@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.19.40

+Version:	4.19.52

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248

 BuildArch:	noarch

 %description

 The Linux API Headers expose the kernel's API for use by Glibc.

@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1

+-   Update to version 4.19.52

 *   Tue May 07 2019 Ajay Kaher <akaher@vmware.com> 4.19.40-1

 -   Update to version 4.19.40

 *   Wed Mar 27 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.32-1

new file mode 100644

@@ -0,0 +1,34 @@

+From f4df781a8c257883937168911608840fec190a31 Mon Sep 17 00:00:00 2001

+From: Gen Zhang <blackgod016574@gmail.com>

+Date: Tue, 28 May 2019 10:18:51 +0800

+Subject: [PATCH] clk-sunxi: fix a missing-check bug in sunxi_divs_clk_setup()

+

+[ This patch is not yet upstream; however, it has been accepted into

+  the drm maintainer's queue. ]

+

+In sunxi_divs_clk_setup(), 'derived_name' is allocated by kstrndup().

+It returns NULL when fails. 'derived_name' should be checked.

+

+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

+Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>

+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

+---

+ drivers/clk/sunxi/clk-sunxi.c | 2 ++

+ 1 file changed, 2 insertions(+)

+

+diff --git a/drivers/clk/sunxi/clk-sunxi.c b/drivers/clk/sunxi/clk-sunxi.c

+index 012714d..c76ce55 100644

+--- a/drivers/clk/sunxi/clk-sunxi.c

+@@ -988,6 +988,8 @@ static struct clk ** __init sunxi_divs_clk_setup(struct device_node *node,

+ 		if (endp) {

+ 			derived_name = kstrndup(clk_name, endp - clk_name,

+ 						GFP_KERNEL);

++			if (!derived_name)

++				return NULL;

+ 			factors.name = derived_name;

+ 		} else {

+ 			factors.name = clk_name;

+-- 

+2.7.4

+

new file mode 100644

@@ -0,0 +1,42 @@

+From a8301ee448aef5712b703281b6103a95242f0411 Mon Sep 17 00:00:00 2001

+From: Gen Zhang <blackgod016574@gmail.com>

+Date: Thu, 23 May 2019 08:34:52 +0800

+Subject: [PATCH] consolemap: Fix a memory leaking bug in

+ drivers/tty/vt/consolemap.c

+

+[ This patch is not yet upstream; however, it has been accepted into

+  the tty driver maintainer's queue. ]

+

+In function con_insert_unipair(), when allocation for p2 and p1[n]

+fails, ENOMEM is returned, but previously allocated p1 is not freed,

+remains as leaking memory. Thus we should free p1 as well when this

+allocation fails.

+

+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

+Reviewed-by: Kees Cook <keescook@chromium.org>

+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

+---

+ drivers/tty/vt/consolemap.c | 6 +++++-

+ 1 file changed, 5 insertions(+), 1 deletion(-)

+

+diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c

+index 7c7ada0..814d1b7 100644

+--- a/drivers/tty/vt/consolemap.c

+@@ -489,7 +489,11 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos)

+ 	p2 = p1[n = (unicode >> 6) & 0x1f];

+ 	if (!p2) {

+ 		p2 = p1[n] = kmalloc_array(64, sizeof(u16), GFP_KERNEL);

+-		if (!p2) return -ENOMEM;

++		if (!p2) {

++			kfree(p1);

++			p->uni_pgdir[n] = NULL;

++			return -ENOMEM;

++		}

+ 		memset(p2, 0xff, 64*sizeof(u16)); /* No glyphs for the characters (yet) */

+ 	}

+ 

+-- 

+2.7.4

+

new file mode 100644

@@ -0,0 +1,41 @@

+From 9579fa77a71581a70d14a544cc58d0b00f700f05 Mon Sep 17 00:00:00 2001

+From: Gen Zhang <blackgod016574@gmail.com>

+Date: Fri, 24 May 2019 10:32:22 +0800

+Subject: [PATCH] drm/edid: Fix a missing-check bug in drm_load_edid_firmware()

+

+[ This patch is not yet upstream; however, it has been accepted into

+  the drm maintainer's queue. ]

+

+In drm_load_edid_firmware(), fwstr is allocated by kstrdup(). And fwstr

+is dereferenced in the following codes. However, memory allocation

+functions such as kstrdup() may fail and returns NULL. Dereferencing

+this null pointer may cause the kernel go wrong. Thus we should check

+this kstrdup() operation.

+Further, if kstrdup() returns NULL, we should return ERR_PTR(-ENOMEM) to

+the caller site.

+

+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

+Reviewed-by: Jani Nikula <jani.nikula@intel.com>

+Signed-off-by: Jani Nikula <jani.nikula@intel.com>

+Link: https://patchwork.freedesktop.org/patch/msgid/20190524023222.GA5302@zhanggen-UX430UQ

+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

+---

+ drivers/gpu/drm/drm_edid_load.c | 2 ++

+ 1 file changed, 2 insertions(+)

+

+diff --git a/drivers/gpu/drm/drm_edid_load.c b/drivers/gpu/drm/drm_edid_load.c

+index a491509..a0e107a 100644

+--- a/drivers/gpu/drm/drm_edid_load.c

+@@ -290,6 +290,8 @@ struct edid *drm_load_edid_firmware(struct drm_connector *connector)

+ 	 * the last one found one as a fallback.

+ 	 */

+ 	fwstr = kstrdup(edid_firmware, GFP_KERNEL);

++	if (!fwstr)

++		return ERR_PTR(-ENOMEM);

+ 	edidstr = fwstr;

+ 

+ 	while ((edidname = strsep(&edidstr, ","))) {

+-- 

+2.7.4

+

new file mode 100644

@@ -0,0 +1,90 @@

+From f4756d57543226f5cd5e0b332b9830bdf7e56412 Mon Sep 17 00:00:00 2001

+From: Gen Zhang <blackgod016574@gmail.com>

+Date: Sat, 25 May 2019 13:25:58 +0200

+Subject: [PATCH] efi/x86/Add missing error handling to old_memmap 1:1 mapping

+ code

+

+commit 4e78921ba4dd0aca1cc89168f45039add4183f8e upstream.

+

+The old_memmap flow in efi_call_phys_prolog() performs numerous memory

+allocations, and either does not check for failure at all, or it does

+but fails to propagate it back to the caller, which may end up calling

+into the firmware with an incomplete 1:1 mapping.

+

+So let's fix this by returning NULL from efi_call_phys_prolog() on

+memory allocation failures only, and by handling this condition in the

+caller. Also, clean up any half baked sets of page tables that we may

+have created before returning with a NULL return value.

+

+Note that any failure at this level will trigger a panic() two levels

+up, so none of this makes a huge difference, but it is a nice cleanup

+nonetheless.

+

+[ardb: update commit log, add efi_call_phys_epilog() call on error path]

+

+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

+Cc: Linus Torvalds <torvalds@linux-foundation.org>

+Cc: Peter Zijlstra <peterz@infradead.org>

+Cc: Rob Bradford <robert.bradford@intel.com>

+Cc: Thomas Gleixner <tglx@linutronix.de>

+Cc: linux-efi@vger.kernel.org

+Link: http://lkml.kernel.org/r/20190525112559.7917-2-ard.biesheuvel@linaro.org

+Signed-off-by: Ingo Molnar <mingo@kernel.org>

+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

+---

+ arch/x86/platform/efi/efi.c    | 2 ++

+ arch/x86/platform/efi/efi_64.c | 9 ++++++---

+ 2 files changed, 8 insertions(+), 3 deletions(-)

+

+diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c

+index 9061bab..353019d 100644

+--- a/arch/x86/platform/efi/efi.c

+@@ -86,6 +86,8 @@ static efi_status_t __init phys_efi_set_virtual_address_map(

+ 	pgd_t *save_pgd;

+ 

+ 	save_pgd = efi_call_phys_prolog();

++	if (!save_pgd)

++		return EFI_ABORTED;

+ 

+ 	/* Disable interrupts around EFI calls: */

+ 	local_irq_save(flags);

+diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c

+index ee5d08f..dfc809b 100644

+--- a/arch/x86/platform/efi/efi_64.c

+@@ -84,13 +84,15 @@ pgd_t * __init efi_call_phys_prolog(void)

+ 

+ 	if (!efi_enabled(EFI_OLD_MEMMAP)) {

+ 		efi_switch_mm(&efi_mm);

+-		return NULL;

++		return efi_mm.pgd;

+ 	}

+ 

+ 	early_code_mapping_set_exec(1);

+ 

+ 	n_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT), PGDIR_SIZE);

+ 	save_pgd = kmalloc_array(n_pgds, sizeof(*save_pgd), GFP_KERNEL);

++	if (!save_pgd)

++		return NULL;

+ 

+ 	/*

+ 	 * Build 1:1 identity mapping for efi=old_map usage. Note that

+@@ -138,10 +140,11 @@ pgd_t * __init efi_call_phys_prolog(void)

+ 		pgd_offset_k(pgd * PGDIR_SIZE)->pgd &= ~_PAGE_NX;

+ 	}

+ 

+-out:

+ 	__flush_tlb_all();

+-

+ 	return save_pgd;

++out:

++	efi_call_phys_epilog(save_pgd);

++	return NULL;

+ }

+ 

+ void __init efi_call_phys_epilog(pgd_t *save_pgd)

+-- 

+2.7.4

+

new file mode 100644

@@ -0,0 +1,36 @@

+From 25c3cdaecee4e72cab832bb6079776d8158e1cf9 Mon Sep 17 00:00:00 2001

+From: Gen Zhang <blackgod016574@gmail.com>

+Date: Fri, 24 May 2019 11:24:26 +0800

+Subject: [PATCH] ip_sockglue: Fix missing-check bug in ip_ra_control()

+

+commit 425aa0e1d01513437668fa3d4a971168bbaa8515 upstream.

+

+In function ip_ra_control(), the pointer new_ra is allocated a memory

+space via kmalloc(). And it is used in the following codes. However,

+when  there is a memory allocation error, kmalloc() fails. Thus null

+pointer dereference may happen. And it will cause the kernel to crash.

+Therefore, we should check the return value and handle the error.

+

+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

+Signed-off-by: David S. Miller <davem@davemloft.net>

+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

+---

+ net/ipv4/ip_sockglue.c | 2 ++

+ 1 file changed, 2 insertions(+)

+

+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c

+index b7a2612..faaf688 100644

+--- a/net/ipv4/ip_sockglue.c

+@@ -343,6 +343,8 @@ int ip_ra_control(struct sock *sk, unsigned char on,

+ 		return -EINVAL;

+ 

+ 	new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;

++	if (on && !new_ra)

++		return -ENOMEM;

+ 

+ 	mutex_lock(&net->ipv4.ra_mutex);

+ 	for (rap = &net->ipv4.ra_chain;

+-- 

+2.7.4

+

new file mode 100644

@@ -0,0 +1,36 @@

+From 330952de2ddbb22f30702b251017ea5109a2e613 Mon Sep 17 00:00:00 2001

+From: Gen Zhang <blackgod016574@gmail.com>

+Date: Fri, 24 May 2019 11:19:46 +0800

+Subject: [PATCH] ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()

+

+commit 95baa60a0da80a0143e3ddd4d3725758b4513825 upstream.

+

+In function ip6_ra_control(), the pointer new_ra is allocated a memory

+space via kmalloc(). And it is used in the following codes. However,

+when there is a memory allocation error, kmalloc() fails. Thus null

+pointer dereference may happen. And it will cause the kernel to crash.

+Therefore, we should check the return value and handle the error.

+

+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

+Signed-off-by: David S. Miller <davem@davemloft.net>

+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

+---

+ net/ipv6/ipv6_sockglue.c | 2 ++

+ 1 file changed, 2 insertions(+)

+

+diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c

+index c0cac9c..4bc97b1 100644

+--- a/net/ipv6/ipv6_sockglue.c

+@@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel)

+ 		return -ENOPROTOOPT;

+ 

+ 	new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;

++	if (sel >= 0 && !new_ra)

++		return -ENOMEM;

+ 

+ 	write_lock_bh(&ip6_ra_lock);

+ 	for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {

+-- 

+2.7.4

+

new file mode 100644

@@ -0,0 +1,47 @@

+From 3a349cfe3e6ffd0856e04d3946589c437ef18d32 Mon Sep 17 00:00:00 2001

+From: Gen Zhang <blackgod016574@gmail.com>

+Date: Thu, 30 May 2019 09:10:30 +0800

+Subject: [PATCH] scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main()

+

+[ This patch is not yet upstream; however, it has been accepted into

+the scsi maintainer's queue. ]

+

+In _ctl_ioctl_main(), 'ioctl_header' is fetched the first time from

+userspace. 'ioctl_header.ioc_number' is then checked. The legal result is

+saved to 'ioc'. Then, in condition MPT3COMMAND, the whole struct is fetched

+again from the userspace. Then _ctl_do_mpt_command() is called, 'ioc' and

+'karg' as inputs.

+

+However, a malicious user can change the 'ioc_number' between the two

+fetches, which will cause a potential security issues.  Moreover, a

+malicious user can provide a valid 'ioc_number' to pass the check in first

+fetch, and then modify it in the second fetch.

+

+To fix this, we need to recheck the 'ioc_number' in the second fetch.

+

+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>

+Acked-by: Suganath Prabu S <suganath-prabu.subramani@broadcom.com>

+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

+Signed-off-by: Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu>

+---

+ drivers/scsi/mpt3sas/mpt3sas_ctl.c | 4 ++++

+ 1 file changed, 4 insertions(+)

+

+diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c

+index 5e8c059..b831740 100644

+--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c

+@@ -2404,6 +2404,10 @@ _ctl_ioctl_main(struct file *file, unsigned int cmd, void __user *arg,

+ 			break;

+ 		}

+ 

++		if (karg.hdr.ioc_number != ioctl_header.ioc_number) {

++			ret = -EINVAL;

++			break;

++		}

+ 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_command)) {

+ 			uarg = arg;

+ 			ret = _ctl_do_mpt_command(ioc, karg, &uarg->mf);

+-- 

+2.7.4

+

@@ -1234,7 +1234,7 @@ index 7948a17febb4..bc2b010b3d76 100644

 +

  #endif /* _ASM_X86_MODULE_H */

 diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c

-index 3aac91ca8909..fb9d908784a6 100644

+index 8673319..173bf54 100644

 --- a/arch/x86/kernel/cpu/vmware.c

 +++ b/arch/x86/kernel/cpu/vmware.c

 @@ -292,11 +292,17 @@ static __init int activate_jump_labels(void)

@@ -1270,13 +1270,13 @@ index c88c23c658c1..7a0b8f22ced5 100644

  	return __e820__mapped_all(start, end, type);

  }

 diff --git a/arch/x86/kernel/ftrace_64.S b/arch/x86/kernel/ftrace_64.S

-index 91b2cff4b79a..7aeca3f7541c 100644

+index 75f2b36..cfd00e5 100644

 --- a/arch/x86/kernel/ftrace_64.S

 +++ b/arch/x86/kernel/ftrace_64.S

 @@ -186,7 +186,7 @@ GLOBAL(ftrace_graph_call)

- #endif

- 

- /* This is weak to keep gas from relaxing the jumps */

+  * This is weak to keep gas from relaxing the jumps.

+  * It is also used to copy the retq for trampolines.

+  */

 -WEAK(ftrace_stub)

 +RAP_WEAK(ftrace_stub)

  	retq

@@ -5384,11 +5384,11 @@ index 2ff814c92f7f..a74ce003f47a 100644

  	static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__))

  #endif /* __SYSCALL_DEFINEx */

 diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c

-index 3f5bf1af0826..91029cc72349 100644

+index bad9985..cba5751 100644

 --- a/kernel/bpf/core.c

 +++ b/kernel/bpf/core.c

-@@ -577,6 +577,8 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,

- 	return ret;

+@@ -612,6 +612,8 @@ static void bpf_jit_uncharge_modmem(u32 pages)

+ 	atomic_long_sub(pages, &bpf_jit_current);

  }

 +extern long __rap_hash___bpf_prog_run;

@@ -5396,8 +5396,8 @@ index 3f5bf1af0826..91029cc72349 100644

  struct bpf_binary_header *

  bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,

  		     unsigned int alignment,

-@@ -600,11 +602,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,

- 	hdr->pages = size / PAGE_SIZE;

+@@ -641,11 +643,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,

+ 	hdr->pages = pages;

  	hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)),

  		     PAGE_SIZE - sizeof(*hdr));

 +#ifdef CONFIG_PAX_RAP

@@ -24,26 +24,27 @@ values at runtime.

 ---

  drivers/pci/pci.c   |   2 +

  drivers/pci/pci.h   |   2 +

- drivers/pci/probe.c | 377 +++++++++++++++++++++++++++++++++++++++++++++++++++-

- 3 files changed, 377 insertions(+), 4 deletions(-)

+ drivers/pci/probe.c | 376 +++++++++++++++++++++++++++++++++++++++++++++++++++-

+ 3 files changed, 376 insertions(+), 4 deletions(-)

-

-diff -ur linux-4.19.26/drivers/pci/pci.c linux-4.19.26_new/drivers/pci/pci.c

-+++ linux-4.19.26_new/drivers/pci/pci.c	2019-03-05 07:47:24.981001824 +0530

-@@ -6115,6 +6115,8 @@

+diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c

+index 61f2ef2..a97aa51 100644

+--- a/drivers/pci/pci.c

+@@ -6136,6 +6136,8 @@ static int __init pci_setup(char *str)

+ 				pci_add_flags(PCI_SCAN_ALL_PCIE_DEVS);

  			} else if (!strncmp(str, "disable_acs_redir=", 18)) {

- 				disable_acs_redir_param =

- 					kstrdup(str + 18, GFP_KERNEL);

+ 				disable_acs_redir_param = str + 18;

 +			} else if (!strncmp(str, "scan_all", 8)) {

 +				pci_scan_all();

  			} else {

  				printk(KERN_ERR "PCI: Unknown option `%s'\n",

  						str);

-diff -ur linux-4.19.26/drivers/pci/pci.h linux-4.19.26_new/drivers/pci/pci.h

-+++ linux-4.19.26_new/drivers/pci/pci.h	2019-03-05 07:47:24.981001824 +0530

-@@ -147,6 +147,8 @@

+diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h

+index ab25752f..8b37f8a 100644

+--- a/drivers/pci/pci.h

+@@ -147,6 +147,8 @@ void pci_no_msi(void);

  static inline void pci_no_msi(void) { }

  #endif

@@ -52,10 +53,11 @@ diff -ur linux-4.19.26/drivers/pci/pci.h linux-4.19.26_new/drivers/pci/pci.h

  static inline void pci_msi_set_enable(struct pci_dev *dev, int enable)

  {

  	u16 control;

-diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

-+++ linux-4.19.26_new/drivers/pci/probe.c	2019-03-05 07:47:24.997001823 +0530

-@@ -168,6 +168,346 @@

+diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c

+index fa4c386..9a3957a 100644

+--- a/drivers/pci/probe.c

+@@ -168,6 +168,346 @@ static inline unsigned long decode_bar(struct pci_dev *dev, u32 bar)

  #define PCI_COMMAND_DECODE_ENABLE	(PCI_COMMAND_MEMORY | PCI_COMMAND_IO)

@@ -402,7 +404,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

  /**

   * pci_read_base - Read a PCI BAR

   * @dev: the PCI device

-@@ -180,13 +520,20 @@

+@@ -180,13 +520,20 @@ static inline unsigned long decode_bar(struct pci_dev *dev, u32 bar)

  int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,

  		    struct resource *res, unsigned int pos)

  {

@@ -424,7 +426,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

  	/* No printks while decoding is disabled! */

  	if (!dev->mmio_always_on) {

  		pci_read_config_word(dev, PCI_COMMAND, &orig_cmd);

-@@ -196,7 +543,6 @@

+@@ -196,7 +543,6 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,

  		}

  	}

@@ -432,7 +434,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

  	pci_read_config_dword(dev, pos, &l);

  	pci_write_config_dword(dev, pos, l | mask);

-@@ -212,6 +558,11 @@

+@@ -212,6 +558,11 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,

  	if (sz == 0xffffffff)

  		sz = 0;

@@ -444,7 +446,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

  	/*

  	 * I don't know how l can have all bits set.  Copied from old code.

  	 * Maybe it fixes a bug on some ancient platform.

-@@ -316,8 +667,19 @@

+@@ -316,8 +667,19 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,

  fail:

  	res->flags = 0;

  out:

@@ -465,7 +467,7 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

  	return (res->flags & IORESOURCE_MEM_64) ? 1 : 0;

  }

-@@ -1646,7 +2008,13 @@

+@@ -1651,7 +2013,13 @@ int pci_setup_device(struct pci_dev *dev)

  		if (class == PCI_CLASS_BRIDGE_PCI)

  			goto bad;

  		pci_read_irq(dev);

@@ -480,3 +482,6 @@ diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

  		pci_subsystem_ids(dev, &dev->subsystem_vendor, &dev->subsystem_device);

+-- 

+2.7.4

+

@@ -449,7 +449,7 @@ index 0487e6a..76529de 100644

 +	if (!info->nr_rings || !blkfront_use_blk_mq)

  		info->nr_rings = 1;

- 	info->rinfo = kcalloc(info->nr_rings,

+ 	info->rinfo = kvcalloc(info->nr_rings,

 @@ -1955,7 +2090,8 @@ static int negotiate_mq(struct blkfront_info *info)

  		INIT_LIST_HEAD(&rinfo->grants);

  		rinfo->dev_info = info;

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/arm64 4.19.32 Kernel Configuration

+# Linux/arm64 4.19.52 Kernel Configuration

 #

 #

@@ -9,6 +9,7 @@

 CONFIG_CC_IS_GCC=y

 CONFIG_GCC_VERSION=70300

 CONFIG_CLANG_VERSION=0

+CONFIG_CC_HAS_ASM_GOTO=y

 CONFIG_IRQ_WORK=y

 CONFIG_BUILDTIME_EXTABLE_SORT=y

 CONFIG_THREAD_INFO_IN_TASK=y

@@ -372,6 +373,7 @@ CONFIG_ARM64_ERRATUM_832075=y

 CONFIG_ARM64_ERRATUM_845719=y

 CONFIG_ARM64_ERRATUM_843419=y

 CONFIG_ARM64_ERRATUM_1024718=y

+CONFIG_ARM64_ERRATUM_1463225=y

 CONFIG_CAVIUM_ERRATUM_22375=y

 CONFIG_CAVIUM_ERRATUM_23144=y

 CONFIG_CAVIUM_ERRATUM_23154=y

@@ -5676,7 +5678,6 @@ CONFIG_CIFS_STATS2=y

 # CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set

 CONFIG_CIFS_UPCALL=y

 CONFIG_CIFS_XATTR=y

-CONFIG_CIFS_POSIX=y

 CONFIG_CIFS_ACL=y

 CONFIG_CIFS_DEBUG=y

 # CONFIG_CIFS_DEBUG2 is not set

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-aws

-Version:        4.19.40

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.52

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248

 Source1:	config-aws

 Source2:	initramfs.trigger

 Source3:        update_photon_cfg.postun

@@ -37,6 +37,20 @@ Patch30:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch31:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 # RDRAND-based RNG driver to enhance the kernel's entropy pool:

 Patch32:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

+# Fix for CVE-2019-12456

+Patch33:        0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch

+# Fix for CVE-2019-12379

+Patch34:        0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch

+# Fix for CVE-2019-12380

+Patch35:        0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch

+# Fix for CVE-2019-12381

+Patch36:        0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch

+# Fix for CVE-2019-12382

+Patch37:        0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch

+# Fix for CVE-2019-12378

+Patch38:        0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch

+# Fix for CVE-2019-12455

+Patch39:        0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch

 # Amazon AWS

 Patch101: 0002-watchdog-Disable-watchdog-on-virtual-machines.patch

@@ -155,6 +169,13 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch30 -p1

 %patch31 -p1

 %patch32 -p1

+%patch33 -p1

+%patch34 -p1

+%patch35 -p1

+%patch36 -p1

+%patch37 -p1

+%patch38 -p1

+%patch39 -p1

 %patch101 -p1

 %patch102 -p1

@@ -360,6 +381,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %{_libdir}/perf/include/bpf/*

 %changelog

+*   Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1

+-   Update to version 4.19.52

+-   Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381,

+-   CVE-2019-12382, CVE-2019-12378, CVE-2019-12455

 *   Thu May 23 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.40-3

 -   Fix CVE-2019-11191 by deprecating a.out file format support.

 *   Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-esx

-Version:        4.19.40

-Release:        2%{?dist}

+Version:        4.19.52

+Release:        1%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248

 Source1:        config-esx

 Source2:        initramfs.trigger

 Source3:        update_photon_cfg.postun

@@ -32,6 +32,7 @@ Patch17:        04-quiet-boot.patch

 Patch18:        05-pv-ops-clocksource.patch

 Patch19:        06-pv-ops-boot_clock.patch

 Patch20:        07-vmware-only.patch

+

 Patch22:        4.18-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

 # Fix CVE-2017-1000252

 Patch24:        kvm-dont-accept-wrong-gsi-values.patch

@@ -41,6 +42,20 @@ Patch25:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.p

 Patch26:        4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch

 Patch27:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch28:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

+# Fix for CVE-2019-12456

+Patch29:        0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch

+# Fix for CVE-2019-12379

+Patch30:        0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch

+# Fix for CVE-2019-12380

+Patch31:        0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch

+# Fix for CVE-2019-12381

+Patch32:        0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch

+# Fix for CVE-2019-12382

+Patch33:        0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch

+# Fix for CVE-2019-12378

+Patch34:        0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch

+# Fix for CVE-2019-12455

+Patch35:        0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch

 BuildArch:     x86_64

 BuildRequires: bc

@@ -100,6 +115,13 @@ The Linux package contains the Linux kernel doc files

 %patch26 -p1

 %patch27 -p1

 %patch28 -p1

+%patch29 -p1

+%patch30 -p1

+%patch31 -p1

+%patch32 -p1

+%patch33 -p1

+%patch34 -p1

+%patch35 -p1

 %build

 # patch vmw_balloon driver

@@ -197,6 +219,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1

+-   Update to version 4.19.52

+-   Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381,

+-   CVE-2019-12382, CVE-2019-12378, CVE-2019-12455

 *   Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2

 -   Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if

 -   mulitple kernels are installed and current linux kernel is removed.

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-secure

-Version:        4.19.40

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.52

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248

 Source1:        config-secure

 Source2:        initramfs.trigger

 Source3:        update_photon_cfg.postun

@@ -40,6 +40,20 @@ Patch33:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch34:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 # RDRAND-based RNG driver to enhance the kernel's entropy pool:

 Patch35:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

+# Fix for CVE-2019-12456

+Patch36:        0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch

+# Fix for CVE-2019-12379

+Patch37:        0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch

+# Fix for CVE-2019-12380

+Patch38:        0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch

+# Fix for CVE-2019-12381

+Patch39:        0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch

+# Fix for CVE-2019-12382

+Patch40:        0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch

+# Fix for CVE-2019-12378

+Patch41:        0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch

+# Fix for CVE-2019-12455

+Patch42:        0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch

 # NSX requirements (should be removed)

 Patch99:        LKCM.patch

@@ -111,6 +125,13 @@ The Linux package contains the Linux kernel doc files

 %patch33 -p1

 %patch34 -p1

 %patch35 -p1

+%patch36 -p1

+%patch37 -p1

+%patch38 -p1

+%patch39 -p1

+%patch40 -p1

+%patch41 -p1

+%patch42 -p1

 pushd ..

 %patch99 -p0

@@ -239,6 +260,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1

+-   Update to version 4.19.52

+-   Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381,

+-   CVE-2019-12382, CVE-2019-12378, CVE-2019-12455

 *   Tue May 28 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.40-3

 -   Change default I/O scheduler to 'deadline' to fix performance issue.

 *   Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:        4.19.40

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.52

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=c04181c3736e5b85d349f9b58d406d4c18ad4958

+%define sha1 linux=0fc8eeba8a8a710c95d71f140dfdc4bdff735248

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.6.0

@@ -45,6 +45,20 @@ Patch30:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch31:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 # RDRAND-based RNG driver to enhance the kernel's entropy pool:

 Patch32:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

+# Fix for CVE-2019-12456

+Patch33:        0001-scsi-mpt3sas_ctl-fix-double-fetch-bug-in-_ctl_ioctl_.patch

+# Fix for CVE-2019-12379

+Patch34:        0001-consolemap-Fix-a-memory-leaking-bug-in-drivers-tty-v.patch

+# Fix for CVE-2019-12380

+Patch35:        0001-efi-x86-Add-missing-error-handling-to-old_memmap-1-1.patch

+# Fix for CVE-2019-12381

+Patch36:        0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch

+# Fix for CVE-2019-12382

+Patch37:        0001-drm-edid-Fix-a-missing-check-bug-in-drm_load_edid_fi.patch

+# Fix for CVE-2019-12378

+Patch38:        0001-ipv6_sockglue-Fix-a-missing-check-bug-in-ip6_ra_cont.patch

+# Fix for CVE-2019-12455

+Patch39:        0001-clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_.patch

 %ifarch aarch64

 # NXP LS1012a FRWY patches

@@ -183,6 +197,13 @@ Kernel Device Tree Blob files for NXP ls1012a FRWY board

 %patch30 -p1

 %patch31 -p1

 %patch32 -p1

+%patch33 -p1

+%patch34 -p1

+%patch35 -p1

+%patch36 -p1

+%patch37 -p1

+%patch38 -p1

+%patch39 -p1

 %ifarch aarch64

 # NXP FSL_PPFE Driver patches

@@ -442,6 +463,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+*   Mon Jun 17 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.52-1

+-   Update to version 4.19.52

+-   Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381,

+-   CVE-2019-12382, CVE-2019-12378, CVE-2019-12455

 *   Tue May 28 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.40-3

 -   Change default I/O scheduler to 'deadline' to fix performance issue.

 *   Tue May 14 2019 Keerthana K <keerthanak@vmware.com> 4.19.40-2