rsi/
 +
  REGISTER MAP ABSTRACTION
  M:    Mark Brown <broonie@kernel.org>
  L:    linux-kernel@vger.kernel.org
@@@ -13111,7 -12956,6 +13111,7 @@@ F:   drivers/reset
  F:    Documentation/devicetree/bindings/reset/
  F:    include/dt-bindings/reset/
  F:    include/linux/reset.h
 +F:    include/linux/reset/
  F:    include/linux/reset-controller.h
  
  RESTARTABLE SEQUENCES SUPPORT
@@@ -13612,7 -13456,6 +13612,7 @@@ F:   kernel/sched
  F:    include/linux/sched.h
  F:    include/uapi/linux/sched.h
  F:    include/linux/wait.h
 +F:    include/linux/preempt.h
  
  SCR24X CHIP CARD INTERFACE DRIVER
  M:    Lubomir Rintel <lkundrak@v3.sk>
@@@ -13741,18 -13584,11 +13741,18 @@@ F:        drivers/mmc/host/sdhci-brcmstb
  SECURE DIGITAL HOST CONTROLLER INTERFACE (SDHCI) DRIVER
  M:    Adrian Hunter <adrian.hunter@intel.com>
  L:    linux-mmc@vger.kernel.org
 -T:    git git://git.infradead.org/users/ahunter/linux-sdhci.git
  S:    Maintained
  F:    drivers/mmc/host/sdhci*
  F:    include/linux/mmc/sdhci*
  
 +EMMC CMDQ HOST CONTROLLER INTERFACE (CQHCI) DRIVER
 +M:    Adrian Hunter <adrian.hunter@intel.com>
 +M:    Ritesh Harjani <riteshh@codeaurora.org>
 +M:    Asutosh Das <asutoshd@codeaurora.org>
 +L:    linux-mmc@vger.kernel.org
 +S:    Maintained
 +F:    drivers/mmc/host/cqhci*
 +
  SYNOPSYS SDHCI COMPLIANT DWC MSHC DRIVER
  M:    Prabu Thangamuthu <prabu.t@synopsys.com>
  M:    Manjunath M B <manjumb@synopsys.com>
@@@ -13858,15 -13694,6 +13858,15 @@@ L: netdev@vger.kernel.or
  S:    Supported
  F:    drivers/net/ethernet/sfc/
  
 +SFF/SFP/SFP+ MODULE SUPPORT
 +M:    Russell King <linux@armlinux.org.uk>
 +L:    netdev@vger.kernel.org
 +S:    Maintained
 +F:    drivers/net/phy/phylink.c
 +F:    drivers/net/phy/sfp*
 +F:    include/linux/phylink.h
 +F:    include/linux/sfp.h
 +
  SGI GRU DRIVER
  M:    Dimitri Sivanich <sivanich@sgi.com>
  S:    Maintained
@@@ -13888,7 -13715,6 +13888,7 @@@ F:   drivers/misc/sgi-xp
  
  SHARED MEMORY COMMUNICATIONS (SMC) SOCKETS
  M:    Ursula Braun <ubraun@linux.ibm.com>
 +M:    Karsten Graul <kgraul@linux.ibm.com>
  L:    linux-s390@vger.kernel.org
  W:    http://www.ibm.com/developerworks/linux/linux390/
  S:    Supported
@@@ -14480,7 -14306,6 +14480,7 @@@ F:   arch/arm/mach-spear
  
  SPI NOR SUBSYSTEM
  M:    Marek Vasut <marek.vasut@gmail.com>
 +M:    Tudor Ambarus <tudor.ambarus@microchip.com>
  L:    linux-mtd@lists.infradead.org
  W:    http://www.linux-mtd.infradead.org/
  Q:    http://patchwork.ozlabs.org/project/linux-mtd/list/
@@@ -14645,6 -14470,11 +14645,6 @@@ L:  linux-wireless@vger.kernel.or
  S:    Supported
  F:    drivers/staging/wilc1000/
  
 -STAGING - XGI Z7,Z9,Z11 PCI DISPLAY DRIVER
 -M:    Arnaud Patard <arnaud.patard@rtp-net.org>
 -S:    Odd Fixes
 -F:    drivers/staging/xgifb/
 -
  STAGING SUBSYSTEM
  M:    Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
@@@ -14849,7 -14679,7 +14849,7 @@@ S:   Maintaine
  F:    drivers/tty/serial/8250/8250_dw.c
  
  SYNOPSYS DESIGNWARE APB GPIO DRIVER
 -M:    Hoan Tran <hotran@apm.com>
 +M:    Hoan Tran <hoan@os.amperecomputing.com>
  L:    linux-gpio@vger.kernel.org
  S:    Maintained
  F:    drivers/gpio/gpio-dwapb.c
@@@ -15239,13 -15069,6 +15239,13 @@@ L: alsa-devel@alsa-project.org (moderat
  S:    Maintained
  F:    sound/soc/ti/
  
 +Texas Instruments' DAC7612 DAC Driver
 +M:    Ricardo Ribalda <ricardo@ribalda.com>
 +L:    linux-iio@vger.kernel.org
 +S:    Supported
 +F:    drivers/iio/dac/ti-dac7612.c
 +F:    Documentation/devicetree/bindings/iio/dac/ti,dac7612.txt
 +
  THANKO'S RAREMONO AM/FM/SW RADIO RECEIVER USB DRIVER
  M:    Hans Verkuil <hverkuil@xs4all.nl>
  L:    linux-media@vger.kernel.org
@@@ -15557,12 -15380,11 +15557,11 @@@ F:        mm/shmem.
  TOMOYO SECURITY MODULE
  M:    Kentaro Takeda <takedakn@nttdata.co.jp>
  M:    Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
- L:    tomoyo-dev-en@lists.sourceforge.jp (subscribers-only, for developers in English)
- L:    tomoyo-users-en@lists.sourceforge.jp (subscribers-only, for users in English)
- L:    tomoyo-dev@lists.sourceforge.jp (subscribers-only, for developers in Japanese)
- L:    tomoyo-users@lists.sourceforge.jp (subscribers-only, for users in Japanese)
- W:    http://tomoyo.sourceforge.jp/
- T:    quilt http://svn.sourceforge.jp/svnroot/tomoyo/trunk/2.5.x/tomoyo-lsm/patches/
+ L:    tomoyo-dev-en@lists.osdn.me (subscribers-only, for developers in English)
+ L:    tomoyo-users-en@lists.osdn.me (subscribers-only, for users in English)
+ L:    tomoyo-dev@lists.osdn.me (subscribers-only, for developers in Japanese)
+ L:    tomoyo-users@lists.osdn.me (subscribers-only, for users in Japanese)
+ W:    https://tomoyo.osdn.jp/
  S:    Maintained
  F:    security/tomoyo/
  
@@@ -16018,7 -15840,6 +16017,7 @@@ F:   drivers/usb/common/usb-otg-fsm.
  USB OVER IP DRIVER
  M:    Valentina Manea <valentina.manea.m@gmail.com>
  M:    Shuah Khan <shuah@kernel.org>
 +M:    Shuah Khan <skhan@linuxfoundation.org>
  L:    linux-usb@vger.kernel.org
  S:    Maintained
  F:    Documentation/usb/usbip_protocol.txt
@@@ -16816,15 -16637,6 +16815,15 @@@ S: Maintaine
  F:    drivers/platform/x86/
  F:    drivers/platform/olpc/
  
 +X86 PLATFORM DRIVERS - ARCH
 +R:    Darren Hart <dvhart@infradead.org>
 +R:    Andy Shevchenko <andy@infradead.org>
 +L:    platform-driver-x86@vger.kernel.org
 +L:    x86@kernel.org
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/core
 +S:    Maintained
 +F:    arch/x86/platform
 +
  X86 VDSO
  M:    Andy Lutomirski <luto@kernel.org>
  L:    linux-kernel@vger.kernel.org
@@@ -16857,30 -16669,10 +16856,30 @@@ T:        git git://linuxtv.org/media_tree.gi
  S:    Maintained
  F:    drivers/media/tuners/tuner-xc2028.*
  
 +XDP (eXpress Data Path)
 +M:    Alexei Starovoitov <ast@kernel.org>
 +M:    Daniel Borkmann <daniel@iogearbox.net>
 +M:    David S. Miller <davem@davemloft.net>
 +M:    Jakub Kicinski <jakub.kicinski@netronome.com>
 +M:    Jesper Dangaard Brouer <hawk@kernel.org>
 +M:    John Fastabend <john.fastabend@gmail.com>
 +L:    netdev@vger.kernel.org
 +L:    xdp-newbies@vger.kernel.org
 +L:    bpf@vger.kernel.org
 +S:    Supported
 +F:    net/core/xdp.c
 +F:    include/net/xdp.h
 +F:    kernel/bpf/devmap.c
 +F:    kernel/bpf/cpumap.c
 +F:    include/trace/events/xdp.h
 +K:    xdp
 +N:    xdp
 +
  XDP SOCKETS (AF_XDP)
  M:    Björn Töpel <bjorn.topel@intel.com>
  M:    Magnus Karlsson <magnus.karlsson@intel.com>
  L:    netdev@vger.kernel.org
 +L:    bpf@vger.kernel.org
  S:    Maintained
  F:    kernel/bpf/xskmap.c
  F:    net/xdp/
diff --combined fs/proc/base.c
index 511b279ec69cdce7a3e434d9d9152fd95678bd36,c9d775fd24ef3daab0df441fdee3dfbd6dee70d4..fca9fa5f23d85cd8975b06baade0fe395db23538
@@@ -140,9 -140,13 +140,13 @@@ struct pid_entry 
  #define REG(NAME, MODE, fops)                         \
        NOD(NAME, (S_IFREG|(MODE)), NULL, &fops, {})
  #define ONE(NAME, MODE, show)                         \
-       NOD(NAME, (S_IFREG|(MODE)),                     \
+       NOD(NAME, (S_IFREG|(MODE)),                     \
                NULL, &proc_single_file_operations,     \
                { .proc_show = show } )
+ #define ATTR(LSM, NAME, MODE)                         \
+       NOD(NAME, (S_IFREG|(MODE)),                     \
+               NULL, &proc_pid_attr_operations,        \
+               { .lsm = LSM })
  
  /*
   * Count the number of hardlinks for the pid_entry table, excluding the .
@@@ -456,7 -460,7 +460,7 @@@ static int proc_pid_schedstat(struct se
                              struct pid *pid, struct task_struct *task)
  {
        if (unlikely(!sched_info_on()))
 -              seq_printf(m, "0 0 0\n");
 +              seq_puts(m, "0 0 0\n");
        else
                seq_printf(m, "%llu %llu %lu\n",
                   (unsigned long long)task->se.sum_exec_runtime,
@@@ -1086,6 -1090,10 +1090,6 @@@ static int __set_oom_adj(struct file *f
  
                        task_lock(p);
                        if (!p->vfork_done && process_shares_mm(p, mm)) {
 -                              pr_info("updating oom_score_adj for %d (%s) from %d to %d because it shares mm with %d (%s). Report if this is unexpected.\n",
 -                                              task_pid_nr(p), p->comm,
 -                                              p->signal->oom_score_adj, oom_adj,
 -                                              task_pid_nr(task), task->comm);
                                p->signal->oom_score_adj = oom_adj;
                                if (!legacy && has_capability_noaudit(current, CAP_SYS_RESOURCE))
                                        p->signal->oom_score_adj_min = (short)oom_adj;
@@@ -2521,7 -2529,7 +2525,7 @@@ static ssize_t proc_pid_attr_read(struc
        if (!task)
                return -ESRCH;
  
-       length = security_getprocattr(task,
+       length = security_getprocattr(task, PROC_I(inode)->op.lsm,
                                      (char*)file->f_path.dentry->d_name.name,
                                      &p);
        put_task_struct(task);
@@@ -2570,7 -2578,9 +2574,9 @@@ static ssize_t proc_pid_attr_write(stru
        if (rv < 0)
                goto out_free;
  
-       rv = security_setprocattr(file->f_path.dentry->d_name.name, page, count);
+       rv = security_setprocattr(PROC_I(inode)->op.lsm,
+                                 file->f_path.dentry->d_name.name, page,
+                                 count);
        mutex_unlock(&current->signal->cred_guard_mutex);
  out_free:
        kfree(page);
@@@ -2584,13 -2594,53 +2590,53 @@@ static const struct file_operations pro
        .llseek         = generic_file_llseek,
  };
  
+ #define LSM_DIR_OPS(LSM) \
+ static int proc_##LSM##_attr_dir_iterate(struct file *filp, \
+                            struct dir_context *ctx) \
+ { \
+       return proc_pident_readdir(filp, ctx, \
+                                  LSM##_attr_dir_stuff, \
+                                  ARRAY_SIZE(LSM##_attr_dir_stuff)); \
+ } \
+ \
+ static const struct file_operations proc_##LSM##_attr_dir_ops = { \
+       .read           = generic_read_dir, \
+       .iterate        = proc_##LSM##_attr_dir_iterate, \
+       .llseek         = default_llseek, \
+ }; \
+ \
+ static struct dentry *proc_##LSM##_attr_dir_lookup(struct inode *dir, \
+                               struct dentry *dentry, unsigned int flags) \
+ { \
+       return proc_pident_lookup(dir, dentry, \
+                                 LSM##_attr_dir_stuff, \
+                                 ARRAY_SIZE(LSM##_attr_dir_stuff)); \
+ } \
+ \
+ static const struct inode_operations proc_##LSM##_attr_dir_inode_ops = { \
+       .lookup         = proc_##LSM##_attr_dir_lookup, \
+       .getattr        = pid_getattr, \
+       .setattr        = proc_setattr, \
+ }
+ #ifdef CONFIG_SECURITY_SMACK
+ static const struct pid_entry smack_attr_dir_stuff[] = {
+       ATTR("smack", "current",        0666),
+ };
+ LSM_DIR_OPS(smack);
+ #endif
  static const struct pid_entry attr_dir_stuff[] = {
-       REG("current",    S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("prev",       S_IRUGO,         proc_pid_attr_operations),
-       REG("exec",       S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("fscreate",   S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("keycreate",  S_IRUGO|S_IWUGO, proc_pid_attr_operations),
-       REG("sockcreate", S_IRUGO|S_IWUGO, proc_pid_attr_operations),
+       ATTR(NULL, "current",           0666),
+       ATTR(NULL, "prev",              0444),
+       ATTR(NULL, "exec",              0666),
+       ATTR(NULL, "fscreate",          0666),
+       ATTR(NULL, "keycreate",         0666),
+       ATTR(NULL, "sockcreate",        0666),
+ #ifdef CONFIG_SECURITY_SMACK
+       DIR("smack",                    0555,
+           proc_smack_attr_dir_inode_ops, proc_smack_attr_dir_ops),
+ #endif
  };
  
  static int proc_attr_dir_readdir(struct file *file, struct dir_context *ctx)
@@@ -3161,7 -3211,7 +3207,7 @@@ static struct dentry *proc_pid_instanti
        return d_splice_alias(inode, dentry);
  }
  
 -struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsigned int flags)
 +struct dentry *proc_pid_lookup(struct dentry *dentry, unsigned int flags)
  {
        struct task_struct *task;
        unsigned tgid;
diff --combined fs/proc/internal.h
index 4fc5a9b68f76d8d1f9498aacef8920eb42ffc9b3,d4f9989063d0d370080f0efd1f9ead550bd55328..ea575375f210d393d43e94ff63ed0394285a7634
@@@ -44,7 -44,6 +44,7 @@@ struct proc_dir_entry 
        struct completion *pde_unload_completion;
        const struct inode_operations *proc_iops;
        const struct file_operations *proc_fops;
 +      const struct dentry_operations *proc_dops;
        union {
                const struct seq_operations *seq_ops;
                int (*single_show)(struct seq_file *, void *);
@@@ -82,6 -81,7 +82,7 @@@ union proc_op 
        int (*proc_show)(struct seq_file *m,
                struct pid_namespace *ns, struct pid *pid,
                struct task_struct *task);
+       const char *lsm;
  };
  
  struct proc_inode {
@@@ -162,7 -162,7 +163,7 @@@ extern struct inode *proc_pid_make_inod
  extern void pid_update_inode(struct task_struct *, struct inode *);
  extern int pid_delete_dentry(const struct dentry *);
  extern int proc_pid_readdir(struct file *, struct dir_context *);
 -extern struct dentry *proc_pid_lookup(struct inode *, struct dentry *, unsigned int);
 +struct dentry *proc_pid_lookup(struct dentry *, unsigned int);
  extern loff_t mem_lseek(struct file *, loff_t, int);
  
  /* Lookups */
diff --combined kernel/seccomp.c
index a43c601ac252a7591c0464c9ef58162c94285ae0,05b26db51f41d290f021f357f5d20d89aa9aadb1..54a0347ca8128f09cdbbcc83e2e8f8eea633a7ab
@@@ -267,7 -267,6 +267,7 @@@ static u32 seccomp_run_filters(const st
         * All filters in the list are evaluated and the lowest BPF return
         * value always takes priority (ignoring the DATA).
         */
 +      preempt_disable();
        for (; f; f = f->prev) {
                u32 cur_ret = BPF_PROG_RUN(f->prog, sd);
  
                        *match = f;
                }
        }
 +      preempt_enable();
        return ret;
  }
  #endif /* CONFIG_SECCOMP_FILTER */
@@@ -445,8 -443,8 +445,8 @@@ static struct seccomp_filter *seccomp_p
         * behavior of privileged children.
         */
        if (!task_no_new_privs(current) &&
-           security_capable_noaudit(current_cred(), current_user_ns(),
-                                    CAP_SYS_ADMIN) != 0)
+           security_capable(current_cred(), current_user_ns(),
+                                    CAP_SYS_ADMIN, CAP_OPT_NOAUDIT) != 0)
                return ERR_PTR(-EACCES);
  
        /* Allocate a new seccomp_filter */
index 11975ec8d5665957d145ae67f31a03bb41fc77e4,c7c619578095690adcdf2b0be1d06638bba45285..ca2dccf5b445e0ce68777320f681b87804c2c369
@@@ -572,7 -572,7 +572,7 @@@ static struct aa_label *x_to_label(stru
                        stack = NULL;
                        break;
                }
-               /* fall through to X_NAME */
+               /* fall through to X_NAME */
        case AA_X_NAME:
                if (xindex & AA_X_CHILD)
                        /* released by caller */
@@@ -975,7 -975,7 +975,7 @@@ int apparmor_bprm_set_creds(struct linu
        }
        aa_put_label(cred_label(bprm->cred));
        /* transfer reference, released when cred is freed */
-       cred_label(bprm->cred) = new;
+       set_cred_label(bprm->cred, new);
  
  done:
        aa_put_label(label);
@@@ -1444,10 -1444,7 +1444,10 @@@ check
                        new = aa_label_merge(label, target, GFP_KERNEL);
                if (IS_ERR_OR_NULL(new)) {
                        info = "failed to build target label";
 -                      error = PTR_ERR(new);
 +                      if (!new)
 +                              error = -ENOMEM;
 +                      else
 +                              error = PTR_ERR(new);
                        new = NULL;
                        perms.allow = 0;
                        goto audit;
diff --combined security/apparmor/lsm.c
index 8db1731d046ad0b55f594266472308edd0b8217e,bb5a02d2439f43482f062bfc0e4238393db18e42..49d664ddff444810ef9c6e8a1b0276c5ba473c53
@@@ -60,7 -60,7 +60,7 @@@ DEFINE_PER_CPU(struct aa_buffers, aa_bu
  static void apparmor_cred_free(struct cred *cred)
  {
        aa_put_label(cred_label(cred));
-       cred_label(cred) = NULL;
+       set_cred_label(cred, NULL);
  }
  
  /*
@@@ -68,7 -68,7 +68,7 @@@
   */
  static int apparmor_cred_alloc_blank(struct cred *cred, gfp_t gfp)
  {
-       cred_label(cred) = NULL;
+       set_cred_label(cred, NULL);
        return 0;
  }
  
@@@ -78,7 -78,7 +78,7 @@@
  static int apparmor_cred_prepare(struct cred *new, const struct cred *old,
                                 gfp_t gfp)
  {
-       cred_label(new) = aa_get_newest_label(cred_label(old));
+       set_cred_label(new, aa_get_newest_label(cred_label(old)));
        return 0;
  }
  
   */
  static void apparmor_cred_transfer(struct cred *new, const struct cred *old)
  {
-       cred_label(new) = aa_get_newest_label(cred_label(old));
+       set_cred_label(new, aa_get_newest_label(cred_label(old)));
  }
  
  static void apparmor_task_free(struct task_struct *task)
  {
  
        aa_free_task_ctx(task_ctx(task));
-       task_ctx(task) = NULL;
  }
  
  static int apparmor_task_alloc(struct task_struct *task,
                               unsigned long clone_flags)
  {
-       struct aa_task_ctx *new = aa_alloc_task_ctx(GFP_KERNEL);
-       if (!new)
-               return -ENOMEM;
+       struct aa_task_ctx *new = task_ctx(task);
  
        aa_dup_task_ctx(new, task_ctx(current));
-       task_ctx(task) = new;
  
        return 0;
  }
@@@ -177,14 -172,14 +172,14 @@@ static int apparmor_capget(struct task_
  }
  
  static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
-                           int cap, int audit)
+                           int cap, unsigned int opts)
  {
        struct aa_label *label;
        int error = 0;
  
        label = aa_get_newest_cred_label(cred);
        if (!unconfined(label))
-               error = aa_capable(label, cap, audit);
+               error = aa_capable(label, cap, opts);
        aa_put_label(label);
  
        return error;
@@@ -434,21 -429,21 +429,21 @@@ static int apparmor_file_open(struct fi
  
  static int apparmor_file_alloc_security(struct file *file)
  {
-       int error = 0;
-       /* freed by apparmor_file_free_security */
+       struct aa_file_ctx *ctx = file_ctx(file);
        struct aa_label *label = begin_current_label_crit_section();
-       file->f_security = aa_alloc_file_ctx(label, GFP_KERNEL);
-       if (!file_ctx(file))
-               error = -ENOMEM;
-       end_current_label_crit_section(label);
  
-       return error;
+       spin_lock_init(&ctx->lock);
+       rcu_assign_pointer(ctx->label, aa_get_label(label));
+       end_current_label_crit_section(label);
+       return 0;
  }
  
  static void apparmor_file_free_security(struct file *file)
  {
-       aa_free_file_ctx(file_ctx(file));
+       struct aa_file_ctx *ctx = file_ctx(file);
+       if (ctx)
+               aa_put_label(rcu_access_pointer(ctx->label));
  }
  
  static int common_file_perm(const char *op, struct file *file, u32 mask)
@@@ -1151,6 -1146,15 +1146,15 @@@ static int apparmor_inet_conn_request(s
  }
  #endif
  
+ /*
+  * The cred blob is a pointer to, not an instance of, an aa_task_ctx.
+  */
+ struct lsm_blob_sizes apparmor_blob_sizes __lsm_ro_after_init = {
+       .lbs_cred = sizeof(struct aa_task_ctx *),
+       .lbs_file = sizeof(struct aa_file_ctx),
+       .lbs_task = sizeof(struct aa_task_ctx),
+ };
  static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
        LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
        LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
@@@ -1333,8 -1337,8 +1337,8 @@@ bool aa_g_paranoid_load = true
  module_param_named(paranoid_load, aa_g_paranoid_load, aabool, S_IRUGO);
  
  /* Boot time disable flag */
- static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
- module_param_named(enabled, apparmor_enabled, bool, S_IRUGO);
+ static int apparmor_enabled __lsm_ro_after_init = 1;
+ module_param_named(enabled, apparmor_enabled, int, 0444);
  
  static int __init apparmor_enabled_setup(char *str)
  {
@@@ -1479,14 -1483,8 +1483,8 @@@ static int param_set_mode(const char *v
  static int __init set_init_ctx(void)
  {
        struct cred *cred = (struct cred *)current->real_cred;
-       struct aa_task_ctx *ctx;
-       ctx = aa_alloc_task_ctx(GFP_KERNEL);
-       if (!ctx)
-               return -ENOMEM;
  
-       cred_label(cred) = aa_get_label(ns_unconfined(root_ns));
-       task_ctx(current) = ctx;
+       set_cred_label(cred, aa_get_label(ns_unconfined(root_ns)));
  
        return 0;
  }
@@@ -1599,14 -1597,12 +1597,14 @@@ static unsigned int apparmor_ipv4_postr
        return apparmor_ip_postroute(priv, skb, state);
  }
  
 +#if IS_ENABLED(CONFIG_IPV6)
  static unsigned int apparmor_ipv6_postroute(void *priv,
                                            struct sk_buff *skb,
                                            const struct nf_hook_state *state)
  {
        return apparmor_ip_postroute(priv, skb, state);
  }
 +#endif
  
  static const struct nf_hook_ops apparmor_nf_ops[] = {
        {
@@@ -1665,12 -1661,6 +1663,6 @@@ static int __init apparmor_init(void
  {
        int error;
  
-       if (!apparmor_enabled || !security_module_enable("apparmor")) {
-               aa_info_message("AppArmor disabled by boot time parameter");
-               apparmor_enabled = false;
-               return 0;
-       }
        aa_secids_init();
  
        error = aa_setup_dfa_engine();
@@@ -1731,5 -1721,8 +1723,8 @@@ alloc_out
  
  DEFINE_LSM(apparmor) = {
        .name = "apparmor",
+       .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
+       .enabled = &apparmor_enabled,
+       .blobs = &apparmor_blob_sizes,
        .init = apparmor_init,
  };
diff --combined security/keys/keyctl.c
index 7bbe03593e581116c0a9678a9e50788fdbac80ed,5efde255650bef4f114f80b82286f2005ccbcc54..3e4053a217c326bc92f7c9488293bd2f45f2b974
@@@ -25,7 -25,6 +25,7 @@@
  #include <linux/security.h>
  #include <linux/uio.h>
  #include <linux/uaccess.h>
 +#include <keys/request_key_auth-type.h>
  #include "internal.h"
  
  #define KEY_MAX_DESC_SIZE 4096
@@@ -1752,7 -1751,7 +1752,7 @@@ SYSCALL_DEFINE5(keyctl, int, option, un
                        return -EINVAL;
                return keyctl_pkey_query((key_serial_t)arg2,
                                         (const char __user *)arg4,
-                                        (struct keyctl_pkey_query *)arg5);
+                                        (struct keyctl_pkey_query __user *)arg5);
  
        case KEYCTL_PKEY_ENCRYPT:
        case KEYCTL_PKEY_DECRYPT:
diff --combined security/keys/keyring.c
index f81372f53dd706ba966d89c1dffb9ab1fe1b63e7,b1ff07d9ce37e4ab30b8ae267b60ca7e4a993b96..e14f09e3a4b027376bcf6f78f1464a4374cb4550
@@@ -246,6 -246,7 +246,7 @@@ static unsigned long keyring_get_key_ch
                                    (ASSOC_ARRAY_KEY_CHUNK_SIZE - 8));
                n--;
                offset = 1;
+               /* fall through */
        default:
                offset += sizeof(chunk) - 1;
                offset += (level - 3) * sizeof(chunk);
@@@ -661,6 -662,9 +662,6 @@@ static bool search_nested_keyrings(stru
        BUG_ON((ctx->flags & STATE_CHECKS) == 0 ||
               (ctx->flags & STATE_CHECKS) == STATE_CHECKS);
  
 -      if (ctx->index_key.description)
 -              ctx->index_key.desc_len = strlen(ctx->index_key.description);
 -
        /* Check to see if this top-level keyring is what we are looking for
         * and whether it is valid or not.
         */
@@@ -911,7 -915,6 +912,7 @@@ key_ref_t keyring_search(key_ref_t keyr
        struct keyring_search_context ctx = {
                .index_key.type         = type,
                .index_key.description  = description,
 +              .index_key.desc_len     = strlen(description),
                .cred                   = current_cred(),
                .match_data.cmp         = key_default_cmp,
                .match_data.raw_data    = description,
index 0e0b9ccad2f882f8f62540da055740f88383e2d4,3308d738734c62b89c67e1fa16ecc7b660035183..9320424c4a462b751c5a09e8e67240d709f6413d
@@@ -19,7 -19,6 +19,7 @@@
  #include <linux/security.h>
  #include <linux/user_namespace.h>
  #include <linux/uaccess.h>
 +#include <keys/request_key_auth-type.h>
  #include "internal.h"
  
  /* Session keyring create vs join semaphore */
@@@ -380,6 -379,7 +380,7 @@@ key_ref_t search_my_process_keyrings(st
                case -EAGAIN: /* no key */
                        if (ret)
                                break;
+                       /* fall through */
                case -ENOKEY: /* negative key */
                        ret = key_ref;
                        break;
                case -EAGAIN: /* no key */
                        if (ret)
                                break;
+                       /* fall through */
                case -ENOKEY: /* negative key */
                        ret = key_ref;
                        break;
                case -EAGAIN: /* no key */
                        if (ret)
                                break;
+                       /* fall through */
                case -ENOKEY: /* negative key */
                        ret = key_ref;
                        break;
index 7a0c6b666ff03a5e59e979a70fd14ed808b46861,af8816ffb6cec59464df1d357de29800b2f41eff..2f17d84d46f1a52df1dad31d2e818358055672fc
  #include <linux/keyctl.h>
  #include <linux/slab.h>
  #include "internal.h"
 +#include <keys/request_key_auth-type.h>
  
  #define key_negative_timeout  60      /* default timeout on a negative key's existence */
  
  /**
   * complete_request_key - Complete the construction of a key.
 - * @cons: The key construction record.
 + * @auth_key: The authorisation key.
   * @error: The success or failute of the construction.
   *
   * Complete the attempt to construct a key.  The key will be negated
   * if an error is indicated.  The authorisation key will be revoked
   * unconditionally.
   */
 -void complete_request_key(struct key_construction *cons, int error)
 +void complete_request_key(struct key *authkey, int error)
  {
 -      kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
 +      struct request_key_auth *rka = get_request_key_auth(authkey);
 +      struct key *key = rka->target_key;
 +
 +      kenter("%d{%d},%d", authkey->serial, key->serial, error);
  
        if (error < 0)
 -              key_negate_and_link(cons->key, key_negative_timeout, NULL,
 -                                  cons->authkey);
 +              key_negate_and_link(key, key_negative_timeout, NULL, authkey);
        else
 -              key_revoke(cons->authkey);
 -
 -      key_put(cons->key);
 -      key_put(cons->authkey);
 -      kfree(cons);
 +              key_revoke(authkey);
  }
  EXPORT_SYMBOL(complete_request_key);
  
@@@ -90,19 -91,21 +90,19 @@@ static int call_usermodehelper_keys(con
   * Request userspace finish the construction of a key
   * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
   */
 -static int call_sbin_request_key(struct key_construction *cons,
 -                               const char *op,
 -                               void *aux)
 +static int call_sbin_request_key(struct key *authkey, void *aux)
  {
        static char const request_key[] = "/sbin/request-key";
 +      struct request_key_auth *rka = get_request_key_auth(authkey);
        const struct cred *cred = current_cred();
        key_serial_t prkey, sskey;
 -      struct key *key = cons->key, *authkey = cons->authkey, *keyring,
 -              *session;
 +      struct key *key = rka->target_key, *keyring, *session;
        char *argv[9], *envp[3], uid_str[12], gid_str[12];
        char key_str[12], keyring_str[3][12];
        char desc[20];
        int ret, i;
  
 -      kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
 +      kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
  
        ret = install_user_keyrings();
        if (ret < 0)
        /* set up the argument list */
        i = 0;
        argv[i++] = (char *)request_key;
 -      argv[i++] = (char *) op;
 +      argv[i++] = (char *)rka->op;
        argv[i++] = key_str;
        argv[i++] = uid_str;
        argv[i++] = gid_str;
@@@ -188,7 -191,7 +188,7 @@@ error_link
        key_put(keyring);
  
  error_alloc:
 -      complete_request_key(cons, ret);
 +      complete_request_key(authkey, ret);
        kleave(" = %d", ret);
        return ret;
  }
@@@ -202,31 -205,42 +202,31 @@@ static int construct_key(struct key *ke
                         size_t callout_len, void *aux,
                         struct key *dest_keyring)
  {
 -      struct key_construction *cons;
        request_key_actor_t actor;
        struct key *authkey;
        int ret;
  
        kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
  
 -      cons = kmalloc(sizeof(*cons), GFP_KERNEL);
 -      if (!cons)
 -              return -ENOMEM;
 -
        /* allocate an authorisation key */
 -      authkey = request_key_auth_new(key, callout_info, callout_len,
 +      authkey = request_key_auth_new(key, "create", callout_info, callout_len,
                                       dest_keyring);
 -      if (IS_ERR(authkey)) {
 -              kfree(cons);
 -              ret = PTR_ERR(authkey);
 -              authkey = NULL;
 -      } else {
 -              cons->authkey = key_get(authkey);
 -              cons->key = key_get(key);
 +      if (IS_ERR(authkey))
 +              return PTR_ERR(authkey);
  
 -              /* make the call */
 -              actor = call_sbin_request_key;
 -              if (key->type->request_key)
 -                      actor = key->type->request_key;
 +      /* Make the call */
 +      actor = call_sbin_request_key;
 +      if (key->type->request_key)
 +              actor = key->type->request_key;
  
 -              ret = actor(cons, "create", aux);
 +      ret = actor(authkey, aux);
  
 -              /* check that the actor called complete_request_key() prior to
 -               * returning an error */
 -              WARN_ON(ret < 0 &&
 -                      !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
 -              key_put(authkey);
 -      }
 +      /* check that the actor called complete_request_key() prior to
 +       * returning an error */
 +      WARN_ON(ret < 0 &&
 +              !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
  
 +      key_put(authkey);
        kleave(" = %d", ret);
        return ret;
  }
@@@ -261,7 -275,7 +261,7 @@@ static int construct_get_dest_keyring(s
                        if (cred->request_key_auth) {
                                authkey = cred->request_key_auth;
                                down_read(&authkey->sem);
 -                              rka = authkey->payload.data[0];
 +                              rka = get_request_key_auth(authkey);
                                if (!test_bit(KEY_FLAG_REVOKED,
                                              &authkey->flags))
                                        dest_keyring =
                                }
                        }
  
+                       /* fall through */
                case KEY_REQKEY_DEFL_THREAD_KEYRING:
                        dest_keyring = key_get(cred->thread_keyring);
                        if (dest_keyring)
                                break;
  
+                       /* fall through */
                case KEY_REQKEY_DEFL_PROCESS_KEYRING:
                        dest_keyring = key_get(cred->process_keyring);
                        if (dest_keyring)
                                break;
  
+                       /* fall through */
                case KEY_REQKEY_DEFL_SESSION_KEYRING:
                        rcu_read_lock();
                        dest_keyring = key_get(
                        if (dest_keyring)
                                break;
  
+                       /* fall through */
                case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
                        dest_keyring =
                                key_get(cred->user->session_keyring);
@@@ -531,7 -549,6 +535,7 @@@ struct key *request_key_and_link(struc
        struct keyring_search_context ctx = {
                .index_key.type         = type,
                .index_key.description  = description,
 +              .index_key.desc_len     = strlen(description),
                .cred                   = current_cred(),
                .match_data.cmp         = key_default_cmp,
                .match_data.raw_data    = description,