Merge git://git.infradead.org/users/eparis/audit

Pull audit update from Eric Paris:
 "Again we stayed pretty well contained inside the audit system.
  Venturing out was fixing a couple of function prototypes which were
  inconsistent (didn't hurt anything, but we used the same value as an
  int, uint, u32, and I think even a long in a couple of places).

  We also made a couple of minor changes to when a couple of LSMs called
  the audit system.  We hoped to add aarch64 audit support this go
  round, but it wasn't ready.

  I'm disappearing on vacation on Thursday.  I should have internet
  access, but it'll be spotty.  If anything goes wrong please be sure to
  cc rgb@redhat.com.  He'll make fixing things his top priority"

* git://git.infradead.org/users/eparis/audit: (50 commits)
  audit: whitespace fix in kernel-parameters.txt
  audit: fix location of __net_initdata for audit_net_ops
  audit: remove pr_info for every network namespace
  audit: Modify a set of system calls in audit class definitions
  audit: Convert int limit uses to u32
  audit: Use more current logging style
  audit: Use hex_byte_pack_upper
  audit: correct a type mismatch in audit_syscall_exit()
  audit: reorder AUDIT_TTY_SET arguments
  audit: rework AUDIT_TTY_SET to only grab spin_lock once
  audit: remove needless switch in AUDIT_SET
  audit: use define's for audit version
  audit: documentation of audit= kernel parameter
  audit: wait_for_auditd rework for readability
  audit: update MAINTAINERS
  audit: log task info on feature change
  audit: fix incorrect set of audit_sock
  audit: print error message when fail to create audit socket
  audit: fix dangling keywords in audit_log_set_loginuid() output
  audit: log on errors from filter user rules
  ...

diff --combined Documentation/kernel-parameters.txt
index f085a61a1edd6183c3e05f9cdce4d1228f373587,a068591ef52c63f3bcc7a39528d9b3b7854342eb..d4762d7ebd14b3726c2eefa94da09ea200841470
--- 1/Documentation/kernel-parameters.txt
--- 2/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@@ -463,6 -463,22 +463,22 @@@ bytes respectively. Such letter suffixe
        atkbd.softrepeat= [HW]
                        Use software keyboard repeat
  
+       audit=          [KNL] Enable the audit sub-system
+                       Format: { "0" | "1" } (0 = disabled, 1 = enabled)
+                       0 - kernel audit is disabled and can not be enabled
+                           until the next reboot
+                       unset - kernel audit is initialized but disabled and
+                           will be fully enabled by the userspace auditd.
+                       1 - kernel audit is initialized and partially enabled,
+                           storing at most audit_backlog_limit messages in
+                           RAM until it is fully enabled by the userspace
+                           auditd.
+                       Default: unset
+ 
+       audit_backlog_limit= [KNL] Set the audit queue size limit.
+                       Format: <int> (must be >=0)
+                       Default: 64
+ 
        baycom_epp=     [HW,AX25]
                        Format: <io>,<mode>
  
@@@ -515,14 -531,7 +531,14 @@@
  
        cgroup_disable= [KNL] Disable a particular controller
                        Format: {name of the controller(s) to disable}
 -                              {Currently supported controllers - "memory"}
 +                      The effects of cgroup_disable=foo are:
 +                      - foo isn't auto-mounted if you mount all cgroups in
 +                        a single hierarchy
 +                      - foo isn't visible as an individually mountable
 +                        subsystem
 +                      {Currently only "memory" controller deal with this and
 +                      cut the overhead, others just disable the usage. So
 +                      only cgroup_disable=memory is actually worthy}
  
        checkreqprot    [SELINUX] Set initial checkreqprot flag value.
                        Format: { "0" | "1" }
@@@ -781,15 -790,6 +797,15 @@@
        disable=        [IPV6]
                        See Documentation/networking/ipv6.txt.
  
 +      disable_cpu_apicid= [X86,APIC,SMP]
 +                      Format: <int>
 +                      The number of initial APIC ID for the
 +                      corresponding CPU to be disabled at boot,
 +                      mostly used for the kdump 2nd kernel to
 +                      disable BSP to wake up multiple CPUs without
 +                      causing system reset or hang due to sending
 +                      INIT from AP to BSP.
 +
        disable_ddw     [PPC/PSERIES]
                        Disable Dynamic DMA Window support. Use this if
                        to workaround buggy firmware.
@@@ -863,7 -863,6 +879,7 @@@
  
        earlyprintk=    [X86,SH,BLACKFIN,ARM]
                        earlyprintk=vga
 +                      earlyprintk=efi
                        earlyprintk=xen
                        earlyprintk=serial[,ttySn[,baudrate]]
                        earlyprintk=serial[,0x...[,baudrate]]
@@@ -877,8 -876,7 +893,8 @@@
                        Append ",keep" to not disable it when the real console
                        takes over.
  
 -                      Only vga or serial or usb debug port at a time.
 +                      Only one of vga, efi, serial, or usb debug port can
 +                      be used at a time.
  
                        Currently only ttyS0 and ttyS1 may be specified by
                        name.  Other I/O ports may be explicitly specified
@@@ -892,19 -890,11 +908,19 @@@
                        Interaction with the standard serial driver is not
                        very good.
  
 -                      The VGA output is eventually overwritten by the real
 -                      console.
 +                      The VGA and EFI output is eventually overwritten by
 +                      the real console.
  
                        The xen output can only be used by Xen PV guests.
  
 +      edac_report=    [HW,EDAC] Control how to report EDAC event
 +                      Format: {"on" | "off" | "force"}
 +                      on: enable EDAC to report H/W event. May be overridden
 +                      by other higher priority error reporting module.
 +                      off: disable H/W event reporting through EDAC.
 +                      force: enforce the use of EDAC to report H/W event.
 +                      default: on.
 +
        ekgdboc=        [X86,KGDB] Allow early kernel console debugging
                        ekgdboc=kbd
  
@@@ -914,12 -904,6 +930,12 @@@
        edd=            [EDD]
                        Format: {"off" | "on" | "skip[mbr]"}
  
 +      efi=            [EFI]
 +                      Format: { "old_map" }
 +                      old_map [X86-64]: switch to the old ioremap-based EFI
 +                      runtime services mapping. 32-bit still uses this one by
 +                      default.
 +
        efi_no_storage_paranoia [EFI; X86]
                        Using this parameter you can use more than 50% of
                        your efi variable storage. Use this parameter only if
@@@ -1100,9 -1084,6 +1116,9 @@@
                                VIA, nVidia)
                        verbose: show contents of HPET registers during setup
  
 +      hpet_mmap=      [X86, HPET_MMAP] Allow userspace to mmap HPET
 +                      registers.  Default set by CONFIG_HPET_MMAP_DEFAULT.
 +
        hugepages=      [HW,X86-32,IA-64] HugeTLB pages to allocate at boot.
        hugepagesz=     [HW,IA-64,PPC,X86-64] The size of the HugeTLB pages.
                        On x86-64 and powerpc, this option can be specified
@@@ -1220,24 -1201,15 +1236,24 @@@
                        owned by uid=0.
  
        ima_hash=       [IMA]
 -                      Format: { "sha1" | "md5" }
 +                      Format: { md5 | sha1 | rmd160 | sha256 | sha384
 +                                 | sha512 | ... }
                        default: "sha1"
  
 +                      The list of supported hash algorithms is defined
 +                      in crypto/hash_info.h.
 +
        ima_tcb         [IMA]
                        Load a policy which meets the needs of the Trusted
                        Computing Base.  This means IMA will measure all
                        programs exec'd, files mmap'd for exec, and all files
                        opened for read by uid=0.
  
 +      ima_template=   [IMA]
 +                      Select one of defined IMA measurements template formats.
 +                      Formats: { "ima" | "ima-ng" }
 +                      Default: "ima-ng"
 +
        init=           [KNL]
                        Format: <full_path>
                        Run specified binary instead of /sbin/init as init
@@@ -1559,8 -1531,6 +1575,8 @@@
  
                        * atapi_dmadir: Enable ATAPI DMADIR bridge support
  
 +                      * disable: Disable this device.
 +
                        If there are multiple matching configurations changing
                        the same attribute, the last one is used.
  
@@@ -1819,9 -1789,6 +1835,9 @@@
                        that the amount of memory usable for all allocations
                        is not too small.
  
 +      movable_node    [KNL,X86] Boot-time switch to enable the effects
 +                      of CONFIG_MOVABLE_NODE=y. See mm/Kconfig for details.
 +
        MTD_Partition=  [MTD]
                        Format: <name>,<region-number>,<size>,<offset>
  
@@@ -2024,10 -1991,6 +2040,10 @@@
        noapic          [SMP,APIC] Tells the kernel to not make use of any
                        IOAPICs that may be present in the system.
  
 +      nokaslr         [X86]
 +                      Disable kernel base offset ASLR (Address Space
 +                      Layout Randomization) if built into the kernel.
 +
        noautogroup     Disable scheduler automatic task group creation.
  
        nobats          [PPC] Do not use BATs for mapping kernel lowmem
@@@ -2652,7 -2615,7 +2668,7 @@@
        ramdisk_size=   [RAM] Sizes of RAM disks in kilobytes
                        See Documentation/blockdev/ramdisk.txt.
  
 -      rcu_nocbs=      [KNL,BOOT]
 +      rcu_nocbs=      [KNL]
                        In kernels built with CONFIG_RCU_NOCB_CPU=y, set
                        the specified list of CPUs to be no-callback CPUs.
                        Invocation of these CPUs' RCU callbacks will
@@@ -2661,10 -2624,11 +2677,10 @@@
                        for RCU-preempt, and "s" for RCU-sched, and "N"
                        is the CPU number.  This reduces OS jitter on the
                        offloaded CPUs, which can be useful for HPC and
 -
                        real-time workloads.  It can also improve energy
                        efficiency for asymmetric multiprocessors.
  
 -      rcu_nocb_poll   [KNL,BOOT]
 +      rcu_nocb_poll   [KNL]
                        Rather than requiring that offloaded CPUs
                        (specified by rcu_nocbs= above) explicitly
                        awaken the corresponding "rcuoN" kthreads,
@@@ -2675,145 -2639,126 +2691,145 @@@
                        energy efficiency by requiring that the kthreads
                        periodically wake up to do the polling.
  
 -      rcutree.blimit= [KNL,BOOT]
 -                      Set maximum number of finished RCU callbacks to process
 -                      in one batch.
 +      rcutree.blimit= [KNL]
 +                      Set maximum number of finished RCU callbacks to
 +                      process in one batch.
  
 -      rcutree.fanout_leaf=    [KNL,BOOT]
 +      rcutree.rcu_fanout_leaf= [KNL]
                        Increase the number of CPUs assigned to each
                        leaf rcu_node structure.  Useful for very large
                        systems.
  
 -      rcutree.jiffies_till_first_fqs= [KNL,BOOT]
 +      rcutree.jiffies_till_first_fqs= [KNL]
                        Set delay from grace-period initialization to
                        first attempt to force quiescent states.
                        Units are jiffies, minimum value is zero,
                        and maximum value is HZ.
  
 -      rcutree.jiffies_till_next_fqs= [KNL,BOOT]
 +      rcutree.jiffies_till_next_fqs= [KNL]
                        Set delay between subsequent attempts to force
                        quiescent states.  Units are jiffies, minimum
                        value is one, and maximum value is HZ.
  
 -      rcutree.qhimark=        [KNL,BOOT]
 -                      Set threshold of queued
 -                      RCU callbacks over which batch limiting is disabled.
 +      rcutree.qhimark= [KNL]
 +                      Set threshold of queued RCU callbacks beyond which
 +                      batch limiting is disabled.
  
 -      rcutree.qlowmark=       [KNL,BOOT]
 +      rcutree.qlowmark= [KNL]
                        Set threshold of queued RCU callbacks below which
                        batch limiting is re-enabled.
  
 -      rcutree.rcu_cpu_stall_suppress= [KNL,BOOT]
 -                      Suppress RCU CPU stall warning messages.
 -
 -      rcutree.rcu_cpu_stall_timeout= [KNL,BOOT]
 -                      Set timeout for RCU CPU stall warning messages.
 -
 -      rcutree.rcu_idle_gp_delay=      [KNL,BOOT]
 +      rcutree.rcu_idle_gp_delay= [KNL]
                        Set wakeup interval for idle CPUs that have
                        RCU callbacks (RCU_FAST_NO_HZ=y).
  
 -      rcutree.rcu_idle_lazy_gp_delay= [KNL,BOOT]
 +      rcutree.rcu_idle_lazy_gp_delay= [KNL]
                        Set wakeup interval for idle CPUs that have
                        only "lazy" RCU callbacks (RCU_FAST_NO_HZ=y).
                        Lazy RCU callbacks are those which RCU can
                        prove do nothing more than free memory.
  
 -      rcutorture.fqs_duration= [KNL,BOOT]
 +      rcutorture.fqs_duration= [KNL]
                        Set duration of force_quiescent_state bursts.
  
 -      rcutorture.fqs_holdoff= [KNL,BOOT]
 +      rcutorture.fqs_holdoff= [KNL]
                        Set holdoff time within force_quiescent_state bursts.
  
 -      rcutorture.fqs_stutter= [KNL,BOOT]
 +      rcutorture.fqs_stutter= [KNL]
                        Set wait time between force_quiescent_state bursts.
  
 -      rcutorture.irqreader= [KNL,BOOT]
 -                      Test RCU readers from irq handlers.
 +      rcutorture.gp_exp= [KNL]
 +                      Use expedited update-side primitives.
 +
 +      rcutorture.gp_normal= [KNL]
 +                      Use normal (non-expedited) update-side primitives.
 +                      If both gp_exp and gp_normal are set, do both.
 +                      If neither gp_exp nor gp_normal are set, still
 +                      do both.
  
 -      rcutorture.n_barrier_cbs= [KNL,BOOT]
 +      rcutorture.n_barrier_cbs= [KNL]
                        Set callbacks/threads for rcu_barrier() testing.
  
 -      rcutorture.nfakewriters= [KNL,BOOT]
 +      rcutorture.nfakewriters= [KNL]
                        Set number of concurrent RCU writers.  These just
                        stress RCU, they don't participate in the actual
                        test, hence the "fake".
  
 -      rcutorture.nreaders= [KNL,BOOT]
 +      rcutorture.nreaders= [KNL]
                        Set number of RCU readers.
  
 -      rcutorture.onoff_holdoff= [KNL,BOOT]
 +      rcutorture.object_debug= [KNL]
 +                      Enable debug-object double-call_rcu() testing.
 +
 +      rcutorture.onoff_holdoff= [KNL]
                        Set time (s) after boot for CPU-hotplug testing.
  
 -      rcutorture.onoff_interval= [KNL,BOOT]
 +      rcutorture.onoff_interval= [KNL]
                        Set time (s) between CPU-hotplug operations, or
                        zero to disable CPU-hotplug testing.
  
 -      rcutorture.shuffle_interval= [KNL,BOOT]
 +      rcutorture.rcutorture_runnable= [BOOT]
 +                      Start rcutorture running at boot time.
 +
 +      rcutorture.shuffle_interval= [KNL]
                        Set task-shuffle interval (s).  Shuffling tasks
                        allows some CPUs to go into dyntick-idle mode
                        during the rcutorture test.
  
 -      rcutorture.shutdown_secs= [KNL,BOOT]
 +      rcutorture.shutdown_secs= [KNL]
                        Set time (s) after boot system shutdown.  This
                        is useful for hands-off automated testing.
  
 -      rcutorture.stall_cpu= [KNL,BOOT]
 +      rcutorture.stall_cpu= [KNL]
                        Duration of CPU stall (s) to test RCU CPU stall
                        warnings, zero to disable.
  
 -      rcutorture.stall_cpu_holdoff= [KNL,BOOT]
 +      rcutorture.stall_cpu_holdoff= [KNL]
                        Time to wait (s) after boot before inducing stall.
  
 -      rcutorture.stat_interval= [KNL,BOOT]
 +      rcutorture.stat_interval= [KNL]
                        Time (s) between statistics printk()s.
  
 -      rcutorture.stutter= [KNL,BOOT]
 +      rcutorture.stutter= [KNL]
                        Time (s) to stutter testing, for example, specifying
                        five seconds causes the test to run for five seconds,
                        wait for five seconds, and so on.  This tests RCU's
                        ability to transition abruptly to and from idle.
  
 -      rcutorture.test_boost= [KNL,BOOT]
 +      rcutorture.test_boost= [KNL]
                        Test RCU priority boosting?  0=no, 1=maybe, 2=yes.
                        "Maybe" means test if the RCU implementation
                        under test support RCU priority boosting.
  
 -      rcutorture.test_boost_duration= [KNL,BOOT]
 +      rcutorture.test_boost_duration= [KNL]
                        Duration (s) of each individual boost test.
  
 -      rcutorture.test_boost_interval= [KNL,BOOT]
 +      rcutorture.test_boost_interval= [KNL]
                        Interval (s) between each boost test.
  
 -      rcutorture.test_no_idle_hz= [KNL,BOOT]
 +      rcutorture.test_no_idle_hz= [KNL]
                        Test RCU's dyntick-idle handling.  See also the
                        rcutorture.shuffle_interval parameter.
  
 -      rcutorture.torture_type= [KNL,BOOT]
 +      rcutorture.torture_type= [KNL]
                        Specify the RCU implementation to test.
  
 -      rcutorture.verbose= [KNL,BOOT]
 +      rcutorture.verbose= [KNL]
                        Enable additional printk() statements.
  
 +      rcupdate.rcu_expedited= [KNL]
 +                      Use expedited grace-period primitives, for
 +                      example, synchronize_rcu_expedited() instead
 +                      of synchronize_rcu().  This reduces latency,
 +                      but can increase CPU utilization, degrade
 +                      real-time latency, and degrade energy efficiency.
 +
 +      rcupdate.rcu_cpu_stall_suppress= [KNL]
 +                      Suppress RCU CPU stall warning messages.
 +
 +      rcupdate.rcu_cpu_stall_timeout= [KNL]
 +                      Set timeout for RCU CPU stall warning messages.
 +
        rdinit=         [KNL]
                        Format: <full_path>
                        Run specified binary instead of /init from the ramdisk,
@@@ -3542,11 -3487,11 +3558,11 @@@
                        default x2apic cluster mode on platforms
                        supporting x2apic.
  
 -      x86_mrst_timer= [X86-32,APBT]
 -                      Choose timer option for x86 Moorestown MID platform.
 +      x86_intel_mid_timer= [X86-32,APBT]
 +                      Choose timer option for x86 Intel MID platform.
                        Two valid options are apbt timer only and lapic timer
                        plus one apbt timer for broadcast timer.
 -                      x86_mrst_timer=apbt_only | lapic_and_apbt
 +                      x86_intel_mid_timer=apbt_only | lapic_and_apbt
  
        xen_emul_unplug=                [HW,X86,XEN]
                        Unplug Xen emulated devices

diff --combined MAINTAINERS
index 671047620dbb6a53291781b32affd054f018865c,bfbfe5156731bdce7634442f241509c73f253342..3229945a96b3b2782a4dda4ef28f5214fcc77127
--- 1/MAINTAINERS
--- 2/MAINTAINERS
+++ b/MAINTAINERS
@@@ -253,20 -253,6 +253,20 @@@ F:       drivers/pci/*acpi
  F:    drivers/pci/*/*acpi*
  F:    drivers/pci/*/*/*acpi*
  
 +ACPI COMPONENT ARCHITECTURE (ACPICA)
 +M:    Robert Moore <robert.moore@intel.com>
 +M:    Lv Zheng <lv.zheng@intel.com>
 +M:    Rafael J. Wysocki <rafael.j.wysocki@intel.com>
 +L:    linux-acpi@vger.kernel.org
 +L:    devel@acpica.org
 +W:    https://acpica.org/
 +W:    https://github.com/acpica/acpica/
 +Q:    https://patchwork.kernel.org/project/linux-acpi/list/
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
 +S:    Supported
 +F:    drivers/acpi/acpica/
 +F:    include/acpi/
 +
  ACPI FAN DRIVER
  M:    Zhang Rui <rui.zhang@intel.com>
  L:    linux-acpi@vger.kernel.org
@@@ -484,6 -470,7 +484,6 @@@ M: Hannes Reinecke <hare@suse.de
  L:    linux-scsi@vger.kernel.org
  S:    Maintained
  F:    drivers/scsi/aic7xxx/
 -F:    drivers/scsi/aic7xxx_old/
  
  AIMSLAB FM RADIO RECEIVER DRIVER
  M:    Hans Verkuil <hverkuil@xs4all.nl>
@@@ -776,13 -763,9 +776,13 @@@ W:       http://maxim.org.za/at91_26.htm
  W:    http://www.linux4sam.org
  S:    Supported
  F:    arch/arm/mach-at91/
 +F:    arch/arm/boot/dts/at91*.dts
 +F:    arch/arm/boot/dts/at91*.dtsi
 +F:    arch/arm/boot/dts/sama*.dts
 +F:    arch/arm/boot/dts/sama*.dtsi
  
  ARM/CALXEDA HIGHBANK ARCHITECTURE
 -M:    Rob Herring <rob.herring@calxeda.com>
 +M:    Rob Herring <robh@kernel.org>
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
  S:    Maintained
  F:    arch/arm/mach-highbank/
@@@ -892,15 -875,20 +892,15 @@@ F:      arch/arm/include/asm/hardware/dec212
  F:    arch/arm/mach-footbridge/
  
  ARM/FREESCALE IMX / MXC ARM ARCHITECTURE
 +M:    Shawn Guo <shawn.guo@linaro.org>
  M:    Sascha Hauer <kernel@pengutronix.de>
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
  S:    Maintained
 -T:    git git://git.pengutronix.de/git/imx/linux-2.6.git
 +T:    git git://git.linaro.org/people/shawnguo/linux-2.6.git
  F:    arch/arm/mach-imx/
 +F:    arch/arm/boot/dts/imx*
  F:    arch/arm/configs/imx*_defconfig
  
 -ARM/FREESCALE IMX6
 -M:    Shawn Guo <shawn.guo@linaro.org>
 -L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
 -S:    Maintained
 -T:    git git://git.linaro.org/people/shawnguo/linux-2.6.git
 -F:    arch/arm/mach-imx/*imx6*
 -
  ARM/FREESCALE MXS ARM ARCHITECTURE
  M:    Shawn Guo <shawn.guo@linaro.org>
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
@@@ -941,7 -929,7 +941,7 @@@ M: Javier Martinez Canillas <javier@dow
  L:    linux-omap@vger.kernel.org
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
  S:    Maintained
 -F:    arch/arm/mach-omap2/board-igep0020.c
 +F:    arch/arm/boot/dts/omap3-igep*
  
  ARM/INCOME PXA270 SUPPORT
  M:    Marek Vasut <marek.vasut@gmail.com>
@@@ -1007,8 -995,6 +1007,8 @@@ M:       Santosh Shilimkar <santosh.shilimkar
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
  S:    Maintained
  F:    arch/arm/mach-keystone/
 +F:    drivers/clk/keystone/
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/ssantosh/linux-keystone.git
  
  ARM/LOGICPD PXA270 MACHINE SUPPORT
  M:    Lennert Buytenhek <kernel@wantstofly.org>
@@@ -1066,6 -1052,7 +1066,6 @@@ S:      Maintaine
  ARM/NOMADIK ARCHITECTURE
  M:    Alessandro Rubini <rubini@unipv.it>
  M:    Linus Walleij <linus.walleij@linaro.org>
 -M:    STEricsson <STEricsson_nomadik_linux@list.st.com>
  L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
  S:    Maintained
  F:    arch/arm/mach-nomadik/
@@@ -1170,6 -1157,11 +1170,6 @@@ S:     Maintaine
  F:    arch/arm/mach-rockchip/
  F:    drivers/*/*rockchip*
  
 -ARM/SHARK MACHINE SUPPORT
 -M:    Alexander Schulz <alex@shark-linux.de>
 -W:    http://www.shark-linux.de/shark.html
 -S:    Maintained
 -
  ARM/SAMSUNG ARM ARCHITECTURES
  M:    Ben Dooks <ben-linux@fluff.org>
  M:    Kukjin Kim <kgene.kim@samsung.com>
@@@ -1177,8 -1169,6 +1177,8 @@@ L:      linux-arm-kernel@lists.infradead.or
  L:    linux-samsung-soc@vger.kernel.org (moderated for non-subscribers)
  W:    http://www.fluff.org/ben/linux/
  S:    Maintained
 +F:    arch/arm/boot/dts/s3c*
 +F:    arch/arm/boot/dts/exynos*
  F:    arch/arm/plat-samsung/
  F:    arch/arm/mach-s3c24*/
  F:    arch/arm/mach-s3c64xx/
@@@ -1367,9 -1357,6 +1367,9 @@@ T:      git git://git.xilinx.com/linux-xlnx.
  S:    Supported
  F:    arch/arm/mach-zynq/
  F:    drivers/cpuidle/cpuidle-zynq.c
 +N:    zynq
 +N:    xilinx
 +F:    drivers/clocksource/cadence_ttc_timer.c
  
  ARM SMMU DRIVER
  M:    Will Deacon <will.deacon@arm.com>
@@@ -1424,7 -1411,7 +1424,7 @@@ M:      Wolfram Sang <wsa@the-dreams.de
  L:    linux-i2c@vger.kernel.org
  S:    Maintained
  F:    drivers/misc/eeprom/at24.c
 -F:    include/linux/i2c/at24.h
 +F:    include/linux/platform_data/at24.h
  
  ATA OVER ETHERNET (AOE) DRIVER
  M:    "Ed L. Cashin" <ecashin@coraid.com>
@@@ -1597,11 -1584,10 +1597,10 @@@ S:      Supporte
  F:      drivers/scsi/esas2r
  
  AUDIT SUBSYSTEM
- M:    Al Viro <viro@zeniv.linux.org.uk>
  M:    Eric Paris <eparis@redhat.com>
  L:    linux-audit@redhat.com (subscribers-only)
  W:    http://people.redhat.com/sgrubb/audit/
- T:    git git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git
+ T:    git git://git.infradead.org/users/eparis/audit.git
  S:    Maintained
  F:    include/linux/audit.h
  F:    include/uapi/linux/audit.h
@@@ -1673,15 -1659,16 +1672,15 @@@ S:   Maintaine
  F:    drivers/net/wireless/b43legacy/
  
  BACKLIGHT CLASS/SUBSYSTEM
 -M:    Richard Purdie <rpurdie@rpsys.net>
  M:    Jingoo Han <jg1.han@samsung.com>
  S:    Maintained
  F:    drivers/video/backlight/
  F:    include/linux/backlight.h
  
  BATMAN ADVANCED
 -M:    Marek Lindner <lindner_marek@yahoo.de>
 -M:    Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
 -M:    Antonio Quartulli <ordex@autistici.org>
 +M:    Marek Lindner <mareklindner@neomailbox.ch>
 +M:    Simon Wunderlich <sw@simonwunderlich.de>
 +M:    Antonio Quartulli <antonio@meshcoding.com>
  L:    b.a.t.m.a.n@lists.open-mesh.org
  W:    http://www.open-mesh.org/
  S:    Maintained
@@@ -1834,7 -1821,7 +1833,7 @@@ F:      drivers/net/ethernet/broadcom/bnx2.
  F:    drivers/net/ethernet/broadcom/bnx2_*
  
  BROADCOM BNX2X 10 GIGABIT ETHERNET DRIVER
 -M:    Eilon Greenstein <eilong@broadcom.com>
 +M:    Ariel Elior <ariele@broadcom.com>
  L:    netdev@vger.kernel.org
  S:    Supported
  F:    drivers/net/ethernet/broadcom/bnx2x/
@@@ -1879,7 -1866,7 +1878,7 @@@ S:      Supporte
  F:    drivers/net/wireless/brcm80211/
  
  BROADCOM BNX2FC 10 GIGABIT FCOE DRIVER
 -M:    Bhanu Prakash Gollapudi <bprakash@broadcom.com>
 +M:    Eddie Wai <eddie.wai@broadcom.com>
  L:    linux-scsi@vger.kernel.org
  S:    Supported
  F:    drivers/scsi/bnx2fc/
@@@ -1933,8 -1920,7 +1932,8 @@@ S:      Maintaine
  F:    drivers/gpio/gpio-bt8xx.c
  
  BTRFS FILE SYSTEM
 -M:    Chris Mason <chris.mason@fusionio.com>
 +M:    Chris Mason <clm@fb.com>
 +M:    Josef Bacik <jbacik@fb.com>
  L:    linux-btrfs@vger.kernel.org
  W:    http://btrfs.wiki.kernel.org/
  Q:    http://patchwork.kernel.org/project/linux-btrfs/list/
@@@ -2137,17 -2123,11 +2136,17 @@@ S:   Maintaine
  F:    Documentation/zh_CN/
  
  CHIPIDEA USB HIGH SPEED DUAL ROLE CONTROLLER
 -M:    Alexander Shishkin <alexander.shishkin@linux.intel.com>
 +M:    Peter Chen <Peter.Chen@freescale.com>
 +T:    git://github.com/hzpeterchen/linux-usb.git
  L:    linux-usb@vger.kernel.org
  S:    Maintained
  F:    drivers/usb/chipidea/
  
 +CHROME HARDWARE PLATFORM SUPPORT
 +M:    Olof Johansson <olof@lixom.net>
 +S:    Maintained
 +F:    drivers/platform/chrome/
 +
  CISCO VIC ETHERNET NIC DRIVER
  M:    Christian Benvenuti <benve@cisco.com>
  M:    Sujith Sankar <ssujith@cisco.com>
@@@ -2391,7 -2371,7 +2390,7 @@@ F:      kernel/cpuset.
  
  CRAMFS FILESYSTEM
  W:    http://sourceforge.net/projects/cramfs/
 -S:    Orphan
 +S:    Orphan / Obsolete
  F:    Documentation/filesystems/cramfs.txt
  F:    fs/cramfs/
  
@@@ -2474,7 -2454,7 +2473,7 @@@ S:      Maintaine
  F:    drivers/media/dvb-frontends/cxd2820r*
  
  CXGB3 ETHERNET DRIVER (CXGB3)
 -M:    Divy Le Ray <divy@chelsio.com>
 +M:    Santosh Raspatur <santosh@chelsio.com>
  L:    netdev@vger.kernel.org
  W:    http://www.chelsio.com
  S:    Supported
@@@ -2618,7 -2598,7 +2617,7 @@@ S:      Maintaine
  F:    drivers/platform/x86/dell-laptop.c
  
  DELL LAPTOP SMM DRIVER
 -S:    Orphan
 +M:    Guenter Roeck <linux@roeck-us.net>
  F:    drivers/char/i8k.c
  F:    include/uapi/linux/i8k.h
  
@@@ -2637,7 -2617,7 +2636,7 @@@ DESIGNWARE USB2 DRD IP DRIVE
  M:    Paul Zimmerman <paulz@synopsys.com>
  L:    linux-usb@vger.kernel.org
  S:    Maintained
 -F:    drivers/staging/dwc2/
 +F:    drivers/usb/dwc2/
  
  DESIGNWARE USB3 DRD IP DRIVER
  M:    Felipe Balbi <balbi@ti.com>
@@@ -2666,7 -2646,6 +2665,7 @@@ M:      dm-devel@redhat.co
  L:    dm-devel@redhat.com
  W:    http://sources.redhat.com/dm
  Q:    http://patchwork.kernel.org/project/dm-devel/list/
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git
  T:    quilt http://people.redhat.com/agk/patches/linux/editing/
  S:    Maintained
  F:    Documentation/device-mapper/
@@@ -2827,10 -2806,8 +2826,10 @@@ F:    include/uapi/drm
  
  INTEL DRM DRIVERS (excluding Poulsbo, Moorestown and derivative chipsets)
  M:    Daniel Vetter <daniel.vetter@ffwll.ch>
 +M:    Jani Nikula <jani.nikula@linux.intel.com>
  L:    intel-gfx@lists.freedesktop.org
  L:    dri-devel@lists.freedesktop.org
 +Q:    http://patchwork.freedesktop.org/project/intel-gfx/
  T:    git git://people.freedesktop.org/~danvet/drm-intel
  S:    Supported
  F:    drivers/gpu/drm/i915/
@@@ -2856,9 -2833,7 +2855,9 @@@ L:      dri-devel@lists.freedesktop.or
  L:    linux-tegra@vger.kernel.org
  T:    git git://anongit.freedesktop.org/tegra/linux.git
  S:    Supported
 +F:    drivers/gpu/drm/tegra/
  F:    drivers/gpu/host1x/
 +F:    include/linux/host1x.h
  F:    include/uapi/drm/tegra_drm.h
  F:    Documentation/devicetree/bindings/gpu/nvidia,tegra20-host1x.txt
  
@@@ -3071,14 -3046,6 +3070,14 @@@ W:    bluesmoke.sourceforge.ne
  S:    Maintained
  F:    drivers/edac/amd64_edac*
  
 +EDAC-CALXEDA
 +M:    Doug Thompson <dougthompson@xmission.com>
 +M:    Robert Richter <rric@kernel.org>
 +L:    linux-edac@vger.kernel.org
 +W:    bluesmoke.sourceforge.net
 +S:    Maintained
 +F:    drivers/edac/highbank*
 +
  EDAC-CAVIUM
  M:    Ralf Baechle <ralf@linux-mips.org>
  M:    David Daney <david.daney@cavium.com>
@@@ -3160,13 -3127,6 +3159,13 @@@ W:    bluesmoke.sourceforge.ne
  S:    Maintained
  F:    drivers/edac/i82975x_edac.c
  
 +EDAC-MPC85XX
 +M:    Johannes Thumshirn <johannes.thumshirn@men.de>
 +L:    linux-edac@vger.kernel.org
 +W:    bluesmoke.sourceforge.net
 +S:    Maintained
 +F:    drivers/edac/mpc85xx_edac.[ch]
 +
  EDAC-PASEMI
  M:    Egor Martovetsky <egor@pasemi.com>
  L:    linux-edac@vger.kernel.org
@@@ -3334,7 -3294,6 +3333,7 @@@ EXTERNAL CONNECTOR SUBSYSTEM (EXTCON
  M:    MyungJoo Ham <myungjoo.ham@samsung.com>
  M:    Chanwoo Choi <cw00.choi@samsung.com>
  L:    linux-kernel@vger.kernel.org
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon.git
  S:    Maintained
  F:    drivers/extcon/
  F:    Documentation/extcon/
@@@ -3634,7 -3593,6 +3633,7 @@@ W:      http://en.wikipedia.org/wiki/F2F
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git
  S:    Maintained
  F:    Documentation/filesystems/f2fs.txt
 +F:    Documentation/ABI/testing/sysfs-fs-f2fs
  F:    fs/f2fs/
  F:    include/linux/f2fs_fs.h
  
@@@ -3732,14 -3690,6 +3731,14 @@@ S:    Maintaine
  F:    include/asm-generic/
  F:    include/uapi/asm-generic/
  
 +GENERIC PHY FRAMEWORK
 +M:    Kishon Vijay Abraham I <kishon@ti.com>
 +L:    linux-kernel@vger.kernel.org
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/kishon/linux-phy.git
 +S:    Supported
 +F:    drivers/phy/
 +F:    include/linux/phy/
 +
  GENERIC UIO DRIVER FOR PCI DEVICES
  M:    "Michael S. Tsirkin" <mst@redhat.com>
  L:    kvm@vger.kernel.org
@@@ -3769,11 -3719,9 +3768,11 @@@ F:    include/uapi/linux/gigaset_dev.
  
  GPIO SUBSYSTEM
  M:    Linus Walleij <linus.walleij@linaro.org>
 -S:    Maintained
 +M:    Alexandre Courbot <gnurou@gmail.com>
  L:    linux-gpio@vger.kernel.org
 -F:    Documentation/gpio.txt
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio.git
 +S:    Maintained
 +F:    Documentation/gpio/
  F:    drivers/gpio/
  F:    include/linux/gpio*
  F:    include/asm-generic/gpio.h
@@@ -3841,12 -3789,6 +3840,12 @@@ T:    git git://linuxtv.org/media_tree.gi
  S:    Maintained
  F:    drivers/media/usb/gspca/
  
 +GUID PARTITION TABLE (GPT)
 +M:    Davidlohr Bueso <davidlohr@hp.com>
 +L:    linux-efi@vger.kernel.org
 +S:    Maintained
 +F:    block/partitions/efi.*
 +
  STK1160 USB VIDEO CAPTURE DRIVER
  M:    Ezequiel Garcia <elezegarcia@gmail.com>
  L:    linux-media@vger.kernel.org
@@@ -4056,26 -3998,12 +4055,26 @@@ W:   http://artax.karlin.mff.cuni.cz/~mik
  S:    Maintained
  F:    fs/hpfs/
  
 +HSI SUBSYSTEM
 +M:    Sebastian Reichel <sre@debian.org>
 +S:    Maintained
 +F:    Documentation/ABI/testing/sysfs-bus-hsi
 +F:    drivers/hsi/
 +F:    include/linux/hsi/
 +F:    include/uapi/linux/hsi/
 +
  HSO 3G MODEM DRIVER
  M:    Jan Dumon <j.dumon@option.com>
  W:    http://www.pharscape.org
  S:    Maintained
  F:    drivers/net/usb/hso.c
  
 +HSR NETWORK PROTOCOL
 +M:    Arvid Brodin <arvid.brodin@alten.se>
 +L:    netdev@vger.kernel.org
 +S:    Maintained
 +F:    net/hsr/
 +
  HTCPEN TOUCHSCREEN DRIVER
  M:    Pau Oliva Fora <pof@eslack.org>
  L:    linux-input@vger.kernel.org
@@@ -4097,7 -4025,6 +4096,7 @@@ F:      arch/x86/include/uapi/asm/hyperv.
  F:    arch/x86/kernel/cpu/mshyperv.c
  F:    drivers/hid/hid-hyperv.c
  F:    drivers/hv/
 +F:    drivers/input/serio/hyperv-keyboard.c
  F:    drivers/net/hyperv/
  F:    drivers/scsi/storvsc_drv.c
  F:    drivers/video/hyperv_fb.c
@@@ -4304,7 -4231,7 +4303,7 @@@ S:      Maintaine
  F:    drivers/media/rc/iguanair.c
  
  IIO SUBSYSTEM AND DRIVERS
 -M:    Jonathan Cameron <jic23@cam.ac.uk>
 +M:    Jonathan Cameron <jic23@kernel.org>
  L:    linux-iio@vger.kernel.org
  S:    Maintained
  F:    drivers/iio/
@@@ -4482,8 -4409,10 +4481,8 @@@ M:     Bruce Allan <bruce.w.allan@intel.com
  M:    Carolyn Wyborny <carolyn.wyborny@intel.com>
  M:    Don Skidmore <donald.c.skidmore@intel.com>
  M:    Greg Rose <gregory.v.rose@intel.com>
 -M:    Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
  M:    Alex Duyck <alexander.h.duyck@intel.com>
  M:    John Ronciak <john.ronciak@intel.com>
 -M:    Tushar Dave <tushar.n.dave@intel.com>
  L:    e1000-devel@lists.sourceforge.net
  W:    http://www.intel.com/support/feedback.htm
  W:    http://e1000.sourceforge.net/
@@@ -4501,12 -4430,6 +4500,12 @@@ F:    Documentation/networking/ixgbevf.tx
  F:    Documentation/networking/i40e.txt
  F:    drivers/net/ethernet/intel/
  
 +INTEL-MID GPIO DRIVER
 +M:    David Cohen <david.a.cohen@linux.intel.com>
 +L:    linux-gpio@vger.kernel.org
 +S:    Maintained
 +F:    drivers/gpio/gpio-intel-mid.c
 +
  INTEL PRO/WIRELESS 2100, 2200BG, 2915ABG NETWORK CONNECTION SUPPORT
  M:    Stanislav Yakovlev <stas.yakovlev@gmail.com>
  L:    linux-wireless@vger.kernel.org
@@@ -4845,18 -4768,10 +4844,18 @@@ S:   Maintaine
  F:    Documentation/hwmon/k8temp
  F:    drivers/hwmon/k8temp.c
  
 +KTAP
 +M:    Jovi Zhangwei <jovi.zhangwei@gmail.com>
 +W:    http://www.ktap.org
 +L:    ktap@freelists.org
 +S:    Maintained
 +F:    drivers/staging/ktap/
 +
  KCONFIG
 -M:    Michal Marek <mmarek@suse.cz>
 +M:    "Yann E. MORIN" <yann.morin.1998@free.fr>
  L:    linux-kbuild@vger.kernel.org
 -S:    Odd Fixes
 +T:    git://gitorious.org/linux-kconfig/linux-kconfig
 +S:    Maintained
  F:    Documentation/kbuild/kconfig-language.txt
  F:    scripts/kconfig/
  
@@@ -4916,11 -4831,10 +4915,11 @@@ F:   include/linux/sunrpc
  F:    include/uapi/linux/sunrpc/
  
  KERNEL VIRTUAL MACHINE (KVM)
 -M:    Gleb Natapov <gleb@redhat.com>
 +M:    Gleb Natapov <gleb@kernel.org>
  M:    Paolo Bonzini <pbonzini@redhat.com>
  L:    kvm@vger.kernel.org
 -W:    http://linux-kvm.org
 +W:    http://www.linux-kvm.org
 +T:    git git://git.kernel.org/pub/scm/virt/kvm/kvm.git
  S:    Supported
  F:    Documentation/*/kvm*.txt
  F:    Documentation/virtual/kvm/
@@@ -5142,11 -5056,6 +5141,11 @@@ F:    drivers/lguest
  F:    include/linux/lguest*.h
  F:    tools/lguest/
  
 +LIBLOCKDEP
 +M:    Sasha Levin <sasha.levin@oracle.com>
 +S:    Maintained
 +F:    tools/lib/lockdep/
 +
  LINUX FOR IBM pSERIES (RS/6000)
  M:    Paul Mackerras <paulus@au.ibm.com>
  W:    http://www.ibm.com/linux/ltc/projects/ppc
@@@ -5265,7 -5174,6 +5264,7 @@@ M:      Jean Delvare <khali@linux-fr.org
  L:    lm-sensors@lm-sensors.org
  S:    Maintained
  F:    Documentation/hwmon/lm90
 +F:    Documentation/devicetree/bindings/hwmon/lm90.txt
  F:    drivers/hwmon/lm90.c
  
  LM95234 HARDWARE MONITOR DRIVER
@@@ -5291,7 -5199,7 +5290,7 @@@ S:      Maintaine
  F:    Documentation/lockdep*.txt
  F:    Documentation/lockstat.txt
  F:    include/linux/lockdep.h
 -F:    kernel/lockdep*
 +F:    kernel/locking/
  
  LOGICAL DISK MANAGER SUPPORT (LDM, Windows 2000/XP/Vista Dynamic Disks)
  M:    "Richard Russon (FlatCap)" <ldm@flatcap.org>
@@@ -5444,7 -5352,7 +5443,7 @@@ S:      Orpha
  F:    drivers/net/wireless/libertas/
  
  MARVELL MV643XX ETHERNET DRIVER
 -M:    Lennert Buytenhek <buytenh@wantstofly.org>
 +M:    Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
  L:    netdev@vger.kernel.org
  S:    Maintained
  F:    drivers/net/ethernet/marvell/mv643xx_eth.*
@@@ -5932,21 -5840,12 +5931,21 @@@ M:   Steffen Klassert <steffen.klassert@s
  M:    Herbert Xu <herbert@gondor.apana.org.au>
  M:    "David S. Miller" <davem@davemloft.net>
  L:    netdev@vger.kernel.org
 -T:    git git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git
  S:    Maintained
  F:    net/xfrm/
  F:    net/key/
  F:    net/ipv4/xfrm*
 +F:    net/ipv4/esp4.c
 +F:    net/ipv4/ah4.c
 +F:    net/ipv4/ipcomp.c
 +F:    net/ipv4/ip_vti.c
  F:    net/ipv6/xfrm*
 +F:    net/ipv6/esp6.c
 +F:    net/ipv6/ah6.c
 +F:    net/ipv6/ipcomp6.c
 +F:    net/ipv6/ip6_vti.c
  F:    include/uapi/linux/xfrm.h
  F:    include/net/xfrm.h
  
@@@ -6012,10 -5911,10 +6011,10 @@@ F:   drivers/nfc
  F:    include/linux/platform_data/pn544.h
  
  NFS, SUNRPC, AND LOCKD CLIENTS
 -M:    Trond Myklebust <Trond.Myklebust@netapp.com>
 +M:    Trond Myklebust <trond.myklebust@primarydata.com>
  L:    linux-nfs@vger.kernel.org
  W:    http://client.linux-nfs.org
 -T:    git git://git.linux-nfs.org/pub/linux/nfs-2.6.git
 +T:    git git://git.linux-nfs.org/projects/trondmy/linux-nfs.git
  S:    Maintained
  F:    fs/lockd/
  F:    fs/nfs/
@@@ -6209,12 -6108,6 +6208,12 @@@ L:    linux-omap@vger.kernel.or
  S:    Maintained
  F:    drivers/gpio/gpio-omap.c
  
 +OMAP/NEWFLOW NANOBONE MACHINE SUPPORT
 +M:    Mark Jackson <mpfj@newflow.co.uk>
 +L:    linux-omap@vger.kernel.org
 +S:    Maintained
 +F:    arch/arm/boot/dts/am335x-nano.dts
 +
  OMFS FILESYSTEM
  M:    Bob Copeland <me@bobcopeland.com>
  L:    linux-karma-devel@lists.sourceforge.net
@@@ -6267,7 -6160,7 +6266,7 @@@ F:      drivers/i2c/busses/i2c-ocores.
  
  OPEN FIRMWARE AND FLATTENED DEVICE TREE
  M:    Grant Likely <grant.likely@linaro.org>
 -M:    Rob Herring <rob.herring@calxeda.com>
 +M:    Rob Herring <robh+dt@kernel.org>
  L:    devicetree@vger.kernel.org
  W:    http://fdt.secretlab.ca
  T:    git git://git.secretlab.ca/git/linux-2.6.git
@@@ -6279,11 -6172,11 +6278,11 @@@ K:   of_get_propert
  K:    of_match_table
  
  OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS
 -M:    Rob Herring <rob.herring@calxeda.com>
 +M:    Rob Herring <robh+dt@kernel.org>
  M:    Pawel Moll <pawel.moll@arm.com>
  M:    Mark Rutland <mark.rutland@arm.com>
 -M:    Stephen Warren <swarren@wwwdotorg.org>
  M:    Ian Campbell <ijc+devicetree@hellion.org.uk>
 +M:    Kumar Gala <galak@codeaurora.org>
  L:    devicetree@vger.kernel.org
  S:    Maintained
  F:    Documentation/devicetree/
@@@ -6491,54 -6384,14 +6490,54 @@@ S:   Supporte
  F:    Documentation/PCI/
  F:    drivers/pci/
  F:    include/linux/pci*
 +F:    arch/x86/pci/
 +
 +PCI DRIVER FOR IMX6
 +M:    Richard Zhu <r65037@freescale.com>
 +M:    Shawn Guo <shawn.guo@linaro.org>
 +L:    linux-pci@vger.kernel.org
 +L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
 +S:    Maintained
 +F:    drivers/pci/host/*imx6*
 +
 +PCI DRIVER FOR MVEBU (Marvell Armada 370 and Armada XP SOC support)
 +M:    Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 +M:    Jason Cooper <jason@lakedaemon.net>
 +L:    linux-pci@vger.kernel.org
 +L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
 +S:    Maintained
 +F:    drivers/pci/host/*mvebu*
  
  PCI DRIVER FOR NVIDIA TEGRA
  M:    Thierry Reding <thierry.reding@gmail.com>
  L:    linux-tegra@vger.kernel.org
 +L:    linux-pci@vger.kernel.org
  S:    Supported
  F:    Documentation/devicetree/bindings/pci/nvidia,tegra20-pcie.txt
  F:    drivers/pci/host/pci-tegra.c
  
 +PCI DRIVER FOR RENESAS R-CAR
 +M:    Simon Horman <horms@verge.net.au>
 +L:    linux-pci@vger.kernel.org
 +L:    linux-sh@vger.kernel.org
 +S:    Maintained
 +F:    drivers/pci/host/*rcar*
 +
 +PCI DRIVER FOR SAMSUNG EXYNOS
 +M:    Jingoo Han <jg1.han@samsung.com>
 +L:    linux-pci@vger.kernel.org
 +L:    linux-arm-kernel@lists.infradead.org (moderated for non-subscribers)
 +L:    linux-samsung-soc@vger.kernel.org (moderated for non-subscribers)
 +S:    Maintained
 +F:    drivers/pci/host/pci-exynos.c
 +
 +PCI DRIVER FOR SYNOPSIS DESIGNWARE
 +M:    Mohit Kumar <mohit.kumar@st.com>
 +M:    Jingoo Han <jg1.han@samsung.com>
 +L:    linux-pci@vger.kernel.org
 +S:    Maintained
 +F:    drivers/pci/host/*designware*
 +
  PCMCIA SUBSYSTEM
  P:    Linux PCMCIA Team
  L:    linux-pcmcia@lists.infradead.org
@@@ -6712,7 -6565,7 +6711,7 @@@ F:      include/linux/timer
  F:    kernel/*timer*
  
  POWER SUPPLY CLASS/SUBSYSTEM and DRIVERS
 -M:    Anton Vorontsov <anton@enomsg.org>
 +M:    Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  M:    David Woodhouse <dwmw2@infradead.org>
  T:    git git://git.infradead.org/battery-2.6.git
  S:    Maintained
@@@ -6877,7 -6730,8 +6876,7 @@@ PWM SUBSYSTE
  M:    Thierry Reding <thierry.reding@gmail.com>
  L:    linux-pwm@vger.kernel.org
  S:    Maintained
 -W:    http://gitorious.org/linux-pwm
 -T:    git git://gitorious.org/linux-pwm/linux-pwm.git
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm.git
  F:    Documentation/pwm.txt
  F:    Documentation/devicetree/bindings/pwm/
  F:    include/linux/pwm.h
@@@ -6931,7 -6785,8 +6930,7 @@@ S:      Maintaine
  F:    drivers/scsi/qla1280.[ch]
  
  QLOGIC QLA2XXX FC-SCSI DRIVER
 -M:    Andrew Vasquez <andrew.vasquez@qlogic.com>
 -M:    linux-driver@qlogic.com
 +M:    qla2xxx-upstream@qlogic.com
  L:    linux-scsi@vger.kernel.org
  S:    Supported
  F:    Documentation/scsi/LICENSE.qla2xxx
@@@ -7007,14 -6862,6 +7006,14 @@@ L:    linux-hexagon@vger.kernel.or
  S:    Supported
  F:    arch/hexagon/
  
 +QUALCOMM WCN36XX WIRELESS DRIVER
 +M:    Eugene Krasnikov <k.eugene.e@gmail.com>
 +L:    wcn36xx@lists.infradead.org
 +W:    http://wireless.kernel.org/en/users/Drivers/wcn36xx
 +T:    git git://github.com/KrasnikovEugene/wcn36xx.git
 +S:    Supported
 +F:    drivers/net/wireless/ath/wcn36xx/
 +
  QUICKCAM PARALLEL PORT WEBCAMS
  M:    Hans Verkuil <hverkuil@xs4all.nl>
  L:    linux-media@vger.kernel.org
@@@ -7102,13 -6949,7 +7101,13 @@@ M:    "Paul E. McKenney" <paulmck@linux.vn
  S:    Supported
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git
  F:    Documentation/RCU/torture.txt
 -F:    kernel/rcutorture.c
 +F:    kernel/rcu/torture.c
 +
 +RCUTORTURE TEST FRAMEWORK
 +M:    "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
 +S:    Supported
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git
 +F:    tools/testing/selftests/rcutorture
  
  RDC R-321X SoC
  M:    Florian Fainelli <florian@openwrt.org>
@@@ -7135,9 -6976,8 +7134,9 @@@ T:      git git://git.kernel.org/pub/scm/lin
  F:    Documentation/RCU/
  X:    Documentation/RCU/torture.txt
  F:    include/linux/rcu*
 -F:    kernel/rcu*
 -X:    kernel/rcutorture.c
 +X:    include/linux/srcu.h
 +F:    kernel/rcu/
 +X:    kernel/rcu/torture.c
  
  REAL TIME CLOCK (RTC) SUBSYSTEM
  M:    Alessandro Zummo <a.zummo@towertech.it>
@@@ -7450,7 -7290,7 +7449,7 @@@ S:      Odd Fixe
  F:    drivers/media/usb/tlg2300/
  
  SC1200 WDT DRIVER
 -M:    Zwane Mwaikambo <zwane@arm.linux.org.uk>
 +M:    Zwane Mwaikambo <zwanem@gmail.com>
  S:    Maintained
  F:    drivers/watchdog/sc1200wdt.c
  
@@@ -7462,7 -7302,6 +7461,7 @@@ S:      Maintaine
  F:    kernel/sched/
  F:    include/linux/sched.h
  F:    include/uapi/linux/sched.h
 +F:    include/linux/wait.h
  
  SCORE ARCHITECTURE
  M:    Chen Liqin <liqin.linux@gmail.com>
@@@ -7491,9 -7330,8 +7490,9 @@@ F:      include/scsi/srp.
  SCSI SG DRIVER
  M:    Doug Gilbert <dgilbert@interlog.com>
  L:    linux-scsi@vger.kernel.org
 -W:    http://www.torque.net/sg
 +W:    http://sg.danny.cz/sg
  S:    Maintained
 +F:    Documentation/scsi/scsi-generic.txt
  F:    drivers/scsi/sg.c
  F:    include/scsi/sg.h
  
@@@ -7598,10 -7436,9 +7597,10 @@@ SELINUX SECURITY MODUL
  M:    Stephen Smalley <sds@tycho.nsa.gov>
  M:    James Morris <james.l.morris@oracle.com>
  M:    Eric Paris <eparis@parisplace.org>
 +M:    Paul Moore <paul@paul-moore.com>
  L:    selinux@tycho.nsa.gov (subscribers-only, general discussion)
  W:    http://selinuxproject.org
 -T:    git git://git.infradead.org/users/eparis/selinux.git
 +T:    git git://git.infradead.org/users/pcmoore/selinux
  S:    Supported
  F:    include/linux/selinux*
  F:    security/selinux/
@@@ -7827,8 -7664,8 +7826,8 @@@ M:      "Paul E. McKenney" <paulmck@linux.vn
  W:    http://www.rdrop.com/users/paulmck/RCU/
  S:    Supported
  T:    git git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git
 -F:    include/linux/srcu*
 -F:    kernel/srcu*
 +F:    include/linux/srcu.h
 +F:    kernel/rcu/srcu.c
  
  SMACK SECURITY MODULE
  M:    Casey Schaufler <casey@schaufler-ca.com>
@@@ -8163,7 -8000,7 +8162,7 @@@ S:      Maintaine
  F:    drivers/staging/media/go7007/
  
  STAGING - INDUSTRIAL IO
 -M:    Jonathan Cameron <jic23@cam.ac.uk>
 +M:    Jonathan Cameron <jic23@kernel.org>
  L:    linux-iio@vger.kernel.org
  S:    Odd Fixes
  F:    drivers/staging/iio/
@@@ -8746,10 -8583,13 +8745,10 @@@ S:   Odd fixe
  F:    drivers/media/usb/tm6000/
  
  TPM DEVICE DRIVER
 -M:    Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>
 +M:    Peter Huewe <peterhuewe@gmx.de>
  M:    Ashley Lai <ashley@ashleylai.com>
 -M:    Rajiv Andrade <mail@srajiv.net>
 -W:    http://tpmdd.sourceforge.net
  M:    Marcel Selhorst <tpmdd@selhorst.net>
 -M:    Sirrix AG <tpmdd@sirrix.com>
 -W:    http://www.sirrix.com
 +W:    http://tpmdd.sourceforge.net
  L:    tpmdd-devel@lists.sourceforge.net (moderated for non-subscribers)
  S:    Maintained
  F:    drivers/char/tpm/
@@@ -8841,6 -8681,14 +8840,6 @@@ S:     Maintaine
  F:    arch/m68k/*/*_no.*
  F:    arch/m68k/include/asm/*_no.*
  
 -UCLINUX FOR RENESAS H8/300 (H8300)
 -M:    Yoshinori Sato <ysato@users.sourceforge.jp>
 -W:    http://uclinux-h8.sourceforge.jp/
 -S:    Supported
 -F:    arch/h8300/
 -F:    drivers/ide/ide-h8300.c
 -F:    drivers/net/ethernet/8390/ne-h8300.c
 -
  UDF FILESYSTEM
  M:    Jan Kara <jack@suse.cz>
  S:    Maintained
@@@ -9041,8 -8889,8 +9040,8 @@@ USB PEGASUS DRIVE
  M:    Petko Manolov <petkan@nucleusys.com>
  L:    linux-usb@vger.kernel.org
  L:    netdev@vger.kernel.org
 -T:    git git://git.code.sf.net/p/pegasus2/git
 -W:    http://pegasus2.sourceforge.net/
 +T:    git git://github.com/petkan/pegasus.git
 +W:    https://github.com/petkan/pegasus
  S:    Maintained
  F:    drivers/net/usb/pegasus.*
  
@@@ -9063,8 -8911,8 +9062,8 @@@ USB RTL8150 DRIVE
  M:    Petko Manolov <petkan@nucleusys.com>
  L:    linux-usb@vger.kernel.org
  L:    netdev@vger.kernel.org
 -T:    git git://git.code.sf.net/p/pegasus2/git
 -W:    http://pegasus2.sourceforge.net/
 +T:    git git://github.com/petkan/rtl8150.git
 +W:    https://github.com/petkan/rtl8150
  S:    Maintained
  F:    drivers/net/usb/rtl8150.c
  
@@@ -9239,7 -9087,6 +9238,7 @@@ F:      include/media/videobuf2-
  
  VIRTIO CONSOLE DRIVER
  M:    Amit Shah <amit.shah@redhat.com>
 +L:    virtio-dev@lists.oasis-open.org
  L:    virtualization@lists.linux-foundation.org
  S:    Maintained
  F:    drivers/char/virtio_console.c
@@@ -9249,7 -9096,6 +9248,7 @@@ F:      include/uapi/linux/virtio_console.
  VIRTIO CORE, NET AND BLOCK DRIVERS
  M:    Rusty Russell <rusty@rustcorp.com.au>
  M:    "Michael S. Tsirkin" <mst@redhat.com>
 +L:    virtio-dev@lists.oasis-open.org
  L:    virtualization@lists.linux-foundation.org
  S:    Maintained
  F:    drivers/virtio/
@@@ -9262,7 -9108,6 +9261,7 @@@ F:      include/uapi/linux/virtio_*.
  VIRTIO HOST (VHOST)
  M:    "Michael S. Tsirkin" <mst@redhat.com>
  L:    kvm@vger.kernel.org
 +L:    virtio-dev@lists.oasis-open.org
  L:    virtualization@lists.linux-foundation.org
  L:    netdev@vger.kernel.org
  S:    Maintained
@@@ -9560,7 -9405,6 +9559,7 @@@ M:      Konrad Rzeszutek Wilk <konrad.wilk@o
  M:    Boris Ostrovsky <boris.ostrovsky@oracle.com>
  M:    David Vrabel <david.vrabel@citrix.com>
  L:    xen-devel@lists.xenproject.org (moderated for non-subscribers)
 +T:    git git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip.git
  S:    Supported
  F:    arch/x86/xen/
  F:    drivers/*/xen-*front.c
@@@ -9607,8 -9451,8 +9606,8 @@@ F:      drivers/xen/*swiotlb
  
  XFS FILESYSTEM
  P:    Silicon Graphics Inc
 +M:    Dave Chinner <david@fromorbit.com>
  M:    Ben Myers <bpm@sgi.com>
 -M:    Alex Elder <elder@kernel.org>
  M:    xfs@oss.sgi.com
  L:    xfs@oss.sgi.com
  W:    http://oss.sgi.com/projects/xfs

diff --combined include/linux/init_task.h
index 1516a8ff8f92bbfb6238b90b133ff84e1cc29035,a143df5ee548a2082010c0c0620b473490fd4a04..6df7f9fe0d014faab41d122c41765ef69bf7ee59
--- 1/include/linux/init_task.h
--- 2/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@@ -11,7 -11,6 +11,7 @@@
  #include <linux/user_namespace.h>
  #include <linux/securebits.h>
  #include <linux/seqlock.h>
 +#include <linux/rbtree.h>
  #include <net/net_namespace.h>
  #include <linux/sched/rt.h>
  
@@@ -33,15 -32,14 +33,15 @@@ extern struct fs_struct init_fs
  #endif
  
  #ifdef CONFIG_CPUSETS
 -#define INIT_CPUSET_SEQ                                                       \
 -      .mems_allowed_seq = SEQCNT_ZERO,
 +#define INIT_CPUSET_SEQ(tsk)                                                  \
 +      .mems_allowed_seq = SEQCNT_ZERO(tsk.mems_allowed_seq),
  #else
 -#define INIT_CPUSET_SEQ
 +#define INIT_CPUSET_SEQ(tsk)
  #endif
  
  #define INIT_SIGNALS(sig) {                                           \
        .nr_threads     = 1,                                            \
 +      .thread_head    = LIST_HEAD_INIT(init_task.thread_node),        \
        .wait_chldexit  = __WAIT_QUEUE_HEAD_INITIALIZER(sig.wait_chldexit),\
        .shared_pending = {                                             \
                .list = LIST_HEAD_INIT(sig.shared_pending.list),        \
@@@ -97,7 -95,7 +97,7 @@@ extern struct group_info init_groups
  #ifdef CONFIG_AUDITSYSCALL
  #define INIT_IDS \
        .loginuid = INVALID_UID, \
-       .sessionid = -1,
+       .sessionid = (unsigned int)-1,
  #else
  #define INIT_IDS
  #endif
@@@ -156,14 -154,6 +156,14 @@@ extern struct task_group root_task_grou
  
  #define INIT_TASK_COMM "swapper"
  
 +#ifdef CONFIG_RT_MUTEXES
 +# define INIT_RT_MUTEXES(tsk)                                         \
 +      .pi_waiters = RB_ROOT,                                          \
 +      .pi_waiters_leftmost = NULL,
 +#else
 +# define INIT_RT_MUTEXES(tsk)
 +#endif
 +
  /*
   *  INIT_TASK is used to set up the first task table, touch at
   * your own risk!. Base=0, limit=0x1fffff (=2MB)
@@@ -223,7 -213,6 +223,7 @@@
                [PIDTYPE_SID]  = INIT_PID_LINK(PIDTYPE_SID),            \
        },                                                              \
        .thread_group   = LIST_HEAD_INIT(tsk.thread_group),             \
 +      .thread_node    = LIST_HEAD_INIT(init_signals.thread_head),     \
        INIT_IDS                                                        \
        INIT_PERF_EVENTS(tsk)                                           \
        INIT_TRACE_IRQFLAGS                                             \
@@@ -231,8 -220,7 +231,8 @@@
        INIT_FTRACE_GRAPH                                               \
        INIT_TRACE_RECURSION                                            \
        INIT_TASK_RCU_PREEMPT(tsk)                                      \
 -      INIT_CPUSET_SEQ                                                 \
 +      INIT_CPUSET_SEQ(tsk)                                            \
 +      INIT_RT_MUTEXES(tsk)                                            \
        INIT_VTIME(tsk)                                                 \
  }
  

diff --combined include/net/xfrm.h
index 6b82fdf4ba716898ea53fb0cf2e66690a66d1479,f8d32b908423f5fa595694eeef778d70f17517d6..1d535f4d3873a67a811174f0d4df34494da250e8
--- 1/include/net/xfrm.h
--- 2/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@@ -307,17 -307,15 +307,17 @@@ struct xfrm_policy_afinfo 
        struct dst_entry        *(*blackhole_route)(struct net *net, struct dst_entry *orig);
  };
  
 -extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
 -extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
 -extern void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c);
 -extern void km_state_notify(struct xfrm_state *x, const struct km_event *c);
 +int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
 +int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
 +void km_policy_notify(struct xfrm_policy *xp, int dir,
 +                    const struct km_event *c);
 +void km_state_notify(struct xfrm_state *x, const struct km_event *c);
  
  struct xfrm_tmpl;
 -extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
 -extern void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
 -extern int __xfrm_state_delete(struct xfrm_state *x);
 +int km_query(struct xfrm_state *x, struct xfrm_tmpl *t,
 +           struct xfrm_policy *pol);
 +void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
 +int __xfrm_state_delete(struct xfrm_state *x);
  
  struct xfrm_state_afinfo {
        unsigned int            family;
@@@ -346,12 -344,12 +346,12 @@@
        void                    (*local_error)(struct sk_buff *skb, u32 mtu);
  };
  
 -extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
 -extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
 -extern struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
 -extern void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
 +int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
 +int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
 +struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
 +void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
  
 -extern void xfrm_state_delete_tunnel(struct xfrm_state *x);
 +void xfrm_state_delete_tunnel(struct xfrm_state *x);
  
  struct xfrm_type {
        char                    *description;
@@@ -374,8 -372,8 +374,8 @@@
        u32                     (*get_mtu)(struct xfrm_state *, int size);
  };
  
 -extern int xfrm_register_type(const struct xfrm_type *type, unsigned short family);
 -extern int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family);
 +int xfrm_register_type(const struct xfrm_type *type, unsigned short family);
 +int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family);
  
  struct xfrm_mode {
        /*
@@@ -436,8 -434,8 +436,8 @@@ enum 
        XFRM_MODE_FLAG_TUNNEL = 1,
  };
  
 -extern int xfrm_register_mode(struct xfrm_mode *mode, int family);
 -extern int xfrm_unregister_mode(struct xfrm_mode *mode, int family);
 +int xfrm_register_mode(struct xfrm_mode *mode, int family);
 +int xfrm_unregister_mode(struct xfrm_mode *mode, int family);
  
  static inline int xfrm_af2proto(unsigned int family)
  {
@@@ -597,8 -595,8 +597,8 @@@ struct xfrm_mgr 
                                           const struct xfrm_kmaddress *k);
  };
  
 -extern int xfrm_register_km(struct xfrm_mgr *km);
 -extern int xfrm_unregister_km(struct xfrm_mgr *km);
 +int xfrm_register_km(struct xfrm_mgr *km);
 +int xfrm_unregister_km(struct xfrm_mgr *km);
  
  /*
   * This structure is used for the duration where packets are being
@@@ -681,7 -679,7 +681,7 @@@ struct xfrm_spi_skb_cb 
  struct xfrm_audit {
        u32     secid;
        kuid_t  loginuid;
-       u32     sessionid;
+       unsigned int sessionid;
  };
  
  #ifdef CONFIG_AUDITSYSCALL
@@@ -699,7 -697,7 +699,7 @@@ static inline struct audit_buffer *xfrm
        return audit_buf;
  }
  
- static inline void xfrm_audit_helper_usrinfo(kuid_t auid, u32 ses, u32 secid,
+ static inline void xfrm_audit_helper_usrinfo(kuid_t auid, unsigned int ses, u32 secid,
                                             struct audit_buffer *audit_buf)
  {
        char *secctx;
@@@ -715,42 -713,42 +715,42 @@@
                audit_log_task_context(audit_buf);
  }
  
 -extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
 -                                kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
 -                                kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
 -                               kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
 -                                  kuid_t auid, unsigned int ses, u32 secid);
 -extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 -                                           struct sk_buff *skb);
 -extern void xfrm_audit_state_replay(struct xfrm_state *x,
 -                                  struct sk_buff *skb, __be32 net_seq);
 -extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
 -extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
 -                                    __be32 net_spi, __be32 net_seq);
 -extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
 -                                   struct sk_buff *skb, u8 proto);
 +void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, kuid_t auid,
-                          u32 ses, u32 secid);
++                         unsigned int ses, u32 secid);
 +void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, kuid_t auid,
-                             u32 ses, u32 secid);
++                            unsigned int ses, u32 secid);
 +void xfrm_audit_state_add(struct xfrm_state *x, int result, kuid_t auid,
-                         u32 ses, u32 secid);
++                        unsigned int ses, u32 secid);
 +void xfrm_audit_state_delete(struct xfrm_state *x, int result, kuid_t auid,
-                            u32 ses, u32 secid);
++                           unsigned int ses, u32 secid);
 +void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
 +                                    struct sk_buff *skb);
 +void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb,
 +                           __be32 net_seq);
 +void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
 +void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, __be32 net_spi,
 +                             __be32 net_seq);
 +void xfrm_audit_state_icvfail(struct xfrm_state *x, struct sk_buff *skb,
 +                            u8 proto);
  #else
  
  static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-                                 kuid_t auid, u32 ses, u32 secid)
+                                 kuid_t auid, unsigned int ses, u32 secid)
  {
  }
  
  static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-                                 kuid_t auid, u32 ses, u32 secid)
+                                 kuid_t auid, unsigned int ses, u32 secid)
  {
  }
  
  static inline void xfrm_audit_state_add(struct xfrm_state *x, int result,
-                                kuid_t auid, u32 ses, u32 secid)
+                                kuid_t auid, unsigned int ses, u32 secid)
  {
  }
  
  static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result,
-                                   kuid_t auid, u32 ses, u32 secid)
+                                   kuid_t auid, unsigned int ses, u32 secid)
  {
  }
  
@@@ -786,7 -784,7 +786,7 @@@ static inline void xfrm_pol_hold(struc
                atomic_inc(&policy->refcnt);
  }
  
 -extern void xfrm_policy_destroy(struct xfrm_policy *policy);
 +void xfrm_policy_destroy(struct xfrm_policy *policy);
  
  static inline void xfrm_pol_put(struct xfrm_policy *policy)
  {
@@@ -801,7 -799,7 +801,7 @@@ static inline void xfrm_pols_put(struc
                xfrm_pol_put(pols[i]);
  }
  
 -extern void __xfrm_state_destroy(struct xfrm_state *);
 +void __xfrm_state_destroy(struct xfrm_state *);
  
  static inline void __xfrm_state_put(struct xfrm_state *x)
  {
@@@ -905,8 -903,9 +905,8 @@@ __be16 xfrm_flowi_dport(const struct fl
        return port;
  }
  
 -extern bool xfrm_selector_match(const struct xfrm_selector *sel,
 -                              const struct flowi *fl,
 -                              unsigned short family);
 +bool xfrm_selector_match(const struct xfrm_selector *sel,
 +                       const struct flowi *fl, unsigned short family);
  
  #ifdef CONFIG_SECURITY_NETWORK_XFRM
  /*    If neither has a context --> match
@@@ -976,7 -975,7 +976,7 @@@ static inline void xfrm_dst_destroy(str
  }
  #endif
  
 -extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
 +void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
  
  struct sec_path {
        atomic_t                refcnt;
@@@ -1001,7 -1000,7 +1001,7 @@@ secpath_get(struct sec_path *sp
        return sp;
  }
  
 -extern void __secpath_destroy(struct sec_path *sp);
 +void __secpath_destroy(struct sec_path *sp);
  
  static inline void
  secpath_put(struct sec_path *sp)
@@@ -1010,7 -1009,7 +1010,7 @@@
                __secpath_destroy(sp);
  }
  
 -extern struct sec_path *secpath_dup(struct sec_path *src);
 +struct sec_path *secpath_dup(struct sec_path *src);
  
  static inline void
  secpath_reset(struct sk_buff *skb)
@@@ -1060,8 -1059,7 +1060,8 @@@ xfrm_state_addr_cmp(const struct xfrm_t
  }
  
  #ifdef CONFIG_XFRM
 -extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
 +int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb,
 +                      unsigned short family);
  
  static inline int __xfrm_policy_check2(struct sock *sk, int dir,
                                       struct sk_buff *skb,
@@@ -1105,8 -1103,8 +1105,8 @@@ static inline int xfrm6_policy_check_re
        return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1);
  }
  
 -extern int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
 -                               unsigned int family, int reverse);
 +int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
 +                        unsigned int family, int reverse);
  
  static inline int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
                                      unsigned int family)
@@@ -1121,7 -1119,7 +1121,7 @@@ static inline int xfrm_decode_session_r
        return __xfrm_decode_session(skb, fl, family, 1);
  }
  
 -extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
 +int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
  
  static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
  {
@@@ -1142,7 -1140,7 +1142,7 @@@ static inline int xfrm6_route_forward(s
        return xfrm_route_forward(skb, AF_INET6);
  }
  
 -extern int __xfrm_sk_clone_policy(struct sock *sk);
 +int __xfrm_sk_clone_policy(struct sock *sk);
  
  static inline int xfrm_sk_clone_policy(struct sock *sk)
  {
@@@ -1151,7 -1149,7 +1151,7 @@@
        return 0;
  }
  
 -extern int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
 +int xfrm_policy_delete(struct xfrm_policy *pol, int dir);
  
  static inline void xfrm_sk_free_policy(struct sock *sk)
  {
@@@ -1165,7 -1163,7 +1165,7 @@@
        }
  }
  
 -extern void xfrm_garbage_collect(struct net *net);
 +void xfrm_garbage_collect(struct net *net);
  
  #else
  
@@@ -1357,12 -1355,6 +1357,12 @@@ struct xfrm_tunnel 
        int priority;
  };
  
 +struct xfrm_tunnel_notifier {
 +      int (*handler)(struct sk_buff *skb);
 +      struct xfrm_tunnel_notifier __rcu *next;
 +      int priority;
 +};
 +
  struct xfrm6_tunnel {
        int (*handler)(struct sk_buff *skb);
        int (*err_handler)(struct sk_buff *skb, struct inet6_skb_parm *opt,
@@@ -1371,16 -1363,16 +1371,16 @@@
        int priority;
  };
  
 -extern void xfrm_init(void);
 -extern void xfrm4_init(void);
 -extern int xfrm_state_init(struct net *net);
 -extern void xfrm_state_fini(struct net *net);
 -extern void xfrm4_state_init(void);
 +void xfrm_init(void);
 +void xfrm4_init(void);
 +int xfrm_state_init(struct net *net);
 +void xfrm_state_fini(struct net *net);
 +void xfrm4_state_init(void);
  #ifdef CONFIG_XFRM
 -extern int xfrm6_init(void);
 -extern void xfrm6_fini(void);
 -extern int xfrm6_state_init(void);
 -extern void xfrm6_state_fini(void);
 +int xfrm6_init(void);
 +void xfrm6_fini(void);
 +int xfrm6_state_init(void);
 +void xfrm6_state_fini(void);
  #else
  static inline int xfrm6_init(void)
  {
@@@ -1393,52 -1385,52 +1393,52 @@@ static inline void xfrm6_fini(void
  #endif
  
  #ifdef CONFIG_XFRM_STATISTICS
 -extern int xfrm_proc_init(struct net *net);
 -extern void xfrm_proc_fini(struct net *net);
 +int xfrm_proc_init(struct net *net);
 +void xfrm_proc_fini(struct net *net);
  #endif
  
 -extern int xfrm_sysctl_init(struct net *net);
 +int xfrm_sysctl_init(struct net *net);
  #ifdef CONFIG_SYSCTL
 -extern void xfrm_sysctl_fini(struct net *net);
 +void xfrm_sysctl_fini(struct net *net);
  #else
  static inline void xfrm_sysctl_fini(struct net *net)
  {
  }
  #endif
  
 -extern void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto);
 -extern int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
 -                         int (*func)(struct xfrm_state *, int, void*), void *);
 -extern void xfrm_state_walk_done(struct xfrm_state_walk *walk);
 -extern struct xfrm_state *xfrm_state_alloc(struct net *net);
 -extern struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr,
 -                                        const xfrm_address_t *saddr,
 -                                        const struct flowi *fl,
 -                                        struct xfrm_tmpl *tmpl,
 -                                        struct xfrm_policy *pol, int *err,
 -                                        unsigned short family);
 -extern struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
 -                                             xfrm_address_t *daddr,
 -                                             xfrm_address_t *saddr,
 -                                             unsigned short family,
 -                                             u8 mode, u8 proto, u32 reqid);
 -extern int xfrm_state_check_expire(struct xfrm_state *x);
 -extern void xfrm_state_insert(struct xfrm_state *x);
 -extern int xfrm_state_add(struct xfrm_state *x);
 -extern int xfrm_state_update(struct xfrm_state *x);
 -extern struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
 -                                          const xfrm_address_t *daddr, __be32 spi,
 -                                          u8 proto, unsigned short family);
 -extern struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
 -                                                 const xfrm_address_t *daddr,
 -                                                 const xfrm_address_t *saddr,
 -                                                 u8 proto,
 -                                                 unsigned short family);
 +void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto);
 +int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
 +                  int (*func)(struct xfrm_state *, int, void*), void *);
 +void xfrm_state_walk_done(struct xfrm_state_walk *walk);
 +struct xfrm_state *xfrm_state_alloc(struct net *net);
 +struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr,
 +                                 const xfrm_address_t *saddr,
 +                                 const struct flowi *fl,
 +                                 struct xfrm_tmpl *tmpl,
 +                                 struct xfrm_policy *pol, int *err,
 +                                 unsigned short family);
 +struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark,
 +                                     xfrm_address_t *daddr,
 +                                     xfrm_address_t *saddr,
 +                                     unsigned short family,
 +                                     u8 mode, u8 proto, u32 reqid);
 +int xfrm_state_check_expire(struct xfrm_state *x);
 +void xfrm_state_insert(struct xfrm_state *x);
 +int xfrm_state_add(struct xfrm_state *x);
 +int xfrm_state_update(struct xfrm_state *x);
 +struct xfrm_state *xfrm_state_lookup(struct net *net, u32 mark,
 +                                   const xfrm_address_t *daddr, __be32 spi,
 +                                   u8 proto, unsigned short family);
 +struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark,
 +                                          const xfrm_address_t *daddr,
 +                                          const xfrm_address_t *saddr,
 +                                          u8 proto,
 +                                          unsigned short family);
  #ifdef CONFIG_XFRM_SUB_POLICY
 -extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
 -                        int n, unsigned short family);
 -extern int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
 -                         int n, unsigned short family);
 +int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
 +                 unsigned short family);
 +int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
 +                  unsigned short family);
  #else
  static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
                                 int n, unsigned short family)
@@@ -1470,69 -1462,68 +1470,69 @@@ struct xfrmk_spdinfo 
        u32 spdhmcnt;
  };
  
 -extern struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark,
 -                                            u32 seq);
 -extern int xfrm_state_delete(struct xfrm_state *x);
 -extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
 -extern void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
 -extern void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
 -extern u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
 -extern int xfrm_init_replay(struct xfrm_state *x);
 -extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
 -extern int __xfrm_init_state(struct xfrm_state *x, bool init_replay);
 -extern int xfrm_init_state(struct xfrm_state *x);
 -extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
 -extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi,
 -                    int encap_type);
 -extern int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
 -extern int xfrm_output_resume(struct sk_buff *skb, int err);
 -extern int xfrm_output(struct sk_buff *skb);
 -extern int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 -extern void xfrm_local_error(struct sk_buff *skb, int mtu);
 -extern int xfrm4_extract_header(struct sk_buff *skb);
 -extern int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);
 -extern int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
 -                         int encap_type);
 -extern int xfrm4_transport_finish(struct sk_buff *skb, int async);
 -extern int xfrm4_rcv(struct sk_buff *skb);
 +struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
 +int xfrm_state_delete(struct xfrm_state *x);
 +int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
 +void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si);
 +void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
 +u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
 +int xfrm_init_replay(struct xfrm_state *x);
 +int xfrm_state_mtu(struct xfrm_state *x, int mtu);
 +int __xfrm_init_state(struct xfrm_state *x, bool init_replay);
 +int xfrm_init_state(struct xfrm_state *x);
 +int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
 +int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type);
 +int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
 +int xfrm_output_resume(struct sk_buff *skb, int err);
 +int xfrm_output(struct sk_buff *skb);
 +int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 +void xfrm_local_error(struct sk_buff *skb, int mtu);
 +int xfrm4_extract_header(struct sk_buff *skb);
 +int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);
 +int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
 +                  int encap_type);
 +int xfrm4_transport_finish(struct sk_buff *skb, int async);
 +int xfrm4_rcv(struct sk_buff *skb);
  
  static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
  {
        return xfrm4_rcv_encap(skb, nexthdr, spi, 0);
  }
  
 -extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 -extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
 -extern int xfrm4_output(struct sk_buff *skb);
 -extern int xfrm4_output_finish(struct sk_buff *skb);
 -extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
 -extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
 -extern int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel *handler);
 -extern int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel *handler);
 -extern void xfrm4_local_error(struct sk_buff *skb, u32 mtu);
 -extern int xfrm6_extract_header(struct sk_buff *skb);
 -extern int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);
 -extern int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi);
 -extern int xfrm6_transport_finish(struct sk_buff *skb, int async);
 -extern int xfrm6_rcv(struct sk_buff *skb);
 -extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
 -                          xfrm_address_t *saddr, u8 proto);
 -extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
 -extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
 -extern __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);
 -extern __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr);
 -extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 -extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
 -extern int xfrm6_output(struct sk_buff *skb);
 -extern int xfrm6_output_finish(struct sk_buff *skb);
 -extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
 -                               u8 **prevhdr);
 -extern void xfrm6_local_error(struct sk_buff *skb, u32 mtu);
 +int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 +int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
 +int xfrm4_output(struct sk_buff *skb);
 +int xfrm4_output_finish(struct sk_buff *skb);
 +int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
 +int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
 +void xfrm4_local_error(struct sk_buff *skb, u32 mtu);
 +int xfrm4_mode_tunnel_input_register(struct xfrm_tunnel_notifier *handler);
 +int xfrm4_mode_tunnel_input_deregister(struct xfrm_tunnel_notifier *handler);
 +int xfrm6_mode_tunnel_input_register(struct xfrm_tunnel_notifier *handler);
 +int xfrm6_mode_tunnel_input_deregister(struct xfrm_tunnel_notifier *handler);
 +int xfrm6_extract_header(struct sk_buff *skb);
 +int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);
 +int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi);
 +int xfrm6_transport_finish(struct sk_buff *skb, int async);
 +int xfrm6_rcv(struct sk_buff *skb);
 +int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
 +                   xfrm_address_t *saddr, u8 proto);
 +void xfrm6_local_error(struct sk_buff *skb, u32 mtu);
 +int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
 +int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family);
 +__be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr);
 +__be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr);
 +int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 +int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
 +int xfrm6_output(struct sk_buff *skb);
 +int xfrm6_output_finish(struct sk_buff *skb);
 +int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
 +                        u8 **prevhdr);
  
  #ifdef CONFIG_XFRM
 -extern int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
 -extern int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen);
 +int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
 +int xfrm_user_policy(struct sock *sk, int optname,
 +                   u8 __user *optval, int optlen);
  #else
  static inline int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
  {
@@@ -1549,62 -1540,59 +1549,62 @@@ static inline int xfrm4_udp_encap_rcv(s
  
  struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp);
  
 -extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
 -extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
 -      int (*func)(struct xfrm_policy *, int, int, void*), void *);
 -extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
 +void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
 +int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
 +                   int (*func)(struct xfrm_policy *, int, int, void*),
 +                   void *);
 +void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
  int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
  struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
                                          u8 type, int dir,
                                          struct xfrm_selector *sel,
                                          struct xfrm_sec_ctx *ctx, int delete,
                                          int *err);
 -struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err);
 +struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir,
 +                                   u32 id, int delete, int *err);
  int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
  u32 xfrm_get_acqseq(void);
 -extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
 +int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
  struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark,
                                 u8 mode, u32 reqid, u8 proto,
                                 const xfrm_address_t *daddr,
                                 const xfrm_address_t *saddr, int create,
                                 unsigned short family);
 -extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
 +int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
  
  #ifdef CONFIG_XFRM_MIGRATE
 -extern int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
 -                    const struct xfrm_migrate *m, int num_bundles,
 -                    const struct xfrm_kmaddress *k);
 -extern struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m);
 -extern struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
 -                                            struct xfrm_migrate *m);
 -extern int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
 -                      struct xfrm_migrate *m, int num_bundles,
 -                      struct xfrm_kmaddress *k);
 +int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
 +             const struct xfrm_migrate *m, int num_bundles,
 +             const struct xfrm_kmaddress *k);
 +struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m);
 +struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
 +                                    struct xfrm_migrate *m);
 +int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
 +               struct xfrm_migrate *m, int num_bundles,
 +               struct xfrm_kmaddress *k);
  #endif
  
 -extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
 -extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid);
 -extern int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
 -
 -extern void xfrm_input_init(void);
 -extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
 -
 -extern void xfrm_probe_algs(void);
 -extern int xfrm_count_pfkey_auth_supported(void);
 -extern int xfrm_count_pfkey_enc_supported(void);
 -extern struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx);
 -extern struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
 -extern struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
 -extern struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
 -extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
 -extern struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe);
 -extern struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe);
 -extern struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe);
 -extern struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len,
 -                                                 int probe);
 +int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
 +void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid);
 +int km_report(struct net *net, u8 proto, struct xfrm_selector *sel,
 +            xfrm_address_t *addr);
 +
 +void xfrm_input_init(void);
 +int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq);
 +
 +void xfrm_probe_algs(void);
 +int xfrm_count_pfkey_auth_supported(void);
 +int xfrm_count_pfkey_enc_supported(void);
 +struct xfrm_algo_desc *xfrm_aalg_get_byidx(unsigned int idx);
 +struct xfrm_algo_desc *xfrm_ealg_get_byidx(unsigned int idx);
 +struct xfrm_algo_desc *xfrm_aalg_get_byid(int alg_id);
 +struct xfrm_algo_desc *xfrm_ealg_get_byid(int alg_id);
 +struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
 +struct xfrm_algo_desc *xfrm_aalg_get_byname(const char *name, int probe);
 +struct xfrm_algo_desc *xfrm_ealg_get_byname(const char *name, int probe);
 +struct xfrm_algo_desc *xfrm_calg_get_byname(const char *name, int probe);
 +struct xfrm_algo_desc *xfrm_aead_get_byname(const char *name, int icv_len,
 +                                          int probe);
  
  static inline bool xfrm6_addr_equal(const xfrm_address_t *a,
                                    const xfrm_address_t *b)

diff --combined include/uapi/linux/audit.h
index 44b05a09f1933a1c293a2174eb58d4db7b473b80,3e1fbe933016dd6620e260550382205568482f2a..2d48fe1274ca52b4c94969b2bc9d46e6a6ffe48f
--- 1/include/uapi/linux/audit.h
--- 2/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@@ -319,6 -319,12 +319,12 @@@ enum 
  #define AUDIT_STATUS_PID              0x0004
  #define AUDIT_STATUS_RATE_LIMIT               0x0008
  #define AUDIT_STATUS_BACKLOG_LIMIT    0x0010
+ #define AUDIT_STATUS_BACKLOG_WAIT_TIME        0x0020
+ 
+ #define AUDIT_VERSION_BACKLOG_LIMIT   1
+ #define AUDIT_VERSION_BACKLOG_WAIT_TIME       2
+ #define AUDIT_VERSION_LATEST AUDIT_VERSION_BACKLOG_WAIT_TIME
+ 
                                /* Failure-to-log actions */
  #define AUDIT_FAIL_SILENT     0
  #define AUDIT_FAIL_PRINTK     1
@@@ -332,6 -338,7 +338,6 @@@
  #define AUDIT_ARCH_ARMEB      (EM_ARM)
  #define AUDIT_ARCH_CRIS               (EM_CRIS|__AUDIT_ARCH_LE)
  #define AUDIT_ARCH_FRV                (EM_FRV)
 -#define AUDIT_ARCH_H8300      (EM_H8_300)
  #define AUDIT_ARCH_I386               (EM_386|__AUDIT_ARCH_LE)
  #define AUDIT_ARCH_IA64               (EM_IA_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
  #define AUDIT_ARCH_M32R               (EM_M32R)
@@@ -375,6 -382,8 +381,8 @@@ struct audit_status 
        __u32           backlog_limit;  /* waiting messages limit */
        __u32           lost;           /* messages lost */
        __u32           backlog;        /* messages waiting in queue */
+       __u32           version;        /* audit api version number */
+       __u32           backlog_wait_time;/* message queue wait timeout */
  };
  
  struct audit_features {

diff --combined net/xfrm/xfrm_policy.c
index 9a91f7431c411b706810a40bccc3167617c74aec,767c74a91db32bb27f4c88b230a9d8a4bca0238a..0d49945d0b9eed2910d39a3485c3ad0c79166d87
--- 1/net/xfrm/xfrm_policy.c
--- 2/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@@ -1844,13 -1844,6 +1844,13 @@@ static int xdst_queue_output(struct sk_
        struct xfrm_dst *xdst = (struct xfrm_dst *) dst;
        struct xfrm_policy *pol = xdst->pols[0];
        struct xfrm_policy_queue *pq = &pol->polq;
 +      const struct sk_buff *fclone = skb + 1;
 +
 +      if (unlikely(skb->fclone == SKB_FCLONE_ORIG &&
 +                   fclone->fclone == SKB_FCLONE_CLONE)) {
 +              kfree_skb(skb);
 +              return 0;
 +      }
  
        if (pq->hold_queue.qlen > XFRM_MAX_QUEUE_LEN) {
                kfree_skb(skb);
@@@ -2906,12 -2899,12 +2906,12 @@@ static void xfrm_policy_fini(struct ne
        flush_work(&net->xfrm.policy_hash_work);
  #ifdef CONFIG_XFRM_SUB_POLICY
        audit_info.loginuid = INVALID_UID;
-       audit_info.sessionid = -1;
+       audit_info.sessionid = (unsigned int)-1;
        audit_info.secid = 0;
        xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info);
  #endif
        audit_info.loginuid = INVALID_UID;
-       audit_info.sessionid = -1;
+       audit_info.sessionid = (unsigned int)-1;
        audit_info.secid = 0;
        xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
  
@@@ -3017,7 -3010,7 +3017,7 @@@ static void xfrm_audit_common_policyinf
  }
  
  void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-                          kuid_t auid, u32 sessionid, u32 secid)
+                          kuid_t auid, unsigned int sessionid, u32 secid)
  {
        struct audit_buffer *audit_buf;
  
@@@ -3032,7 -3025,7 +3032,7 @@@
  EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
  
  void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-                             kuid_t auid, u32 sessionid, u32 secid)
+                             kuid_t auid, unsigned int sessionid, u32 secid)
  {
        struct audit_buffer *audit_buf;
  

diff --combined net/xfrm/xfrm_state.c
index 68c2f357a18389d9debc35401afe1295c4341959,dbf0719df5b06b6d5c3340c766e097d0754ce7a2..8ed9d0dd45664ef2c414bbf2ea5f0f0a4bf71ef8
--- 1/net/xfrm/xfrm_state.c
--- 2/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@@ -468,7 -468,7 +468,7 @@@ expired
        }
  
        err = __xfrm_state_delete(x);
 -      if (!err && x->id.spi)
 +      if (!err)
                km_state_expired(x, 1, 0);
  
        xfrm_audit_state_delete(x, err ? 0 : 1,
@@@ -815,7 -815,7 +815,7 @@@ xfrm_state_find(const xfrm_address_t *d
                        xfrm_state_look_at(pol, x, fl, encap_family,
                                           &best, &acquire_in_progress, &error);
        }
 -      if (best)
 +      if (best || acquire_in_progress)
                goto found;
  
        h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family);
@@@ -824,7 -824,7 +824,7 @@@
                    x->props.reqid == tmpl->reqid &&
                    (mark & x->mark.m) == x->mark.v &&
                    !(x->props.flags & XFRM_STATE_WILDRECV) &&
 -                  xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
 +                  xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
                    tmpl->mode == x->props.mode &&
                    tmpl->id.proto == x->id.proto &&
                    (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
@@@ -2043,7 -2043,7 +2043,7 @@@ void xfrm_state_fini(struct net *net
  
        flush_work(&net->xfrm.state_hash_work);
        audit_info.loginuid = INVALID_UID;
-       audit_info.sessionid = -1;
+       audit_info.sessionid = (unsigned int)-1;
        audit_info.secid = 0;
        xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
        flush_work(&net->xfrm.state_gc_work);
@@@ -2109,7 -2109,7 +2109,7 @@@ static void xfrm_audit_helper_pktinfo(s
  }
  
  void xfrm_audit_state_add(struct xfrm_state *x, int result,
-                         kuid_t auid, u32 sessionid, u32 secid)
+                         kuid_t auid, unsigned int sessionid, u32 secid)
  {
        struct audit_buffer *audit_buf;
  
@@@ -2124,7 -2124,7 +2124,7 @@@
  EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
  
  void xfrm_audit_state_delete(struct xfrm_state *x, int result,
-                            kuid_t auid, u32 sessionid, u32 secid)
+                            kuid_t auid, unsigned int sessionid, u32 secid)
  {
        struct audit_buffer *audit_buf;
  

diff --combined security/selinux/ss/services.c
index fc5a63a05a1ccfea8092f5a95fda162e6239787f,f4dda05d7db0b96da73ddb9a6257d278cef03c8f..c93c21127f0cc5b6bc55c2930fdfe2441dc2a19c
--- 1/security/selinux/ss/services.c
--- 2/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -72,7 -72,6 +72,7 @@@
  
  int selinux_policycap_netpeer;
  int selinux_policycap_openperm;
 +int selinux_policycap_alwaysnetwork;
  
  static DEFINE_RWLOCK(policy_rwlock);
  
@@@ -1813,8 -1812,6 +1813,8 @@@ static void security_load_policycaps(vo
                                                  POLICYDB_CAPABILITY_NETPEER);
        selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
                                                  POLICYDB_CAPABILITY_OPENPERM);
 +      selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,
 +                                                POLICYDB_CAPABILITY_ALWAYSNETWORK);
  }
  
  static int security_preserve_bools(struct policydb *p);
@@@ -1831,7 -1828,7 +1831,7 @@@
   */
  int security_load_policy(void *data, size_t len)
  {
 -      struct policydb oldpolicydb, newpolicydb;
 +      struct policydb *oldpolicydb, *newpolicydb;
        struct sidtab oldsidtab, newsidtab;
        struct selinux_mapping *oldmap, *map = NULL;
        struct convert_context_args args;
@@@ -1840,19 -1837,12 +1840,19 @@@
        int rc = 0;
        struct policy_file file = { data, len }, *fp = &file;
  
 +      oldpolicydb = kzalloc(2 * sizeof(*oldpolicydb), GFP_KERNEL);
 +      if (!oldpolicydb) {
 +              rc = -ENOMEM;
 +              goto out;
 +      }
 +      newpolicydb = oldpolicydb + 1;
 +
        if (!ss_initialized) {
                avtab_cache_init();
                rc = policydb_read(&policydb, fp);
                if (rc) {
                        avtab_cache_destroy();
 -                      return rc;
 +                      goto out;
                }
  
                policydb.len = len;
@@@ -1862,14 -1852,14 +1862,14 @@@
                if (rc) {
                        policydb_destroy(&policydb);
                        avtab_cache_destroy();
 -                      return rc;
 +                      goto out;
                }
  
                rc = policydb_load_isids(&policydb, &sidtab);
                if (rc) {
                        policydb_destroy(&policydb);
                        avtab_cache_destroy();
 -                      return rc;
 +                      goto out;
                }
  
                security_load_policycaps();
@@@ -1881,36 -1871,36 +1881,36 @@@
                selinux_status_update_policyload(seqno);
                selinux_netlbl_cache_invalidate();
                selinux_xfrm_notify_policyload();
 -              return 0;
 +              goto out;
        }
  
  #if 0
        sidtab_hash_eval(&sidtab, "sids");
  #endif
  
 -      rc = policydb_read(&newpolicydb, fp);
 +      rc = policydb_read(newpolicydb, fp);
        if (rc)
 -              return rc;
 +              goto out;
  
 -      newpolicydb.len = len;
 +      newpolicydb->len = len;
        /* If switching between different policy types, log MLS status */
 -      if (policydb.mls_enabled && !newpolicydb.mls_enabled)
 +      if (policydb.mls_enabled && !newpolicydb->mls_enabled)
                printk(KERN_INFO "SELinux: Disabling MLS support...\n");
 -      else if (!policydb.mls_enabled && newpolicydb.mls_enabled)
 +      else if (!policydb.mls_enabled && newpolicydb->mls_enabled)
                printk(KERN_INFO "SELinux: Enabling MLS support...\n");
  
 -      rc = policydb_load_isids(&newpolicydb, &newsidtab);
 +      rc = policydb_load_isids(newpolicydb, &newsidtab);
        if (rc) {
                printk(KERN_ERR "SELinux:  unable to load the initial SIDs\n");
 -              policydb_destroy(&newpolicydb);
 -              return rc;
 +              policydb_destroy(newpolicydb);
 +              goto out;
        }
  
 -      rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size);
 +      rc = selinux_set_mapping(newpolicydb, secclass_map, &map, &map_size);
        if (rc)
                goto err;
  
 -      rc = security_preserve_bools(&newpolicydb);
 +      rc = security_preserve_bools(newpolicydb);
        if (rc) {
                printk(KERN_ERR "SELinux:  unable to preserve booleans\n");
                goto err;
@@@ -1928,7 -1918,7 +1928,7 @@@
         * in the new SID table.
         */
        args.oldp = &policydb;
 -      args.newp = &newpolicydb;
 +      args.newp = newpolicydb;
        rc = sidtab_map(&newsidtab, convert_context, &args);
        if (rc) {
                printk(KERN_ERR "SELinux:  unable to convert the internal"
@@@ -1938,12 -1928,12 +1938,12 @@@
        }
  
        /* Save the old policydb and SID table to free later. */
 -      memcpy(&oldpolicydb, &policydb, sizeof policydb);
 +      memcpy(oldpolicydb, &policydb, sizeof(policydb));
        sidtab_set(&oldsidtab, &sidtab);
  
        /* Install the new policydb and SID table. */
        write_lock_irq(&policy_rwlock);
 -      memcpy(&policydb, &newpolicydb, sizeof policydb);
 +      memcpy(&policydb, newpolicydb, sizeof(policydb));
        sidtab_set(&sidtab, &newsidtab);
        security_load_policycaps();
        oldmap = current_mapping;
@@@ -1953,7 -1943,7 +1953,7 @@@
        write_unlock_irq(&policy_rwlock);
  
        /* Free the old policydb and SID table. */
 -      policydb_destroy(&oldpolicydb);
 +      policydb_destroy(oldpolicydb);
        sidtab_destroy(&oldsidtab);
        kfree(oldmap);
  
@@@ -1963,17 -1953,14 +1963,17 @@@
        selinux_netlbl_cache_invalidate();
        selinux_xfrm_notify_policyload();
  
 -      return 0;
 +      rc = 0;
 +      goto out;
  
  err:
        kfree(map);
        sidtab_destroy(&newsidtab);
 -      policydb_destroy(&newpolicydb);
 -      return rc;
 +      policydb_destroy(newpolicydb);
  
 +out:
 +      kfree(oldpolicydb);
 +      return rc;
  }
  
  size_t security_policydb_len(void)
@@@ -2336,14 -2323,17 +2336,14 @@@ out
  
  /**
   * security_fs_use - Determine how to handle labeling for a filesystem.
 - * @fstype: filesystem type
 - * @behavior: labeling behavior
 - * @sid: SID for filesystem (superblock)
 + * @sb: superblock in question
   */
 -int security_fs_use(
 -      const char *fstype,
 -      unsigned int *behavior,
 -      u32 *sid)
 +int security_fs_use(struct super_block *sb)
  {
        int rc = 0;
        struct ocontext *c;
 +      struct superblock_security_struct *sbsec = sb->s_security;
 +      const char *fstype = sb->s_type->name;
  
        read_lock(&policy_rwlock);
  
@@@ -2355,21 -2345,21 +2355,21 @@@
        }
  
        if (c) {
 -              *behavior = c->v.behavior;
 +              sbsec->behavior = c->v.behavior;
                if (!c->sid[0]) {
                        rc = sidtab_context_to_sid(&sidtab, &c->context[0],
                                                   &c->sid[0]);
                        if (rc)
                                goto out;
                }
 -              *sid = c->sid[0];
 +              sbsec->sid = c->sid[0];
        } else {
 -              rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, sid);
 +              rc = security_genfs_sid(fstype, "/", SECCLASS_DIR, &sbsec->sid);
                if (rc) {
 -                      *behavior = SECURITY_FS_USE_NONE;
 +                      sbsec->behavior = SECURITY_FS_USE_NONE;
                        rc = 0;
                } else {
 -                      *behavior = SECURITY_FS_USE_GENFS;
 +                      sbsec->behavior = SECURITY_FS_USE_GENFS;
                }
        }
  
@@@ -2948,25 -2938,21 +2948,21 @@@ int selinux_audit_rule_match(u32 sid, u
        struct selinux_audit_rule *rule = vrule;
        int match = 0;
  
-       if (!rule) {
-               audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                         "selinux_audit_rule_match: missing rule\n");
+       if (unlikely(!rule)) {
+               WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
                return -ENOENT;
        }
  
        read_lock(&policy_rwlock);
  
        if (rule->au_seqno < latest_granting) {
-               audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                         "selinux_audit_rule_match: stale rule\n");
                match = -ESTALE;
                goto out;
        }
  
        ctxt = sidtab_search(&sidtab, sid);
-       if (!ctxt) {
-               audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                         "selinux_audit_rule_match: unrecognized SID %d\n",
+       if (unlikely(!ctxt)) {
+               WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
                          sid);
                match = -ENOENT;
                goto out;

diff --combined security/smack/smack_lsm.c
index d814e35987be93b9a643b630f681decd25d0af33,185e2e73cd33936888bf957bdd17be6a3a2996fa..14f52be78c75e279f2bad288c66513a016a1ec3c
--- 1/security/smack/smack_lsm.c
--- 2/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@@ -185,7 -185,7 +185,7 @@@ static int smack_ptrace_access_check(st
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
        smk_ad_setfield_u_tsk(&ad, ctp);
  
 -      rc = smk_curacc(skp->smk_known, MAY_READWRITE, &ad);
 +      rc = smk_curacc(skp->smk_known, mode, &ad);
        return rc;
  }
  
@@@ -219,6 -219,8 +219,6 @@@ static int smack_ptrace_traceme(struct 
   * smack_syslog - Smack approval on syslog
   * @type: message type
   *
 - * Require that the task has the floor label
 - *
   * Returns 0 on success, error code otherwise.
   */
  static int smack_syslog(int typefrom_file)
@@@ -229,7 -231,7 +229,7 @@@
        if (smack_privileged(CAP_MAC_OVERRIDE))
                return 0;
  
 -       if (skp != &smack_known_floor)
 +      if (smack_syslog_label != NULL && smack_syslog_label != skp)
                rc = -EACCES;
  
        return rc;
@@@ -339,12 -341,10 +339,12 @@@ static int smack_sb_kern_mount(struct s
        struct inode *inode = root->d_inode;
        struct superblock_smack *sp = sb->s_security;
        struct inode_smack *isp;
 +      struct smack_known *skp;
        char *op;
        char *commap;
        char *nsp;
        int transmute = 0;
 +      int specified = 0;
  
        if (sp->smk_initialized)
                return 0;
@@@ -359,56 -359,34 +359,56 @@@
                if (strncmp(op, SMK_FSHAT, strlen(SMK_FSHAT)) == 0) {
                        op += strlen(SMK_FSHAT);
                        nsp = smk_import(op, 0);
 -                      if (nsp != NULL)
 +                      if (nsp != NULL) {
                                sp->smk_hat = nsp;
 +                              specified = 1;
 +                      }
                } else if (strncmp(op, SMK_FSFLOOR, strlen(SMK_FSFLOOR)) == 0) {
                        op += strlen(SMK_FSFLOOR);
                        nsp = smk_import(op, 0);
 -                      if (nsp != NULL)
 +                      if (nsp != NULL) {
                                sp->smk_floor = nsp;
 +                              specified = 1;
 +                      }
                } else if (strncmp(op, SMK_FSDEFAULT,
                                   strlen(SMK_FSDEFAULT)) == 0) {
                        op += strlen(SMK_FSDEFAULT);
                        nsp = smk_import(op, 0);
 -                      if (nsp != NULL)
 +                      if (nsp != NULL) {
                                sp->smk_default = nsp;
 +                              specified = 1;
 +                      }
                } else if (strncmp(op, SMK_FSROOT, strlen(SMK_FSROOT)) == 0) {
                        op += strlen(SMK_FSROOT);
                        nsp = smk_import(op, 0);
 -                      if (nsp != NULL)
 +                      if (nsp != NULL) {
                                sp->smk_root = nsp;
 +                              specified = 1;
 +                      }
                } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
                        op += strlen(SMK_FSTRANS);
                        nsp = smk_import(op, 0);
                        if (nsp != NULL) {
                                sp->smk_root = nsp;
                                transmute = 1;
 +                              specified = 1;
                        }
                }
        }
  
 +      if (!smack_privileged(CAP_MAC_ADMIN)) {
 +              /*
 +               * Unprivileged mounts don't get to specify Smack values.
 +               */
 +              if (specified)
 +                      return -EPERM;
 +              /*
 +               * Unprivileged mounts get root and default from the caller.
 +               */
 +              skp = smk_of_current();
 +              sp->smk_root = skp->smk_known;
 +              sp->smk_default = skp->smk_known;
 +      }
        /*
         * Initialize the root inode.
         */
@@@ -445,6 -423,53 +445,6 @@@ static int smack_sb_statfs(struct dentr
        return rc;
  }
  
 -/**
 - * smack_sb_mount - Smack check for mounting
 - * @dev_name: unused
 - * @path: mount point
 - * @type: unused
 - * @flags: unused
 - * @data: unused
 - *
 - * Returns 0 if current can write the floor of the filesystem
 - * being mounted on, an error code otherwise.
 - */
 -static int smack_sb_mount(const char *dev_name, struct path *path,
 -                        const char *type, unsigned long flags, void *data)
 -{
 -      struct superblock_smack *sbp = path->dentry->d_sb->s_security;
 -      struct smk_audit_info ad;
 -
 -      smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
 -      smk_ad_setfield_u_fs_path(&ad, *path);
 -
 -      return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 -}
 -
 -/**
 - * smack_sb_umount - Smack check for unmounting
 - * @mnt: file system to unmount
 - * @flags: unused
 - *
 - * Returns 0 if current can write the floor of the filesystem
 - * being unmounted, an error code otherwise.
 - */
 -static int smack_sb_umount(struct vfsmount *mnt, int flags)
 -{
 -      struct superblock_smack *sbp;
 -      struct smk_audit_info ad;
 -      struct path path;
 -
 -      path.dentry = mnt->mnt_root;
 -      path.mnt = mnt;
 -
 -      smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
 -      smk_ad_setfield_u_fs_path(&ad, path);
 -
 -      sbp = path.dentry->d_sb->s_security;
 -      return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad);
 -}
 -
  /*
   * BPRM hooks
   */
@@@ -812,43 -837,31 +812,43 @@@ static int smack_inode_setxattr(struct 
                                const void *value, size_t size, int flags)
  {
        struct smk_audit_info ad;
 +      struct smack_known *skp;
 +      int check_priv = 0;
 +      int check_import = 0;
 +      int check_star = 0;
        int rc = 0;
  
 +      /*
 +       * Check label validity here so import won't fail in post_setxattr
 +       */
        if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
            strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
 -          strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
 -          strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
 -          strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
 -              if (!smack_privileged(CAP_MAC_ADMIN))
 -                      rc = -EPERM;
 -              /*
 -               * check label validity here so import wont fail on
 -               * post_setxattr
 -               */
 -              if (size == 0 || size >= SMK_LONGLABEL ||
 -                  smk_import(value, size) == NULL)
 -                      rc = -EINVAL;
 +          strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
 +              check_priv = 1;
 +              check_import = 1;
 +      } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
 +                 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
 +              check_priv = 1;
 +              check_import = 1;
 +              check_star = 1;
        } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
 -              if (!smack_privileged(CAP_MAC_ADMIN))
 -                      rc = -EPERM;
 +              check_priv = 1;
                if (size != TRANS_TRUE_SIZE ||
                    strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
                        rc = -EINVAL;
        } else
                rc = cap_inode_setxattr(dentry, name, value, size, flags);
  
 +      if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
 +              rc = -EPERM;
 +
 +      if (rc == 0 && check_import) {
 +              skp = smk_import_entry(value, size);
 +              if (skp == NULL || (check_star &&
 +                  (skp == &smack_known_star || skp == &smack_known_web)))
 +                      rc = -EINVAL;
 +      }
 +
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
        smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
  
@@@ -1133,7 -1146,7 +1133,7 @@@ static int smack_file_ioctl(struct fil
   * @file: the object
   * @cmd: unused
   *
 - * Returns 0 if current has write access, error code otherwise
 + * Returns 0 if current has lock access, error code otherwise
   */
  static int smack_file_lock(struct file *file, unsigned int cmd)
  {
@@@ -1141,7 -1154,7 +1141,7 @@@
  
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
 -      return smk_curacc(file->f_security, MAY_WRITE, &ad);
 +      return smk_curacc(file->f_security, MAY_LOCK, &ad);
  }
  
  /**
@@@ -1165,13 -1178,8 +1165,13 @@@ static int smack_file_fcntl(struct fil
  
        switch (cmd) {
        case F_GETLK:
 +              break;
        case F_SETLK:
        case F_SETLKW:
 +              smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
 +              smk_ad_setfield_u_fs_path(&ad, file->f_path);
 +              rc = smk_curacc(file->f_security, MAY_LOCK, &ad);
 +              break;
        case F_SETOWN:
        case F_SETSIG:
                smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
@@@ -1351,7 -1359,7 +1351,7 @@@ static int smack_file_receive(struct fi
        int may = 0;
        struct smk_audit_info ad;
  
 -      smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
 +      smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
        smk_ad_setfield_u_fs_path(&ad, file->f_path);
        /*
         * This code relies on bitmasks.
@@@ -2834,17 -2842,8 +2834,17 @@@ static void smack_d_instantiate(struct 
                        if (rc >= 0)
                                transflag = SMK_INODE_TRANSMUTE;
                }
 -              isp->smk_task = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
 -              isp->smk_mmap = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
 +              /*
 +               * Don't let the exec or mmap label be "*" or "@".
 +               */
 +              skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
 +              if (skp == &smack_known_star || skp == &smack_known_web)
 +                      skp = NULL;
 +              isp->smk_task = skp;
 +              skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
 +              if (skp == &smack_known_star || skp == &smack_known_web)
 +                      skp = NULL;
 +              isp->smk_mmap = skp;
  
                dput(dp);
                break;
@@@ -3616,9 -3615,8 +3616,8 @@@ static int smack_audit_rule_match(u32 s
        struct smack_known *skp;
        char *rule = vrule;
  
-       if (!rule) {
-               audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                         "Smack: missing rule\n");
+       if (unlikely(!rule)) {
+               WARN_ONCE(1, "Smack: missing rule\n");
                return -ENOENT;
        }
  
@@@ -3739,6 -3737,8 +3738,6 @@@ struct security_operations smack_ops = 
        .sb_copy_data =                 smack_sb_copy_data,
        .sb_kern_mount =                smack_sb_kern_mount,
        .sb_statfs =                    smack_sb_statfs,
 -      .sb_mount =                     smack_sb_mount,
 -      .sb_umount =                    smack_sb_umount,
  
        .bprm_set_creds =               smack_bprm_set_creds,
        .bprm_committing_creds =        smack_bprm_committing_creds,