Merge 4.4.181 into android-4.4

Changes in 4.4.181
	x86/speculation/mds: Revert CPU buffer clear on double fault exit
	x86/speculation/mds: Improve CPU buffer clear documentation
	ARM: exynos: Fix a leaked reference by adding missing of_node_put
	crypto: vmx - fix copy-paste error in CTR mode
	crypto: crct10dif-generic - fix use via crypto_shash_digest()
	crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
	ALSA: usb-audio: Fix a memory leak bug
	ALSA: hda/hdmi - Consider eld_valid when reporting jack event
	ALSA: hda/realtek - EAPD turn on later
	ASoC: max98090: Fix restore of DAPM Muxes
	ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
	mm/mincore.c: make mincore() more conservative
	ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
	mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
	tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
	ext4: actually request zeroing of inode table after grow
	ext4: fix ext4_show_options for file systems w/o journal
	Btrfs: do not start a transaction at iterate_extent_inodes()
	bcache: fix a race between cache register and cacheset unregister
	bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
	ipmi:ssif: compare block number correctly for multi-part return messages
	crypto: gcm - Fix error return code in crypto_gcm_create_common()
	crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
	crypto: chacha20poly1305 - set cra_name correctly
	crypto: salsa20 - don't access already-freed walk.iv
	crypto: arm/aes-neonbs - don't access already-freed walk.iv
	writeback: synchronize sync(2) against cgroup writeback membership switches
	fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
	ext4: zero out the unused memory region in the extent tree block
	ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
	KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
	net: avoid weird emergency message
	net/mlx4_core: Change the error print to info print
	ppp: deflate: Fix possible crash in deflate_init
	tipc: switch order of device registration to fix a crash
	tipc: fix modprobe tipc failed after switch order of device registration
	stm class: Fix channel free in stm output free path
	md: add mddev->pers to avoid potential NULL pointer dereference
	intel_th: msu: Fix single mode with IOMMU
	of: fix clang -Wunsequenced for be32_to_cpu()
	cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
	media: ov6650: Fix sensor possibly not detected on probe
	NFS4: Fix v4.0 client state corruption when mount
	clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
	fuse: fix writepages on 32bit
	fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
	iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
	ceph: flush dirty inodes before proceeding with remount
	tracing: Fix partial reading of trace event's id file
	memory: tegra: Fix integer overflow on tick value calculation
	perf intel-pt: Fix instructions sampling rate
	perf intel-pt: Fix improved sample timestamp
	perf intel-pt: Fix sample timestamp wrt non-taken branches
	fbdev: sm712fb: fix brightness control on reboot, don't set SR30
	fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
	fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
	fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
	fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
	fbdev: sm712fb: fix support for 1024x768-16 mode
	fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
	fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
	PCI: Mark Atheros AR9462 to avoid bus reset
	dm delay: fix a crash when invalid device is specified
	xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
	xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
	vti4: ipip tunnel deregistration fixes.
	xfrm4: Fix uninitialized memory read in _decode_session4
	KVM: arm/arm64: Ensure vcpu target is unset on reset failure
	power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
	ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
	perf bench numa: Add define for RUSAGE_THREAD if not present
	Revert "Don't jump to compute_result state from check_result state"
	md/raid: raid5 preserve the writeback action after the parity check
	btrfs: Honour FITRIM range constraints during free space trim
	fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
	ext4: do not delete unlinked inode from orphan list on failed truncate
	KVM: x86: fix return value for reserved EFER
	bio: fix improper use of smp_mb__before_atomic()
	Revert "scsi: sd: Keep disk read-only when re-reading partition"
	crypto: vmx - CTR: always increment IV as quadword
	gfs2: Fix sign extension bug in gfs2_update_stats
	Btrfs: fix race between ranged fsync and writeback of adjacent ranges
	btrfs: sysfs: don't leak memory when failing add fsid
	fbdev: fix divide error in fb_var_to_videomode
	hugetlb: use same fault hash key for shared and private mappings
	fbdev: fix WARNING in __alloc_pages_nodemask bug
	media: cpia2: Fix use-after-free in cpia2_exit
	media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
	ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
	at76c50x-usb: Don't register led_trigger if usb_register_driver failed
	perf tools: No need to include bitops.h in util.h
	tools include: Adopt linux/bits.h
	gfs2: Fix lru_count going negative
	cxgb4: Fix error path in cxgb4_init_module
	mmc: core: Verify SD bus width
	powerpc/boot: Fix missing check of lseek() return value
	ASoC: imx: fix fiq dependencies
	spi: pxa2xx: fix SCR (divisor) calculation
	brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
	rtc: 88pm860x: prevent use-after-free on device remove
	w1: fix the resume command API
	dmaengine: pl330: _stop: clear interrupt status
	mac80211/cfg80211: update bss channel on channel switch
	ASoC: fsl_sai: Update is_slave_mode with correct value
	mwifiex: prevent an array overflow
	net: cw1200: fix a NULL pointer dereference
	bcache: return error immediately in bch_journal_replay()
	bcache: fix failure in journal relplay
	bcache: add failure check to run_cache_set() for journal replay
	bcache: avoid clang -Wunintialized warning
	x86/build: Move _etext to actual end of .text
	smpboot: Place the __percpu annotation correctly
	x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
	mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
	HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
	pinctrl: pistachio: fix leaked of_node references
	dmaengine: at_xdmac: remove BUG_ON macro in tasklet
	media: coda: clear error return value before picture run
	media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
	media: au0828: stop video streaming only when last user stops
	media: ov2659: make S_FMT succeed even if requested format doesn't match
	audit: fix a memory leak bug
	media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
	media: pvrusb2: Prevent a buffer overflow
	powerpc/numa: improve control of topology updates
	sched/core: Check quota and period overflow at usec to nsec conversion
	sched/core: Handle overflow in cpu_shares_write_u64
	USB: core: Don't unbind interfaces following device reset failure
	x86/irq/64: Limit IST stack overflow check to #DB stack
	i40e: don't allow changes to HW VLAN stripping on active port VLANs
	RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
	hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
	hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
	hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
	hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
	hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
	scsi: libsas: Do discovery on empty PHY to update PHY info
	mmc_spi: add a status check for spi_sync_locked
	mmc: sdhci-of-esdhc: add erratum eSDHC5 support
	mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
	PM / core: Propagate dev->power.wakeup_path when no callbacks
	extcon: arizona: Disable mic detect if running when driver is removed
	s390: cio: fix cio_irb declaration
	cpufreq: ppc_cbe: fix possible object reference leak
	cpufreq/pasemi: fix possible object reference leak
	cpufreq: pmac32: fix possible object reference leak
	x86/build: Keep local relocations with ld.lld
	iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
	iio: hmc5843: fix potential NULL pointer dereferences
	iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
	rtlwifi: fix a potential NULL pointer dereference
	brcmfmac: fix missing checks for kmemdup
	b43: shut up clang -Wuninitialized variable warning
	brcmfmac: convert dev_init_lock mutex to completion
	brcmfmac: fix race during disconnect when USB completion is in progress
	scsi: ufs: Fix regulator load and icc-level configuration
	scsi: ufs: Avoid configuring regulator with undefined voltage range
	arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
	x86/ia32: Fix ia32_restore_sigcontext() AC leak
	chardev: add additional check for minor range overlap
	HID: core: move Usage Page concatenation to Main item
	ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
	ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
	cxgb3/l2t: Fix undefined behaviour
	spi: tegra114: reset controller on probe
	media: wl128x: prevent two potential buffer overflows
	virtio_console: initialize vtermno value for ports
	tty: ipwireless: fix missing checks for ioremap
	rcutorture: Fix cleanup path for invalid torture_type strings
	usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
	scsi: qla4xxx: avoid freeing unallocated dma memory
	media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
	media: go7007: avoid clang frame overflow warning with KASAN
	media: saa7146: avoid high stack usage with clang
	scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
	spi : spi-topcliff-pch: Fix to handle empty DMA buffers
	spi: rspi: Fix sequencer reset during initialization
	spi: Fix zero length xfer bug
	ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
	ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
	llc: fix skb leak in llc_build_and_send_ui_pkt()
	net-gro: fix use-after-free read in napi_gro_frags()
	net: stmmac: fix reset gpio free missing
	usbnet: fix kernel crash after disconnect
	tipc: Avoid copying bytes beyond the supplied data
	bnxt_en: Fix aggregation buffer leak under OOM condition.
	net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
	crypto: vmx - ghash: do nosimd fallback manually
	xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
	Revert "tipc: fix modprobe tipc failed after switch order of device registration"
	tipc: fix modprobe tipc failed after switch order of device registration -v2
	sparc64: Fix regression in non-hypervisor TLB flush xcall
	include/linux/bitops.h: sanitize rotate primitives
	xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
	usb: xhci: avoid null pointer deref when bos field is NULL
	USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
	USB: sisusbvga: fix oops in error path of sisusb_probe
	USB: Add LPM quirk for Surface Dock GigE adapter
	USB: rio500: refuse more than one device at a time
	USB: rio500: fix memory leak in close after disconnect
	media: usb: siano: Fix general protection fault in smsusb
	media: usb: siano: Fix false-positive "uninitialized variable" warning
	media: smsusb: better handle optional alignment
	scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
	scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
	Btrfs: fix race updating log root item during fsync
	ALSA: hda/realtek - Set default power save node to 0
	drm/nouveau/i2c: Disable i2c bus access after ->fini()
	tty: serial: msm_serial: Fix XON/XOFF
	tty: max310x: Fix external crystal register setup
	memcg: make it work on sparse non-0-node systems
	kernel/signal.c: trace_signal_deliver when signal_group_exit
	CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
	binder: Replace "%p" with "%pK" for stable
	binder: replace "%p" with "%pK"
	net: create skb_gso_validate_mac_len()
	bnx2x: disable GSO where gso_size is too big for hardware
	brcmfmac: Add length checks on firmware events
	brcmfmac: screening firmware event packet
	brcmfmac: revise handling events in receive path
	brcmfmac: fix incorrect event channel deduction
	brcmfmac: add length checks in scheduled scan result handler
	brcmfmac: add subtype check for event handling in data path
	userfaultfd: don't pin the user memory in userfaultfd_file_create()
	Revert "x86/build: Move _etext to actual end of .text"
	net: cdc_ncm: GetNtbFormat endian fix
	usb: gadget: fix request length error for isoc transfer
	media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
	ethtool: fix potential userspace buffer overflow
	neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
	net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
	net: rds: fix memory leak in rds_ib_flush_mr_pool
	pktgen: do not sleep with the thread lock held.
	rcu: locking and unlocking need to always be at least barriers
	parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
	fuse: fallocate: fix return with locked inode
	MIPS: pistachio: Build uImage.gz by default
	genwqe: Prevent an integer overflow in the ioctl
	drm/gma500/cdv: Check vbt config bits when detecting lvds panels
	fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
	fuse: Add FOPEN_STREAM to use stream_open()
	ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
	ethtool: check the return value of get_regs_len
	Linux 4.4.181

Change-Id: Ibadc58ab76330698ff36ffdc0ca8c9d52ce36f9e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

1 files changed, 363 insertions, 0 deletions

diff --git a/scripts/coccinelle/api/stream_open.cocci b/scripts/coccinelle/api/stream_open.cocci
new file mode 100644
index 000000000000..350145da7669
--- /dev/null
+++ b/scripts/coccinelle/api/stream_open.cocci
@@ -0,0 +1,363 @@
+// SPDX-License-Identifier: GPL-2.0
+// Author: Kirill Smelkov (kirr@nexedi.com)
+//
+// Search for stream-like files that are using nonseekable_open and convert
+// them to stream_open. A stream-like file is a file that does not use ppos in
+// its read and write. Rationale for the conversion is to avoid deadlock in
+// between read and write.
+
+virtual report
+virtual patch
+virtual explain  // explain decisions in the patch (SPFLAGS="-D explain")
+
+// stream-like reader & writer - ones that do not depend on f_pos.
+@ stream_reader @
+identifier readstream, ppos;
+identifier f, buf, len;
+type loff_t;
+@@
+  ssize_t readstream(struct file *f, char *buf, size_t len, loff_t *ppos)
+  {
+    ... when != ppos
+  }
+
+@ stream_writer @
+identifier writestream, ppos;
+identifier f, buf, len;
+type loff_t;
+@@
+  ssize_t writestream(struct file *f, const char *buf, size_t len, loff_t *ppos)
+  {
+    ... when != ppos
+  }
+
+
+// a function that blocks
+@ blocks @
+identifier block_f;
+identifier wait_event =~ "^wait_event_.*";
+@@
+  block_f(...) {
+    ... when exists
+    wait_event(...)
+    ... when exists
+  }
+
+// stream_reader that can block inside.
+//
+// XXX wait_* can be called not directly from current function (e.g. func -> f -> g -> wait())
+// XXX currently reader_blocks supports only direct and 1-level indirect cases.
+@ reader_blocks_direct @
+identifier stream_reader.readstream;
+identifier wait_event =~ "^wait_event_.*";
+@@
+  readstream(...)
+  {
+    ... when exists
+    wait_event(...)
+    ... when exists
+  }
+
+@ reader_blocks_1 @
+identifier stream_reader.readstream;
+identifier blocks.block_f;
+@@
+  readstream(...)
+  {
+    ... when exists
+    block_f(...)
+    ... when exists
+  }
+
+@ reader_blocks depends on reader_blocks_direct || reader_blocks_1 @
+identifier stream_reader.readstream;
+@@
+  readstream(...) {
+    ...
+  }
+
+
+// file_operations + whether they have _any_ .read, .write, .llseek ... at all.
+//
+// XXX add support for file_operations xxx[N] = ...	(sound/core/pcm_native.c)
+@ fops0 @
+identifier fops;
+@@
+  struct file_operations fops = {
+    ...
+  };
+
+@ has_read @
+identifier fops0.fops;
+identifier read_f;
+@@
+  struct file_operations fops = {
+    .read = read_f,
+  };
+
+@ has_read_iter @
+identifier fops0.fops;
+identifier read_iter_f;
+@@
+  struct file_operations fops = {
+    .read_iter = read_iter_f,
+  };
+
+@ has_write @
+identifier fops0.fops;
+identifier write_f;
+@@
+  struct file_operations fops = {
+    .write = write_f,
+  };
+
+@ has_write_iter @
+identifier fops0.fops;
+identifier write_iter_f;
+@@
+  struct file_operations fops = {
+    .write_iter = write_iter_f,
+  };
+
+@ has_llseek @
+identifier fops0.fops;
+identifier llseek_f;
+@@
+  struct file_operations fops = {
+    .llseek = llseek_f,
+  };
+
+@ has_no_llseek @
+identifier fops0.fops;
+@@
+  struct file_operations fops = {
+    .llseek = no_llseek,
+  };
+
+@ has_mmap @
+identifier fops0.fops;
+identifier mmap_f;
+@@
+  struct file_operations fops = {
+    .mmap = mmap_f,
+  };
+
+@ has_copy_file_range @
+identifier fops0.fops;
+identifier copy_file_range_f;
+@@
+  struct file_operations fops = {
+    .copy_file_range = copy_file_range_f,
+  };
+
+@ has_remap_file_range @
+identifier fops0.fops;
+identifier remap_file_range_f;
+@@
+  struct file_operations fops = {
+    .remap_file_range = remap_file_range_f,
+  };
+
+@ has_splice_read @
+identifier fops0.fops;
+identifier splice_read_f;
+@@
+  struct file_operations fops = {
+    .splice_read = splice_read_f,
+  };
+
+@ has_splice_write @
+identifier fops0.fops;
+identifier splice_write_f;
+@@
+  struct file_operations fops = {
+    .splice_write = splice_write_f,
+  };
+
+
+// file_operations that is candidate for stream_open conversion - it does not
+// use mmap and other methods that assume @offset access to file.
+//
+// XXX for simplicity require no .{read/write}_iter and no .splice_{read/write} for now.
+// XXX maybe_steam.fops cannot be used in other rules - it gives "bad rule maybe_stream or bad variable fops".
+@ maybe_stream depends on (!has_llseek || has_no_llseek) && !has_mmap && !has_copy_file_range && !has_remap_file_range && !has_read_iter && !has_write_iter && !has_splice_read && !has_splice_write @
+identifier fops0.fops;
+@@
+  struct file_operations fops = {
+  };
+
+
+// ---- conversions ----
+
+// XXX .open = nonseekable_open -> .open = stream_open
+// XXX .open = func -> openfunc -> nonseekable_open
+
+// read & write
+//
+// if both are used in the same file_operations together with an opener -
+// under that conditions we can use stream_open instead of nonseekable_open.
+@ fops_rw depends on maybe_stream @
+identifier fops0.fops, openfunc;
+identifier stream_reader.readstream;
+identifier stream_writer.writestream;
+@@
+  struct file_operations fops = {
+      .open  = openfunc,
+      .read  = readstream,
+      .write = writestream,
+  };
+
+@ report_rw depends on report @
+identifier fops_rw.openfunc;
+position p1;
+@@
+  openfunc(...) {
+    <...
+     nonseekable_open@p1
+    ...>
+  }
+
+@ script:python depends on report && reader_blocks @
+fops << fops0.fops;
+p << report_rw.p1;
+@@
+coccilib.report.print_report(p[0],
+  "ERROR: %s: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix." % (fops,))
+
+@ script:python depends on report && !reader_blocks @
+fops << fops0.fops;
+p << report_rw.p1;
+@@
+coccilib.report.print_report(p[0],
+  "WARNING: %s: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open." % (fops,))
+
+
+@ explain_rw_deadlocked depends on explain && reader_blocks @
+identifier fops_rw.openfunc;
+@@
+  openfunc(...) {
+    <...
+-    nonseekable_open
++    nonseekable_open /* read & write (was deadlock) */
+    ...>
+  }
+
+
+@ explain_rw_nodeadlock depends on explain && !reader_blocks @
+identifier fops_rw.openfunc;
+@@
+  openfunc(...) {
+    <...
+-    nonseekable_open
++    nonseekable_open /* read & write (no direct deadlock) */
+    ...>
+  }
+
+@ patch_rw depends on patch @
+identifier fops_rw.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
++   stream_open
+    ...>
+  }
+
+
+// read, but not write
+@ fops_r depends on maybe_stream && !has_write @
+identifier fops0.fops, openfunc;
+identifier stream_reader.readstream;
+@@
+  struct file_operations fops = {
+      .open  = openfunc,
+      .read  = readstream,
+  };
+
+@ report_r depends on report @
+identifier fops_r.openfunc;
+position p1;
+@@
+  openfunc(...) {
+    <...
+    nonseekable_open@p1
+    ...>
+  }
+
+@ script:python depends on report @
+fops << fops0.fops;
+p << report_r.p1;
+@@
+coccilib.report.print_report(p[0],
+  "WARNING: %s: .read() has stream semantic; safe to change nonseekable_open -> stream_open." % (fops,))
+
+@ explain_r depends on explain @
+identifier fops_r.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
++   nonseekable_open /* read only */
+    ...>
+  }
+
+@ patch_r depends on patch @
+identifier fops_r.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
++   stream_open
+    ...>
+  }
+
+
+// write, but not read
+@ fops_w depends on maybe_stream && !has_read @
+identifier fops0.fops, openfunc;
+identifier stream_writer.writestream;
+@@
+  struct file_operations fops = {
+      .open  = openfunc,
+      .write = writestream,
+  };
+
+@ report_w depends on report @
+identifier fops_w.openfunc;
+position p1;
+@@
+  openfunc(...) {
+    <...
+    nonseekable_open@p1
+    ...>
+  }
+
+@ script:python depends on report @
+fops << fops0.fops;
+p << report_w.p1;
+@@
+coccilib.report.print_report(p[0],
+  "WARNING: %s: .write() has stream semantic; safe to change nonseekable_open -> stream_open." % (fops,))
+
+@ explain_w depends on explain @
+identifier fops_w.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
++   nonseekable_open /* write only */
+    ...>
+  }
+
+@ patch_w depends on patch @
+identifier fops_w.openfunc;
+@@
+  openfunc(...) {
+    <...
+-   nonseekable_open
++   stream_open
+    ...>
+  }
+
+
+// no read, no write - don't change anything