diff --git a/include/kernel-version.mk b/include/kernel-version.mk
index 572936b6e6e7b2012eed961f8f34cbe3c1c8837d..4d5bb02f994c5a5fac3dde6dc99051ad347bc36a 100644
--- a/include/kernel-version.mk
+++ b/include/kernel-version.mk
@@ -3,12 +3,12 @@
LINUX_RELEASE?=1
LINUX_VERSION-3.18 = .26
-LINUX_VERSION-4.1 = .15
+LINUX_VERSION-4.1 = .16
LINUX_VERSION-4.3 = .3
LINUX_VERSION-4.4 =
LINUX_KERNEL_MD5SUM-3.18.26 = fb3ef8da32a25607807887b9567a6927
-LINUX_KERNEL_MD5SUM-4.1.15 = b227333912b161c96ff3e30f5041e1c0
+LINUX_KERNEL_MD5SUM-4.1.16 = e4bf22fed49b476b47acffc00c03267a
LINUX_KERNEL_MD5SUM-4.3.3 = f3068333fa524ff98914cf751d0b5710
LINUX_KERNEL_MD5SUM-4.4 = 9a78fa2eb6c68ca5a40ed5af08142599
diff --git a/target/linux/ar71xx/patches-4.1/910-unaligned_access_hacks.patch b/target/linux/ar71xx/patches-4.1/910-unaligned_access_hacks.patch
index 7fee654f039d4827f1efea5c20048a61a649a891..e39eac3982b58dc514c453bd6f1e23fd5613fe1c 100644
--- a/target/linux/ar71xx/patches-4.1/910-unaligned_access_hacks.patch
+++ b/target/linux/ar71xx/patches-4.1/910-unaligned_access_hacks.patch
@@ -214,7 +214,7 @@
#include <linux/uaccess.h>
#include <linux/ipv6.h>
#include <linux/icmpv6.h>
-@@ -775,10 +776,10 @@ static void tcp_v6_send_response(struct
+@@ -774,10 +775,10 @@ static void tcp_v6_send_response(struct
topt = (__be32 *)(t1 + 1);
if (tsecr) {
@@ -346,7 +346,7 @@
#endif /* _LINUX_TYPES_H */
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
-@@ -1323,8 +1323,8 @@ static struct sk_buff **inet_gro_receive
+@@ -1326,8 +1326,8 @@ static struct sk_buff **inet_gro_receive
if (unlikely(ip_fast_csum((u8 *)iph, 5)))
goto out_unlock;
diff --git a/target/linux/brcm2708/patches-4.1/0004-Add-dwc_otg-driver.patch b/target/linux/brcm2708/patches-4.1/0004-Add-dwc_otg-driver.patch
index b5ab055cf67ed10fa611c02a3812dc4be733c6ff..86bce4439259fabe1b0502329c7f4a8ab8c0acbc 100644
--- a/target/linux/brcm2708/patches-4.1/0004-Add-dwc_otg-driver.patch
+++ b/target/linux/brcm2708/patches-4.1/0004-Add-dwc_otg-driver.patch
@@ -894,7 +894,7 @@ dwc_otg: Fix crash when fiq_enable=0
}
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
-@@ -4906,7 +4906,7 @@ static void port_event(struct usb_hub *h
+@@ -4911,7 +4911,7 @@ static void port_event(struct usb_hub *h
if (portchange & USB_PORT_STAT_C_OVERCURRENT) {
u16 status = 0, unused;
diff --git a/target/linux/brcm47xx/patches-4.1/800-bcma-add-table-of-serial-flashes-with-smaller-blocks.patch b/target/linux/brcm47xx/patches-4.1/800-bcma-add-table-of-serial-flashes-with-smaller-blocks.patch
index 99d909bc037e6462a409b940d617cd5ba0c4bb40..318dc55810c684635a61122116a17c2a5d61978c 100644
--- a/target/linux/brcm47xx/patches-4.1/800-bcma-add-table-of-serial-flashes-with-smaller-blocks.patch
+++ b/target/linux/brcm47xx/patches-4.1/800-bcma-add-table-of-serial-flashes-with-smaller-blocks.patch
@@ -21,7 +21,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
static struct resource bcma_sflash_resource = {
.name = "bcma_sflash",
-@@ -41,6 +42,13 @@ static const struct bcma_sflash_tbl_e bc
+@@ -42,6 +43,13 @@ static const struct bcma_sflash_tbl_e bc
{ NULL },
};
@@ -35,7 +35,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
static const struct bcma_sflash_tbl_e bcma_sflash_sst_tbl[] = {
{ "SST25WF512", 1, 0x1000, 16, },
{ "SST25VF512", 0x48, 0x1000, 16, },
-@@ -84,6 +92,24 @@ static void bcma_sflash_cmd(struct bcma_
+@@ -85,6 +93,24 @@ static void bcma_sflash_cmd(struct bcma_
bcma_err(cc->core->bus, "SFLASH control command failed (timeout)!\n");
}
@@ -60,7 +60,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
/* Initialize serial flash access */
int bcma_sflash_init(struct bcma_drv_cc *cc)
{
-@@ -114,6 +140,10 @@ int bcma_sflash_init(struct bcma_drv_cc
+@@ -115,6 +141,10 @@ int bcma_sflash_init(struct bcma_drv_cc
case 0x13:
return -ENOTSUPP;
default:
diff --git a/target/linux/generic/patches-4.1/012-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch b/target/linux/generic/patches-4.1/012-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
deleted file mode 100644
index 9c6a9697387d29a2879f9d8db9328ba8d5abf6f6..0000000000000000000000000000000000000000
--- a/target/linux/generic/patches-4.1/012-KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 7ca88764d45c209791e8813131c1457c2e9e51e7 Mon Sep 17 00:00:00 2001
-From: Yevgeny Pats <yevgeny@perception-point.io>
-Date: Mon, 11 Jan 2016 12:05:28 +0000
-Subject: KEYS: Fix keyring ref leak in join_session_keyring()
-
-If a thread is asked to join as a session keyring the keyring that's already
-set as its session, we leak a keyring reference.
-
-This can be tested with the following program:
-
- #include <stddef.h>
- #include <stdio.h>
- #include <sys/types.h>
- #include <keyutils.h>
-
- int main(int argc, const char *argv[])
- {
- int i = 0;
- key_serial_t serial;
-
- serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
- "leaked-keyring");
- if (serial < 0) {
- perror("keyctl");
- return -1;
- }
-
- if (keyctl(KEYCTL_SETPERM, serial,
- KEY_POS_ALL | KEY_USR_ALL) < 0) {
- perror("keyctl");
- return -1;
- }
-
- for (i = 0; i < 100; i++) {
- serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
- "leaked-keyring");
- if (serial < 0) {
- perror("keyctl");
- return -1;
- }
- }
-
- return 0;
- }
-
-If, after the program has run, there something like the following line in
-/proc/keys:
-
-3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
-
-with a usage count of 100 * the number of times the program has been run,
-then the kernel is malfunctioning. If leaked-keyring has zero usages or
-has been garbage collected, then the problem is fixed.
-
-Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
-Signed-off-by: David Howells <dhowells@redhat.com>
----
- security/keys/process_keys.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
-index a3f85d2..e6d50172 100644
---- a/security/keys/process_keys.c
-+++ b/security/keys/process_keys.c
-@@ -794,6 +794,7 @@ long join_session_keyring(const char *name)
- ret = PTR_ERR(keyring);
- goto error2;
- } else if (keyring == new->session_keyring) {
-+ key_put(keyring);
- ret = 0;
- goto error2;
- }
---
-2.7.0.rc3
-
diff --git a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch
index 28044699524d2b584c581fd2410bc7e35a1121a6..adba206c089f1d40c1797232e8b8e25be3c21f48 100644
--- a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch
+++ b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch
@@ -1,6 +1,6 @@
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
-@@ -871,7 +871,7 @@ static int pppoe_sendmsg(struct socket *
+@@ -877,7 +877,7 @@ static int pppoe_sendmsg(struct socket *
goto end;
@@ -9,7 +9,7 @@
0, GFP_KERNEL);
if (!skb) {
error = -ENOMEM;
-@@ -879,7 +879,7 @@ static int pppoe_sendmsg(struct socket *
+@@ -885,7 +885,7 @@ static int pppoe_sendmsg(struct socket *
}
/* Reserve space for headers. */
diff --git a/target/linux/generic/patches-4.1/902-debloat_proc.patch b/target/linux/generic/patches-4.1/902-debloat_proc.patch
index 65d6cf88f7dc8a7e63d81531998d3709e14b0c26..b6883a689ff069595e4c0a3e9986ce6b8f997cf1 100644
--- a/target/linux/generic/patches-4.1/902-debloat_proc.patch
+++ b/target/linux/generic/patches-4.1/902-debloat_proc.patch
@@ -173,7 +173,7 @@
goto err;
--- a/net/core/sock.c
+++ b/net/core/sock.c
-@@ -2971,6 +2971,8 @@ static __net_initdata struct pernet_oper
+@@ -2970,6 +2970,8 @@ static __net_initdata struct pernet_oper
static int __init proto_init(void)
{