Update Grsec/PaX

 2.2.1-2.6.32.29-201102271552
 2.2.1-2.6.37.2-201102271552

2 files changed, 465 insertions, 112 deletions

diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index c8824fb..8e2aed5 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -3,7 +3,7 @@ README
 
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-2.2.1-2.6.32.29-201102221638.patch
+Patch:	4420_grsecurity-2.2.1-2.6.32.29-201102271552.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
@@ -18,7 +18,7 @@ Desc:	Removes verbose compile warning settings from grsecurity, restores
 	mainline Linux kernel behavior
 
 Patch:	4423_grsec-remove-protected-paths.patch
-From:	Anthony G. Basile, Ph. D. <basile@opensource.dyc.edu>
+From:	Anthony G. Basile <blueness@gentoo.org>
 Desc:	Removes chmod statements from grsecurity/Makefile
 
 Patch:	4425_grsec-pax-without-grsec.patch
@@ -33,11 +33,13 @@ Desc:	Sets sane(r) default GIDs on various grsecurity group-dependent
 Patch:	4435_grsec-kconfig-gentoo.patch
 From:	Gordon Malm <gengor@gentoo.org>
 	Kerin Millar <kerframil@gmail.com>
-Desc:	Adds Hardened Gentoo [server/workstation] security levels, sets
-	Hardened Gentoo [workstation] as default
+	Anthony G. Basile <blueness@gentoo.org>
+Desc:	Adds Hardened Gentoo [server/workstation/virtualization] security levels,
+	sets Hardened Gentoo [workstation] as default
 
 Patch:	4440_selinux-avc_audit-log-curr_ip.patch
 From:	Gordon Malm <gengor@gentoo.org>
+	Anthony G. Basile <blueness@gentoo.org>
 Desc:	Configurable option to add src IP address to SELinux log messages
 
 Patch:	4445_disable-compat_vdso.patch
diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102221638.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102271552.patch
index b491451..a9fbc08 100644
--- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102221638.patch
+++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.29-201102271552.patch
@@ -863,6 +863,18 @@ diff -urNp linux-2.6.32.29/arch/ia64/include/asm/pgtable.h linux-2.6.32.29/arch/
  #define PAGE_GATE	__pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
  #define PAGE_KERNEL	__pgprot(__DIRTY_BITS  | _PAGE_PL_0 | _PAGE_AR_RWX)
  #define PAGE_KERNELRX	__pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
+diff -urNp linux-2.6.32.29/arch/ia64/include/asm/spinlock.h linux-2.6.32.29/arch/ia64/include/asm/spinlock.h
+--- linux-2.6.32.29/arch/ia64/include/asm/spinlock.h	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/arch/ia64/include/asm/spinlock.h	2011-02-27 14:53:10.000000000 -0500
+@@ -72,7 +72,7 @@ static __always_inline void __ticket_spi
+ 	unsigned short	*p = (unsigned short *)&lock->lock + 1, tmp;
+ 
+ 	asm volatile ("ld2.bias %0=[%1]" : "=r"(tmp) : "r"(p));
+-	ACCESS_ONCE(*p) = (tmp + 2) & ~1;
++	ACCESS_ONCE_RW(*p) = (tmp + 2) & ~1;
+ }
+ 
+ static __always_inline void __ticket_spin_unlock_wait(raw_spinlock_t *lock)
 diff -urNp linux-2.6.32.29/arch/ia64/include/asm/uaccess.h linux-2.6.32.29/arch/ia64/include/asm/uaccess.h
 --- linux-2.6.32.29/arch/ia64/include/asm/uaccess.h	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/arch/ia64/include/asm/uaccess.h	2010-12-31 14:46:53.000000000 -0500
@@ -1989,6 +2001,17 @@ diff -urNp linux-2.6.32.29/arch/powerpc/include/asm/pci.h linux-2.6.32.29/arch/p
  #else	/* CONFIG_PCI */
  #define set_pci_dma_ops(d)
  #define get_pci_dma_ops()	NULL
+diff -urNp linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h
+--- linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/arch/powerpc/include/asm/pgtable.h	2011-02-27 14:53:10.000000000 -0500
+@@ -2,6 +2,7 @@
+ #define _ASM_POWERPC_PGTABLE_H
+ #ifdef __KERNEL__
+ 
++#include <linux/const.h>
+ #ifndef __ASSEMBLY__
+ #include <asm/processor.h>		/* For TASK_SIZE */
+ #include <asm/mmu.h>
 diff -urNp linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h
 --- linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/arch/powerpc/include/asm/pte-hash32.h	2010-12-31 14:46:53.000000000 -0500
@@ -6145,7 +6168,7 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32_aout.c linux-2.6.32.29/arch/x86/ia
  	return has_dumped;
 diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia32/ia32entry.S
 --- linux-2.6.32.29/arch/x86/ia32/ia32entry.S	2010-09-20 17:26:42.000000000 -0400
-+++ linux-2.6.32.29/arch/x86/ia32/ia32entry.S	2010-12-31 14:46:53.000000000 -0500
++++ linux-2.6.32.29/arch/x86/ia32/ia32entry.S	2011-02-27 14:53:10.000000000 -0500
 @@ -13,6 +13,7 @@
  #include <asm/thread_info.h>	
  #include <asm/segment.h>
@@ -6154,19 +6177,34 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia
  #include <linux/linkage.h>
  
  /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this.  */
-@@ -120,6 +121,11 @@ ENTRY(ia32_sysenter_target)
- 	SWAPGS_UNSAFE_STACK
- 	movq	PER_CPU_VAR(kernel_stack), %rsp
- 	addq	$(KERNEL_STACK_OFFSET),%rsp
-+
+@@ -93,6 +94,18 @@ ENTRY(native_irq_enable_sysexit)
+ ENDPROC(native_irq_enable_sysexit)
+ #endif
+ 
++	.macro pax_enter_kernel_user
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	call pax_enter_kernel_user
 +#endif
++	.endm
 +
++	.macro pax_exit_kernel_user
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	call pax_exit_kernel_user
++#endif
++	.endm
++
+ /*
+  * 32bit SYSENTER instruction entry.
+  *
+@@ -120,6 +133,7 @@ ENTRY(ia32_sysenter_target)
+ 	SWAPGS_UNSAFE_STACK
+ 	movq	PER_CPU_VAR(kernel_stack), %rsp
+ 	addq	$(KERNEL_STACK_OFFSET),%rsp
++	pax_enter_kernel_user
  	/*
  	 * No need to follow this irqs on/off section: the syscall
  	 * disabled irqs, here we enable it straight after entry:
-@@ -150,6 +156,12 @@ ENTRY(ia32_sysenter_target)
+@@ -150,6 +164,12 @@ ENTRY(ia32_sysenter_target)
  	SAVE_ARGS 0,0,1
   	/* no need to do an access_ok check here because rbp has been
   	   32bit zero extended */ 
@@ -6179,31 +6217,27 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia
  1:	movl	(%rbp),%ebp
   	.section __ex_table,"a"
   	.quad 1b,ia32_badarg
-@@ -172,6 +184,11 @@ sysenter_dispatch:
+@@ -172,6 +192,7 @@ sysenter_dispatch:
  	testl	$_TIF_ALLWORK_MASK,TI_flags(%r10)
  	jnz	sysexit_audit
  sysexit_from_sys_call:
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_exit_kernel_user
-+#endif
-+
++	pax_exit_kernel_user
  	andl    $~TS_COMPAT,TI_status(%r10)
  	/* clear IF, that popfq doesn't enable interrupts early */
  	andl  $~0x200,EFLAGS-R11(%rsp) 
-@@ -290,6 +307,11 @@ ENTRY(ia32_cstar_target)
+@@ -290,6 +311,11 @@ ENTRY(ia32_cstar_target)
  	movl	%esp,%r8d
  	CFI_REGISTER	rsp,r8
  	movq	PER_CPU_VAR(kernel_stack),%rsp
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_enter_kernel_user
++	pax_enter_kernel_user
 +#endif
 +
  	/*
  	 * No need to follow this irqs on/off section: the syscall
  	 * disabled irqs and here we enable it straight after entry:
-@@ -311,6 +333,12 @@ ENTRY(ia32_cstar_target)
+@@ -311,6 +337,12 @@ ENTRY(ia32_cstar_target)
  	/* no need to do an access_ok check here because r8 has been
  	   32bit zero extended */ 
  	/* hardware stack frame is complete now */	
@@ -6216,27 +6250,19 @@ diff -urNp linux-2.6.32.29/arch/x86/ia32/ia32entry.S linux-2.6.32.29/arch/x86/ia
  1:	movl	(%r8),%r9d
  	.section __ex_table,"a"
  	.quad 1b,ia32_badarg
-@@ -333,6 +361,11 @@ cstar_dispatch:
+@@ -333,6 +365,7 @@ cstar_dispatch:
  	testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
  	jnz sysretl_audit
  sysretl_from_sys_call:
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_exit_kernel_user
-+#endif
-+
++	pax_exit_kernel_user
  	andl $~TS_COMPAT,TI_status(%r10)
  	RESTORE_ARGS 1,-ARG_SKIP,1,1,1
  	movl RIP-ARGOFFSET(%rsp),%ecx
-@@ -415,6 +448,11 @@ ENTRY(ia32_syscall)
+@@ -415,6 +448,7 @@ ENTRY(ia32_syscall)
  	CFI_REL_OFFSET	rip,RIP-RIP
  	PARAVIRT_ADJUST_EXCEPTION_FRAME
  	SWAPGS
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_enter_kernel_user
-+#endif
-+
++	pax_enter_kernel_user
  	/*
  	 * No need to follow this irqs on/off section: the syscall
  	 * disabled irqs and here we enable it straight after entry:
@@ -7369,9 +7395,25 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/checksum_32.h linux-2.6.32.29/ar
  						 len, sum, NULL, err_ptr);
  
  	if (len)
+diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc_defs.h linux-2.6.32.29/arch/x86/include/asm/desc_defs.h
+--- linux-2.6.32.29/arch/x86/include/asm/desc_defs.h	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/arch/x86/include/asm/desc_defs.h	2011-02-27 14:53:10.000000000 -0500
+@@ -31,6 +31,12 @@ struct desc_struct {
+ 			unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1;
+ 			unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8;
+ 		};
++		struct {
++			u16 offset_low;
++			u16 seg;
++			unsigned reserved: 8, type: 4, s: 1, dpl: 2, p: 1;
++			unsigned offset_high: 16;
++		} gate;
+ 	};
+ } __attribute__((packed));
+ 
 diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/include/asm/desc.h
 --- linux-2.6.32.29/arch/x86/include/asm/desc.h	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.29/arch/x86/include/asm/desc.h	2010-12-31 14:46:53.000000000 -0500
++++ linux-2.6.32.29/arch/x86/include/asm/desc.h	2011-02-27 14:53:10.000000000 -0500
 @@ -4,6 +4,7 @@
  #include <asm/desc_defs.h>
  #include <asm/ldt.h>
@@ -7408,7 +7450,25 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  }
  
  #ifdef CONFIG_X86_64
-@@ -115,19 +113,24 @@ static inline void paravirt_free_ldt(str
+@@ -65,9 +63,14 @@ static inline void pack_gate(gate_desc *
+ 			     unsigned long base, unsigned dpl, unsigned flags,
+ 			     unsigned short seg)
+ {
+-	gate->a = (seg << 16) | (base & 0xffff);
+-	gate->b = (base & 0xffff0000) |
+-		  (((0x80 | type | (dpl << 5)) & 0xff) << 8);
++	gate->gate.offset_low = base;
++	gate->gate.seg = seg;
++	gate->gate.reserved = 0;
++	gate->gate.type = type;
++	gate->gate.s = 0;
++	gate->gate.dpl = dpl;
++	gate->gate.p = 1;
++	gate->gate.offset_high = base >> 16;
+ }
+ 
+ #endif
+@@ -115,19 +118,24 @@ static inline void paravirt_free_ldt(str
  static inline void native_write_idt_entry(gate_desc *idt, int entry,
  					  const gate_desc *gate)
  {
@@ -7433,7 +7493,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  	switch (type) {
  	case DESC_TSS:
  		size = sizeof(tss_desc);
-@@ -139,7 +142,10 @@ static inline void native_write_gdt_entr
+@@ -139,7 +147,10 @@ static inline void native_write_gdt_entr
  		size = sizeof(struct desc_struct);
  		break;
  	}
@@ -7444,7 +7504,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  }
  
  static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
-@@ -211,7 +217,9 @@ static inline void native_set_ldt(const 
+@@ -211,7 +222,9 @@ static inline void native_set_ldt(const 
  
  static inline void native_load_tr_desc(void)
  {
@@ -7454,7 +7514,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  }
  
  static inline void native_load_gdt(const struct desc_ptr *dtr)
-@@ -246,8 +254,10 @@ static inline void native_load_tls(struc
+@@ -246,8 +259,10 @@ static inline void native_load_tls(struc
  	unsigned int i;
  	struct desc_struct *gdt = get_cpu_gdt_table(cpu);
  
@@ -7465,7 +7525,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  }
  
  #define _LDT_empty(info)				\
-@@ -309,7 +319,7 @@ static inline void set_desc_limit(struct
+@@ -309,7 +324,7 @@ static inline void set_desc_limit(struct
  	desc->limit = (limit >> 16) & 0xf;
  }
  
@@ -7474,7 +7534,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  			     unsigned dpl, unsigned ist, unsigned seg)
  {
  	gate_desc s;
-@@ -327,7 +337,7 @@ static inline void _set_gate(int gate, u
+@@ -327,7 +342,7 @@ static inline void _set_gate(int gate, u
   * Pentium F0 0F bugfix can have resulted in the mapped
   * IDT being write-protected.
   */
@@ -7483,7 +7543,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  {
  	BUG_ON((unsigned)n > 0xFF);
  	_set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS);
-@@ -356,19 +366,19 @@ static inline void alloc_intr_gate(unsig
+@@ -356,19 +371,19 @@ static inline void alloc_intr_gate(unsig
  /*
   * This routine sets up an interrupt gate at directory privilege level 3.
   */
@@ -7506,7 +7566,7 @@ diff -urNp linux-2.6.32.29/arch/x86/include/asm/desc.h linux-2.6.32.29/arch/x86/
  {
  	BUG_ON((unsigned)n > 0xFF);
  	_set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
-@@ -377,19 +387,31 @@ static inline void set_trap_gate(unsigne
+@@ -377,19 +392,31 @@ static inline void set_trap_gate(unsigne
  static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
  {
  	BUG_ON((unsigned)n > 0xFF);
@@ -10611,6 +10671,18 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/asm-offsets_64.c linux-2.6.32.29/arch
  	DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist));
  	BLANK();
  	DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx));
+diff -urNp linux-2.6.32.29/arch/x86/kernel/cpu/amd.c linux-2.6.32.29/arch/x86/kernel/cpu/amd.c
+--- linux-2.6.32.29/arch/x86/kernel/cpu/amd.c	2011-01-11 23:55:35.000000000 -0500
++++ linux-2.6.32.29/arch/x86/kernel/cpu/amd.c	2011-02-27 14:53:10.000000000 -0500
+@@ -573,7 +573,7 @@ static unsigned int __cpuinit amd_size_c
+ 							unsigned int size)
+ {
+ 	/* AMD errata T13 (order #21922) */
+-	if ((c->x86 == 6)) {
++	if (c->x86 == 6) {
+ 		/* Duron Rev A0 */
+ 		if (c->x86_model == 3 && c->x86_mask == 0)
+ 			size = 64;
 diff -urNp linux-2.6.32.29/arch/x86/kernel/cpu/common.c linux-2.6.32.29/arch/x86/kernel/cpu/common.c
 --- linux-2.6.32.29/arch/x86/kernel/cpu/common.c	2010-10-31 16:44:11.000000000 -0400
 +++ linux-2.6.32.29/arch/x86/kernel/cpu/common.c	2010-12-31 14:47:01.000000000 -0500
@@ -11756,7 +11828,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_32.S linux-2.6.32.29/arch/x86/k
  	CFI_ADJUST_CFA_OFFSET -24
 diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/kernel/entry_64.S
 --- linux-2.6.32.29/arch/x86/kernel/entry_64.S	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.29/arch/x86/kernel/entry_64.S	2010-12-31 14:46:53.000000000 -0500
++++ linux-2.6.32.29/arch/x86/kernel/entry_64.S	2011-02-27 14:53:10.000000000 -0500
 @@ -53,6 +53,7 @@
  #include <asm/paravirt.h>
  #include <asm/ftrace.h>
@@ -11765,7 +11837,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
  
  /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this.  */
  #include <linux/elf-em.h>
-@@ -174,6 +175,189 @@ ENTRY(native_usergs_sysret64)
+@@ -174,6 +175,201 @@ ENTRY(native_usergs_sysret64)
  ENDPROC(native_usergs_sysret64)
  #endif /* CONFIG_PARAVIRT */
  
@@ -11783,9 +11855,20 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#endif
 +	.endm
 +
-+ENTRY(pax_enter_kernel)
++	.macro pax_enter_kernel
++#ifdef CONFIG_PAX_KERNEXEC
++	call pax_enter_kernel
++#endif
++	.endm
++
++	.macro pax_exit_kernel
++#ifdef CONFIG_PAX_KERNEXEC
++	call pax_exit_kernel
++#endif
++	.endm
 +
 +#ifdef CONFIG_PAX_KERNEXEC
++ENTRY(pax_enter_kernel)
 +	push %rdi
 +
 +#ifdef CONFIG_PARAVIRT
@@ -11808,14 +11891,10 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#endif
 +
 +	pop %rdi
-+#endif
-+
 +	retq
 +ENDPROC(pax_enter_kernel)
 +
 +ENTRY(pax_exit_kernel)
-+
-+#ifdef CONFIG_PAX_KERNEXEC
 +	push %rdi
 +
 +#ifdef CONFIG_PARAVIRT
@@ -11836,14 +11915,24 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#endif
 +
 +	pop %rdi
-+#endif
-+
 +	retq
 +ENDPROC(pax_exit_kernel)
++#endif
 +
-+ENTRY(pax_enter_kernel_user)
++	.macro pax_enter_kernel_user
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	call pax_enter_kernel_user
++#endif
++	.endm
 +
++	.macro pax_exit_kernel_user
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
++	call pax_exit_kernel_user
++#endif
++	.endm
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ENTRY(pax_enter_kernel_user)
 +	push %rdi
 +	push %rbx
 +
@@ -11895,14 +11984,10 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +
 +	pop %rbx
 +	pop %rdi
-+#endif
-+
 +	retq
 +ENDPROC(pax_enter_kernel_user)
 +
 +ENTRY(pax_exit_kernel_user)
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	push %rdi
 +
 +#ifdef CONFIG_PARAVIRT
@@ -11948,14 +12033,13 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#endif
 +
 +	pop %rdi
-+#endif
-+
 +	retq
 +ENDPROC(pax_exit_kernel_user)
++#endif
  
  .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
  #ifdef CONFIG_TRACE_IRQFLAGS
-@@ -317,7 +501,7 @@ ENTRY(save_args)
+@@ -317,7 +513,7 @@ ENTRY(save_args)
  	leaq -ARGOFFSET+16(%rsp),%rdi	/* arg1 for handler */
  	movq_cfi rbp, 8		/* push %rbp */
  	leaq 8(%rsp), %rbp		/* mov %rsp, %ebp */
@@ -11964,7 +12048,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
  	je 1f
  	SWAPGS
  	/*
-@@ -409,7 +593,7 @@ ENTRY(ret_from_fork)
+@@ -409,7 +605,7 @@ ENTRY(ret_from_fork)
  
  	RESTORE_REST
  
@@ -11973,31 +12057,23 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
  	je   int_ret_from_sys_call
  
  	testl $_TIF_IA32, TI_flags(%rcx)	# 32-bit compat task needs IRET
-@@ -468,6 +652,11 @@ ENTRY(system_call_after_swapgs)
+@@ -468,6 +664,7 @@ ENTRY(system_call_after_swapgs)
  
  	movq	%rsp,PER_CPU_VAR(old_rsp)
  	movq	PER_CPU_VAR(kernel_stack),%rsp
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_enter_kernel_user
-+#endif
-+
++	pax_enter_kernel_user
  	/*
  	 * No need to follow this irqs off/on section - it's straight
  	 * and short:
-@@ -502,6 +691,11 @@ sysret_check:
+@@ -502,6 +699,7 @@ sysret_check:
  	andl %edi,%edx
  	jnz  sysret_careful
  	CFI_REMEMBER_STATE
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_exit_kernel_user
-+#endif
-+
++	pax_exit_kernel_user
  	/*
  	 * sysretq will re-enable interrupts:
  	 */
-@@ -613,7 +807,7 @@ tracesys:
+@@ -613,7 +811,7 @@ tracesys:
  GLOBAL(int_ret_from_sys_call)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF
@@ -12006,24 +12082,24 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
  	je retint_restore_args
  	movl $_TIF_ALLWORK_MASK,%edi
  	/* edi:	mask to check */
-@@ -800,6 +994,16 @@ END(interrupt)
+@@ -800,6 +998,16 @@ END(interrupt)
  	CFI_ADJUST_CFA_OFFSET 10*8
  	call save_args
  	PARTIAL_FRAME 0
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	testb $3, CS(%rdi)
 +	jnz 1f
-+	call pax_enter_kernel
++	pax_enter_kernel
 +	jmp 2f
-+1:	call pax_enter_kernel_user
++1:	pax_enter_kernel_user
 +2:
 +#else
-+	call pax_enter_kernel
++	pax_enter_kernel
 +#endif
  	call \func
  	.endm
  
-@@ -822,7 +1026,7 @@ ret_from_intr:
+@@ -822,7 +1030,7 @@ ret_from_intr:
  	CFI_ADJUST_CFA_OFFSET	-8
  exit_intr:
  	GET_THREAD_INFO(%rcx)
@@ -12032,22 +12108,18 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
  	je retint_kernel
  
  	/* Interrupt came from user space */
-@@ -844,12 +1048,18 @@ retint_swapgs:		/* return to user-space 
+@@ -844,12 +1052,14 @@ retint_swapgs:		/* return to user-space 
  	 * The iretq could re-enable interrupts:
  	 */
  	DISABLE_INTERRUPTS(CLBR_ANY)
-+
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_exit_kernel_user
-+#endif
-+
++	pax_exit_kernel_user
  	TRACE_IRQS_IRETQ
  	SWAPGS
  	jmp restore_args
  
  retint_restore_args:	/* return to kernel space */
  	DISABLE_INTERRUPTS(CLBR_ANY)
-+	call pax_exit_kernel
++	pax_exit_kernel
  	/*
  	 * The iretq could re-enable interrupts:
  	 */
@@ -12058,12 +12130,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	testb $3, CS(%rsp)
 +	jnz 1f
-+	call pax_enter_kernel
++	pax_enter_kernel
 +	jmp 2f
-+1:	call pax_enter_kernel_user
++1:	pax_enter_kernel_user
 +2:
 +#else
-+	call pax_enter_kernel
++	pax_enter_kernel
 +#endif
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
@@ -12075,12 +12147,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	testb $3, CS(%rsp)
 +	jnz 1f
-+	call pax_enter_kernel
++	pax_enter_kernel
 +	jmp 2f
-+1:	call pax_enter_kernel_user
++1:	pax_enter_kernel_user
 +2:
 +#else
-+	call pax_enter_kernel
++	pax_enter_kernel
 +#endif
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
@@ -12092,12 +12164,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	testb $3, CS(%rsp)
 +	jnz 1f
-+	call pax_enter_kernel
++	pax_enter_kernel
 +	jmp 2f
-+1:	call pax_enter_kernel_user
++1:	pax_enter_kernel_user
 +2:
 +#else
-+	call pax_enter_kernel
++	pax_enter_kernel
 +#endif
  	movq %rsp,%rdi		/* pt_regs pointer */
  	xorl %esi,%esi		/* no error code */
@@ -12118,12 +12190,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	testb $3, CS(%rsp)
 +	jnz 1f
-+	call pax_enter_kernel
++	pax_enter_kernel
 +	jmp 2f
-+1:	call pax_enter_kernel_user
++1:	pax_enter_kernel_user
 +2:
 +#else
-+	call pax_enter_kernel
++	pax_enter_kernel
 +#endif
  	movq %rsp,%rdi			/* pt_regs pointer */
  	movq ORIG_RAX(%rsp),%rsi	/* get error code */
@@ -12135,12 +12207,12 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	testb $3, CS(%rsp)
 +	jnz 1f
-+	call pax_enter_kernel
++	pax_enter_kernel
 +	jmp 2f
-+1:	call pax_enter_kernel_user
++1:	pax_enter_kernel_user
 +2:
 +#else
-+	call pax_enter_kernel
++	pax_enter_kernel
 +#endif
  	movq %rsp,%rdi			/* pt_regs pointer */
  	movq ORIG_RAX(%rsp),%rsi	/* get error code */
@@ -12153,7 +12225,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +	testb $3,CS(%rsp)
  	jnz   paranoid_userspace
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_exit_kernel
++	pax_exit_kernel
 +	TRACE_IRQS_IRETQ 0
 +	SWAPGS_UNSAFE_STACK
 +	RESTORE_ALL 8
@@ -12161,16 +12233,16 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#endif
  paranoid_swapgs:
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	call pax_exit_kernel_user
++	pax_exit_kernel_user
 +#else
-+	call pax_exit_kernel
++	pax_exit_kernel
 +#endif
  	TRACE_IRQS_IRETQ 0
  	SWAPGS_UNSAFE_STACK
  	RESTORE_ALL 8
  	jmp irq_return
  paranoid_restore:
-+	call pax_exit_kernel
++	pax_exit_kernel
  	TRACE_IRQS_IRETQ 0
  	RESTORE_ALL 8
  	jmp irq_return
@@ -12190,27 +12262,40 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/entry_64.S linux-2.6.32.29/arch/x86/k
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
 +	testb $3, CS(%rsp)
 +	jnz 1f
-+	call pax_enter_kernel
++	pax_enter_kernel
 +	jmp 2f
-+1:	call pax_enter_kernel_user
++1:	pax_enter_kernel_user
 +2:
 +#else
-+	call pax_enter_kernel
++	pax_enter_kernel
 +#endif
  	/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
  	movq %rsp,%rdi
  	movq $-1,%rsi
-@@ -1539,11 +1827,12 @@ ENTRY(nmi)
+@@ -1539,11 +1827,25 @@ ENTRY(nmi)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz nmi_restore
 -	testl $3,CS(%rsp)
 +	testb $3,CS(%rsp)
  	jnz nmi_userspace
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	pax_exit_kernel
++	SWAPGS_UNSAFE_STACK
++	RESTORE_ALL 8
++	jmp irq_return
++#endif
  nmi_swapgs:
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	pax_exit_kernel_user
++#else
++	pax_exit_kernel
++#endif
  	SWAPGS_UNSAFE_STACK
++	RESTORE_ALL 8
++	jmp irq_return
  nmi_restore:
-+	call pax_exit_kernel
++	pax_exit_kernel
  	RESTORE_ALL 8
  	jmp irq_return
  nmi_userspace:
@@ -13983,7 +14068,7 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/process.c linux-2.6.32.29/arch/x86/ke
 -
 diff -urNp linux-2.6.32.29/arch/x86/kernel/ptrace.c linux-2.6.32.29/arch/x86/kernel/ptrace.c
 --- linux-2.6.32.29/arch/x86/kernel/ptrace.c	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.29/arch/x86/kernel/ptrace.c	2010-12-31 14:46:53.000000000 -0500
++++ linux-2.6.32.29/arch/x86/kernel/ptrace.c	2011-02-27 14:53:10.000000000 -0500
 @@ -925,7 +925,7 @@ static const struct user_regset_view use
  long arch_ptrace(struct task_struct *child, long request, long addr, long data)
  {
@@ -14052,6 +14137,24 @@ diff -urNp linux-2.6.32.29/arch/x86/kernel/ptrace.c linux-2.6.32.29/arch/x86/ker
  
  	/* Send us the fake SIGTRAP */
  	force_sig_info(SIGTRAP, &info, tsk);
+@@ -1469,7 +1469,7 @@ void send_sigtrap(struct task_struct *ts
+  * We must return the syscall number to actually look up in the table.
+  * This can be -1L to skip running any syscall at all.
+  */
+-asmregparm long syscall_trace_enter(struct pt_regs *regs)
++long syscall_trace_enter(struct pt_regs *regs)
+ {
+ 	long ret = 0;
+ 
+@@ -1514,7 +1514,7 @@ asmregparm long syscall_trace_enter(stru
+ 	return ret ?: regs->orig_ax;
+ }
+ 
+-asmregparm void syscall_trace_leave(struct pt_regs *regs)
++void syscall_trace_leave(struct pt_regs *regs)
+ {
+ 	if (unlikely(current->audit_context))
+ 		audit_syscall_exit(AUDITSC_RESULT(regs->ax), regs->ax);
 diff -urNp linux-2.6.32.29/arch/x86/kernel/reboot.c linux-2.6.32.29/arch/x86/kernel/reboot.c
 --- linux-2.6.32.29/arch/x86/kernel/reboot.c	2010-11-26 18:22:29.000000000 -0500
 +++ linux-2.6.32.29/arch/x86/kernel/reboot.c	2010-12-31 14:46:53.000000000 -0500
@@ -24783,6 +24886,18 @@ diff -urNp linux-2.6.32.29/drivers/char/tpm/tpm_bios.c linux-2.6.32.29/drivers/c
  
  	memcpy(log->bios_event_log, virt, len);
  
+diff -urNp linux-2.6.32.29/drivers/char/tpm/tpm.c linux-2.6.32.29/drivers/char/tpm/tpm.c
+--- linux-2.6.32.29/drivers/char/tpm/tpm.c	2011-02-22 15:56:54.000000000 -0500
++++ linux-2.6.32.29/drivers/char/tpm/tpm.c	2011-02-27 14:53:10.000000000 -0500
+@@ -402,7 +402,7 @@ static ssize_t tpm_transmit(struct tpm_c
+ 		    chip->vendor.req_complete_val)
+ 			goto out_recv;
+ 
+-		if ((status == chip->vendor.req_canceled)) {
++		if (status == chip->vendor.req_canceled) {
+ 			dev_err(chip->dev, "Operation Canceled\n");
+ 			rc = -ECANCELED;
+ 			goto out;
 diff -urNp linux-2.6.32.29/drivers/char/tty_io.c linux-2.6.32.29/drivers/char/tty_io.c
 --- linux-2.6.32.29/drivers/char/tty_io.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/char/tty_io.c	2010-12-31 14:46:53.000000000 -0500
@@ -24983,6 +25098,18 @@ diff -urNp linux-2.6.32.29/drivers/char/virtio_console.c linux-2.6.32.29/drivers
  static struct hv_ops virtio_cons;
  
  /* The hvc device */
+diff -urNp linux-2.6.32.29/drivers/char/vt.c linux-2.6.32.29/drivers/char/vt.c
+--- linux-2.6.32.29/drivers/char/vt.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/char/vt.c	2011-02-27 14:53:10.000000000 -0500
+@@ -243,7 +243,7 @@ EXPORT_SYMBOL_GPL(unregister_vt_notifier
+ 
+ static void notify_write(struct vc_data *vc, unsigned int unicode)
+ {
+-	struct vt_notifier_param param = { .vc = vc, unicode = unicode };
++	struct vt_notifier_param param = { .vc = vc, .c = unicode };
+ 	atomic_notifier_call_chain(&vt_notifier_list, VT_WRITE, &param);
+ }
+ 
 diff -urNp linux-2.6.32.29/drivers/char/vt_ioctl.c linux-2.6.32.29/drivers/char/vt_ioctl.c
 --- linux-2.6.32.29/drivers/char/vt_ioctl.c	2010-12-09 18:13:03.000000000 -0500
 +++ linux-2.6.32.29/drivers/char/vt_ioctl.c	2010-12-31 14:46:53.000000000 -0500
@@ -26100,6 +26227,18 @@ diff -urNp linux-2.6.32.29/drivers/ieee1394/hosts.c linux-2.6.32.29/drivers/ieee
  	.transmit_packet = dummy_transmit_packet,
  	.devctl =	   dummy_devctl,
  	.isoctl =	   dummy_isoctl
+diff -urNp linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c
+--- linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/ieee1394/init_ohci1394_dma.c	2011-02-27 14:53:10.000000000 -0500
+@@ -257,7 +257,7 @@ void __init init_ohci1394_dma_on_all_con
+ 			for (func = 0; func < 8; func++) {
+ 				u32 class = read_pci_config(num,slot,func,
+ 							PCI_CLASS_REVISION);
+-				if ((class == 0xffffffff))
++				if (class == 0xffffffff)
+ 					continue; /* No device at this func */
+ 
+ 				if (class>>8 != PCI_CLASS_SERIAL_FIREWIRE_OHCI)
 diff -urNp linux-2.6.32.29/drivers/ieee1394/ohci1394.c linux-2.6.32.29/drivers/ieee1394/ohci1394.c
 --- linux-2.6.32.29/drivers/ieee1394/ohci1394.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/ieee1394/ohci1394.c	2010-12-31 14:46:53.000000000 -0500
@@ -26899,6 +27038,18 @@ diff -urNp linux-2.6.32.29/drivers/md/bitmap.c linux-2.6.32.29/drivers/md/bitmap
  #  endif
  #endif
  
+diff -urNp linux-2.6.32.29/drivers/md/dm-ioctl.c linux-2.6.32.29/drivers/md/dm-ioctl.c
+--- linux-2.6.32.29/drivers/md/dm-ioctl.c	2010-08-29 21:08:20.000000000 -0400
++++ linux-2.6.32.29/drivers/md/dm-ioctl.c	2011-02-27 14:53:10.000000000 -0500
+@@ -1437,7 +1437,7 @@ static int validate_params(uint cmd, str
+ 	    cmd == DM_LIST_VERSIONS_CMD)
+ 		return 0;
+ 
+-	if ((cmd == DM_DEV_CREATE_CMD)) {
++	if (cmd == DM_DEV_CREATE_CMD) {
+ 		if (!*param->name) {
+ 			DMWARN("name not supplied when creating device");
+ 			return -EINVAL;
 diff -urNp linux-2.6.32.29/drivers/md/dm-sysfs.c linux-2.6.32.29/drivers/md/dm-sysfs.c
 --- linux-2.6.32.29/drivers/md/dm-sysfs.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/md/dm-sysfs.c	2010-12-31 14:46:53.000000000 -0500
@@ -27019,6 +27170,22 @@ diff -urNp linux-2.6.32.29/drivers/media/radio/radio-cadet.c linux-2.6.32.29/dri
  		return -EFAULT;
  	return i;
  }
+diff -urNp linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c
+--- linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/media/video/sn9c102/sn9c102_core.c	2011-02-27 15:19:00.000000000 -0500
+@@ -1430,9 +1430,9 @@ static DEVICE_ATTR(i2c_reg, S_IRUGO | S_
+ 		   sn9c102_show_i2c_reg, sn9c102_store_i2c_reg);
+ static DEVICE_ATTR(i2c_val, S_IRUGO | S_IWUSR,
+ 		   sn9c102_show_i2c_val, sn9c102_store_i2c_val);
+-static DEVICE_ATTR(green, S_IWUGO, NULL, sn9c102_store_green);
+-static DEVICE_ATTR(blue, S_IWUGO, NULL, sn9c102_store_blue);
+-static DEVICE_ATTR(red, S_IWUGO, NULL, sn9c102_store_red);
++static DEVICE_ATTR(green, S_IWUSR, NULL, sn9c102_store_green);
++static DEVICE_ATTR(blue, S_IWUSR, NULL, sn9c102_store_blue);
++static DEVICE_ATTR(red, S_IWUSR, NULL, sn9c102_store_red);
+ static DEVICE_ATTR(frame_header, S_IRUGO, sn9c102_show_frame_header, NULL);
+ 
+ 
 diff -urNp linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c
 --- linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/media/video/usbvideo/konicawc.c	2010-12-31 14:46:53.000000000 -0500
@@ -27241,6 +27408,45 @@ diff -urNp linux-2.6.32.29/drivers/message/i2o/i2o_proc.c linux-2.6.32.29/driver
  
  	return 0;
  }
+diff -urNp linux-2.6.32.29/drivers/mfd/ab3100-core.c linux-2.6.32.29/drivers/mfd/ab3100-core.c
+--- linux-2.6.32.29/drivers/mfd/ab3100-core.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/mfd/ab3100-core.c	2011-02-27 15:32:18.000000000 -0500
+@@ -591,7 +591,7 @@ static void ab3100_setup_debugfs(struct 
+ 	ab3100_get_priv.ab3100 = ab3100;
+ 	ab3100_get_priv.mode = false;
+ 	ab3100_get_reg_file = debugfs_create_file("get_reg",
+-				S_IWUGO, ab3100_dir, &ab3100_get_priv,
++				S_IWUSR, ab3100_dir, &ab3100_get_priv,
+ 				&ab3100_get_set_reg_fops);
+ 	if (!ab3100_get_reg_file) {
+ 		err = -ENOMEM;
+@@ -601,7 +601,7 @@ static void ab3100_setup_debugfs(struct 
+ 	ab3100_set_priv.ab3100 = ab3100;
+ 	ab3100_set_priv.mode = true;
+ 	ab3100_set_reg_file = debugfs_create_file("set_reg",
+-				S_IWUGO, ab3100_dir, &ab3100_set_priv,
++				S_IWUSR, ab3100_dir, &ab3100_set_priv,
+ 				&ab3100_get_set_reg_fops);
+ 	if (!ab3100_set_reg_file) {
+ 		err = -ENOMEM;
+diff -urNp linux-2.6.32.29/drivers/misc/ep93xx_pwm.c linux-2.6.32.29/drivers/misc/ep93xx_pwm.c
+--- linux-2.6.32.29/drivers/misc/ep93xx_pwm.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/misc/ep93xx_pwm.c	2011-02-27 15:23:39.000000000 -0500
+@@ -248,11 +248,11 @@ static ssize_t ep93xx_pwm_set_invert(str
+ 
+ static DEVICE_ATTR(min_freq, S_IRUGO, ep93xx_pwm_get_min_freq, NULL);
+ static DEVICE_ATTR(max_freq, S_IRUGO, ep93xx_pwm_get_max_freq, NULL);
+-static DEVICE_ATTR(freq, S_IWUGO | S_IRUGO,
++static DEVICE_ATTR(freq, S_IWUSR | S_IRUGO,
+ 		   ep93xx_pwm_get_freq, ep93xx_pwm_set_freq);
+-static DEVICE_ATTR(duty_percent, S_IWUGO | S_IRUGO,
++static DEVICE_ATTR(duty_percent, S_IWUSR | S_IRUGO,
+ 		   ep93xx_pwm_get_duty_percent, ep93xx_pwm_set_duty_percent);
+-static DEVICE_ATTR(invert, S_IWUGO | S_IRUGO,
++static DEVICE_ATTR(invert, S_IWUSR | S_IRUGO,
+ 		   ep93xx_pwm_get_invert, ep93xx_pwm_set_invert);
+ 
+ static struct attribute *ep93xx_pwm_attrs[] = {
 diff -urNp linux-2.6.32.29/drivers/misc/kgdbts.c linux-2.6.32.29/drivers/misc/kgdbts.c
 --- linux-2.6.32.29/drivers/misc/kgdbts.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/misc/kgdbts.c	2010-12-31 14:46:53.000000000 -0500
@@ -28447,6 +28653,22 @@ diff -urNp linux-2.6.32.29/drivers/pci/intel-iommu.c linux-2.6.32.29/drivers/pci
  	.alloc_coherent = intel_alloc_coherent,
  	.free_coherent = intel_free_coherent,
  	.map_sg = intel_map_sg,
+diff -urNp linux-2.6.32.29/drivers/pci/pcie/aspm.c linux-2.6.32.29/drivers/pci/pcie/aspm.c
+--- linux-2.6.32.29/drivers/pci/pcie/aspm.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/pci/pcie/aspm.c	2011-02-27 14:53:10.000000000 -0500
+@@ -27,9 +27,9 @@
+ #define MODULE_PARAM_PREFIX "pcie_aspm."
+ 
+ /* Note: those are not register definitions */
+-#define ASPM_STATE_L0S_UP	(1)	/* Upstream direction L0s state */
+-#define ASPM_STATE_L0S_DW	(2)	/* Downstream direction L0s state */
+-#define ASPM_STATE_L1		(4)	/* L1 state */
++#define ASPM_STATE_L0S_UP	(1U)	/* Upstream direction L0s state */
++#define ASPM_STATE_L0S_DW	(2U)	/* Downstream direction L0s state */
++#define ASPM_STATE_L1		(4U)	/* L1 state */
+ #define ASPM_STATE_L0S		(ASPM_STATE_L0S_UP | ASPM_STATE_L0S_DW)
+ #define ASPM_STATE_ALL		(ASPM_STATE_L0S | ASPM_STATE_L1)
+ 
 diff -urNp linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c
 --- linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/pci/pcie/portdrv_pci.c	2010-12-31 14:46:53.000000000 -0500
@@ -28549,7 +28771,7 @@ diff -urNp linux-2.6.32.29/drivers/pcmcia/yenta_socket.c linux-2.6.32.29/drivers
  
 diff -urNp linux-2.6.32.29/drivers/platform/x86/acer-wmi.c linux-2.6.32.29/drivers/platform/x86/acer-wmi.c
 --- linux-2.6.32.29/drivers/platform/x86/acer-wmi.c	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.29/drivers/platform/x86/acer-wmi.c	2010-12-31 14:46:53.000000000 -0500
++++ linux-2.6.32.29/drivers/platform/x86/acer-wmi.c	2011-02-27 15:22:41.000000000 -0500
 @@ -918,7 +918,7 @@ static int update_bl_status(struct backl
  	return 0;
  }
@@ -28559,10 +28781,35 @@ diff -urNp linux-2.6.32.29/drivers/platform/x86/acer-wmi.c linux-2.6.32.29/drive
  	.get_brightness = read_brightness,
  	.update_status = update_bl_status,
  };
+@@ -1065,7 +1065,7 @@ static ssize_t set_bool_threeg(struct de
+ 			return -EINVAL;
+ 	return count;
+ }
+-static DEVICE_ATTR(threeg, S_IWUGO | S_IRUGO | S_IWUSR, show_bool_threeg,
++static DEVICE_ATTR(threeg, S_IRUGO | S_IWUSR, show_bool_threeg,
+ 	set_bool_threeg);
+ 
+ static ssize_t show_interface(struct device *dev, struct device_attribute *attr,
 diff -urNp linux-2.6.32.29/drivers/platform/x86/asus_acpi.c linux-2.6.32.29/drivers/platform/x86/asus_acpi.c
 --- linux-2.6.32.29/drivers/platform/x86/asus_acpi.c	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.29/drivers/platform/x86/asus_acpi.c	2010-12-31 14:46:53.000000000 -0500
-@@ -1402,7 +1402,7 @@ static int asus_hotk_remove(struct acpi_
++++ linux-2.6.32.29/drivers/platform/x86/asus_acpi.c	2011-02-27 15:16:00.000000000 -0500
+@@ -1001,14 +1001,8 @@ static int asus_hotk_add_fs(struct acpi_
+ 	struct proc_dir_entry *proc;
+ 	mode_t mode;
+ 
+-	/*
+-	 * If parameter uid or gid is not changed, keep the default setting for
+-	 * our proc entries (-rw-rw-rw-) else, it means we care about security,
+-	 * and then set to -rw-rw----
+-	 */
+-
+ 	if ((asus_uid == 0) && (asus_gid == 0)) {
+-		mode = S_IFREG | S_IRUGO | S_IWUGO;
++		mode = S_IFREG | S_IRUGO | S_IWUSR | S_IWGRP;
+ 	} else {
+ 		mode = S_IFREG | S_IRUSR | S_IRGRP | S_IWUSR | S_IWGRP;
+ 		printk(KERN_WARNING "  asus_uid and asus_gid parameters are "
+@@ -1402,7 +1396,7 @@ static int asus_hotk_remove(struct acpi_
  	return 0;
  }
  
@@ -28803,6 +29050,18 @@ diff -urNp linux-2.6.32.29/drivers/rtc/rtc-dev.c linux-2.6.32.29/drivers/rtc/rtc
  		return rtc_set_time(rtc, &tm);
  
  	case RTC_PIE_ON:
+diff -urNp linux-2.6.32.29/drivers/rtc/rtc-ds1511.c linux-2.6.32.29/drivers/rtc/rtc-ds1511.c
+--- linux-2.6.32.29/drivers/rtc/rtc-ds1511.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/rtc/rtc-ds1511.c	2011-02-27 15:20:55.000000000 -0500
+@@ -480,7 +480,7 @@ ds1511_nvram_write(struct kobject *kobj,
+ static struct bin_attribute ds1511_nvram_attr = {
+ 	.attr = {
+ 		.name = "nvram",
+-		.mode = S_IRUGO | S_IWUGO,
++		.mode = S_IRUGO | S_IWUSR,
+ 	},
+ 	.size = DS1511_RAM_MAX,
+ 	.read = ds1511_nvram_read,
 diff -urNp linux-2.6.32.29/drivers/s390/cio/qdio_perf.c linux-2.6.32.29/drivers/s390/cio/qdio_perf.c
 --- linux-2.6.32.29/drivers/s390/cio/qdio_perf.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/s390/cio/qdio_perf.c	2010-12-31 14:46:53.000000000 -0500
@@ -28956,6 +29215,18 @@ diff -urNp linux-2.6.32.29/drivers/s390/cio/qdio_perf.h linux-2.6.32.29/drivers/
  }
  
  int qdio_setup_perf_stats(void);
+diff -urNp linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c
+--- linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/drivers/scsi/aic94xx/aic94xx_init.c	2011-02-27 15:21:24.000000000 -0500
+@@ -485,7 +485,7 @@ static ssize_t asd_show_update_bios(stru
+ 			flash_error_table[i].reason);
+ }
+ 
+-static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUGO,
++static DEVICE_ATTR(update_bios, S_IRUGO|S_IWUSR,
+ 	asd_show_update_bios, asd_store_update_bios);
+ 
+ static int asd_create_dev_attrs(struct asd_ha_struct *asd_ha)
 diff -urNp linux-2.6.32.29/drivers/scsi/ipr.c linux-2.6.32.29/drivers/scsi/ipr.c
 --- linux-2.6.32.29/drivers/scsi/ipr.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/drivers/scsi/ipr.c	2010-12-31 14:46:53.000000000 -0500
@@ -35023,6 +35294,30 @@ diff -urNp linux-2.6.32.29/fs/open.c linux-2.6.32.29/fs/open.c
  			if (IS_ERR(f)) {
  				put_unused_fd(fd);
  				fd = PTR_ERR(f);
+diff -urNp linux-2.6.32.29/fs/partitions/ldm.c linux-2.6.32.29/fs/partitions/ldm.c
+--- linux-2.6.32.29/fs/partitions/ldm.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/fs/partitions/ldm.c	2011-02-27 15:46:41.000000000 -0500
+@@ -251,6 +251,11 @@ static bool ldm_parse_vmdb (const u8 *da
+ 	}
+ 
+ 	vm->vblk_size     = get_unaligned_be32(data + 0x08);
++	if (vm->vblk_size == 0) {
++		ldm_error ("Illegal VBLK size");
++		return false;
++	}
++
+ 	vm->vblk_offset   = get_unaligned_be32(data + 0x0C);
+ 	vm->last_vblk_seq = get_unaligned_be32(data + 0x04);
+ 
+@@ -1308,7 +1313,7 @@ static bool ldm_frag_add (const u8 *data
+ 			goto found;
+ 	}
+ 
+-	f = kmalloc (sizeof (*f) + size*num, GFP_KERNEL);
++	f = kmalloc (size*num + sizeof (*f), GFP_KERNEL);
+ 	if (!f) {
+ 		ldm_crit ("Out of memory.");
+ 		return false;
 diff -urNp linux-2.6.32.29/fs/partitions/mac.c linux-2.6.32.29/fs/partitions/mac.c
 --- linux-2.6.32.29/fs/partitions/mac.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/fs/partitions/mac.c	2011-02-22 16:30:44.000000000 -0500
@@ -36546,6 +36841,32 @@ diff -urNp linux-2.6.32.29/fs/sysfs/symlink.c linux-2.6.32.29/fs/sysfs/symlink.c
  	if (!IS_ERR(page))
  		free_page((unsigned long)page);
  }
+diff -urNp linux-2.6.32.29/fs/ubifs/debug.c linux-2.6.32.29/fs/ubifs/debug.c
+--- linux-2.6.32.29/fs/ubifs/debug.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/fs/ubifs/debug.c	2011-02-27 15:31:34.000000000 -0500
+@@ -2660,19 +2660,19 @@ int dbg_debugfs_init_fs(struct ubifs_inf
+ 	}
+ 
+ 	fname = "dump_lprops";
+-	dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
++	dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
+ 	if (IS_ERR(dent))
+ 		goto out_remove;
+ 	d->dfs_dump_lprops = dent;
+ 
+ 	fname = "dump_budg";
+-	dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
++	dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
+ 	if (IS_ERR(dent))
+ 		goto out_remove;
+ 	d->dfs_dump_budg = dent;
+ 
+ 	fname = "dump_tnc";
+-	dent = debugfs_create_file(fname, S_IWUGO, d->dfs_dir, c, &dfs_fops);
++	dent = debugfs_create_file(fname, S_IWUSR, d->dfs_dir, c, &dfs_fops);
+ 	if (IS_ERR(dent))
+ 		goto out_remove;
+ 	d->dfs_dump_tnc = dent;
 diff -urNp linux-2.6.32.29/fs/udf/balloc.c linux-2.6.32.29/fs/udf/balloc.c
 --- linux-2.6.32.29/fs/udf/balloc.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/fs/udf/balloc.c	2010-12-31 14:46:53.000000000 -0500
@@ -59471,6 +59792,36 @@ diff -urNp linux-2.6.32.29/net/rds/Kconfig linux-2.6.32.29/net/rds/Kconfig
  	---help---
  	  The RDS (Reliable Datagram Sockets) protocol provides reliable,
  	  sequenced delivery of datagrams over Infiniband, iWARP,
+diff -urNp linux-2.6.32.29/net/rxrpc/ar-key.c linux-2.6.32.29/net/rxrpc/ar-key.c
+--- linux-2.6.32.29/net/rxrpc/ar-key.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.29/net/rxrpc/ar-key.c	2011-02-27 15:01:43.000000000 -0500
+@@ -88,11 +88,11 @@ static int rxrpc_instantiate_xdr_rxkad(s
+ 		return ret;
+ 
+ 	plen -= sizeof(*token);
+-	token = kmalloc(sizeof(*token), GFP_KERNEL);
++	token = kzalloc(sizeof(*token), GFP_KERNEL);
+ 	if (!token)
+ 		return -ENOMEM;
+ 
+-	token->kad = kmalloc(plen, GFP_KERNEL);
++	token->kad = kzalloc(plen, GFP_KERNEL);
+ 	if (!token->kad) {
+ 		kfree(token);
+ 		return -ENOMEM;
+@@ -730,10 +730,10 @@ static int rxrpc_instantiate(struct key 
+ 		goto error;
+ 
+ 	ret = -ENOMEM;
+-	token = kmalloc(sizeof(*token), GFP_KERNEL);
++	token = kzalloc(sizeof(*token), GFP_KERNEL);
+ 	if (!token)
+ 		goto error;
+-	token->kad = kmalloc(plen, GFP_KERNEL);
++	token->kad = kzalloc(plen, GFP_KERNEL);
+ 	if (!token->kad)
+ 		goto error_free;
+ 
 diff -urNp linux-2.6.32.29/net/sctp/auth.c linux-2.6.32.29/net/sctp/auth.c
 --- linux-2.6.32.29/net/sctp/auth.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.29/net/sctp/auth.c	2010-12-31 14:46:53.000000000 -0500