Release linux (4.3.5-1).

2016-02-07 05:28:43 +00:00 · 2016-02-07 05:28:43 +00:00 · 6c26fa513e
parent 1ba618c3d3 4b5119edad
commit 6c26fa513e
18 changed files with 890 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -123,6 +123,163 @@ linux (4.4~rc4-1~exp1) experimental; urgency=medium

 -- Ben Hutchings <ben@decadent.org.uk>  Sun, 13 Dec 2015 16:25:45 +0000

+linux (4.3.5-1) unstable; urgency=medium
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4
+    - toshiba_acpi: Initialize hotkey_event_type variable (regression in 4.3)
+    - USB: add quirk for devices with broken LPM
+    - usb: core : hub: Fix BOS 'NULL pointer' kernel panic
+    - pppoe: fix memory corruption in padt work structure (regression in 4.1)
+    - ipv6: keep existing flags when setting IFA_F_OPTIMISTIC
+      (regression in 4.1)
+    - vxlan: fix incorrect RCO bit in VXLAN header (regression in 4.0)
+    - sctp: update the netstamp_needed counter when copying sockets
+    - sctp: also copy sk_tsflags when copying the socket (regression in 3.17)
+    - r8152: fix lockup when runtime PM is enabled (regression in 4.2)
+    - ipv6: sctp: clone options to avoid use after free
+    - phy: micrel: Fix finding PHY properties in MAC node. (regression in 4.2)
+    - openvswitch: Fix helper reference leak
+    - openvswitch: Respect conntrack zone even if invalid
+    - net: fix IP early demux races
+    - vlan: Fix untag operations of stacked vlans with REORDER_HEADER off
+    - skbuff: Fix offset error in skb_reorder_vlan_header
+    - net: check both type and procotol for tcp sockets
+    - net_sched: make qdisc_tree_decrease_qlen() work for non mq
+      (regression in 4.3.3)
+    - net: fix uninitialized variable issue
+    - ipv6: automatically enable stable privacy mode if stable_secret set
+    - inet: tcp: fix inetpeer_set_addr_v4() (regression in 4.3)
+    - rhashtable: Enforce minimum size on initial hash table (regression in 4.1)
+    - fou: clean up socket with kfree_rcu
+    - af_unix: Revert 'lock_interruptible' in stream receive code
+    - tcp: restore fastopen with no data in SYN packet (regression in 4.0)
+    - rhashtable: Fix walker list corruption (regression in 4.1)
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5
+    - [x86] mpx: Fix instruction decoder condition
+    - [x86] signal: Fix restart_syscall number for x32 tasks
+    - [x86] paravirt: Prevent rtc_cmos platform device init on PV guests
+      (regression in 4.2)
+    - [powerpc*] KVM: Book3S HV: Don't dynamically split core when already split
+      (regression in 4.3)
+    - [powerpc*] KVM: Book3S HV: Prohibit setting illegal transaction state
+      in MSR
+    - [x86] boot: Double BOOT_HEAP_SIZE to 64KB
+    - [x86] mm: Add barriers and document switch_mm()-vs-flush synchronization
+      (CVE-2016-2069)
+    - timers: Use proper base migration in add_timer_on()
+    - ipmi: move timer init to before irq is setup
+    - ALSA: hda - Disable 64bit address for Creative HDA controllers
+    - ALSA: hda - Fix lost 4k BDL boundary workaround (regression in 4.2)
+    - [x86] ALSA: hda - Fix noise on Dell Latitude E6440 (regression in 4.1)
+    - ALSA: hda - Skip ELD notification during system suspend
+      (regression in 4.3)
+    - ALSA: seq: Fix missing NULL check at remove_events ioctl
+    - ALSA: usb-audio: Avoid calling usb_autopm_put_interface() at disconnect
+    - ALSA: seq: Fix race at timer setup and close
+    - [x86] ALSA: hda - Fix white noise on Dell Latitude E5550
+      (regression in 4.1)
+    - ALSA: usb-audio: Fix mixer ctl regression of Native Instrument devices
+      (regression in 3.19)
+    - ALSA: timer: Harden slave timer list handling
+    - ALSA: timer: Fix race among timer ioctls
+    - ALSA: timer: Fix double unlink of active_list
+    - [x86] ALSA: hda - Add fixup for Dell Latitidue E6540 (regression in 4.1)
+    - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
+    - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
+    - ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
+    - ALSA: timer: Handle disconnection more safely
+    - ASoC: rt286: Fix run time error while modifying const data
+      (regression in 4.3)
+    - airspy: increase USB control message buffer size (regression in 3.17)
+    - USB: fix invalid memory access in hub_activate()
+    - openvswitch: correct encoding of set tunnel action attributes
+      (regression in 4.3)
+    - veth: don’t modify ip_summed; doing so treats packets with bad checksums
+      as good.
+    - ipv6/addrlabel: fix ip6addrlbl_get()
+    - addrconf: always initialize sysctl table data
+    - connector: bump skb->users before callback invocation
+    - af_unix: Fix splice-bind deadlock
+    - bridge: Only call /sbin/bridge-stp for the initial network namespace
+    - net: filter: make JITs zero A for SKF_AD_ALU_XOR_X (regression in 3.16)
+    - net: sched: fix missing free per cpu on qstats (regression in 3.18)
+    - net: possible use after free in dst_release
+    - tcp: fix zero cwnd in tcp_cwnd_reduction (CVE-2016-2070)
+      (regression in 4.3)
+    - net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory
+    - ipv6: tcp: add rcu locking in tcp_v6_send_synack()
+    - tcp_yeah: don't set ssthresh below 2
+    - udp: disallow UFO for sockets with SO_NO_CHECK option (regression in 4.0)
+    - net: preserve IP control block during GSO segmentation
+    - phonet: properly unshare skbs in phonet_rcv() (regression in 4.0)
+    - net: bpf: reject invalid shifts
+    - ipv6: update skb->csum when CE mark is propagated
+    - batman-adv: Avoid recursive call_rcu for batadv_bla_claim
+    - batman-adv: Avoid recursive call_rcu for batadv_nc_node
+    - batman-adv: Drop immediate batadv_orig_ifinfo free function
+    - batman-adv: Drop immediate batadv_neigh_node free function
+    - batman-adv: Drop immediate neigh_ifinfo free function
+    - batman-adv: Drop immediate batadv_hard_iface free function
+    - batman-adv: Drop immediate orig_node free function
+    - team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
+    - xfrm: dst_entries_init() per-net dst_ops
+    - [powerpc*] tm: Block signal return setting invalid MSR state
+    - [powerpc*] tm: Check for already reclaimed tasks
+    - [ppc64el] opal-irqchip: Fix double endian conversion (regression in 4.2)
+    - [powerpc*] opal-irqchip: Fix deadlock introduced by "Fix double endian
+      conversion"
+    - [powerpc*] powernv: pr_warn_once on unsupported OPAL_MSG type
+    - [powerpc*] Make value-returning atomics fully ordered
+    - [powerpc*] Make {cmp}xchg* and their atomic_ versions fully ordered
+    - [arm64] bpf: fix div-by-zero case
+    - [arm64] bpf: fix mod-by-zero case
+    - [arm64] cmpxchg_dbl: fix return value type (regression in 4.3)
+    - [arm*] KVM: test properly for a PTE's uncachedness
+    - [arm64] KVM: Fix AArch32 to AArch64 register mapping
+    - [arm*] KVM: correct PTE uncachedness check
+    - [arm64] kernel: enforce pmuserenr_el0 initialization and restore
+    - [arm*] iommu/arm-smmu: Fix error checking for ASID and VMID allocation
+    - HID: wacom: Tie cached HID_DG_CONTACTCOUNT indices to report ID
+      (regression in 4.3)
+    - HID: wacom: Expect 'touch_max' touches if HID_DG_CONTACTCOUNT not present
+      (regression in 4.3)
+    - HID: core: Avoid uninitialized buffer access
+    - staging: lustre: echo_copy.._lsm() dereferences userland pointers directly
+    - direct-io: Fix negative return from dio read beyond eof
+    - fix the regression from "direct-io: Fix negative return from dio read
+      beyond eof"
+    - [arm64] KVM: Add workaround for Cortex-A57 erratum 834220
+    - [arm64] kernel: fix architected PMU registers unconditional access
+
+  [ Ben Hutchings ]
+  * fuse: break infinite loop in fuse_fill_write_pages() (CVE-2015-8785)
+  * SCSI: fix crashes in sd and sr runtime PM (Closes: #801925)
+  * rt2x00: fix monitor mode regression (regression in 4.2)
+  * pipe: limit the per-user amount of pages allocated in pipes (CVE-2013-4312)
+  * [powerpc*] Enable CRYPTO_DEV_VMX and enable CRYPTO_DEV_VMX_ENCRYPT as
+    module (Closes: #813640)
+  * debian/copyright: Add licence information for drivers/crypto/vmx/*.pl
+  * udeb: Add hid-logitech-hidpp to input-modules (Closes: #796096)
+  * hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Closes: #809815)
+
+  [ Salvatore Bonaccorso ]
+  * netfilter: nf_nat_redirect: add missing NULL pointer check (CVE-2015-8787)
+
+  [ Aurelien Jarno ]
+  * [mips*] Backport math emulation fix from 4.5.
+  * [arm64] Enable RTC_DRV_EFI.
+
+  [ Hendrik Brueckner ]
+  * [s390x] udeb: include modules to mount ISOs (loop device)
+    (Closes: #812336)
+  * [s390x] udeb: include btrfs-modules (Closes: #812340)
+
+  [ Martin Michlmayr ]
+  * Include Device Tree model in reportbug script
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Sat, 06 Feb 2016 23:25:14 +0000
+
 linux (4.3.3-7) unstable; urgency=medium

  * linux-image-dbg: Don't rely on upstream makefile to make .build-id
--- a/debian/config/arm64/config
+++ b/debian/config/arm64/config
@ -261,6 +261,7 @@ CONFIG_RESET_CONTROLLER=y
 ##
 ## file: drivers/rtc/Kconfig
 ##
+CONFIG_RTC_DRV_EFI=y
 CONFIG_RTC_DRV_PL031=y
 CONFIG_RTC_DRV_XGENE=y

--- a/debian/config/kernelarch-powerpc/config-arch-64
+++ b/debian/config/kernelarch-powerpc/config-arch-64
@ -58,6 +58,16 @@ CONFIG_PATA_AMD=m
 # CONFIG_MAC_FLOPPY is not set
 CONFIG_BLK_DEV_RSXX=m

+##
+## file: drivers/crypto/Kconfig
+##
+CONFIG_CRYPTO_DEV_VMX=y
+
+##
+## file: drivers/crypto/vmx/Kconfig
+##
+CONFIG_CRYPTO_DEV_VMX_ENCRYPT=m
+
 ##
 ## file: drivers/gpu/drm/ast/Kconfig
 ##
--- a/debian/copyright
+++ b/debian/copyright
@ -26,6 +26,43 @@ Copyright: 1996-2006 Manoj Srivastava
           2005-2012 Debian kernel team
 License: GPL-2

+Files: drivers/crypto/vmx/*.pl
+Copyright: 2006,2014 Andy Polyakov <appro@openssl.org>
+License: CRYPTOGAMS
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ .
+ * Redistributions of source code must retain copyright notices, this
+   list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the
+   distribution.
+ * Neither the name of the CRYPTOGAMS nor the names of its copyright
+   holder and contributors may be used to endorse or promote products
+   derived from this software without specific prior written
+   permission.
+ .
+ ALTERNATIVELY, provided that this notice is retained in full, this
+ product may be distributed under the terms of the GNU General Public
+ License (GPL), in which case the provisions of the GPL apply INSTEAD
+ OF those given above.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 Files: fs/nls/mac-*
 Copyright: 1991-2012 Unicode, Inc.
 License: Unicode-data
--- a/debian/installer/modules/input-modules
+++ b/debian/installer/modules/input-modules
@ -15,6 +15,7 @@ hid-kye ?
 hid-lenovo-tpkbd ?
 hid-logitech ?
 hid-logitech-dj
+hid-logitech-hidpp ?
 hid-microsoft ?
 hid-monterey ?
 hid-multitouch ?
--- a/debian/installer/s390x/modules/s390x/btrfs-modules
+++ b/debian/installer/s390x/modules/s390x/btrfs-modules
@ -0,0 +1 @@
+#include <btrfs-modules>
--- a/debian/installer/s390x/modules/s390x/isofs-modules
+++ b/debian/installer/s390x/modules/s390x/isofs-modules
@ -0,0 +1 @@
+#include <isofs-modules>
--- a/debian/installer/s390x/modules/s390x/loop-modules
+++ b/debian/installer/s390x/modules/s390x/loop-modules
@ -0,0 +1 @@
+#include <loop-modules>
--- a/debian/installer/s390x/modules/s390x/udf-modules
+++ b/debian/installer/s390x/modules/s390x/udf-modules
@ -0,0 +1 @@
+#include <udf-modules>
--- a/debian/installer/s390x/modules/s390x/zlib-modules
+++ b/debian/installer/s390x/modules/s390x/zlib-modules
@ -0,0 +1 @@
+#include <zlib-modules>
--- a/debian/patches/bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch
+++ b/debian/patches/bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch
@ -0,0 +1,237 @@
+From: Willy Tarreau <w@1wt.eu>
+Date: Mon, 18 Jan 2016 16:36:09 +0100
+Subject: pipe: limit the per-user amount of pages allocated in pipes
+Origin: https://git.kernel.org/linus/759c01142a5d0f364a462346168a56de28a80f52
+
+On no-so-small systems, it is possible for a single process to cause an
+OOM condition by filling large pipes with data that are never read. A
+typical process filling 4000 pipes with 1 MB of data will use 4 GB of
+memory. On small systems it may be tricky to set the pipe max size to
+prevent this from happening.
+
+This patch makes it possible to enforce a per-user soft limit above
+which new pipes will be limited to a single page, effectively limiting
+them to 4 kB each, as well as a hard limit above which no new pipes may
+be created for this user. This has the effect of protecting the system
+against memory abuse without hurting other users, and still allowing
+pipes to work correctly though with less data at once.
+
+The limit are controlled by two new sysctls : pipe-user-pages-soft, and
+pipe-user-pages-hard. Both may be disabled by setting them to zero. The
+default soft limit allows the default number of FDs per process (1024)
+to create pipes of the default size (64kB), thus reaching a limit of 64MB
+before starting to create only smaller pipes. With 256 processes limited
+to 1024 FDs each, this results in 1024*64kB + (256*1024 - 1024) * 4kB =
+1084 MB of memory allocated for a user. The hard limit is disabled by
+default to avoid breaking existing applications that make intensive use
+of pipes (eg: for splicing).
+
+Reported-by: socketpair@gmail.com
+Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Mitigates: CVE-2013-4312 (Linux 2.0+)
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+---
+ Documentation/sysctl/fs.txt | 23 ++++++++++++++++++++++
+ fs/pipe.c                   | 47 +++++++++++++++++++++++++++++++++++++++++++--
+ include/linux/pipe_fs_i.h   |  4 ++++
+ include/linux/sched.h       |  1 +
+ kernel/sysctl.c             | 14 ++++++++++++++
+ 5 files changed, 87 insertions(+), 2 deletions(-)
+
+--- a/Documentation/sysctl/fs.txt
+++ b/Documentation/sysctl/fs.txt
+@@ -32,6 +32,8 @@ Currently, these files are in /proc/sys/
+ - nr_open
+ - overflowuid
+ - overflowgid
+- pipe-user-pages-hard
+- pipe-user-pages-soft
+ - protected_hardlinks
+ - protected_symlinks
+ - suid_dumpable
+@@ -159,6 +161,27 @@ The default is 65534.
+ 
+ ==============================================================
+ 
+pipe-user-pages-hard:
+
+Maximum total number of pages a non-privileged user may allocate for pipes.
+Once this limit is reached, no new pipes may be allocated until usage goes
+below the limit again. When set to 0, no limit is applied, which is the default
+setting.
+
+==============================================================
+
+pipe-user-pages-soft:
+
+Maximum total number of pages a non-privileged user may allocate for pipes
+before the pipe size gets limited to a single page. Once this limit is reached,
+new pipes will be limited to a single page in size for this user in order to
+limit total memory usage, and trying to increase them using fcntl() will be
+denied until usage goes below the limit again. The default value allows to
+allocate up to 1024 pipes at their default size. When set to 0, no limit is
+applied.
+
+==============================================================
+
+ protected_hardlinks:
+ 
+ A long-standing class of security issues is the hardlink-based
+--- a/fs/pipe.c
+++ b/fs/pipe.c
+@@ -38,6 +38,12 @@ unsigned int pipe_max_size = 1048576;
+  */
+ unsigned int pipe_min_size = PAGE_SIZE;
+ 
+/* Maximum allocatable pages per user. Hard limit is unset by default, soft
+ * matches default values.
+ */
+unsigned long pipe_user_pages_hard;
+unsigned long pipe_user_pages_soft = PIPE_DEF_BUFFERS * INR_OPEN_CUR;
+
+ /*
+  * We use a start+len construction, which provides full use of the 
+  * allocated memory.
+@@ -584,20 +590,49 @@ pipe_fasync(int fd, struct file *filp, i
+ 	return retval;
+ }
+ 
+static void account_pipe_buffers(struct pipe_inode_info *pipe,
+                                 unsigned long old, unsigned long new)
+{
+	atomic_long_add(new - old, &pipe->user->pipe_bufs);
+}
+
+static bool too_many_pipe_buffers_soft(struct user_struct *user)
+{
+	return pipe_user_pages_soft &&
+	       atomic_long_read(&user->pipe_bufs) >= pipe_user_pages_soft;
+}
+
+static bool too_many_pipe_buffers_hard(struct user_struct *user)
+{
+	return pipe_user_pages_hard &&
+	       atomic_long_read(&user->pipe_bufs) >= pipe_user_pages_hard;
+}
+
+ struct pipe_inode_info *alloc_pipe_info(void)
+ {
+ 	struct pipe_inode_info *pipe;
+ 
+ 	pipe = kzalloc(sizeof(struct pipe_inode_info), GFP_KERNEL);
+ 	if (pipe) {
+-		pipe->bufs = kzalloc(sizeof(struct pipe_buffer) * PIPE_DEF_BUFFERS, GFP_KERNEL);
+		unsigned long pipe_bufs = PIPE_DEF_BUFFERS;
+		struct user_struct *user = get_current_user();
+
+		if (!too_many_pipe_buffers_hard(user)) {
+			if (too_many_pipe_buffers_soft(user))
+				pipe_bufs = 1;
+			pipe->bufs = kzalloc(sizeof(struct pipe_buffer) * pipe_bufs, GFP_KERNEL);
+		}
+
+ 		if (pipe->bufs) {
+ 			init_waitqueue_head(&pipe->wait);
+ 			pipe->r_counter = pipe->w_counter = 1;
+-			pipe->buffers = PIPE_DEF_BUFFERS;
+			pipe->buffers = pipe_bufs;
+			pipe->user = user;
+			account_pipe_buffers(pipe, 0, pipe_bufs);
+ 			mutex_init(&pipe->mutex);
+ 			return pipe;
+ 		}
+		free_uid(user);
+ 		kfree(pipe);
+ 	}
+ 
+@@ -608,6 +643,8 @@ void free_pipe_info(struct pipe_inode_in
+ {
+ 	int i;
+ 
+	account_pipe_buffers(pipe, pipe->buffers, 0);
+	free_uid(pipe->user);
+ 	for (i = 0; i < pipe->buffers; i++) {
+ 		struct pipe_buffer *buf = pipe->bufs + i;
+ 		if (buf->ops)
+@@ -996,6 +1033,7 @@ static long pipe_set_size(struct pipe_in
+ 			memcpy(bufs + head, pipe->bufs, tail * sizeof(struct pipe_buffer));
+ 	}
+ 
+	account_pipe_buffers(pipe, pipe->buffers, nr_pages);
+ 	pipe->curbuf = 0;
+ 	kfree(pipe->bufs);
+ 	pipe->bufs = bufs;
+@@ -1067,6 +1105,11 @@ long pipe_fcntl(struct file *file, unsig
+ 		if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
+ 			ret = -EPERM;
+ 			goto out;
+		} else if ((too_many_pipe_buffers_hard(pipe->user) ||
+			    too_many_pipe_buffers_soft(pipe->user)) &&
+		           !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
+			ret = -EPERM;
+			goto out;
+ 		}
+ 		ret = pipe_set_size(pipe, nr_pages);
+ 		break;
+--- a/include/linux/pipe_fs_i.h
+++ b/include/linux/pipe_fs_i.h
+@@ -42,6 +42,7 @@ struct pipe_buffer {
+  *	@fasync_readers: reader side fasync
+  *	@fasync_writers: writer side fasync
+  *	@bufs: the circular array of pipe buffers
+ *	@user: the user who created this pipe
+  **/
+ struct pipe_inode_info {
+ 	struct mutex mutex;
+@@ -57,6 +58,7 @@ struct pipe_inode_info {
+ 	struct fasync_struct *fasync_readers;
+ 	struct fasync_struct *fasync_writers;
+ 	struct pipe_buffer *bufs;
+	struct user_struct *user;
+ };
+ 
+ /*
+@@ -123,6 +125,8 @@ void pipe_unlock(struct pipe_inode_info
+ void pipe_double_lock(struct pipe_inode_info *, struct pipe_inode_info *);
+ 
+ extern unsigned int pipe_max_size, pipe_min_size;
+extern unsigned long pipe_user_pages_hard;
+extern unsigned long pipe_user_pages_soft;
+ int pipe_proc_fn(struct ctl_table *, int, void __user *, size_t *, loff_t *);
+ 
+ 
+--- a/include/linux/sched.h
+++ b/include/linux/sched.h
+@@ -831,6 +831,7 @@ struct user_struct {
+ #endif
+ 	unsigned long locked_shm; /* How many pages of mlocked shm ? */
+ 	unsigned long unix_inflight;	/* How many files in flight in unix sockets */
+	atomic_long_t pipe_bufs;  /* how many pages are allocated in pipe buffers */
+ 
+ #ifdef CONFIG_KEYS
+ 	struct key *uid_keyring;	/* UID specific keyring */
+--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
+@@ -1714,6 +1714,20 @@ static struct ctl_table fs_table[] = {
+ 		.proc_handler	= &pipe_proc_fn,
+ 		.extra1		= &pipe_min_size,
+ 	},
+	{
+		.procname	= "pipe-user-pages-hard",
+		.data		= &pipe_user_pages_hard,
+		.maxlen		= sizeof(pipe_user_pages_hard),
+		.mode		= 0644,
+		.proc_handler	= proc_doulongvec_minmax,
+	},
+	{
+		.procname	= "pipe-user-pages-soft",
+		.data		= &pipe_user_pages_soft,
+		.maxlen		= sizeof(pipe_user_pages_soft),
+		.mode		= 0644,
+		.proc_handler	= proc_doulongvec_minmax,
+	},
+ 	{ }
+ };
+ 
--- a/debian/patches/bugfix/all/rt2x00-fix-monitor-mode-regression.patch
+++ b/debian/patches/bugfix/all/rt2x00-fix-monitor-mode-regression.patch
@ -0,0 +1,149 @@
+From: Eli Cooper <elicooper@gmx.com>
+Date: Mon, 18 Jan 2016 19:30:19 +0800
+Subject: rt2x00: fix monitor mode regression
+Origin: https://git.kernel.org/cgit/linux/kernel/git/wireless/wireless-testing.git/commit?id=262c741e0825b29447a9e53b6582afd6b14c3706
+
+Since commit df1404650ccb ("mac80211: remove support for IFF_PROMISC")
+monitor mode for rt2x00 has been made effectively useless because the
+hardware filter is configured to drop packets whose intended recipient is
+not the device, regardless of the presence of monitor mode interfaces.
+
+This patch fixes this regression by adding explicit monitor mode support,
+and by configuring the hardware filter accordingly.
+
+Signed-off-by: Eli Cooper <elicooper@gmx.com>
+Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+[bwh: Backported to 4.3: adjust filenames]
+---
+ drivers/net/wireless/rt2x00/rt2400pci.c    | 4 +++-
+ drivers/net/wireless/rt2x00/rt2500pci.c    | 4 +++-
+ drivers/net/wireless/rt2x00/rt2500usb.c    | 4 +++-
+ drivers/net/wireless/rt2x00/rt2800lib.c    | 3 ++-
+ drivers/net/wireless/rt2x00/rt2x00.h       | 1 +
+ drivers/net/wireless/rt2x00/rt2x00config.c | 5 +++++
+ drivers/net/wireless/rt2x00/rt2x00mac.c    | 5 -----
+ drivers/net/wireless/rt2x00/rt61pci.c      | 4 +++-
+ drivers/net/wireless/rt2x00/rt73usb.c      | 4 +++-
+ 9 files changed, 23 insertions(+), 11 deletions(-)
+
+--- a/drivers/net/wireless/rt2x00/rt2400pci.c
+++ b/drivers/net/wireless/rt2x00/rt2400pci.c
+@@ -273,8 +273,10 @@ static void rt2400pci_config_filter(stru
+ 			   !(filter_flags & FIF_PLCPFAIL));
+ 	rt2x00_set_field32(&reg, RXCSR0_DROP_CONTROL,
+ 			   !(filter_flags & FIF_CONTROL));
+-	rt2x00_set_field32(&reg, RXCSR0_DROP_NOT_TO_ME, 1);
+	rt2x00_set_field32(&reg, RXCSR0_DROP_NOT_TO_ME,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags));
+ 	rt2x00_set_field32(&reg, RXCSR0_DROP_TODS,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags) &&
+ 			   !rt2x00dev->intf_ap_count);
+ 	rt2x00_set_field32(&reg, RXCSR0_DROP_VERSION_ERROR, 1);
+ 	rt2x00mmio_register_write(rt2x00dev, RXCSR0, reg);
+--- a/drivers/net/wireless/rt2x00/rt2500pci.c
+++ b/drivers/net/wireless/rt2x00/rt2500pci.c
+@@ -274,8 +274,10 @@ static void rt2500pci_config_filter(stru
+ 			   !(filter_flags & FIF_PLCPFAIL));
+ 	rt2x00_set_field32(&reg, RXCSR0_DROP_CONTROL,
+ 			   !(filter_flags & FIF_CONTROL));
+-	rt2x00_set_field32(&reg, RXCSR0_DROP_NOT_TO_ME, 1);
+	rt2x00_set_field32(&reg, RXCSR0_DROP_NOT_TO_ME,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags));
+ 	rt2x00_set_field32(&reg, RXCSR0_DROP_TODS,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags) &&
+ 			   !rt2x00dev->intf_ap_count);
+ 	rt2x00_set_field32(&reg, RXCSR0_DROP_VERSION_ERROR, 1);
+ 	rt2x00_set_field32(&reg, RXCSR0_DROP_MCAST,
+--- a/drivers/net/wireless/rt2x00/rt2500usb.c
+++ b/drivers/net/wireless/rt2x00/rt2500usb.c
+@@ -434,8 +434,10 @@ static void rt2500usb_config_filter(stru
+ 			   !(filter_flags & FIF_PLCPFAIL));
+ 	rt2x00_set_field16(&reg, TXRX_CSR2_DROP_CONTROL,
+ 			   !(filter_flags & FIF_CONTROL));
+-	rt2x00_set_field16(&reg, TXRX_CSR2_DROP_NOT_TO_ME, 1);
+	rt2x00_set_field16(&reg, TXRX_CSR2_DROP_NOT_TO_ME,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags));
+ 	rt2x00_set_field16(&reg, TXRX_CSR2_DROP_TODS,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags) &&
+ 			   !rt2x00dev->intf_ap_count);
+ 	rt2x00_set_field16(&reg, TXRX_CSR2_DROP_VERSION_ERROR, 1);
+ 	rt2x00_set_field16(&reg, TXRX_CSR2_DROP_MULTICAST,
+--- a/drivers/net/wireless/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/rt2x00/rt2800lib.c
+@@ -1490,7 +1490,8 @@ void rt2800_config_filter(struct rt2x00_
+ 			   !(filter_flags & FIF_FCSFAIL));
+ 	rt2x00_set_field32(&reg, RX_FILTER_CFG_DROP_PHY_ERROR,
+ 			   !(filter_flags & FIF_PLCPFAIL));
+-	rt2x00_set_field32(&reg, RX_FILTER_CFG_DROP_NOT_TO_ME, 1);
+	rt2x00_set_field32(&reg, RX_FILTER_CFG_DROP_NOT_TO_ME,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags));
+ 	rt2x00_set_field32(&reg, RX_FILTER_CFG_DROP_NOT_MY_BSSD, 0);
+ 	rt2x00_set_field32(&reg, RX_FILTER_CFG_DROP_VER_ERROR, 1);
+ 	rt2x00_set_field32(&reg, RX_FILTER_CFG_DROP_MULTICAST,
+--- a/drivers/net/wireless/rt2x00/rt2x00.h
+++ b/drivers/net/wireless/rt2x00/rt2x00.h
+@@ -669,6 +669,7 @@ enum rt2x00_state_flags {
+ 	CONFIG_POWERSAVING,
+ 	CONFIG_HT_DISABLED,
+ 	CONFIG_QOS_DISABLED,
+	CONFIG_MONITORING,
+ 
+ 	/*
+ 	 * Mark we currently are sequentially reading TX_STA_FIFO register
+--- a/drivers/net/wireless/rt2x00/rt2x00config.c
+++ b/drivers/net/wireless/rt2x00/rt2x00config.c
+@@ -277,6 +277,11 @@ void rt2x00lib_config(struct rt2x00_dev
+ 	else
+ 		clear_bit(CONFIG_POWERSAVING, &rt2x00dev->flags);
+ 
+	if (conf->flags & IEEE80211_CONF_MONITOR)
+		set_bit(CONFIG_MONITORING, &rt2x00dev->flags);
+	else
+		clear_bit(CONFIG_MONITORING, &rt2x00dev->flags);
+
+ 	rt2x00dev->curr_band = conf->chandef.chan->band;
+ 	rt2x00dev->curr_freq = conf->chandef.chan->center_freq;
+ 	rt2x00dev->tx_power = conf->power_level;
+--- a/drivers/net/wireless/rt2x00/rt2x00mac.c
+++ b/drivers/net/wireless/rt2x00/rt2x00mac.c
+@@ -385,11 +385,6 @@ void rt2x00mac_configure_filter(struct i
+ 			*total_flags |= FIF_PSPOLL;
+ 	}
+ 
+-	/*
+-	 * Check if there is any work left for us.
+-	 */
+-	if (rt2x00dev->packet_filter == *total_flags)
+-		return;
+ 	rt2x00dev->packet_filter = *total_flags;
+ 
+ 	rt2x00dev->ops->lib->config_filter(rt2x00dev, *total_flags);
+--- a/drivers/net/wireless/rt2x00/rt61pci.c
+++ b/drivers/net/wireless/rt2x00/rt61pci.c
+@@ -530,8 +530,10 @@ static void rt61pci_config_filter(struct
+ 			   !(filter_flags & FIF_PLCPFAIL));
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_CONTROL,
+ 			   !(filter_flags & (FIF_CONTROL | FIF_PSPOLL)));
+-	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_NOT_TO_ME, 1);
+	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_NOT_TO_ME,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags));
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_TO_DS,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags) &&
+ 			   !rt2x00dev->intf_ap_count);
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_VERSION_ERROR, 1);
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_MULTICAST,
+--- a/drivers/net/wireless/rt2x00/rt73usb.c
+++ b/drivers/net/wireless/rt2x00/rt73usb.c
+@@ -480,8 +480,10 @@ static void rt73usb_config_filter(struct
+ 			   !(filter_flags & FIF_PLCPFAIL));
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_CONTROL,
+ 			   !(filter_flags & (FIF_CONTROL | FIF_PSPOLL)));
+-	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_NOT_TO_ME, 1);
+	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_NOT_TO_ME,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags));
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_TO_DS,
+			   !test_bit(CONFIG_MONITORING, &rt2x00dev->flags) &&
+ 			   !rt2x00dev->intf_ap_count);
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_VERSION_ERROR, 1);
+ 	rt2x00_set_field32(&reg, TXRX_CSR0_DROP_MULTICAST,
--- a/debian/patches/bugfix/all/scsi-fix-crashes-in-sd-and-sr-runtime-pm.patch
+++ b/debian/patches/bugfix/all/scsi-fix-crashes-in-sd-and-sr-runtime-pm.patch
@ -0,0 +1,82 @@
+From: Alan Stern <stern@rowland.harvard.edu>
+Subject: SCSI: fix crashes in sd and sr runtime PM
+Date: Wed, 20 Jan 2016 11:26:01 -0500 (EST)
+Origin: http://article.gmane.org/gmane.linux.scsi/109795
+Bug-Debian: https://bugs.debian.org/801925
+
+Runtime suspend during driver probe and removal can cause problems.
+The driver's runtime_suspend or runtime_resume callbacks may invoked
+before the driver has finished binding to the device or after the
+driver has unbound from the device.
+
+This problem shows up with the sd and sr drivers, and can cause disk
+or CD/DVD drives to become unusable as a result.  The fix is simple.
+The drivers store a pointer to the scsi_disk or scsi_cd structure as
+their private device data when probing is finished, so we simply have
+to be sure to clear the private data during removal and test it during
+runtime suspend/resume.
+
+This fixes <https://bugs.debian.org/801925>.
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-by: Paul Menzel <paul.menzel@giantmonkey.de>
+Reported-by: Erich Schubert <erich@debian.org>
+Reported-by: Alexandre Rossi <alexandre.rossi@gmail.com>
+Tested-by: Paul Menzel <paul.menzel@giantmonkey.de>
+CC: "James E.J. Bottomley" <JBottomley@odin.com>
+CC: Ben Hutchings <ben@decadent.org.uk>
+CC: <stable@vger.kernel.org>
+
+---
+
+
+[as1795]
+
+
+ drivers/scsi/sd.c |    7 +++++--
+ drivers/scsi/sr.c |    4 ++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
+@@ -3142,8 +3142,8 @@ static int sd_suspend_common(struct devi
+ 	struct scsi_disk *sdkp = dev_get_drvdata(dev);
+ 	int ret = 0;
+ 
+-	if (!sdkp)
+-		return 0;	/* this can happen */
+	if (!sdkp)	/* E.g.: runtime suspend following sd_remove() */
+		return 0;
+ 
+ 	if (sdkp->WCE && sdkp->media_present) {
+ 		sd_printk(KERN_NOTICE, sdkp, "Synchronizing SCSI cache\n");
+@@ -3182,6 +3182,9 @@ static int sd_resume(struct device *dev)
+ {
+ 	struct scsi_disk *sdkp = dev_get_drvdata(dev);
+ 
+	if (!sdkp)	/* E.g.: runtime resume at the start of sd_probe() */
+		return 0;
+
+ 	if (!sdkp->device->manage_start_stop)
+ 		return 0;
+ 
+--- a/drivers/scsi/sr.c
+++ b/drivers/scsi/sr.c
+@@ -144,6 +144,9 @@ static int sr_runtime_suspend(struct dev
+ {
+ 	struct scsi_cd *cd = dev_get_drvdata(dev);
+ 
+	if (!cd)	/* E.g.: runtime suspend following sr_remove() */
+		return 0;
+
+ 	if (cd->media_present)
+ 		return -EBUSY;
+ 	else
+@@ -985,6 +988,7 @@ static int sr_remove(struct device *dev)
+ 	scsi_autopm_get_device(cd->device);
+ 
+ 	del_gendisk(cd->disk);
+	dev_set_drvdata(dev, NULL);
+ 
+ 	mutex_lock(&sr_ref_mutex);
+ 	kref_put(&cd->kref, sr_kref_release);
--- a/debian/patches/bugfix/mips/mips-math-emu-correctly-handle-nop-emulation.patch
+++ b/debian/patches/bugfix/mips/mips-math-emu-correctly-handle-nop-emulation.patch
@ -0,0 +1,140 @@
+From: "Maciej W. Rozycki" <macro@imgtec.com>
+Date: Fri, 22 Jan 2016 05:20:26 +0000
+Subject: MIPS: math-emu: Correctly handle NOP emulation
+Origin: https://git.kernel.org/linus/e4553573b37c3f72533683cb5f3a1ad300b18d37
+
+Fix an issue introduced with commit 9ab4471c9f1b ("MIPS: math-emu:
+Correct delay-slot exception propagation") where the emulation of a NOP
+instruction signals the need to terminate the emulation loop.  This in
+turn, if the PC has not changed from the entry to the loop, will cause
+the kernel to terminate the program with SIGILL.
+
+Consider this program:
+
+static double div(double d)
+{
+	do
+		d /= 2.0;
+	while (d > .5);
+	return d;
+}
+
+int main(int argc, char **argv)
+{
+	return div(argc);
+}
+
+which gets compiled to the following binary code:
+
+00400490 <main>:
+  400490:	44840000 	mtc1	a0,$f0
+  400494:	3c020040 	lui	v0,0x40
+  400498:	d44207f8 	ldc1	$f2,2040(v0)
+  40049c:	46800021 	cvt.d.w	$f0,$f0
+  4004a0:	46220002 	mul.d	$f0,$f0,$f2
+  4004a4:	4620103c 	c.lt.d	$f2,$f0
+  4004a8:	4501fffd 	bc1t	4004a0 <main+0x10>
+  4004ac:	00000000 	nop
+  4004b0:	4620000d 	trunc.w.d	$f0,$f0
+  4004b4:	03e00008 	jr	ra
+  4004b8:	44020000 	mfc1	v0,$f0
+  4004bc:	00000000 	nop
+
+Where the FPU emulator is used, depending on the number of command-line
+arguments this code will either run to completion or terminate with
+SIGILL.
+
+If no arguments are specified, then BC1T will not be taken, NOP will not
+be emulated and code will complete successfully.
+
+If one argument is specified, then BC1T will be taken once and NOP will
+be emulated.  At this point the entry PC value will be 0x400498 and the
+new PC value, set by `mips_dsemul' will be 0x4004a0, the target of BC1T.
+The emulation loop will terminate, but SIGILL will not be issued,
+because the PC has changed.  The FPU emulator will be entered again and
+on the second execution BC1T will not be taken, NOP will not be emulated
+and code will complete successfully.
+
+If two or more arguments are specified, then the first execution of BC1T
+will proceed as above.  Upon reentering the FPU emulator the emulation
+loop will continue to BC1T, at which point the branch will be taken and
+NOP emulated again.  At this point however the entry PC value will be
+0x4004a0, the same as the target of BC1T.  This will make the emulator
+conclude that execution has not advanced and therefore an unsupported
+FPU instruction has been encountered, and SIGILL will be sent to the
+process.
+
+Fix the problem by extending the internal API of `mips_dsemul', making
+it return -1 if no delay slot emulation frame has been made, the
+instruction has been handled and execution of the emulation loop needs
+to continue as if nothing happened.  Remove code from `mips_dsemul' to
+reproduce steps made by the emulation loop at the conclusion of each
+iteration, as those will be reached normally now.  Adjust call sites
+accordingly.  Document the API.
+
+Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
+Cc: Aurelien Jarno <aurelien@aurel32.net>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/12172/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+---
+ arch/mips/math-emu/cp1emu.c |  4 ++++
+ arch/mips/math-emu/dsemul.c | 14 ++++++++------
+ 2 files changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/arch/mips/math-emu/cp1emu.c b/arch/mips/math-emu/cp1emu.c
+index 32f0e19..cdfd44f 100644
+--- a/arch/mips/math-emu/cp1emu.c
+++ b/arch/mips/math-emu/cp1emu.c
+@@ -1266,6 +1266,8 @@ branch_common:
+ 						 */
+ 						sig = mips_dsemul(xcp, ir,
+ 								  contpc);
+						if (sig < 0)
+							break;
+ 						if (sig)
+ 							xcp->cp0_epc = bcpc;
+ 						/*
+@@ -1319,6 +1321,8 @@ branch_common:
+ 				 * instruction in the dslot
+ 				 */
+ 				sig = mips_dsemul(xcp, ir, contpc);
+				if (sig < 0)
+					break;
+ 				if (sig)
+ 					xcp->cp0_epc = bcpc;
+ 				/* SIGILL forces out of the emulation loop.  */
+diff --git a/arch/mips/math-emu/dsemul.c b/arch/mips/math-emu/dsemul.c
+index cbb36c1..70e4824 100644
+--- a/arch/mips/math-emu/dsemul.c
+++ b/arch/mips/math-emu/dsemul.c
+@@ -31,18 +31,20 @@ struct emuframe {
+ 	unsigned long		epc;
+ };
+ 
+/*
+ * Set up an emulation frame for instruction IR, from a delay slot of
+ * a branch jumping to CPC.  Return 0 if successful, -1 if no emulation
+ * required, otherwise a signal number causing a frame setup failure.
+ */
+ int mips_dsemul(struct pt_regs *regs, mips_instruction ir, unsigned long cpc)
+ {
+ 	struct emuframe __user *fr;
+ 	int err;
+ 
+	/* NOP is easy */
+ 	if ((get_isa16_mode(regs->cp0_epc) && ((ir >> 16) == MM_NOP16)) ||
+-		(ir == 0)) {
+-		/* NOP is easy */
+-		regs->cp0_epc = cpc;
+-		clear_delay_slot(regs);
+-		return 0;
+-	}
+	    (ir == 0))
+		return -1;
+ 
+ 	pr_debug("dsemul %lx %lx\n", regs->cp0_epc, cpc);
+ 
+-- 
+2.7.0.rc3
+
--- a/debian/patches/debian/usb-fix-abi-change-in-4.3.5.patch
+++ b/debian/patches/debian/usb-fix-abi-change-in-4.3.5.patch
@ -0,0 +1,23 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Mon, 01 Feb 2016 09:05:24 +0100
+Subject: usb: Fix ABI change in 4.3.5
+Forwarded: not-needed
+
+struct usb_device gained two new bitfields, but there were plenty of
+padding bits to spare.  Hide them from genksyms.
+
+---
+--- a/include/linux/usb.h
+++ b/include/linux/usb.h
+@@ -582,8 +582,11 @@ struct usb_device {
+ 	unsigned usb2_hw_lpm_enabled:1;
+ 	unsigned usb2_hw_lpm_allowed:1;
+ 	unsigned usb3_lpm_enabled:1;
+#ifndef __GENKSYMS__
+ 	unsigned usb3_lpm_u1_enabled:1;
+ 	unsigned usb3_lpm_u2_enabled:1;
+	/* 18 bits spare */
+#endif
+ 	int string_langid;
+ 
+ 	/* static strings from the device */
--- a/debian/patches/features/sparc/hwrng-n2-attach-on-t5-m5-t7-m7-sparc-cpus.patch
+++ b/debian/patches/features/sparc/hwrng-n2-attach-on-t5-m5-t7-m7-sparc-cpus.patch
@ -0,0 +1,37 @@
+From: Anatoly Pugachev <matorola@gmail.com>
+Date: Tue, 26 Jan 2016 00:19:02 +0300
+Subject: hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs
+Origin: https://git.kernel.org/cgit/linux/kernel/git/herbert/cryptodev-2.6.git/commit?id=c1e9b3b0eea12899b7749571af21cc60822cf2b6
+Bug-Debian: https://bugs.debian.org/809815
+
+n2rng: Attach on T5/M5, T7/M7 SPARC CPUs
+
+(space to tab fixes after variable names)
+
+Signed-off-by: Anatoly Pugachev <matorola@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/char/hw_random/n2-drv.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/drivers/char/hw_random/n2-drv.c b/drivers/char/hw_random/n2-drv.c
+index 843d6f6aee7a..3b06c1d6cfb2 100644
+--- a/drivers/char/hw_random/n2-drv.c
+++ b/drivers/char/hw_random/n2-drv.c
+@@ -743,6 +743,16 @@ static const struct of_device_id n2rng_match[] = {
+ 		.compatible	= "SUNW,kt-rng",
+ 		.data		= (void *) 1,
+ 	},
+	{
+		.name		= "random-number-generator",
+		.compatible	= "ORCL,m4-rng",
+		.data		= (void *) 1,
+	},
+	{
+		.name		= "random-number-generator",
+		.compatible	= "ORCL,m7-rng",
+		.data		= (void *) 1,
+	},
+ 	{},
+ };
+ MODULE_DEVICE_TABLE(of, n2rng_match);
--- a/debian/patches/series
+++ b/debian/patches/series
@ -45,6 +45,7 @@ bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
 bugfix/x86/drm-i915-shut-up-gen8-sde-irq-dmesg-noise.patch
 bugfix/arm/crypto-sun4i-ss-add-missing-statesize.patch
 bugfix/x86/drm-vmwgfx-fix-a-width-pitch-mismatch-on-framebuffer.patch
+bugfix/mips/mips-math-emu-correctly-handle-nop-emulation.patch

 # Arch features
 features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch
@ -107,3 +108,8 @@ bugfix/all/media-usbvision-fix-crash-on-detecting-device-with-i.patch
 bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
 bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch
 bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch
+bugfix/all/scsi-fix-crashes-in-sd-and-sr-runtime-pm.patch
+debian/usb-fix-abi-change-in-4.3.5.patch
+bugfix/all/rt2x00-fix-monitor-mode-regression.patch
+bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch
+features/sparc/hwrng-n2-attach-on-t5-m5-t7-m7-sparc-cpus.patch
--- a/debian/templates/image.bug/include-model
+++ b/debian/templates/image.bug/include-model
@ -39,6 +39,11 @@ grep_model() {
    false
    ;;
  esac
+
+  # Device Tree model
+  if [ -r /proc/device-tree/model ]; then
+    echo "Device Tree model:" $(cat /proc/device-tree/model)
+  fi
 }

 add_model() {