From f70c487fdb567cdd650d03d0f3eaa82d2480a267 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Wed, 11 Nov 2015 11:24:30 -0500
Subject: [PATCH] Linux v4.3

---
 ...-Add-new-PCI-IDs-for-the-8260-series.patch |  75 +++
 ACPI-Limit-access-to-custom_method.patch      |   6 +-
 ARM-dts-Add-am335x-bonegreen.patch            | 103 ++++
 ARM-tegra-usb-no-reset.patch                  |   4 +-
 Add-EFI-signature-data-types.patch            |  12 +-
 ...signature-blob-parser-and-key-loader.patch |  12 +-
 ...tomatically-enforce-module-signature.patch |  36 +-
 Add-secure_modules-call.patch                 |  16 +-
 ...q-option-to-disable-secure-boot-mode.patch |  32 +-
 KEYS-Add-a-system-blacklist-keyring.patch     | 127 +++--
 Kbuild-Add-an-option-to-enable-GCC-VTA.patch  |   6 +-
 ...t-certificates-from-UEFI-Secure-Boot.patch |  34 +-
 ...-Support-not-importing-certs-from-db.patch |   6 +-
 ...R-access-when-module-security-is-ena.patch |   7 +-
 ...dition-when-sending-a-message-on-unb.patch |  77 +++
 ...-and-dev-kmem-when-module-loading-is.patch |   8 +-
 ..._rsdp-kernel-parameter-when-module-l.patch |  14 +-
 amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch  |  68 +--
 arm64-acpi-drop-expert-patch.patch            |  21 +
 ...ing-console-to-enable-serial-console.patch |   4 +-
 ...t-debugfs-interface-when-module-load.patch |  16 +-
 config-arm-generic                            |  10 +
 config-arm64                                  |  14 +-
 config-armv7                                  |  16 +-
 config-armv7-generic                          |  18 +-
 config-armv7-lpae                             |   1 +
 config-debug                                  |   2 +-
 config-generic                                |  81 ++-
 config-powerpc64-generic                      |   5 +
 config-powerpc64le                            |   3 +
 config-s390x                                  |   2 +
 config-x86-generic                            |  20 +-
 config-x86_64-generic                         |   5 +
 crash-driver.patch                            |  14 +-
 disable-i8042-check-on-apple-mac.patch        |  12 +-
 drm-i915-hush-check-crtc-state.patch          |  18 +-
 efi-Add-EFI_SECURE_BOOT-bit.patch             |  10 +-
 ...ure-boot-if-shim-is-in-insecure-mode.patch |   8 +-
 ...ECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch |  10 +-
 filter-aarch64.sh                             |   2 +-
 filter-armv7hl.sh                             |   2 +-
 filter-i686.sh                                |   2 +-
 filter-modules.sh                             |   2 +-
 filter-ppc64.sh                               |   2 +-
 filter-ppc64le.sh                             |   2 +-
 filter-ppc64p7.sh                             |   2 +-
 ...RN-from-usermodehelper_read_trylock-.patch |   4 +-
 ...able-in-a-signed-modules-environment.patch |   8 +-
 input-kill-stupid-messages.patch              |   2 +-
 kbuild-AFTER_LINK.patch                       |  12 +-
 kernel.spec                                   | 481 +++++-------------
 ...-runtime-if-the-kernel-enforces-modu.patch |  22 +-
 ...-CPUMASK_OFFSTACK-usable-without-deb.patch |   4 +-
 lis3-improve-handling-of-null-rate.patch      |   2 +-
 ...validate_disk-prevent-NULL-ptr-deref.patch |   4 +-
 silence-fbcon-logo.patch                      |   4 +-
 sources                                       |   5 +-
 ...atform-driver-use-64-bit-or-32-bit-D.patch |   4 +-
 ...-port-access-when-module-security-is.patch |   7 +-
 ...-access-when-module-loading-is-restr.patch |   7 +-
 60 files changed, 891 insertions(+), 622 deletions(-)
 create mode 100644 0001-iwlwifi-Add-new-PCI-IDs-for-the-8260-series.patch
 create mode 100644 ARM-dts-Add-am335x-bonegreen.patch
 create mode 100644 RDS-fix-race-condition-when-sending-a-message-on-unb.patch
 create mode 100644 arm64-acpi-drop-expert-patch.patch

diff --git a/0001-iwlwifi-Add-new-PCI-IDs-for-the-8260-series.patch b/0001-iwlwifi-Add-new-PCI-IDs-for-the-8260-series.patch
new file mode 100644
index 000000000..4bb863192
--- /dev/null
+++ b/0001-iwlwifi-Add-new-PCI-IDs-for-the-8260-series.patch
@@ -0,0 +1,75 @@
+From 35069d255591dad72c2197ccc8c536fc5a9f294f Mon Sep 17 00:00:00 2001
+From: Oren Givon <oren.givon@intel.com>
+Date: Wed, 28 Oct 2015 12:32:20 +0200
+Subject: [PATCH] iwlwifi: Add new PCI IDs for the 8260 series
+
+Add some new PCI IDs for the 8260 series which were missing.
+The following sub-system IDs were added:
+0x0130, 0x1130, 0x0132, 0x1132, 0x1150, 0x8110, 0x9110, 0x8130,
+0x9130, 0x8132, 0x9132, 0x8150, 0x9150, 0x0044, 0x0930
+
+Signed-off-by: Oren Givon <oren.givon@intel.com>
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+---
+ drivers/net/wireless/iwlwifi/pcie/drv.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/iwlwifi/pcie/drv.c b/drivers/net/wireless/iwlwifi/pcie/drv.c
+index 644b58b..639761f 100644
+--- a/drivers/net/wireless/iwlwifi/pcie/drv.c
++++ b/drivers/net/wireless/iwlwifi/pcie/drv.c
+@@ -423,14 +423,21 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
+ /* 8000 Series */
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0010, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x1010, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x0130, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x1130, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x0132, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x1132, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0110, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x01F0, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x0012, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x1012, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x1110, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0050, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0250, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x1050, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0150, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x1150, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F4, 0x0030, iwl8260_2ac_cfg)},
+-	{IWL_PCI_DEVICE(0x24F4, 0x1130, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F4, 0x1030, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0xC010, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0xC110, iwl8260_2ac_cfg)},
+@@ -438,18 +445,28 @@ static const struct pci_device_id iwl_hw_card_ids[] = {
+ 	{IWL_PCI_DEVICE(0x24F3, 0xC050, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0xD050, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x8010, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x8110, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x9010, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x9110, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F4, 0x8030, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F4, 0x9030, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x8130, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x9130, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x8132, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x9132, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x8050, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x8150, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x9050, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x9150, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0004, iwl8260_2n_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x0044, iwl8260_2n_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F5, 0x0010, iwl4165_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F6, 0x0030, iwl4165_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0810, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0910, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0850, iwl8260_2ac_cfg)},
+ 	{IWL_PCI_DEVICE(0x24F3, 0x0950, iwl8260_2ac_cfg)},
++	{IWL_PCI_DEVICE(0x24F3, 0x0930, iwl8260_2ac_cfg)},
+ #endif /* CONFIG_IWLMVM */
+ 
+ 	{0}
+-- 
+2.4.3
+
diff --git a/ACPI-Limit-access-to-custom_method.patch b/ACPI-Limit-access-to-custom_method.patch
index 88709a324..38236753e 100644
--- a/ACPI-Limit-access-to-custom_method.patch
+++ b/ACPI-Limit-access-to-custom_method.patch
@@ -1,6 +1,7 @@
+From 4b85149b764cd024e3dd2aff9eb22a9e1aadd1fa Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:39:37 -0500
-Subject: [PATCH] ACPI: Limit access to custom_method
+Subject: [PATCH 04/20] ACPI: Limit access to custom_method
 
 custom_method effectively allows arbitrary access to system memory, making
 it possible for an attacker to circumvent restrictions on module loading.
@@ -25,3 +26,6 @@ index c68e72414a67..4277938af700 100644
  	if (!(*ppos)) {
  		/* parse the table header to get the table length */
  		if (count <= sizeof(struct acpi_table_header))
+-- 
+2.4.3
+
diff --git a/ARM-dts-Add-am335x-bonegreen.patch b/ARM-dts-Add-am335x-bonegreen.patch
new file mode 100644
index 000000000..35fb3e4ef
--- /dev/null
+++ b/ARM-dts-Add-am335x-bonegreen.patch
@@ -0,0 +1,103 @@
+From patchwork Fri Sep 25 15:10:31 2015
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: ARM: dts: Add am335x-bonegreen
+From: Robert Nelson <robertcnelson@gmail.com>
+X-Patchwork-Id: 7265851
+Message-Id: <1443193831-5693-1-git-send-email-robertcnelson@gmail.com>
+To: tony@atomide.com, devicetree@vger.kernel.org
+Cc: linux-omap@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
+	Robert Nelson <robertcnelson@gmail.com>, Jason Kridner <jkridner@gmail.com>
+Date: Fri, 25 Sep 2015 10:10:31 -0500
+
+SeeedStudio BeagleBone Green (BBG) is clone of the BeagleBone Black (BBB) minus
+the HDMI port and addition of two Grove connectors (i2c2 and usart2).
+
+This board can be identified by the 1A value after A335BNLT (BBB) in the at24 eeprom:
+1A: [aa 55 33 ee 41 33 33 35  42 4e 4c 54 1a 00 00 00 |.U3.A335BNLT....|]
+
+http://beagleboard.org/green
+http://www.seeedstudio.com/wiki/Beaglebone_green
+
+Signed-off-by: Robert Nelson <robertcnelson@gmail.com>
+CC: Tony Lindgren <tony@atomide.com>
+CC: Jason Kridner <jkridner@gmail.com>
+
+---
+arch/arm/boot/dts/Makefile             |  1 +
+ arch/arm/boot/dts/am335x-bonegreen.dts | 53 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 54 insertions(+)
+ create mode 100644 arch/arm/boot/dts/am335x-bonegreen.dts
+
+diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
+index 233159d..e45d771 100644
+--- a/arch/arm/boot/dts/Makefile
++++ b/arch/arm/boot/dts/Makefile
+@@ -446,6 +446,7 @@ dtb-$(CONFIG_SOC_AM33XX) += \
+ 	am335x-base0033.dtb \
+ 	am335x-bone.dtb \
+ 	am335x-boneblack.dtb \
++	am335x-bonegreen.dtb \
+ 	am335x-sl50.dtb \
+ 	am335x-evm.dtb \
+ 	am335x-evmsk.dtb \
+diff --git a/arch/arm/boot/dts/am335x-bonegreen.dts b/arch/arm/boot/dts/am335x-bonegreen.dts
+new file mode 100644
+index 0000000..0f65bda
+--- /dev/null
++++ b/arch/arm/boot/dts/am335x-bonegreen.dts
+@@ -0,0 +1,53 @@
++/*
++ * Copyright (C) 2012 Texas Instruments Incorporated - http://www.ti.com/
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
++/dts-v1/;
++
++#include "am33xx.dtsi"
++#include "am335x-bone-common.dtsi"
++
++/ {
++	model = "TI AM335x BeagleBone Green";
++	compatible = "ti,am335x-bone-green", "ti,am335x-bone-black", "ti,am335x-bone", "ti,am33xx";
++};
++
++&ldo3_reg {
++	regulator-min-microvolt = <1800000>;
++	regulator-max-microvolt = <1800000>;
++	regulator-always-on;
++};
++
++&mmc1 {
++	vmmc-supply = <&vmmcsd_fixed>;
++};
++
++&mmc2 {
++	vmmc-supply = <&vmmcsd_fixed>;
++	pinctrl-names = "default";
++	pinctrl-0 = <&emmc_pins>;
++	bus-width = <8>;
++	status = "okay";
++};
++
++&am33xx_pinmux {
++	uart2_pins: uart2_pins {
++		pinctrl-single,pins = <
++			0x150 (PIN_INPUT | MUX_MODE1)	/* spi0_sclk.uart2_rxd */
++			0x154 (PIN_OUTPUT | MUX_MODE1)	/* spi0_d0.uart2_txd */
++		>;
++	};
++};
++
++&uart2 {
++	pinctrl-names = "default";
++	pinctrl-0 = <&uart2_pins>;
++	status = "okay";
++};
++
++&rtc {
++	system-power-controller;
++};
diff --git a/ARM-tegra-usb-no-reset.patch b/ARM-tegra-usb-no-reset.patch
index 75e4a3107..8ea4f5174 100644
--- a/ARM-tegra-usb-no-reset.patch
+++ b/ARM-tegra-usb-no-reset.patch
@@ -9,10 +9,10 @@ Patch for disconnect issues with storage attached to a
  1 file changed, 7 insertions(+)
 
 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 3b7151687776..4b19e7e5bc01 100644
+index 43cb2f2e3b43..7f838ec11c81 100644
 --- a/drivers/usb/core/hub.c
 +++ b/drivers/usb/core/hub.c
-@@ -5006,6 +5006,13 @@ static void hub_event(struct work_struct *work)
+@@ -4996,6 +4996,13 @@ static void hub_event(struct work_struct *work)
  			(u16) hub->change_bits[0],
  			(u16) hub->event_bits[0]);
  
diff --git a/Add-EFI-signature-data-types.patch b/Add-EFI-signature-data-types.patch
index 1137652b5..57847dc56 100644
--- a/Add-EFI-signature-data-types.patch
+++ b/Add-EFI-signature-data-types.patch
@@ -1,6 +1,7 @@
+From 34e3e23e08fdccbf4637deab0cf03070d4f2226d Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:30:54 -0400
-Subject: [PATCH] Add EFI signature data types
+Subject: [PATCH 15/20] Add EFI signature data types
 
 Add the data types that are used for containing hashes, keys and certificates
 for cryptographic verification.
@@ -14,10 +15,10 @@ Signed-off-by: David Howells <dhowells@redhat.com>
  1 file changed, 20 insertions(+)
 
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index c74cbd892032..1293d0e0bf90 100644
+index de3e45088d4a..fac43c611614 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -589,6 +589,12 @@ void efi_native_runtime_setup(void);
+@@ -595,6 +595,12 @@ void efi_native_runtime_setup(void);
  #define DEVICE_TREE_GUID \
      EFI_GUID(  0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
  
@@ -30,7 +31,7 @@ index c74cbd892032..1293d0e0bf90 100644
  typedef struct {
  	efi_guid_t guid;
  	u64 table;
-@@ -804,6 +810,20 @@ typedef struct _efi_file_io_interface {
+@@ -810,6 +816,20 @@ typedef struct _efi_file_io_interface {
  
  #define EFI_INVALID_TABLE_ADDR		(~0UL)
  
@@ -51,3 +52,6 @@ index c74cbd892032..1293d0e0bf90 100644
  /*
   * All runtime access to EFI goes through this structure:
   */
+-- 
+2.4.3
+
diff --git a/Add-an-EFI-signature-blob-parser-and-key-loader.patch b/Add-an-EFI-signature-blob-parser-and-key-loader.patch
index 8c5cff61b..06ddd1596 100644
--- a/Add-an-EFI-signature-blob-parser-and-key-loader.patch
+++ b/Add-an-EFI-signature-blob-parser-and-key-loader.patch
@@ -1,6 +1,7 @@
+From c279ba86f93cf6a75d078e2d0e3f59d4ba8a2dd0 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
 Date: Tue, 23 Oct 2012 09:36:28 -0400
-Subject: [PATCH] Add an EFI signature blob parser and key loader.
+Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
 
 X.509 certificates are loaded into the specified keyring as asymmetric type
 keys.
@@ -32,7 +33,7 @@ index 4870f28403f5..4a1b50d73b80 100644
 +
  endif # ASYMMETRIC_KEY_TYPE
 diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
-index e47fcd9ac5e8..6512f6596785 100644
+index cd1406f9b14a..d9db380bbe53 100644
 --- a/crypto/asymmetric_keys/Makefile
 +++ b/crypto/asymmetric_keys/Makefile
 @@ -8,6 +8,7 @@ asymmetric_keys-y := asymmetric_type.o signature.o
@@ -159,10 +160,10 @@ index 000000000000..424896a0b169
 +	return 0;
 +}
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 1293d0e0bf90..706b16fa6de8 100644
+index fac43c611614..414c3c3d988d 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -925,6 +925,10 @@ extern bool efi_poweroff_required(void);
+@@ -941,6 +941,10 @@ extern bool efi_poweroff_required(void);
  char * __init efi_md_typeattr_format(char *buf, size_t size,
  				     const efi_memory_desc_t *md);
  
@@ -173,3 +174,6 @@ index 1293d0e0bf90..706b16fa6de8 100644
  /**
   * efi_range_is_wc - check the WC bit on an address range
   * @start: starting kvirt address
+-- 
+2.4.3
+
diff --git a/Add-option-to-automatically-enforce-module-signature.patch b/Add-option-to-automatically-enforce-module-signature.patch
index 4d375fa1d..015371b8b 100644
--- a/Add-option-to-automatically-enforce-module-signature.patch
+++ b/Add-option-to-automatically-enforce-module-signature.patch
@@ -1,7 +1,8 @@
+From 37431394b3eeb1ef6d38d0e6b2693210606c2c2c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 18:36:30 -0400
-Subject: [PATCH] Add option to automatically enforce module signatures when in
- Secure Boot mode
+Subject: [PATCH 10/20] Add option to automatically enforce module signatures
+ when in Secure Boot mode
 
 UEFI Secure Boot provides a mechanism for ensuring that the firmware will
 only load signed bootloaders and kernels. Certain use cases may also
@@ -20,10 +21,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  7 files changed, 69 insertions(+), 1 deletion(-)
 
 diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
-index 82fbdbc1e0b0..a811210ad486 100644
+index 95a4d34af3fd..b8527c6b7646 100644
 --- a/Documentation/x86/zero-page.txt
 +++ b/Documentation/x86/zero-page.txt
-@@ -30,6 +30,8 @@ Offset	Proto	Name		Meaning
+@@ -31,6 +31,8 @@ Offset	Proto	Name		Meaning
  1E9/001	ALL	eddbuf_entries	Number of entries in eddbuf (below)
  1EA/001	ALL	edd_mbr_sig_buf_entries	Number of entries in edd_mbr_sig_buffer
  				(below)
@@ -33,10 +34,10 @@ index 82fbdbc1e0b0..a811210ad486 100644
  290/040	ALL	edd_mbr_sig_buffer EDD MBR signatures
  2D0/A00	ALL	e820_map	E820 memory map table
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index b7d31ca55187..ab403a636357 100644
+index cc0d73eac047..14db458f4774 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1695,6 +1695,16 @@ config EFI_MIXED
+@@ -1734,6 +1734,16 @@ config EFI_MIXED
  
  	   If unsure, say N.
  
@@ -54,7 +55,7 @@ index b7d31ca55187..ab403a636357 100644
  	def_bool y
  	prompt "Enable seccomp to safely compute untrusted bytecode"
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index ef17683484e9..105e7360d747 100644
+index ee1b6d346b98..b4de3faa3f29 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -12,6 +12,7 @@
@@ -103,7 +104,7 @@ index ef17683484e9..105e7360d747 100644
  /*
   * See if we have Graphics Output Protocol
   */
-@@ -1406,6 +1438,10 @@ struct boot_params *efi_main(struct efi_config *c,
+@@ -1412,6 +1444,10 @@ struct boot_params *efi_main(struct efi_config *c,
  	else
  		setup_boot_services32(efi_early);
  
@@ -115,10 +116,10 @@ index ef17683484e9..105e7360d747 100644
  
  	setup_efi_pci(boot_params);
 diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h
-index 225b0988043a..90dbfb73e11f 100644
+index 329254373479..b61f8533c0fd 100644
 --- a/arch/x86/include/uapi/asm/bootparam.h
 +++ b/arch/x86/include/uapi/asm/bootparam.h
-@@ -133,7 +133,8 @@ struct boot_params {
+@@ -134,7 +134,8 @@ struct boot_params {
  	__u8  eddbuf_entries;				/* 0x1e9 */
  	__u8  edd_mbr_sig_buf_entries;			/* 0x1ea */
  	__u8  kbd_status;				/* 0x1eb */
@@ -129,10 +130,10 @@ index 225b0988043a..90dbfb73e11f 100644
  	 * The sentinel is set to a nonzero value (0xff) in header.S.
  	 *
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 0a2421cca01f..a3d8174dedf9 100644
+index baadbf90a7c5..1ac118146e90 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1151,6 +1151,12 @@ void __init setup_arch(char **cmdline_p)
+@@ -1135,6 +1135,12 @@ void __init setup_arch(char **cmdline_p)
  
  	io_delay_init();
  
@@ -146,10 +147,10 @@ index 0a2421cca01f..a3d8174dedf9 100644
  	 * Parse the ACPI tables for possible boot-time SMP configuration.
  	 */
 diff --git a/include/linux/module.h b/include/linux/module.h
-index b033dab5c8bf..f526b6e02f59 100644
+index db386349cd01..4b8df91f03cd 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -188,6 +188,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
+@@ -273,6 +273,12 @@ const struct exception_table_entry *search_exception_tables(unsigned long add);
  
  struct notifier_block;
  
@@ -163,10 +164,10 @@ index b033dab5c8bf..f526b6e02f59 100644
  
  extern int modules_disabled; /* for sysctl */
 diff --git a/kernel/module.c b/kernel/module.c
-index f3489ef9e409..3bb7c01b3c9f 100644
+index 7f045246e123..2b403ab0ef29 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -3912,6 +3912,13 @@ void module_layout(struct module *mod,
+@@ -4088,6 +4088,13 @@ void module_layout(struct module *mod,
  EXPORT_SYMBOL(module_layout);
  #endif
  
@@ -180,3 +181,6 @@ index f3489ef9e409..3bb7c01b3c9f 100644
  bool secure_modules(void)
  {
  #ifdef CONFIG_MODULE_SIG
+-- 
+2.4.3
+
diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch
index 158e7f1d2..b6e039ff0 100644
--- a/Add-secure_modules-call.patch
+++ b/Add-secure_modules-call.patch
@@ -1,6 +1,7 @@
+From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 17:58:15 -0400
-Subject: [PATCH] Add secure_modules() call
+Subject: [PATCH 01/20] Add secure_modules() call
 
 Provide a single call to allow kernel code to determine whether the system
 has been configured to either disable module loading entirely or to load
@@ -16,10 +17,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  2 files changed, 16 insertions(+)
 
 diff --git a/include/linux/module.h b/include/linux/module.h
-index d67b1932cc59..57474384b66b 100644
+index 3a19c79918e0..db386349cd01 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
-@@ -551,6 +551,8 @@ static inline bool module_requested_async_probing(struct module *module)
+@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
  	return module && module->async_probe_requested;
  }
  
@@ -28,7 +29,7 @@ index d67b1932cc59..57474384b66b 100644
  #else /* !CONFIG_MODULES... */
  
  /* Given an address, look for it in the exception tables. */
-@@ -667,6 +669,10 @@ static inline bool module_requested_async_probing(struct module *module)
+@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
  	return false;
  }
  
@@ -40,10 +41,10 @@ index d67b1932cc59..57474384b66b 100644
  
  #ifdef CONFIG_SYSFS
 diff --git a/kernel/module.c b/kernel/module.c
-index 4d2b82e610e2..e9869c497175 100644
+index b86b7bf1be38..7f045246e123 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
-@@ -4083,3 +4083,13 @@ void module_layout(struct module *mod,
+@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
  }
  EXPORT_SYMBOL(module_layout);
  #endif
@@ -57,3 +58,6 @@ index 4d2b82e610e2..e9869c497175 100644
 +#endif
 +}
 +EXPORT_SYMBOL(secure_modules);
+-- 
+2.4.3
+
diff --git a/Add-sysrq-option-to-disable-secure-boot-mode.patch b/Add-sysrq-option-to-disable-secure-boot-mode.patch
index ffc460849..4600848cf 100644
--- a/Add-sysrq-option-to-disable-secure-boot-mode.patch
+++ b/Add-sysrq-option-to-disable-secure-boot-mode.patch
@@ -1,6 +1,7 @@
+From 16d2ba5d5bc46e67e6aa7a3d113fbcc18c217388 Mon Sep 17 00:00:00 2001
 From: Kyle McMartin <kyle@redhat.com>
 Date: Fri, 30 Aug 2013 09:28:51 -0400
-Subject: [PATCH] Add sysrq option to disable secure boot mode
+Subject: [PATCH 20/20] Add sysrq option to disable secure boot mode
 
 Bugzilla: N/A
 Upstream-status: Fedora mustard
@@ -15,7 +16,7 @@ Upstream-status: Fedora mustard
  7 files changed, 64 insertions(+), 9 deletions(-)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 5def6b4143fa..1eac9d22cb0b 100644
+index f93826b8522c..41679b1aca83 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
 @@ -70,6 +70,11 @@
@@ -30,7 +31,7 @@ index 5def6b4143fa..1eac9d22cb0b 100644
  #include <video/edid.h>
  
  #include <asm/mtrr.h>
-@@ -1286,6 +1291,37 @@ void __init i386_reserve_resources(void)
+@@ -1261,6 +1266,37 @@ void __init i386_reserve_resources(void)
  
  #endif /* CONFIG_X86_32 */
  
@@ -69,10 +70,10 @@ index 5def6b4143fa..1eac9d22cb0b 100644
  	.notifier_call = dump_kernel_offset
  };
 diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
-index 421e29e4cd81..61c1eb97806c 100644
+index 345df9b03aed..dea6a6c4a39b 100644
 --- a/drivers/input/misc/uinput.c
 +++ b/drivers/input/misc/uinput.c
-@@ -366,6 +366,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
+@@ -364,6 +364,7 @@ static int uinput_allocate_device(struct uinput_device *udev)
  	if (!udev->dev)
  		return -ENOMEM;
  
@@ -81,10 +82,10 @@ index 421e29e4cd81..61c1eb97806c 100644
  	input_set_drvdata(udev->dev, udev);
  
 diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index b5b427888b24..289c7898a3b0 100644
+index 95b330a9ea98..dfa3e154a719 100644
 --- a/drivers/tty/sysrq.c
 +++ b/drivers/tty/sysrq.c
-@@ -465,6 +465,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
+@@ -472,6 +472,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
  	/* x: May be registered on mips for TLB dump */
  	/* x: May be registered on ppc/powerpc for xmon */
  	/* x: May be registered on sparc64 for global PMU dump */
@@ -92,7 +93,7 @@ index b5b427888b24..289c7898a3b0 100644
  	NULL,				/* x */
  	/* y: May be registered on sparc64 for global register dump */
  	NULL,				/* y */
-@@ -508,7 +509,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
+@@ -515,7 +516,7 @@ static void __sysrq_put_key_op(int key, struct sysrq_key_op *op_p)
                  sysrq_key_table[i] = op_p;
  }
  
@@ -101,7 +102,7 @@ index b5b427888b24..289c7898a3b0 100644
  {
  	struct sysrq_key_op *op_p;
  	int orig_log_level;
-@@ -528,11 +529,15 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -535,11 +536,15 @@ void __handle_sysrq(int key, bool check_mask)
  
          op_p = __sysrq_get_key_op(key);
          if (op_p) {
@@ -118,7 +119,7 @@ index b5b427888b24..289c7898a3b0 100644
  			pr_cont("%s\n", op_p->action_msg);
  			console_loglevel = orig_log_level;
  			op_p->handler(key);
-@@ -564,7 +569,7 @@ void __handle_sysrq(int key, bool check_mask)
+@@ -571,7 +576,7 @@ void __handle_sysrq(int key, bool check_mask)
  void handle_sysrq(int key)
  {
  	if (sysrq_on())
@@ -127,7 +128,7 @@ index b5b427888b24..289c7898a3b0 100644
  }
  EXPORT_SYMBOL(handle_sysrq);
  
-@@ -645,7 +650,7 @@ static void sysrq_do_reset(unsigned long _state)
+@@ -652,7 +657,7 @@ static void sysrq_do_reset(unsigned long _state)
  static void sysrq_handle_reset_request(struct sysrq_state *state)
  {
  	if (state->reset_requested)
@@ -136,7 +137,7 @@ index b5b427888b24..289c7898a3b0 100644
  
  	if (sysrq_reset_downtime_ms)
  		mod_timer(&state->keyreset_timer,
-@@ -796,8 +801,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
+@@ -803,8 +808,10 @@ static bool sysrq_handle_keypress(struct sysrq_state *sysrq,
  
  	default:
  		if (sysrq->active && value && value != 2) {
@@ -148,7 +149,7 @@ index b5b427888b24..289c7898a3b0 100644
  		}
  		break;
  	}
-@@ -1077,7 +1084,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
+@@ -1084,7 +1091,7 @@ static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
  
  		if (get_user(c, buf))
  			return -EFAULT;
@@ -228,7 +229,7 @@ index 4121345498e0..0ff3cef5df96 100644
  
  	return 0;
 diff --git a/kernel/module.c b/kernel/module.c
-index 87fa14fedc88..61385e686d49 100644
+index 2b403ab0ef29..7818c110e95c 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -292,7 +292,7 @@ static void module_assert_mutex_or_preempt(void)
@@ -240,3 +241,6 @@ index 87fa14fedc88..61385e686d49 100644
  #ifndef CONFIG_MODULE_SIG_FORCE
  module_param(sig_enforce, bool_enable_only, 0644);
  #endif /* !CONFIG_MODULE_SIG_FORCE */
+-- 
+2.4.3
+
diff --git a/KEYS-Add-a-system-blacklist-keyring.patch b/KEYS-Add-a-system-blacklist-keyring.patch
index 44cb027bb..be35564a6 100644
--- a/KEYS-Add-a-system-blacklist-keyring.patch
+++ b/KEYS-Add-a-system-blacklist-keyring.patch
@@ -1,6 +1,7 @@
+From f630ce576114bfede02d8a0bafa97e4d6f978a74 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:36:24 -0400
-Subject: [PATCH] KEYS: Add a system blacklist keyring
+Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
 
 This adds an additional keyring that is used to store certificates that
 are blacklisted.  This keyring is searched first when loading signed modules
@@ -9,72 +10,15 @@ useful in cases where third party certificates are used for module signing.
 
 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
 ---
+ certs/system_keyring.c        | 27 +++++++++++++++++++++++++++
  include/keys/system_keyring.h |  4 ++++
  init/Kconfig                  |  9 +++++++++
- kernel/module_signing.c       | 12 ++++++++++++
- kernel/system_keyring.c       | 17 +++++++++++++++++
- 4 files changed, 42 insertions(+)
+ 3 files changed, 40 insertions(+)
 
-diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
-index 72665eb80692..2c7b80d31366 100644
---- a/include/keys/system_keyring.h
-+++ b/include/keys/system_keyring.h
-@@ -28,4 +28,8 @@ static inline struct key *get_system_trusted_keyring(void)
- }
- #endif
- 
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+extern struct key *system_blacklist_keyring;
-+#endif
-+
- #endif /* _KEYS_SYSTEM_KEYRING_H */
-diff --git a/init/Kconfig b/init/Kconfig
-index f5dbc6d4261b..eca8ab59ae7f 100644
---- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -1734,6 +1734,15 @@ config SYSTEM_TRUSTED_KEYRING
- 
- 	  Keys in this keyring are used by module signature checking.
- 
-+config SYSTEM_BLACKLIST_KEYRING
-+	bool "Provide system-wide ring of blacklisted keys"
-+	depends on KEYS
-+	help
-+	  Provide a system keyring to which blacklisted keys can be added.
-+	  Keys in the keyring are considered entirely untrusted.  Keys in this
-+	  keyring are used by the module signature checking to reject loading
-+	  of modules signed with a blacklisted key.
-+
- config PROFILING
- 	bool "Profiling support"
- 	help
-diff --git a/kernel/module_signing.c b/kernel/module_signing.c
-index be5b8fac4bd0..fed815fcdaf2 100644
---- a/kernel/module_signing.c
-+++ b/kernel/module_signing.c
-@@ -158,6 +158,18 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len,
- 
- 	pr_debug("Look up: \"%s\"\n", id);
- 
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+	key = keyring_search(make_key_ref(system_blacklist_keyring, 1),
-+				   &key_type_asymmetric, id);
-+	if (!IS_ERR(key)) {
-+		/* module is signed with a cert in the blacklist.  reject */
-+		pr_err("Module key '%s' is in blacklist\n", id);
-+		key_ref_put(key);
-+		kfree(id);
-+		return ERR_PTR(-EKEYREJECTED);
-+	}
-+#endif
-+
- 	key = keyring_search(make_key_ref(system_trusted_keyring, 1),
- 			     &key_type_asymmetric, id);
- 	if (IS_ERR(key))
-diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
-index 875f64e8935b..c15e93f5a418 100644
---- a/kernel/system_keyring.c
-+++ b/kernel/system_keyring.c
+diff --git a/certs/system_keyring.c b/certs/system_keyring.c
+index 2570598b784d..53733822993f 100644
+--- a/certs/system_keyring.c
++++ b/certs/system_keyring.c
 @@ -20,6 +20,9 @@
  
  struct key *system_trusted_keyring;
@@ -90,7 +34,7 @@ index 875f64e8935b..c15e93f5a418 100644
  
  	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
 +
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
++	#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
 +	system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
 +				    KUIDT_INIT(0), KGIDT_INIT(0),
 +				    current_cred(),
@@ -106,3 +50,56 @@ index 875f64e8935b..c15e93f5a418 100644
  	return 0;
  }
  
+@@ -138,6 +155,16 @@ int system_verify_data(const void *data, unsigned long len,
+ 	if (ret < 0)
+ 		goto error;
+ 
++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
++	ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring, &trusted);
++	if (!ret) {
++		/* module is signed with a cert in the blacklist.  reject */
++		pr_err("Module key is in the blacklist\n");
++		ret = -EKEYREJECTED;
++		goto error;
++	}
++#endif
++
+ 	ret = pkcs7_validate_trust(pkcs7, system_trusted_keyring, &trusted);
+ 	if (ret < 0)
+ 		goto error;
+diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
+index b20cd885c1fd..51d8ddc60e0f 100644
+--- a/include/keys/system_keyring.h
++++ b/include/keys/system_keyring.h
+@@ -35,4 +35,8 @@ extern int system_verify_data(const void *data, unsigned long len,
+ 			      enum key_being_used_for usage);
+ #endif
+ 
++#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
++extern struct key *system_blacklist_keyring;
++#endif
++
+ #endif /* _KEYS_SYSTEM_KEYRING_H */
+diff --git a/init/Kconfig b/init/Kconfig
+index 02da9f1fd9df..782d26f02885 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1783,6 +1783,15 @@ config SYSTEM_DATA_VERIFICATION
+ 	  module verification, kexec image verification and firmware blob
+ 	  verification.
+ 
++config SYSTEM_BLACKLIST_KEYRING
++	bool "Provide system-wide ring of blacklisted keys"
++	depends on KEYS
++	help
++	  Provide a system keyring to which blacklisted keys can be added.
++	  Keys in the keyring are considered entirely untrusted.  Keys in this
++	  keyring are used by the module signature checking to reject loading
++	  of modules signed with a blacklisted key.
++
+ config PROFILING
+ 	bool "Profiling support"
+ 	help
+-- 
+2.4.3
+
diff --git a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch
index 4908a98ba..39ec531ea 100644
--- a/Kbuild-Add-an-option-to-enable-GCC-VTA.patch
+++ b/Kbuild-Add-an-option-to-enable-GCC-VTA.patch
@@ -43,10 +43,10 @@ Signed-off-by: Josh Stone <jistone@redhat.com>
  2 files changed, 21 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index af6da040b952..2796a22bb0a4 100644
+index 257ef5892ab7..3cc6f4477e78 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -706,7 +706,11 @@ KBUILD_CFLAGS	+= -fomit-frame-pointer
+@@ -701,7 +701,11 @@ KBUILD_CFLAGS	+= -fomit-frame-pointer
  endif
  endif
  
@@ -59,7 +59,7 @@ index af6da040b952..2796a22bb0a4 100644
  ifdef CONFIG_DEBUG_INFO
  ifdef CONFIG_DEBUG_INFO_SPLIT
 diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index c5cefb3c009c..b663e8e211b0 100644
+index e2894b23efb6..d98afe18f704 100644
 --- a/lib/Kconfig.debug
 +++ b/lib/Kconfig.debug
 @@ -165,7 +165,23 @@ config DEBUG_INFO_DWARF4
diff --git a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
index b136acaf0..8a484b6d8 100644
--- a/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
+++ b/MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
@@ -1,3 +1,4 @@
+From 2246a781c8dbb1207a0b0abbfae201f998c3954b Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 26 Oct 2012 12:42:16 -0400
 Subject: [PATCH] MODSIGN: Import certificates from UEFI Secure Boot
@@ -25,12 +26,12 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  create mode 100644 kernel/modsign_uefi.c
 
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 706b16fa6de8..470e8dfcb517 100644
+index 85ef051ac6fb..a042b2ece788 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -595,6 +595,12 @@ void efi_native_runtime_setup(void);
- #define EFI_CERT_X509_GUID \
-     EFI_GUID(  0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72 )
+@@ -600,6 +600,12 @@ typedef struct {
+ 	u64 table;
+ } efi_config_table_64_t;
  
 +#define EFI_IMAGE_SECURITY_DATABASE_GUID \
 +    EFI_GUID(  0xd719b2cb, 0x3d3a, 0x4596, 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f )
@@ -40,12 +41,12 @@ index 706b16fa6de8..470e8dfcb517 100644
 +
  typedef struct {
  	efi_guid_t guid;
- 	u64 table;
+ 	u32 table;
 diff --git a/init/Kconfig b/init/Kconfig
-index eca8ab59ae7f..9a782b02e4d5 100644
+index 02da9f1fd9df..90c73a0564b1 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1888,6 +1888,15 @@ config MODULE_SIG_ALL
+@@ -1924,6 +1924,15 @@ config MODULE_SIG_ALL
  comment "Do not forget to sign required modules with scripts/sign-file"
  	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
  
@@ -62,26 +63,26 @@ index eca8ab59ae7f..9a782b02e4d5 100644
  	prompt "Which hash algorithm should modules be signed with?"
  	depends on MODULE_SIG
 diff --git a/kernel/Makefile b/kernel/Makefile
-index 1408b3353a3c..8a3be67a3a15 100644
+index d4988410b410..55e886239e7e 100644
 --- a/kernel/Makefile
 +++ b/kernel/Makefile
-@@ -46,6 +46,7 @@ obj-$(CONFIG_UID16) += uid16.o
- obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o
+@@ -47,6 +47,7 @@ endif
+ obj-$(CONFIG_UID16) += uid16.o
  obj-$(CONFIG_MODULES) += module.o
  obj-$(CONFIG_MODULE_SIG) += module_signing.o
 +obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
  obj-$(CONFIG_KALLSYMS) += kallsyms.o
  obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
- obj-$(CONFIG_KEXEC) += kexec.o
-@@ -99,6 +100,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
+ obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
+@@ -103,6 +104,8 @@ obj-$(CONFIG_TORTURE_TEST) += torture.o
  
- $(obj)/configs.o: $(obj)/config_data.h
+ obj-$(CONFIG_HAS_IOMEM) += memremap.o
  
 +$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
 +
+ $(obj)/configs.o: $(obj)/config_data.h
+ 
  # config_data.h contains the same information as ikconfig.h but gzipped.
- # Info from config_data can be extracted from /proc/config*
- targets += config_data.gz
 diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
 new file mode 100644
 index 000000000000..94b0eb38a284
@@ -180,3 +181,6 @@ index 000000000000..94b0eb38a284
 +	return rc;
 +}
 +late_initcall(load_uefi_certs);
+-- 
+2.4.3
+
diff --git a/MODSIGN-Support-not-importing-certs-from-db.patch b/MODSIGN-Support-not-importing-certs-from-db.patch
index 4782e734f..bb5ae2a2c 100644
--- a/MODSIGN-Support-not-importing-certs-from-db.patch
+++ b/MODSIGN-Support-not-importing-certs-from-db.patch
@@ -1,6 +1,7 @@
+From d7c9efa4ab647d6ccb617f2504e79a398d56f7d4 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Thu, 3 Oct 2013 10:14:23 -0400
-Subject: [PATCH] MODSIGN: Support not importing certs from db
+Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
 
 If a user tells shim to not use the certs/hashes in the UEFI db variable
 for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
@@ -78,3 +79,6 @@ index 94b0eb38a284..ae28b974d49a 100644
  	}
  
  	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+-- 
+2.4.3
+
diff --git a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
index 92e028d07..23a514f3b 100644
--- a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
+++ b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
@@ -1,6 +1,8 @@
+From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:10:38 -0500
-Subject: [PATCH] PCI: Lock down BAR access when module security is enabled
+Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is
+ enabled
 
 Any hardware that can potentially generate DMA has to be locked down from
 userspace in order to avoid it being possible for an attacker to modify
@@ -111,3 +113,6 @@ index b91c4da68365..98f5637304d1 100644
  		return -EPERM;
  
  	dev = pci_get_bus_and_slot(bus, dfn);
+-- 
+2.4.3
+
diff --git a/RDS-fix-race-condition-when-sending-a-message-on-unb.patch b/RDS-fix-race-condition-when-sending-a-message-on-unb.patch
new file mode 100644
index 000000000..ce232ef4b
--- /dev/null
+++ b/RDS-fix-race-condition-when-sending-a-message-on-unb.patch
@@ -0,0 +1,77 @@
+From 8e92c2b0cb50a31e2956760498bc8cdb72993fb3 Mon Sep 17 00:00:00 2001
+From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
+Date: Fri, 16 Oct 2015 17:11:42 +0200
+Subject: [PATCH] RDS: fix race condition when sending a message on unbound
+ socket.
+
+Sasha's found a NULL pointer dereference in the RDS connection code when
+sending a message to an apparently unbound socket.  The problem is caused
+by the code checking if the socket is bound in rds_sendmsg(), which checks
+the rs_bound_addr field without taking a lock on the socket.  This opens a
+race where rs_bound_addr is temporarily set but where the transport is not
+in rds_bind(), leading to a NULL pointer dereference when trying to
+dereference 'trans' in __rds_conn_create().
+
+Vegard wrote a reproducer for this issue, so kindly ask him to share if
+you're interested.
+
+I cannot reproduce the NULL pointer dereference using Vegard's reproducer
+with this patch, whereas I could without.
+
+Complete earlier incomplete fix to CVE-2015-6937:
+
+  74e98eb08588 ("RDS: verify the underlying transport exists before creating a connection")
+
+Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
+Reviewed-by: Vegard Nossum <vegard.nossum@oracle.com>
+Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
+Cc: Vegard Nossum <vegard.nossum@oracle.com>
+Cc: Sasha Levin <sasha.levin@oracle.com>
+Cc: Chien Yen <chien.yen@oracle.com>
+Cc: Santosh Shilimkar <santosh.shilimkar@oracle.com>
+Cc: David S. Miller <davem@davemloft.net>
+Cc: stable@vger.kernel.org
+---
+ net/rds/connection.c | 6 ------
+ net/rds/send.c       | 4 +++-
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/net/rds/connection.c b/net/rds/connection.c
+index 49adeef8090c..9b2de5e67d79 100644
+--- a/net/rds/connection.c
++++ b/net/rds/connection.c
+@@ -190,12 +190,6 @@ new_conn:
+ 		}
+ 	}
+ 
+-	if (trans == NULL) {
+-		kmem_cache_free(rds_conn_slab, conn);
+-		conn = ERR_PTR(-ENODEV);
+-		goto out;
+-	}
+-
+ 	conn->c_trans = trans;
+ 
+ 	ret = trans->conn_alloc(conn, gfp);
+diff --git a/net/rds/send.c b/net/rds/send.c
+index 4df61a515b83..859de6f32521 100644
+--- a/net/rds/send.c
++++ b/net/rds/send.c
+@@ -1009,11 +1009,13 @@ int rds_sendmsg(struct socket *sock, struct msghdr *msg, size_t payload_len)
+ 		release_sock(sk);
+ 	}
+ 
+-	/* racing with another thread binding seems ok here */
++	lock_sock(sk);
+ 	if (daddr == 0 || rs->rs_bound_addr == 0) {
++		release_sock(sk);
+ 		ret = -ENOTCONN; /* XXX not a great errno */
+ 		goto out;
+ 	}
++	release_sock(sk);
+ 
+ 	if (payload_len > rds_sk_sndbuf(rs)) {
+ 		ret = -EMSGSIZE;
+-- 
+2.4.3
+
diff --git a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
index 99cae0a0a..acf28cf88 100644
--- a/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
+++ b/Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
@@ -1,6 +1,7 @@
+From d4ae417828427de74e9f857f9caa49580aecf1fe Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 09:28:15 -0500
-Subject: [PATCH] Restrict /dev/mem and /dev/kmem when module loading is
+Subject: [PATCH 06/20] Restrict /dev/mem and /dev/kmem when module loading is
  restricted
 
 Allowing users to write to address space makes it possible for the kernel
@@ -13,7 +14,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 6 insertions(+)
 
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index efe38c1bc234..16b8af1188e1 100644
+index 53fe675f9bd7..b52c88860532 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
 @@ -167,6 +167,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
@@ -36,3 +37,6 @@ index efe38c1bc234..16b8af1188e1 100644
  	if (p < (unsigned long) high_memory) {
  		unsigned long to_write = min_t(unsigned long, count,
  					       (unsigned long)high_memory - p);
+-- 
+2.4.3
+
diff --git a/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
index 7a83415cf..2794b155f 100644
--- a/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
+++ b/acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
@@ -1,7 +1,8 @@
+From 32d3dc2147823a32c8a7771d8fe0f2d1ef057c6a Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
 Date: Mon, 25 Jun 2012 19:57:30 -0400
-Subject: [PATCH] acpi: Ignore acpi_rsdp kernel parameter when module loading
- is restricted
+Subject: [PATCH 07/20] acpi: Ignore acpi_rsdp kernel parameter when module
+ loading is restricted
 
 This option allows userspace to pass the RSDP address to the kernel, which
 makes it possible for a user to circumvent any restrictions imposed on
@@ -13,10 +14,10 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index 5aa1f6e281d2..58ae459937a4 100644
+index 739a4a6b3b9b..9ef2a020a7a9 100644
 --- a/drivers/acpi/osl.c
 +++ b/drivers/acpi/osl.c
-@@ -44,6 +44,7 @@
+@@ -40,6 +40,7 @@
  #include <linux/list.h>
  #include <linux/jiffies.h>
  #include <linux/semaphore.h>
@@ -24,7 +25,7 @@ index 5aa1f6e281d2..58ae459937a4 100644
  
  #include <asm/io.h>
  #include <asm/uaccess.h>
-@@ -252,7 +253,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
+@@ -253,7 +254,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
  acpi_physical_address __init acpi_os_get_root_pointer(void)
  {
  #ifdef CONFIG_KEXEC
@@ -33,3 +34,6 @@ index 5aa1f6e281d2..58ae459937a4 100644
  		return acpi_rsdp;
  #endif
  
+-- 
+2.4.3
+
diff --git a/amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch b/amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
index fa39d8675..6b9d07dc7 100644
--- a/amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
+++ b/amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
@@ -1,11 +1,13 @@
+From b634bc924371a7df6459af04f37c91f65ac59df2 Mon Sep 17 00:00:00 2001
 From: Tom Lendacky <thomas.lendacky@amd.com>
-Date: Sat, 21 Feb 2015 12:25:12 -0500
-Subject: [PATCH] amd-xgbe-a0: Add support for XGBE on A0
+Date: Thu, 28 May 2015 16:38:57 -0400
+Subject: [PATCH 1/2] amd-xgbe-a0: Add support for XGBE on A0
 
 Add XGBE driver support for A0 hardware.
 
 Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
 [fixup timespec -> timespec64]
+[use device_dma_is_coherent]
 Signed-off-by: Mark Salter <msalter@redhat.com>
 ---
  drivers/net/ethernet/amd/Makefile               |    1 +
@@ -17,11 +19,11 @@ Signed-off-by: Mark Salter <msalter@redhat.com>
  drivers/net/ethernet/amd/xgbe-a0/xgbe-dev.c     | 2930 +++++++++++++++++++++++
  drivers/net/ethernet/amd/xgbe-a0/xgbe-drv.c     | 2218 +++++++++++++++++
  drivers/net/ethernet/amd/xgbe-a0/xgbe-ethtool.c |  616 +++++
- drivers/net/ethernet/amd/xgbe-a0/xgbe-main.c    |  643 +++++
+ drivers/net/ethernet/amd/xgbe-a0/xgbe-main.c    |  618 +++++
  drivers/net/ethernet/amd/xgbe-a0/xgbe-mdio.c    |  312 +++
  drivers/net/ethernet/amd/xgbe-a0/xgbe-ptp.c     |  278 +++
  drivers/net/ethernet/amd/xgbe-a0/xgbe.h         |  868 +++++++
- 13 files changed, 10294 insertions(+)
+ 13 files changed, 10269 insertions(+)
  create mode 100644 drivers/net/ethernet/amd/xgbe-a0/Makefile
  create mode 100644 drivers/net/ethernet/amd/xgbe-a0/xgbe-common.h
  create mode 100644 drivers/net/ethernet/amd/xgbe-a0/xgbe-dcb.c
@@ -36,7 +38,7 @@ Signed-off-by: Mark Salter <msalter@redhat.com>
  create mode 100644 drivers/net/ethernet/amd/xgbe-a0/xgbe.h
 
 diff --git a/drivers/net/ethernet/amd/Makefile b/drivers/net/ethernet/amd/Makefile
-index a38a2dce3eb3..bf0cf2f8d2db 100644
+index a38a2dc..bf0cf2f 100644
 --- a/drivers/net/ethernet/amd/Makefile
 +++ b/drivers/net/ethernet/amd/Makefile
 @@ -18,3 +18,4 @@ obj-$(CONFIG_PCNET32) += pcnet32.o
@@ -46,7 +48,7 @@ index a38a2dce3eb3..bf0cf2f8d2db 100644
 +obj-$(CONFIG_AMD_XGBE) += xgbe-a0/
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/Makefile b/drivers/net/ethernet/amd/xgbe-a0/Makefile
 new file mode 100644
-index 000000000000..561116faadae
+index 0000000..561116f
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/Makefile
 @@ -0,0 +1,8 @@
@@ -60,7 +62,7 @@ index 000000000000..561116faadae
 +amd-xgbe-a0-$(CONFIG_DEBUG_FS) += xgbe-debugfs.o
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-common.h b/drivers/net/ethernet/amd/xgbe-a0/xgbe-common.h
 new file mode 100644
-index 000000000000..75b08c63d39f
+index 0000000..75b08c6
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-common.h
 @@ -0,0 +1,1142 @@
@@ -1208,7 +1210,7 @@ index 000000000000..75b08c63d39f
 +#endif
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-dcb.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-dcb.c
 new file mode 100644
-index 000000000000..343301cbf7b4
+index 0000000..343301c
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-dcb.c
 @@ -0,0 +1,269 @@
@@ -1483,7 +1485,7 @@ index 000000000000..343301cbf7b4
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-debugfs.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-debugfs.c
 new file mode 100644
-index 000000000000..ecfa6f91da22
+index 0000000..ecfa6f9
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-debugfs.c
 @@ -0,0 +1,373 @@
@@ -1862,7 +1864,7 @@ index 000000000000..ecfa6f91da22
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-desc.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-desc.c
 new file mode 100644
-index 000000000000..5dd57779c82c
+index 0000000..5dd5777
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-desc.c
 @@ -0,0 +1,636 @@
@@ -2504,7 +2506,7 @@ index 000000000000..5dd57779c82c
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-dev.c
 new file mode 100644
-index 000000000000..2d88739de41c
+index 0000000..2d88739
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-dev.c
 @@ -0,0 +1,2930 @@
@@ -5440,7 +5442,7 @@ index 000000000000..2d88739de41c
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-drv.c
 new file mode 100644
-index 000000000000..ca4af9e508b8
+index 0000000..ca4af9e
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-drv.c
 @@ -0,0 +1,2218 @@
@@ -7664,7 +7666,7 @@ index 000000000000..ca4af9e508b8
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-ethtool.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-ethtool.c
 new file mode 100644
-index 000000000000..165ff1ceedcc
+index 0000000..165ff1c
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-ethtool.c
 @@ -0,0 +1,616 @@
@@ -8286,10 +8288,10 @@ index 000000000000..165ff1ceedcc
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-main.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-main.c
 new file mode 100644
-index 000000000000..a85fb4965835
+index 0000000..deb8551
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-main.c
-@@ -0,0 +1,643 @@
+@@ -0,0 +1,618 @@
 +/*
 + * AMD 10Gb Ethernet driver
 + *
@@ -8476,13 +8478,8 @@ index 000000000000..a85fb4965835
 +#ifdef CONFIG_ACPI
 +static int xgbe_acpi_support(struct xgbe_prv_data *pdata)
 +{
-+	struct acpi_device *adev = pdata->adev;
 +	struct device *dev = pdata->dev;
 +	u32 property;
-+	acpi_handle handle;
-+	acpi_status status;
-+	unsigned long long data;
-+	int cca;
 +	int ret;
 +
 +	/* Obtain the system clock setting */
@@ -8503,24 +8500,6 @@ index 000000000000..a85fb4965835
 +	}
 +	pdata->ptpclk_rate = property;
 +
-+	/* Retrieve the device cache coherency value */
-+	handle = adev->handle;
-+	do {
-+		status = acpi_evaluate_integer(handle, "_CCA", NULL, &data);
-+		if (!ACPI_FAILURE(status)) {
-+			cca = data;
-+			break;
-+		}
-+
-+		status = acpi_get_parent(handle, &handle);
-+	} while (!ACPI_FAILURE(status));
-+
-+	if (ACPI_FAILURE(status)) {
-+		dev_err(dev, "error obtaining acpi coherency value\n");
-+		return -EINVAL;
-+	}
-+	pdata->coherent = !!cca;
-+
 +	return 0;
 +}
 +#else   /* CONFIG_ACPI */
@@ -8551,9 +8530,6 @@ index 000000000000..a85fb4965835
 +	}
 +	pdata->ptpclk_rate = clk_get_rate(pdata->ptpclk);
 +
-+	/* Retrieve the device cache coherency value */
-+	pdata->coherent = of_dma_is_coherent(dev->of_node);
-+
 +	return 0;
 +}
 +#else   /* CONFIG_OF */
@@ -8672,6 +8648,7 @@ index 000000000000..a85fb4965835
 +		goto err_io;
 +
 +	/* Set the DMA coherency values */
++	pdata->coherent = device_dma_is_coherent(pdata->dev);
 +	if (pdata->coherent) {
 +		pdata->axdomain = XGBE_DMA_OS_AXDOMAIN;
 +		pdata->arcache = XGBE_DMA_OS_ARCACHE;
@@ -8935,7 +8912,7 @@ index 000000000000..a85fb4965835
 +module_platform_driver(xgbe_a0_driver);
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-mdio.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-mdio.c
 new file mode 100644
-index 000000000000..b84d0481bed8
+index 0000000..b84d048
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-mdio.c
 @@ -0,0 +1,312 @@
@@ -9253,7 +9230,7 @@ index 000000000000..b84d0481bed8
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe-ptp.c b/drivers/net/ethernet/amd/xgbe-a0/xgbe-ptp.c
 new file mode 100644
-index 000000000000..1016aeb96162
+index 0000000..1016aeb
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe-ptp.c
 @@ -0,0 +1,278 @@
@@ -9537,7 +9514,7 @@ index 000000000000..1016aeb96162
 +}
 diff --git a/drivers/net/ethernet/amd/xgbe-a0/xgbe.h b/drivers/net/ethernet/amd/xgbe-a0/xgbe.h
 new file mode 100644
-index 000000000000..04c00d236c49
+index 0000000..04c00d2
 --- /dev/null
 +++ b/drivers/net/ethernet/amd/xgbe-a0/xgbe.h
 @@ -0,0 +1,868 @@
@@ -10409,3 +10386,6 @@ index 000000000000..04c00d236c49
 +#endif
 +
 +#endif
+-- 
+2.4.5
+
diff --git a/arm64-acpi-drop-expert-patch.patch b/arm64-acpi-drop-expert-patch.patch
new file mode 100644
index 000000000..6122732d6
--- /dev/null
+++ b/arm64-acpi-drop-expert-patch.patch
@@ -0,0 +1,21 @@
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Sun, 3 May 2015 18:35:23 +0100
+Subject: [PATCH] arm64: acpi drop expert patch
+
+---
+ drivers/acpi/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
+index 114cf48085ab..70ba3ef9a37b 100644
+--- a/drivers/acpi/Kconfig
++++ b/drivers/acpi/Kconfig
+@@ -5,7 +5,7 @@
+ menuconfig ACPI
+ 	bool "ACPI (Advanced Configuration and Power Interface) Support"
+ 	depends on !IA64_HP_SIM
+-	depends on IA64 || X86 || (ARM64 && EXPERT)
++	depends on IA64 || X86 || ARM64
+ 	depends on PCI
+ 	select PNP
+ 	default y
diff --git a/arm64-avoid-needing-console-to-enable-serial-console.patch b/arm64-avoid-needing-console-to-enable-serial-console.patch
index 13f5cb6e1..47d09c2a7 100644
--- a/arm64-avoid-needing-console-to-enable-serial-console.patch
+++ b/arm64-avoid-needing-console-to-enable-serial-console.patch
@@ -14,10 +14,10 @@ Signed-off-by: Mark Salter <msalter@redhat.com>
  1 file changed, 19 insertions(+)
 
 diff --git a/arch/arm64/kernel/setup.c b/arch/arm64/kernel/setup.c
-index 781f4697dc26..164d618d988c 100644
+index f3067d4d4e35..6f8d814c4e5c 100644
 --- a/arch/arm64/kernel/setup.c
 +++ b/arch/arm64/kernel/setup.c
-@@ -559,3 +559,22 @@ const struct seq_operations cpuinfo_op = {
+@@ -568,3 +568,22 @@ const struct seq_operations cpuinfo_op = {
  	.stop	= c_stop,
  	.show	= c_show
  };
diff --git a/asus-wmi-Restrict-debugfs-interface-when-module-load.patch b/asus-wmi-Restrict-debugfs-interface-when-module-load.patch
index 929853201..3ab7b85ea 100644
--- a/asus-wmi-Restrict-debugfs-interface-when-module-load.patch
+++ b/asus-wmi-Restrict-debugfs-interface-when-module-load.patch
@@ -1,7 +1,8 @@
+From 32f701d40657cc3c982b8cba4bf73452ccdd6697 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Mar 2012 08:46:50 -0500
-Subject: [PATCH] asus-wmi: Restrict debugfs interface when module loading is
- restricted
+Subject: [PATCH 05/20] asus-wmi: Restrict debugfs interface when module
+ loading is restricted
 
 We have no way of validating what all of the Asus WMI methods do on a
 given machine, and there's a risk that some will allow hardware state to
@@ -15,10 +16,10 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
-index 7543a56e0f45..93b5a6998371 100644
+index efbc3f0c592b..071171be4b7f 100644
 --- a/drivers/platform/x86/asus-wmi.c
 +++ b/drivers/platform/x86/asus-wmi.c
-@@ -1589,6 +1589,9 @@ static int show_dsts(struct seq_file *m, void *data)
+@@ -1868,6 +1868,9 @@ static int show_dsts(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -28,7 +29,7 @@ index 7543a56e0f45..93b5a6998371 100644
  	err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
  
  	if (err < 0)
-@@ -1605,6 +1608,9 @@ static int show_devs(struct seq_file *m, void *data)
+@@ -1884,6 +1887,9 @@ static int show_devs(struct seq_file *m, void *data)
  	int err;
  	u32 retval = -1;
  
@@ -38,7 +39,7 @@ index 7543a56e0f45..93b5a6998371 100644
  	err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
  				    &retval);
  
-@@ -1629,6 +1635,9 @@ static int show_call(struct seq_file *m, void *data)
+@@ -1908,6 +1914,9 @@ static int show_call(struct seq_file *m, void *data)
  	union acpi_object *obj;
  	acpi_status status;
  
@@ -48,3 +49,6 @@ index 7543a56e0f45..93b5a6998371 100644
  	status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
  				     1, asus->debug.method_id,
  				     &input, &output);
+-- 
+2.4.3
+
diff --git a/config-arm-generic b/config-arm-generic
index 12c9168da..d72e87119 100644
--- a/config-arm-generic
+++ b/config-arm-generic
@@ -40,6 +40,8 @@ CONFIG_FB_SIMPLE=y
 CONFIG_HAVE_PERF_REGS=y
 CONFIG_HAVE_PERF_USER_STACK_DUMP=y
 
+CONFIG_ARM_PMU=y
+
 # ARM AMBA generic HW
 CONFIG_ARM_AMBA=y
 CONFIG_KERNEL_MODE_NEON=y
@@ -64,6 +66,7 @@ CONFIG_RTC_DRV_PL031=y
 CONFIG_PL330_DMA=m
 CONFIG_GPIO_PL061=y
 CONFIG_USB_ISP1760=m
+CONFIG_ARM_PL172_MPMC=m
 
 # ARM VExpress
 CONFIG_ARCH_VEXPRESS=y
@@ -106,6 +109,8 @@ CONFIG_OF_NET=y
 CONFIG_OF_OVERLAY=y
 CONFIG_OF_PCI_IRQ=m
 CONFIG_OF_PCI=m
+# CONFIG_PCI_HOST_GENERIC is not set
+# CONFIG_PCIE_IPROC is not set
 CONFIG_OF_RESERVED_MEM=y
 CONFIG_OF_RESOLVE=y
 CONFIG_PM_GENERIC_DOMAINS_OF=y
@@ -213,6 +218,7 @@ CONFIG_I2C_MUX_GPIO=m
 CONFIG_I2C_MUX_PINCTRL=m
 CONFIG_I2C_MUX_PCA9541=m
 CONFIG_I2C_MUX_PCA954x=m
+CONFIG_I2C_MUX_REG=m
 
 # spi
 CONFIG_SPI_PL022=m
@@ -280,6 +286,7 @@ CONFIG_VFIO_AMBA=m
 # CONFIG_KEYBOARD_OMAP4 is not set
 # CONFIG_KEYBOARD_BCM is not set
 # CONFIG_PHY_SAMSUNG_USB2 is not set
+# CONFIG_OMAP_GPMC_DEBUG is not set
 
 ### turn off things which make no sense on embedded SoC
 
@@ -349,3 +356,6 @@ CONFIG_VFIO_AMBA=m
 # CONFIG_BMP085_SPI is not set
 # CONFIG_TI_DAC7512 is not set
 # CONFIG_SPI_ROCKCHIP is not set
+
+# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
+CONFIG_CHECKPOINT_RESTORE=y
diff --git a/config-arm64 b/config-arm64
index 60d432f59..710b466e3 100644
--- a/config-arm64
+++ b/config-arm64
@@ -18,6 +18,10 @@ CONFIG_ARCH_XGENE=y
 # CONFIG_ARCH_QCOM is not set
 # CONFIG_ARCH_SPRD is not set
 # CONFIG_ARCH_ZYNQMP is not set
+# CONFIG_ARCH_BCM_IPROC is not set
+# CONFIG_ARCH_BERLIN is not set
+# CONFIG_ARCH_ROCKCHIP is not set
+
 
 # Erratum
 CONFIG_ARM64_ERRATUM_826319=y
@@ -36,7 +40,10 @@ CONFIG_ARM_SMMU_V3=y
 CONFIG_ARCH_HAS_HOLES_MEMORYMODEL=y
 CONFIG_ARCH_REQUIRE_GPIOLIB=y
 CONFIG_ARM64_64K_PAGES=y
-# CONFIG_COMPAT is not set
+
+CONFIG_ARM64_HW_AFDBM=y
+CONFIG_ARM64_PAN=y
+CONFIG_ARM64_LSE_ATOMICS=y
 
 CONFIG_BCMA_POSSIBLE=y
 CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
@@ -138,6 +145,10 @@ CONFIG_AMD_XGBE_PHY=m
 # HiSilicon
 CONFIG_POWER_RESET_HISI=y
 CONFIG_HISI_THERMAL=m
+CONFIG_STUB_CLK_HI6220=y
+
+# ThunderX
+# CONFIG_MDIO_OCTEON is not set
 
 CONFIG_NET_VENDOR_MELLANOX=y
 CONFIG_MLX4_EN=m
@@ -165,3 +176,4 @@ CONFIG_ND_BLK=m
 CONFIG_DEBUG_SECTION_MISMATCH=y
 
 # CONFIG_FSL_MC_BUS is not set
+# CONFIG_FUJITSU_ES is not set
diff --git a/config-armv7 b/config-armv7
index b39acc274..7c81e1d70 100644
--- a/config-armv7
+++ b/config-armv7
@@ -25,8 +25,6 @@ CONFIG_SOC_OMAP3430=y
 CONFIG_SOC_TI81XX=y
 # CONFIG_MACH_NOKIA_RX51 is not set
 # CONFIG_MACH_OMAP_LDP is not set
-# CONFIG_MACH_OMAP3530_LV_SOM is not set
-# CONFIG_MACH_OMAP3_TORPEDO is not set
 # CONFIG_MACH_OMAP3517EVM is not set
 # CONFIG_MACH_OMAP3_PANDORA is not set
 
@@ -284,6 +282,7 @@ CONFIG_PINCTRL_MSM8960=m
 CONFIG_PINCTRL_MSM8X74=m
 CONFIG_PINCTRL_MSM8916=m
 CONFIG_PINCTRL_QCOM_SPMI_PMIC=m
+CONFIG_PINCTRL_QCOM_SSBI_PMIC=m
 CONFIG_COMMON_CLK_QCOM=m
 # CONFIG_MSM_GCC_8916 is not set
 # CONFIG_IPQ_LCC_806X is not set
@@ -339,6 +338,13 @@ CONFIG_SND_SOC_LPASS_PLATFORM=m
 CONFIG_SND_SOC_STORM=m
 CONFIG_PHY_QCOM_UFS=m
 CONFIG_HWSPINLOCK_QCOM=m
+CONFIG_QCOM_COINCELL=m
+CONFIG_USB_QCOM_8X16_PHY=m
+CONFIG_QCOM_SMD=m
+CONFIG_QCOM_SMD_RPM=m
+CONFIG_QCOM_SMEM=m
+CONFIG_REGULATOR_QCOM_SMD_RPM=m
+# CONFIG_QCOM_SMEM is not set
 
 # i.MX
 # CONFIG_MXC_DEBUG_BOARD is not set
@@ -348,6 +354,7 @@ CONFIG_SOC_IMX53=y
 CONFIG_SOC_IMX6Q=y
 CONFIG_SOC_IMX6SL=y
 CONFIG_SOC_IMX6SX=y
+CONFIG_SOC_IMX6UL=y
 CONFIG_SOC_IMX7D=y
 # CONFIG_SOC_LS1021A is not set
 # CONFIG_SOC_VF610 is not set
@@ -371,6 +378,7 @@ CONFIG_NET_VENDOR_FREESCALE=y
 CONFIG_FEC=m
 # CONFIG_FSL_PQ_MDIO is not set
 # CONFIG_FSL_XGMAC_MDIO is not set
+CONFIG_KEYBOARD_SNVS_PWRKEY=m
 CONFIG_KEYBOARD_IMX=m
 CONFIG_KEYBOARD_STMPE=m
 CONFIG_TOUCHSCREEN_STMPE=m
@@ -404,6 +412,7 @@ CONFIG_RTC_DRV_SNVS=m
 CONFIG_FB_MXS=m
 # CONFIG_FB_MX3 is not set
 # CONFIG_FB_IMX is not set
+CONFIG_TOUCHSCREEN_IMX6UL_TSC=m
 
 CONFIG_SND_IMX_SOC=m
 CONFIG_SND_SOC_FSL_ASOC_CARD=m
@@ -493,8 +502,6 @@ CONFIG_ARCH_EXYNOS4=y
 CONFIG_SOC_EXYNOS4212=y
 CONFIG_SOC_EXYNOS4412=y
 CONFIG_SOC_EXYNOS4415=y
-CONFIG_ARM_EXYNOS4210_CPUFREQ=y
-CONFIG_ARM_EXYNOS4X12_CPUFREQ=y
 CONFIG_AK8975=m
 CONFIG_CM36651=m
 CONFIG_KEYBOARD_SAMSUNG=m
@@ -620,6 +627,7 @@ CONFIG_CADENCE_WATCHDOG=m
 CONFIG_REGULATOR_ISL9305=m
 CONFIG_EDAC_SYNOPSYS=m
 CONFIG_PINCTRL_ZYNQ=y
+CONFIG_AXI_DMAC=m
 
 # Multi function devices
 CONFIG_MFD_88PM800=m
diff --git a/config-armv7-generic b/config-armv7-generic
index 9079e0a06..60913e089 100644
--- a/config-armv7-generic
+++ b/config-armv7-generic
@@ -33,6 +33,7 @@ CONFIG_XZ_DEC_ARMTHUMB=y
 CONFIG_ARCH_HAS_TICK_BROADCAST=y
 CONFIG_IRQ_CROSSBAR=y
 CONFIG_IOMMU_IO_PGTABLE_LPAE=y
+CONFIG_CPU_SW_DOMAIN_PAN=y
 
 # CONFIG_MCPM is not set
 # CONFIG_OABI_COMPAT is not set
@@ -141,7 +142,6 @@ CONFIG_XZ_DEC_ARM=y
 
 CONFIG_PCI_HOST_GENERIC=y
 # CONFIG_PCI_LAYERSCAPE is not set
-# CONFIG_PCIE_IPROC is not set
 # Do NOT enable this, it breaks stuff and makes things go slow
 # CONFIG_UACCESS_WITH_MEMCPY is not set
 
@@ -183,6 +183,7 @@ CONFIG_MACH_SUN7I=y
 CONFIG_MACH_SUN8I=y
 # CONFIG_MACH_SUN9I is not set
 CONFIG_SUNXI_SRAM=y
+CONFIG_DMA_SUN4I=m
 CONFIG_DMA_SUN6I=m
 CONFIG_SUNXI_WATCHDOG=m
 CONFIG_NET_VENDOR_ALLWINNER=y
@@ -215,6 +216,8 @@ CONFIG_MTD_NAND_SUNXI=m
 CONFIG_SERIO_SUN4I_PS2=m
 CONFIG_KEYBOARD_SUN4I_LRADC=m
 CONFIG_PWM_SUN4I=m
+CONFIG_USB_MUSB_SUNXI=m
+CONFIG_CRYPTO_DEV_SUN4I_SS=m
 
 # Exynos
 CONFIG_ARCH_EXYNOS3=y
@@ -229,8 +232,6 @@ CONFIG_SOC_EXYNOS5410=y
 CONFIG_SOC_EXYNOS5800=y
 CONFIG_SERIAL_SAMSUNG=y
 CONFIG_SERIAL_SAMSUNG_CONSOLE=y
-CONFIG_ARM_EXYNOS_CPUFREQ=m
-CONFIG_ARM_EXYNOS5250_CPUFREQ=y
 CONFIG_ARM_EXYNOS5440_CPUFREQ=m
 CONFIG_ARM_EXYNOS_CPU_FREQ_BOOST_SW=y
 # CONFIG_ARM_EXYNOS_CPUIDLE is not set
@@ -352,6 +353,9 @@ CONFIG_DRM_ROCKCHIP=m
 CONFIG_ROCKCHIP_DW_HDMI=m
 CONFIG_PHY_ROCKCHIP_USB=m
 CONFIG_DWMAC_ROCKCHIP=m
+CONFIG_SND_SOC_ROCKCHIP_MAX98090=m
+CONFIG_SND_SOC_ROCKCHIP_RT5645=m
+CONFIG_REGULATOR_ACT8865=m
 
 # Tegra
 CONFIG_ARCH_TEGRA_114_SOC=y
@@ -393,6 +397,8 @@ CONFIG_TEGRA_SOCTHERM=m
 CONFIG_TEGRA_MC=y
 CONFIG_TEGRA124_EMC=y
 CONFIG_ARM_TEGRA_DEVFREQ=m
+# CONFIG_ARM_TEGRA20_CPUFREQ is not set
+CONFIG_ARM_TEGRA124_CPUFREQ=m
 
 # Jetson TK1
 CONFIG_PINCTRL_AS3722=y
@@ -457,6 +463,7 @@ CONFIG_COMMON_CLK_SI5351=m
 CONFIG_RTC_DRV_ARMADA38X=m
 # CONFIG_CACHE_FEROCEON_L2 is not set
 # CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH is not set
+CONFIG_LEDS_NS2=m
 
 # DRM panels
 CONFIG_DRM_PANEL=y
@@ -464,6 +471,9 @@ CONFIG_DRM_PANEL_SIMPLE=m
 CONFIG_DRM_PANEL_LD9040=m
 CONFIG_DRM_PANEL_S6E8AA0=m
 CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
+CONFIG_DRM_PANEL_LG_LG4573=m
+CONFIG_DRM_PANEL_SAMSUNG_LD9040=m
+CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
 CONFIG_DRM_DW_HDMI=m
 
 # regmap
@@ -718,6 +728,7 @@ CONFIG_REGULATOR_DA9211=m
 CONFIG_REGULATOR_ISL9305=m
 CONFIG_REGULATOR_MAX77802=m
 CONFIG_REGULATOR_PWM=m
+# CONFIG_REGULATOR_MT6311 is not set
 CONFIG_SENSORS_LTC2978_REGULATOR=y
 
 CONFIG_POWER_AVS=y
@@ -854,6 +865,7 @@ CONFIG_R8188EU=m
 # CONFIG_DRM_TILCDC is not set
 # CONFIG_DRM_IMX is not set
 # CONFIG_DRM_STI is not set
+# CONFIG_DRM_FSL_DCU is not set
 # CONFIG_AHCI_IMX is not set
 # CONFIG_IMX_THERMAL is not set
 # CONFIG_TI_DAC7512 is not set
diff --git a/config-armv7-lpae b/config-armv7-lpae
index 5166b6cd4..483c49960 100644
--- a/config-armv7-lpae
+++ b/config-armv7-lpae
@@ -12,6 +12,7 @@ CONFIG_ARCH_KEYSTONE=y
 # CONFIG_ARCH_AXXIA is not set
 
 CONFIG_ARM_LPAE=y
+# CONFIG_CPU_SW_DOMAIN_PAN is not set
 CONFIG_SYS_SUPPORTS_HUGETLBFS=y
 CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
 CONFIG_ARM_VIRT_EXT=y
diff --git a/config-debug b/config-debug
index cfb1d380b..d57a218ea 100644
--- a/config-debug
+++ b/config-debug
@@ -90,7 +90,7 @@ CONFIG_RTLWIFI_DEBUG=y
 CONFIG_DEBUG_OBJECTS_WORK=y
 
 CONFIG_DMADEVICES_DEBUG=y
-CONFIG_DMADEVICES_VDEBUG=y
+# CONFIG_DMADEVICES_VDEBUG is not set
 
 CONFIG_PM_ADVANCED_DEBUG=y
 
diff --git a/config-generic b/config-generic
index eb32d79c8..bc0e2970c 100644
--- a/config-generic
+++ b/config-generic
@@ -51,8 +51,10 @@ CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
 CONFIG_KALLSYMS=y
 CONFIG_KALLSYMS_ALL=y
 CONFIG_FUTEX=y
+# CONFIG_FAIL_FUTEX is not set
 CONFIG_EPOLL=y
 CONFIG_BPF_SYSCALL=y
+CONFIG_USERFAULTFD=y
 CONFIG_IOSCHED_NOOP=y
 CONFIG_IOSCHED_DEADLINE=y
 CONFIG_IOSCHED_CFQ=y
@@ -144,6 +146,8 @@ CONFIG_MMC_TIFM_SD=m
 CONFIG_MMC_WBSD=m
 CONFIG_MMC_VIA_SDMMC=m
 CONFIG_MMC_SDHCI_PLTFM=m
+# CONFIG_MMC_SDHCI_OF is not set
+# CONFIG_MMC_SDHCI_OF_AT91 is not set
 CONFIG_MMC_CB710=m
 CONFIG_MMC_RICOH_MMC=y
 CONFIG_MMC_USHC=m
@@ -173,10 +177,12 @@ CONFIG_INFINIBAND_SRPT=m
 CONFIG_INFINIBAND_USER_MAD=m
 CONFIG_INFINIBAND_USER_ACCESS=m
 CONFIG_INFINIBAND_ON_DEMAND_PAGING=y
-CONFIG_INFINIBAND_IPATH=m
+# Deprecated and moved to staging
+# CONFIG_INFINIBAND_IPATH is not set
 CONFIG_INFINIBAND_ISER=m
 CONFIG_INFINIBAND_ISERT=m
-CONFIG_INFINIBAND_AMSO1100=m
+# Deprecated and moved to staging
+# CONFIG_INFINIBAND_AMSO1100 is not set
 # CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
 CONFIG_INFINIBAND_CXGB3=m
 CONFIG_INFINIBAND_CXGB4=m
@@ -321,6 +327,8 @@ CONFIG_MTD_CFI_I2=y
 # CONFIG_MTD_NAND_ECC_BCH is not set
 # CONFIG_MTD_NAND_DISKONCHIP is not set
 # CONFIG_MTD_NAND_HISI504 is not set
+# CONFIG_MTD_NAND_DENALI_PCI is not set
+# CONFIG_MTD_NAND_DENALI_DT is not set
 # CONFIG_MTD_LPDDR is not set
 CONFIG_MTD_UBI=m
 CONFIG_MTD_UBI_WL_THRESHOLD=4096
@@ -350,6 +358,7 @@ CONFIG_HOTPLUG_PCI_ACPI_IBM=m
 # CONFIG_ND_BLK is not set
 # CONFIG_BTT is not set
 
+# CONFIG_NVMEM is not set
 
 #
 # Block devices
@@ -383,6 +392,7 @@ CONFIG_BLK_DEV_RAM_SIZE=16384
 CONFIG_BLK_DEV_PMEM=m
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_BLK_DEV_IO_TRACE=y
+CONFIG_BLK_DEV_RAM_DAX=y
 
 CONFIG_BLK_DEV_BSG=y
 CONFIG_BLK_DEV_BSGLIB=y
@@ -819,6 +829,7 @@ CONFIG_IP_VS_PROTO_ESP=y
 CONFIG_IP_VS_PROTO_AH=y
 CONFIG_IP_VS_PROTO_SCTP=y
 CONFIG_IP_VS_FO=m
+CONFIG_IP_VS_OVF=m
 CONFIG_IP_VS_IPV6=y
 CONFIG_IP_VS_RR=m
 CONFIG_IP_VS_WRR=m
@@ -847,6 +858,7 @@ CONFIG_INET6_AH=m
 CONFIG_INET6_ESP=m
 CONFIG_INET6_IPCOMP=m
 CONFIG_IPV6_MIP6=y
+CONFIG_IPV6_ILA=m
 CONFIG_IPV6_VTI=m
 CONFIG_IPV6_SIT=m
 CONFIG_IPV6_SIT_6RD=y
@@ -1074,8 +1086,12 @@ CONFIG_NFT_REJECT=m
 CONFIG_NFT_COMPAT=m
 
 CONFIG_NF_TABLES_IPV4=m
+CONFIG_NF_DUP_IPV4=m
+CONFIG_NF_DUP_IPV6=m
 CONFIG_NF_REJECT_IPV6=m
 CONFIG_NFT_REJECT_IPV4=m
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_DUP_IPV6=m
 CONFIG_NFT_CHAIN_ROUTE_IPV4=m
 CONFIG_NFT_CHAIN_NAT_IPV4=m
 CONFIG_NF_TABLES_ARP=m
@@ -1263,6 +1279,7 @@ CONFIG_BATMAN_ADV_MCAST=y
 
 # CONFIG_BATMAN_ADV_DEBUG is not set
 CONFIG_OPENVSWITCH=m
+CONFIG_OPENVSWITCH_CONNTRACK=y
 CONFIG_OPENVSWITCH_GRE=y
 CONFIG_OPENVSWITCH_VXLAN=y
 CONFIG_OPENVSWITCH_GENEVE=y
@@ -1301,6 +1318,7 @@ CONFIG_TUN=m
 # CONFIG_TUN_VNET_CROSS_LE is not set
 CONFIG_VETH=m
 CONFIG_NLMON=m
+CONFIG_NET_VRF=m
 
 #
 # ATM
@@ -1354,6 +1372,8 @@ CONFIG_L2TP_ETH=m
 
 # CONFIG_CAIF is not set
 
+CONFIG_LWTUNNEL=y
+
 CONFIG_RFKILL=m
 CONFIG_RFKILL_GPIO=m
 CONFIG_RFKILL_INPUT=y
@@ -1575,6 +1595,9 @@ CONFIG_SUNGEM=m
 CONFIG_CASSINI=m
 CONFIG_NIU=m
 
+# CONFIG_NET_VENDOR_SYNOPSYS is not set
+# CONFIG_SYNOPSYS_DWC_ETH_QOS is not set
+
 CONFIG_NET_VENDOR_TEHUTI=y
 CONFIG_TEHUTI=m
 
@@ -1601,6 +1624,7 @@ CONFIG_BCM87XX_PHY=m
 CONFIG_CICADA_PHY=m
 CONFIG_DAVICOM_PHY=m
 CONFIG_DP83640_PHY=m
+CONFIG_MICROCHIP_PHY=m
 CONFIG_FIXED_PHY=y
 CONFIG_MDIO_BITBANG=m
 CONFIG_MDIO_BCM_UNIMAC=m
@@ -1618,7 +1642,10 @@ CONFIG_STE10XP=m
 CONFIG_VITESSE_PHY=m
 CONFIG_MICREL_PHY=m
 CONFIG_DP83867_PHY=m
+CONFIG_DP83848_PHY=m
 # CONFIG_MICREL_KS8995MA is not set
+CONFIG_AQUANTIA_PHY=m
+CONFIG_TERANETICS_PHY=m
 
 CONFIG_MII=m
 CONFIG_NET_CORE=y
@@ -1633,6 +1660,7 @@ CONFIG_BCMGENET=m
 CONFIG_BNX2=m
 CONFIG_BNX2X=m
 CONFIG_BNX2X_SRIOV=y
+CONFIG_BNX2X_VXLAN=y
 CONFIG_CNIC=m
 CONFIG_FEALNX=m
 CONFIG_ETHOC=m
@@ -1650,6 +1678,7 @@ CONFIG_JME=m
 # CONFIG_MLX4_EN is not set
 # CONFIG_MLX4_EN_VXLAN is not set
 # CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
 # CONFIG_SFC is not set
 
 # CONFIG_FDDI is not set
@@ -1862,6 +1891,7 @@ CONFIG_USB_NET_RNDIS_WLAN=m
 CONFIG_USB_NET_KALMIA=m
 CONFIG_USB_NET_QMI_WWAN=m
 CONFIG_USB_NET_SMSC75XX=m
+CONFIG_USB_NET_CH9200=m
 # CONFIG_WL_TI is not set
 CONFIG_ZD1211RW=m
 # CONFIG_ZD1211RW_DEBUG is not set
@@ -1894,14 +1924,15 @@ CONFIG_IEEE802154_SOCKET=m
 CONFIG_IEEE802154_6LOWPAN=m
 CONFIG_IEEE802154_DRIVERS=m
 CONFIG_IEEE802154_FAKELB=m
+CONFIG_IEEE802154_ATUSB=m
 CONFIG_IEEE802154_CC2520=m
 # CONFIG_IEEE802154_AT86RF230 is not set
 # CONFIG_IEEE802154_MRF24J40 is not set
-# CONFIG_IEEE802154_ATUSB is not set
 
 CONFIG_MAC802154=m
 CONFIG_NET_MPLS_GSO=m
 CONFIG_MPLS_ROUTING=m
+CONFIG_MPLS_IPTUNNEL=m
 
 CONFIG_NET_SWITCHDEV=y
 
@@ -2018,6 +2049,7 @@ CONFIG_NFC_ST21NFCA_I2C=m
 # CONFIG_NFC_NCI_SPI is not set
 # CONFIG_NFC_NCI_UART is not set
 # CONFIG_NFC_ST_NCI is not set
+# CONFIG_NFC_S3FWRN5_I2C is not set
 
 
 #
@@ -2063,6 +2095,7 @@ CONFIG_WINBOND_FIR=m
 #
 CONFIG_BT=m
 CONFIG_BT_BREDR=y
+CONFIG_BT_HS=y
 CONFIG_BT_LE=y
 CONFIG_BT_6LOWPAN=m
 # CONFIG_BT_SELFTEST is not set
@@ -2091,6 +2124,7 @@ CONFIG_BT_HCIUART_ATH3K=y
 CONFIG_BT_HCIUART_3WIRE=y
 CONFIG_BT_HCIUART_INTEL=y
 CONFIG_BT_HCIUART_BCM=y
+CONFIG_BT_HCIUART_QCA=y
 CONFIG_BT_HCIDTL1=m
 CONFIG_BT_HCIBT3C=m
 CONFIG_BT_HCIBLUECARD=m
@@ -2104,6 +2138,7 @@ CONFIG_BT_HCIUART_LL=y
 CONFIG_BT_MRVL=m
 CONFIG_BT_MRVL_SDIO=m
 CONFIG_BT_ATH3K=m
+CONFIG_BT_QCA=m
 CONFIG_BT_WILINK=m
 
 #
@@ -2421,6 +2456,7 @@ CONFIG_TOUCHSCREEN_ZFORCE=m
 # CONFIG_TOUCHSCREEN_CHIPONE_ICN8318 is not set
 # CONFIG_TOUCHSCREEN_SX8654 is not set
 # CONFIG_TOUCHSCREEN_WDT87XX_I2C is not set
+# CONFIG_TOUCHSCREEN_IMX6UL_TSC is not set
 
 CONFIG_INPUT_MISC=y
 CONFIG_INPUT_E3X0_BUTTON=m
@@ -2504,6 +2540,7 @@ CONFIG_SERIAL_JSM=m
 
 # CONFIG_SERIAL_ALTERA_JTAGUART is not set
 # CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_UARTLITE is not set
 
 #
 # Non-8250 serial port support
@@ -2543,6 +2580,7 @@ CONFIG_I2C_CHARDEV=m
 # CONFIG_I2C_MUX_GPIO is not set
 # CONFIG_I2C_MUX_PCA9541 is not set
 # CONFIG_I2C_MUX_PINCTRL is not set
+# CONFIG_I2C_MUX_REG is not set
 #
 
 #
@@ -2571,6 +2609,7 @@ CONFIG_I2C_ALGOPCA=m
 # CONFIG_I2C_NFORCE2_S4985 is not set
 # CONFIG_I2C_EG20T is not set
 # CONFIG_I2C_CBUS_GPIO is not set
+# CONFIG_I2C_EMEV2 is not set
 CONFIG_I2C_VIPERBOARD=m
 
 CONFIG_EEPROM_AT24=m
@@ -2762,6 +2801,7 @@ CONFIG_SENSORS_AD7314=m
 CONFIG_PMBUS=m
 CONFIG_SENSORS_PMBUS=m
 CONFIG_SENSORS_MAX16064=m
+CONFIG_SENSORS_MAX20751=m
 CONFIG_SENSORS_LM25066=m
 CONFIG_SENSORS_LTC2978=m
 CONFIG_SENSORS_MAX34440=m
@@ -2789,7 +2829,7 @@ CONFIG_HID_SENSOR_IIO_TRIGGER=m
 # CONFIG_AD5380 is not set
 # CONFIG_AD5064 is not set
 # CONFIG_BMA180 is not set
-# CONFIG_BMC150_ACCEL is not set
+CONFIG_BMC150_ACCEL=m
 # CONFIG_MAX1363 is not set
 # CONFIG_MAX517 is not set
 # CONFIG_MAX5821 is not set
@@ -2883,6 +2923,9 @@ CONFIG_ACPI_ALS=m
 CONFIG_KXCJK1013=m
 # CONFIG_ISL29125 is not set
 # CONFIG_JSA1212 is not set
+CONFIG_RPR0521=m
+CONFIG_OPT3001=m
+CONFIG_PA12203001=m
 # CONFIG_TCS3414 is not set
 # CONFIG_AK09911 is not set
 # CONFIG_T5403 is not set
@@ -3107,6 +3150,7 @@ CONFIG_RTC_DRV_PCF85063=m
 # CONFIG_RTC_DRV_ISL12057 is not set
 # CONFIG_RTC_DRV_XGENE is not set
 # CONFIG_RTC_DRV_ABB5ZES3 is not set
+# CONFIG_RTC_DRV_ZYNQMP is not set
 
 CONFIG_R3964=m
 # CONFIG_APPLICOM is not set
@@ -3132,6 +3176,7 @@ CONFIG_VGA_ARB_MAX_GPUS=16
 
 
 CONFIG_DRM=m
+CONFIG_DRM_FBDEV_EMULATION=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_AST=m  # do not enable on f17 or older
 CONFIG_DRM_CIRRUS_QEMU=m  # do not enable on f17 or older
@@ -3160,6 +3205,8 @@ CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_I2C_ADV7511=m
 CONFIG_DRM_I2C_CH7006=m
 CONFIG_DRM_I2C_SIL164=m
+# CONFIG_DRM_NXP_PTN3460 is not set
+# CONFIG_DRM_PARADE_PS8622 is not set
 CONFIG_DRM_I2C_NXP_TDA998X=m
 CONFIG_DRM_UDL=m
 CONFIG_DRM_VMWGFX=m
@@ -3172,6 +3219,7 @@ CONFIG_DRM_PS8622=m
 # CONFIG_DRM_PANEL is not set
 # CONFIG_DRM_PANEL_SIMPLE is not set
 # CONFIG_DRM_PANEL_S6E8AA0 is not set
+# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set
 CONFIG_DRM_VGEM=m
 
 #
@@ -3343,6 +3391,7 @@ CONFIG_DVB_FIREDTV=m
 CONFIG_DVB_NGENE=m
 CONFIG_DVB_DDBRIDGE=m
 CONFIG_DVB_SMIPCIE=m
+CONFIG_DVB_NETUP_UNIDVB=m
 CONFIG_DVB_USB_TECHNISAT_USB2=m
 CONFIG_DVB_USB_V2=m
 
@@ -3444,6 +3493,7 @@ CONFIG_V4L_MEM2MEM_DRIVERS=y
 # CONFIG_VIDEO_SH_VEU is not set
 # CONFIG_VIDEO_RENESAS_VSP1 is not set
 # CONFIG_V4L_TEST_DRIVERS is not set
+# CONFIG_DVB_PLATFORM_DRIVERS is not set
 
 #
 # Broadcom Crystal HD video decoder driver
@@ -3526,6 +3576,7 @@ CONFIG_FB_EFI=y
 # CONFIG_FB_UDL is not set
 # CONFIG_FB_GOLDFISH is not set
 # CONFIG_FB_OPENCORES is not set
+# CONFIG_FB_SM712 is not set
 
 # CONFIG_FIRMWARE_EDID is not set
 
@@ -3766,6 +3817,7 @@ CONFIG_USB_SL811_HCD_ISO=y
 # CONFIG_USB_SL811_CS is not set
 # CONFIG_USB_R8A66597_HCD is not set
 CONFIG_USB_XHCI_HCD=y
+# CONFIG_USB_XHCI_PLATFORM is not set
 # CONFIG_USB_MAX3421_HCD is not set
 
 #
@@ -3874,6 +3926,7 @@ CONFIG_HID_EMS_FF=m
 CONFIG_HID_ELECOM=m
 CONFIG_HID_ELO=m
 CONFIG_HID_EZKEY=m
+CONFIG_HID_GEMBIRD=m
 CONFIG_HID_UCLOGIC=m
 CONFIG_HID_WALTOP=m
 CONFIG_HID_ACRUX=m
@@ -3977,6 +4030,7 @@ CONFIG_USB_KAWETH=m
 CONFIG_USB_PEGASUS=m
 CONFIG_USB_RTL8150=m
 CONFIG_USB_RTL8152=m
+CONFIG_USB_LAN78XX=m
 CONFIG_USB_USBNET=m
 CONFIG_USB_SPEEDTOUCH=m
 CONFIG_USB_NET_AX8817X=m
@@ -4261,6 +4315,7 @@ CONFIG_MFD_VIPERBOARD=m
 # CONFIG_MFD_RT5033 is not set
 # CONFIG_MFD_SKY81452 is not set
 # CONFIG_MFD_MAX77843 is not set
+# CONFIG_MFD_DA9062 is not set
 # CONFIG_EZX_PCAP is not set
 # CONFIG_INTEL_SOC_PMIC is not set
 
@@ -4274,7 +4329,7 @@ CONFIG_MISC_FILESYSTEMS=y
 # CONFIG_EXT2_FS is not set
 # CONFIG_EXT3_FS is not set
 CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT23=y
+CONFIG_EXT4_USE_FOR_EXT2=y
 CONFIG_EXT4_FS_POSIX_ACL=y
 CONFIG_EXT4_FS_SECURITY=y
 # CONFIG_EXT4_ENCRYPTION is not set
@@ -4311,7 +4366,7 @@ CONFIG_AUTOFS4_FS=y
 # CONFIG_EXOFS_FS is not set
 # CONFIG_EXOFS_DEBUG is not set
 CONFIG_NILFS2_FS=m
-# CONFIG_FS_DAX is not set
+CONFIG_FS_DAX=y
 # CONFIG_LOGFS is not set
 CONFIG_CEPH_FS=m
 CONFIG_CEPH_FSCACHE=y
@@ -4610,6 +4665,7 @@ CONFIG_HEADERS_CHECK=y
 # CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
 # CONFIG_DEBUG_LOCKDEP is not set
 # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_STATIC_KEYS_SELFTEST is not set
 
 # DEBUG options that don't get enabled/disabled with 'make debug/release'
 
@@ -4847,6 +4903,7 @@ CONFIG_BACKLIGHT_LP855X=m
 # CONFIG_BACKLIGHT_GPIO is not set
 # CONFIG_BACKLIGHT_LV5207LP is not set
 # CONFIG_BACKLIGHT_BD6107 is not set
+# CONFIG_BACKLIGHT_PM8941_WLED is not set
 
 CONFIG_LCD_CLASS_DEVICE=m
 CONFIG_LCD_PLATFORM=m
@@ -4880,6 +4937,7 @@ CONFIG_CGROUPS=y
 CONFIG_CGROUP_CPUACCT=y
 CONFIG_CGROUP_DEVICE=y
 CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_PIDS=y
 CONFIG_CGROUP_SCHED=y
 CONFIG_MEMCG=y
 CONFIG_MEMCG_SWAP=y
@@ -5066,6 +5124,10 @@ CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
 # CONFIG_SND_SOC_TS3A227E is not set
 # CONFIG_SND_SOC_XTFPGA_I2S is not set
 # CONFIG_SND_SOC_STA32X is not set 
+# CONFIG_SND_SOC_CS4349 is not set
+# CONFIG_SND_SOC_GTM601 is not set
+# CONFIG_SND_SOC_STI_SAS is not set
+# 
 
 CONFIG_BALLOON_COMPACTION=y
 CONFIG_COMPACTION=y
@@ -5129,6 +5191,7 @@ CONFIG_DMA_ENGINE=y
 CONFIG_DW_DMAC_CORE=m
 CONFIG_DW_DMAC=m
 CONFIG_DW_DMAC_PCI=m
+# CONFIG_IDMA64 is not set
 # CONFIG_DW_DMAC_BIG_ENDIAN_IO is not set
 # CONFIG_TIMB_DMA is not set
 # CONFIG_DMATEST is not set
@@ -5354,6 +5417,7 @@ CONFIG_STAGING_MEDIA=y
 # CONFIG_I2C_BCM2048 is not set
 # CONFIG_DT3155 is not set
 # CONFIG_PRISM2_USB is not set
+# CONFIG_MOST is not set
 CONFIG_USB_ATMEL=m
 # CONFIG_COMEDI is not set
 # CONFIG_PANEL is not set
@@ -5405,6 +5469,7 @@ CONFIG_USBIP_HOST=m
 # CONFIG_FB_SM7XX is not set
 # CONFIG_FB_TFT is not set
 # CONFIG_FB_SM750 is not set
+# CONFIG_STAGING_RDMA is not set
 # END OF STAGING
 
 #
@@ -5482,6 +5547,8 @@ CONFIG_ZSMALLOC=y
 # CONFIG_ZSMALLOC_STAT is not set
 # CONFIG_PGTABLE_MAPPING is not set
 
+# CONFIG_IDLE_PAGE_TRACKING is not set
+
 # CONFIG_MDIO_GPIO is not set
 # CONFIG_KEYBOARD_GPIO is not set
 # CONFIG_KEYBOARD_GPIO_POLLED is not set
@@ -5529,6 +5596,7 @@ CONFIG_GPIO_VIPERBOARD=m
 # CONFIG_GPIO_MCP23S08 is not set
 # CONFIG_GPIO_XILINX is not set
 # CONFIG_GPIO_ALTERA is not set
+# CONFIG_GPIO_ZX is not set
 
 # FIXME: Why?
 
@@ -5569,6 +5637,7 @@ CONFIG_PSTORE_RAM=m
 # CONFIG_MEMTEST is not set
 # CONFIG_TEST_HEXDUMP is not set
 # CONFIG_TEST_RHASHTABLE is not set
+# CONFIG_TEST_STATIC_KEYS is not set
 
 # CONFIG_AVERAGE is not set
 # CONFIG_VMXNET3 is not set
diff --git a/config-powerpc64-generic b/config-powerpc64-generic
index ce547a8d2..7f0b10585 100644
--- a/config-powerpc64-generic
+++ b/config-powerpc64-generic
@@ -14,6 +14,7 @@ CONFIG_PPC_PSERIES=y
 # CONFIG_PPC_PMAC is not set
 # CONFIG_PPC_PMAC64 is not set
 # CONFIG_PPC_PS3 is not set
+CONFIG_HIBERNATION=n
 
 CONFIG_EXTRA_TARGETS=""
 
@@ -127,6 +128,7 @@ CONFIG_MTD_POWERNV_FLASH=m
 CONFIG_PPC_TRANSACTIONAL_MEM=y
 CONFIG_BLK_DEV_RSXX=m
 CONFIG_CXL=m
+CONFIG_CXLFLASH=m
 CONFIG_IBMEBUS=y
 CONFIG_EHEA=m
 CONFIG_INFINIBAND_EHCA=m
@@ -209,6 +211,7 @@ CONFIG_CAPI_EICON=y
 CONFIG_LEDS_TRIGGER_TIMER=m
 CONFIG_LEDS_TRIGGER_HEARTBEAT=m
 CONFIG_LEDS_TRIGGER_GPIO=m
+CONFIG_LEDS_POWERNV=m
 
 CONFIG_USB_EHCI_HCD_PPC_OF=y
 CONFIG_USB_OHCI_HCD_PCI=y
@@ -358,6 +361,8 @@ CONFIG_I2C_MPC=m
 # CONFIG_NET_VENDOR_PASEMI is not set
 # CONFIG_NET_VENDOR_TOSHIBA is not set
 
+CONFIG_MDIO_OCTEON=m
+
 # CONFIG_OF_UNITTEST is not set
 # CONFIG_OF_OVERLAY is not set
 # CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set
diff --git a/config-powerpc64le b/config-powerpc64le
index 48c8c0d8a..7d9f3fc3a 100644
--- a/config-powerpc64le
+++ b/config-powerpc64le
@@ -1,3 +1,6 @@
 CONFIG_CPU_LITTLE_ENDIAN=y
 
 CONFIG_POWER7_CPU=y
+
+# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
+CONFIG_CHECKPOINT_RESTORE=y
diff --git a/config-s390x b/config-s390x
index f58e4d8b4..ae94aa82d 100644
--- a/config-s390x
+++ b/config-s390x
@@ -201,6 +201,7 @@ CONFIG_VMCP=y
 CONFIG_SCHED_MC=y
 CONFIG_SCHED_BOOK=y
 CONFIG_SCHED_TOPOLOGY=y
+# CONFIG_NUMA is not set
 
 # CONFIG_WARN_DYNAMIC_STACK is not set
 
@@ -290,6 +291,7 @@ CONFIG_HOTPLUG_PCI_S390=y
 # CONFIG_SH_ETH is not set
 # CONFIG_NET_VENDOR_VIA is not set
 # CONFIG_IEEE802154_DRIVERS is not set
+# CONFIG_MDIO_OCTEON is not set
 
 # CONFIG_FMC is not set
 
diff --git a/config-x86-generic b/config-x86-generic
index b82a9b12b..c1c694352 100644
--- a/config-x86-generic
+++ b/config-x86-generic
@@ -4,6 +4,8 @@ CONFIG_X86_EXTENDED_PLATFORM=y
 
 CONFIG_X86_GENERIC=y
 
+# CONFIG_X86_LEGACY_VM86 is not set
+
 CONFIG_HPET=y
 CONFIG_HPET_TIMER=y
 # CONFIG_HPET_MMAP is not set
@@ -102,7 +104,7 @@ CONFIG_ACPI_IPMI=m
 CONFIG_ACPI_CUSTOM_METHOD=m
 CONFIG_ACPI_BGRT=y
 # CONFIG_ACPI_EXTLOG is not set
-CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
+# CONFIG_ACPI_REV_OVERRIDE_POSSIBLE is not set
 
 CONFIG_INTEL_SOC_PMIC=y
 CONFIG_PMIC_OPREGION=y
@@ -111,6 +113,7 @@ CONFIG_XPOWER_PMIC_OPREGION=y
 CONFIG_GPIO_CRYSTAL_COVE=y
 CONFIG_AXP288_ADC=y
 CONFIG_AXP288_FUEL_GAUGE=y
+# CONFIG_PWM_CRC is not set
 
 
 CONFIG_X86_INTEL_PSTATE=y
@@ -133,6 +136,7 @@ CONFIG_CRYPTO_DEV_CCP=y
 CONFIG_CRYPTO_DEV_CCP_DD=m
 CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
 CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
+CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
 
 CONFIG_GENERIC_ISA_DMA=y
 
@@ -310,6 +314,9 @@ CONFIG_XEN_PCIDEV_BACKEND=m
 CONFIG_XEN_ACPI_PROCESSOR=m
 # CONFIG_XEN_SCSI_FRONTEND is not set
 # CONFIG_XEN_SCSI_BACKEND is not set
+CONFIG_XEN_SYMS=y
+
+CONFIG_SPI_PXA2XX=m
 
 CONFIG_MTD_ESB2ROM=m
 CONFIG_MTD_CK804XROM=m
@@ -457,6 +464,8 @@ CONFIG_CRYPTO_CRC32_PCLMUL=m
 
 CONFIG_HP_ACCEL=m
 
+CONFIG_SURFACE_PRO3_BUTTON=m
+
 # CONFIG_RAPIDIO is not set
 
 CONFIG_SCHED_SMT=y
@@ -498,10 +507,14 @@ CONFIG_NFC_MICROREAD_MEI=m
 # CONFIG_X86_GOLDFISH is not set
 
 CONFIG_X86_INTEL_LPSS=y
+CONFIG_IDMA64=m
 
 # CONFIG_X86_AMD_PLATFORM_DEVICE is not set
 # CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
 
+CONFIG_MFD_INTEL_LPSS_ACPI=m
+CONFIG_MFD_INTEL_LPSS_PCI=m
+
 CONFIG_IOSF_MBI=m
 # CONFIG_IOSF_MBI_DEBUG is not set
 CONFIG_PWM_LPSS=m
@@ -536,6 +549,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
 CONFIG_INTEL_SOC_DTS_THERMAL=m
 CONFIG_INT340X_THERMAL=m
 CONFIG_INTEL_RAPL=m
+CONFIG_INTEL_PCH_THERMAL=m
 
 CONFIG_VMWARE_VMCI=m
 CONFIG_VMWARE_VMCI_VSOCKETS=m
@@ -554,6 +568,8 @@ CONFIG_MODULE_SIG_ALL=y
 # CONFIG_MODULE_SIG_SHA1 is not set
 CONFIG_MODULE_SIG_SHA256=y
 # CONFIG_MODULE_SIG_FORCE is not set
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
+CONFIG_SYSTEM_TRUSTED_KEYS=""
 CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y
 CONFIG_EFI_SIGNATURE_LIST_PARSER=y
 
@@ -563,9 +579,11 @@ CONFIG_EFI_SIGNATURE_LIST_PARSER=y
 CONFIG_MODULE_SIG_UEFI=y
 
 CONFIG_VMXNET3=m
+CONFIG_FUJITSU_ES=m
 CONFIG_VFIO_PCI_VGA=y
 
 CONFIG_PCH_CAN=m
 
 # CONFIG_X86_DEBUG_FPU is not set
 # CONFIG_PUNIT_ATOM_DEBUG is not set
+# CONFIG_AMD_MCE_INJ is not set
diff --git a/config-x86_64-generic b/config-x86_64-generic
index 94c476027..272999819 100644
--- a/config-x86_64-generic
+++ b/config-x86_64-generic
@@ -86,6 +86,8 @@ CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
 CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
 CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
 CONFIG_CRYPTO_DES3_EDE_X86_64=m
+CONFIG_CRYPTO_POLY1305_X86_64=m
+CONFIG_CRYPTO_CHACHA20_X86_64=m
 # staging crypto
 # CONFIG_CRYPTO_SKEIN is not set
 
@@ -134,6 +136,7 @@ CONFIG_XEN_SYS_HYPERVISOR=y
 # CONFIG_XEN_MCE_LOG is not set
 # CONFIG_XEN_STUB is not set
 # CONFIG_XEN_PVH is not set
+CONFIG_XEN_512GB=y
 
 CONFIG_PROVIDE_OHCI1394_DMA_INIT=y
 
@@ -199,6 +202,8 @@ CONFIG_BTT=y
 CONFIG_ND_BTT=m
 CONFIG_ND_BLK=m
 
+CONFIG_MDIO_OCTEON=m
+
 CONFIG_NO_HZ_FULL=y
 # CONFIG_NO_HZ_IDLE is not set
 # CONFIG_NO_HZ_FULL_ALL is not set
diff --git a/crash-driver.patch b/crash-driver.patch
index 4f4cad0ea..d88138440 100644
--- a/crash-driver.patch
+++ b/crash-driver.patch
@@ -148,7 +148,7 @@ index 000000000000..404bcb93c112
 +
 +#endif /* _ASM_IA64_CRASH_H */
 diff --git a/arch/ia64/kernel/ia64_ksyms.c b/arch/ia64/kernel/ia64_ksyms.c
-index 5b7791dd3965..aee4b870c763 100644
+index 096731049538..e88887827906 100644
 --- a/arch/ia64/kernel/ia64_ksyms.c
 +++ b/arch/ia64/kernel/ia64_ksyms.c
 @@ -84,6 +84,9 @@ EXPORT_SYMBOL(ia64_save_scratch_fpregs);
@@ -240,10 +240,10 @@ index 000000000000..552be5e2c571
 +
 +#endif /* _S390_CRASH_H */
 diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c
-index 2eb34bdfc613..11ce5c98462c 100644
+index 8a993a53fcd6..8f511795b52e 100644
 --- a/arch/s390/mm/maccess.c
 +++ b/arch/s390/mm/maccess.c
-@@ -193,6 +193,7 @@ void *xlate_dev_mem_ptr(phys_addr_t addr)
+@@ -197,6 +197,7 @@ void *xlate_dev_mem_ptr(phys_addr_t addr)
  	put_online_cpus();
  	return bounce;
  }
@@ -251,7 +251,7 @@ index 2eb34bdfc613..11ce5c98462c 100644
  
  /*
   * Free converted buffer for /dev/mem access (if necessary)
-@@ -202,3 +203,4 @@ void unxlate_dev_mem_ptr(phys_addr_t addr, void *buf)
+@@ -206,3 +207,4 @@ void unxlate_dev_mem_ptr(phys_addr_t addr, void *buf)
  	if ((void *) addr != buf)
  		free_page((unsigned long) buf);
  }
@@ -269,7 +269,7 @@ index 000000000000..fd4736ec99f5
 +
 +#endif /* _X86_CRASH_H */
 diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
-index a4af8221751e..193f1a7c2ce5 100644
+index a043107da2af..b272397f306a 100644
 --- a/drivers/char/Kconfig
 +++ b/drivers/char/Kconfig
 @@ -4,6 +4,9 @@
@@ -283,10 +283,10 @@ index a4af8221751e..193f1a7c2ce5 100644
  
  config DEVMEM
 diff --git a/drivers/char/Makefile b/drivers/char/Makefile
-index d06cde26031b..0832636fd9bc 100644
+index d8a7579300d2..31c83630f593 100644
 --- a/drivers/char/Makefile
 +++ b/drivers/char/Makefile
-@@ -62,3 +62,5 @@ js-rtc-y = rtc.o
+@@ -60,3 +60,5 @@ js-rtc-y = rtc.o
  
  obj-$(CONFIG_TILE_SROM)		+= tile-srom.o
  obj-$(CONFIG_XILLYBUS)		+= xillybus/
diff --git a/disable-i8042-check-on-apple-mac.patch b/disable-i8042-check-on-apple-mac.patch
index 40cdb7df3..e75028da2 100644
--- a/disable-i8042-check-on-apple-mac.patch
+++ b/disable-i8042-check-on-apple-mac.patch
@@ -1,3 +1,4 @@
+From 31e64826785b5bafef7a6361516c060be2bca253 Mon Sep 17 00:00:00 2001
 From: Bastien Nocera <hadess@hadess.net>
 Date: Thu, 20 May 2010 10:30:31 -0400
 Subject: [PATCH] disable i8042 check on apple mac
@@ -17,11 +18,11 @@ Signed-off-by: Bastien Nocera <hadess@hadess.net>
  1 file changed, 22 insertions(+)
 
 diff --git a/drivers/input/serio/i8042.c b/drivers/input/serio/i8042.c
-index bfb0b2280df0..06b10fe7e65b 100644
+index c9c98f0ab284..5137185e14a9 100644
 --- a/drivers/input/serio/i8042.c
 +++ b/drivers/input/serio/i8042.c
-@@ -1484,6 +1484,22 @@ static struct platform_driver i8042_driver = {
- 	.shutdown	= i8042_shutdown,
+@@ -1540,6 +1540,22 @@ static struct notifier_block i8042_kbd_bind_notifier_block = {
+ 	.notifier_call = i8042_kbd_bind_notifier,
  };
  
 +#ifdef CONFIG_DMI
@@ -43,7 +44,7 @@ index bfb0b2280df0..06b10fe7e65b 100644
  static int __init i8042_init(void)
  {
  	struct platform_device *pdev;
-@@ -1491,6 +1507,12 @@ static int __init i8042_init(void)
+@@ -1547,6 +1563,12 @@ static int __init i8042_init(void)
  
  	dbg_init();
  
@@ -56,3 +57,6 @@ index bfb0b2280df0..06b10fe7e65b 100644
  	err = i8042_platform_init();
  	if (err)
  		return err;
+-- 
+2.4.3
+
diff --git a/drm-i915-hush-check-crtc-state.patch b/drm-i915-hush-check-crtc-state.patch
index 7aef532ec..fa4baffbf 100644
--- a/drm-i915-hush-check-crtc-state.patch
+++ b/drm-i915-hush-check-crtc-state.patch
@@ -1,3 +1,4 @@
+From 02f47b49ab1cdbe62ceb71b658e2c469799ae368 Mon Sep 17 00:00:00 2001
 From: Adam Jackson <ajax@redhat.com>
 Date: Wed, 13 Nov 2013 10:17:24 -0500
 Subject: [PATCH] drm/i915: hush check crtc state
@@ -14,15 +15,18 @@ Upstream-status: http://lists.freedesktop.org/archives/intel-gfx/2013-November/0
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index f75173c20f47..1003782a38c4 100644
+index ca9278be49f7..308ac0539a87 100644
 --- a/drivers/gpu/drm/i915/intel_display.c
 +++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -10917,7 +10917,7 @@ check_crtc_state(struct drm_device *dev)
- 
- 		if (active &&
- 		    !intel_pipe_config_compare(dev, crtc->config, &pipe_config)) {
+@@ -12688,7 +12688,7 @@ check_crtc_state(struct drm_device *dev, struct drm_atomic_state *old_state)
+ 		sw_config = to_intel_crtc_state(crtc->state);
+ 		if (!intel_pipe_config_compare(dev, sw_config,
+ 					       pipe_config, false)) {
 -			I915_STATE_WARN(1, "pipe state doesn't match!\n");
 +			DRM_DEBUG_KMS("pipe state doesn't match!\n");
- 			intel_dump_pipe_config(crtc, &pipe_config,
+ 			intel_dump_pipe_config(intel_crtc, pipe_config,
  					       "[hw state]");
- 			intel_dump_pipe_config(crtc, crtc->config,
+ 			intel_dump_pipe_config(intel_crtc, sw_config,
+-- 
+2.4.3
+
diff --git a/efi-Add-EFI_SECURE_BOOT-bit.patch b/efi-Add-EFI_SECURE_BOOT-bit.patch
index 318a8e70d..94f7fe768 100644
--- a/efi-Add-EFI_SECURE_BOOT-bit.patch
+++ b/efi-Add-EFI_SECURE_BOOT-bit.patch
@@ -1,6 +1,7 @@
+From b4467813ec088c13bd8c9f1eafb7c29d889d7c8f Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:33:03 -0400
-Subject: [PATCH] efi: Add EFI_SECURE_BOOT bit
+Subject: [PATCH 13/20] efi: Add EFI_SECURE_BOOT bit
 
 UEFI machines can be booted in Secure Boot mode.  Add a EFI_SECURE_BOOT bit
 for use with efi_enabled.
@@ -12,10 +13,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  2 files changed, 3 insertions(+)
 
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index c2e4f52cad30..5def6b4143fa 100644
+index 1ac118146e90..f93826b8522c 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1162,7 +1162,9 @@ void __init setup_arch(char **cmdline_p)
+@@ -1137,7 +1137,9 @@ void __init setup_arch(char **cmdline_p)
  
  #ifdef CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE
  	if (boot_params.secure_boot) {
@@ -37,3 +38,6 @@ index 85ef051ac6fb..de3e45088d4a 100644
  
  #ifdef CONFIG_EFI
  /*
+-- 
+2.4.3
+
diff --git a/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch b/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
index 4e0861ce8..ba2f3cefa 100644
--- a/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
+++ b/efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
@@ -1,6 +1,7 @@
+From 9ef94251448aa463c5937ee8e8e27d6fd9529509 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 5 Feb 2013 19:25:05 -0500
-Subject: [PATCH] efi: Disable secure boot if shim is in insecure mode
+Subject: [PATCH 11/20] efi: Disable secure boot if shim is in insecure mode
 
 A user can manually tell the shim boot loader to disable validation of
 images it loads.  When a user does this, it creates a UEFI variable called
@@ -14,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 19 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 105e7360d747..83fc4e9888ee 100644
+index b4de3faa3f29..5cc2ef570390 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -830,8 +830,9 @@ out:
@@ -52,3 +53,6 @@ index 105e7360d747..83fc4e9888ee 100644
  	return 1;
  }
  
+-- 
+2.4.3
+
diff --git a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
index 2b9410db8..095bea782 100644
--- a/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
+++ b/efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
@@ -1,6 +1,7 @@
+From 0081083434db41c15b72eced975da0bd9b80566b Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Tue, 27 Aug 2013 13:28:43 -0400
-Subject: [PATCH] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
+Subject: [PATCH 12/20] efi: Make EFI_SECURE_BOOT_SIG_ENFORCE depend on EFI
 
 The functionality of the config option is dependent upon the platform being
 UEFI based.  Reflect this in the config deps.
@@ -11,10 +12,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index ab403a636357..5dac78119fa7 100644
+index 14db458f4774..f6ff0a86d841 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -1696,7 +1696,8 @@ config EFI_MIXED
+@@ -1735,7 +1735,8 @@ config EFI_MIXED
  	   If unsure, say N.
  
  config EFI_SECURE_BOOT_SIG_ENFORCE
@@ -24,3 +25,6 @@ index ab403a636357..5dac78119fa7 100644
  	prompt "Force module signing when UEFI Secure Boot is enabled"
  	---help---
  	  UEFI Secure Boot provides a mechanism for ensuring that the
+-- 
+2.4.3
+
diff --git a/filter-aarch64.sh b/filter-aarch64.sh
index e3623aa97..dae47aaa3 100755
--- a/filter-aarch64.sh
+++ b/filter-aarch64.sh
@@ -11,4 +11,4 @@
 
 driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
 
-singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
+singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
diff --git a/filter-armv7hl.sh b/filter-armv7hl.sh
index 3056b23c3..5803dd01f 100755
--- a/filter-armv7hl.sh
+++ b/filter-armv7hl.sh
@@ -11,4 +11,4 @@
 
 driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn media memstick message nfc ntb pcmcia platform ssb staging uio uwb"
 
-singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
+singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
diff --git a/filter-i686.sh b/filter-i686.sh
index 0533bd53d..784ab37e4 100755
--- a/filter-i686.sh
+++ b/filter-i686.sh
@@ -11,4 +11,4 @@
 
 driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
 
-singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub hid-sensor-magn-3d hid-sensor-incl-3d hid-sensor-gyro-3d hid-sensor-iio-common hid-sensor-accel-3d hid-sensor-trigger hid-sensor-als hid-sensor-rotation target_core_user"
+singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub hid-sensor-magn-3d hid-sensor-incl-3d hid-sensor-gyro-3d hid-sensor-iio-common hid-sensor-accel-3d hid-sensor-trigger hid-sensor-als hid-sensor-rotation target_core_user"
diff --git a/filter-modules.sh b/filter-modules.sh
index 5abfc8627..31b78ce29 100755
--- a/filter-modules.sh
+++ b/filter-modules.sh
@@ -32,7 +32,7 @@ netprots="appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee802154 irda l
 
 drmdrvs="ast gma500 mgag200 via nouveau"
 
-singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user"
+singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user"
 
 # Grab the arch-specific filter list overrides
 source ./filter-$2.sh
diff --git a/filter-ppc64.sh b/filter-ppc64.sh
index d98e14eb2..8001e0944 100755
--- a/filter-ppc64.sh
+++ b/filter-ppc64.sh
@@ -11,4 +11,4 @@
 
 driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
 
-singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
+singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
diff --git a/filter-ppc64le.sh b/filter-ppc64le.sh
index eb0808c6a..c8948c94d 100755
--- a/filter-ppc64le.sh
+++ b/filter-ppc64le.sh
@@ -11,4 +11,4 @@
 
 driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
 
-singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
+singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
diff --git a/filter-ppc64p7.sh b/filter-ppc64p7.sh
index ff5c9fd5f..32c43a489 100755
--- a/filter-ppc64p7.sh
+++ b/filter-ppc64p7.sh
@@ -11,4 +11,4 @@
 
 driverdirs="atm auxdisplay bcma bluetooth fmc infiniband isdn leds media memstick message mmc mtd nfc ntb pcmcia platform power ssb staging uio uwb"
 
-singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs iscsi_tcp megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
+singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qla1280 9pnet_rdma rpcrdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user"
diff --git a/firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch b/firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
index 74ba804ee..64b7dbefa 100644
--- a/firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
+++ b/firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
@@ -75,10 +75,10 @@ Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
-index 6c5c9edf5ff6..8b56d498dd61 100644
+index 894bda114224..f7a8d27b6459 100644
 --- a/drivers/base/firmware_class.c
 +++ b/drivers/base/firmware_class.c
-@@ -1111,7 +1111,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
+@@ -1144,7 +1144,7 @@ _request_firmware(const struct firmware **firmware_p, const char *name,
  		}
  	} else {
  		ret = usermodehelper_read_trylock();
diff --git a/hibernate-Disable-in-a-signed-modules-environment.patch b/hibernate-Disable-in-a-signed-modules-environment.patch
index 77e1e7036..f62ea08b0 100644
--- a/hibernate-Disable-in-a-signed-modules-environment.patch
+++ b/hibernate-Disable-in-a-signed-modules-environment.patch
@@ -1,6 +1,7 @@
+From 51abecb00c48941cc3db19701cc73e65082924bb Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
 Date: Fri, 20 Jun 2014 08:53:24 -0400
-Subject: [PATCH] hibernate: Disable in a signed modules environment
+Subject: [PATCH 14/20] hibernate: Disable in a signed modules environment
 
 There is currently no way to verify the resume image when returning
 from hibernate.  This might compromise the signed modules trust model,
@@ -13,7 +14,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index 2329daae5255..48a8e82c7e2e 100644
+index 690f78f210f2..037303a1cba9 100644
 --- a/kernel/power/hibernate.c
 +++ b/kernel/power/hibernate.c
 @@ -29,6 +29,7 @@
@@ -33,3 +34,6 @@ index 2329daae5255..48a8e82c7e2e 100644
  }
  
  /**
+-- 
+2.4.3
+
diff --git a/input-kill-stupid-messages.patch b/input-kill-stupid-messages.patch
index a11bcbe6d..04205f857 100644
--- a/input-kill-stupid-messages.patch
+++ b/input-kill-stupid-messages.patch
@@ -9,7 +9,7 @@ Upstream-status: Fedora mustard
  1 file changed, 4 insertions(+)
 
 diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c
-index 387c51f4b4e4..04a1c7d47aba 100644
+index ec876b5b1382..9d5216e23a09 100644
 --- a/drivers/input/keyboard/atkbd.c
 +++ b/drivers/input/keyboard/atkbd.c
 @@ -436,11 +436,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data,
diff --git a/kbuild-AFTER_LINK.patch b/kbuild-AFTER_LINK.patch
index 2dfb637e8..7a18fd241 100644
--- a/kbuild-AFTER_LINK.patch
+++ b/kbuild-AFTER_LINK.patch
@@ -1,3 +1,4 @@
+From 7877d76b409181af38d307b98d8fed1024f3c9c2 Mon Sep 17 00:00:00 2001
 From: Roland McGrath <roland@redhat.com>
 Date: Mon, 6 Oct 2008 23:03:03 -0700
 Subject: [PATCH] kbuild: AFTER_LINK
@@ -62,7 +63,7 @@ index effca9404b17..713891a92d23 100644
        cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile
-index 8ad2b34ad151..e153572ab351 100644
+index ee8a18e50a25..63e33fa049f8 100644
 --- a/arch/s390/kernel/vdso32/Makefile
 +++ b/arch/s390/kernel/vdso32/Makefile
 @@ -43,7 +43,8 @@ $(obj-vdso32): %.o: %.S
@@ -76,7 +77,7 @@ index 8ad2b34ad151..e153572ab351 100644
        cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile
-index 2a8ddfd12a5b..452ca53561fe 100644
+index c4b03f9ed228..550450fc2f95 100644
 --- a/arch/s390/kernel/vdso64/Makefile
 +++ b/arch/s390/kernel/vdso64/Makefile
 @@ -43,7 +43,8 @@ $(obj-vdso64): %.o: %.S
@@ -90,7 +91,7 @@ index 2a8ddfd12a5b..452ca53561fe 100644
        cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $<
  
 diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
-index e97032069f88..9ea82f444dea 100644
+index a3d0767a6b29..078c9be1db8f 100644
 --- a/arch/x86/entry/vdso/Makefile
 +++ b/arch/x86/entry/vdso/Makefile
 @@ -172,8 +172,9 @@ $(vdso32-images:%=$(obj)/%.dbg): $(obj)/vdso32-%.so.dbg: FORCE \
@@ -103,7 +104,7 @@ index e97032069f88..9ea82f444dea 100644
 +		$(if $(AFTER_LINK),; $(AFTER_LINK)) && \
 +		sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
  
- VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=sysv) \
+ VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
  	$(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
 diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
 index 1a10d8ac8162..092d0c0cf72c 100755
@@ -120,3 +121,6 @@ index 1a10d8ac8162..092d0c0cf72c 100755
  }
  
  
+-- 
+2.4.3
+
diff --git a/kernel.spec b/kernel.spec
index 9baebe504..bedb01bb0 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -22,7 +22,7 @@ Summary: The Linux kernel
 %global zipsed -e 's/\.ko$/\.ko.xz/'
 %endif
 
-# % define buildid .local
+# define buildid .local
 
 # baserelease defines which build revision of this kernel version we're
 # building.  We used to call this fedora_build, but the magical name
@@ -40,19 +40,19 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 200
+%global baserelease 300
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
 # on top of -- for example, 3.1-rc7-git1 starts with a 3.0 base,
 # which yields a base_sublevel of 0.
-%define base_sublevel 2
+%define base_sublevel 3
 
 ## If this is a released kernel ##
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 3
+%define stable_update 0
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -153,6 +153,7 @@ Summary: The Linux kernel
 %define kversion 4.%{base_sublevel}
 
 %define make_target bzImage
+%define image_install_path boot
 
 %define KVERREL %{version}-%{release}.%{_target_cpu}
 %define hdrarch %_target_cpu
@@ -245,21 +246,18 @@ Summary: The Linux kernel
 %define hdrarch i386
 %define pae PAE
 %define all_arch_configs kernel-%{version}-i?86*.config
-%define image_install_path boot
 %define kernel_image arch/x86/boot/bzImage
 %endif
 
 %ifarch x86_64
 %define asmarch x86
 %define all_arch_configs kernel-%{version}-x86_64*.config
-%define image_install_path boot
 %define kernel_image arch/x86/boot/bzImage
 %endif
 
 %ifarch %{power64}
 %define asmarch powerpc
 %define hdrarch powerpc
-%define image_install_path boot
 %define make_target vmlinux
 %define kernel_image vmlinux
 %define kernel_image_elf 1
@@ -275,7 +273,6 @@ Summary: The Linux kernel
 %define asmarch s390
 %define hdrarch s390
 %define all_arch_configs kernel-%{version}-s390x.config
-%define image_install_path boot
 %define make_target image
 %define kernel_image arch/s390/boot/image
 %define with_tools 0
@@ -283,7 +280,6 @@ Summary: The Linux kernel
 
 %ifarch %{arm}
 %define all_arch_configs kernel-%{version}-arm*.config
-%define image_install_path boot
 %define asmarch arm
 %define hdrarch arm
 %define pae lpae
@@ -306,7 +302,6 @@ Summary: The Linux kernel
 %define hdrarch arm64
 %define make_target Image.gz
 %define kernel_image arch/arm64/boot/Image.gz
-%define image_install_path boot
 %endif
 
 # Should make listnewconfig fail if there's config options
@@ -370,7 +365,7 @@ Requires: kernel-modules-uname-r = %{KVERREL}%{?variant}
 #
 # List the packages used during the kernel build
 #
-BuildRequires: kmod, patch, bash, sh-utils, tar
+BuildRequires: kmod, patch, bash, sh-utils, tar, git
 BuildRequires: bzip2, xz, findutils, gzip, m4, perl, perl-Carp, make, diffutils, gawk
 BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc
 BuildRequires: net-tools, hostname, bc
@@ -378,7 +373,7 @@ BuildRequires: net-tools, hostname, bc
 BuildRequires: sparse
 %endif
 %if %{with_perf}
-BuildRequires: elfutils-devel zlib-devel binutils-devel newt-devel python-devel perl(ExtUtils::Embed) bison flex
+BuildRequires: elfutils-devel zlib-devel binutils-devel newt-devel python-devel perl(ExtUtils::Embed) bison flex xz-devel
 BuildRequires: audit-libs-devel
 %ifnarch s390 s390x %{arm}
 BuildRequires: numactl-devel
@@ -466,7 +461,7 @@ Source2001: cpupower.config
 %if 0%{?stable_update}
 %if 0%{?stable_base}
 %define    stable_patch_00  patch-4.%{base_sublevel}.%{stable_base}.xz
-Patch00: %{stable_patch_00}
+Source5000: %{stable_patch_00}
 %endif
 
 # non-released_kernel case
@@ -474,176 +469,129 @@ Patch00: %{stable_patch_00}
 # near the top of this spec file.
 %else
 %if 0%{?rcrev}
-Patch00: patch-4.%{upstream_sublevel}-rc%{rcrev}.xz
+Source5000: patch-4.%{upstream_sublevel}-rc%{rcrev}.xz
 %if 0%{?gitrev}
-Patch01: patch-4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz
+Source5001: patch-4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz
 %endif
 %else
 # pre-{base_sublevel+1}-rc1 case
 %if 0%{?gitrev}
-Patch00: patch-4.%{base_sublevel}-git%{gitrev}.xz
+Source5000: patch-4.%{base_sublevel}-git%{gitrev}.xz
 %endif
 %endif
 %endif
 
 # build tweak for build ID magic, even for -vanilla
-Patch05: kbuild-AFTER_LINK.patch
+Source5005: kbuild-AFTER_LINK.patch
 
 %if !%{nopatches}
 
-
 # Git trees.
 
 # Standalone patches
 
-Patch450: input-kill-stupid-messages.patch
-Patch452: no-pcspkr-modalias.patch
+Patch451: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
 
-Patch458: regulator-axp20x-module-alias.patch
-Patch470: die-floppy-die.patch
+Patch452: amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
 
-Patch510: input-silence-i8042-noise.patch
-Patch530: silence-fbcon-logo.patch
+Patch453: amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
 
-Patch600: lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
+Patch454: arm64-avoid-needing-console-to-enable-serial-console.patch
 
-#rhbz 1126580
-Patch601: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
+Patch455: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
 
-Patch800: crash-driver.patch
+Patch456: arm64-acpi-drop-expert-patch.patch
 
-# crypto/
+Patch458: ARM-tegra-usb-no-reset.patch
 
-# secure boot
-Patch1000: Add-secure_modules-call.patch
-Patch1001: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
-Patch1002: x86-Lock-down-IO-port-access-when-module-security-is.patch
-Patch1003: ACPI-Limit-access-to-custom_method.patch
-Patch1004: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
-Patch1005: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
-Patch1006: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
-Patch1007: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
-Patch1008: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
-Patch1009: Add-option-to-automatically-enforce-module-signature.patch
-Patch1010: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
-Patch1011: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
-Patch1012: efi-Add-EFI_SECURE_BOOT-bit.patch
-Patch1013: hibernate-Disable-in-a-signed-modules-environment.patch
+Patch461: ARM-dts-Add-am335x-bonegreen.patch
 
-Patch1014: Add-EFI-signature-data-types.patch
-Patch1015: Add-an-EFI-signature-blob-parser-and-key-loader.patch
-Patch1016: KEYS-Add-a-system-blacklist-keyring.patch
-Patch1017: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
-Patch1018: MODSIGN-Support-not-importing-certs-from-db.patch
+Patch463: arm-i.MX6-Utilite-device-dtb.patch
 
-Patch1019: Add-sysrq-option-to-disable-secure-boot-mode.patch
+Patch466: input-kill-stupid-messages.patch
 
-# virt + ksm patches
+Patch467: die-floppy-die.patch
 
-# DRM
+Patch468: no-pcspkr-modalias.patch
 
-# nouveau + drm fixes
-# intel drm is all merged upstream
-Patch1826: drm-i915-hush-check-crtc-state.patch
+Patch470: silence-fbcon-logo.patch
 
-# Quiet boot fixes
+Patch471: Kbuild-Add-an-option-to-enable-GCC-VTA.patch
 
-# fs fixes
+Patch472: crash-driver.patch
 
-# NFSv4
+Patch473: Add-secure_modules-call.patch
 
-# patches headed upstream
-Patch12016: disable-i8042-check-on-apple-mac.patch
+Patch474: PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
 
-Patch14010: lis3-improve-handling-of-null-rate.patch
+Patch475: x86-Lock-down-IO-port-access-when-module-security-is.patch
 
-Patch15000: watchdog-Disable-watchdog-on-virtual-machines.patch
+Patch476: ACPI-Limit-access-to-custom_method.patch
 
-# PPC
+Patch477: asus-wmi-Restrict-debugfs-interface-when-module-load.patch
 
-# ARM64
-Patch16000: amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
-Patch16001: amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
-Patch16002: arm64-avoid-needing-console-to-enable-serial-console.patch
-Patch16003: usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
+Patch478: Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
 
-# ARMv7
-Patch16020: ARM-tegra-usb-no-reset.patch
-Patch16021: arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
-Patch16022: arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
-Patch16024: arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
-Patch16025: arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
-Patch16026: pinctrl-pinctrl-single-must-be-initialized-early.patch
+Patch479: acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
 
-Patch16028: arm-i.MX6-Utilite-device-dtb.patch
+Patch480: kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
 
-#rhbz 754518
-Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
+Patch481: x86-Restrict-MSR-access-when-module-loading-is-restr.patch
 
-# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
-Patch21242: criu-no-expert.patch
+Patch482: Add-option-to-automatically-enforce-module-signature.patch
 
-#rhbz 892811
-Patch21247: ath9k-rx-dma-stop-check.patch
+Patch483: efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
 
-#CVE-2015-2150 rhbz 1196266 1200397
-Patch26175: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
+Patch484: efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
 
-#rhbz 1212230
-Patch26176: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
+Patch485: efi-Add-EFI_SECURE_BOOT-bit.patch
 
-#rhbz 1133378
-Patch26219: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
+Patch486: hibernate-Disable-in-a-signed-modules-environment.patch
 
-#rhbz 1226743
-Patch26221: drm-i915-turn-off-wc-mmaps.patch
+Patch487: Add-EFI-signature-data-types.patch
 
+Patch488: Add-an-EFI-signature-blob-parser-and-key-loader.patch
 
-#rhbz 1244511
-Patch507: HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
+Patch489: KEYS-Add-a-system-blacklist-keyring.patch
+
+Patch490: MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
+
+Patch491: MODSIGN-Support-not-importing-certs-from-db.patch
+
+Patch492: Add-sysrq-option-to-disable-secure-boot-mode.patch
+
+Patch493: drm-i915-hush-check-crtc-state.patch
+
+Patch494: disable-i8042-check-on-apple-mac.patch
+
+Patch495: lis3-improve-handling-of-null-rate.patch
+
+Patch496: watchdog-Disable-watchdog-on-virtual-machines.patch
+
+Patch497: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
+
+Patch498: criu-no-expert.patch
+
+Patch499: ath9k-rx-dma-stop-check.patch
+
+Patch500: xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
+
+Patch501: Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
+
+Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
+
+Patch503: drm-i915-turn-off-wc-mmaps.patch
 
 Patch508: kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
 
 #rhbz 1239050
 Patch509: ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
 
-#rhbz 1253789
-Patch511: iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
+#rhbz 1275490
+Patch510: 0001-iwlwifi-Add-new-PCI-IDs-for-the-8260-series.patch
 
-#rhbz 1257534
-Patch515: nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
-
-#rhbz 1257500
-Patch517: vmwgfx-Rework-device-initialization.patch
-Patch518: drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
-
-#rhbz 1237136
-Patch522: block-blkg_destroy_all-should-clear-q-root_blkg-and-.patch
-
-#CVE-2015-6937 rhbz 1263139 1263140
-Patch523: RDS-verify-the-underlying-transport-exists-before-cr.patch
-
-#rhbz 1263762
-Patch526: 0001-x86-cpu-cacheinfo-Fix-teardown-path.patch
-
-#CVE-2015-5257 rhbz 1265607 1265612
-Patch527: USB-whiteheat-fix-potential-null-deref-at-probe.patch
-
-#CVE-2015-2925 rhbz 1209367 1209373
-Patch528: dcache-Handle-escaped-paths-in-prepend_path.patch
-Patch529: vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch
-
-#CVE-2015-7613 rhbz 1268270 1268273
-Patch532: Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch
-
-Patch533: net-inet-fix-race-in-reqsk_queue_unlink.patch
-
-#rhbz 1265978
-Patch536: si2168-Bounds-check-firmware.patch
-Patch537: si2157-Bounds-check-firmware.patch
-
-#rhbz 1268037
-Patch538: ALSA-hda-Add-dock-support-for-ThinkPad-T550.patch
+#CVE-2015-7990 rhbz 1276437 1276438
+Patch524: RDS-fix-race-condition-when-sending-a-message-on-unb.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1145,16 +1093,22 @@ if [ ! -d kernel-%{kversion}%{?dist}/vanilla-%{vanillaversion} ]; then
 # Update vanilla to the latest upstream.
 # (non-released_kernel case only)
 %if 0%{?rcrev}
-    ApplyPatch patch-4.%{upstream_sublevel}-rc%{rcrev}.xz
+    xzcat %{SOURCE5000} | patch -p1 -F1 -s
 %if 0%{?gitrev}
-    ApplyPatch patch-4.%{upstream_sublevel}-rc%{rcrev}-git%{gitrev}.xz
+    xzcat %{SOURCE5001} | patch -p1 -F1 -s
 %endif
 %else
 # pre-{base_sublevel+1}-rc1 case
 %if 0%{?gitrev}
-    ApplyPatch patch-4.%{base_sublevel}-git%{gitrev}.xz
+    xzcat %{SOURCE5000} | patch -p1 -F1 -s
 %endif
 %endif
+    git init
+    git config user.email "kernel-team@fedoraproject.org"
+    git config user.name "Fedora Kernel Team"
+    git config gc.auto 0
+    git add .
+    git commit -a -q -m "baseline"
 
     cd ..
 
@@ -1173,10 +1127,21 @@ fi
 cp -al vanilla-%{vanillaversion} linux-%{KVERREL}
 
 cd linux-%{KVERREL}
+if [ ! -d .git ]; then
+    git init
+    git config user.email "kernel-team@fedoraproject.org"
+    git config user.name "Fedora Kernel Team"
+    git config gc.auto 0
+    git add .
+    git commit -a -q -m "baseline"
+fi
+
 
 # released_kernel with possible stable updates
 %if 0%{?stable_base}
-ApplyPatch %{stable_patch_00}
+# This is special because the kernel spec is hell and nothing is consistent
+xzcat %{SOURCE5000} | patch -p1 -F1 -s
+git commit -a -m "Stable update"
 %endif
 
 # Drop some necessary files from the source dir into the buildroot
@@ -1204,210 +1169,13 @@ do
 done
 %endif
 
-ApplyPatch kbuild-AFTER_LINK.patch
-
+# The kbuild-AFTER_LINK patch is needed regardless so we list it as a Source
+# file and apply it separately from the rest.
+git am %{SOURCE5005}
 
 %if !%{nopatches}
 
-# Architecture patches
-# x86(-64)
-ApplyPatch lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
-
-# PPC
-
-# ARM64
-ApplyPatch amd-xgbe-a0-Add-support-for-XGBE-on-A0.patch
-ApplyPatch amd-xgbe-phy-a0-Add-support-for-XGBE-PHY-on-A0.patch
-ApplyPatch arm64-avoid-needing-console-to-enable-serial-console.patch
-ApplyPatch usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
-
-#
-# ARM
-#
-ApplyPatch ARM-tegra-usb-no-reset.patch
-
-ApplyPatch arm-dts-am335x-boneblack-lcdc-add-panel-info.patch
-ApplyPatch arm-dts-am335x-boneblack-add-cpu0-opp-points.patch
-ApplyPatch arm-dts-am335x-bone-common-setup-default-pinmux-http.patch
-ApplyPatch arm-dts-am335x-bone-common-add-uart2_pins-uart4_pins.patch
-ApplyPatch pinctrl-pinctrl-single-must-be-initialized-early.patch
-
-ApplyPatch arm-i.MX6-Utilite-device-dtb.patch
-
-#
-# bugfixes to drivers and filesystems
-#
-
-# ext4
-
-# xfs
-
-# btrfs
-
-# eCryptfs
-
-# NFSv4
-
-# USB
-
-# WMI
-
-# ACPI
-
-#
-# PCI
-#
-
-#
-# SCSI Bits.
-#
-
-# ACPI
-
-# ALSA
-
-# Networking
-
-# Misc fixes
-# The input layer spews crap no-one cares about.
-ApplyPatch input-kill-stupid-messages.patch
-
-# stop floppy.ko from autoloading during udev...
-ApplyPatch die-floppy-die.patch
-
-ApplyPatch no-pcspkr-modalias.patch
-
-# Silence some useless messages that still get printed with 'quiet'
-ApplyPatch input-silence-i8042-noise.patch
-
-# Make fbcon not show the penguins with 'quiet'
-ApplyPatch silence-fbcon-logo.patch
-
-# Changes to upstream defaults.
-#rhbz 1126580
-ApplyPatch Kbuild-Add-an-option-to-enable-GCC-VTA.patch
-
-# /dev/crash driver.
-ApplyPatch crash-driver.patch
-
-# crypto/
-
-# secure boot
-ApplyPatch Add-secure_modules-call.patch
-ApplyPatch PCI-Lock-down-BAR-access-when-module-security-is-ena.patch
-ApplyPatch x86-Lock-down-IO-port-access-when-module-security-is.patch
-ApplyPatch ACPI-Limit-access-to-custom_method.patch
-ApplyPatch asus-wmi-Restrict-debugfs-interface-when-module-load.patch
-ApplyPatch Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch
-ApplyPatch acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch
-ApplyPatch kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
-ApplyPatch x86-Restrict-MSR-access-when-module-loading-is-restr.patch
-ApplyPatch Add-option-to-automatically-enforce-module-signature.patch
-ApplyPatch efi-Disable-secure-boot-if-shim-is-in-insecure-mode.patch
-ApplyPatch efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch
-ApplyPatch efi-Add-EFI_SECURE_BOOT-bit.patch
-ApplyPatch hibernate-Disable-in-a-signed-modules-environment.patch
-
-ApplyPatch Add-EFI-signature-data-types.patch
-ApplyPatch Add-an-EFI-signature-blob-parser-and-key-loader.patch
-ApplyPatch KEYS-Add-a-system-blacklist-keyring.patch
-ApplyPatch MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch
-ApplyPatch MODSIGN-Support-not-importing-certs-from-db.patch
-
-ApplyPatch Add-sysrq-option-to-disable-secure-boot-mode.patch
-
-# Assorted Virt Fixes
-
-# DRM core
-
-# Nouveau DRM
-
-# Intel DRM
-ApplyPatch drm-i915-hush-check-crtc-state.patch
-
-# Radeon DRM
-
-# Patches headed upstream
-ApplyPatch disable-i8042-check-on-apple-mac.patch
-
-ApplyPatch lis3-improve-handling-of-null-rate.patch
-
-# Disable watchdog on virtual machines.
-ApplyPatch watchdog-Disable-watchdog-on-virtual-machines.patch
-
-#rhbz 754518
-ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
-
-# https://fedoraproject.org/wiki/Features/Checkpoint_Restore
-ApplyPatch criu-no-expert.patch
-
-#rhbz 892811
-ApplyPatch ath9k-rx-dma-stop-check.patch
-
-#CVE-2015-2150 rhbz 1196266 1200397
-ApplyPatch xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
-
-#rhbz 1212230
-ApplyPatch Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
-
-#rhbz 1133378
-ApplyPatch firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch
-
-#rhbz 1226743
-ApplyPatch drm-i915-turn-off-wc-mmaps.patch
-
-#rhbz 1212230
-# pplyPatch Input-Revert-Revert-synaptics-use-dmax-in-input_mt_a.patch
-# pplyPatch Input-synaptics-allocate-3-slots-to-keep-stability-i.patch
-# pplyPatch Input-synaptics-pin-3-touches-when-the-firmware-repo.patch
-
-#rhbz 1244511
-ApplyPatch HID-chicony-Add-support-for-Acer-Aspire-Switch-12.patch
-
-ApplyPatch kexec-uefi-copy-secure_boot-flag-in-boot-params.patch
-
-#rhbz 1239050
-ApplyPatch ideapad-laptop-Add-Lenovo-Yoga-3-14-to-no_hw_rfkill-.patch
-
-#rhbz 1253789
-ApplyPatch iSCSI-let-session-recovery_tmo-sysfs-writes-persist.patch
-
-#rhbz 1257534
-ApplyPatch nv46-Change-mc-subdev-oclass-from-nv44-to-nv4c.patch
-
-#rhbz 1257500
-ApplyPatch vmwgfx-Rework-device-initialization.patch
-ApplyPatch drm-vmwgfx-Allow-dropped-masters-render-node-like-ac.patch
-
-#rhbz 1237136
-ApplyPatch block-blkg_destroy_all-should-clear-q-root_blkg-and-.patch
-
-#CVE-2015-6937 rhbz 1263139 1263140
-ApplyPatch RDS-verify-the-underlying-transport-exists-before-cr.patch
-
-#rhbz 1263762
-ApplyPatch 0001-x86-cpu-cacheinfo-Fix-teardown-path.patch
-
-#CVE-2015-5257 rhbz 1265607 1265612
-ApplyPatch USB-whiteheat-fix-potential-null-deref-at-probe.patch
-
-ApplyPatch regulator-axp20x-module-alias.patch
-
-#CVE-2015-2925 rhbz 1209367 1209373
-ApplyPatch dcache-Handle-escaped-paths-in-prepend_path.patch
-ApplyPatch vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch
-
-#CVE-2015-7613 rhbz 1268270 1268273
-ApplyPatch Initialize-msg-shm-IPC-objects-before-doing-ipc_addi.patch
-
-ApplyPatch net-inet-fix-race-in-reqsk_queue_unlink.patch
-
-#rhbz 1265978
-ApplyPatch si2168-Bounds-check-firmware.patch
-ApplyPatch si2157-Bounds-check-firmware.patch
-
-#rhbz 1268037
-ApplyPatch ALSA-hda-Add-dock-support-for-ThinkPad-T550.patch
+git am %{patches}
 
 # END OF PATCH APPLICATIONS
 
@@ -1540,19 +1308,23 @@ BuildKernel() {
     %{make} -s ARCH=$Arch V=1 %{?_smp_mflags} $MakeTarget %{?sparse_mflags} %{?kernel_mflags}
     %{make} -s ARCH=$Arch V=1 %{?_smp_mflags} modules %{?sparse_mflags} || exit 1
 
+    mkdir -p $RPM_BUILD_ROOT/%{image_install_path}
+    mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer
+%if %{with_debuginfo}
+    mkdir -p $RPM_BUILD_ROOT%{debuginfodir}/%{image_install_path}
+%endif
+
 %ifarch %{arm} aarch64
     %{make} -s ARCH=$Arch V=1 dtbs dtbs_install INSTALL_DTBS_PATH=$RPM_BUILD_ROOT/%{image_install_path}/dtb-$KernelVer
+    cp -r $RPM_BUILD_ROOT/%{image_install_path}/dtb-$KernelVer $RPM_BUILD_ROOT/lib/modules/$KernelVer/dtb
     find arch/$Arch/boot/dts -name '*.dtb' -type f | xargs rm -f
 %endif
 
     # Start installing the results
-%if %{with_debuginfo}
-    mkdir -p $RPM_BUILD_ROOT%{debuginfodir}/boot
-    mkdir -p $RPM_BUILD_ROOT%{debuginfodir}/%{image_install_path}
-%endif
-    mkdir -p $RPM_BUILD_ROOT/%{image_install_path}
     install -m 644 .config $RPM_BUILD_ROOT/boot/config-$KernelVer
+    install -m 644 .config $RPM_BUILD_ROOT/lib/modules/$KernelVer/config
     install -m 644 System.map $RPM_BUILD_ROOT/boot/System.map-$KernelVer
+    install -m 644 System.map $RPM_BUILD_ROOT/lib/modules/$KernelVer/System.map
 
     # We estimate the size of the initramfs because rpm needs to take this size
     # into consideration when performing disk space calculations. (See bz #530778)
@@ -1560,6 +1332,7 @@ BuildKernel() {
 
     if [ -f arch/$Arch/boot/zImage.stub ]; then
       cp arch/$Arch/boot/zImage.stub $RPM_BUILD_ROOT/%{image_install_path}/zImage.stub-$KernelVer || :
+      cp arch/$Arch/boot/zImage.stub $RPM_BUILD_ROOT/lib/modules/$KernelVer/zImage.stub-$KernelVer || :
     fi
     %if %{signmodules}
     # Sign the image if we're using EFI
@@ -1573,13 +1346,14 @@ BuildKernel() {
     $CopyKernel $KernelImage \
     		$RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
     chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
+    cp $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer $RPM_BUILD_ROOT/lib/modules/$KernelVer/$InstallName
 
     # hmac sign the kernel for FIPS
     echo "Creating hmac file: $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac"
     ls -l $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
     sha512hmac $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | sed -e "s,$RPM_BUILD_ROOT,," > $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac;
+    cp $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac $RPM_BUILD_ROOT/lib/modules/$KernelVer/.vmlinuz.hmac
 
-    mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer
     # Override $(mod-fw) because we don't want it to install any firmware
     # we'll get it from the linux-firmware package and we don't want conflicts
     %{make} -s ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw=
@@ -1814,7 +1588,7 @@ BuildKernel %make_target %kernel_image
 %endif
 
 %global perf_make \
-  make -s EXTRA_CFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags}" %{?cross_opts} %{?_smp_mflags} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 prefix=%{_prefix}
+  make -s EXTRA_CFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags}" %{?cross_opts} %{?_smp_mflags} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 NO_PERF_READ_VDSOX32=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 prefix=%{_prefix}
 %if %{with_perf}
 # perf
 %{perf_make} DESTDIR=$RPM_BUILD_ROOT all
@@ -1992,7 +1766,6 @@ popd
 make DESTDIR=$RPM_BUILD_ROOT bootwrapper_install WRAPPER_OBJDIR=%{_libdir}/kernel-wrapper WRAPPER_DTSDIR=%{_libdir}/kernel-wrapper/dts
 %endif
 
-
 ###
 ### clean
 ###
@@ -2005,10 +1778,10 @@ rm -rf $RPM_BUILD_ROOT
 ###
 
 %if %{with_tools}
-%post -n kernel-tools
+%post -n kernel-tools-libs
 /sbin/ldconfig
 
-%postun -n kernel-tools
+%postun -n kernel-tools-libs
 /sbin/ldconfig
 %endif
 
@@ -2063,7 +1836,7 @@ fi\
 #
 %define kernel_variant_posttrans() \
 %{expand:%%posttrans %{?1:%{1}-}core}\
-/bin/kernel-install add %{KVERREL}%{?1:+%{1}} /%{image_install_path}/vmlinuz-%{KVERREL}%{?1:+%{1}} || exit $?\
+/bin/kernel-install add %{KVERREL}%{?1:+%{1}} /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz || exit $?\
 %{nil}
 
 #
@@ -2090,7 +1863,7 @@ fi}\
 #
 %define kernel_variant_preun() \
 %{expand:%%preun %{?1:%{1}-}core}\
-/bin/kernel-install remove %{KVERREL}%{?1:+%{1}} /%{image_install_path}/vmlinuz-%{KVERREL}%{?1:+%{1}} || exit $?\
+/bin/kernel-install remove %{KVERREL}%{?1:+%{1}} /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz || exit $?\
 %{nil}
 
 %kernel_variant_preun
@@ -2208,13 +1981,18 @@ fi
 %defattr(-,root,root)\
 %{!?_licensedir:%global license %%doc}\
 %license linux-%{KVERREL}/COPYING\
-/%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:+%{2}}\
-/%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:+%{2}}.hmac \
+/lib/modules/%{KVERREL}%{?2:+%{2}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}\
+%ghost /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:+%{2}}\
+/lib/modules/%{KVERREL}%{?2:+%{2}}/.vmlinuz.hmac \
+%ghost /%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:+%{2}}.hmac \
 %ifarch %{arm} aarch64\
-/%{image_install_path}/dtb-%{KVERREL}%{?2:+%{2}} \
+/lib/modules/%{KVERREL}%{?2:+%{2}}/dtb \
+%ghost /%{image_install_path}/dtb-%{KVERREL}%{?2:+%{2}} \
 %endif\
-%attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:+%{2}}\
-/boot/config-%{KVERREL}%{?2:+%{2}}\
+%attr(600,root,root) /lib/modules/%{KVERREL}%{?2:+%{2}}/System.map\
+%ghost /boot/System.map-%{KVERREL}%{?2:+%{2}}\
+/lib/modules/%{KVERREL}%{?2:+%{2}}/config\
+%ghost /boot/config-%{KVERREL}%{?2:+%{2}}\
 %ghost /boot/initramfs-%{KVERREL}%{?2:+%{2}}.img\
 %dir /lib/modules\
 %dir /lib/modules/%{KVERREL}%{?2:+%{2}}\
@@ -2259,6 +2037,9 @@ fi
 #
 # 
 %changelog
+* Wed Nov 11 2015 Josh Boyer <jwboyer@fedoraproject.org>
+- Linux v4.3
+
 * Wed Oct 07 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - Increase the default number of runtime UARTS (rhbz 1264383)
 
diff --git a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
index 5e2d79ec3..a5832ea70 100644
--- a/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
+++ b/kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch
@@ -1,3 +1,4 @@
+From 6306cad6e5663424c08e5ebdfdcfd799c5537bfe Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 9 Aug 2013 03:33:56 -0400
 Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module
@@ -13,18 +14,18 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
  1 file changed, 8 insertions(+)
 
 diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 38c25b1f2fd5..f2b5272156ce 100644
+index 4c5edc357923..db431971dbd4 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
-@@ -36,6 +36,7 @@
- #include <linux/syscore_ops.h>
- #include <linux/compiler.h>
- #include <linux/hugetlb.h>
+@@ -10,6 +10,7 @@
+ #include <linux/mm.h>
+ #include <linux/file.h>
+ #include <linux/kexec.h>
 +#include <linux/module.h>
- 
- #include <asm/page.h>
- #include <asm/uaccess.h>
-@@ -1247,6 +1248,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
+ #include <linux/mutex.h>
+ #include <linux/list.h>
+ #include <linux/syscalls.h>
+@@ -133,6 +134,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
  		return -EPERM;
  
  	/*
@@ -38,3 +39,6 @@ index 38c25b1f2fd5..f2b5272156ce 100644
  	 * Verify we have a legal set of flags
  	 * This leaves us room for future extensions.
  	 */
+-- 
+2.4.3
+
diff --git a/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch b/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
index 199868bbb..5e6d6611e 100644
--- a/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
+++ b/lib-cpumask-Make-CPUMASK_OFFSTACK-usable-without-deb.patch
@@ -19,10 +19,10 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/lib/Kconfig b/lib/Kconfig
-index 87da53bb1fef..c767ba0cbab7 100644
+index 3a2ef67db6c7..4af1e7e5a611 100644
 --- a/lib/Kconfig
 +++ b/lib/Kconfig
-@@ -391,7 +391,8 @@ config CHECK_SIGNATURE
+@@ -396,7 +396,8 @@ config CHECK_SIGNATURE
  	bool
  
  config CPUMASK_OFFSTACK
diff --git a/lis3-improve-handling-of-null-rate.patch b/lis3-improve-handling-of-null-rate.patch
index 022a95174..1dd00b645 100644
--- a/lis3-improve-handling-of-null-rate.patch
+++ b/lis3-improve-handling-of-null-rate.patch
@@ -17,7 +17,7 @@ Signed-off-by: ??ric Piel <eric.piel@tremplin-utc.net>
  1 file changed, 8 insertions(+), 8 deletions(-)
 
 diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
-index 3ef4627f9cb1..2b2d2e8e5eeb 100644
+index fb8705fc3aca..50c2b93c1273 100644
 --- a/drivers/misc/lis3lv02d/lis3lv02d.c
 +++ b/drivers/misc/lis3lv02d/lis3lv02d.c
 @@ -216,7 +216,8 @@ static void lis3lv02d_get_xyz(struct lis3lv02d *lis3, int *x, int *y, int *z)
diff --git a/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
index 1438d4e76..a51cb9b4a 100644
--- a/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
+++ b/scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
@@ -9,10 +9,10 @@ Upstream-status: Fedora mustard (might be worth dropping...)
  1 file changed, 6 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index a661d339adf7..d76e957e3ea4 100644
+index 3b2fcb4fada0..f0f9e8574303 100644
 --- a/drivers/scsi/sd.c
 +++ b/drivers/scsi/sd.c
-@@ -2741,13 +2741,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
+@@ -2717,13 +2717,18 @@ static int sd_try_extended_inquiry(struct scsi_device *sdp)
  static int sd_revalidate_disk(struct gendisk *disk)
  {
  	struct scsi_disk *sdkp = scsi_disk(disk);
diff --git a/silence-fbcon-logo.patch b/silence-fbcon-logo.patch
index e5549546d..9569d2a5b 100644
--- a/silence-fbcon-logo.patch
+++ b/silence-fbcon-logo.patch
@@ -9,7 +9,7 @@ Upstream-status: Fedora mustard
  1 file changed, 17 insertions(+), 7 deletions(-)
 
 diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
-index b97210671a81..2d12ad82fe75 100644
+index 658c34bb9076..25ab00980e4c 100644
 --- a/drivers/video/console/fbcon.c
 +++ b/drivers/video/console/fbcon.c
 @@ -634,13 +634,15 @@ static void fbcon_prepare_logo(struct vc_data *vc, struct fb_info *info,
@@ -35,7 +35,7 @@ index b97210671a81..2d12ad82fe75 100644
  	}
  }
  #endif /* MODULE */
-@@ -3620,6 +3622,14 @@ static int __init fb_console_init(void)
+@@ -3621,6 +3623,14 @@ static int __init fb_console_init(void)
  	return 0;
  }
  
diff --git a/sources b/sources
index 2c3c8343e..ef1f9f5a6 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,2 @@
-3d5ea06d767e2f35c999eeadafc76523  linux-4.2.tar.xz
-4c964bfba54d65b5b54cc898baddecad  perf-man-4.2.tar.gz
-6a7355d968116129c19dc053fb2d557a  patch-4.2.3.xz
+58b35794eee3b6d52ce7be39357801e7  linux-4.3.tar.xz
+7c516c9528b9f9aac0136944b0200b7e  perf-man-4.3.tar.gz
diff --git a/usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch b/usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
index da38d700f..79f58f775 100644
--- a/usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
+++ b/usb-make-xhci-platform-driver-use-64-bit-or-32-bit-D.patch
@@ -13,10 +13,10 @@ Signed-off-by: Mark Langsdorf <mlangsdo@redhat.com>
  1 file changed, 7 insertions(+), 8 deletions(-)
 
 diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c
-index 0e11d61408ff..cc5ca2cac706 100644
+index 890ad9d9d329..122b1fb12b7e 100644
 --- a/drivers/usb/host/xhci-plat.c
 +++ b/drivers/usb/host/xhci-plat.c
-@@ -83,14 +83,13 @@ static int xhci_plat_probe(struct platform_device *pdev)
+@@ -93,14 +93,13 @@ static int xhci_plat_probe(struct platform_device *pdev)
  	if (irq < 0)
  		return -ENODEV;
  
diff --git a/x86-Lock-down-IO-port-access-when-module-security-is.patch b/x86-Lock-down-IO-port-access-when-module-security-is.patch
index 4c1211d43..708006c2e 100644
--- a/x86-Lock-down-IO-port-access-when-module-security-is.patch
+++ b/x86-Lock-down-IO-port-access-when-module-security-is.patch
@@ -1,6 +1,8 @@
+From 7a3cdd26e6d38031338a6cb591ec2f3faaa9234b Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Thu, 8 Mar 2012 10:35:59 -0500
-Subject: [PATCH] x86: Lock down IO port access when module security is enabled
+Subject: [PATCH 03/20] x86: Lock down IO port access when module security is
+ enabled
 
 IO port access would permit users to gain access to PCI configuration
 registers, which in turn (on a lot of hardware) give access to MMIO register
@@ -65,3 +67,6 @@ index 6b1721f978c2..53fe675f9bd7 100644
  	if (!access_ok(VERIFY_READ, buf, count))
  		return -EFAULT;
  	while (count-- > 0 && i < 65536) {
+-- 
+2.4.3
+
diff --git a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
index 9053f2aea..5c91ab143 100644
--- a/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
+++ b/x86-Restrict-MSR-access-when-module-loading-is-restr.patch
@@ -1,6 +1,8 @@
+From c076ed5eed97cba612d7efec41359815c5547f4c Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <matthew.garrett@nebula.com>
 Date: Fri, 8 Feb 2013 11:12:13 -0800
-Subject: [PATCH] x86: Restrict MSR access when module loading is restricted
+Subject: [PATCH 09/20] x86: Restrict MSR access when module loading is
+ restricted
 
 Writing to MSRs should not be allowed if module loading is restricted,
 since it could lead to execution of arbitrary code in kernel mode. Based
@@ -37,3 +39,6 @@ index 113e70784854..26c2f83fc470 100644
  		if (copy_from_user(&regs, uregs, sizeof regs)) {
  			err = -EFAULT;
  			break;
+-- 
+2.4.3
+