linux-selinux 4.16.7-1 update

7 files changed, 28 insertions, 663 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 100d92b4bc03..7efd7f29561b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-selinux
-	pkgver = 4.16.5
+	pkgver = 4.16.7
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -13,8 +13,8 @@ pkgbase = linux-selinux
 	options = !strip
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.16.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.16.5.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.16.5.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.16.7.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.16.7.sign
 	source = config
 	source = 60-linux.hook
 	source = 90-linux.hook
@@ -22,23 +22,19 @@ pkgbase = linux-selinux
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 	source = 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 	source = 0003-Partially-revert-swiotlb-remove-various-exports.patch
-	source = 0004-Fix-vboxguest-on-guests-with-more-than-4G-RAM.patch
-	source = 0005-net-aquantia-Regression-on-reset-with-1.x-firmware.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	sha256sums = 63f6dc8e3c9f3a0273d5d6f4dca38a2413ca3a5f689329d05b750e4c87bb21b9
 	sha256sums = SKIP
-	sha256sums = 8c3bb050d11da6e91d3e169f76ee3ed6937e1ca64264e605ddba8108696ba011
+	sha256sums = f5ef83461054024814846eb816c76eba1b903f7e3e38c3417027b33070b60d91
 	sha256sums = SKIP
 	sha256sums = 4fd43dd0f4e218bf98ad1be600cdab0af00bb15cab034e7152e3e674a33b09e1
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
-	sha256sums = 113b1fe603f61b749c4cb3902a4f5d4fbec9d1e5081f008bac485cc345defa5f
-	sha256sums = 9db235c5edfc9a81a0f5866f9942e74d896243c37d50298288fbbe2f79169fd3
-	sha256sums = d57665a468f93c94b92924fdbdc72ea50def74d9c8999104c9594e64fb196328
-	sha256sums = 079180ceaae87a4851eb56e80f6e33b0199dad3343c73275ddb710e0824feb73
-	sha256sums = f1c751e29bc1bcfe634c49873eb34a5418db3dfbd1f6d789e738dee78071d3dd
+	sha256sums = 7fb607fe384dd814e9e45d7fc28f7b5b23a51d80784c54bf9209486ad428be14
+	sha256sums = ceaa19e0af3842c62eb666a4ac5c79d89b3e6d00593442f18d6508ca6d74bbaa
+	sha256sums = 5b397cf9eccdad0c1f2865842c29ba6f4e32ad7dbe4e0c6ef6ca6f07d2963cea
 
 pkgname = linux-selinux
 	pkgdesc = The Linux-selinux kernel and modules
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 156d03e21671..816d16d7aec2 100644
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,8 +1,8 @@
-From f7a249814be46cbcb7bad48e4b1910baaf7f8961 Mon Sep 17 00:00:00 2001
-Message-Id: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
+From dea1110505c920b0f7e0cdd8840448e48ef420fa Mon Sep 17 00:00:00 2001
+Message-Id: <dea1110505c920b0f7e0cdd8840448e48ef420fa.1525295228.git.jan.steffens@gmail.com>
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/5] add sysctl to disallow unprivileged CLONE_NEWUSER by
+Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by
  default
 
 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
diff --git a/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
index ad7ac0c34d53..fdb40cdae479 100644
--- a/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+++ b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
@@ -1,10 +1,10 @@
-From 7f9a95491f506700d46db581ef3734ced7c9618b Mon Sep 17 00:00:00 2001
-Message-Id: <7f9a95491f506700d46db581ef3734ced7c9618b.1524575789.git.jan.steffens@gmail.com>
-In-Reply-To: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
-References: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
+From 800a7732e3d89f3dac3b10ca6b82868286562331 Mon Sep 17 00:00:00 2001
+Message-Id: <800a7732e3d89f3dac3b10ca6b82868286562331.1525295228.git.jan.steffens@gmail.com>
+In-Reply-To: <dea1110505c920b0f7e0cdd8840448e48ef420fa.1525295228.git.jan.steffens@gmail.com>
+References: <dea1110505c920b0f7e0cdd8840448e48ef420fa.1525295228.git.jan.steffens@gmail.com>
 From: Jim Bride <jim.bride@linux.intel.com>
 Date: Mon, 6 Nov 2017 13:38:57 -0800
-Subject: [PATCH 2/5] drm/i915/edp: Only use the alternate fixed mode if it's
+Subject: [PATCH 2/3] drm/i915/edp: Only use the alternate fixed mode if it's
  asked for
 
 In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
diff --git a/0003-Partially-revert-swiotlb-remove-various-exports.patch b/0003-Partially-revert-swiotlb-remove-various-exports.patch
index 4669b03bd750..7434efb64fad 100644
--- a/0003-Partially-revert-swiotlb-remove-various-exports.patch
+++ b/0003-Partially-revert-swiotlb-remove-various-exports.patch
@@ -1,10 +1,10 @@
-From be536681bd2439bf8e95df124fa282cf4a2e7846 Mon Sep 17 00:00:00 2001
-Message-Id: <be536681bd2439bf8e95df124fa282cf4a2e7846.1524575789.git.jan.steffens@gmail.com>
-In-Reply-To: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
-References: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
+From d39f4cf63fe216321bf105e3062cef3ad5250cd3 Mon Sep 17 00:00:00 2001
+Message-Id: <d39f4cf63fe216321bf105e3062cef3ad5250cd3.1525295228.git.jan.steffens@gmail.com>
+In-Reply-To: <dea1110505c920b0f7e0cdd8840448e48ef420fa.1525295228.git.jan.steffens@gmail.com>
+References: <dea1110505c920b0f7e0cdd8840448e48ef420fa.1525295228.git.jan.steffens@gmail.com>
 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
 Date: Fri, 6 Apr 2018 16:19:38 +0200
-Subject: [PATCH 3/5] Partially revert "swiotlb: remove various exports"
+Subject: [PATCH 3/3] Partially revert "swiotlb: remove various exports"
 
 This partially reverts commit 4bd89ed39b2ab8dc4ac4b6c59b07d420b0213bec.
 The proprietary NVIDIA driver needs one of the exports.
diff --git a/0004-Fix-vboxguest-on-guests-with-more-than-4G-RAM.patch b/0004-Fix-vboxguest-on-guests-with-more-than-4G-RAM.patch
deleted file mode 100644
index ae5b8c9e4d5b..000000000000
--- a/0004-Fix-vboxguest-on-guests-with-more-than-4G-RAM.patch
+++ /dev/null
@@ -1,552 +0,0 @@
-From a117a2995f291e765c5de06f42f02a1687ecb55e Mon Sep 17 00:00:00 2001
-Message-Id: <a117a2995f291e765c5de06f42f02a1687ecb55e.1524575789.git.jan.steffens@gmail.com>
-In-Reply-To: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
-References: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
-From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
-Date: Wed, 11 Apr 2018 21:27:44 +0200
-Subject: [PATCH 4/5] Fix vboxguest on guests with more than 4G RAM
-
-Squashed commit of the following:
-
-commit 042b191f6b98165d6bcca3ae09a0f9b289d6155e
-Author: Hans de Goede <hdegoede@redhat.com>
-Date:   Thu Mar 29 17:28:57 2018 +0200
-
-    virt: vbox: Log an error when we fail to get the host version
-
-    This was the only error path during probe without a message being logged
-    about what went wrong, this fixes this.
-
-    Signed-off-by: Hans de Goede <hdegoede@redhat.com>
-
-commit e4111a6c617687f7cb414ddfa8176206910db76e
-Author: Hans de Goede <hdegoede@redhat.com>
-Date:   Thu Mar 29 17:28:56 2018 +0200
-
-    virt: vbox: Use __get_free_pages instead of kmalloc for DMA32 memory
-
-    It is not possible to get DMA32 zone memory through kmalloc, causing
-    the vboxguest driver to malfunction due to getting memory above
-    4G which the PCI device cannot handle.
-
-    This commit changes the kmalloc calls where the 4G limit matters to
-    using __get_free_pages() fixing vboxguest not working on x86_64 guests
-    with more then 4G RAM.
-
-    Cc: stable@vger.kernel.org
-    Reported-by: Eloy Coto Pereiro <eloy.coto@gmail.com>
-    Signed-off-by: Hans de Goede <hdegoede@redhat.com>
-
-commit 2cb20368ce32e7275a351eadadd4c8f3da742a28
-Author: Hans de Goede <hdegoede@redhat.com>
-Date:   Thu Mar 29 17:28:55 2018 +0200
-
-    virt: vbox: Add vbg_req_free() helper function
-
-    This is a preparation patch for fixing issues on x86_64 virtual-machines
-    with more then 4G of RAM, atm we pass __GFP_DMA32 to kmalloc, but kmalloc
-    does not honor that, so we need to switch to get_pages, which means we
-    will not be able to use kfree to free memory allocated with vbg_alloc_req.
-
-    While at it also remove a comment on a vbg_alloc_req call which talks
-    about Windows (inherited from the vbox upstream cross-platform code).
-
-    Cc: stable@vger.kernel.org
-    Signed-off-by: Hans de Goede <hdegoede@redhat.com>
-
-commit fa5c012bc9c3e1ada5cde0bfa3c6706be97b7cb0
-Author: Hans de Goede <hdegoede@redhat.com>
-Date:   Thu Mar 29 17:28:54 2018 +0200
-
-    virt: vbox: Move declarations of vboxguest private functions to private header
-
-    Move the declarations of functions from vboxguest_utils.c which are only
-    meant for vboxguest internal use from include/linux/vbox_utils.h to
-    drivers/virt/vboxguest/vboxguest_core.h.
-
-    Cc: stable@vger.kernel.org
-    Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- drivers/virt/vboxguest/vboxguest_core.c  | 70 +++++++++++++-----------
- drivers/virt/vboxguest/vboxguest_core.h  |  9 +++
- drivers/virt/vboxguest/vboxguest_linux.c | 19 ++++++-
- drivers/virt/vboxguest/vboxguest_utils.c | 17 ++++--
- include/linux/vbox_utils.h               | 23 --------
- 5 files changed, 76 insertions(+), 62 deletions(-)
-
-diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c
-index 190dbf8cfcb5..2f3856a95856 100644
---- a/drivers/virt/vboxguest/vboxguest_core.c
-+++ b/drivers/virt/vboxguest/vboxguest_core.c
-@@ -114,7 +114,7 @@ static void vbg_guest_mappings_init(struct vbg_dev *gdev)
- 	}
- 
- out:
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 	kfree(pages);
- }
- 
-@@ -144,7 +144,7 @@ static void vbg_guest_mappings_exit(struct vbg_dev *gdev)
- 
- 	rc = vbg_req_perform(gdev, req);
- 
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 
- 	if (rc < 0) {
- 		vbg_err("%s error: %d\n", __func__, rc);
-@@ -214,8 +214,8 @@ static int vbg_report_guest_info(struct vbg_dev *gdev)
- 	ret = vbg_status_code_to_errno(rc);
- 
- out_free:
--	kfree(req2);
--	kfree(req1);
-+	vbg_req_free(req2, sizeof(*req2));
-+	vbg_req_free(req1, sizeof(*req1));
- 	return ret;
- }
- 
-@@ -245,7 +245,7 @@ static int vbg_report_driver_status(struct vbg_dev *gdev, bool active)
- 	if (rc == VERR_NOT_IMPLEMENTED)	/* Compatibility with older hosts. */
- 		rc = VINF_SUCCESS;
- 
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 
- 	return vbg_status_code_to_errno(rc);
- }
-@@ -431,58 +431,52 @@ static int vbg_heartbeat_host_config(struct vbg_dev *gdev, bool enabled)
- 	rc = vbg_req_perform(gdev, req);
- 	do_div(req->interval_ns, 1000000); /* ns -> ms */
- 	gdev->heartbeat_interval_ms = req->interval_ns;
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 
- 	return vbg_status_code_to_errno(rc);
- }
- 
- /**
-  * Initializes the heartbeat timer. This feature may be disabled by the host.
-  * Return: 0 or negative errno value.
-  * @gdev:		The Guest extension device.
-  */
- static int vbg_heartbeat_init(struct vbg_dev *gdev)
- {
- 	int ret;
- 
- 	/* Make sure that heartbeat checking is disabled if we fail. */
- 	ret = vbg_heartbeat_host_config(gdev, false);
- 	if (ret < 0)
- 		return ret;
- 
- 	ret = vbg_heartbeat_host_config(gdev, true);
- 	if (ret < 0)
- 		return ret;
- 
--	/*
--	 * Preallocate the request to use it from the timer callback because:
--	 *    1) on Windows vbg_req_alloc must be called at IRQL <= APC_LEVEL
--	 *       and the timer callback runs at DISPATCH_LEVEL;
--	 *    2) avoid repeated allocations.
--	 */
- 	gdev->guest_heartbeat_req = vbg_req_alloc(
- 					sizeof(*gdev->guest_heartbeat_req),
- 					VMMDEVREQ_GUEST_HEARTBEAT);
- 	if (!gdev->guest_heartbeat_req)
- 		return -ENOMEM;
- 
- 	vbg_info("%s: Setting up heartbeat to trigger every %d milliseconds\n",
- 		 __func__, gdev->heartbeat_interval_ms);
- 	mod_timer(&gdev->heartbeat_timer, 0);
- 
- 	return 0;
- }
- 
- /**
-  * Cleanup hearbeat code, stop HB timer and disable host heartbeat checking.
-  * @gdev:		The Guest extension device.
-  */
- static void vbg_heartbeat_exit(struct vbg_dev *gdev)
- {
- 	del_timer_sync(&gdev->heartbeat_timer);
- 	vbg_heartbeat_host_config(gdev, false);
--	kfree(gdev->guest_heartbeat_req);
--
-+	vbg_req_free(gdev->guest_heartbeat_req,
-+		     sizeof(*gdev->guest_heartbeat_req));
- }
- 
- /**
-@@ -543,7 +537,7 @@ static int vbg_reset_host_event_filter(struct vbg_dev *gdev,
- 	if (rc < 0)
- 		vbg_err("%s error, rc: %d\n", __func__, rc);
- 
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 	return vbg_status_code_to_errno(rc);
- }
- 
-@@ -617,32 +611,32 @@ static int vbg_set_session_event_filter(struct vbg_dev *gdev,
- 
- out:
- 	mutex_unlock(&gdev->session_mutex);
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 
- 	return ret;
- }
- 
- /**
-  * Init and termination worker for set guest capabilities to zero on the host.
-  * Return: 0 or negative errno value.
-  * @gdev:		The Guest extension device.
-  */
- static int vbg_reset_host_capabilities(struct vbg_dev *gdev)
- {
- 	struct vmmdev_mask *req;
- 	int rc;
- 
- 	req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_SET_GUEST_CAPABILITIES);
- 	if (!req)
- 		return -ENOMEM;
- 
- 	req->not_mask = U32_MAX;
- 	req->or_mask = 0;
- 	rc = vbg_req_perform(gdev, req);
- 	if (rc < 0)
- 		vbg_err("%s error, rc: %d\n", __func__, rc);
- 
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 	return vbg_status_code_to_errno(rc);
- }
- 
-@@ -712,44 +706,46 @@ static int vbg_set_session_capabilities(struct vbg_dev *gdev,
- 
- out:
- 	mutex_unlock(&gdev->session_mutex);
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 
- 	return ret;
- }
- 
- /**
-  * vbg_query_host_version get the host feature mask and version information.
-  * Return: 0 or negative errno value.
-  * @gdev:		The Guest extension device.
-  */
- static int vbg_query_host_version(struct vbg_dev *gdev)
- {
- 	struct vmmdev_host_version *req;
- 	int rc, ret;
- 
- 	req = vbg_req_alloc(sizeof(*req), VMMDEVREQ_GET_HOST_VERSION);
- 	if (!req)
- 		return -ENOMEM;
- 
- 	rc = vbg_req_perform(gdev, req);
- 	ret = vbg_status_code_to_errno(rc);
--	if (ret)
-+	if (ret) {
-+		vbg_err("%s error: %d\n", __func__, rc);
- 		goto out;
-+	}
- 
- 	snprintf(gdev->host_version, sizeof(gdev->host_version), "%u.%u.%ur%u",
- 		 req->major, req->minor, req->build, req->revision);
- 	gdev->host_features = req->features;
- 
- 	vbg_info("vboxguest: host-version: %s %#x\n", gdev->host_version,
- 		 gdev->host_features);
- 
- 	if (!(req->features & VMMDEV_HVF_HGCM_PHYS_PAGE_LIST)) {
- 		vbg_err("vboxguest: Error host too old (does not support page-lists)\n");
- 		ret = -ENODEV;
- 	}
- 
- out:
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 	return ret;
- }
- 
-@@ -847,36 +843,46 @@ int vbg_core_init(struct vbg_dev *gdev, u32 fixed_events)
- 	return 0;
- 
- err_free_reqs:
--	kfree(gdev->mouse_status_req);
--	kfree(gdev->ack_events_req);
--	kfree(gdev->cancel_req);
--	kfree(gdev->mem_balloon.change_req);
--	kfree(gdev->mem_balloon.get_req);
-+	vbg_req_free(gdev->mouse_status_req,
-+		     sizeof(*gdev->mouse_status_req));
-+	vbg_req_free(gdev->ack_events_req,
-+		     sizeof(*gdev->ack_events_req));
-+	vbg_req_free(gdev->cancel_req,
-+		     sizeof(*gdev->cancel_req));
-+	vbg_req_free(gdev->mem_balloon.change_req,
-+		     sizeof(*gdev->mem_balloon.change_req));
-+	vbg_req_free(gdev->mem_balloon.get_req,
-+		     sizeof(*gdev->mem_balloon.get_req));
- 	return ret;
- }
- 
- /**
-  * Call this on exit to clean-up vboxguest-core managed resources.
-  *
-  * The native code should call this before the driver is loaded,
-  * but don't call this on shutdown.
-  * @gdev:		The Guest extension device.
-  */
- void vbg_core_exit(struct vbg_dev *gdev)
- {
- 	vbg_heartbeat_exit(gdev);
- 	vbg_guest_mappings_exit(gdev);
- 
- 	/* Clear the host flags (mouse status etc). */
- 	vbg_reset_host_event_filter(gdev, 0);
- 	vbg_reset_host_capabilities(gdev);
- 	vbg_core_set_mouse_status(gdev, 0);
- 
--	kfree(gdev->mouse_status_req);
--	kfree(gdev->ack_events_req);
--	kfree(gdev->cancel_req);
--	kfree(gdev->mem_balloon.change_req);
--	kfree(gdev->mem_balloon.get_req);
-+	vbg_req_free(gdev->mouse_status_req,
-+		     sizeof(*gdev->mouse_status_req));
-+	vbg_req_free(gdev->ack_events_req,
-+		     sizeof(*gdev->ack_events_req));
-+	vbg_req_free(gdev->cancel_req,
-+		     sizeof(*gdev->cancel_req));
-+	vbg_req_free(gdev->mem_balloon.change_req,
-+		     sizeof(*gdev->mem_balloon.change_req));
-+	vbg_req_free(gdev->mem_balloon.get_req,
-+		     sizeof(*gdev->mem_balloon.get_req));
- }
- 
- /**
-@@ -1415,7 +1421,7 @@ static int vbg_ioctl_write_core_dump(struct vbg_dev *gdev,
- 	req->flags = dump->u.in.flags;
- 	dump->hdr.rc = vbg_req_perform(gdev, req);
- 
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 	return 0;
- }
- 
-@@ -1513,7 +1519,7 @@ int vbg_core_set_mouse_status(struct vbg_dev *gdev, u32 features)
- 	if (rc < 0)
- 		vbg_err("%s error, rc: %d\n", __func__, rc);
- 
--	kfree(req);
-+	vbg_req_free(req, sizeof(*req));
- 	return vbg_status_code_to_errno(rc);
- }
- 
-diff --git a/drivers/virt/vboxguest/vboxguest_core.h b/drivers/virt/vboxguest/vboxguest_core.h
-index 6c784bf4fa6d..7ad9ec45bfa9 100644
---- a/drivers/virt/vboxguest/vboxguest_core.h
-+++ b/drivers/virt/vboxguest/vboxguest_core.h
-@@ -171,4 +171,13 @@ irqreturn_t vbg_core_isr(int irq, void *dev_id);
- 
- void vbg_linux_mouse_event(struct vbg_dev *gdev);
- 
-+/* Private (non exported) functions form vboxguest_utils.c */
-+void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type);
-+void vbg_req_free(void *req, size_t len);
-+int vbg_req_perform(struct vbg_dev *gdev, void *req);
-+int vbg_hgcm_call32(
-+	struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms,
-+	struct vmmdev_hgcm_function_parameter32 *parm32, u32 parm_count,
-+	int *vbox_status);
-+
- #endif
-diff --git a/drivers/virt/vboxguest/vboxguest_linux.c b/drivers/virt/vboxguest/vboxguest_linux.c
-index 82e280d38cc2..398d22693234 100644
---- a/drivers/virt/vboxguest/vboxguest_linux.c
-+++ b/drivers/virt/vboxguest/vboxguest_linux.c
-@@ -87,52 +87,65 @@ static long vbg_misc_device_ioctl(struct file *filp, unsigned int req,
- 	struct vbg_session *session = filp->private_data;
- 	size_t returned_size, size;
- 	struct vbg_ioctl_hdr hdr;
-+	bool is_vmmdev_req;
- 	int ret = 0;
- 	void *buf;
- 
- 	if (copy_from_user(&hdr, (void *)arg, sizeof(hdr)))
- 		return -EFAULT;
- 
- 	if (hdr.version != VBG_IOCTL_HDR_VERSION)
- 		return -EINVAL;
- 
- 	if (hdr.size_in < sizeof(hdr) ||
- 	    (hdr.size_out && hdr.size_out < sizeof(hdr)))
- 		return -EINVAL;
- 
- 	size = max(hdr.size_in, hdr.size_out);
- 	if (_IOC_SIZE(req) && _IOC_SIZE(req) != size)
- 		return -EINVAL;
- 	if (size > SZ_16M)
- 		return -E2BIG;
- 
--	/* __GFP_DMA32 because IOCTL_VMMDEV_REQUEST passes this to the host */
--	buf = kmalloc(size, GFP_KERNEL | __GFP_DMA32);
-+	/*
-+	 * IOCTL_VMMDEV_REQUEST needs the buffer to be below 4G to avoid
-+	 * the need for a bounce-buffer and another copy later on.
-+	 */
-+	is_vmmdev_req = (req & ~IOCSIZE_MASK) == VBG_IOCTL_VMMDEV_REQUEST(0) ||
-+			 req == VBG_IOCTL_VMMDEV_REQUEST_BIG;
-+
-+	if (is_vmmdev_req)
-+		buf = vbg_req_alloc(size, VBG_IOCTL_HDR_TYPE_DEFAULT);
-+	else
-+		buf = kmalloc(size, GFP_KERNEL);
- 	if (!buf)
- 		return -ENOMEM;
- 
- 	if (copy_from_user(buf, (void *)arg, hdr.size_in)) {
- 		ret = -EFAULT;
- 		goto out;
- 	}
- 	if (hdr.size_in < size)
- 		memset(buf + hdr.size_in, 0, size -  hdr.size_in);
- 
- 	ret = vbg_core_ioctl(session, req, buf);
- 	if (ret)
- 		goto out;
- 
- 	returned_size = ((struct vbg_ioctl_hdr *)buf)->size_out;
- 	if (returned_size > size) {
- 		vbg_debug("%s: too much output data %zu > %zu\n",
- 			  __func__, returned_size, size);
- 		returned_size = size;
- 	}
- 	if (copy_to_user((void *)arg, buf, returned_size) != 0)
- 		ret = -EFAULT;
- 
- out:
--	kfree(buf);
-+	if (is_vmmdev_req)
-+		vbg_req_free(buf, size);
-+	else
-+		kfree(buf);
- 
- 	return ret;
- }
-diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c
-index 0f0dab8023cf..bf4474214b4d 100644
---- a/drivers/virt/vboxguest/vboxguest_utils.c
-+++ b/drivers/virt/vboxguest/vboxguest_utils.c
-@@ -65,23 +65,32 @@ VBG_LOG(vbg_debug, pr_debug);
- void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type)
- {
- 	struct vmmdev_request_header *req;
-+	int order = get_order(PAGE_ALIGN(len));
- 
--	req = kmalloc(len, GFP_KERNEL | __GFP_DMA32);
-+	req = (void *)__get_free_pages(GFP_KERNEL | GFP_DMA32, order);
- 	if (!req)
- 		return NULL;
- 
- 	memset(req, 0xaa, len);
- 
- 	req->size = len;
- 	req->version = VMMDEV_REQUEST_HEADER_VERSION;
- 	req->request_type = req_type;
- 	req->rc = VERR_GENERAL_FAILURE;
- 	req->reserved1 = 0;
- 	req->reserved2 = 0;
- 
- 	return req;
- }
- 
-+void vbg_req_free(void *req, size_t len)
-+{
-+	if (!req)
-+		return;
-+
-+	free_pages((unsigned long)req, get_order(PAGE_ALIGN(len)));
-+}
-+
- /* Note this function returns a VBox status code, not a negative errno!! */
- int vbg_req_perform(struct vbg_dev *gdev, void *req)
- {
-@@ -137,7 +146,7 @@ int vbg_hgcm_connect(struct vbg_dev *gdev,
- 		rc = hgcm_connect->header.result;
- 	}
- 
--	kfree(hgcm_connect);
-+	vbg_req_free(hgcm_connect, sizeof(*hgcm_connect));
- 
- 	*vbox_status = rc;
- 	return 0;
-@@ -166,7 +175,7 @@ int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 client_id, int *vbox_status)
- 	if (rc >= 0)
- 		rc = hgcm_disconnect->header.result;
- 
--	kfree(hgcm_disconnect);
-+	vbg_req_free(hgcm_disconnect, sizeof(*hgcm_disconnect));
- 
- 	*vbox_status = rc;
- 	return 0;
-@@ -623,7 +632,7 @@ int vbg_hgcm_call(struct vbg_dev *gdev, u32 client_id, u32 function,
- 	}
- 
- 	if (!leak_it)
--		kfree(call);
-+		vbg_req_free(call, size);
- 
- free_bounce_bufs:
- 	if (bounce_bufs) {
-diff --git a/include/linux/vbox_utils.h b/include/linux/vbox_utils.h
-index c71def6b310f..a240ed2a0372 100644
---- a/include/linux/vbox_utils.h
-+++ b/include/linux/vbox_utils.h
-@@ -24,39 +24,16 @@ __printf(1, 2) void vbg_debug(const char *fmt, ...);
- #define vbg_debug pr_debug
- #endif
- 
--/**
-- * Allocate memory for generic request and initialize the request header.
-- *
-- * Return: the allocated memory
-- * @len:		Size of memory block required for the request.
-- * @req_type:		The generic request type.
-- */
--void *vbg_req_alloc(size_t len, enum vmmdev_request_type req_type);
--
--/**
-- * Perform a generic request.
-- *
-- * Return: VBox status code
-- * @gdev:		The Guest extension device.
-- * @req:		Pointer to the request structure.
-- */
--int vbg_req_perform(struct vbg_dev *gdev, void *req);
--
- int vbg_hgcm_connect(struct vbg_dev *gdev,
- 		     struct vmmdev_hgcm_service_location *loc,
- 		     u32 *client_id, int *vbox_status);
- 
- int vbg_hgcm_disconnect(struct vbg_dev *gdev, u32 client_id, int *vbox_status);
- 
- int vbg_hgcm_call(struct vbg_dev *gdev, u32 client_id, u32 function,
- 		  u32 timeout_ms, struct vmmdev_hgcm_function_parameter *parms,
- 		  u32 parm_count, int *vbox_status);
- 
--int vbg_hgcm_call32(
--	struct vbg_dev *gdev, u32 client_id, u32 function, u32 timeout_ms,
--	struct vmmdev_hgcm_function_parameter32 *parm32, u32 parm_count,
--	int *vbox_status);
--
- /**
-  * Convert a VirtualBox status code to a standard Linux kernel return value.
-  * Return: 0 or negative errno value.
--- 
-2.17.0
-
diff --git a/0005-net-aquantia-Regression-on-reset-with-1.x-firmware.patch b/0005-net-aquantia-Regression-on-reset-with-1.x-firmware.patch
deleted file mode 100644
index d02da63cb3b1..000000000000
--- a/0005-net-aquantia-Regression-on-reset-with-1.x-firmware.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 415d0ca52b88f7cf3300a54c337ca80ebeccce5c Mon Sep 17 00:00:00 2001
-Message-Id: <415d0ca52b88f7cf3300a54c337ca80ebeccce5c.1524575789.git.jan.steffens@gmail.com>
-In-Reply-To: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
-References: <f7a249814be46cbcb7bad48e4b1910baaf7f8961.1524575789.git.jan.steffens@gmail.com>
-From: Igor Russkikh <igor.russkikh@aquantia.com>
-Date: Wed, 11 Apr 2018 15:23:24 +0300
-Subject: [PATCH 5/5] net: aquantia: Regression on reset with 1.x firmware
-
-On ASUS XG-C100C with 1.5.44 firmware a special mode called "dirty wake"
-is active. With this mode when motherboard gets powered (but no poweron
-happens yet), NIC automatically enables powersave link and watches
-for WOL packet.
-This normally allows to powerup the PC after AC power failures.
-
-Not all motherboards or bios settings gives power to PCI slots,
-so this mode is not enabled on all the hardware.
-
-4.16 linux driver introduced full hardware reset sequence
-This is required since before that we had no NIC hardware
-reset implemented and there were side effects of "not clean start".
-
-But this full reset is incompatible with "dirty wake" WOL feature
-it keeps the PHY link in a special mode forever. As a consequence,
-driver sees no link and no traffic.
-
-To fix this we forcibly change FW state to idle state before doing
-the full reset. This makes FW to restore link state.
-
-Fixes: c8c82eb net: aquantia: Introduce global AQC hardware reset sequence
-Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- .../aquantia/atlantic/hw_atl/hw_atl_utils.c      | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
-index d3b847ec7465..c58b2c227260 100644
---- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
-+++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
-@@ -48,6 +48,8 @@
- #define FORCE_FLASHLESS 0
- 
- static int hw_atl_utils_ver_match(u32 ver_expected, u32 ver_actual);
-+static int hw_atl_utils_mpi_set_state(struct aq_hw_s *self,
-+				      enum hal_atl_utils_fw_state_e state);
- 
- int hw_atl_utils_initfw(struct aq_hw_s *self, const struct aq_fw_ops **fw_ops)
- {
-@@ -247,6 +249,20 @@ int hw_atl_utils_soft_reset(struct aq_hw_s *self)
- 
- 	self->rbl_enabled = (boot_exit_code != 0);
- 
-+	/* FW 1.x may bootup in an invalid POWER state (WOL feature).
-+	 * We should work around this by forcing its state back to DEINIT
-+	 */
-+	if (!hw_atl_utils_ver_match(HW_ATL_FW_VER_1X,
-+				    aq_hw_read_reg(self,
-+						   HW_ATL_MPI_FW_VERSION))) {
-+		int err = 0;
-+
-+		hw_atl_utils_mpi_set_state(self, MPI_DEINIT);
-+		AQ_HW_WAIT_FOR((aq_hw_read_reg(self, HW_ATL_MPI_STATE_ADR) &
-+			       HW_ATL_MPI_STATE_MSK) == MPI_DEINIT,
-+			       10, 1000U);
-+	}
-+
- 	if (self->rbl_enabled)
- 		return hw_atl_utils_soft_reset_rbl(self);
- 	else
--- 
-2.17.0
-
diff --git a/PKGBUILD b/PKGBUILD
index 23bbbef1ca83..8d525fae552e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,10 +2,13 @@
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Maintainer: Thomas Baechler <thomas@archlinux.org>
 # SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org)
+#
+# This PKGBUILD is maintained on https://github.com/archlinuxhardened/selinux.
+# If you want to help keep it up to date, please open a Pull Request there.
 
 pkgbase=linux-selinux
 _srcname=linux-4.16
-pkgver=4.16.5
+pkgver=4.16.7
 pkgrel=1
 arch=('x86_64')
 url="https://www.kernel.org/"
@@ -23,8 +26,6 @@ source=(
   0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
   0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
   0003-Partially-revert-swiotlb-remove-various-exports.patch
-  0004-Fix-vboxguest-on-guests-with-more-than-4G-RAM.patch
-  0005-net-aquantia-Regression-on-reset-with-1.x-firmware.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -32,17 +33,15 @@ validpgpkeys=(
 )
 sha256sums=('63f6dc8e3c9f3a0273d5d6f4dca38a2413ca3a5f689329d05b750e4c87bb21b9'
             'SKIP'
-            '8c3bb050d11da6e91d3e169f76ee3ed6937e1ca64264e605ddba8108696ba011'
+            'f5ef83461054024814846eb816c76eba1b903f7e3e38c3417027b33070b60d91'
             'SKIP'
             '4fd43dd0f4e218bf98ad1be600cdab0af00bb15cab034e7152e3e674a33b09e1'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            '113b1fe603f61b749c4cb3902a4f5d4fbec9d1e5081f008bac485cc345defa5f'
-            '9db235c5edfc9a81a0f5866f9942e74d896243c37d50298288fbbe2f79169fd3'
-            'd57665a468f93c94b92924fdbdc72ea50def74d9c8999104c9594e64fb196328'
-            '079180ceaae87a4851eb56e80f6e33b0199dad3343c73275ddb710e0824feb73'
-            'f1c751e29bc1bcfe634c49873eb34a5418db3dfbd1f6d789e738dee78071d3dd')
+            '7fb607fe384dd814e9e45d7fc28f7b5b23a51d80784c54bf9209486ad428be14'
+            'ceaa19e0af3842c62eb666a4ac5c79d89b3e6d00593442f18d6508ca6d74bbaa'
+            '5b397cf9eccdad0c1f2865842c29ba6f4e32ad7dbe4e0c6ef6ca6f07d2963cea')
 
 _kernelname=${pkgbase#linux}
 : ${_kernelname:=-ARCH}
@@ -65,12 +64,6 @@ prepare() {
   # NVIDIA driver compat
   patch -Np1 -i ../0003-Partially-revert-swiotlb-remove-various-exports.patch
 
-  # https://bugs.archlinux.org/task/58153
-  patch -Np1 -i ../0004-Fix-vboxguest-on-guests-with-more-than-4G-RAM.patch
-
-  # https://bugs.archlinux.org/task/58174
-  patch -Np1 -i ../0005-net-aquantia-Regression-on-reset-with-1.x-firmware.patch
-
   cat ../config - >.config <<END
 CONFIG_LOCALVERSION="${_kernelname}"
 CONFIG_LOCALVERSION_AUTO=n