diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-05-08 08:08:13 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-05-08 08:08:13 -0400 |
| commit | 366a8545adc4f54723c84497592605872c6bdbe6 (patch) | |
| tree | d4cac07e8e48003fcac8861472e5a74f1ccd460a | |
| parent | Grsec/PaX: 2.9-{2.6.32.59,3.2.16,3.3.4}-201204272005 (diff) | |
| download | hardened-patchset-366a8545adc4f54723c84497592605872c6bdbe6.tar.gz hardened-patchset-366a8545adc4f54723c84497592605872c6bdbe6.tar.bz2 hardened-patchset-366a8545adc4f54723c84497592605872c6bdbe6.zip | |
Grsec/PaX: 2.9-{2.6.32.59,3.2.16,3.3.5}-20120507183820120507
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9-2.6.32.59-201205071838.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch) | 657 | ||||
| -rw-r--r-- | 3.2.16/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.16/4420_grsecurity-2.9-3.2.16-201205071838.patch (renamed from 3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch) | 667 | ||||
| -rw-r--r-- | 3.3.5/0000_README (renamed from 3.3.4/0000_README) | 6 | ||||
| -rw-r--r-- | 3.3.5/1004_linux-3.3.5.patch | 3285 | ||||
| -rw-r--r-- | 3.3.5/4420_grsecurity-2.9-3.3.5-201205071839.patch (renamed from 3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch) | 798 | ||||
| -rw-r--r-- | 3.3.5/4430_grsec-remove-localversion-grsec.patch (renamed from 3.3.4/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4435_grsec-mute-warnings.patch (renamed from 3.3.4/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4440_grsec-remove-protected-paths.patch (renamed from 3.3.4/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4445_grsec-pax-without-grsec.patch (renamed from 3.3.4/4445_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4450_grsec-kconfig-default-gids.patch (renamed from 3.3.4/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4455_grsec-kconfig-gentoo.patch (renamed from 3.3.4/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4460-grsec-kconfig-proc-user.patch (renamed from 3.3.4/4460-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.3.4/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.3.5/4470_disable-compat_vdso.patch (renamed from 3.3.4/4470_disable-compat_vdso.patch) | 0 |
16 files changed, 5191 insertions, 226 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 78e053c..cfcffd4 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9-2.6.32.59-201204272005.patch +Patch: 4420_grsecurity-2.9-2.6.32.59-201205071838.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201205071838.patch index 0991ae8..185e1d4 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201204272005.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201205071838.patch @@ -511,6 +511,23 @@ index 5c75c1b..c82f878 100644 /* $0 is set by ld.so to a pointer to a function which might be registered using atexit. This provides a mean for the dynamic linker to call DT_FINI functions for shared libraries that have +diff --git a/arch/alpha/include/asm/pgalloc.h b/arch/alpha/include/asm/pgalloc.h +index bc2a0da..8ad11ee 100644 +--- a/arch/alpha/include/asm/pgalloc.h ++++ b/arch/alpha/include/asm/pgalloc.h +@@ -29,6 +29,12 @@ pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + pgd_set(pgd, pmd); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + extern pgd_t *pgd_alloc(struct mm_struct *mm); + + static inline void diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h index 3f0c59f..cf1e100 100644 --- a/arch/alpha/include/asm/pgtable.h @@ -1106,6 +1123,18 @@ index 3a32af4..c8def8a 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; +diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h +index b12cc98..cdb5c51 100644 +--- a/arch/arm/include/asm/pgalloc.h ++++ b/arch/arm/include/asm/pgalloc.h +@@ -29,6 +29,7 @@ + #define pmd_alloc_one(mm,addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, pmd) do { } while (0) + #define pgd_populate(mm,pmd,pte) BUG() ++#define pgd_populate_kernel(mm,pmd,pte) BUG() + + extern pgd_t *get_pgd_slow(struct mm_struct *mm); + extern void free_pgd_slow(struct mm_struct *mm, pgd_t *pgd); diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index d65b2f5..9d87555 100644 --- a/arch/arm/include/asm/system.h @@ -2212,6 +2241,36 @@ index 367d299..9ad4279 100644 /* * Define default versions so we can extend machvec for new platforms without having +diff --git a/arch/ia64/include/asm/pgalloc.h b/arch/ia64/include/asm/pgalloc.h +index 96a8d92..617a1cf 100644 +--- a/arch/ia64/include/asm/pgalloc.h ++++ b/arch/ia64/include/asm/pgalloc.h +@@ -39,6 +39,12 @@ pgd_populate(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) + pgd_val(*pgd_entry) = __pa(pud); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) ++{ ++ pgd_populate(mm, pgd_entry, pud); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); +@@ -57,6 +63,12 @@ pud_populate(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) + pud_val(*pud_entry) = __pa(pmd); + } + ++static inline void ++pud_populate_kernel(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) ++{ ++ pud_populate(mm, pud_entry, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); diff --git a/arch/ia64/include/asm/pgtable.h b/arch/ia64/include/asm/pgtable.h index 8840a69..cdb63d9 100644 --- a/arch/ia64/include/asm/pgtable.h @@ -2816,6 +2875,22 @@ index f266295..627cfff 100644 #else typedef struct { unsigned long long pte; } pte_t; #define pte_val(x) ((x).pte) +diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h +index 3738f4b..9020d86 100644 +--- a/arch/mips/include/asm/pgalloc.h ++++ b/arch/mips/include/asm/pgalloc.h +@@ -37,6 +37,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + set_pud(pud, __pud((unsigned long)pmd)); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} + #endif + + /* diff --git a/arch/mips/include/asm/reboot.h b/arch/mips/include/asm/reboot.h index e48c0bf..f3acf65 100644 --- a/arch/mips/include/asm/reboot.h @@ -3098,6 +3173,30 @@ index 9c802eb..0592e41 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, but it's not easy, and we've already done it here. */ +diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h +index fc987a1..6e068ef 100644 +--- a/arch/parisc/include/asm/pgalloc.h ++++ b/arch/parisc/include/asm/pgalloc.h +@@ -61,6 +61,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + (__u32)(__pa((unsigned long)pmd) >> PxD_VALUE_SHIFT)); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) + { + pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL|__GFP_REPEAT, +@@ -93,6 +98,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd) + #define pmd_alloc_one(mm, addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, x) do { } while (0) + #define pgd_populate(mm, pmd, pte) BUG() ++#define pgd_populate_kernel(mm, pmd, pte) BUG() + + #endif + diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h index a27d2e2..18fd845 100644 --- a/arch/parisc/include/asm/pgtable.h @@ -3687,6 +3786,38 @@ index b5ea626..40308222 100644 #else /* CONFIG_PCI */ #define set_pci_dma_ops(d) #define get_pci_dma_ops() NULL +diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h +index e6f069c..6c7a1f8 100644 +--- a/arch/powerpc/include/asm/pgalloc-64.h ++++ b/arch/powerpc/include/asm/pgalloc-64.h +@@ -37,6 +37,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + #ifndef CONFIG_PPC_64K_PAGES + + #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, PUD) ++#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD)) + + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { +@@ -54,6 +55,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + pud_set(pud, (unsigned long)pmd); + } + ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} ++ + #define pmd_populate(mm, pmd, pte_page) \ + pmd_populate_kernel(mm, pmd, page_address(pte_page)) + #define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte)) +@@ -63,6 +69,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + #else /* CONFIG_PPC_64K_PAGES */ + + #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, + pte_t *pte) diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h index 2a5da06..d65bea2 100644 --- a/arch/powerpc/include/asm/pgtable.h @@ -5628,6 +5759,30 @@ index 156707b..aefa786 100644 #define PAGE_SHIFT 12 #ifndef __ASSEMBLY__ +diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h +index ca2b344..c6084f89 100644 +--- a/arch/sparc/include/asm/pgalloc_32.h ++++ b/arch/sparc/include/asm/pgalloc_32.h +@@ -37,6 +37,7 @@ BTFIXUPDEF_CALL(void, free_pgd_fast, pgd_t *) + BTFIXUPDEF_CALL(void, pgd_set, pgd_t *, pmd_t *) + #define pgd_set(pgdp,pmdp) BTFIXUP_CALL(pgd_set)(pgdp,pmdp) + #define pgd_populate(MM, PGD, PMD) pgd_set(PGD, PMD) ++#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD)) + + BTFIXUPDEF_CALL(pmd_t *, pmd_alloc_one, struct mm_struct *, unsigned long) + #define pmd_alloc_one(mm, address) BTFIXUP_CALL(pmd_alloc_one)(mm, address) +diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h +index 5bdfa2c..92b0706 100644 +--- a/arch/sparc/include/asm/pgalloc_64.h ++++ b/arch/sparc/include/asm/pgalloc_64.h +@@ -25,6 +25,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + } + + #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD) ++#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD)) + + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h index e0cabe7..efd60f1 100644 --- a/arch/sparc/include/asm/pgtable_32.h @@ -7911,6 +8066,18 @@ index 4cc9b6c..02e5029 100644 #ifndef __ASSEMBLY__ struct page; +diff --git a/arch/um/include/asm/pgtable-3level.h b/arch/um/include/asm/pgtable-3level.h +index 084de4a..f44d25c 100644 +--- a/arch/um/include/asm/pgtable-3level.h ++++ b/arch/um/include/asm/pgtable-3level.h +@@ -58,6 +58,7 @@ + #define pud_present(x) (pud_val(x) & _PAGE_PRESENT) + #define pud_populate(mm, pud, pmd) \ + set_pud(pud, __pud(_PAGE_TABLE + __pa(pmd))) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + #ifdef CONFIG_64BIT + #define set_pud(pudptr, pudval) set_64bit((phys_t *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c index 4a28a15..654dc2a 100644 --- a/arch/um/kernel/process.c @@ -12121,7 +12288,7 @@ index b65a36d..50345a4 100644 switch (sizeof(var)) { \ case 1: \ diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h -index 271de94..ef944d6 100644 +index 271de94..c714995 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(struct mm_struct *mm, @@ -12138,6 +12305,42 @@ index 271de94..ef944d6 100644 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE)); } +@@ -99,12 +106,22 @@ static inline void __pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd, + + #ifdef CONFIG_X86_PAE + extern void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd); ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) ++{ ++ pud_populate(mm, pudp, pmd); ++} + #else /* !CONFIG_X86_PAE */ + static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); + set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd))); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); ++ set_pud(pud, __pud(_KERNPG_TABLE | __pa(pmd))); ++} + #endif /* CONFIG_X86_PAE */ + + #if PAGETABLE_LEVELS > 3 +@@ -114,6 +131,12 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) + set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(pud))); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) ++{ ++ paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT); ++ set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(pud))); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return (pud_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT); diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h index 2334982..70bc412 100644 --- a/arch/x86/include/asm/pgtable-2level.h @@ -12435,7 +12638,7 @@ index 5e67c15..12d5c47 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index c57a301..6b414ff 100644 +index c57a301..5038210 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -16,10 +16,14 @@ @@ -12465,7 +12668,17 @@ index c57a301..6b414ff 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -94,6 +100,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -84,7 +90,9 @@ static inline void native_pmd_clear(pmd_t *pmd) + + static inline void native_set_pud(pud_t *pudp, pud_t pud) + { ++ pax_open_kernel(); + *pudp = pud; ++ pax_close_kernel(); + } + + static inline void native_pud_clear(pud_t *pud) +@@ -94,6 +102,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -26870,9 +27083,27 @@ index 30938c1..bda3d5d 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 7d095ad..25d2549 100644 +index 7d095ad..acf1be9 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c +@@ -123,7 +123,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) + { + if (pgd_none(*pgd)) { + pud_t *pud = (pud_t *)spp_getpage(); +- pgd_populate(&init_mm, pgd, pud); ++ pgd_populate_kernel(&init_mm, pgd, pud); + if (pud != pud_offset(pgd, 0)) + printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", + pud, pud_offset(pgd, 0)); +@@ -135,7 +135,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) + { + if (pud_none(*pud)) { + pmd_t *pmd = (pmd_t *) spp_getpage(); +- pud_populate(&init_mm, pud, pmd); ++ pud_populate_kernel(&init_mm, pud, pmd); + if (pmd != pmd_offset(pud, 0)) + printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", + pmd, pmd_offset(pud, 0)); @@ -164,7 +164,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) pmd = fill_pmd(pud, vaddr); pte = fill_pte(pmd, vaddr); @@ -26900,6 +27131,15 @@ index 7d095ad..25d2549 100644 } pmd = pmd_offset(pud, phys); BUG_ON(!pmd_none(*pmd)); +@@ -560,7 +560,7 @@ kernel_physical_mapping_init(unsigned long start, + unmap_low_page(pud); + + spin_lock(&init_mm.page_table_lock); +- pgd_populate(&init_mm, pgd, __va(pud_phys)); ++ pgd_populate_kernel(&init_mm, pgd, __va(pud_phys)); + spin_unlock(&init_mm.page_table_lock); + } + __flush_tlb_all(); @@ -675,6 +675,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -28686,6 +28926,19 @@ index a96204a..fca9b8e 100644 #endif xen_setup_runstate_info(cpu); xen_setup_timer(cpu); +diff --git a/arch/x86/xen/xen-asm.S b/arch/x86/xen/xen-asm.S +index 79d7362..3e45aa0 100644 +--- a/arch/x86/xen/xen-asm.S ++++ b/arch/x86/xen/xen-asm.S +@@ -96,7 +96,7 @@ ENTRY(xen_restore_fl_direct) + + /* check for unmasked and pending */ + cmpw $0x0001, PER_CPU_VAR(xen_vcpu_info) + XEN_vcpu_info_pending +- jz 1f ++ jnz 1f + 2: call check_events + 1: + ENDPATCH(xen_restore_fl_direct) diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S index 9a95a9c..4f39e774 100644 --- a/arch/x86/xen/xen-asm_32.S @@ -52524,6 +52777,93 @@ index 032cfe0..411af379 100644 /* * Card information is normally at VPD_BASE but some early cards had * it at 0. +diff --git a/drivers/net/dl2k.c b/drivers/net/dl2k.c +index 7fa7a90..fef924d 100644 +--- a/drivers/net/dl2k.c ++++ b/drivers/net/dl2k.c +@@ -1279,55 +1279,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd) + { + int phy_addr; + struct netdev_private *np = netdev_priv(dev); +- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru; +- +- struct netdev_desc *desc; +- int i; ++ struct mii_ioctl_data *miidata = if_mii(rq); + + phy_addr = np->phy_addr; + switch (cmd) { +- case SIOCDEVPRIVATE: ++ case SIOCGMIIPHY: ++ miidata->phy_id = phy_addr; + break; +- +- case SIOCDEVPRIVATE + 1: +- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num); ++ case SIOCGMIIREG: ++ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num); + break; +- case SIOCDEVPRIVATE + 2: +- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value); ++ case SIOCSMIIREG: ++ if (!capable(CAP_NET_ADMIN)) ++ return -EPERM; ++ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in); + break; +- case SIOCDEVPRIVATE + 3: +- break; +- case SIOCDEVPRIVATE + 4: +- break; +- case SIOCDEVPRIVATE + 5: +- netif_stop_queue (dev); +- break; +- case SIOCDEVPRIVATE + 6: +- netif_wake_queue (dev); +- break; +- case SIOCDEVPRIVATE + 7: +- printk +- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n", +- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx, +- np->old_rx); +- break; +- case SIOCDEVPRIVATE + 8: +- printk("TX ring:\n"); +- for (i = 0; i < TX_RING_SIZE; i++) { +- desc = &np->tx_ring[i]; +- printk +- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x", +- i, +- (u32) (np->tx_ring_dma + i * sizeof (*desc)), +- (u32)le64_to_cpu(desc->next_desc), +- (u32)le64_to_cpu(desc->status), +- (u32)(le64_to_cpu(desc->fraginfo) >> 32), +- (u32)le64_to_cpu(desc->fraginfo)); +- printk ("\n"); +- } +- printk ("\n"); +- break; +- + default: + return -EOPNOTSUPP; + } +diff --git a/drivers/net/dl2k.h b/drivers/net/dl2k.h +index 266ec87..b7e1172 100644 +--- a/drivers/net/dl2k.h ++++ b/drivers/net/dl2k.h +@@ -471,13 +471,6 @@ struct ioctl_data { + char *data; + }; + +-struct mii_data { +- __u16 reserved; +- __u16 reg_num; +- __u16 in_value; +- __u16 out_value; +-}; +- + /* The Rx and Tx buffer descriptors. */ + struct netdev_desc { + __le64 next_desc; diff --git a/drivers/net/e1000e/82571.c b/drivers/net/e1000e/82571.c index d1e0563..b9e129c 100644 --- a/drivers/net/e1000e/82571.c @@ -61844,7 +62184,7 @@ index 99bdfa8..3dac448 100644 /* Module parameters. */ diff --git a/drivers/video/backlight/omap1_bl.c b/drivers/video/backlight/omap1_bl.c -index cbad67e..3cf900e 100644 +index cbad67e8..3cf900e 100644 --- a/drivers/video/backlight/omap1_bl.c +++ b/drivers/video/backlight/omap1_bl.c @@ -125,7 +125,7 @@ static int omapbl_get_intensity(struct backlight_device *dev) @@ -65245,7 +65585,7 @@ index 0133b5a..3710d09 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index a64fde6..b3f1464 100644 +index a64fde6..7ce2817 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ @@ -65888,7 +66228,7 @@ index a64fde6..b3f1464 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -877,11 +1339,36 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -877,11 +1339,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -65911,8 +66251,12 @@ index a64fde6..b3f1464 100644 + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { ++ unsigned long prot = PROT_NONE; ++ + current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; -+ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); ++// if (current->personality & ADDR_NO_RANDOMIZE) ++// prot = PROT_READ; ++ start = do_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); + retval = IS_ERR_VALUE(start) ? start : 0; + } + up_write(¤t->mm->mmap_sem); @@ -65928,7 +66272,7 @@ index a64fde6..b3f1464 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1112,8 +1599,10 @@ static int dump_seek(struct file *file, loff_t off) +@@ -1112,8 +1603,10 @@ static int dump_seek(struct file *file, loff_t off) unsigned long n = off; if (n > PAGE_SIZE) n = PAGE_SIZE; @@ -65940,7 +66284,7 @@ index a64fde6..b3f1464 100644 off -= n; } free_page((unsigned long)buf); -@@ -1125,7 +1614,7 @@ static int dump_seek(struct file *file, loff_t off) +@@ -1125,7 +1618,7 @@ static int dump_seek(struct file *file, loff_t off) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -65949,7 +66293,7 @@ index a64fde6..b3f1464 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1159,7 +1648,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1159,7 +1652,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -65958,7 +66302,7 @@ index a64fde6..b3f1464 100644 goto whole; /* -@@ -1255,8 +1744,11 @@ static int writenote(struct memelfnote *men, struct file *file, +@@ -1255,8 +1748,11 @@ static int writenote(struct memelfnote *men, struct file *file, #undef DUMP_WRITE #define DUMP_WRITE(addr, nr) \ @@ -65971,7 +66315,7 @@ index a64fde6..b3f1464 100644 static void fill_elf_header(struct elfhdr *elf, int segs, u16 machine, u32 flags, u8 osabi) -@@ -1385,9 +1877,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1385,9 +1881,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -65983,7 +66327,7 @@ index a64fde6..b3f1464 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1973,7 +2465,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -1973,7 +2469,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -65992,7 +66336,7 @@ index a64fde6..b3f1464 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2006,7 +2498,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -2006,7 +2502,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un unsigned long addr; unsigned long end; @@ -66001,7 +66345,7 @@ index a64fde6..b3f1464 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2015,6 +2507,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un +@@ -2015,6 +2511,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -66009,7 +66353,7 @@ index a64fde6..b3f1464 100644 stop = ((size += PAGE_SIZE) > limit) || !dump_write(file, kaddr, PAGE_SIZE); kunmap(page); -@@ -2042,6 +2535,97 @@ out: +@@ -2042,6 +2539,97 @@ out: #endif /* USE_ELF_CORE_DUMP */ @@ -70077,7 +70421,7 @@ index 4463297..4fed53b 100644 }; diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c -index f6874ac..7cd98a8 100644 +index f6874ac..46904bd 100644 --- a/fs/hfsplus/catalog.c +++ b/fs/hfsplus/catalog.c @@ -157,6 +157,8 @@ int hfsplus_find_cat(struct super_block *sb, u32 cnid, @@ -70107,8 +70451,19 @@ index f6874ac..7cd98a8 100644 dprint(DBG_CAT_MOD, "rename_cat: %u - %lu,%s - %lu,%s\n", cnid, src_dir->i_ino, src_name->name, dst_dir->i_ino, dst_name->name); sb = src_dir->i_sb; +@@ -329,6 +335,10 @@ int hfsplus_rename_cat(u32 cnid, + err = hfs_brec_find(&src_fd); + if (err) + goto out; ++ if (src_fd.entrylength > sizeof(entry) || src_fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } + + hfs_bnode_read(src_fd.bnode, &entry, src_fd.entryoffset, + src_fd.entrylength); diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c -index 5f40236..dac3421 100644 +index 5f40236..6ec38b2 100644 --- a/fs/hfsplus/dir.c +++ b/fs/hfsplus/dir.c @@ -121,6 +121,8 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -70120,6 +70475,31 @@ index 5f40236..dac3421 100644 if (filp->f_pos >= inode->i_size) return 0; +@@ -138,6 +140,11 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) + filp->f_pos++; + /* fall through */ + case 1: ++ if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } ++ + hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, fd.entrylength); + if (be16_to_cpu(entry.type) != HFSPLUS_FOLDER_THREAD) { + printk(KERN_ERR "hfs: bad catalog folder thread\n"); +@@ -168,6 +175,12 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) + err = -EIO; + goto out; + } ++ ++ if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } ++ + hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, fd.entrylength); + type = be16_to_cpu(entry.type); + len = HFSPLUS_MAX_STRLEN; diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c index 1bcf597..905a251 100644 --- a/fs/hfsplus/inode.c @@ -87408,7 +87788,7 @@ index 37fa19b..b597c85 100644 /* * Kernel text modification mutex, used for code patching. Users of this lock diff --git a/include/linux/mm.h b/include/linux/mm.h -index 11e5be6..1ff2423 100644 +index 11e5be6..8ff8c91 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -106,7 +106,14 @@ extern unsigned int kobjsize(const void *objp); @@ -87448,7 +87828,63 @@ index 11e5be6..1ff2423 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *get_locked_pte(struct mm_struct *mm, unsigned long addr, spinlock_t **ptl); -@@ -1162,6 +1165,7 @@ out: +@@ -900,8 +903,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, + { + return 0; + } ++ ++static inline int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, ++ unsigned long address) ++{ ++ return 0; ++} + #else + int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address); ++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address); + #endif + + #ifdef __PAGETABLE_PMD_FOLDED +@@ -910,8 +920,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, + { + return 0; + } ++ ++static inline int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, ++ unsigned long address) ++{ ++ return 0; ++} + #else + int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address); ++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address); + #endif + + int __pte_alloc(struct mm_struct *mm, pmd_t *pmd, unsigned long address); +@@ -928,11 +945,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a + NULL: pud_offset(pgd, address); + } + ++static inline pud_t *pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address) ++{ ++ return (unlikely(pgd_none(*pgd)) && __pud_alloc_kernel(mm, pgd, address))? ++ NULL: pud_offset(pgd, address); ++} ++ + static inline pmd_t *pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) + { + return (unlikely(pud_none(*pud)) && __pmd_alloc(mm, pud, address))? + NULL: pmd_offset(pud, address); + } ++ ++static inline pmd_t *pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address) ++{ ++ return (unlikely(pud_none(*pud)) && __pmd_alloc_kernel(mm, pud, address))? ++ NULL: pmd_offset(pud, address); ++} + #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ + + #if USE_SPLIT_PTLOCKS +@@ -1162,6 +1191,7 @@ out: } extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -87456,7 +87892,7 @@ index 11e5be6..1ff2423 100644 extern unsigned long do_brk(unsigned long, unsigned long); -@@ -1218,6 +1222,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1218,6 +1248,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -87467,7 +87903,7 @@ index 11e5be6..1ff2423 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1234,7 +1242,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) +@@ -1234,7 +1268,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; } @@ -87475,7 +87911,7 @@ index 11e5be6..1ff2423 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1332,7 +1339,13 @@ extern void memory_failure(unsigned long pfn, int trapno); +@@ -1332,7 +1365,13 @@ extern void memory_failure(unsigned long pfn, int trapno); extern int __memory_failure(unsigned long pfn, int trapno, int ref); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; @@ -96417,7 +96853,7 @@ index 8aeba53..b4a4198 100644 /* * We need/can do nothing about count=0 pages. diff --git a/mm/memory.c b/mm/memory.c -index 6c836d3..48f3264 100644 +index 6c836d3..693224d 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -187,8 +187,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -96940,7 +97376,62 @@ index 6c836d3..48f3264 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3148,7 +3397,7 @@ static int __init gate_vma_init(void) +@@ -3086,6 +3335,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) + spin_unlock(&mm->page_table_lock); + return 0; + } ++ ++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address) ++{ ++ pud_t *new = pud_alloc_one(mm, address); ++ if (!new) ++ return -ENOMEM; ++ ++ smp_wmb(); /* See comment in __pte_alloc */ ++ ++ spin_lock(&mm->page_table_lock); ++ if (pgd_present(*pgd)) /* Another has populated it */ ++ pud_free(mm, new); ++ else ++ pgd_populate_kernel(mm, pgd, new); ++ spin_unlock(&mm->page_table_lock); ++ return 0; ++} + #endif /* __PAGETABLE_PUD_FOLDED */ + + #ifndef __PAGETABLE_PMD_FOLDED +@@ -3116,6 +3382,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) + spin_unlock(&mm->page_table_lock); + return 0; + } ++ ++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address) ++{ ++ pmd_t *new = pmd_alloc_one(mm, address); ++ if (!new) ++ return -ENOMEM; ++ ++ smp_wmb(); /* See comment in __pte_alloc */ ++ ++ spin_lock(&mm->page_table_lock); ++#ifndef __ARCH_HAS_4LEVEL_HACK ++ if (pud_present(*pud)) /* Another has populated it */ ++ pmd_free(mm, new); ++ else ++ pud_populate_kernel(mm, pud, new); ++#else ++ if (pgd_present(*pud)) /* Another has populated it */ ++ pmd_free(mm, new); ++ else ++ pgd_populate_kernel(mm, pud, new); ++#endif /* __ARCH_HAS_4LEVEL_HACK */ ++ spin_unlock(&mm->page_table_lock); ++ return 0; ++} + #endif /* __PAGETABLE_PMD_FOLDED */ + + int make_pages_present(unsigned long addr, unsigned long end) +@@ -3148,7 +3438,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -99824,6 +100315,28 @@ index 4996fc7..87e01d0 100644 return 0; } module_init(slab_proc_init); +diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c +index d9714bd..ce08e28 100644 +--- a/mm/sparse-vmemmap.c ++++ b/mm/sparse-vmemmap.c +@@ -108,7 +108,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node) + void *p = vmemmap_alloc_block(PAGE_SIZE, node); + if (!p) + return NULL; +- pud_populate(&init_mm, pud, p); ++ pud_populate_kernel(&init_mm, pud, p); + } + return pud; + } +@@ -120,7 +120,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) + void *p = vmemmap_alloc_block(PAGE_SIZE, node); + if (!p) + return NULL; +- pgd_populate(&init_mm, pgd, p); ++ pgd_populate_kernel(&init_mm, pgd, p); + } + return pgd; + } diff --git a/mm/swap.c b/mm/swap.c index 308e57d..5de19c0 100644 --- a/mm/swap.c @@ -99863,7 +100376,7 @@ index e48b493..24a601d 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index f34ffd0..90d7407 100644 +index f34ffd0..c0be440 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -99934,6 +100447,24 @@ index f34ffd0..90d7407 100644 } static int vmap_pmd_range(pud_t *pud, unsigned long addr, +@@ -120,7 +147,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr, + pmd_t *pmd; + unsigned long next; + +- pmd = pmd_alloc(&init_mm, pud, addr); ++ pmd = pmd_alloc_kernel(&init_mm, pud, addr); + if (!pmd) + return -ENOMEM; + do { +@@ -137,7 +164,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr, + pud_t *pud; + unsigned long next; + +- pud = pud_alloc(&init_mm, pgd, addr); ++ pud = pud_alloc_kernel(&init_mm, pgd, addr); + if (!pud) + return -ENOMEM; + do { @@ -192,11 +219,20 @@ int is_vmalloc_or_module_addr(const void *x) * and fall back on vmalloc() if that fails. Others * just put it in the vmalloc space. @@ -110040,10 +110571,10 @@ index 0000000..89e270d +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..255439f +index 0000000..4ec0934 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1110 @@ +@@ -0,0 +1,1150 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -110098,12 +110629,13 @@ index 0000000..255439f + +#define __unused __attribute__((__unused__)) +#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node)) ++#define NAME_LEN(node) IDENTIFIER_LENGTH(DECL_NAME(node)) +#define BEFORE_STMT true +#define AFTER_STMT false +#define CREATE_NEW_VAR NULL_TREE + +int plugin_is_GPL_compatible; -+void debug_gimple_stmt (gimple gs); ++void debug_gimple_stmt(gimple gs); + +static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); +static tree signed_size_overflow_type; @@ -110111,9 +110643,10 @@ index 0000000..255439f +static tree report_size_overflow_decl; +static tree const_char_ptr_type_node; +static unsigned int handle_function(void); ++static bool file_match = true; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120409beta", ++ .version = "20120502beta", + .help = "no-size_overflow\tturn off size overflow checking\n", +}; + @@ -110242,7 +110775,9 @@ index 0000000..255439f + return; + + hash = get_function_hash(func); -+ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file)) ++ if (hash->name && !strcmp(hash->name, NAME(func))) ++ return; ++ if (file_match && hash->file && !strcmp(hash->file, xloc.file)) + return; + + gcc_assert(TREE_CODE(arg) != COMPONENT_REF); @@ -110355,6 +110890,25 @@ index 0000000..255439f + + stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt)); + gsi = gsi_for_stmt(oldstmt); ++ if (lookup_stmt_eh_lp(oldstmt) != 0) { ++ basic_block next_bb, cur_bb; ++ edge e; ++ ++ gcc_assert(before == false); ++ gcc_assert(stmt_can_throw_internal(oldstmt)); ++ gcc_assert(gimple_code(oldstmt) == GIMPLE_CALL); ++ gcc_assert(!gsi_end_p(gsi)); ++ ++ cur_bb = gimple_bb(oldstmt); ++ next_bb = cur_bb->next_bb; ++ e = find_edge(cur_bb, next_bb); ++ gcc_assert(e != NULL); ++ gcc_assert(e->flags & EDGE_FALLTHRU); ++ ++ gsi = gsi_after_labels(next_bb); ++ gcc_assert(!gsi_end_p(gsi)); ++ before = true; ++ } + if (before) + gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); + else @@ -110485,7 +111039,7 @@ index 0000000..255439f + newstmt = gimple_build_assign(new_var, new_rhs); + break; + case GIMPLE_ASSIGN: -+ newstmt = gimple_copy(def_newstmt); ++ newstmt = gimple_build_assign(new_var, gimple_get_lhs(def_newstmt)); + break; + default: + /* unknown gimple_code (handle_build_new_phi_arg) */ @@ -110494,6 +111048,7 @@ index 0000000..255439f + + gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); + gsi_insert(&gsi, newstmt, GSI_NEW_STMT); ++ update_stmt(newstmt); + return newstmt; +} + @@ -110508,7 +111063,6 @@ index 0000000..255439f + return NULL_TREE; + + newstmt = handle_new_phi_arg(arg, new_var, new_rhs); -+ update_stmt(newstmt); + return gimple_get_lhs(newstmt); +} + @@ -110565,6 +111119,7 @@ index 0000000..255439f + return handle_unary_rhs(visited, potentionally_overflowed, var); + + case ARRAY_REF: ++ case BIT_FIELD_REF: + case ADDR_EXPR: + case COMPONENT_REF: + case COND_EXPR: @@ -110596,9 +111151,19 @@ index 0000000..255439f + +static tree create_string_param(tree string) +{ -+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); ++ tree i_type, a_type; ++ int length = TREE_STRING_LENGTH(string); + -+ return build1(ADDR_EXPR, ptr_type_node, array_ref); ++ gcc_assert(length > 0); ++ ++ i_type = build_index_type(build_int_cst(NULL_TREE, length - 1)); ++ a_type = build_array_type(char_type_node, i_type); ++ ++ TREE_TYPE(string) = a_type; ++ TREE_CONSTANT(string) = 1; ++ TREE_READONLY(string) = 1; ++ ++ return build1(ADDR_EXPR, ptr_type_node, string); +} + +static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) @@ -110619,12 +111184,10 @@ index 0000000..255439f + + loc_line = build_int_cstu(unsigned_type_node, xloc.line); + -+ loc_file = build_string(strlen(xloc.file), xloc.file); -+ TREE_TYPE(loc_file) = char_array_type_node; ++ loc_file = build_string(strlen(xloc.file) + 1, xloc.file); + loc_file = create_string_param(loc_file); + -+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); -+ TREE_TYPE(current_func) = char_array_type_node; ++ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl)); + current_func = create_string_param(current_func); + + // void report_size_overflow(const char *file, unsigned int line, const char *func) @@ -111025,9 +111588,13 @@ index 0000000..255439f + xloc = expand_location(DECL_SOURCE_LOCATION(fndecl)); + + fndecl = get_original_function_decl(fndecl); -+ if (!hash->name || !hash->file) ++ if (!hash->name) + return; -+ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file)) ++ if (file_match && !hash->file) ++ return; ++ if (strcmp(hash->name, NAME(fndecl))) ++ return; ++ if (file_match && strcmp(hash->file, xloc.file)) + return; + +#define search_param(argnum) \ @@ -111110,6 +111677,7 @@ index 0000000..255439f + NULL_TREE); + report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype); + ++ DECL_ASSEMBLER_NAME(report_size_overflow_decl); + TREE_PUBLIC(report_size_overflow_decl) = 1; + DECL_EXTERNAL(report_size_overflow_decl) = 1; + DECL_ARTIFICIAL(report_size_overflow_decl) = 1; @@ -111138,9 +111706,12 @@ index 0000000..255439f + } + + for (i = 0; i < argc; ++i) { -+ if (!(strcmp(argv[i].key, "no-size_overflow"))) { ++ if (!strcmp(argv[i].key, "no-size-overflow")) { + enable = false; + continue; ++ } else if (!(strcmp(argv[i].key, "no-file-match"))) { ++ file_match = false; ++ continue; + } + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } diff --git a/3.2.16/0000_README b/3.2.16/0000_README index 7ae16d8..b39a326 100644 --- a/3.2.16/0000_README +++ b/3.2.16/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.2.16-201204272005.patch +Patch: 4420_grsecurity-2.9-3.2.16-201205071838.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch b/3.2.16/4420_grsecurity-2.9-3.2.16-201205071838.patch index c60e3c1..390b567 100644 --- a/3.2.16/4420_grsecurity-2.9-3.2.16-201204272005.patch +++ b/3.2.16/4420_grsecurity-2.9-3.2.16-201205071838.patch @@ -456,6 +456,23 @@ index da5449e..7418343 100644 /* $0 is set by ld.so to a pointer to a function which might be registered using atexit. This provides a mean for the dynamic linker to call DT_FINI functions for shared libraries that have +diff --git a/arch/alpha/include/asm/pgalloc.h b/arch/alpha/include/asm/pgalloc.h +index bc2a0da..8ad11ee 100644 +--- a/arch/alpha/include/asm/pgalloc.h ++++ b/arch/alpha/include/asm/pgalloc.h +@@ -29,6 +29,12 @@ pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + pgd_set(pgd, pmd); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + extern pgd_t *pgd_alloc(struct mm_struct *mm); + + static inline void diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h index de98a73..bd4f1f8 100644 --- a/arch/alpha/include/asm/pgtable.h @@ -1389,6 +1406,18 @@ index ca94653..6ac0d56 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; +diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h +index 3e08fd3..3f14f89 100644 +--- a/arch/arm/include/asm/pgalloc.h ++++ b/arch/arm/include/asm/pgalloc.h +@@ -31,6 +31,7 @@ + #define pmd_alloc_one(mm,addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, pmd) do { } while (0) + #define pgd_populate(mm,pmd,pte) BUG() ++#define pgd_populate_kernel(mm,pmd,pte) BUG() + + extern pgd_t *pgd_alloc(struct mm_struct *mm); + extern void pgd_free(struct mm_struct *mm, pgd_t *pgd); diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index 984014b..a6d914f 100644 --- a/arch/arm/include/asm/system.h @@ -2233,6 +2262,36 @@ index b5298eb..67c6e62 100644 #define PT_IA_64_UNWIND 0x70000001 /* IA-64 relocations: */ +diff --git a/arch/ia64/include/asm/pgalloc.h b/arch/ia64/include/asm/pgalloc.h +index 96a8d92..617a1cf 100644 +--- a/arch/ia64/include/asm/pgalloc.h ++++ b/arch/ia64/include/asm/pgalloc.h +@@ -39,6 +39,12 @@ pgd_populate(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) + pgd_val(*pgd_entry) = __pa(pud); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) ++{ ++ pgd_populate(mm, pgd_entry, pud); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); +@@ -57,6 +63,12 @@ pud_populate(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) + pud_val(*pud_entry) = __pa(pmd); + } + ++static inline void ++pud_populate_kernel(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) ++{ ++ pud_populate(mm, pud_entry, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); diff --git a/arch/ia64/include/asm/pgtable.h b/arch/ia64/include/asm/pgtable.h index 1a97af3..7529d31 100644 --- a/arch/ia64/include/asm/pgtable.h @@ -2692,6 +2751,22 @@ index e59cd1a..8e329d6 100644 #else typedef struct { unsigned long long pte; } pte_t; #define pte_val(x) ((x).pte) +diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h +index 881d18b..cea38bc 100644 +--- a/arch/mips/include/asm/pgalloc.h ++++ b/arch/mips/include/asm/pgalloc.h +@@ -37,6 +37,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + set_pud(pud, __pud((unsigned long)pmd)); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} + #endif + + /* diff --git a/arch/mips/include/asm/system.h b/arch/mips/include/asm/system.h index 6018c80..7c37203 100644 --- a/arch/mips/include/asm/system.h @@ -2999,6 +3074,30 @@ index 19f6cb1..6c78cf2 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, but it's not easy, and we've already done it here. */ +diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h +index fc987a1..6e068ef 100644 +--- a/arch/parisc/include/asm/pgalloc.h ++++ b/arch/parisc/include/asm/pgalloc.h +@@ -61,6 +61,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + (__u32)(__pa((unsigned long)pmd) >> PxD_VALUE_SHIFT)); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) + { + pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL|__GFP_REPEAT, +@@ -93,6 +98,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd) + #define pmd_alloc_one(mm, addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, x) do { } while (0) + #define pgd_populate(mm, pmd, pte) BUG() ++#define pgd_populate_kernel(mm, pmd, pte) BUG() + + #endif + diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h index 22dadeb..f6c2be4 100644 --- a/arch/parisc/include/asm/pgtable.h @@ -3497,6 +3596,38 @@ index fb40ede..d3ce956 100644 #include <asm-generic/getorder.h> +diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h +index 292725c..f87ae14 100644 +--- a/arch/powerpc/include/asm/pgalloc-64.h ++++ b/arch/powerpc/include/asm/pgalloc-64.h +@@ -50,6 +50,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + #ifndef CONFIG_PPC_64K_PAGES + + #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, PUD) ++#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD)) + + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { +@@ -67,6 +68,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + pud_set(pud, (unsigned long)pmd); + } + ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} ++ + #define pmd_populate(mm, pmd, pte_page) \ + pmd_populate_kernel(mm, pmd, page_address(pte_page)) + #define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte)) +@@ -76,6 +82,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + #else /* CONFIG_PPC_64K_PAGES */ + + #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, + pte_t *pte) diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h index 88b0bd9..e32bc67 100644 --- a/arch/powerpc/include/asm/pgtable.h @@ -4955,6 +5086,30 @@ index 156707b..aefa786 100644 #define PAGE_SHIFT 12 #ifndef __ASSEMBLY__ +diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h +index ca2b344..c6084f89 100644 +--- a/arch/sparc/include/asm/pgalloc_32.h ++++ b/arch/sparc/include/asm/pgalloc_32.h +@@ -37,6 +37,7 @@ BTFIXUPDEF_CALL(void, free_pgd_fast, pgd_t *) + BTFIXUPDEF_CALL(void, pgd_set, pgd_t *, pmd_t *) + #define pgd_set(pgdp,pmdp) BTFIXUP_CALL(pgd_set)(pgdp,pmdp) + #define pgd_populate(MM, PGD, PMD) pgd_set(PGD, PMD) ++#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD)) + + BTFIXUPDEF_CALL(pmd_t *, pmd_alloc_one, struct mm_struct *, unsigned long) + #define pmd_alloc_one(mm, address) BTFIXUP_CALL(pmd_alloc_one)(mm, address) +diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h +index 40b2d7a..22a665b 100644 +--- a/arch/sparc/include/asm/pgalloc_64.h ++++ b/arch/sparc/include/asm/pgalloc_64.h +@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + } + + #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD) ++#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD)) + + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h index a790cc6..091ed94 100644 --- a/arch/sparc/include/asm/pgtable_32.h @@ -7030,6 +7185,18 @@ index 7cfc3ce..cbd1a58 100644 #ifndef __ASSEMBLY__ struct page; +diff --git a/arch/um/include/asm/pgtable-3level.h b/arch/um/include/asm/pgtable-3level.h +index 0032f92..cd151e0 100644 +--- a/arch/um/include/asm/pgtable-3level.h ++++ b/arch/um/include/asm/pgtable-3level.h +@@ -58,6 +58,7 @@ + #define pud_present(x) (pud_val(x) & _PAGE_PRESENT) + #define pud_populate(mm, pud, pmd) \ + set_pud(pud, __pud(_PAGE_TABLE + __pa(pmd))) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + #ifdef CONFIG_64BIT + #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c index c533835..84db18e 100644 --- a/arch/um/kernel/process.c @@ -10821,7 +10988,7 @@ index 8e8b9a4..f07d725 100644 /* This contains all the paravirt structures: we get a convenient * number for each function using the offset which we use to indicate diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h -index b4389a4..b7ff22c 100644 +index b4389a4..7024269 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(struct mm_struct *mm, @@ -10838,6 +11005,42 @@ index b4389a4..b7ff22c 100644 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE)); } +@@ -99,12 +106,22 @@ static inline void __pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd, + + #ifdef CONFIG_X86_PAE + extern void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd); ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) ++{ ++ pud_populate(mm, pudp, pmd); ++} + #else /* !CONFIG_X86_PAE */ + static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); + set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd))); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); ++ set_pud(pud, __pud(_KERNPG_TABLE | __pa(pmd))); ++} + #endif /* CONFIG_X86_PAE */ + + #if PAGETABLE_LEVELS > 3 +@@ -114,6 +131,12 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) + set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(pud))); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) ++{ ++ paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT); ++ set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(pud))); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return (pud_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT); diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h index 98391db..8f6984e 100644 --- a/arch/x86/include/asm/pgtable-2level.h @@ -11135,7 +11338,7 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index 975f709..107976d 100644 +index 975f709..9f779c9 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -16,10 +16,14 @@ @@ -11165,7 +11368,17 @@ index 975f709..107976d 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -107,6 +113,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -97,7 +103,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) + + static inline void native_set_pud(pud_t *pudp, pud_t pud) + { ++ pax_open_kernel(); + *pudp = pud; ++ pax_close_kernel(); + } + + static inline void native_pud_clear(pud_t *pud) +@@ -107,6 +115,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -24798,7 +25011,7 @@ index 29f7c6d..b46b35b 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index bbaaa00..796fa65 100644 +index bbaaa00..0ad4539 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -24852,6 +25065,24 @@ index bbaaa00..796fa65 100644 } spin_unlock(&pgd_lock); } +@@ -162,7 +176,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) + { + if (pgd_none(*pgd)) { + pud_t *pud = (pud_t *)spp_getpage(); +- pgd_populate(&init_mm, pgd, pud); ++ pgd_populate_kernel(&init_mm, pgd, pud); + if (pud != pud_offset(pgd, 0)) + printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", + pud, pud_offset(pgd, 0)); +@@ -174,7 +188,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) + { + if (pud_none(*pud)) { + pmd_t *pmd = (pmd_t *) spp_getpage(); +- pud_populate(&init_mm, pud, pmd); ++ pud_populate_kernel(&init_mm, pud, pmd); + if (pmd != pmd_offset(pud, 0)) + printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", + pmd, pmd_offset(pud, 0)); @@ -203,7 +217,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) pmd = fill_pmd(pud, vaddr); pte = fill_pte(pmd, vaddr); @@ -24897,6 +25128,15 @@ index bbaaa00..796fa65 100644 adr = (void *)(((unsigned long)adr) | left); return adr; +@@ -592,7 +606,7 @@ kernel_physical_mapping_init(unsigned long start, + unmap_low_page(pud); + + spin_lock(&init_mm.page_table_lock); +- pgd_populate(&init_mm, pgd, __va(pud_phys)); ++ pgd_populate_kernel(&init_mm, pgd, __va(pud_phys)); + spin_unlock(&init_mm.page_table_lock); + pgd_changed = true; + } @@ -693,6 +707,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -26833,6 +27073,19 @@ index 041d4fe..7666b7e 100644 #endif xen_setup_runstate_info(cpu); xen_setup_timer(cpu); +diff --git a/arch/x86/xen/xen-asm.S b/arch/x86/xen/xen-asm.S +index 79d7362..3e45aa0 100644 +--- a/arch/x86/xen/xen-asm.S ++++ b/arch/x86/xen/xen-asm.S +@@ -96,7 +96,7 @@ ENTRY(xen_restore_fl_direct) + + /* check for unmasked and pending */ + cmpw $0x0001, PER_CPU_VAR(xen_vcpu_info) + XEN_vcpu_info_pending +- jz 1f ++ jnz 1f + 2: call check_events + 1: + ENDPATCH(xen_restore_fl_direct) diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S index b040b0e..8cc4fe0 100644 --- a/arch/x86/xen/xen-asm_32.S @@ -34817,6 +35070,93 @@ index 4d01219..b58d26d 100644 { /* Sometime a Level-One switch card. */ "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, { "Winbond W89c840", CanHaveMII | HasBrokenTx}, +diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c +index b2dc2c8..2e09edb 100644 +--- a/drivers/net/ethernet/dlink/dl2k.c ++++ b/drivers/net/ethernet/dlink/dl2k.c +@@ -1259,55 +1259,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd) + { + int phy_addr; + struct netdev_private *np = netdev_priv(dev); +- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru; +- +- struct netdev_desc *desc; +- int i; ++ struct mii_ioctl_data *miidata = if_mii(rq); + + phy_addr = np->phy_addr; + switch (cmd) { +- case SIOCDEVPRIVATE: ++ case SIOCGMIIPHY: ++ miidata->phy_id = phy_addr; + break; +- +- case SIOCDEVPRIVATE + 1: +- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num); ++ case SIOCGMIIREG: ++ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num); + break; +- case SIOCDEVPRIVATE + 2: +- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value); ++ case SIOCSMIIREG: ++ if (!capable(CAP_NET_ADMIN)) ++ return -EPERM; ++ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in); + break; +- case SIOCDEVPRIVATE + 3: +- break; +- case SIOCDEVPRIVATE + 4: +- break; +- case SIOCDEVPRIVATE + 5: +- netif_stop_queue (dev); +- break; +- case SIOCDEVPRIVATE + 6: +- netif_wake_queue (dev); +- break; +- case SIOCDEVPRIVATE + 7: +- printk +- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n", +- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx, +- np->old_rx); +- break; +- case SIOCDEVPRIVATE + 8: +- printk("TX ring:\n"); +- for (i = 0; i < TX_RING_SIZE; i++) { +- desc = &np->tx_ring[i]; +- printk +- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x", +- i, +- (u32) (np->tx_ring_dma + i * sizeof (*desc)), +- (u32)le64_to_cpu(desc->next_desc), +- (u32)le64_to_cpu(desc->status), +- (u32)(le64_to_cpu(desc->fraginfo) >> 32), +- (u32)le64_to_cpu(desc->fraginfo)); +- printk ("\n"); +- } +- printk ("\n"); +- break; +- + default: + return -EOPNOTSUPP; + } +diff --git a/drivers/net/ethernet/dlink/dl2k.h b/drivers/net/ethernet/dlink/dl2k.h +index ba0adca..30c2da3 100644 +--- a/drivers/net/ethernet/dlink/dl2k.h ++++ b/drivers/net/ethernet/dlink/dl2k.h +@@ -365,13 +365,6 @@ struct ioctl_data { + char *data; + }; + +-struct mii_data { +- __u16 reserved; +- __u16 reg_num; +- __u16 in_value; +- __u16 out_value; +-}; +- + /* The Rx and Tx buffer descriptors. */ + struct netdev_desc { + __le64 next_desc; diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c index dcd7f7a..ecb7fb3 100644 --- a/drivers/net/ethernet/dlink/sundance.c @@ -42274,7 +42614,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 6ff96c6..1d827f3 100644 +index 6ff96c6..82ac12c 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42908,7 +43248,7 @@ index 6ff96c6..1d827f3 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,11 +1339,36 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,11 +1339,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42931,8 +43271,12 @@ index 6ff96c6..1d827f3 100644 + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { ++ unsigned long prot = PROT_NONE; ++ + current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; -+ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); ++// if (current->personality & ADDR_NO_RANDOMIZE) ++// prot = PROT_READ; ++ start = do_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); + retval = IS_ERR_VALUE(start) ? start : 0; + } + up_write(¤t->mm->mmap_sem); @@ -42948,7 +43292,7 @@ index 6ff96c6..1d827f3 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1098,7 +1581,7 @@ out: +@@ -1098,7 +1585,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42957,7 +43301,7 @@ index 6ff96c6..1d827f3 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1615,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1619,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42966,7 +43310,7 @@ index 6ff96c6..1d827f3 100644 goto whole; /* -@@ -1354,9 +1837,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1841,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42978,7 +43322,7 @@ index 6ff96c6..1d827f3 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2345,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2349,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42995,7 +43339,7 @@ index 6ff96c6..1d827f3 100644 return size; } -@@ -1963,7 +2446,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2450,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -43004,7 +43348,7 @@ index 6ff96c6..1d827f3 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2460,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2464,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -43017,7 +43361,7 @@ index 6ff96c6..1d827f3 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2479,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2483,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -43026,7 +43370,7 @@ index 6ff96c6..1d827f3 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2490,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2494,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -43034,7 +43378,7 @@ index 6ff96c6..1d827f3 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2515,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2519,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -43043,7 +43387,7 @@ index 6ff96c6..1d827f3 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2528,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -43051,7 +43395,7 @@ index 6ff96c6..1d827f3 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2542,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2546,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -43059,7 +43403,7 @@ index 6ff96c6..1d827f3 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2563,97 @@ out: +@@ -2075,6 +2567,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -46799,6 +47143,50 @@ index cfd4959..a780959 100644 if (!IS_ERR(s)) kfree(s); } +diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c +index 4dfbfec..ec2a9c2 100644 +--- a/fs/hfsplus/catalog.c ++++ b/fs/hfsplus/catalog.c +@@ -366,6 +366,10 @@ int hfsplus_rename_cat(u32 cnid, + err = hfs_brec_find(&src_fd); + if (err) + goto out; ++ if (src_fd.entrylength > sizeof(entry) || src_fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } + + hfs_bnode_read(src_fd.bnode, &entry, src_fd.entryoffset, + src_fd.entrylength); +diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c +index 4536cd3..5adb740 100644 +--- a/fs/hfsplus/dir.c ++++ b/fs/hfsplus/dir.c +@@ -150,6 +150,11 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) + filp->f_pos++; + /* fall through */ + case 1: ++ if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } ++ + hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, + fd.entrylength); + if (be16_to_cpu(entry.type) != HFSPLUS_FOLDER_THREAD) { +@@ -181,6 +186,12 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) + err = -EIO; + goto out; + } ++ ++ if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } ++ + hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, + fd.entrylength); + type = be16_to_cpu(entry.type); diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 2d0ca24..c4b8676511 100644 --- a/fs/hugetlbfs/inode.c @@ -62660,7 +63048,7 @@ index 9970337..9444122 100644 int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops); void abx500_remove_ops(struct device *dev); diff --git a/include/linux/mm.h b/include/linux/mm.h -index 4baadd1..2e0b45e 100644 +index 4baadd1..293e034 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); @@ -62729,7 +63117,63 @@ index 4baadd1..2e0b45e 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1419,6 +1407,7 @@ out: +@@ -1152,8 +1140,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, + { + return 0; + } ++ ++static inline int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, ++ unsigned long address) ++{ ++ return 0; ++} + #else + int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address); ++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address); + #endif + + #ifdef __PAGETABLE_PMD_FOLDED +@@ -1162,8 +1157,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, + { + return 0; + } ++ ++static inline int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, ++ unsigned long address) ++{ ++ return 0; ++} + #else + int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address); ++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address); + #endif + + int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1181,11 +1183,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a + NULL: pud_offset(pgd, address); + } + ++static inline pud_t *pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address) ++{ ++ return (unlikely(pgd_none(*pgd)) && __pud_alloc_kernel(mm, pgd, address))? ++ NULL: pud_offset(pgd, address); ++} ++ + static inline pmd_t *pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) + { + return (unlikely(pud_none(*pud)) && __pmd_alloc(mm, pud, address))? + NULL: pmd_offset(pud, address); + } ++ ++static inline pmd_t *pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address) ++{ ++ return (unlikely(pud_none(*pud)) && __pmd_alloc_kernel(mm, pud, address))? ++ NULL: pmd_offset(pud, address); ++} + #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ + + #if USE_SPLIT_PTLOCKS +@@ -1419,6 +1433,7 @@ out: } extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -62737,7 +63181,7 @@ index 4baadd1..2e0b45e 100644 extern unsigned long do_brk(unsigned long, unsigned long); -@@ -1476,6 +1465,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1476,6 +1491,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -62748,7 +63192,7 @@ index 4baadd1..2e0b45e 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1492,15 +1485,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) +@@ -1492,15 +1511,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; } @@ -62764,7 +63208,7 @@ index 4baadd1..2e0b45e 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1614,7 +1598,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1614,7 +1624,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -62773,7 +63217,7 @@ index 4baadd1..2e0b45e 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1628,5 +1612,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, +@@ -1628,5 +1638,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, unsigned int pages_per_huge_page); #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ @@ -71056,7 +71500,7 @@ index 06d3479..0778eef 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 1b1ca17..914af04 100644 +index 1b1ca17..d49bd61 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -71613,7 +72057,62 @@ index 1b1ca17..914af04 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3599,7 +3837,7 @@ static int __init gate_vma_init(void) +@@ -3532,6 +3770,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) + spin_unlock(&mm->page_table_lock); + return 0; + } ++ ++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address) ++{ ++ pud_t *new = pud_alloc_one(mm, address); ++ if (!new) ++ return -ENOMEM; ++ ++ smp_wmb(); /* See comment in __pte_alloc */ ++ ++ spin_lock(&mm->page_table_lock); ++ if (pgd_present(*pgd)) /* Another has populated it */ ++ pud_free(mm, new); ++ else ++ pgd_populate_kernel(mm, pgd, new); ++ spin_unlock(&mm->page_table_lock); ++ return 0; ++} + #endif /* __PAGETABLE_PUD_FOLDED */ + + #ifndef __PAGETABLE_PMD_FOLDED +@@ -3562,6 +3817,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) + spin_unlock(&mm->page_table_lock); + return 0; + } ++ ++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address) ++{ ++ pmd_t *new = pmd_alloc_one(mm, address); ++ if (!new) ++ return -ENOMEM; ++ ++ smp_wmb(); /* See comment in __pte_alloc */ ++ ++ spin_lock(&mm->page_table_lock); ++#ifndef __ARCH_HAS_4LEVEL_HACK ++ if (pud_present(*pud)) /* Another has populated it */ ++ pmd_free(mm, new); ++ else ++ pud_populate_kernel(mm, pud, new); ++#else ++ if (pgd_present(*pud)) /* Another has populated it */ ++ pmd_free(mm, new); ++ else ++ pgd_populate_kernel(mm, pud, new); ++#endif /* __ARCH_HAS_4LEVEL_HACK */ ++ spin_unlock(&mm->page_table_lock); ++ return 0; ++} + #endif /* __PAGETABLE_PMD_FOLDED */ + + int make_pages_present(unsigned long addr, unsigned long end) +@@ -3599,7 +3878,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -74578,6 +75077,28 @@ index a99c785..3010083 100644 static int __init slab_sysfs_init(void) { +diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c +index 1b7e22a..3fcd4f3 100644 +--- a/mm/sparse-vmemmap.c ++++ b/mm/sparse-vmemmap.c +@@ -128,7 +128,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node) + void *p = vmemmap_alloc_block(PAGE_SIZE, node); + if (!p) + return NULL; +- pud_populate(&init_mm, pud, p); ++ pud_populate_kernel(&init_mm, pud, p); + } + return pud; + } +@@ -140,7 +140,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) + void *p = vmemmap_alloc_block(PAGE_SIZE, node); + if (!p) + return NULL; +- pgd_populate(&init_mm, pgd, p); ++ pgd_populate_kernel(&init_mm, pgd, p); + } + return pgd; + } diff --git a/mm/swap.c b/mm/swap.c index 55b266d..a532537 100644 --- a/mm/swap.c @@ -74668,7 +75189,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 27be2f0..633e5cc 100644 +index 27be2f0..8535fe1 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -74737,6 +75258,24 @@ index 27be2f0..633e5cc 100644 } static int vmap_pmd_range(pud_t *pud, unsigned long addr, +@@ -119,7 +144,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr, + pmd_t *pmd; + unsigned long next; + +- pmd = pmd_alloc(&init_mm, pud, addr); ++ pmd = pmd_alloc_kernel(&init_mm, pud, addr); + if (!pmd) + return -ENOMEM; + do { +@@ -136,7 +161,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr, + pud_t *pud; + unsigned long next; + +- pud = pud_alloc(&init_mm, pgd, addr); ++ pud = pud_alloc_kernel(&init_mm, pgd, addr); + if (!pud) + return -ENOMEM; + do { @@ -191,11 +216,20 @@ int is_vmalloc_or_module_addr(const void *x) * and fall back on vmalloc() if that fails. Others * just put it in the vmalloc space. @@ -85066,10 +85605,10 @@ index 0000000..0450c62 +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..255439f +index 0000000..4ec0934 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1110 @@ +@@ -0,0 +1,1150 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -85124,12 +85663,13 @@ index 0000000..255439f + +#define __unused __attribute__((__unused__)) +#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node)) ++#define NAME_LEN(node) IDENTIFIER_LENGTH(DECL_NAME(node)) +#define BEFORE_STMT true +#define AFTER_STMT false +#define CREATE_NEW_VAR NULL_TREE + +int plugin_is_GPL_compatible; -+void debug_gimple_stmt (gimple gs); ++void debug_gimple_stmt(gimple gs); + +static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); +static tree signed_size_overflow_type; @@ -85137,9 +85677,10 @@ index 0000000..255439f +static tree report_size_overflow_decl; +static tree const_char_ptr_type_node; +static unsigned int handle_function(void); ++static bool file_match = true; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120409beta", ++ .version = "20120502beta", + .help = "no-size_overflow\tturn off size overflow checking\n", +}; + @@ -85268,7 +85809,9 @@ index 0000000..255439f + return; + + hash = get_function_hash(func); -+ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file)) ++ if (hash->name && !strcmp(hash->name, NAME(func))) ++ return; ++ if (file_match && hash->file && !strcmp(hash->file, xloc.file)) + return; + + gcc_assert(TREE_CODE(arg) != COMPONENT_REF); @@ -85381,6 +85924,25 @@ index 0000000..255439f + + stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt)); + gsi = gsi_for_stmt(oldstmt); ++ if (lookup_stmt_eh_lp(oldstmt) != 0) { ++ basic_block next_bb, cur_bb; ++ edge e; ++ ++ gcc_assert(before == false); ++ gcc_assert(stmt_can_throw_internal(oldstmt)); ++ gcc_assert(gimple_code(oldstmt) == GIMPLE_CALL); ++ gcc_assert(!gsi_end_p(gsi)); ++ ++ cur_bb = gimple_bb(oldstmt); ++ next_bb = cur_bb->next_bb; ++ e = find_edge(cur_bb, next_bb); ++ gcc_assert(e != NULL); ++ gcc_assert(e->flags & EDGE_FALLTHRU); ++ ++ gsi = gsi_after_labels(next_bb); ++ gcc_assert(!gsi_end_p(gsi)); ++ before = true; ++ } + if (before) + gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); + else @@ -85511,7 +86073,7 @@ index 0000000..255439f + newstmt = gimple_build_assign(new_var, new_rhs); + break; + case GIMPLE_ASSIGN: -+ newstmt = gimple_copy(def_newstmt); ++ newstmt = gimple_build_assign(new_var, gimple_get_lhs(def_newstmt)); + break; + default: + /* unknown gimple_code (handle_build_new_phi_arg) */ @@ -85520,6 +86082,7 @@ index 0000000..255439f + + gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); + gsi_insert(&gsi, newstmt, GSI_NEW_STMT); ++ update_stmt(newstmt); + return newstmt; +} + @@ -85534,7 +86097,6 @@ index 0000000..255439f + return NULL_TREE; + + newstmt = handle_new_phi_arg(arg, new_var, new_rhs); -+ update_stmt(newstmt); + return gimple_get_lhs(newstmt); +} + @@ -85591,6 +86153,7 @@ index 0000000..255439f + return handle_unary_rhs(visited, potentionally_overflowed, var); + + case ARRAY_REF: ++ case BIT_FIELD_REF: + case ADDR_EXPR: + case COMPONENT_REF: + case COND_EXPR: @@ -85622,9 +86185,19 @@ index 0000000..255439f + +static tree create_string_param(tree string) +{ -+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); ++ tree i_type, a_type; ++ int length = TREE_STRING_LENGTH(string); + -+ return build1(ADDR_EXPR, ptr_type_node, array_ref); ++ gcc_assert(length > 0); ++ ++ i_type = build_index_type(build_int_cst(NULL_TREE, length - 1)); ++ a_type = build_array_type(char_type_node, i_type); ++ ++ TREE_TYPE(string) = a_type; ++ TREE_CONSTANT(string) = 1; ++ TREE_READONLY(string) = 1; ++ ++ return build1(ADDR_EXPR, ptr_type_node, string); +} + +static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) @@ -85645,12 +86218,10 @@ index 0000000..255439f + + loc_line = build_int_cstu(unsigned_type_node, xloc.line); + -+ loc_file = build_string(strlen(xloc.file), xloc.file); -+ TREE_TYPE(loc_file) = char_array_type_node; ++ loc_file = build_string(strlen(xloc.file) + 1, xloc.file); + loc_file = create_string_param(loc_file); + -+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); -+ TREE_TYPE(current_func) = char_array_type_node; ++ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl)); + current_func = create_string_param(current_func); + + // void report_size_overflow(const char *file, unsigned int line, const char *func) @@ -86051,9 +86622,13 @@ index 0000000..255439f + xloc = expand_location(DECL_SOURCE_LOCATION(fndecl)); + + fndecl = get_original_function_decl(fndecl); -+ if (!hash->name || !hash->file) ++ if (!hash->name) + return; -+ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file)) ++ if (file_match && !hash->file) ++ return; ++ if (strcmp(hash->name, NAME(fndecl))) ++ return; ++ if (file_match && strcmp(hash->file, xloc.file)) + return; + +#define search_param(argnum) \ @@ -86136,6 +86711,7 @@ index 0000000..255439f + NULL_TREE); + report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype); + ++ DECL_ASSEMBLER_NAME(report_size_overflow_decl); + TREE_PUBLIC(report_size_overflow_decl) = 1; + DECL_EXTERNAL(report_size_overflow_decl) = 1; + DECL_ARTIFICIAL(report_size_overflow_decl) = 1; @@ -86164,9 +86740,12 @@ index 0000000..255439f + } + + for (i = 0; i < argc; ++i) { -+ if (!(strcmp(argv[i].key, "no-size_overflow"))) { ++ if (!strcmp(argv[i].key, "no-size-overflow")) { + enable = false; + continue; ++ } else if (!(strcmp(argv[i].key, "no-file-match"))) { ++ file_match = false; ++ continue; + } + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } diff --git a/3.3.4/0000_README b/3.3.5/0000_README index e35a073..9dc6525 100644 --- a/3.3.4/0000_README +++ b/3.3.5/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9-3.3.4-201204272006.patch +Patch: 1004_linux-3.3.5.patch +From: http://www.kernel.org +Desc: Linux 3.3.5 + +Patch: 4420_grsecurity-2.9-3.3.5-201205071839.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.3.5/1004_linux-3.3.5.patch b/3.3.5/1004_linux-3.3.5.patch new file mode 100644 index 0000000..a1fa635 --- /dev/null +++ b/3.3.5/1004_linux-3.3.5.patch @@ -0,0 +1,3285 @@ +diff --git a/Makefile b/Makefile +index 44ef766..64615e9 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 3 +-SUBLEVEL = 4 ++SUBLEVEL = 5 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index dfb0312..dedb885 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1163,6 +1163,15 @@ if !MMU + source "arch/arm/Kconfig-nommu" + endif + ++config ARM_ERRATA_326103 ++ bool "ARM errata: FSR write bit incorrect on a SWP to read-only memory" ++ depends on CPU_V6 ++ help ++ Executing a SWP instruction to read-only memory does not set bit 11 ++ of the FSR on the ARM 1136 prior to r1p0. This causes the kernel to ++ treat the access as a read, preventing a COW from occurring and ++ causing the faulting task to livelock. ++ + config ARM_ERRATA_411920 + bool "ARM errata: Invalidation of the Instruction Cache operation can fail" + depends on CPU_V6 || CPU_V6K +diff --git a/arch/arm/include/asm/tls.h b/arch/arm/include/asm/tls.h +index 60843eb..73409e6 100644 +--- a/arch/arm/include/asm/tls.h ++++ b/arch/arm/include/asm/tls.h +@@ -7,6 +7,8 @@ + + .macro set_tls_v6k, tp, tmp1, tmp2 + mcr p15, 0, \tp, c13, c0, 3 @ set TLS register ++ mov \tmp1, #0 ++ mcr p15, 0, \tmp1, c13, c0, 2 @ clear user r/w TLS register + .endm + + .macro set_tls_v6, tp, tmp1, tmp2 +@@ -15,6 +17,8 @@ + mov \tmp2, #0xffff0fff + tst \tmp1, #HWCAP_TLS @ hardware TLS available? + mcrne p15, 0, \tp, c13, c0, 3 @ yes, set TLS register ++ movne \tmp1, #0 ++ mcrne p15, 0, \tmp1, c13, c0, 2 @ clear user r/w TLS register + streq \tp, [\tmp2, #-15] @ set TLS value at 0xffff0ff0 + .endm + +diff --git a/arch/arm/kernel/irq.c b/arch/arm/kernel/irq.c +index 3efd82c..87c8be5 100644 +--- a/arch/arm/kernel/irq.c ++++ b/arch/arm/kernel/irq.c +@@ -156,10 +156,10 @@ static bool migrate_one_irq(struct irq_desc *desc) + } + + c = irq_data_get_irq_chip(d); +- if (c->irq_set_affinity) +- c->irq_set_affinity(d, affinity, true); +- else ++ if (!c->irq_set_affinity) + pr_debug("IRQ%u: unable to set affinity\n", d->irq); ++ else if (c->irq_set_affinity(d, affinity, true) == IRQ_SET_MASK_OK && ret) ++ cpumask_copy(d->affinity, affinity); + + return ret; + } +diff --git a/arch/arm/mm/abort-ev6.S b/arch/arm/mm/abort-ev6.S +index ff1f7cc..8074199 100644 +--- a/arch/arm/mm/abort-ev6.S ++++ b/arch/arm/mm/abort-ev6.S +@@ -26,18 +26,23 @@ ENTRY(v6_early_abort) + mrc p15, 0, r1, c5, c0, 0 @ get FSR + mrc p15, 0, r0, c6, c0, 0 @ get FAR + /* +- * Faulty SWP instruction on 1136 doesn't set bit 11 in DFSR (erratum 326103). +- * The test below covers all the write situations, including Java bytecodes ++ * Faulty SWP instruction on 1136 doesn't set bit 11 in DFSR. + */ +- bic r1, r1, #1 << 11 @ clear bit 11 of FSR ++#ifdef CONFIG_ARM_ERRATA_326103 ++ ldr ip, =0x4107b36 ++ mrc p15, 0, r3, c0, c0, 0 @ get processor id ++ teq ip, r3, lsr #4 @ r0 ARM1136? ++ bne do_DataAbort + tst r5, #PSR_J_BIT @ Java? ++ tsteq r5, #PSR_T_BIT @ Thumb? + bne do_DataAbort +- do_thumb_abort fsr=r1, pc=r4, psr=r5, tmp=r3 +- ldreq r3, [r4] @ read aborted ARM instruction ++ bic r1, r1, #1 << 11 @ clear bit 11 of FSR ++ ldr r3, [r4] @ read aborted ARM instruction + #ifdef CONFIG_CPU_ENDIAN_BE8 +- reveq r3, r3 ++ rev r3, r3 + #endif + do_ldrd_abort tmp=ip, insn=r3 + tst r3, #1 << 20 @ L = 0 -> write + orreq r1, r1, #1 << 11 @ yes. ++#endif + b do_DataAbort +diff --git a/arch/mips/ath79/dev-wmac.c b/arch/mips/ath79/dev-wmac.c +index e215070..9c717bf 100644 +--- a/arch/mips/ath79/dev-wmac.c ++++ b/arch/mips/ath79/dev-wmac.c +@@ -58,8 +58,8 @@ static void __init ar913x_wmac_setup(void) + + static int ar933x_wmac_reset(void) + { +- ath79_device_reset_clear(AR933X_RESET_WMAC); + ath79_device_reset_set(AR933X_RESET_WMAC); ++ ath79_device_reset_clear(AR933X_RESET_WMAC); + + return 0; + } +diff --git a/arch/powerpc/platforms/85xx/common.c b/arch/powerpc/platforms/85xx/common.c +index 9fef530..67dac22 100644 +--- a/arch/powerpc/platforms/85xx/common.c ++++ b/arch/powerpc/platforms/85xx/common.c +@@ -21,6 +21,12 @@ static struct of_device_id __initdata mpc85xx_common_ids[] = { + { .compatible = "fsl,qe", }, + { .compatible = "fsl,cpm2", }, + { .compatible = "fsl,srio", }, ++ /* So that the DMA channel nodes can be probed individually: */ ++ { .compatible = "fsl,eloplus-dma", }, ++ /* For the PMC driver */ ++ { .compatible = "fsl,mpc8548-guts", }, ++ /* Probably unnecessary? */ ++ { .compatible = "gpio-leds", }, + {}, + }; + +diff --git a/arch/powerpc/platforms/85xx/mpc85xx_mds.c b/arch/powerpc/platforms/85xx/mpc85xx_mds.c +index 1d15a0c..b498864 100644 +--- a/arch/powerpc/platforms/85xx/mpc85xx_mds.c ++++ b/arch/powerpc/platforms/85xx/mpc85xx_mds.c +@@ -405,12 +405,6 @@ static int __init board_fixups(void) + machine_arch_initcall(mpc8568_mds, board_fixups); + machine_arch_initcall(mpc8569_mds, board_fixups); + +-static struct of_device_id mpc85xx_ids[] = { +- { .compatible = "fsl,mpc8548-guts", }, +- { .compatible = "gpio-leds", }, +- {}, +-}; +- + static int __init mpc85xx_publish_devices(void) + { + if (machine_is(mpc8568_mds)) +@@ -418,10 +412,7 @@ static int __init mpc85xx_publish_devices(void) + if (machine_is(mpc8569_mds)) + simple_gpiochip_init("fsl,mpc8569mds-bcsr-gpio"); + +- mpc85xx_common_publish_devices(); +- of_platform_bus_probe(NULL, mpc85xx_ids, NULL); +- +- return 0; ++ return mpc85xx_common_publish_devices(); + } + + machine_device_initcall(mpc8568_mds, mpc85xx_publish_devices); +diff --git a/arch/powerpc/platforms/85xx/p1022_ds.c b/arch/powerpc/platforms/85xx/p1022_ds.c +index b0984ad..cc79cad8 100644 +--- a/arch/powerpc/platforms/85xx/p1022_ds.c ++++ b/arch/powerpc/platforms/85xx/p1022_ds.c +@@ -303,18 +303,7 @@ static void __init p1022_ds_setup_arch(void) + pr_info("Freescale P1022 DS reference board\n"); + } + +-static struct of_device_id __initdata p1022_ds_ids[] = { +- /* So that the DMA channel nodes can be probed individually: */ +- { .compatible = "fsl,eloplus-dma", }, +- {}, +-}; +- +-static int __init p1022_ds_publish_devices(void) +-{ +- mpc85xx_common_publish_devices(); +- return of_platform_bus_probe(NULL, p1022_ds_ids, NULL); +-} +-machine_device_initcall(p1022_ds, p1022_ds_publish_devices); ++machine_device_initcall(p1022_ds, mpc85xx_common_publish_devices); + + machine_arch_initcall(p1022_ds, swiotlb_setup_bus_notifier); + +diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile +index 95365a8..5a747dd 100644 +--- a/arch/x86/boot/Makefile ++++ b/arch/x86/boot/Makefile +@@ -37,7 +37,8 @@ setup-y += video-bios.o + targets += $(setup-y) + hostprogs-y := mkcpustr tools/build + +-HOST_EXTRACFLAGS += $(LINUXINCLUDE) ++HOST_EXTRACFLAGS += -I$(srctree)/tools/include $(LINUXINCLUDE) \ ++ -D__EXPORTED_HEADERS__ + + $(obj)/cpu.o: $(obj)/cpustr.h + +diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile +index b123b9a..fd55a2f 100644 +--- a/arch/x86/boot/compressed/Makefile ++++ b/arch/x86/boot/compressed/Makefile +@@ -22,6 +22,7 @@ LDFLAGS := -m elf_$(UTS_MACHINE) + LDFLAGS_vmlinux := -T + + hostprogs-y := mkpiggy ++HOST_EXTRACFLAGS += -I$(srctree)/tools/include + + VMLINUX_OBJS = $(obj)/vmlinux.lds $(obj)/head_$(BITS).o $(obj)/misc.o \ + $(obj)/string.o $(obj)/cmdline.o $(obj)/early_serial_console.o \ +diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c +index fec216f..0cdfc0d 100644 +--- a/arch/x86/boot/compressed/eboot.c ++++ b/arch/x86/boot/compressed/eboot.c +@@ -539,7 +539,7 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image, + struct initrd *initrd; + efi_file_handle_t *h; + efi_file_info_t *info; +- efi_char16_t filename[256]; ++ efi_char16_t filename_16[256]; + unsigned long info_sz; + efi_guid_t info_guid = EFI_FILE_INFO_ID; + efi_char16_t *p; +@@ -552,14 +552,14 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image, + str += 7; + + initrd = &initrds[i]; +- p = filename; ++ p = filename_16; + + /* Skip any leading slashes */ + while (*str == '/' || *str == '\\') + str++; + + while (*str && *str != ' ' && *str != '\n') { +- if (p >= filename + sizeof(filename)) ++ if ((u8 *)p >= (u8 *)filename_16 + sizeof(filename_16)) + break; + + *p++ = *str++; +@@ -583,7 +583,7 @@ static efi_status_t handle_ramdisks(efi_loaded_image_t *image, + goto free_initrds; + } + +- status = efi_call_phys5(fh->open, fh, &h, filename, ++ status = efi_call_phys5(fh->open, fh, &h, filename_16, + EFI_FILE_MODE_READ, (u64)0); + if (status != EFI_SUCCESS) + goto close_handles; +diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S +index a055993..c85e3ac 100644 +--- a/arch/x86/boot/compressed/head_32.S ++++ b/arch/x86/boot/compressed/head_32.S +@@ -33,6 +33,9 @@ + __HEAD + ENTRY(startup_32) + #ifdef CONFIG_EFI_STUB ++ jmp preferred_addr ++ ++ .balign 0x10 + /* + * We don't need the return address, so set up the stack so + * efi_main() can find its arugments. +@@ -41,12 +44,17 @@ ENTRY(startup_32) + + call efi_main + cmpl $0, %eax +- je preferred_addr + movl %eax, %esi +- call 1f ++ jne 2f + 1: ++ /* EFI init failed, so hang. */ ++ hlt ++ jmp 1b ++2: ++ call 3f ++3: + popl %eax +- subl $1b, %eax ++ subl $3b, %eax + subl BP_pref_address(%esi), %eax + add BP_code32_start(%esi), %eax + leal preferred_addr(%eax), %eax +diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S +index 558d76c..87e03a1 100644 +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -200,18 +200,28 @@ ENTRY(startup_64) + * entire text+data+bss and hopefully all of memory. + */ + #ifdef CONFIG_EFI_STUB +- pushq %rsi ++ /* ++ * The entry point for the PE/COFF executable is 0x210, so only ++ * legacy boot loaders will execute this jmp. ++ */ ++ jmp preferred_addr ++ ++ .org 0x210 + mov %rcx, %rdi + mov %rdx, %rsi + call efi_main +- popq %rsi +- cmpq $0,%rax +- je preferred_addr + movq %rax,%rsi +- call 1f ++ cmpq $0,%rax ++ jne 2f + 1: ++ /* EFI init failed, so hang. */ ++ hlt ++ jmp 1b ++2: ++ call 3f ++3: + popq %rax +- subq $1b, %rax ++ subq $3b, %rax + subq BP_pref_address(%rsi), %rax + add BP_code32_start(%esi), %eax + leaq preferred_addr(%rax), %rax +diff --git a/arch/x86/boot/compressed/mkpiggy.c b/arch/x86/boot/compressed/mkpiggy.c +index 46a8238..958a641 100644 +--- a/arch/x86/boot/compressed/mkpiggy.c ++++ b/arch/x86/boot/compressed/mkpiggy.c +@@ -29,14 +29,7 @@ + #include <stdio.h> + #include <string.h> + #include <inttypes.h> +- +-static uint32_t getle32(const void *p) +-{ +- const uint8_t *cp = p; +- +- return (uint32_t)cp[0] + ((uint32_t)cp[1] << 8) + +- ((uint32_t)cp[2] << 16) + ((uint32_t)cp[3] << 24); +-} ++#include <tools/le_byteshift.h> + + int main(int argc, char *argv[]) + { +@@ -69,7 +62,7 @@ int main(int argc, char *argv[]) + } + + ilen = ftell(f); +- olen = getle32(&olen); ++ olen = get_unaligned_le32(&olen); + fclose(f); + + /* +diff --git a/arch/x86/boot/tools/build.c b/arch/x86/boot/tools/build.c +index 4e9bd6b..09ce870 100644 +--- a/arch/x86/boot/tools/build.c ++++ b/arch/x86/boot/tools/build.c +@@ -34,6 +34,7 @@ + #include <fcntl.h> + #include <sys/mman.h> + #include <asm/boot.h> ++#include <tools/le_byteshift.h> + + typedef unsigned char u8; + typedef unsigned short u16; +@@ -41,6 +42,7 @@ typedef unsigned long u32; + + #define DEFAULT_MAJOR_ROOT 0 + #define DEFAULT_MINOR_ROOT 0 ++#define DEFAULT_ROOT_DEV (DEFAULT_MAJOR_ROOT << 8 | DEFAULT_MINOR_ROOT) + + /* Minimal number of setup sectors */ + #define SETUP_SECT_MIN 5 +@@ -159,7 +161,7 @@ int main(int argc, char ** argv) + die("read-error on `setup'"); + if (c < 1024) + die("The setup must be at least 1024 bytes"); +- if (buf[510] != 0x55 || buf[511] != 0xaa) ++ if (get_unaligned_le16(&buf[510]) != 0xAA55) + die("Boot block hasn't got boot flag (0xAA55)"); + fclose(file); + +@@ -171,8 +173,7 @@ int main(int argc, char ** argv) + memset(buf+c, 0, i-c); + + /* Set the default root device */ +- buf[508] = DEFAULT_MINOR_ROOT; +- buf[509] = DEFAULT_MAJOR_ROOT; ++ put_unaligned_le16(DEFAULT_ROOT_DEV, &buf[508]); + + fprintf(stderr, "Setup is %d bytes (padded to %d bytes).\n", c, i); + +@@ -192,44 +193,49 @@ int main(int argc, char ** argv) + + /* Patch the setup code with the appropriate size parameters */ + buf[0x1f1] = setup_sectors-1; +- buf[0x1f4] = sys_size; +- buf[0x1f5] = sys_size >> 8; +- buf[0x1f6] = sys_size >> 16; +- buf[0x1f7] = sys_size >> 24; ++ put_unaligned_le32(sys_size, &buf[0x1f4]); + + #ifdef CONFIG_EFI_STUB + file_sz = sz + i + ((sys_size * 16) - sz); + +- pe_header = *(unsigned int *)&buf[0x3c]; ++ pe_header = get_unaligned_le32(&buf[0x3c]); + + /* Size of code */ +- *(unsigned int *)&buf[pe_header + 0x1c] = file_sz; ++ put_unaligned_le32(file_sz, &buf[pe_header + 0x1c]); + + /* Size of image */ +- *(unsigned int *)&buf[pe_header + 0x50] = file_sz; ++ put_unaligned_le32(file_sz, &buf[pe_header + 0x50]); + + #ifdef CONFIG_X86_32 +- /* Address of entry point */ +- *(unsigned int *)&buf[pe_header + 0x28] = i; ++ /* ++ * Address of entry point. ++ * ++ * The EFI stub entry point is +16 bytes from the start of ++ * the .text section. ++ */ ++ put_unaligned_le32(i + 16, &buf[pe_header + 0x28]); + + /* .text size */ +- *(unsigned int *)&buf[pe_header + 0xb0] = file_sz; ++ put_unaligned_le32(file_sz, &buf[pe_header + 0xb0]); + + /* .text size of initialised data */ +- *(unsigned int *)&buf[pe_header + 0xb8] = file_sz; ++ put_unaligned_le32(file_sz, &buf[pe_header + 0xb8]); + #else + /* + * Address of entry point. startup_32 is at the beginning and + * the 64-bit entry point (startup_64) is always 512 bytes +- * after. ++ * after. The EFI stub entry point is 16 bytes after that, as ++ * the first instruction allows legacy loaders to jump over ++ * the EFI stub initialisation + */ +- *(unsigned int *)&buf[pe_header + 0x28] = i + 512; ++ put_unaligned_le32(i + 528, &buf[pe_header + 0x28]); + + /* .text size */ +- *(unsigned int *)&buf[pe_header + 0xc0] = file_sz; ++ put_unaligned_le32(file_sz, &buf[pe_header + 0xc0]); + + /* .text size of initialised data */ +- *(unsigned int *)&buf[pe_header + 0xc8] = file_sz; ++ put_unaligned_le32(file_sz, &buf[pe_header + 0xc8]); ++ + #endif /* CONFIG_X86_32 */ + #endif /* CONFIG_EFI_STUB */ + +diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h +index 517d476..a609c39 100644 +--- a/arch/x86/include/asm/x86_init.h ++++ b/arch/x86/include/asm/x86_init.h +@@ -189,6 +189,5 @@ extern struct x86_msi_ops x86_msi; + + extern void x86_init_noop(void); + extern void x86_init_uint_noop(unsigned int unused); +-extern void x86_default_fixup_cpu_id(struct cpuinfo_x86 *c, int node); + + #endif +diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c +index 2eec05b..5b3f88e 100644 +--- a/arch/x86/kernel/apic/apic.c ++++ b/arch/x86/kernel/apic/apic.c +@@ -1632,9 +1632,11 @@ static int __init apic_verify(void) + mp_lapic_addr = APIC_DEFAULT_PHYS_BASE; + + /* The BIOS may have set up the APIC at some other address */ +- rdmsr(MSR_IA32_APICBASE, l, h); +- if (l & MSR_IA32_APICBASE_ENABLE) +- mp_lapic_addr = l & MSR_IA32_APICBASE_BASE; ++ if (boot_cpu_data.x86 >= 6) { ++ rdmsr(MSR_IA32_APICBASE, l, h); ++ if (l & MSR_IA32_APICBASE_ENABLE) ++ mp_lapic_addr = l & MSR_IA32_APICBASE_BASE; ++ } + + pr_info("Found and enabled local APIC!\n"); + return 0; +@@ -1652,13 +1654,15 @@ int __init apic_force_enable(unsigned long addr) + * MSR. This can only be done in software for Intel P6 or later + * and AMD K7 (Model > 1) or later. + */ +- rdmsr(MSR_IA32_APICBASE, l, h); +- if (!(l & MSR_IA32_APICBASE_ENABLE)) { +- pr_info("Local APIC disabled by BIOS -- reenabling.\n"); +- l &= ~MSR_IA32_APICBASE_BASE; +- l |= MSR_IA32_APICBASE_ENABLE | addr; +- wrmsr(MSR_IA32_APICBASE, l, h); +- enabled_via_apicbase = 1; ++ if (boot_cpu_data.x86 >= 6) { ++ rdmsr(MSR_IA32_APICBASE, l, h); ++ if (!(l & MSR_IA32_APICBASE_ENABLE)) { ++ pr_info("Local APIC disabled by BIOS -- reenabling.\n"); ++ l &= ~MSR_IA32_APICBASE_BASE; ++ l |= MSR_IA32_APICBASE_ENABLE | addr; ++ wrmsr(MSR_IA32_APICBASE, l, h); ++ enabled_via_apicbase = 1; ++ } + } + return apic_verify(); + } +@@ -2204,10 +2208,12 @@ static void lapic_resume(void) + * FIXME! This will be wrong if we ever support suspend on + * SMP! We'll need to do this as part of the CPU restore! + */ +- rdmsr(MSR_IA32_APICBASE, l, h); +- l &= ~MSR_IA32_APICBASE_BASE; +- l |= MSR_IA32_APICBASE_ENABLE | mp_lapic_addr; +- wrmsr(MSR_IA32_APICBASE, l, h); ++ if (boot_cpu_data.x86 >= 6) { ++ rdmsr(MSR_IA32_APICBASE, l, h); ++ l &= ~MSR_IA32_APICBASE_BASE; ++ l |= MSR_IA32_APICBASE_ENABLE | mp_lapic_addr; ++ wrmsr(MSR_IA32_APICBASE, l, h); ++ } + } + + maxlvt = lapic_get_maxlvt(); +diff --git a/arch/x86/kernel/apic/apic_numachip.c b/arch/x86/kernel/apic/apic_numachip.c +index 09d3d8c..ade0182 100644 +--- a/arch/x86/kernel/apic/apic_numachip.c ++++ b/arch/x86/kernel/apic/apic_numachip.c +@@ -201,8 +201,11 @@ static void __init map_csrs(void) + + static void fixup_cpu_id(struct cpuinfo_x86 *c, int node) + { +- c->phys_proc_id = node; +- per_cpu(cpu_llc_id, smp_processor_id()) = node; ++ ++ if (c->phys_proc_id != node) { ++ c->phys_proc_id = node; ++ per_cpu(cpu_llc_id, smp_processor_id()) = node; ++ } + } + + static int __init numachip_system_init(void) +diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c +index f4773f4..80ab83d 100644 +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -352,10 +352,11 @@ static void __cpuinit srat_detect_node(struct cpuinfo_x86 *c) + node = per_cpu(cpu_llc_id, cpu); + + /* +- * If core numbers are inconsistent, it's likely a multi-fabric platform, +- * so invoke platform-specific handler ++ * On multi-fabric platform (e.g. Numascale NumaChip) a ++ * platform-specific handler needs to be called to fixup some ++ * IDs of the CPU. + */ +- if (c->phys_proc_id != node) ++ if (x86_cpuinit.fixup_cpu_id) + x86_cpuinit.fixup_cpu_id(c, node); + + if (!node_online(node)) { +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index c0f7d68..1a810e4 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1163,15 +1163,6 @@ static void dbg_restore_debug_regs(void) + #endif /* ! CONFIG_KGDB */ + + /* +- * Prints an error where the NUMA and configured core-number mismatch and the +- * platform didn't override this to fix it up +- */ +-void __cpuinit x86_default_fixup_cpu_id(struct cpuinfo_x86 *c, int node) +-{ +- pr_err("NUMA core number %d differs from configured core number %d\n", node, c->phys_proc_id); +-} +- +-/* + * cpu_init() initializes state that is per-CPU. Some data is already + * initialized (naturally) in the bootstrap process, such as the GDT + * and IDT. We reload them nevertheless, this function acts as a +diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c +index 739d859..f239f30 100644 +--- a/arch/x86/kernel/i387.c ++++ b/arch/x86/kernel/i387.c +@@ -154,6 +154,7 @@ int init_fpu(struct task_struct *tsk) + if (tsk_used_math(tsk)) { + if (HAVE_HWFP && tsk == current) + unlazy_fpu(tsk); ++ tsk->thread.fpu.last_cpu = ~0; + return 0; + } + +diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c +index 73465aa..8a2ce8f 100644 +--- a/arch/x86/kernel/microcode_amd.c ++++ b/arch/x86/kernel/microcode_amd.c +@@ -82,11 +82,6 @@ static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig) + { + struct cpuinfo_x86 *c = &cpu_data(cpu); + +- if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) { +- pr_warning("CPU%d: family %d not supported\n", cpu, c->x86); +- return -1; +- } +- + csig->rev = c->microcode; + pr_info("CPU%d: patch_level=0x%08x\n", cpu, csig->rev); + +@@ -380,6 +375,13 @@ static struct microcode_ops microcode_amd_ops = { + + struct microcode_ops * __init init_amd_microcode(void) + { ++ struct cpuinfo_x86 *c = &cpu_data(0); ++ ++ if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) { ++ pr_warning("AMD CPU family 0x%x not supported\n", c->x86); ++ return NULL; ++ } ++ + patch = (void *)get_zeroed_page(GFP_KERNEL); + if (!patch) + return NULL; +diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c +index fda91c3..50a5875 100644 +--- a/arch/x86/kernel/microcode_core.c ++++ b/arch/x86/kernel/microcode_core.c +@@ -418,10 +418,8 @@ static int mc_device_add(struct device *dev, struct subsys_interface *sif) + if (err) + return err; + +- if (microcode_init_cpu(cpu) == UCODE_ERROR) { +- sysfs_remove_group(&dev->kobj, &mc_attr_group); ++ if (microcode_init_cpu(cpu) == UCODE_ERROR) + return -EINVAL; +- } + + return err; + } +@@ -513,11 +511,11 @@ static int __init microcode_init(void) + microcode_ops = init_intel_microcode(); + else if (c->x86_vendor == X86_VENDOR_AMD) + microcode_ops = init_amd_microcode(); +- +- if (!microcode_ops) { ++ else + pr_err("no support for this CPU vendor\n"); ++ ++ if (!microcode_ops) + return -ENODEV; +- } + + microcode_pdev = platform_device_register_simple("microcode", -1, + NULL, 0); +diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c +index 947a06c..83b05ad 100644 +--- a/arch/x86/kernel/x86_init.c ++++ b/arch/x86/kernel/x86_init.c +@@ -92,7 +92,6 @@ struct x86_init_ops x86_init __initdata = { + + struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = { + .setup_percpu_clockev = setup_secondary_APIC_clock, +- .fixup_cpu_id = x86_default_fixup_cpu_id, + }; + + static void default_nmi_init(void) { }; +diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c +index 501d4e0..f2ce60a 100644 +--- a/arch/x86/xen/smp.c ++++ b/arch/x86/xen/smp.c +@@ -172,6 +172,7 @@ static void __init xen_fill_possible_map(void) + static void __init xen_filter_cpu_maps(void) + { + int i, rc; ++ unsigned int subtract = 0; + + if (!xen_initial_domain()) + return; +@@ -186,8 +187,22 @@ static void __init xen_filter_cpu_maps(void) + } else { + set_cpu_possible(i, false); + set_cpu_present(i, false); ++ subtract++; + } + } ++#ifdef CONFIG_HOTPLUG_CPU ++ /* This is akin to using 'nr_cpus' on the Linux command line. ++ * Which is OK as when we use 'dom0_max_vcpus=X' we can only ++ * have up to X, while nr_cpu_ids is greater than X. This ++ * normally is not a problem, except when CPU hotplugging ++ * is involved and then there might be more than X CPUs ++ * in the guest - which will not work as there is no ++ * hypercall to expand the max number of VCPUs an already ++ * running guest has. So cap it up to X. */ ++ if (subtract) ++ nr_cpu_ids = nr_cpu_ids - subtract; ++#endif ++ + } + + static void __init xen_smp_prepare_boot_cpu(void) +diff --git a/arch/x86/xen/xen-asm.S b/arch/x86/xen/xen-asm.S +index 79d7362..3e45aa0 100644 +--- a/arch/x86/xen/xen-asm.S ++++ b/arch/x86/xen/xen-asm.S +@@ -96,7 +96,7 @@ ENTRY(xen_restore_fl_direct) + + /* check for unmasked and pending */ + cmpw $0x0001, PER_CPU_VAR(xen_vcpu_info) + XEN_vcpu_info_pending +- jz 1f ++ jnz 1f + 2: call check_events + 1: + ENDPATCH(xen_restore_fl_direct) +diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c +index a9b2820..58db834 100644 +--- a/drivers/ata/libata-eh.c ++++ b/drivers/ata/libata-eh.c +@@ -3500,7 +3500,8 @@ static int ata_count_probe_trials_cb(struct ata_ering_entry *ent, void *void_arg + u64 now = get_jiffies_64(); + int *trials = void_arg; + +- if (ent->timestamp < now - min(now, interval)) ++ if ((ent->eflags & ATA_EFLAG_OLD_ER) || ++ (ent->timestamp < now - min(now, interval))) + return -1; + + (*trials)++; +diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c +index 2d8c789..b28dbfa 100644 +--- a/drivers/crypto/talitos.c ++++ b/drivers/crypto/talitos.c +@@ -124,6 +124,9 @@ struct talitos_private { + void __iomem *reg; + int irq[2]; + ++ /* SEC global registers lock */ ++ spinlock_t reg_lock ____cacheline_aligned; ++ + /* SEC version geometry (from device tree node) */ + unsigned int num_channels; + unsigned int chfifo_len; +@@ -412,6 +415,7 @@ static void talitos_done_##name(unsigned long data) \ + { \ + struct device *dev = (struct device *)data; \ + struct talitos_private *priv = dev_get_drvdata(dev); \ ++ unsigned long flags; \ + \ + if (ch_done_mask & 1) \ + flush_channel(dev, 0, 0, 0); \ +@@ -427,8 +431,10 @@ static void talitos_done_##name(unsigned long data) \ + out: \ + /* At this point, all completed channels have been processed */ \ + /* Unmask done interrupts for channels completed later on. */ \ ++ spin_lock_irqsave(&priv->reg_lock, flags); \ + setbits32(priv->reg + TALITOS_IMR, ch_done_mask); \ + setbits32(priv->reg + TALITOS_IMR_LO, TALITOS_IMR_LO_INIT); \ ++ spin_unlock_irqrestore(&priv->reg_lock, flags); \ + } + DEF_TALITOS_DONE(4ch, TALITOS_ISR_4CHDONE) + DEF_TALITOS_DONE(ch0_2, TALITOS_ISR_CH_0_2_DONE) +@@ -619,22 +625,28 @@ static irqreturn_t talitos_interrupt_##name(int irq, void *data) \ + struct device *dev = data; \ + struct talitos_private *priv = dev_get_drvdata(dev); \ + u32 isr, isr_lo; \ ++ unsigned long flags; \ + \ ++ spin_lock_irqsave(&priv->reg_lock, flags); \ + isr = in_be32(priv->reg + TALITOS_ISR); \ + isr_lo = in_be32(priv->reg + TALITOS_ISR_LO); \ + /* Acknowledge interrupt */ \ + out_be32(priv->reg + TALITOS_ICR, isr & (ch_done_mask | ch_err_mask)); \ + out_be32(priv->reg + TALITOS_ICR_LO, isr_lo); \ + \ +- if (unlikely((isr & ~TALITOS_ISR_4CHDONE) & ch_err_mask || isr_lo)) \ +- talitos_error(dev, isr, isr_lo); \ +- else \ ++ if (unlikely(isr & ch_err_mask || isr_lo)) { \ ++ spin_unlock_irqrestore(&priv->reg_lock, flags); \ ++ talitos_error(dev, isr & ch_err_mask, isr_lo); \ ++ } \ ++ else { \ + if (likely(isr & ch_done_mask)) { \ + /* mask further done interrupts. */ \ + clrbits32(priv->reg + TALITOS_IMR, ch_done_mask); \ + /* done_task will unmask done interrupts at exit */ \ + tasklet_schedule(&priv->done_task[tlet]); \ + } \ ++ spin_unlock_irqrestore(&priv->reg_lock, flags); \ ++ } \ + \ + return (isr & (ch_done_mask | ch_err_mask) || isr_lo) ? IRQ_HANDLED : \ + IRQ_NONE; \ +@@ -2718,6 +2730,8 @@ static int talitos_probe(struct platform_device *ofdev) + + priv->ofdev = ofdev; + ++ spin_lock_init(&priv->reg_lock); ++ + err = talitos_probe_irq(ofdev); + if (err) + goto err_out; +diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c +index f4aed5f..a342873 100644 +--- a/drivers/dma/at_hdmac.c ++++ b/drivers/dma/at_hdmac.c +@@ -241,10 +241,6 @@ static void atc_dostart(struct at_dma_chan *atchan, struct at_desc *first) + + vdbg_dump_regs(atchan); + +- /* clear any pending interrupt */ +- while (dma_readl(atdma, EBCISR)) +- cpu_relax(); +- + channel_writel(atchan, SADDR, 0); + channel_writel(atchan, DADDR, 0); + channel_writel(atchan, CTRLA, 0); +diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c +index d25599f..47408e8 100644 +--- a/drivers/firmware/efivars.c ++++ b/drivers/firmware/efivars.c +@@ -191,6 +191,190 @@ utf16_strncmp(const efi_char16_t *a, const efi_char16_t *b, size_t len) + } + } + ++static bool ++validate_device_path(struct efi_variable *var, int match, u8 *buffer, ++ unsigned long len) ++{ ++ struct efi_generic_dev_path *node; ++ int offset = 0; ++ ++ node = (struct efi_generic_dev_path *)buffer; ++ ++ if (len < sizeof(*node)) ++ return false; ++ ++ while (offset <= len - sizeof(*node) && ++ node->length >= sizeof(*node) && ++ node->length <= len - offset) { ++ offset += node->length; ++ ++ if ((node->type == EFI_DEV_END_PATH || ++ node->type == EFI_DEV_END_PATH2) && ++ node->sub_type == EFI_DEV_END_ENTIRE) ++ return true; ++ ++ node = (struct efi_generic_dev_path *)(buffer + offset); ++ } ++ ++ /* ++ * If we're here then either node->length pointed past the end ++ * of the buffer or we reached the end of the buffer without ++ * finding a device path end node. ++ */ ++ return false; ++} ++ ++static bool ++validate_boot_order(struct efi_variable *var, int match, u8 *buffer, ++ unsigned long len) ++{ ++ /* An array of 16-bit integers */ ++ if ((len % 2) != 0) ++ return false; ++ ++ return true; ++} ++ ++static bool ++validate_load_option(struct efi_variable *var, int match, u8 *buffer, ++ unsigned long len) ++{ ++ u16 filepathlength; ++ int i, desclength = 0, namelen; ++ ++ namelen = utf16_strnlen(var->VariableName, sizeof(var->VariableName)); ++ ++ /* Either "Boot" or "Driver" followed by four digits of hex */ ++ for (i = match; i < match+4; i++) { ++ if (var->VariableName[i] > 127 || ++ hex_to_bin(var->VariableName[i] & 0xff) < 0) ++ return true; ++ } ++ ++ /* Reject it if there's 4 digits of hex and then further content */ ++ if (namelen > match + 4) ++ return false; ++ ++ /* A valid entry must be at least 8 bytes */ ++ if (len < 8) ++ return false; ++ ++ filepathlength = buffer[4] | buffer[5] << 8; ++ ++ /* ++ * There's no stored length for the description, so it has to be ++ * found by hand ++ */ ++ desclength = utf16_strsize((efi_char16_t *)(buffer + 6), len - 6) + 2; ++ ++ /* Each boot entry must have a descriptor */ ++ if (!desclength) ++ return false; ++ ++ /* ++ * If the sum of the length of the description, the claimed filepath ++ * length and the original header are greater than the length of the ++ * variable, it's malformed ++ */ ++ if ((desclength + filepathlength + 6) > len) ++ return false; ++ ++ /* ++ * And, finally, check the filepath ++ */ ++ return validate_device_path(var, match, buffer + desclength + 6, ++ filepathlength); ++} ++ ++static bool ++validate_uint16(struct efi_variable *var, int match, u8 *buffer, ++ unsigned long len) ++{ ++ /* A single 16-bit integer */ ++ if (len != 2) ++ return false; ++ ++ return true; ++} ++ ++static bool ++validate_ascii_string(struct efi_variable *var, int match, u8 *buffer, ++ unsigned long len) ++{ ++ int i; ++ ++ for (i = 0; i < len; i++) { ++ if (buffer[i] > 127) ++ return false; ++ ++ if (buffer[i] == 0) ++ return true; ++ } ++ ++ return false; ++} ++ ++struct variable_validate { ++ char *name; ++ bool (*validate)(struct efi_variable *var, int match, u8 *data, ++ unsigned long len); ++}; ++ ++static const struct variable_validate variable_validate[] = { ++ { "BootNext", validate_uint16 }, ++ { "BootOrder", validate_boot_order }, ++ { "DriverOrder", validate_boot_order }, ++ { "Boot*", validate_load_option }, ++ { "Driver*", validate_load_option }, ++ { "ConIn", validate_device_path }, ++ { "ConInDev", validate_device_path }, ++ { "ConOut", validate_device_path }, ++ { "ConOutDev", validate_device_path }, ++ { "ErrOut", validate_device_path }, ++ { "ErrOutDev", validate_device_path }, ++ { "Timeout", validate_uint16 }, ++ { "Lang", validate_ascii_string }, ++ { "PlatformLang", validate_ascii_string }, ++ { "", NULL }, ++}; ++ ++static bool ++validate_var(struct efi_variable *var, u8 *data, unsigned long len) ++{ ++ int i; ++ u16 *unicode_name = var->VariableName; ++ ++ for (i = 0; variable_validate[i].validate != NULL; i++) { ++ const char *name = variable_validate[i].name; ++ int match; ++ ++ for (match = 0; ; match++) { ++ char c = name[match]; ++ u16 u = unicode_name[match]; ++ ++ /* All special variables are plain ascii */ ++ if (u > 127) ++ return true; ++ ++ /* Wildcard in the matching name means we've matched */ ++ if (c == '*') ++ return variable_validate[i].validate(var, ++ match, data, len); ++ ++ /* Case sensitive match */ ++ if (c != u) ++ break; ++ ++ /* Reached the end of the string while matching */ ++ if (!c) ++ return variable_validate[i].validate(var, ++ match, data, len); ++ } ++ } ++ ++ return true; ++} ++ + static efi_status_t + get_var_data_locked(struct efivars *efivars, struct efi_variable *var) + { +@@ -324,6 +508,12 @@ efivar_store_raw(struct efivar_entry *entry, const char *buf, size_t count) + return -EINVAL; + } + ++ if ((new_var->Attributes & ~EFI_VARIABLE_MASK) != 0 || ++ validate_var(new_var, new_var->Data, new_var->DataSize) == false) { ++ printk(KERN_ERR "efivars: Malformed variable content\n"); ++ return -EINVAL; ++ } ++ + spin_lock(&efivars->lock); + status = efivars->ops->set_variable(new_var->VariableName, + &new_var->VendorGuid, +@@ -626,6 +816,12 @@ static ssize_t efivar_create(struct file *filp, struct kobject *kobj, + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + ++ if ((new_var->Attributes & ~EFI_VARIABLE_MASK) != 0 || ++ validate_var(new_var, new_var->Data, new_var->DataSize) == false) { ++ printk(KERN_ERR "efivars: Malformed variable content\n"); ++ return -EINVAL; ++ } ++ + spin_lock(&efivars->lock); + + /* +diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c +index 65e1f00..e159e33 100644 +--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c ++++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c +@@ -1082,6 +1082,11 @@ i915_gem_do_execbuffer(struct drm_device *dev, void *data, + return -EINVAL; + } + ++ if (args->num_cliprects > UINT_MAX / sizeof(*cliprects)) { ++ DRM_DEBUG("execbuf with %u cliprects\n", ++ args->num_cliprects); ++ return -EINVAL; ++ } + cliprects = kmalloc(args->num_cliprects * sizeof(*cliprects), + GFP_KERNEL); + if (cliprects == NULL) { +@@ -1353,7 +1358,8 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data, + struct drm_i915_gem_exec_object2 *exec2_list = NULL; + int ret; + +- if (args->buffer_count < 1) { ++ if (args->buffer_count < 1 || ++ args->buffer_count > UINT_MAX / sizeof(*exec2_list)) { + DRM_ERROR("execbuf2 with %d buffers\n", args->buffer_count); + return -EINVAL; + } +diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h +index 3e6429a..ac38d21 100644 +--- a/drivers/gpu/drm/i915/i915_reg.h ++++ b/drivers/gpu/drm/i915/i915_reg.h +@@ -523,6 +523,7 @@ + #define CM0_MASK_SHIFT 16 + #define CM0_IZ_OPT_DISABLE (1<<6) + #define CM0_ZR_OPT_DISABLE (1<<5) ++#define CM0_STC_EVICT_DISABLE_LRA_SNB (1<<5) + #define CM0_DEPTH_EVICT_DISABLE (1<<4) + #define CM0_COLOR_EVICT_DISABLE (1<<3) + #define CM0_DEPTH_WRITE_DISABLE (1<<1) +diff --git a/drivers/gpu/drm/i915/intel_ringbuffer.c b/drivers/gpu/drm/i915/intel_ringbuffer.c +index cbc3c04..99f71af 100644 +--- a/drivers/gpu/drm/i915/intel_ringbuffer.c ++++ b/drivers/gpu/drm/i915/intel_ringbuffer.c +@@ -417,6 +417,14 @@ static int init_render_ring(struct intel_ring_buffer *ring) + if (INTEL_INFO(dev)->gen >= 6) { + I915_WRITE(INSTPM, + INSTPM_FORCE_ORDERING << 16 | INSTPM_FORCE_ORDERING); ++ ++ /* From the Sandybridge PRM, volume 1 part 3, page 24: ++ * "If this bit is set, STCunit will have LRA as replacement ++ * policy. [...] This bit must be reset. LRA replacement ++ * policy is not supported." ++ */ ++ I915_WRITE(CACHE_MODE_0, ++ CM0_STC_EVICT_DISABLE_LRA_SNB << CM0_MASK_SHIFT); + } + + return ret; +diff --git a/drivers/gpu/drm/i915/intel_sdvo.c b/drivers/gpu/drm/i915/intel_sdvo.c +index e334ec3..0a877dd 100644 +--- a/drivers/gpu/drm/i915/intel_sdvo.c ++++ b/drivers/gpu/drm/i915/intel_sdvo.c +@@ -731,6 +731,7 @@ static void intel_sdvo_get_dtd_from_mode(struct intel_sdvo_dtd *dtd, + uint16_t width, height; + uint16_t h_blank_len, h_sync_len, v_blank_len, v_sync_len; + uint16_t h_sync_offset, v_sync_offset; ++ int mode_clock; + + width = mode->crtc_hdisplay; + height = mode->crtc_vdisplay; +@@ -745,7 +746,11 @@ static void intel_sdvo_get_dtd_from_mode(struct intel_sdvo_dtd *dtd, + h_sync_offset = mode->crtc_hsync_start - mode->crtc_hblank_start; + v_sync_offset = mode->crtc_vsync_start - mode->crtc_vblank_start; + +- dtd->part1.clock = mode->clock / 10; ++ mode_clock = mode->clock; ++ mode_clock /= intel_mode_get_pixel_multiplier(mode) ?: 1; ++ mode_clock /= 10; ++ dtd->part1.clock = mode_clock; ++ + dtd->part1.h_active = width & 0xff; + dtd->part1.h_blank = h_blank_len & 0xff; + dtd->part1.h_high = (((width >> 8) & 0xf) << 4) | +@@ -997,7 +1002,7 @@ static void intel_sdvo_mode_set(struct drm_encoder *encoder, + struct intel_sdvo *intel_sdvo = to_intel_sdvo(encoder); + u32 sdvox; + struct intel_sdvo_in_out_map in_out; +- struct intel_sdvo_dtd input_dtd; ++ struct intel_sdvo_dtd input_dtd, output_dtd; + int pixel_multiplier = intel_mode_get_pixel_multiplier(adjusted_mode); + int rate; + +@@ -1022,20 +1027,13 @@ static void intel_sdvo_mode_set(struct drm_encoder *encoder, + intel_sdvo->attached_output)) + return; + +- /* We have tried to get input timing in mode_fixup, and filled into +- * adjusted_mode. +- */ +- if (intel_sdvo->is_tv || intel_sdvo->is_lvds) { +- input_dtd = intel_sdvo->input_dtd; +- } else { +- /* Set the output timing to the screen */ +- if (!intel_sdvo_set_target_output(intel_sdvo, +- intel_sdvo->attached_output)) +- return; +- +- intel_sdvo_get_dtd_from_mode(&input_dtd, adjusted_mode); +- (void) intel_sdvo_set_output_timing(intel_sdvo, &input_dtd); +- } ++ /* lvds has a special fixed output timing. */ ++ if (intel_sdvo->is_lvds) ++ intel_sdvo_get_dtd_from_mode(&output_dtd, ++ intel_sdvo->sdvo_lvds_fixed_mode); ++ else ++ intel_sdvo_get_dtd_from_mode(&output_dtd, mode); ++ (void) intel_sdvo_set_output_timing(intel_sdvo, &output_dtd); + + /* Set the input timing to the screen. Assume always input 0. */ + if (!intel_sdvo_set_target_input(intel_sdvo)) +@@ -1053,6 +1051,10 @@ static void intel_sdvo_mode_set(struct drm_encoder *encoder, + !intel_sdvo_set_tv_format(intel_sdvo)) + return; + ++ /* We have tried to get input timing in mode_fixup, and filled into ++ * adjusted_mode. ++ */ ++ intel_sdvo_get_dtd_from_mode(&input_dtd, adjusted_mode); + (void) intel_sdvo_set_input_timing(intel_sdvo, &input_dtd); + + switch (pixel_multiplier) { +diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c b/drivers/gpu/drm/nouveau/nouveau_acpi.c +index 7814a76..284bd25 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_acpi.c ++++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c +@@ -270,7 +270,7 @@ static bool nouveau_dsm_detect(void) + struct acpi_buffer buffer = {sizeof(acpi_method_name), acpi_method_name}; + struct pci_dev *pdev = NULL; + int has_dsm = 0; +- int has_optimus; ++ int has_optimus = 0; + int vga_count = 0; + bool guid_valid; + int retval; +diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c +index 24ed306..2dab552 100644 +--- a/drivers/gpu/drm/radeon/atombios_crtc.c ++++ b/drivers/gpu/drm/radeon/atombios_crtc.c +@@ -912,8 +912,8 @@ static void atombios_crtc_set_pll(struct drm_crtc *crtc, struct drm_display_mode + break; + } + +- if (radeon_encoder->active_device & +- (ATOM_DEVICE_LCD_SUPPORT | ATOM_DEVICE_DFP_SUPPORT)) { ++ if ((radeon_encoder->active_device & (ATOM_DEVICE_LCD_SUPPORT | ATOM_DEVICE_DFP_SUPPORT)) || ++ (radeon_encoder_get_dp_bridge_encoder_id(encoder) != ENCODER_OBJECT_ID_NONE)) { + struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv; + struct drm_connector *connector = + radeon_get_connector_for_encoder(encoder); +diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c +index a6c6ec3..1248ee4 100644 +--- a/drivers/hwmon/coretemp.c ++++ b/drivers/hwmon/coretemp.c +@@ -51,7 +51,7 @@ module_param_named(tjmax, force_tjmax, int, 0444); + MODULE_PARM_DESC(tjmax, "TjMax value in degrees Celsius"); + + #define BASE_SYSFS_ATTR_NO 2 /* Sysfs Base attr no for coretemp */ +-#define NUM_REAL_CORES 16 /* Number of Real cores per cpu */ ++#define NUM_REAL_CORES 32 /* Number of Real cores per cpu */ + #define CORETEMP_NAME_LENGTH 17 /* String Length of attrs */ + #define MAX_CORE_ATTRS 4 /* Maximum no of basic attrs */ + #define TOTAL_ATTRS (MAX_CORE_ATTRS + 1) +@@ -708,6 +708,10 @@ static void __cpuinit put_core_offline(unsigned int cpu) + + indx = TO_ATTR_NO(cpu); + ++ /* The core id is too big, just return */ ++ if (indx > MAX_CORE_DATA - 1) ++ return; ++ + if (pdata->core_data[indx] && pdata->core_data[indx]->cpu == cpu) + coretemp_remove_core(pdata, &pdev->dev, indx); + +diff --git a/drivers/hwmon/fam15h_power.c b/drivers/hwmon/fam15h_power.c +index 930370d..9a4c3ab 100644 +--- a/drivers/hwmon/fam15h_power.c ++++ b/drivers/hwmon/fam15h_power.c +@@ -122,6 +122,41 @@ static bool __devinit fam15h_power_is_internal_node0(struct pci_dev *f4) + return true; + } + ++/* ++ * Newer BKDG versions have an updated recommendation on how to properly ++ * initialize the running average range (was: 0xE, now: 0x9). This avoids ++ * counter saturations resulting in bogus power readings. ++ * We correct this value ourselves to cope with older BIOSes. ++ */ ++static DEFINE_PCI_DEVICE_TABLE(affected_device) = { ++ { PCI_VDEVICE(AMD, PCI_DEVICE_ID_AMD_15H_NB_F4) }, ++ { 0 } ++}; ++ ++static void __devinit tweak_runavg_range(struct pci_dev *pdev) ++{ ++ u32 val; ++ ++ /* ++ * let this quirk apply only to the current version of the ++ * northbridge, since future versions may change the behavior ++ */ ++ if (!pci_match_id(affected_device, pdev)) ++ return; ++ ++ pci_bus_read_config_dword(pdev->bus, ++ PCI_DEVFN(PCI_SLOT(pdev->devfn), 5), ++ REG_TDP_RUNNING_AVERAGE, &val); ++ if ((val & 0xf) != 0xe) ++ return; ++ ++ val &= ~0xf; ++ val |= 0x9; ++ pci_bus_write_config_dword(pdev->bus, ++ PCI_DEVFN(PCI_SLOT(pdev->devfn), 5), ++ REG_TDP_RUNNING_AVERAGE, val); ++} ++ + static void __devinit fam15h_power_init_data(struct pci_dev *f4, + struct fam15h_power_data *data) + { +@@ -155,6 +190,13 @@ static int __devinit fam15h_power_probe(struct pci_dev *pdev, + struct device *dev; + int err; + ++ /* ++ * though we ignore every other northbridge, we still have to ++ * do the tweaking on _each_ node in MCM processors as the counters ++ * are working hand-in-hand ++ */ ++ tweak_runavg_range(pdev); ++ + if (!fam15h_power_is_internal_node0(pdev)) { + err = -ENODEV; + goto exit; +diff --git a/drivers/i2c/busses/i2c-pnx.c b/drivers/i2c/busses/i2c-pnx.c +index 04be9f8..eb8ad53 100644 +--- a/drivers/i2c/busses/i2c-pnx.c ++++ b/drivers/i2c/busses/i2c-pnx.c +@@ -546,8 +546,7 @@ static int i2c_pnx_controller_suspend(struct platform_device *pdev, + { + struct i2c_pnx_algo_data *alg_data = platform_get_drvdata(pdev); + +- /* FIXME: shouldn't this be clk_disable? */ +- clk_enable(alg_data->clk); ++ clk_disable(alg_data->clk); + + return 0; + } +diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c +index 8081a0a..a4b14a4 100644 +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -274,7 +274,8 @@ static int synaptics_set_advanced_gesture_mode(struct psmouse *psmouse) + static unsigned char param = 0xc8; + struct synaptics_data *priv = psmouse->private; + +- if (!SYN_CAP_ADV_GESTURE(priv->ext_cap_0c)) ++ if (!(SYN_CAP_ADV_GESTURE(priv->ext_cap_0c) || ++ SYN_CAP_IMAGE_SENSOR(priv->ext_cap_0c))) + return 0; + + if (psmouse_sliced_command(psmouse, SYN_QUE_MODEL)) +diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c +index 360f2b9..d1162e5 100644 +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -3277,12 +3277,14 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s) + /* If there is a failed device being replaced, + * we must be recovering. + * else if we are after recovery_cp, we must be syncing ++ * else if MD_RECOVERY_REQUESTED is set, we also are syncing. + * else we can only be replacing + * sync and recovery both need to read all devices, and so + * use the same flag. + */ + if (do_recovery || +- sh->sector >= conf->mddev->recovery_cp) ++ sh->sector >= conf->mddev->recovery_cp || ++ test_bit(MD_RECOVERY_REQUESTED, &(conf->mddev->recovery))) + s->syncing = 1; + else + s->replacing = 1; +diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c +index 23ffb1b..11ab4a4 100644 +--- a/drivers/net/wireless/b43/main.c ++++ b/drivers/net/wireless/b43/main.c +@@ -4841,8 +4841,14 @@ static int b43_op_start(struct ieee80211_hw *hw) + out_mutex_unlock: + mutex_unlock(&wl->mutex); + +- /* reload configuration */ +- b43_op_config(hw, ~0); ++ /* ++ * Configuration may have been overwritten during initialization. ++ * Reload the configuration, but only if initialization was ++ * successful. Reloading the configuration after a failed init ++ * may hang the system. ++ */ ++ if (!err) ++ b43_op_config(hw, ~0); + + return err; + } +diff --git a/drivers/net/wireless/ipw2x00/ipw2200.c b/drivers/net/wireless/ipw2x00/ipw2200.c +index 4fcdac6..cb33e6c 100644 +--- a/drivers/net/wireless/ipw2x00/ipw2200.c ++++ b/drivers/net/wireless/ipw2x00/ipw2200.c +@@ -2191,6 +2191,7 @@ static int __ipw_send_cmd(struct ipw_priv *priv, struct host_cmd *cmd) + { + int rc = 0; + unsigned long flags; ++ unsigned long now, end; + + spin_lock_irqsave(&priv->lock, flags); + if (priv->status & STATUS_HCMD_ACTIVE) { +@@ -2232,10 +2233,20 @@ static int __ipw_send_cmd(struct ipw_priv *priv, struct host_cmd *cmd) + } + spin_unlock_irqrestore(&priv->lock, flags); + ++ now = jiffies; ++ end = now + HOST_COMPLETE_TIMEOUT; ++again: + rc = wait_event_interruptible_timeout(priv->wait_command_queue, + !(priv-> + status & STATUS_HCMD_ACTIVE), +- HOST_COMPLETE_TIMEOUT); ++ end - now); ++ if (rc < 0) { ++ now = jiffies; ++ if (time_before(now, end)) ++ goto again; ++ rc = 0; ++ } ++ + if (rc == 0) { + spin_lock_irqsave(&priv->lock, flags); + if (priv->status & STATUS_HCMD_ACTIVE) { +diff --git a/drivers/net/wireless/iwlwifi/iwl-1000.c b/drivers/net/wireless/iwlwifi/iwl-1000.c +index 1ef7bfc..9fcd417 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-1000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-1000.c +@@ -45,8 +45,8 @@ + #include "iwl-cfg.h" + + /* Highest firmware API version supported */ +-#define IWL1000_UCODE_API_MAX 6 +-#define IWL100_UCODE_API_MAX 6 ++#define IWL1000_UCODE_API_MAX 5 ++#define IWL100_UCODE_API_MAX 5 + + /* Oldest version we won't warn about */ + #define IWL1000_UCODE_API_OK 5 +@@ -235,5 +235,5 @@ struct iwl_cfg iwl100_bg_cfg = { + IWL_DEVICE_100, + }; + +-MODULE_FIRMWARE(IWL1000_MODULE_FIRMWARE(IWL1000_UCODE_API_MAX)); +-MODULE_FIRMWARE(IWL100_MODULE_FIRMWARE(IWL100_UCODE_API_MAX)); ++MODULE_FIRMWARE(IWL1000_MODULE_FIRMWARE(IWL1000_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL100_MODULE_FIRMWARE(IWL100_UCODE_API_OK)); +diff --git a/drivers/net/wireless/iwlwifi/iwl-2000.c b/drivers/net/wireless/iwlwifi/iwl-2000.c +index 0946933..369d6b1 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-2000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-2000.c +@@ -51,10 +51,10 @@ + #define IWL135_UCODE_API_MAX 6 + + /* Oldest version we won't warn about */ +-#define IWL2030_UCODE_API_OK 5 +-#define IWL2000_UCODE_API_OK 5 +-#define IWL105_UCODE_API_OK 5 +-#define IWL135_UCODE_API_OK 5 ++#define IWL2030_UCODE_API_OK 6 ++#define IWL2000_UCODE_API_OK 6 ++#define IWL105_UCODE_API_OK 6 ++#define IWL135_UCODE_API_OK 6 + + /* Lowest firmware API version supported */ + #define IWL2030_UCODE_API_MIN 5 +@@ -338,7 +338,7 @@ struct iwl_cfg iwl135_bgn_cfg = { + .ht_params = &iwl2000_ht_params, + }; + +-MODULE_FIRMWARE(IWL2000_MODULE_FIRMWARE(IWL2000_UCODE_API_MAX)); +-MODULE_FIRMWARE(IWL2030_MODULE_FIRMWARE(IWL2030_UCODE_API_MAX)); +-MODULE_FIRMWARE(IWL105_MODULE_FIRMWARE(IWL105_UCODE_API_MAX)); +-MODULE_FIRMWARE(IWL135_MODULE_FIRMWARE(IWL135_UCODE_API_MAX)); ++MODULE_FIRMWARE(IWL2000_MODULE_FIRMWARE(IWL2000_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL2030_MODULE_FIRMWARE(IWL2030_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL105_MODULE_FIRMWARE(IWL105_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL135_MODULE_FIRMWARE(IWL135_UCODE_API_OK)); +diff --git a/drivers/net/wireless/iwlwifi/iwl-5000.c b/drivers/net/wireless/iwlwifi/iwl-5000.c +index b3a365f..3ce542e 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-5000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-5000.c +@@ -50,6 +50,10 @@ + #define IWL5000_UCODE_API_MAX 5 + #define IWL5150_UCODE_API_MAX 2 + ++/* Oldest version we won't warn about */ ++#define IWL5000_UCODE_API_OK 5 ++#define IWL5150_UCODE_API_OK 2 ++ + /* Lowest firmware API version supported */ + #define IWL5000_UCODE_API_MIN 1 + #define IWL5150_UCODE_API_MIN 1 +@@ -359,6 +363,7 @@ static struct iwl_ht_params iwl5000_ht_params = { + #define IWL_DEVICE_5000 \ + .fw_name_pre = IWL5000_FW_PRE, \ + .ucode_api_max = IWL5000_UCODE_API_MAX, \ ++ .ucode_api_ok = IWL5000_UCODE_API_OK, \ + .ucode_api_min = IWL5000_UCODE_API_MIN, \ + .eeprom_ver = EEPROM_5000_EEPROM_VERSION, \ + .eeprom_calib_ver = EEPROM_5000_TX_POWER_VERSION, \ +@@ -402,6 +407,7 @@ struct iwl_cfg iwl5350_agn_cfg = { + .name = "Intel(R) WiMAX/WiFi Link 5350 AGN", + .fw_name_pre = IWL5000_FW_PRE, + .ucode_api_max = IWL5000_UCODE_API_MAX, ++ .ucode_api_ok = IWL5000_UCODE_API_OK, + .ucode_api_min = IWL5000_UCODE_API_MIN, + .eeprom_ver = EEPROM_5050_EEPROM_VERSION, + .eeprom_calib_ver = EEPROM_5050_TX_POWER_VERSION, +@@ -415,6 +421,7 @@ struct iwl_cfg iwl5350_agn_cfg = { + #define IWL_DEVICE_5150 \ + .fw_name_pre = IWL5150_FW_PRE, \ + .ucode_api_max = IWL5150_UCODE_API_MAX, \ ++ .ucode_api_ok = IWL5150_UCODE_API_OK, \ + .ucode_api_min = IWL5150_UCODE_API_MIN, \ + .eeprom_ver = EEPROM_5050_EEPROM_VERSION, \ + .eeprom_calib_ver = EEPROM_5050_TX_POWER_VERSION, \ +@@ -436,5 +443,5 @@ struct iwl_cfg iwl5150_abg_cfg = { + IWL_DEVICE_5150, + }; + +-MODULE_FIRMWARE(IWL5000_MODULE_FIRMWARE(IWL5000_UCODE_API_MAX)); +-MODULE_FIRMWARE(IWL5150_MODULE_FIRMWARE(IWL5150_UCODE_API_MAX)); ++MODULE_FIRMWARE(IWL5000_MODULE_FIRMWARE(IWL5000_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL5150_MODULE_FIRMWARE(IWL5150_UCODE_API_OK)); +diff --git a/drivers/net/wireless/iwlwifi/iwl-6000.c b/drivers/net/wireless/iwlwifi/iwl-6000.c +index 54b7533..cf806ae 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-6000.c ++++ b/drivers/net/wireless/iwlwifi/iwl-6000.c +@@ -53,6 +53,8 @@ + /* Oldest version we won't warn about */ + #define IWL6000_UCODE_API_OK 4 + #define IWL6000G2_UCODE_API_OK 5 ++#define IWL6050_UCODE_API_OK 5 ++#define IWL6000G2B_UCODE_API_OK 6 + + /* Lowest firmware API version supported */ + #define IWL6000_UCODE_API_MIN 4 +@@ -389,7 +391,7 @@ struct iwl_cfg iwl6005_2agn_d_cfg = { + #define IWL_DEVICE_6030 \ + .fw_name_pre = IWL6030_FW_PRE, \ + .ucode_api_max = IWL6000G2_UCODE_API_MAX, \ +- .ucode_api_ok = IWL6000G2_UCODE_API_OK, \ ++ .ucode_api_ok = IWL6000G2B_UCODE_API_OK, \ + .ucode_api_min = IWL6000G2_UCODE_API_MIN, \ + .eeprom_ver = EEPROM_6030_EEPROM_VERSION, \ + .eeprom_calib_ver = EEPROM_6030_TX_POWER_VERSION, \ +@@ -548,6 +550,6 @@ struct iwl_cfg iwl6000_3agn_cfg = { + }; + + MODULE_FIRMWARE(IWL6000_MODULE_FIRMWARE(IWL6000_UCODE_API_OK)); +-MODULE_FIRMWARE(IWL6050_MODULE_FIRMWARE(IWL6050_UCODE_API_MAX)); +-MODULE_FIRMWARE(IWL6005_MODULE_FIRMWARE(IWL6000G2_UCODE_API_MAX)); +-MODULE_FIRMWARE(IWL6030_MODULE_FIRMWARE(IWL6000G2_UCODE_API_MAX)); ++MODULE_FIRMWARE(IWL6050_MODULE_FIRMWARE(IWL6050_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL6005_MODULE_FIRMWARE(IWL6000G2_UCODE_API_OK)); ++MODULE_FIRMWARE(IWL6030_MODULE_FIRMWARE(IWL6000G2B_UCODE_API_OK)); +diff --git a/drivers/net/wireless/iwlwifi/iwl-agn.c b/drivers/net/wireless/iwlwifi/iwl-agn.c +index b5c7c5f..2db9cd7 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-agn.c ++++ b/drivers/net/wireless/iwlwifi/iwl-agn.c +@@ -1403,7 +1403,6 @@ static void iwl_bg_run_time_calib_work(struct work_struct *work) + + void iwlagn_prepare_restart(struct iwl_priv *priv) + { +- struct iwl_rxon_context *ctx; + bool bt_full_concurrent; + u8 bt_ci_compliance; + u8 bt_load; +@@ -1412,8 +1411,6 @@ void iwlagn_prepare_restart(struct iwl_priv *priv) + + lockdep_assert_held(&priv->shrd->mutex); + +- for_each_context(priv, ctx) +- ctx->vif = NULL; + priv->is_open = 0; + + /* +diff --git a/drivers/net/wireless/iwlwifi/iwl-fh.h b/drivers/net/wireless/iwlwifi/iwl-fh.h +index 5bede9d..aae992a 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-fh.h ++++ b/drivers/net/wireless/iwlwifi/iwl-fh.h +@@ -104,15 +104,29 @@ + * (see struct iwl_tfd_frame). These 16 pointer registers are offset by 0x04 + * bytes from one another. Each TFD circular buffer in DRAM must be 256-byte + * aligned (address bits 0-7 must be 0). ++ * Later devices have 20 (5000 series) or 30 (higher) queues, but the registers ++ * for them are in different places. + * + * Bit fields in each pointer register: + * 27-0: TFD CB physical base address [35:8], must be 256-byte aligned + */ +-#define FH_MEM_CBBC_LOWER_BOUND (FH_MEM_LOWER_BOUND + 0x9D0) +-#define FH_MEM_CBBC_UPPER_BOUND (FH_MEM_LOWER_BOUND + 0xA10) +- +-/* Find TFD CB base pointer for given queue (range 0-15). */ +-#define FH_MEM_CBBC_QUEUE(x) (FH_MEM_CBBC_LOWER_BOUND + (x) * 0x4) ++#define FH_MEM_CBBC_0_15_LOWER_BOUND (FH_MEM_LOWER_BOUND + 0x9D0) ++#define FH_MEM_CBBC_0_15_UPPER_BOUND (FH_MEM_LOWER_BOUND + 0xA10) ++#define FH_MEM_CBBC_16_19_LOWER_BOUND (FH_MEM_LOWER_BOUND + 0xBF0) ++#define FH_MEM_CBBC_16_19_UPPER_BOUND (FH_MEM_LOWER_BOUND + 0xC00) ++#define FH_MEM_CBBC_20_31_LOWER_BOUND (FH_MEM_LOWER_BOUND + 0xB20) ++#define FH_MEM_CBBC_20_31_UPPER_BOUND (FH_MEM_LOWER_BOUND + 0xB80) ++ ++/* Find TFD CB base pointer for given queue */ ++static inline unsigned int FH_MEM_CBBC_QUEUE(unsigned int chnl) ++{ ++ if (chnl < 16) ++ return FH_MEM_CBBC_0_15_LOWER_BOUND + 4 * chnl; ++ if (chnl < 20) ++ return FH_MEM_CBBC_16_19_LOWER_BOUND + 4 * (chnl - 16); ++ WARN_ON_ONCE(chnl >= 32); ++ return FH_MEM_CBBC_20_31_LOWER_BOUND + 4 * (chnl - 20); ++} + + + /** +diff --git a/drivers/net/wireless/iwlwifi/iwl-mac80211.c b/drivers/net/wireless/iwlwifi/iwl-mac80211.c +index f980e57..4fd5199 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-mac80211.c ++++ b/drivers/net/wireless/iwlwifi/iwl-mac80211.c +@@ -1226,6 +1226,7 @@ static int iwlagn_mac_add_interface(struct ieee80211_hw *hw, + struct iwl_rxon_context *tmp, *ctx = NULL; + int err; + enum nl80211_iftype viftype = ieee80211_vif_type_p2p(vif); ++ bool reset = false; + + IWL_DEBUG_MAC80211(priv, "enter: type %d, addr %pM\n", + viftype, vif->addr); +@@ -1247,6 +1248,13 @@ static int iwlagn_mac_add_interface(struct ieee80211_hw *hw, + tmp->interface_modes | tmp->exclusive_interface_modes; + + if (tmp->vif) { ++ /* On reset we need to add the same interface again */ ++ if (tmp->vif == vif) { ++ reset = true; ++ ctx = tmp; ++ break; ++ } ++ + /* check if this busy context is exclusive */ + if (tmp->exclusive_interface_modes & + BIT(tmp->vif->type)) { +@@ -1273,7 +1281,7 @@ static int iwlagn_mac_add_interface(struct ieee80211_hw *hw, + ctx->vif = vif; + + err = iwl_setup_interface(priv, ctx); +- if (!err) ++ if (!err || reset) + goto out; + + ctx->vif = NULL; +diff --git a/drivers/net/wireless/iwlwifi/iwl-prph.h b/drivers/net/wireless/iwlwifi/iwl-prph.h +index bebdd82..d9b089e 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-prph.h ++++ b/drivers/net/wireless/iwlwifi/iwl-prph.h +@@ -227,12 +227,33 @@ + #define SCD_AIT (SCD_BASE + 0x0c) + #define SCD_TXFACT (SCD_BASE + 0x10) + #define SCD_ACTIVE (SCD_BASE + 0x14) +-#define SCD_QUEUE_WRPTR(x) (SCD_BASE + 0x18 + (x) * 4) +-#define SCD_QUEUE_RDPTR(x) (SCD_BASE + 0x68 + (x) * 4) + #define SCD_QUEUECHAIN_SEL (SCD_BASE + 0xe8) + #define SCD_AGGR_SEL (SCD_BASE + 0x248) + #define SCD_INTERRUPT_MASK (SCD_BASE + 0x108) +-#define SCD_QUEUE_STATUS_BITS(x) (SCD_BASE + 0x10c + (x) * 4) ++ ++static inline unsigned int SCD_QUEUE_WRPTR(unsigned int chnl) ++{ ++ if (chnl < 20) ++ return SCD_BASE + 0x18 + chnl * 4; ++ WARN_ON_ONCE(chnl >= 32); ++ return SCD_BASE + 0x284 + (chnl - 20) * 4; ++} ++ ++static inline unsigned int SCD_QUEUE_RDPTR(unsigned int chnl) ++{ ++ if (chnl < 20) ++ return SCD_BASE + 0x68 + chnl * 4; ++ WARN_ON_ONCE(chnl >= 32); ++ return SCD_BASE + 0x2B4 + (chnl - 20) * 4; ++} ++ ++static inline unsigned int SCD_QUEUE_STATUS_BITS(unsigned int chnl) ++{ ++ if (chnl < 20) ++ return SCD_BASE + 0x10c + chnl * 4; ++ WARN_ON_ONCE(chnl >= 32); ++ return SCD_BASE + 0x384 + (chnl - 20) * 4; ++} + + /*********************** END TX SCHEDULER *************************************/ + +diff --git a/drivers/net/wireless/rtlwifi/pci.c b/drivers/net/wireless/rtlwifi/pci.c +index c694cae..b588ca8 100644 +--- a/drivers/net/wireless/rtlwifi/pci.c ++++ b/drivers/net/wireless/rtlwifi/pci.c +@@ -1955,6 +1955,7 @@ void rtl_pci_disconnect(struct pci_dev *pdev) + rtl_deinit_deferred_work(hw); + rtlpriv->intf_ops->adapter_stop(hw); + } ++ rtlpriv->cfg->ops->disable_interrupt(hw); + + /*deinit rfkill */ + rtl_deinit_rfkill(hw); +diff --git a/drivers/net/wireless/wl1251/main.c b/drivers/net/wireless/wl1251/main.c +index ba3268e..40c1574 100644 +--- a/drivers/net/wireless/wl1251/main.c ++++ b/drivers/net/wireless/wl1251/main.c +@@ -479,6 +479,7 @@ static void wl1251_op_stop(struct ieee80211_hw *hw) + cancel_work_sync(&wl->irq_work); + cancel_work_sync(&wl->tx_work); + cancel_work_sync(&wl->filter_work); ++ cancel_delayed_work_sync(&wl->elp_work); + + mutex_lock(&wl->mutex); + +diff --git a/drivers/net/wireless/wl1251/sdio.c b/drivers/net/wireless/wl1251/sdio.c +index f786942..1b851f6 100644 +--- a/drivers/net/wireless/wl1251/sdio.c ++++ b/drivers/net/wireless/wl1251/sdio.c +@@ -315,8 +315,8 @@ static void __devexit wl1251_sdio_remove(struct sdio_func *func) + + if (wl->irq) + free_irq(wl->irq, wl); +- kfree(wl_sdio); + wl1251_free_hw(wl); ++ kfree(wl_sdio); + + sdio_claim_host(func); + sdio_release_irq(func); +diff --git a/drivers/platform/x86/dell-laptop.c b/drivers/platform/x86/dell-laptop.c +index 92e42d4..1d3bcce 100644 +--- a/drivers/platform/x86/dell-laptop.c ++++ b/drivers/platform/x86/dell-laptop.c +@@ -211,6 +211,7 @@ static struct dmi_system_id __devinitdata dell_quirks[] = { + }, + .driver_data = &quirk_dell_vostro_v130, + }, ++ { } + }; + + static struct calling_interface_buffer *buffer; +diff --git a/drivers/scsi/libsas/sas_expander.c b/drivers/scsi/libsas/sas_expander.c +index 1b831c5..e48ba4b 100644 +--- a/drivers/scsi/libsas/sas_expander.c ++++ b/drivers/scsi/libsas/sas_expander.c +@@ -192,7 +192,14 @@ static void sas_set_ex_phy(struct domain_device *dev, int phy_id, + phy->attached_sata_ps = dr->attached_sata_ps; + phy->attached_iproto = dr->iproto << 1; + phy->attached_tproto = dr->tproto << 1; +- memcpy(phy->attached_sas_addr, dr->attached_sas_addr, SAS_ADDR_SIZE); ++ /* help some expanders that fail to zero sas_address in the 'no ++ * device' case ++ */ ++ if (phy->attached_dev_type == NO_DEVICE || ++ phy->linkrate < SAS_LINK_RATE_1_5_GBPS) ++ memset(phy->attached_sas_addr, 0, SAS_ADDR_SIZE); ++ else ++ memcpy(phy->attached_sas_addr, dr->attached_sas_addr, SAS_ADDR_SIZE); + phy->attached_phy_id = dr->attached_phy_id; + phy->phy_change_count = dr->change_count; + phy->routing_attr = dr->routing_attr; +@@ -1643,9 +1650,17 @@ static int sas_find_bcast_phy(struct domain_device *dev, int *phy_id, + int phy_change_count = 0; + + res = sas_get_phy_change_count(dev, i, &phy_change_count); +- if (res) +- goto out; +- else if (phy_change_count != ex->ex_phy[i].phy_change_count) { ++ switch (res) { ++ case SMP_RESP_PHY_VACANT: ++ case SMP_RESP_NO_PHY: ++ continue; ++ case SMP_RESP_FUNC_ACC: ++ break; ++ default: ++ return res; ++ } ++ ++ if (phy_change_count != ex->ex_phy[i].phy_change_count) { + if (update) + ex->ex_phy[i].phy_change_count = + phy_change_count; +@@ -1653,8 +1668,7 @@ static int sas_find_bcast_phy(struct domain_device *dev, int *phy_id, + return 0; + } + } +-out: +- return res; ++ return 0; + } + + static int sas_get_ex_change_count(struct domain_device *dev, int *ecc) +diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c +index 2f085fb..7b45f66 100644 +--- a/drivers/usb/class/cdc-wdm.c ++++ b/drivers/usb/class/cdc-wdm.c +@@ -108,8 +108,9 @@ static void wdm_out_callback(struct urb *urb) + spin_lock(&desc->iuspin); + desc->werr = urb->status; + spin_unlock(&desc->iuspin); +- clear_bit(WDM_IN_USE, &desc->flags); + kfree(desc->outbuf); ++ desc->outbuf = NULL; ++ clear_bit(WDM_IN_USE, &desc->flags); + wake_up(&desc->wait); + } + +@@ -312,7 +313,7 @@ static ssize_t wdm_write + if (we < 0) + return -EIO; + +- desc->outbuf = buf = kmalloc(count, GFP_KERNEL); ++ buf = kmalloc(count, GFP_KERNEL); + if (!buf) { + rv = -ENOMEM; + goto outnl; +@@ -376,10 +377,12 @@ static ssize_t wdm_write + req->wIndex = desc->inum; + req->wLength = cpu_to_le16(count); + set_bit(WDM_IN_USE, &desc->flags); ++ desc->outbuf = buf; + + rv = usb_submit_urb(desc->command, GFP_KERNEL); + if (rv < 0) { + kfree(buf); ++ desc->outbuf = NULL; + clear_bit(WDM_IN_USE, &desc->flags); + dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv); + } else { +diff --git a/drivers/usb/core/hcd-pci.c b/drivers/usb/core/hcd-pci.c +index 81e2c0d..c4dfcc0 100644 +--- a/drivers/usb/core/hcd-pci.c ++++ b/drivers/usb/core/hcd-pci.c +@@ -491,6 +491,15 @@ static int hcd_pci_suspend_noirq(struct device *dev) + + pci_save_state(pci_dev); + ++ /* ++ * Some systems crash if an EHCI controller is in D3 during ++ * a sleep transition. We have to leave such controllers in D0. ++ */ ++ if (hcd->broken_pci_sleep) { ++ dev_dbg(dev, "Staying in PCI D0\n"); ++ return retval; ++ } ++ + /* If the root hub is dead rather than suspended, disallow remote + * wakeup. usb_hc_died() should ensure that both hosts are marked as + * dying, so we only need to check the primary roothub. +diff --git a/drivers/usb/gadget/dummy_hcd.c b/drivers/usb/gadget/dummy_hcd.c +index db815c2..9098642 100644 +--- a/drivers/usb/gadget/dummy_hcd.c ++++ b/drivers/usb/gadget/dummy_hcd.c +@@ -924,7 +924,6 @@ static int dummy_udc_stop(struct usb_gadget *g, + + dum->driver = NULL; + +- dummy_pullup(&dum->gadget, 0); + return 0; + } + +diff --git a/drivers/usb/gadget/f_mass_storage.c b/drivers/usb/gadget/f_mass_storage.c +index ee8ceec..1d7682d 100644 +--- a/drivers/usb/gadget/f_mass_storage.c ++++ b/drivers/usb/gadget/f_mass_storage.c +@@ -2190,7 +2190,7 @@ unknown_cmnd: + common->data_size_from_cmnd = 0; + sprintf(unknown, "Unknown x%02x", common->cmnd[0]); + reply = check_command(common, common->cmnd_size, +- DATA_DIR_UNKNOWN, 0xff, 0, unknown); ++ DATA_DIR_UNKNOWN, ~0, 0, unknown); + if (reply == 0) { + common->curlun->sense_data = SS_INVALID_COMMAND; + reply = -EINVAL; +diff --git a/drivers/usb/gadget/file_storage.c b/drivers/usb/gadget/file_storage.c +index 47766f0..18d96e0 100644 +--- a/drivers/usb/gadget/file_storage.c ++++ b/drivers/usb/gadget/file_storage.c +@@ -2579,7 +2579,7 @@ static int do_scsi_command(struct fsg_dev *fsg) + fsg->data_size_from_cmnd = 0; + sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]); + if ((reply = check_command(fsg, fsg->cmnd_size, +- DATA_DIR_UNKNOWN, 0xff, 0, unknown)) == 0) { ++ DATA_DIR_UNKNOWN, ~0, 0, unknown)) == 0) { + fsg->curlun->sense_data = SS_INVALID_COMMAND; + reply = -EINVAL; + } +diff --git a/drivers/usb/gadget/uvc.h b/drivers/usb/gadget/uvc.h +index bc78c60..ca4e03a 100644 +--- a/drivers/usb/gadget/uvc.h ++++ b/drivers/usb/gadget/uvc.h +@@ -28,7 +28,7 @@ + + struct uvc_request_data + { +- unsigned int length; ++ __s32 length; + __u8 data[60]; + }; + +diff --git a/drivers/usb/gadget/uvc_v4l2.c b/drivers/usb/gadget/uvc_v4l2.c +index f6e083b..54d7ca5 100644 +--- a/drivers/usb/gadget/uvc_v4l2.c ++++ b/drivers/usb/gadget/uvc_v4l2.c +@@ -39,7 +39,7 @@ uvc_send_response(struct uvc_device *uvc, struct uvc_request_data *data) + if (data->length < 0) + return usb_ep_set_halt(cdev->gadget->ep0); + +- req->length = min(uvc->event_length, data->length); ++ req->length = min_t(unsigned int, uvc->event_length, data->length); + req->zero = data->length < uvc->event_length; + req->dma = DMA_ADDR_INVALID; + +diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c +index 01bb7241d..fe8dc06 100644 +--- a/drivers/usb/host/ehci-pci.c ++++ b/drivers/usb/host/ehci-pci.c +@@ -144,6 +144,14 @@ static int ehci_pci_setup(struct usb_hcd *hcd) + hcd->has_tt = 1; + tdi_reset(ehci); + } ++ if (pdev->subsystem_vendor == PCI_VENDOR_ID_ASUSTEK) { ++ /* EHCI #1 or #2 on 6 Series/C200 Series chipset */ ++ if (pdev->device == 0x1c26 || pdev->device == 0x1c2d) { ++ ehci_info(ehci, "broken D3 during system sleep on ASUS\n"); ++ hcd->broken_pci_sleep = 1; ++ device_set_wakeup_capable(&pdev->dev, false); ++ } ++ } + break; + case PCI_VENDOR_ID_TDI: + if (pdev->device == PCI_DEVICE_ID_TDI_EHCI) { +diff --git a/drivers/usb/host/ehci-tegra.c b/drivers/usb/host/ehci-tegra.c +index dbc7fe8..de36b8c 100644 +--- a/drivers/usb/host/ehci-tegra.c ++++ b/drivers/usb/host/ehci-tegra.c +@@ -601,7 +601,6 @@ static int setup_vbus_gpio(struct platform_device *pdev) + dev_err(&pdev->dev, "can't enable vbus\n"); + return err; + } +- gpio_set_value(gpio, 1); + + return err; + } +diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h +index eb1cc92..908e184 100644 +--- a/fs/autofs4/autofs_i.h ++++ b/fs/autofs4/autofs_i.h +@@ -110,7 +110,6 @@ struct autofs_sb_info { + int sub_version; + int min_proto; + int max_proto; +- int compat_daemon; + unsigned long exp_timeout; + unsigned int type; + int reghost_enabled; +@@ -270,6 +269,17 @@ int autofs4_fill_super(struct super_block *, void *, int); + struct autofs_info *autofs4_new_ino(struct autofs_sb_info *); + void autofs4_clean_ino(struct autofs_info *); + ++static inline int autofs_prepare_pipe(struct file *pipe) ++{ ++ if (!pipe->f_op || !pipe->f_op->write) ++ return -EINVAL; ++ if (!S_ISFIFO(pipe->f_dentry->d_inode->i_mode)) ++ return -EINVAL; ++ /* We want a packet pipe */ ++ pipe->f_flags |= O_DIRECT; ++ return 0; ++} ++ + /* Queue management functions */ + + int autofs4_wait(struct autofs_sb_info *,struct dentry *, enum autofs_notify); +diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c +index 85f1fcd..d06d95a 100644 +--- a/fs/autofs4/dev-ioctl.c ++++ b/fs/autofs4/dev-ioctl.c +@@ -376,7 +376,7 @@ static int autofs_dev_ioctl_setpipefd(struct file *fp, + err = -EBADF; + goto out; + } +- if (!pipe->f_op || !pipe->f_op->write) { ++ if (autofs_prepare_pipe(pipe) < 0) { + err = -EPIPE; + fput(pipe); + goto out; +@@ -385,7 +385,6 @@ static int autofs_dev_ioctl_setpipefd(struct file *fp, + sbi->pipefd = pipefd; + sbi->pipe = pipe; + sbi->catatonic = 0; +- sbi->compat_daemon = is_compat_task(); + } + out: + mutex_unlock(&sbi->wq_mutex); +diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c +index 06858d9..9ef53a6 100644 +--- a/fs/autofs4/inode.c ++++ b/fs/autofs4/inode.c +@@ -19,7 +19,6 @@ + #include <linux/parser.h> + #include <linux/bitops.h> + #include <linux/magic.h> +-#include <linux/compat.h> + #include "autofs_i.h" + #include <linux/module.h> + +@@ -225,7 +224,6 @@ int autofs4_fill_super(struct super_block *s, void *data, int silent) + set_autofs_type_indirect(&sbi->type); + sbi->min_proto = 0; + sbi->max_proto = 0; +- sbi->compat_daemon = is_compat_task(); + mutex_init(&sbi->wq_mutex); + mutex_init(&sbi->pipe_mutex); + spin_lock_init(&sbi->fs_lock); +@@ -295,7 +293,7 @@ int autofs4_fill_super(struct super_block *s, void *data, int silent) + printk("autofs: could not open pipe file descriptor\n"); + goto fail_dput; + } +- if (!pipe->f_op || !pipe->f_op->write) ++ if (autofs_prepare_pipe(pipe) < 0) + goto fail_fput; + sbi->pipe = pipe; + sbi->pipefd = pipefd; +diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c +index 9c098db..f624cd0 100644 +--- a/fs/autofs4/waitq.c ++++ b/fs/autofs4/waitq.c +@@ -92,23 +92,6 @@ static int autofs4_write(struct autofs_sb_info *sbi, + return (bytes > 0); + } + +-/* +- * The autofs_v5 packet was misdesigned. +- * +- * The packets are identical on x86-32 and x86-64, but have different +- * alignment. Which means that 'sizeof()' will give different results. +- * Fix it up for the case of running 32-bit user mode on a 64-bit kernel. +- */ +-static noinline size_t autofs_v5_packet_size(struct autofs_sb_info *sbi) +-{ +- size_t pktsz = sizeof(struct autofs_v5_packet); +-#if defined(CONFIG_X86_64) && defined(CONFIG_COMPAT) +- if (sbi->compat_daemon > 0) +- pktsz -= 4; +-#endif +- return pktsz; +-} +- + static void autofs4_notify_daemon(struct autofs_sb_info *sbi, + struct autofs_wait_queue *wq, + int type) +@@ -172,7 +155,8 @@ static void autofs4_notify_daemon(struct autofs_sb_info *sbi, + { + struct autofs_v5_packet *packet = &pkt.v5_pkt.v5_packet; + +- pktsz = autofs_v5_packet_size(sbi); ++ pktsz = sizeof(*packet); ++ + packet->wait_queue_token = wq->wait_queue_token; + packet->len = wq->name.len; + memcpy(packet->name, wq->name.name, wq->name.len); +diff --git a/fs/exec.c b/fs/exec.c +index 153dee1..ae42277 100644 +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -975,6 +975,9 @@ static int de_thread(struct task_struct *tsk) + sig->notify_count = 0; + + no_thread_group: ++ /* we have changed execution domain */ ++ tsk->exit_signal = SIGCHLD; ++ + if (current->mm) + setmax_mm_hiwater_rss(&sig->maxrss, current->mm); + +diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c +index 4dfbfec..ec2a9c2 100644 +--- a/fs/hfsplus/catalog.c ++++ b/fs/hfsplus/catalog.c +@@ -366,6 +366,10 @@ int hfsplus_rename_cat(u32 cnid, + err = hfs_brec_find(&src_fd); + if (err) + goto out; ++ if (src_fd.entrylength > sizeof(entry) || src_fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } + + hfs_bnode_read(src_fd.bnode, &entry, src_fd.entryoffset, + src_fd.entrylength); +diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c +index 88e155f..26b53fb 100644 +--- a/fs/hfsplus/dir.c ++++ b/fs/hfsplus/dir.c +@@ -150,6 +150,11 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) + filp->f_pos++; + /* fall through */ + case 1: ++ if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } ++ + hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, + fd.entrylength); + if (be16_to_cpu(entry.type) != HFSPLUS_FOLDER_THREAD) { +@@ -181,6 +186,12 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) + err = -EIO; + goto out; + } ++ ++ if (fd.entrylength > sizeof(entry) || fd.entrylength < 0) { ++ err = -EIO; ++ goto out; ++ } ++ + hfs_bnode_read(fd.bnode, &entry, fd.entryoffset, + fd.entrylength); + type = be16_to_cpu(entry.type); +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 9a54c9e..2612223 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -4460,7 +4460,9 @@ static int _nfs4_do_setlk(struct nfs4_state *state, int cmd, struct file_lock *f + static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request) + { + struct nfs_server *server = NFS_SERVER(state->inode); +- struct nfs4_exception exception = { }; ++ struct nfs4_exception exception = { ++ .inode = state->inode, ++ }; + int err; + + do { +@@ -4478,7 +4480,9 @@ static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request + static int nfs4_lock_expired(struct nfs4_state *state, struct file_lock *request) + { + struct nfs_server *server = NFS_SERVER(state->inode); +- struct nfs4_exception exception = { }; ++ struct nfs4_exception exception = { ++ .inode = state->inode, ++ }; + int err; + + err = nfs4_set_lock_state(state, request); +@@ -4558,6 +4562,7 @@ static int nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct file_lock * + { + struct nfs4_exception exception = { + .state = state, ++ .inode = state->inode, + }; + int err; + +@@ -4603,6 +4608,20 @@ nfs4_proc_lock(struct file *filp, int cmd, struct file_lock *request) + + if (state == NULL) + return -ENOLCK; ++ /* ++ * Don't rely on the VFS having checked the file open mode, ++ * since it won't do this for flock() locks. ++ */ ++ switch (request->fl_type & (F_RDLCK|F_WRLCK|F_UNLCK)) { ++ case F_RDLCK: ++ if (!(filp->f_mode & FMODE_READ)) ++ return -EBADF; ++ break; ++ case F_WRLCK: ++ if (!(filp->f_mode & FMODE_WRITE)) ++ return -EBADF; ++ } ++ + do { + status = nfs4_proc_setlk(state, cmd, request); + if ((status != -EAGAIN) || IS_SETLK(cmd)) +diff --git a/fs/nfs/read.c b/fs/nfs/read.c +index cfa175c..41bae32 100644 +--- a/fs/nfs/read.c ++++ b/fs/nfs/read.c +@@ -324,7 +324,7 @@ out_bad: + while (!list_empty(res)) { + data = list_entry(res->next, struct nfs_read_data, list); + list_del(&data->list); +- nfs_readdata_free(data); ++ nfs_readdata_release(data); + } + nfs_readpage_release(req); + return -ENOMEM; +diff --git a/fs/nfs/super.c b/fs/nfs/super.c +index 3dfa4f1..e4622ee 100644 +--- a/fs/nfs/super.c ++++ b/fs/nfs/super.c +@@ -2707,11 +2707,15 @@ static struct vfsmount *nfs_do_root_mount(struct file_system_type *fs_type, + char *root_devname; + size_t len; + +- len = strlen(hostname) + 3; ++ len = strlen(hostname) + 5; + root_devname = kmalloc(len, GFP_KERNEL); + if (root_devname == NULL) + return ERR_PTR(-ENOMEM); +- snprintf(root_devname, len, "%s:/", hostname); ++ /* Does hostname needs to be enclosed in brackets? */ ++ if (strchr(hostname, ':')) ++ snprintf(root_devname, len, "[%s]:/", hostname); ++ else ++ snprintf(root_devname, len, "%s:/", hostname); + root_mnt = vfs_kern_mount(fs_type, flags, root_devname, data); + kfree(root_devname); + return root_mnt; +diff --git a/fs/nfs/write.c b/fs/nfs/write.c +index 834f0fe..8fcc23a 100644 +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -974,7 +974,7 @@ out_bad: + while (!list_empty(res)) { + data = list_entry(res->next, struct nfs_write_data, list); + list_del(&data->list); +- nfs_writedata_free(data); ++ nfs_writedata_release(data); + } + nfs_redirty_request(req); + return -ENOMEM; +diff --git a/fs/pipe.c b/fs/pipe.c +index a932ced..82e651b 100644 +--- a/fs/pipe.c ++++ b/fs/pipe.c +@@ -345,6 +345,16 @@ static const struct pipe_buf_operations anon_pipe_buf_ops = { + .get = generic_pipe_buf_get, + }; + ++static const struct pipe_buf_operations packet_pipe_buf_ops = { ++ .can_merge = 0, ++ .map = generic_pipe_buf_map, ++ .unmap = generic_pipe_buf_unmap, ++ .confirm = generic_pipe_buf_confirm, ++ .release = anon_pipe_buf_release, ++ .steal = generic_pipe_buf_steal, ++ .get = generic_pipe_buf_get, ++}; ++ + static ssize_t + pipe_read(struct kiocb *iocb, const struct iovec *_iov, + unsigned long nr_segs, loff_t pos) +@@ -406,6 +416,13 @@ redo: + ret += chars; + buf->offset += chars; + buf->len -= chars; ++ ++ /* Was it a packet buffer? Clean up and exit */ ++ if (buf->flags & PIPE_BUF_FLAG_PACKET) { ++ total_len = chars; ++ buf->len = 0; ++ } ++ + if (!buf->len) { + buf->ops = NULL; + ops->release(pipe, buf); +@@ -458,6 +475,11 @@ redo: + return ret; + } + ++static inline int is_packetized(struct file *file) ++{ ++ return (file->f_flags & O_DIRECT) != 0; ++} ++ + static ssize_t + pipe_write(struct kiocb *iocb, const struct iovec *_iov, + unsigned long nr_segs, loff_t ppos) +@@ -592,6 +614,11 @@ redo2: + buf->ops = &anon_pipe_buf_ops; + buf->offset = 0; + buf->len = chars; ++ buf->flags = 0; ++ if (is_packetized(filp)) { ++ buf->ops = &packet_pipe_buf_ops; ++ buf->flags = PIPE_BUF_FLAG_PACKET; ++ } + pipe->nrbufs = ++bufs; + pipe->tmp_page = NULL; + +@@ -1012,7 +1039,7 @@ struct file *create_write_pipe(int flags) + goto err_dentry; + f->f_mapping = inode->i_mapping; + +- f->f_flags = O_WRONLY | (flags & O_NONBLOCK); ++ f->f_flags = O_WRONLY | (flags & (O_NONBLOCK | O_DIRECT)); + f->f_version = 0; + + return f; +@@ -1056,7 +1083,7 @@ int do_pipe_flags(int *fd, int flags) + int error; + int fdw, fdr; + +- if (flags & ~(O_CLOEXEC | O_NONBLOCK)) ++ if (flags & ~(O_CLOEXEC | O_NONBLOCK | O_DIRECT)) + return -EINVAL; + + fw = create_write_pipe(flags); +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 37c3007..7cce0ea 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -510,7 +510,18 @@ extern int __init efi_setup_pcdp_console(char *); + #define EFI_VARIABLE_NON_VOLATILE 0x0000000000000001 + #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x0000000000000002 + #define EFI_VARIABLE_RUNTIME_ACCESS 0x0000000000000004 +- ++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x0000000000000008 ++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x0000000000000010 ++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x0000000000000020 ++#define EFI_VARIABLE_APPEND_WRITE 0x0000000000000040 ++ ++#define EFI_VARIABLE_MASK (EFI_VARIABLE_NON_VOLATILE | \ ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | \ ++ EFI_VARIABLE_RUNTIME_ACCESS | \ ++ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ ++ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ ++ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \ ++ EFI_VARIABLE_APPEND_WRITE) + /* + * The type of search to perform when calling boottime->locate_handle + */ +diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h +index 77257c9..0072a53 100644 +--- a/include/linux/pipe_fs_i.h ++++ b/include/linux/pipe_fs_i.h +@@ -8,6 +8,7 @@ + #define PIPE_BUF_FLAG_LRU 0x01 /* page is on the LRU */ + #define PIPE_BUF_FLAG_ATOMIC 0x02 /* was atomically mapped */ + #define PIPE_BUF_FLAG_GIFT 0x04 /* page is a gift */ ++#define PIPE_BUF_FLAG_PACKET 0x08 /* read() as a packet */ + + /** + * struct pipe_buffer - a linux kernel pipe buffer +diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h +index b2f62f3..05695ba 100644 +--- a/include/linux/usb/hcd.h ++++ b/include/linux/usb/hcd.h +@@ -126,6 +126,8 @@ struct usb_hcd { + unsigned wireless:1; /* Wireless USB HCD */ + unsigned authorized_default:1; + unsigned has_tt:1; /* Integrated TT in root hub */ ++ unsigned broken_pci_sleep:1; /* Don't put the ++ controller in PCI-D3 for system sleep */ + + int irq; /* irq allocated */ + void __iomem *regs; /* device memory/io */ +diff --git a/kernel/exit.c b/kernel/exit.c +index 4b4042f..46c8b14 100644 +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -818,25 +818,6 @@ static void exit_notify(struct task_struct *tsk, int group_dead) + if (group_dead) + kill_orphaned_pgrp(tsk->group_leader, NULL); + +- /* Let father know we died +- * +- * Thread signals are configurable, but you aren't going to use +- * that to send signals to arbitrary processes. +- * That stops right now. +- * +- * If the parent exec id doesn't match the exec id we saved +- * when we started then we know the parent has changed security +- * domain. +- * +- * If our self_exec id doesn't match our parent_exec_id then +- * we have changed execution domain as these two values started +- * the same after a fork. +- */ +- if (thread_group_leader(tsk) && tsk->exit_signal != SIGCHLD && +- (tsk->parent_exec_id != tsk->real_parent->self_exec_id || +- tsk->self_exec_id != tsk->parent_exec_id)) +- tsk->exit_signal = SIGCHLD; +- + if (unlikely(tsk->ptrace)) { + int sig = thread_group_leader(tsk) && + thread_group_empty(tsk) && +diff --git a/kernel/power/swap.c b/kernel/power/swap.c +index 8742fd0..eef311a 100644 +--- a/kernel/power/swap.c ++++ b/kernel/power/swap.c +@@ -51,6 +51,23 @@ + + #define MAP_PAGE_ENTRIES (PAGE_SIZE / sizeof(sector_t) - 1) + ++/* ++ * Number of free pages that are not high. ++ */ ++static inline unsigned long low_free_pages(void) ++{ ++ return nr_free_pages() - nr_free_highpages(); ++} ++ ++/* ++ * Number of pages required to be kept free while writing the image. Always ++ * half of all available low pages before the writing starts. ++ */ ++static inline unsigned long reqd_free_pages(void) ++{ ++ return low_free_pages() / 2; ++} ++ + struct swap_map_page { + sector_t entries[MAP_PAGE_ENTRIES]; + sector_t next_swap; +@@ -72,7 +89,7 @@ struct swap_map_handle { + sector_t cur_swap; + sector_t first_sector; + unsigned int k; +- unsigned long nr_free_pages, written; ++ unsigned long reqd_free_pages; + u32 crc32; + }; + +@@ -316,8 +333,7 @@ static int get_swap_writer(struct swap_map_handle *handle) + goto err_rel; + } + handle->k = 0; +- handle->nr_free_pages = nr_free_pages() >> 1; +- handle->written = 0; ++ handle->reqd_free_pages = reqd_free_pages(); + handle->first_sector = handle->cur_swap; + return 0; + err_rel: +@@ -352,11 +368,11 @@ static int swap_write_page(struct swap_map_handle *handle, void *buf, + handle->cur_swap = offset; + handle->k = 0; + } +- if (bio_chain && ++handle->written > handle->nr_free_pages) { ++ if (bio_chain && low_free_pages() <= handle->reqd_free_pages) { + error = hib_wait_on_bio_chain(bio_chain); + if (error) + goto out; +- handle->written = 0; ++ handle->reqd_free_pages = reqd_free_pages(); + } + out: + return error; +@@ -618,7 +634,7 @@ static int save_image_lzo(struct swap_map_handle *handle, + * Adjust number of free pages after all allocations have been done. + * We don't want to run out of pages when writing. + */ +- handle->nr_free_pages = nr_free_pages() >> 1; ++ handle->reqd_free_pages = reqd_free_pages(); + + /* + * Start the CRC32 thread. +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index b342f57..478a04c 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -2266,13 +2266,10 @@ calc_load_n(unsigned long load, unsigned long exp, + * Once we've updated the global active value, we need to apply the exponential + * weights adjusted to the number of cycles missed. + */ +-static void calc_global_nohz(unsigned long ticks) ++static void calc_global_nohz(void) + { + long delta, active, n; + +- if (time_before(jiffies, calc_load_update)) +- return; +- + /* + * If we crossed a calc_load_update boundary, make sure to fold + * any pending idle changes, the respective CPUs might have +@@ -2284,31 +2281,25 @@ static void calc_global_nohz(unsigned long ticks) + atomic_long_add(delta, &calc_load_tasks); + + /* +- * If we were idle for multiple load cycles, apply them. ++ * It could be the one fold was all it took, we done! + */ +- if (ticks >= LOAD_FREQ) { +- n = ticks / LOAD_FREQ; ++ if (time_before(jiffies, calc_load_update + 10)) ++ return; + +- active = atomic_long_read(&calc_load_tasks); +- active = active > 0 ? active * FIXED_1 : 0; ++ /* ++ * Catch-up, fold however many we are behind still ++ */ ++ delta = jiffies - calc_load_update - 10; ++ n = 1 + (delta / LOAD_FREQ); + +- avenrun[0] = calc_load_n(avenrun[0], EXP_1, active, n); +- avenrun[1] = calc_load_n(avenrun[1], EXP_5, active, n); +- avenrun[2] = calc_load_n(avenrun[2], EXP_15, active, n); ++ active = atomic_long_read(&calc_load_tasks); ++ active = active > 0 ? active * FIXED_1 : 0; + +- calc_load_update += n * LOAD_FREQ; +- } ++ avenrun[0] = calc_load_n(avenrun[0], EXP_1, active, n); ++ avenrun[1] = calc_load_n(avenrun[1], EXP_5, active, n); ++ avenrun[2] = calc_load_n(avenrun[2], EXP_15, active, n); + +- /* +- * Its possible the remainder of the above division also crosses +- * a LOAD_FREQ period, the regular check in calc_global_load() +- * which comes after this will take care of that. +- * +- * Consider us being 11 ticks before a cycle completion, and us +- * sleeping for 4*LOAD_FREQ + 22 ticks, then the above code will +- * age us 4 cycles, and the test in calc_global_load() will +- * pick up the final one. +- */ ++ calc_load_update += n * LOAD_FREQ; + } + #else + void calc_load_account_idle(struct rq *this_rq) +@@ -2320,7 +2311,7 @@ static inline long calc_load_fold_idle(void) + return 0; + } + +-static void calc_global_nohz(unsigned long ticks) ++static void calc_global_nohz(void) + { + } + #endif +@@ -2348,8 +2339,6 @@ void calc_global_load(unsigned long ticks) + { + long active; + +- calc_global_nohz(ticks); +- + if (time_before(jiffies, calc_load_update + 10)) + return; + +@@ -2361,6 +2350,16 @@ void calc_global_load(unsigned long ticks) + avenrun[2] = calc_load(avenrun[2], EXP_15, active); + + calc_load_update += LOAD_FREQ; ++ ++ /* ++ * Account one period with whatever state we found before ++ * folding in the nohz state and ageing the entire idle period. ++ * ++ * This avoids loosing a sample when we go idle between ++ * calc_load_account_active() (10 ticks ago) and now and thus ++ * under-accounting. ++ */ ++ calc_global_nohz(); + } + + /* +@@ -6334,16 +6333,26 @@ static void __sdt_free(const struct cpumask *cpu_map) + struct sd_data *sdd = &tl->data; + + for_each_cpu(j, cpu_map) { +- struct sched_domain *sd = *per_cpu_ptr(sdd->sd, j); +- if (sd && (sd->flags & SD_OVERLAP)) +- free_sched_groups(sd->groups, 0); +- kfree(*per_cpu_ptr(sdd->sd, j)); +- kfree(*per_cpu_ptr(sdd->sg, j)); +- kfree(*per_cpu_ptr(sdd->sgp, j)); ++ struct sched_domain *sd; ++ ++ if (sdd->sd) { ++ sd = *per_cpu_ptr(sdd->sd, j); ++ if (sd && (sd->flags & SD_OVERLAP)) ++ free_sched_groups(sd->groups, 0); ++ kfree(*per_cpu_ptr(sdd->sd, j)); ++ } ++ ++ if (sdd->sg) ++ kfree(*per_cpu_ptr(sdd->sg, j)); ++ if (sdd->sgp) ++ kfree(*per_cpu_ptr(sdd->sgp, j)); + } + free_percpu(sdd->sd); ++ sdd->sd = NULL; + free_percpu(sdd->sg); ++ sdd->sg = NULL; + free_percpu(sdd->sgp); ++ sdd->sgp = NULL; + } + } + +diff --git a/kernel/signal.c b/kernel/signal.c +index c73c428..b09cf3b 100644 +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -1642,6 +1642,15 @@ bool do_notify_parent(struct task_struct *tsk, int sig) + BUG_ON(!tsk->ptrace && + (tsk->group_leader != tsk || !thread_group_empty(tsk))); + ++ if (sig != SIGCHLD) { ++ /* ++ * This is only possible if parent == real_parent. ++ * Check if it has changed security domain. ++ */ ++ if (tsk->parent_exec_id != tsk->parent->self_exec_id) ++ sig = SIGCHLD; ++ } ++ + info.si_signo = sig; + info.si_errno = 0; + /* +diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c +index 0d6ff35..d9c07f0 100644 +--- a/kernel/trace/trace_output.c ++++ b/kernel/trace/trace_output.c +@@ -650,6 +650,8 @@ int trace_print_lat_context(struct trace_iterator *iter) + { + u64 next_ts; + int ret; ++ /* trace_find_next_entry will reset ent_size */ ++ int ent_size = iter->ent_size; + struct trace_seq *s = &iter->seq; + struct trace_entry *entry = iter->ent, + *next_entry = trace_find_next_entry(iter, NULL, +@@ -658,6 +660,9 @@ int trace_print_lat_context(struct trace_iterator *iter) + unsigned long abs_usecs = ns2usecs(iter->ts - iter->tr->time_start); + unsigned long rel_usecs; + ++ /* Restore the original ent_size */ ++ iter->ent_size = ent_size; ++ + if (!next_entry) + next_ts = iter->ts; + rel_usecs = ns2usecs(next_ts - iter->ts); +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index e05667c..6a31cea 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -1144,7 +1144,8 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata, + tx->sta = rcu_dereference(sdata->u.vlan.sta); + if (!tx->sta && sdata->dev->ieee80211_ptr->use_4addr) + return TX_DROP; +- } else if (info->flags & IEEE80211_TX_CTL_INJECTED) { ++ } else if (info->flags & IEEE80211_TX_CTL_INJECTED || ++ tx->sdata->control_port_protocol == tx->skb->protocol) { + tx->sta = sta_info_get_bss(sdata, hdr->addr1); + } + if (!tx->sta) +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index afeea32..bf945c9 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -1293,6 +1293,11 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) + goto bad_res; + } + ++ if (!netif_running(netdev)) { ++ result = -ENETDOWN; ++ goto bad_res; ++ } ++ + nla_for_each_nested(nl_txq_params, + info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], + rem_txq_params) { +@@ -6262,7 +6267,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_get_key, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6294,7 +6299,7 @@ static struct genl_ops nl80211_ops[] = { + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, + .doit = nl80211_addset_beacon, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6302,7 +6307,7 @@ static struct genl_ops nl80211_ops[] = { + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, + .doit = nl80211_addset_beacon, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6326,7 +6331,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_set_station, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6342,7 +6347,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_del_station, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6375,7 +6380,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_del_mpath, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6383,7 +6388,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_set_bss, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6409,7 +6414,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_get_mesh_config, + .policy = nl80211_policy, + /* can be retrieved by unprivileged users */ +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6542,7 +6547,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_setdel_pmksa, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6550,7 +6555,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_setdel_pmksa, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6558,7 +6563,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_flush_pmksa, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +@@ -6718,7 +6723,7 @@ static struct genl_ops nl80211_ops[] = { + .doit = nl80211_probe_client, + .policy = nl80211_policy, + .flags = GENL_ADMIN_PERM, +- .internal_flags = NL80211_FLAG_NEED_NETDEV | ++ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | + NL80211_FLAG_NEED_RTNL, + }, + { +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index e5153ea..0960ece 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -5402,6 +5402,7 @@ static const struct alc_fixup alc269_fixups[] = { + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { ++ SND_PCI_QUIRK(0x1043, 0x1427, "Asus Zenbook UX31E", ALC269VB_FIXUP_DMIC), + SND_PCI_QUIRK(0x1043, 0x1a13, "Asus G73Jw", ALC269_FIXUP_ASUS_G73JW), + SND_PCI_QUIRK(0x1043, 0x16e3, "ASUS UX50", ALC269_FIXUP_STEREO_DMIC), + SND_PCI_QUIRK(0x1043, 0x831a, "ASUS P901", ALC269_FIXUP_STEREO_DMIC), +diff --git a/sound/soc/codecs/wm8994.c b/sound/soc/codecs/wm8994.c +index 900c91b..e5cc616 100644 +--- a/sound/soc/codecs/wm8994.c ++++ b/sound/soc/codecs/wm8994.c +@@ -929,61 +929,170 @@ static void wm8994_update_class_w(struct snd_soc_codec *codec) + } + } + +-static int late_enable_ev(struct snd_soc_dapm_widget *w, +- struct snd_kcontrol *kcontrol, int event) ++static int aif1clk_ev(struct snd_soc_dapm_widget *w, ++ struct snd_kcontrol *kcontrol, int event) + { + struct snd_soc_codec *codec = w->codec; +- struct wm8994_priv *wm8994 = snd_soc_codec_get_drvdata(codec); ++ struct wm8994 *control = codec->control_data; ++ int mask = WM8994_AIF1DAC1L_ENA | WM8994_AIF1DAC1R_ENA; ++ int dac; ++ int adc; ++ int val; ++ ++ switch (control->type) { ++ case WM8994: ++ case WM8958: ++ mask |= WM8994_AIF1DAC2L_ENA | WM8994_AIF1DAC2R_ENA; ++ break; ++ default: ++ break; ++ } + + switch (event) { + case SND_SOC_DAPM_PRE_PMU: +- if (wm8994->aif1clk_enable) { +- snd_soc_update_bits(codec, WM8994_AIF1_CLOCKING_1, +- WM8994_AIF1CLK_ENA_MASK, +- WM8994_AIF1CLK_ENA); +- wm8994->aif1clk_enable = 0; +- } +- if (wm8994->aif2clk_enable) { +- snd_soc_update_bits(codec, WM8994_AIF2_CLOCKING_1, +- WM8994_AIF2CLK_ENA_MASK, +- WM8994_AIF2CLK_ENA); +- wm8994->aif2clk_enable = 0; +- } ++ val = snd_soc_read(codec, WM8994_AIF1_CONTROL_1); ++ if ((val & WM8994_AIF1ADCL_SRC) && ++ (val & WM8994_AIF1ADCR_SRC)) ++ adc = WM8994_AIF1ADC1R_ENA | WM8994_AIF1ADC2R_ENA; ++ else if (!(val & WM8994_AIF1ADCL_SRC) && ++ !(val & WM8994_AIF1ADCR_SRC)) ++ adc = WM8994_AIF1ADC1L_ENA | WM8994_AIF1ADC2L_ENA; ++ else ++ adc = WM8994_AIF1ADC1R_ENA | WM8994_AIF1ADC2R_ENA | ++ WM8994_AIF1ADC1L_ENA | WM8994_AIF1ADC2L_ENA; ++ ++ val = snd_soc_read(codec, WM8994_AIF1_CONTROL_2); ++ if ((val & WM8994_AIF1DACL_SRC) && ++ (val & WM8994_AIF1DACR_SRC)) ++ dac = WM8994_AIF1DAC1R_ENA | WM8994_AIF1DAC2R_ENA; ++ else if (!(val & WM8994_AIF1DACL_SRC) && ++ !(val & WM8994_AIF1DACR_SRC)) ++ dac = WM8994_AIF1DAC1L_ENA | WM8994_AIF1DAC2L_ENA; ++ else ++ dac = WM8994_AIF1DAC1R_ENA | WM8994_AIF1DAC2R_ENA | ++ WM8994_AIF1DAC1L_ENA | WM8994_AIF1DAC2L_ENA; ++ ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_4, ++ mask, adc); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, ++ mask, dac); ++ snd_soc_update_bits(codec, WM8994_CLOCKING_1, ++ WM8994_AIF1DSPCLK_ENA | ++ WM8994_SYSDSPCLK_ENA, ++ WM8994_AIF1DSPCLK_ENA | ++ WM8994_SYSDSPCLK_ENA); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_4, mask, ++ WM8994_AIF1ADC1R_ENA | ++ WM8994_AIF1ADC1L_ENA | ++ WM8994_AIF1ADC2R_ENA | ++ WM8994_AIF1ADC2L_ENA); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, mask, ++ WM8994_AIF1DAC1R_ENA | ++ WM8994_AIF1DAC1L_ENA | ++ WM8994_AIF1DAC2R_ENA | ++ WM8994_AIF1DAC2L_ENA); ++ break; ++ ++ case SND_SOC_DAPM_PRE_PMD: ++ case SND_SOC_DAPM_POST_PMD: ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, ++ mask, 0); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_4, ++ mask, 0); ++ ++ val = snd_soc_read(codec, WM8994_CLOCKING_1); ++ if (val & WM8994_AIF2DSPCLK_ENA) ++ val = WM8994_SYSDSPCLK_ENA; ++ else ++ val = 0; ++ snd_soc_update_bits(codec, WM8994_CLOCKING_1, ++ WM8994_SYSDSPCLK_ENA | ++ WM8994_AIF1DSPCLK_ENA, val); + break; + } + +- /* We may also have postponed startup of DSP, handle that. */ +- wm8958_aif_ev(w, kcontrol, event); +- + return 0; + } + +-static int late_disable_ev(struct snd_soc_dapm_widget *w, +- struct snd_kcontrol *kcontrol, int event) ++static int aif2clk_ev(struct snd_soc_dapm_widget *w, ++ struct snd_kcontrol *kcontrol, int event) + { + struct snd_soc_codec *codec = w->codec; +- struct wm8994_priv *wm8994 = snd_soc_codec_get_drvdata(codec); ++ int dac; ++ int adc; ++ int val; + + switch (event) { ++ case SND_SOC_DAPM_PRE_PMU: ++ val = snd_soc_read(codec, WM8994_AIF2_CONTROL_1); ++ if ((val & WM8994_AIF2ADCL_SRC) && ++ (val & WM8994_AIF2ADCR_SRC)) ++ adc = WM8994_AIF2ADCR_ENA; ++ else if (!(val & WM8994_AIF2ADCL_SRC) && ++ !(val & WM8994_AIF2ADCR_SRC)) ++ adc = WM8994_AIF2ADCL_ENA; ++ else ++ adc = WM8994_AIF2ADCL_ENA | WM8994_AIF2ADCR_ENA; ++ ++ ++ val = snd_soc_read(codec, WM8994_AIF2_CONTROL_2); ++ if ((val & WM8994_AIF2DACL_SRC) && ++ (val & WM8994_AIF2DACR_SRC)) ++ dac = WM8994_AIF2DACR_ENA; ++ else if (!(val & WM8994_AIF2DACL_SRC) && ++ !(val & WM8994_AIF2DACR_SRC)) ++ dac = WM8994_AIF2DACL_ENA; ++ else ++ dac = WM8994_AIF2DACL_ENA | WM8994_AIF2DACR_ENA; ++ ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_4, ++ WM8994_AIF2ADCL_ENA | ++ WM8994_AIF2ADCR_ENA, adc); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, ++ WM8994_AIF2DACL_ENA | ++ WM8994_AIF2DACR_ENA, dac); ++ snd_soc_update_bits(codec, WM8994_CLOCKING_1, ++ WM8994_AIF2DSPCLK_ENA | ++ WM8994_SYSDSPCLK_ENA, ++ WM8994_AIF2DSPCLK_ENA | ++ WM8994_SYSDSPCLK_ENA); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_4, ++ WM8994_AIF2ADCL_ENA | ++ WM8994_AIF2ADCR_ENA, ++ WM8994_AIF2ADCL_ENA | ++ WM8994_AIF2ADCR_ENA); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, ++ WM8994_AIF2DACL_ENA | ++ WM8994_AIF2DACR_ENA, ++ WM8994_AIF2DACL_ENA | ++ WM8994_AIF2DACR_ENA); ++ break; ++ ++ case SND_SOC_DAPM_PRE_PMD: + case SND_SOC_DAPM_POST_PMD: +- if (wm8994->aif1clk_disable) { +- snd_soc_update_bits(codec, WM8994_AIF1_CLOCKING_1, +- WM8994_AIF1CLK_ENA_MASK, 0); +- wm8994->aif1clk_disable = 0; +- } +- if (wm8994->aif2clk_disable) { +- snd_soc_update_bits(codec, WM8994_AIF2_CLOCKING_1, +- WM8994_AIF2CLK_ENA_MASK, 0); +- wm8994->aif2clk_disable = 0; +- } ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, ++ WM8994_AIF2DACL_ENA | ++ WM8994_AIF2DACR_ENA, 0); ++ snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, ++ WM8994_AIF2ADCL_ENA | ++ WM8994_AIF2ADCR_ENA, 0); ++ ++ val = snd_soc_read(codec, WM8994_CLOCKING_1); ++ if (val & WM8994_AIF1DSPCLK_ENA) ++ val = WM8994_SYSDSPCLK_ENA; ++ else ++ val = 0; ++ snd_soc_update_bits(codec, WM8994_CLOCKING_1, ++ WM8994_SYSDSPCLK_ENA | ++ WM8994_AIF2DSPCLK_ENA, val); + break; + } + + return 0; + } + +-static int aif1clk_ev(struct snd_soc_dapm_widget *w, +- struct snd_kcontrol *kcontrol, int event) ++static int aif1clk_late_ev(struct snd_soc_dapm_widget *w, ++ struct snd_kcontrol *kcontrol, int event) + { + struct snd_soc_codec *codec = w->codec; + struct wm8994_priv *wm8994 = snd_soc_codec_get_drvdata(codec); +@@ -1000,8 +1109,8 @@ static int aif1clk_ev(struct snd_soc_dapm_widget *w, + return 0; + } + +-static int aif2clk_ev(struct snd_soc_dapm_widget *w, +- struct snd_kcontrol *kcontrol, int event) ++static int aif2clk_late_ev(struct snd_soc_dapm_widget *w, ++ struct snd_kcontrol *kcontrol, int event) + { + struct snd_soc_codec *codec = w->codec; + struct wm8994_priv *wm8994 = snd_soc_codec_get_drvdata(codec); +@@ -1018,6 +1127,63 @@ static int aif2clk_ev(struct snd_soc_dapm_widget *w, + return 0; + } + ++static int late_enable_ev(struct snd_soc_dapm_widget *w, ++ struct snd_kcontrol *kcontrol, int event) ++{ ++ struct snd_soc_codec *codec = w->codec; ++ struct wm8994_priv *wm8994 = snd_soc_codec_get_drvdata(codec); ++ ++ switch (event) { ++ case SND_SOC_DAPM_PRE_PMU: ++ if (wm8994->aif1clk_enable) { ++ aif1clk_ev(w, kcontrol, event); ++ snd_soc_update_bits(codec, WM8994_AIF1_CLOCKING_1, ++ WM8994_AIF1CLK_ENA_MASK, ++ WM8994_AIF1CLK_ENA); ++ wm8994->aif1clk_enable = 0; ++ } ++ if (wm8994->aif2clk_enable) { ++ aif2clk_ev(w, kcontrol, event); ++ snd_soc_update_bits(codec, WM8994_AIF2_CLOCKING_1, ++ WM8994_AIF2CLK_ENA_MASK, ++ WM8994_AIF2CLK_ENA); ++ wm8994->aif2clk_enable = 0; ++ } ++ break; ++ } ++ ++ /* We may also have postponed startup of DSP, handle that. */ ++ wm8958_aif_ev(w, kcontrol, event); ++ ++ return 0; ++} ++ ++static int late_disable_ev(struct snd_soc_dapm_widget *w, ++ struct snd_kcontrol *kcontrol, int event) ++{ ++ struct snd_soc_codec *codec = w->codec; ++ struct wm8994_priv *wm8994 = snd_soc_codec_get_drvdata(codec); ++ ++ switch (event) { ++ case SND_SOC_DAPM_POST_PMD: ++ if (wm8994->aif1clk_disable) { ++ snd_soc_update_bits(codec, WM8994_AIF1_CLOCKING_1, ++ WM8994_AIF1CLK_ENA_MASK, 0); ++ aif1clk_ev(w, kcontrol, event); ++ wm8994->aif1clk_disable = 0; ++ } ++ if (wm8994->aif2clk_disable) { ++ snd_soc_update_bits(codec, WM8994_AIF2_CLOCKING_1, ++ WM8994_AIF2CLK_ENA_MASK, 0); ++ aif2clk_ev(w, kcontrol, event); ++ wm8994->aif2clk_disable = 0; ++ } ++ break; ++ } ++ ++ return 0; ++} ++ + static int adc_mux_ev(struct snd_soc_dapm_widget *w, + struct snd_kcontrol *kcontrol, int event) + { +@@ -1314,9 +1480,9 @@ static const struct snd_kcontrol_new aif2dacr_src_mux = + SOC_DAPM_ENUM("AIF2DACR Mux", aif2dacr_src_enum); + + static const struct snd_soc_dapm_widget wm8994_lateclk_revd_widgets[] = { +-SND_SOC_DAPM_SUPPLY("AIF1CLK", SND_SOC_NOPM, 0, 0, aif1clk_ev, ++SND_SOC_DAPM_SUPPLY("AIF1CLK", SND_SOC_NOPM, 0, 0, aif1clk_late_ev, + SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_POST_PMD), +-SND_SOC_DAPM_SUPPLY("AIF2CLK", SND_SOC_NOPM, 0, 0, aif2clk_ev, ++SND_SOC_DAPM_SUPPLY("AIF2CLK", SND_SOC_NOPM, 0, 0, aif2clk_late_ev, + SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_POST_PMD), + + SND_SOC_DAPM_PGA_E("Late DAC1L Enable PGA", SND_SOC_NOPM, 0, 0, NULL, 0, +@@ -1345,8 +1511,10 @@ SND_SOC_DAPM_POST("Late Disable PGA", late_disable_ev) + }; + + static const struct snd_soc_dapm_widget wm8994_lateclk_widgets[] = { +-SND_SOC_DAPM_SUPPLY("AIF1CLK", WM8994_AIF1_CLOCKING_1, 0, 0, NULL, 0), +-SND_SOC_DAPM_SUPPLY("AIF2CLK", WM8994_AIF2_CLOCKING_1, 0, 0, NULL, 0), ++SND_SOC_DAPM_SUPPLY("AIF1CLK", WM8994_AIF1_CLOCKING_1, 0, 0, aif1clk_ev, ++ SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_PRE_PMD), ++SND_SOC_DAPM_SUPPLY("AIF2CLK", WM8994_AIF2_CLOCKING_1, 0, 0, aif2clk_ev, ++ SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_PRE_PMD), + SND_SOC_DAPM_PGA("Direct Voice", SND_SOC_NOPM, 0, 0, NULL, 0), + SND_SOC_DAPM_MIXER("SPKL", WM8994_POWER_MANAGEMENT_3, 8, 0, + left_speaker_mixer, ARRAY_SIZE(left_speaker_mixer)), +@@ -1399,30 +1567,30 @@ SND_SOC_DAPM_SUPPLY("VMID", SND_SOC_NOPM, 0, 0, vmid_event, + SND_SOC_DAPM_SUPPLY("CLK_SYS", SND_SOC_NOPM, 0, 0, clk_sys_event, + SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_PRE_PMD), + +-SND_SOC_DAPM_SUPPLY("DSP1CLK", WM8994_CLOCKING_1, 3, 0, NULL, 0), +-SND_SOC_DAPM_SUPPLY("DSP2CLK", WM8994_CLOCKING_1, 2, 0, NULL, 0), +-SND_SOC_DAPM_SUPPLY("DSPINTCLK", WM8994_CLOCKING_1, 1, 0, NULL, 0), ++SND_SOC_DAPM_SUPPLY("DSP1CLK", SND_SOC_NOPM, 3, 0, NULL, 0), ++SND_SOC_DAPM_SUPPLY("DSP2CLK", SND_SOC_NOPM, 2, 0, NULL, 0), ++SND_SOC_DAPM_SUPPLY("DSPINTCLK", SND_SOC_NOPM, 1, 0, NULL, 0), + + SND_SOC_DAPM_AIF_OUT("AIF1ADC1L", NULL, +- 0, WM8994_POWER_MANAGEMENT_4, 9, 0), ++ 0, SND_SOC_NOPM, 9, 0), + SND_SOC_DAPM_AIF_OUT("AIF1ADC1R", NULL, +- 0, WM8994_POWER_MANAGEMENT_4, 8, 0), ++ 0, SND_SOC_NOPM, 8, 0), + SND_SOC_DAPM_AIF_IN_E("AIF1DAC1L", NULL, 0, +- WM8994_POWER_MANAGEMENT_5, 9, 0, wm8958_aif_ev, ++ SND_SOC_NOPM, 9, 0, wm8958_aif_ev, + SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), + SND_SOC_DAPM_AIF_IN_E("AIF1DAC1R", NULL, 0, +- WM8994_POWER_MANAGEMENT_5, 8, 0, wm8958_aif_ev, ++ SND_SOC_NOPM, 8, 0, wm8958_aif_ev, + SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), + + SND_SOC_DAPM_AIF_OUT("AIF1ADC2L", NULL, +- 0, WM8994_POWER_MANAGEMENT_4, 11, 0), ++ 0, SND_SOC_NOPM, 11, 0), + SND_SOC_DAPM_AIF_OUT("AIF1ADC2R", NULL, +- 0, WM8994_POWER_MANAGEMENT_4, 10, 0), ++ 0, SND_SOC_NOPM, 10, 0), + SND_SOC_DAPM_AIF_IN_E("AIF1DAC2L", NULL, 0, +- WM8994_POWER_MANAGEMENT_5, 11, 0, wm8958_aif_ev, ++ SND_SOC_NOPM, 11, 0, wm8958_aif_ev, + SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), + SND_SOC_DAPM_AIF_IN_E("AIF1DAC2R", NULL, 0, +- WM8994_POWER_MANAGEMENT_5, 10, 0, wm8958_aif_ev, ++ SND_SOC_NOPM, 10, 0, wm8958_aif_ev, + SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_POST_PMD), + + SND_SOC_DAPM_MIXER("AIF1ADC1L Mixer", SND_SOC_NOPM, 0, 0, +@@ -1449,14 +1617,14 @@ SND_SOC_DAPM_MIXER("DAC1R Mixer", SND_SOC_NOPM, 0, 0, + dac1r_mix, ARRAY_SIZE(dac1r_mix)), + + SND_SOC_DAPM_AIF_OUT("AIF2ADCL", NULL, 0, +- WM8994_POWER_MANAGEMENT_4, 13, 0), ++ SND_SOC_NOPM, 13, 0), + SND_SOC_DAPM_AIF_OUT("AIF2ADCR", NULL, 0, +- WM8994_POWER_MANAGEMENT_4, 12, 0), ++ SND_SOC_NOPM, 12, 0), + SND_SOC_DAPM_AIF_IN_E("AIF2DACL", NULL, 0, +- WM8994_POWER_MANAGEMENT_5, 13, 0, wm8958_aif_ev, ++ SND_SOC_NOPM, 13, 0, wm8958_aif_ev, + SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_PRE_PMD), + SND_SOC_DAPM_AIF_IN_E("AIF2DACR", NULL, 0, +- WM8994_POWER_MANAGEMENT_5, 12, 0, wm8958_aif_ev, ++ SND_SOC_NOPM, 12, 0, wm8958_aif_ev, + SND_SOC_DAPM_POST_PMU | SND_SOC_DAPM_PRE_PMD), + + SND_SOC_DAPM_AIF_IN("AIF1DACDAT", "AIF1 Playback", 0, SND_SOC_NOPM, 0, 0), +diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c +index 1315663..ac6b869 100644 +--- a/sound/soc/soc-dapm.c ++++ b/sound/soc/soc-dapm.c +@@ -70,6 +70,7 @@ static int dapm_up_seq[] = { + [snd_soc_dapm_out_drv] = 10, + [snd_soc_dapm_hp] = 10, + [snd_soc_dapm_spk] = 10, ++ [snd_soc_dapm_line] = 10, + [snd_soc_dapm_post] = 11, + }; + +@@ -78,6 +79,7 @@ static int dapm_down_seq[] = { + [snd_soc_dapm_adc] = 1, + [snd_soc_dapm_hp] = 2, + [snd_soc_dapm_spk] = 2, ++ [snd_soc_dapm_line] = 2, + [snd_soc_dapm_out_drv] = 2, + [snd_soc_dapm_pga] = 4, + [snd_soc_dapm_mixer_named_ctl] = 5, +diff --git a/tools/include/tools/be_byteshift.h b/tools/include/tools/be_byteshift.h +new file mode 100644 +index 0000000..f4912e2 +--- /dev/null ++++ b/tools/include/tools/be_byteshift.h +@@ -0,0 +1,70 @@ ++#ifndef _TOOLS_BE_BYTESHIFT_H ++#define _TOOLS_BE_BYTESHIFT_H ++ ++#include <linux/types.h> ++ ++static inline __u16 __get_unaligned_be16(const __u8 *p) ++{ ++ return p[0] << 8 | p[1]; ++} ++ ++static inline __u32 __get_unaligned_be32(const __u8 *p) ++{ ++ return p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; ++} ++ ++static inline __u64 __get_unaligned_be64(const __u8 *p) ++{ ++ return (__u64)__get_unaligned_be32(p) << 32 | ++ __get_unaligned_be32(p + 4); ++} ++ ++static inline void __put_unaligned_be16(__u16 val, __u8 *p) ++{ ++ *p++ = val >> 8; ++ *p++ = val; ++} ++ ++static inline void __put_unaligned_be32(__u32 val, __u8 *p) ++{ ++ __put_unaligned_be16(val >> 16, p); ++ __put_unaligned_be16(val, p + 2); ++} ++ ++static inline void __put_unaligned_be64(__u64 val, __u8 *p) ++{ ++ __put_unaligned_be32(val >> 32, p); ++ __put_unaligned_be32(val, p + 4); ++} ++ ++static inline __u16 get_unaligned_be16(const void *p) ++{ ++ return __get_unaligned_be16((const __u8 *)p); ++} ++ ++static inline __u32 get_unaligned_be32(const void *p) ++{ ++ return __get_unaligned_be32((const __u8 *)p); ++} ++ ++static inline __u64 get_unaligned_be64(const void *p) ++{ ++ return __get_unaligned_be64((const __u8 *)p); ++} ++ ++static inline void put_unaligned_be16(__u16 val, void *p) ++{ ++ __put_unaligned_be16(val, p); ++} ++ ++static inline void put_unaligned_be32(__u32 val, void *p) ++{ ++ __put_unaligned_be32(val, p); ++} ++ ++static inline void put_unaligned_be64(__u64 val, void *p) ++{ ++ __put_unaligned_be64(val, p); ++} ++ ++#endif /* _TOOLS_BE_BYTESHIFT_H */ +diff --git a/tools/include/tools/le_byteshift.h b/tools/include/tools/le_byteshift.h +new file mode 100644 +index 0000000..c99d45a +--- /dev/null ++++ b/tools/include/tools/le_byteshift.h +@@ -0,0 +1,70 @@ ++#ifndef _TOOLS_LE_BYTESHIFT_H ++#define _TOOLS_LE_BYTESHIFT_H ++ ++#include <linux/types.h> ++ ++static inline __u16 __get_unaligned_le16(const __u8 *p) ++{ ++ return p[0] | p[1] << 8; ++} ++ ++static inline __u32 __get_unaligned_le32(const __u8 *p) ++{ ++ return p[0] | p[1] << 8 | p[2] << 16 | p[3] << 24; ++} ++ ++static inline __u64 __get_unaligned_le64(const __u8 *p) ++{ ++ return (__u64)__get_unaligned_le32(p + 4) << 32 | ++ __get_unaligned_le32(p); ++} ++ ++static inline void __put_unaligned_le16(__u16 val, __u8 *p) ++{ ++ *p++ = val; ++ *p++ = val >> 8; ++} ++ ++static inline void __put_unaligned_le32(__u32 val, __u8 *p) ++{ ++ __put_unaligned_le16(val >> 16, p + 2); ++ __put_unaligned_le16(val, p); ++} ++ ++static inline void __put_unaligned_le64(__u64 val, __u8 *p) ++{ ++ __put_unaligned_le32(val >> 32, p + 4); ++ __put_unaligned_le32(val, p); ++} ++ ++static inline __u16 get_unaligned_le16(const void *p) ++{ ++ return __get_unaligned_le16((const __u8 *)p); ++} ++ ++static inline __u32 get_unaligned_le32(const void *p) ++{ ++ return __get_unaligned_le32((const __u8 *)p); ++} ++ ++static inline __u64 get_unaligned_le64(const void *p) ++{ ++ return __get_unaligned_le64((const __u8 *)p); ++} ++ ++static inline void put_unaligned_le16(__u16 val, void *p) ++{ ++ __put_unaligned_le16(val, p); ++} ++ ++static inline void put_unaligned_le32(__u32 val, void *p) ++{ ++ __put_unaligned_le32(val, p); ++} ++ ++static inline void put_unaligned_le64(__u64 val, void *p) ++{ ++ __put_unaligned_le64(val, p); ++} ++ ++#endif /* _TOOLS_LE_BYTESHIFT_H */ diff --git a/3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch b/3.3.5/4420_grsecurity-2.9-3.3.5-201205071839.patch index 7c10a25..222eccd 100644 --- a/3.3.4/4420_grsecurity-2.9-3.3.4-201204272006.patch +++ b/3.3.5/4420_grsecurity-2.9-3.3.5-201205071839.patch @@ -195,7 +195,7 @@ index d99fd9c..8689fef 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 44ef766..dac9410 100644 +index 64615e9..64d72ce 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -456,6 +456,23 @@ index da5449e..7418343 100644 /* $0 is set by ld.so to a pointer to a function which might be registered using atexit. This provides a mean for the dynamic linker to call DT_FINI functions for shared libraries that have +diff --git a/arch/alpha/include/asm/pgalloc.h b/arch/alpha/include/asm/pgalloc.h +index bc2a0da..8ad11ee 100644 +--- a/arch/alpha/include/asm/pgalloc.h ++++ b/arch/alpha/include/asm/pgalloc.h +@@ -29,6 +29,12 @@ pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + pgd_set(pgd, pmd); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + extern pgd_t *pgd_alloc(struct mm_struct *mm); + + static inline void diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h index de98a73..bd4f1f8 100644 --- a/arch/alpha/include/asm/pgtable.h @@ -1389,6 +1406,30 @@ index 97b440c..b7ff179 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; +diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h +index 943504f..bf8d667 100644 +--- a/arch/arm/include/asm/pgalloc.h ++++ b/arch/arm/include/asm/pgalloc.h +@@ -43,6 +43,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE)); + } + ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} ++ + #else /* !CONFIG_ARM_LPAE */ + + /* +@@ -51,6 +56,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + #define pmd_alloc_one(mm,addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, pmd) do { } while (0) + #define pud_populate(mm,pmd,pte) BUG() ++#define pud_populate_kernel(mm,pmd,pte) BUG() + + #endif /* CONFIG_ARM_LPAE */ + diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h index e4c96cc..1145653 100644 --- a/arch/arm/include/asm/system.h @@ -2233,6 +2274,36 @@ index b5298eb..67c6e62 100644 #define PT_IA_64_UNWIND 0x70000001 /* IA-64 relocations: */ +diff --git a/arch/ia64/include/asm/pgalloc.h b/arch/ia64/include/asm/pgalloc.h +index 96a8d92..617a1cf 100644 +--- a/arch/ia64/include/asm/pgalloc.h ++++ b/arch/ia64/include/asm/pgalloc.h +@@ -39,6 +39,12 @@ pgd_populate(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) + pgd_val(*pgd_entry) = __pa(pud); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) ++{ ++ pgd_populate(mm, pgd_entry, pud); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); +@@ -57,6 +63,12 @@ pud_populate(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) + pud_val(*pud_entry) = __pa(pmd); + } + ++static inline void ++pud_populate_kernel(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) ++{ ++ pud_populate(mm, pud_entry, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); diff --git a/arch/ia64/include/asm/pgtable.h b/arch/ia64/include/asm/pgtable.h index 1a97af3..7529d31 100644 --- a/arch/ia64/include/asm/pgtable.h @@ -2692,6 +2763,22 @@ index da9bd7d..91aa7ab 100644 #else typedef struct { unsigned long long pte; } pte_t; #define pte_val(x) ((x).pte) +diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h +index 881d18b..cea38bc 100644 +--- a/arch/mips/include/asm/pgalloc.h ++++ b/arch/mips/include/asm/pgalloc.h +@@ -37,6 +37,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + set_pud(pud, __pud((unsigned long)pmd)); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} + #endif + + /* diff --git a/arch/mips/include/asm/system.h b/arch/mips/include/asm/system.h index 6018c80..7c37203 100644 --- a/arch/mips/include/asm/system.h @@ -2999,6 +3086,30 @@ index 19f6cb1..6c78cf2 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, but it's not easy, and we've already done it here. */ +diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h +index fc987a1..6e068ef 100644 +--- a/arch/parisc/include/asm/pgalloc.h ++++ b/arch/parisc/include/asm/pgalloc.h +@@ -61,6 +61,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + (__u32)(__pa((unsigned long)pmd) >> PxD_VALUE_SHIFT)); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) + { + pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL|__GFP_REPEAT, +@@ -93,6 +98,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd) + #define pmd_alloc_one(mm, addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, x) do { } while (0) + #define pgd_populate(mm, pmd, pte) BUG() ++#define pgd_populate_kernel(mm, pmd, pte) BUG() + + #endif + diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h index 22dadeb..f6c2be4 100644 --- a/arch/parisc/include/asm/pgtable.h @@ -3497,6 +3608,38 @@ index fed85e6..da5c71b 100644 #include <asm-generic/getorder.h> +diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h +index 292725c..f87ae14 100644 +--- a/arch/powerpc/include/asm/pgalloc-64.h ++++ b/arch/powerpc/include/asm/pgalloc-64.h +@@ -50,6 +50,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + #ifndef CONFIG_PPC_64K_PAGES + + #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, PUD) ++#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD)) + + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { +@@ -67,6 +68,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + pud_set(pud, (unsigned long)pmd); + } + ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} ++ + #define pmd_populate(mm, pmd, pte_page) \ + pmd_populate_kernel(mm, pmd, page_address(pte_page)) + #define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte)) +@@ -76,6 +82,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + #else /* CONFIG_PPC_64K_PAGES */ + + #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, + pte_t *pte) diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h index 2e0e411..7899c68 100644 --- a/arch/powerpc/include/asm/pgtable.h @@ -4918,6 +5061,30 @@ index 7df8b7f..4946269 100644 extern unsigned long sparc64_elf_hwcap; #define ELF_HWCAP sparc64_elf_hwcap +diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h +index ca2b344..c6084f89 100644 +--- a/arch/sparc/include/asm/pgalloc_32.h ++++ b/arch/sparc/include/asm/pgalloc_32.h +@@ -37,6 +37,7 @@ BTFIXUPDEF_CALL(void, free_pgd_fast, pgd_t *) + BTFIXUPDEF_CALL(void, pgd_set, pgd_t *, pmd_t *) + #define pgd_set(pgdp,pmdp) BTFIXUP_CALL(pgd_set)(pgdp,pmdp) + #define pgd_populate(MM, PGD, PMD) pgd_set(PGD, PMD) ++#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD)) + + BTFIXUPDEF_CALL(pmd_t *, pmd_alloc_one, struct mm_struct *, unsigned long) + #define pmd_alloc_one(mm, address) BTFIXUP_CALL(pmd_alloc_one)(mm, address) +diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h +index 40b2d7a..22a665b 100644 +--- a/arch/sparc/include/asm/pgalloc_64.h ++++ b/arch/sparc/include/asm/pgalloc_64.h +@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + } + + #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD) ++#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD)) + + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h index a790cc6..091ed94 100644 --- a/arch/sparc/include/asm/pgtable_32.h @@ -6993,6 +7160,18 @@ index 7cfc3ce..cbd1a58 100644 #ifndef __ASSEMBLY__ struct page; +diff --git a/arch/um/include/asm/pgtable-3level.h b/arch/um/include/asm/pgtable-3level.h +index 0032f92..cd151e0 100644 +--- a/arch/um/include/asm/pgtable-3level.h ++++ b/arch/um/include/asm/pgtable-3level.h +@@ -58,6 +58,7 @@ + #define pud_present(x) (pud_val(x) & _PAGE_PRESENT) + #define pud_populate(mm, pud, pmd) \ + set_pud(pud, __pud(_PAGE_TABLE + __pa(pmd))) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + #ifdef CONFIG_64BIT + #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c index 69f2490..2634831 100644 --- a/arch/um/kernel/process.c @@ -7192,10 +7371,10 @@ index 209ba12..15140db 100644 +archprepare: + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile -index 95365a8..52f857b 100644 +index 5a747dd..ff7b12c 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile -@@ -63,6 +63,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ +@@ -64,6 +64,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ $(call cc-option, -fno-stack-protector) \ $(call cc-option, -mpreferred-stack-boundary=2) KBUILD_CFLAGS += $(call cc-option, -m32) @@ -7250,7 +7429,7 @@ index c7093bd..d4247ffe0 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index b123b9a..2cf2f23 100644 +index fd55a2f..217b501 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small @@ -7264,10 +7443,10 @@ index b123b9a..2cf2f23 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index a055993..47e126c 100644 +index c85e3ac..6f5aa80 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S -@@ -98,7 +98,7 @@ preferred_addr: +@@ -106,7 +106,7 @@ preferred_addr: notl %eax andl %eax, %ebx #else @@ -7276,7 +7455,7 @@ index a055993..47e126c 100644 #endif /* Target address to relocate to for decompression */ -@@ -184,7 +184,7 @@ relocated: +@@ -192,7 +192,7 @@ relocated: * and where it was actually loaded. */ movl %ebp, %ebx @@ -7285,7 +7464,7 @@ index a055993..47e126c 100644 jz 2f /* Nothing to be done if loaded at compiled addr. */ /* * Process relocations. -@@ -192,8 +192,7 @@ relocated: +@@ -200,8 +200,7 @@ relocated: 1: subl $4, %edi movl (%edi), %ecx @@ -7296,7 +7475,7 @@ index a055993..47e126c 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 558d76c..606aa24 100644 +index 87e03a1..0d94c76 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -91,7 +91,7 @@ ENTRY(startup_32) @@ -7308,7 +7487,7 @@ index 558d76c..606aa24 100644 #endif /* Target address to relocate to for decompression */ -@@ -253,7 +253,7 @@ preferred_addr: +@@ -263,7 +263,7 @@ preferred_addr: notq %rax andq %rax, %rbp #else @@ -10780,7 +10959,7 @@ index 8e8b9a4..f07d725 100644 /* This contains all the paravirt structures: we get a convenient * number for each function using the offset which we use to indicate diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h -index b4389a4..b7ff22c 100644 +index b4389a4..7024269 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(struct mm_struct *mm, @@ -10797,6 +10976,42 @@ index b4389a4..b7ff22c 100644 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE)); } +@@ -99,12 +106,22 @@ static inline void __pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd, + + #ifdef CONFIG_X86_PAE + extern void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd); ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) ++{ ++ pud_populate(mm, pudp, pmd); ++} + #else /* !CONFIG_X86_PAE */ + static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); + set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd))); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); ++ set_pud(pud, __pud(_KERNPG_TABLE | __pa(pmd))); ++} + #endif /* CONFIG_X86_PAE */ + + #if PAGETABLE_LEVELS > 3 +@@ -114,6 +131,12 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) + set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(pud))); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) ++{ ++ paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT); ++ set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(pud))); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return (pud_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT); diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h index 98391db..8f6984e 100644 --- a/arch/x86/include/asm/pgtable-2level.h @@ -11094,7 +11309,7 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index 975f709..107976d 100644 +index 975f709..9f779c9 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -16,10 +16,14 @@ @@ -11124,7 +11339,17 @@ index 975f709..107976d 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -107,6 +113,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -97,7 +103,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) + + static inline void native_set_pud(pud_t *pudp, pud_t pud) + { ++ pax_open_kernel(); + *pudp = pud; ++ pax_close_kernel(); + } + + static inline void native_pud_clear(pud_t *pud) +@@ -107,6 +115,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -13001,7 +13226,7 @@ index bb05228..d763d5b 100644 #endif diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index 517d476..a1cb4d9 100644 +index a609c39..7a68dc7 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -29,7 +29,7 @@ struct x86_init_mpparse { @@ -13365,7 +13590,7 @@ index 1f84794..e23f862 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 2eec05b..fef012b 100644 +index 5b3f88e..61232b4 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -184,7 +184,7 @@ int first_system_vector = 0xfe; @@ -13377,7 +13602,7 @@ index 2eec05b..fef012b 100644 int pic_mode; -@@ -1908,7 +1908,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1912,7 +1912,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -13569,10 +13794,10 @@ index 25f24dc..4094a7f 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index f4773f4..b3fb13c 100644 +index 80ab83d..0a7b34e 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -669,7 +669,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -670,7 +670,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -13582,7 +13807,7 @@ index f4773f4..b3fb13c 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index c0f7d68..aa418f9 100644 +index 1a810e4..9fa8201 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -13699,7 +13924,7 @@ index c0f7d68..aa418f9 100644 return regs; } -@@ -1190,7 +1142,7 @@ void __cpuinit cpu_init(void) +@@ -1181,7 +1133,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -13708,7 +13933,7 @@ index c0f7d68..aa418f9 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1216,7 +1168,7 @@ void __cpuinit cpu_init(void) +@@ -1207,7 +1159,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -13717,7 +13942,7 @@ index c0f7d68..aa418f9 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1225,7 +1177,6 @@ void __cpuinit cpu_init(void) +@@ -1216,7 +1168,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -13725,7 +13950,7 @@ index c0f7d68..aa418f9 100644 if (cpu != 0) enable_x2apic(); -@@ -1281,7 +1232,7 @@ void __cpuinit cpu_init(void) +@@ -1272,7 +1223,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -16999,18 +17224,10 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 739d859..aab2a58 100644 +index f239f30..aab2a58 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c -@@ -154,6 +154,7 @@ int init_fpu(struct task_struct *tsk) - if (tsk_used_math(tsk)) { - if (HAVE_HWFP && tsk == current) - unlazy_fpu(tsk); -+ tsk->thread.fpu.last_cpu = ~0; - return 0; - } - -@@ -188,6 +189,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset) +@@ -189,6 +189,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset) int xfpregs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17020,7 +17237,7 @@ index 739d859..aab2a58 100644 void *kbuf, void __user *ubuf) { int ret; -@@ -207,6 +211,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset, +@@ -208,6 +211,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset, int xfpregs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17030,7 +17247,7 @@ index 739d859..aab2a58 100644 const void *kbuf, const void __user *ubuf) { int ret; -@@ -240,6 +247,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset, +@@ -241,6 +247,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset, int xstateregs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17040,7 +17257,7 @@ index 739d859..aab2a58 100644 void *kbuf, void __user *ubuf) { int ret; -@@ -269,6 +279,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset, +@@ -270,6 +279,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset, int xstateregs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17050,7 +17267,7 @@ index 739d859..aab2a58 100644 const void *kbuf, const void __user *ubuf) { int ret; -@@ -439,6 +452,9 @@ static void convert_to_fxsr(struct task_struct *tsk, +@@ -440,6 +452,9 @@ static void convert_to_fxsr(struct task_struct *tsk, int fpregs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17060,7 +17277,7 @@ index 739d859..aab2a58 100644 void *kbuf, void __user *ubuf) { struct user_i387_ia32_struct env; -@@ -471,6 +487,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset, +@@ -472,6 +487,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset, int fpregs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17070,7 +17287,7 @@ index 739d859..aab2a58 100644 const void *kbuf, const void __user *ubuf) { struct user_i387_ia32_struct env; -@@ -619,6 +638,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf) +@@ -620,6 +638,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf) } static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, @@ -24723,7 +24940,7 @@ index 8663f6c..829ae76 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 436a030..b8596b9 100644 +index 436a030..2b60088 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -24777,6 +24994,24 @@ index 436a030..b8596b9 100644 } spin_unlock(&pgd_lock); } +@@ -162,7 +176,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) + { + if (pgd_none(*pgd)) { + pud_t *pud = (pud_t *)spp_getpage(); +- pgd_populate(&init_mm, pgd, pud); ++ pgd_populate_kernel(&init_mm, pgd, pud); + if (pud != pud_offset(pgd, 0)) + printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", + pud, pud_offset(pgd, 0)); +@@ -174,7 +188,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) + { + if (pud_none(*pud)) { + pmd_t *pmd = (pmd_t *) spp_getpage(); +- pud_populate(&init_mm, pud, pmd); ++ pud_populate_kernel(&init_mm, pud, pmd); + if (pmd != pmd_offset(pud, 0)) + printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", + pmd, pmd_offset(pud, 0)); @@ -203,7 +217,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) pmd = fill_pmd(pud, vaddr); pte = fill_pte(pmd, vaddr); @@ -24822,6 +25057,15 @@ index 436a030..b8596b9 100644 adr = (void *)(((unsigned long)adr) | left); return adr; +@@ -592,7 +606,7 @@ kernel_physical_mapping_init(unsigned long start, + unmap_low_page(pud); + + spin_lock(&init_mm.page_table_lock); +- pgd_populate(&init_mm, pgd, __va(pud_phys)); ++ pgd_populate_kernel(&init_mm, pgd, __va(pud_phys)); + spin_unlock(&init_mm.page_table_lock); + pgd_changed = true; + } @@ -684,6 +698,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -26719,10 +26963,10 @@ index 95c1cf6..4bfa5be 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 501d4e0..e877605 100644 +index f2ce60a..14e08dc 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c -@@ -194,11 +194,6 @@ static void __init xen_smp_prepare_boot_cpu(void) +@@ -209,11 +209,6 @@ static void __init xen_smp_prepare_boot_cpu(void) { BUG_ON(smp_processor_id() != 0); native_smp_prepare_boot_cpu(); @@ -26734,7 +26978,7 @@ index 501d4e0..e877605 100644 xen_filter_cpu_maps(); xen_setup_vcpu_info_placement(); } -@@ -275,12 +270,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) +@@ -290,12 +285,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) gdt = get_cpu_gdt_table(cpu); ctxt->flags = VGCF_IN_KERNEL; @@ -26750,7 +26994,7 @@ index 501d4e0..e877605 100644 #else ctxt->gs_base_kernel = per_cpu_offset(cpu); #endif -@@ -331,13 +326,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu) +@@ -346,13 +341,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu) int rc; per_cpu(current_task, cpu) = idle; @@ -30276,7 +30520,7 @@ index 9689ca3..294f9c1 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 65e1f00..a30ef00 100644 +index e159e33..cdcc663 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, @@ -33609,7 +33853,7 @@ index 1898389..a3aa617 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 360f2b9..08b5382 100644 +index d1162e5..c7cd902 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1687,18 +1687,18 @@ static void raid5_end_read_request(struct bio * bi, int error) @@ -34772,6 +35016,93 @@ index 52da7b2..4ddfe1c 100644 { /* Sometime a Level-One switch card. */ "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, { "Winbond W89c840", CanHaveMII | HasBrokenTx}, +diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c +index b2dc2c8..2e09edb 100644 +--- a/drivers/net/ethernet/dlink/dl2k.c ++++ b/drivers/net/ethernet/dlink/dl2k.c +@@ -1259,55 +1259,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd) + { + int phy_addr; + struct netdev_private *np = netdev_priv(dev); +- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru; +- +- struct netdev_desc *desc; +- int i; ++ struct mii_ioctl_data *miidata = if_mii(rq); + + phy_addr = np->phy_addr; + switch (cmd) { +- case SIOCDEVPRIVATE: ++ case SIOCGMIIPHY: ++ miidata->phy_id = phy_addr; + break; +- +- case SIOCDEVPRIVATE + 1: +- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num); ++ case SIOCGMIIREG: ++ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num); + break; +- case SIOCDEVPRIVATE + 2: +- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value); ++ case SIOCSMIIREG: ++ if (!capable(CAP_NET_ADMIN)) ++ return -EPERM; ++ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in); + break; +- case SIOCDEVPRIVATE + 3: +- break; +- case SIOCDEVPRIVATE + 4: +- break; +- case SIOCDEVPRIVATE + 5: +- netif_stop_queue (dev); +- break; +- case SIOCDEVPRIVATE + 6: +- netif_wake_queue (dev); +- break; +- case SIOCDEVPRIVATE + 7: +- printk +- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n", +- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx, +- np->old_rx); +- break; +- case SIOCDEVPRIVATE + 8: +- printk("TX ring:\n"); +- for (i = 0; i < TX_RING_SIZE; i++) { +- desc = &np->tx_ring[i]; +- printk +- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x", +- i, +- (u32) (np->tx_ring_dma + i * sizeof (*desc)), +- (u32)le64_to_cpu(desc->next_desc), +- (u32)le64_to_cpu(desc->status), +- (u32)(le64_to_cpu(desc->fraginfo) >> 32), +- (u32)le64_to_cpu(desc->fraginfo)); +- printk ("\n"); +- } +- printk ("\n"); +- break; +- + default: + return -EOPNOTSUPP; + } +diff --git a/drivers/net/ethernet/dlink/dl2k.h b/drivers/net/ethernet/dlink/dl2k.h +index ba0adca..30c2da3 100644 +--- a/drivers/net/ethernet/dlink/dl2k.h ++++ b/drivers/net/ethernet/dlink/dl2k.h +@@ -365,13 +365,6 @@ struct ioctl_data { + char *data; + }; + +-struct mii_data { +- __u16 reserved; +- __u16 reg_num; +- __u16 in_value; +- __u16 out_value; +-}; +- + /* The Rx and Tx buffer descriptors. */ + struct netdev_desc { + __le64 next_desc; diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c index 28a3a9b..d96cb63 100644 --- a/drivers/net/ethernet/dlink/sundance.c @@ -41944,7 +42275,7 @@ index 95053ad..2cc93ca 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index 9c098db..c755da5 100644 +index f624cd0..3d9a559 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c @@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, @@ -42050,7 +42381,7 @@ index 1ff9405..f1e376a 100644 fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 07d096c..851a18b 100644 +index 07d096c..25762af 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42684,7 +43015,7 @@ index 07d096c..851a18b 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -881,11 +1339,36 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,11 +1339,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42707,8 +43038,12 @@ index 07d096c..851a18b 100644 + down_write(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { ++ unsigned long prot = PROT_NONE; ++ + current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; -+ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); ++// if (current->personality & ADDR_NO_RANDOMIZE) ++// prot = PROT_READ; ++ start = do_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); + retval = IS_ERR_VALUE(start) ? start : 0; + } + up_write(¤t->mm->mmap_sem); @@ -42724,7 +43059,7 @@ index 07d096c..851a18b 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1098,7 +1581,7 @@ out: +@@ -1098,7 +1585,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42733,7 +43068,7 @@ index 07d096c..851a18b 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1615,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1619,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42742,7 +43077,7 @@ index 07d096c..851a18b 100644 goto whole; /* -@@ -1354,9 +1837,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1841,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42754,7 +43089,7 @@ index 07d096c..851a18b 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2345,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2349,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42771,7 +43106,7 @@ index 07d096c..851a18b 100644 return size; } -@@ -1963,7 +2446,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2450,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -42780,7 +43115,7 @@ index 07d096c..851a18b 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2460,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2464,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -42793,7 +43128,7 @@ index 07d096c..851a18b 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2479,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2483,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -42802,7 +43137,7 @@ index 07d096c..851a18b 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2490,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2494,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -42810,7 +43145,7 @@ index 07d096c..851a18b 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2515,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2519,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -42819,7 +43154,7 @@ index 07d096c..851a18b 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2528,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -42827,7 +43162,7 @@ index 07d096c..851a18b 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2542,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2546,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -42835,7 +43170,7 @@ index 07d096c..851a18b 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2563,97 @@ out: +@@ -2075,6 +2567,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -43948,7 +44283,7 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 153dee1..ab4ebe9 100644 +index ae42277..32c9035 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,6 +55,13 @@ @@ -44204,7 +44539,7 @@ index 153dee1..ab4ebe9 100644 set_fs(old_fs); return result; } -@@ -1252,7 +1284,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1255,7 +1287,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -44213,7 +44548,7 @@ index 153dee1..ab4ebe9 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1447,6 +1479,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1450,6 +1482,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -44242,7 +44577,7 @@ index 153dee1..ab4ebe9 100644 /* * sys_execve() executes a new program. */ -@@ -1455,6 +1509,11 @@ static int do_execve_common(const char *filename, +@@ -1458,6 +1512,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -44254,7 +44589,7 @@ index 153dee1..ab4ebe9 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1462,6 +1521,8 @@ static int do_execve_common(const char *filename, +@@ -1465,6 +1524,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -44263,7 +44598,7 @@ index 153dee1..ab4ebe9 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1502,12 +1563,27 @@ static int do_execve_common(const char *filename, +@@ -1505,12 +1566,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -44291,7 +44626,7 @@ index 153dee1..ab4ebe9 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1524,24 +1600,65 @@ static int do_execve_common(const char *filename, +@@ -1527,24 +1603,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -44361,7 +44696,7 @@ index 153dee1..ab4ebe9 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1550,6 +1667,14 @@ static int do_execve_common(const char *filename, +@@ -1553,6 +1670,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -44376,7 +44711,7 @@ index 153dee1..ab4ebe9 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1623,7 +1748,7 @@ static int expand_corename(struct core_name *cn) +@@ -1626,7 +1751,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -44385,7 +44720,7 @@ index 153dee1..ab4ebe9 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1720,7 +1845,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1723,7 +1848,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -44394,7 +44729,7 @@ index 153dee1..ab4ebe9 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1817,6 +1942,228 @@ out: +@@ -1820,6 +1945,228 @@ out: return ispipe; } @@ -44623,7 +44958,7 @@ index 153dee1..ab4ebe9 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2014,17 +2361,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2017,17 +2364,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -44646,7 +44981,7 @@ index 153dee1..ab4ebe9 100644 pipe_unlock(pipe); } -@@ -2085,7 +2432,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2088,7 +2435,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -44655,7 +44990,7 @@ index 153dee1..ab4ebe9 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2100,6 +2447,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2103,6 +2450,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -44665,7 +45000,7 @@ index 153dee1..ab4ebe9 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2167,7 +2517,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2170,7 +2520,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -44674,7 +45009,7 @@ index 153dee1..ab4ebe9 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2194,6 +2544,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2197,6 +2547,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -44683,7 +45018,7 @@ index 153dee1..ab4ebe9 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2237,7 +2589,7 @@ close_fail: +@@ -2240,7 +2592,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -44692,7 +45027,7 @@ index 153dee1..ab4ebe9 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2256,7 +2608,7 @@ fail: +@@ -2259,7 +2611,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -47587,10 +47922,10 @@ index 77becc0..aad7bd9 100644 if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; diff --git a/fs/pipe.c b/fs/pipe.c -index a932ced..6495412 100644 +index 82e651b..8a68573 100644 --- a/fs/pipe.c +++ b/fs/pipe.c -@@ -420,9 +420,9 @@ redo: +@@ -437,9 +437,9 @@ redo: } if (bufs) /* More to do? */ continue; @@ -47602,7 +47937,7 @@ index a932ced..6495412 100644 /* syscall merging: Usually we must not sleep * if O_NONBLOCK is set, or if we got some data. * But if a writer sleeps in kernel space, then -@@ -481,7 +481,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, +@@ -503,7 +503,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, mutex_lock(&inode->i_mutex); pipe = inode->i_pipe; @@ -47611,7 +47946,7 @@ index a932ced..6495412 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; goto out; -@@ -530,7 +530,7 @@ redo1: +@@ -552,7 +552,7 @@ redo1: for (;;) { int bufs; @@ -47620,7 +47955,7 @@ index a932ced..6495412 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -616,9 +616,9 @@ redo2: +@@ -643,9 +643,9 @@ redo2: kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } @@ -47632,7 +47967,7 @@ index a932ced..6495412 100644 } out: mutex_unlock(&inode->i_mutex); -@@ -685,7 +685,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -712,7 +712,7 @@ pipe_poll(struct file *filp, poll_table *wait) mask = 0; if (filp->f_mode & FMODE_READ) { mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0; @@ -47641,7 +47976,7 @@ index a932ced..6495412 100644 mask |= POLLHUP; } -@@ -695,7 +695,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -722,7 +722,7 @@ pipe_poll(struct file *filp, poll_table *wait) * Most Unices do not set POLLERR for FIFOs but on Linux they * behave exactly like pipes for poll(). */ @@ -47650,7 +47985,7 @@ index a932ced..6495412 100644 mask |= POLLERR; } -@@ -709,10 +709,10 @@ pipe_release(struct inode *inode, int decr, int decw) +@@ -736,10 +736,10 @@ pipe_release(struct inode *inode, int decr, int decw) mutex_lock(&inode->i_mutex); pipe = inode->i_pipe; @@ -47664,7 +47999,7 @@ index a932ced..6495412 100644 free_pipe_info(inode); } else { wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP); -@@ -802,7 +802,7 @@ pipe_read_open(struct inode *inode, struct file *filp) +@@ -829,7 +829,7 @@ pipe_read_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; @@ -47673,7 +48008,7 @@ index a932ced..6495412 100644 } mutex_unlock(&inode->i_mutex); -@@ -819,7 +819,7 @@ pipe_write_open(struct inode *inode, struct file *filp) +@@ -846,7 +846,7 @@ pipe_write_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; @@ -47682,7 +48017,7 @@ index a932ced..6495412 100644 } mutex_unlock(&inode->i_mutex); -@@ -837,9 +837,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp) +@@ -864,9 +864,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; if (filp->f_mode & FMODE_READ) @@ -47694,7 +48029,7 @@ index a932ced..6495412 100644 } mutex_unlock(&inode->i_mutex); -@@ -931,7 +931,7 @@ void free_pipe_info(struct inode *inode) +@@ -958,7 +958,7 @@ void free_pipe_info(struct inode *inode) inode->i_pipe = NULL; } @@ -47703,7 +48038,7 @@ index a932ced..6495412 100644 /* * pipefs_dname() is called from d_path(). -@@ -961,7 +961,8 @@ static struct inode * get_pipe_inode(void) +@@ -988,7 +988,8 @@ static struct inode * get_pipe_inode(void) goto fail_iput; inode->i_pipe = pipe; @@ -60629,10 +60964,10 @@ index e13117c..e9fc938 100644 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) diff --git a/include/linux/efi.h b/include/linux/efi.h -index 37c3007..92ab679 100644 +index 7cce0ea..c2085e4 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -580,7 +580,7 @@ struct efivar_operations { +@@ -591,7 +591,7 @@ struct efivar_operations { efi_get_variable_t *get_variable; efi_get_next_variable_t *get_next_variable; efi_set_variable_t *set_variable; @@ -62318,7 +62653,7 @@ index 9970337..9444122 100644 int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops); void abx500_remove_ops(struct device *dev); diff --git a/include/linux/mm.h b/include/linux/mm.h -index 17b27cd..467ba2f 100644 +index 17b27cd..baea141 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); @@ -62387,7 +62722,63 @@ index 17b27cd..467ba2f 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1409,6 +1397,7 @@ out: +@@ -1152,8 +1140,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, + { + return 0; + } ++ ++static inline int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, ++ unsigned long address) ++{ ++ return 0; ++} + #else + int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address); ++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address); + #endif + + #ifdef __PAGETABLE_PMD_FOLDED +@@ -1162,8 +1157,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, + { + return 0; + } ++ ++static inline int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, ++ unsigned long address) ++{ ++ return 0; ++} + #else + int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address); ++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address); + #endif + + int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1181,11 +1183,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a + NULL: pud_offset(pgd, address); + } + ++static inline pud_t *pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address) ++{ ++ return (unlikely(pgd_none(*pgd)) && __pud_alloc_kernel(mm, pgd, address))? ++ NULL: pud_offset(pgd, address); ++} ++ + static inline pmd_t *pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) + { + return (unlikely(pud_none(*pud)) && __pmd_alloc(mm, pud, address))? + NULL: pmd_offset(pud, address); + } ++ ++static inline pmd_t *pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address) ++{ ++ return (unlikely(pud_none(*pud)) && __pmd_alloc_kernel(mm, pud, address))? ++ NULL: pmd_offset(pud, address); ++} + #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ + + #if USE_SPLIT_PTLOCKS +@@ -1409,6 +1423,7 @@ out: } extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -62395,7 +62786,7 @@ index 17b27cd..467ba2f 100644 extern unsigned long do_brk(unsigned long, unsigned long); -@@ -1466,6 +1455,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1466,6 +1481,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -62406,7 +62797,7 @@ index 17b27cd..467ba2f 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1494,15 +1487,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1494,15 +1513,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -62422,7 +62813,7 @@ index 17b27cd..467ba2f 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1606,7 +1590,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1606,7 +1616,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -62431,7 +62822,7 @@ index 17b27cd..467ba2f 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1637,5 +1621,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } +@@ -1637,5 +1647,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } static inline bool page_is_guard(struct page *page) { return false; } #endif /* CONFIG_DEBUG_PAGEALLOC */ @@ -62848,10 +63239,10 @@ index 8fc7dd1a..c19d89e 100644 /* diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h -index 77257c9..51d473a 100644 +index 0072a53..c5dcca5 100644 --- a/include/linux/pipe_fs_i.h +++ b/include/linux/pipe_fs_i.h -@@ -46,9 +46,9 @@ struct pipe_buffer { +@@ -47,9 +47,9 @@ struct pipe_buffer { struct pipe_inode_info { wait_queue_head_t wait; unsigned int nrbufs, curbuf, buffers; @@ -66001,7 +66392,7 @@ index 1b5c081..c375f83 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index 4b4042f..5bdd8d5 100644 +index 46c8b14..d868958 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -58,6 +58,10 @@ @@ -66053,7 +66444,7 @@ index 4b4042f..5bdd8d5 100644 /* * If we were started as result of loading a module, close all of the * user space pages. We don't need them, and if we didn't close them -@@ -892,6 +911,8 @@ void do_exit(long code) +@@ -873,6 +892,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -66062,7 +66453,7 @@ index 4b4042f..5bdd8d5 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -908,7 +929,6 @@ void do_exit(long code) +@@ -889,7 +910,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -66070,7 +66461,7 @@ index 4b4042f..5bdd8d5 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -969,6 +989,9 @@ void do_exit(long code) +@@ -950,6 +970,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -66080,7 +66471,7 @@ index 4b4042f..5bdd8d5 100644 exit_mm(tsk); if (group_dead) -@@ -1085,7 +1108,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -1066,7 +1089,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signals * as well as by sys_exit_group (below). */ @@ -68682,10 +69073,10 @@ index e8a1f83..363d17d 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index b342f57..00324a0 100644 +index 478a04c..6970d99 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -3143,6 +3143,19 @@ pick_next_task(struct rq *rq) +@@ -3142,6 +3142,19 @@ pick_next_task(struct rq *rq) BUG(); /* the idle class will always have a runnable task */ } @@ -68705,7 +69096,7 @@ index b342f57..00324a0 100644 /* * __schedule() is the main scheduler function. */ -@@ -3162,6 +3175,8 @@ need_resched: +@@ -3161,6 +3174,8 @@ need_resched: schedule_debug(prev); @@ -68714,7 +69105,7 @@ index b342f57..00324a0 100644 if (sched_feat(HRTICK)) hrtick_clear(rq); -@@ -3852,6 +3867,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3851,6 +3866,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -68723,7 +69114,7 @@ index b342f57..00324a0 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3885,7 +3902,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3884,7 +3901,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -68733,7 +69124,7 @@ index b342f57..00324a0 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -4042,6 +4060,7 @@ recheck: +@@ -4041,6 +4059,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -68755,7 +69146,7 @@ index aca16b8..8e3acc4 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index c73c428..7040057 100644 +index b09cf3b..b291c66 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -46,12 +46,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -68864,7 +69255,7 @@ index c73c428..7040057 100644 return ret; } -@@ -2820,7 +2843,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2829,7 +2852,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -69852,7 +70243,7 @@ index fd3c8aa..5f324a6 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 0d6ff35..67e0ed7 100644 +index d9c07f0..c1eeceb 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, struct path *path) @@ -70591,7 +70982,7 @@ index 56080ea..115071e 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 10b4dda..764ee07 100644 +index 10b4dda..b1f60ad 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -71148,7 +71539,62 @@ index 10b4dda..764ee07 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3618,7 +3856,7 @@ static int __init gate_vma_init(void) +@@ -3551,6 +3789,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) + spin_unlock(&mm->page_table_lock); + return 0; + } ++ ++int __pud_alloc_kernel(struct mm_struct *mm, pgd_t *pgd, unsigned long address) ++{ ++ pud_t *new = pud_alloc_one(mm, address); ++ if (!new) ++ return -ENOMEM; ++ ++ smp_wmb(); /* See comment in __pte_alloc */ ++ ++ spin_lock(&mm->page_table_lock); ++ if (pgd_present(*pgd)) /* Another has populated it */ ++ pud_free(mm, new); ++ else ++ pgd_populate_kernel(mm, pgd, new); ++ spin_unlock(&mm->page_table_lock); ++ return 0; ++} + #endif /* __PAGETABLE_PUD_FOLDED */ + + #ifndef __PAGETABLE_PMD_FOLDED +@@ -3581,6 +3836,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) + spin_unlock(&mm->page_table_lock); + return 0; + } ++ ++int __pmd_alloc_kernel(struct mm_struct *mm, pud_t *pud, unsigned long address) ++{ ++ pmd_t *new = pmd_alloc_one(mm, address); ++ if (!new) ++ return -ENOMEM; ++ ++ smp_wmb(); /* See comment in __pte_alloc */ ++ ++ spin_lock(&mm->page_table_lock); ++#ifndef __ARCH_HAS_4LEVEL_HACK ++ if (pud_present(*pud)) /* Another has populated it */ ++ pmd_free(mm, new); ++ else ++ pud_populate_kernel(mm, pud, new); ++#else ++ if (pgd_present(*pud)) /* Another has populated it */ ++ pmd_free(mm, new); ++ else ++ pgd_populate_kernel(mm, pud, new); ++#endif /* __ARCH_HAS_4LEVEL_HACK */ ++ spin_unlock(&mm->page_table_lock); ++ return 0; ++} + #endif /* __PAGETABLE_PMD_FOLDED */ + + int make_pages_present(unsigned long addr, unsigned long end) +@@ -3618,7 +3897,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -73987,6 +74433,28 @@ index 0342a5d..8180ae9 100644 static int __init slab_sysfs_init(void) { +diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c +index 1b7e22a..3fcd4f3 100644 +--- a/mm/sparse-vmemmap.c ++++ b/mm/sparse-vmemmap.c +@@ -128,7 +128,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node) + void *p = vmemmap_alloc_block(PAGE_SIZE, node); + if (!p) + return NULL; +- pud_populate(&init_mm, pud, p); ++ pud_populate_kernel(&init_mm, pud, p); + } + return pud; + } +@@ -140,7 +140,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node) + void *p = vmemmap_alloc_block(PAGE_SIZE, node); + if (!p) + return NULL; +- pgd_populate(&init_mm, pgd, p); ++ pgd_populate_kernel(&init_mm, pgd, p); + } + return pgd; + } diff --git a/mm/swap.c b/mm/swap.c index 14380e9..e244704 100644 --- a/mm/swap.c @@ -74077,7 +74545,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 86ce9a5..bc498f3 100644 +index 86ce9a5..e0bd080 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -74146,6 +74614,24 @@ index 86ce9a5..bc498f3 100644 } static int vmap_pmd_range(pud_t *pud, unsigned long addr, +@@ -119,7 +144,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr, + pmd_t *pmd; + unsigned long next; + +- pmd = pmd_alloc(&init_mm, pud, addr); ++ pmd = pmd_alloc_kernel(&init_mm, pud, addr); + if (!pmd) + return -ENOMEM; + do { +@@ -136,7 +161,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr, + pud_t *pud; + unsigned long next; + +- pud = pud_alloc(&init_mm, pgd, addr); ++ pud = pud_alloc_kernel(&init_mm, pgd, addr); + if (!pud) + return -ENOMEM; + do { @@ -191,11 +216,20 @@ int is_vmalloc_or_module_addr(const void *x) * and fall back on vmalloc() if that fails. Others * just put it in the vmalloc space. @@ -84456,10 +84942,10 @@ index 0000000..9ec45ae +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..255439f +index 0000000..4ec0934 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1110 @@ +@@ -0,0 +1,1150 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -84514,12 +85000,13 @@ index 0000000..255439f + +#define __unused __attribute__((__unused__)) +#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node)) ++#define NAME_LEN(node) IDENTIFIER_LENGTH(DECL_NAME(node)) +#define BEFORE_STMT true +#define AFTER_STMT false +#define CREATE_NEW_VAR NULL_TREE + +int plugin_is_GPL_compatible; -+void debug_gimple_stmt (gimple gs); ++void debug_gimple_stmt(gimple gs); + +static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); +static tree signed_size_overflow_type; @@ -84527,9 +85014,10 @@ index 0000000..255439f +static tree report_size_overflow_decl; +static tree const_char_ptr_type_node; +static unsigned int handle_function(void); ++static bool file_match = true; + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120409beta", ++ .version = "20120502beta", + .help = "no-size_overflow\tturn off size overflow checking\n", +}; + @@ -84658,7 +85146,9 @@ index 0000000..255439f + return; + + hash = get_function_hash(func); -+ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file)) ++ if (hash->name && !strcmp(hash->name, NAME(func))) ++ return; ++ if (file_match && hash->file && !strcmp(hash->file, xloc.file)) + return; + + gcc_assert(TREE_CODE(arg) != COMPONENT_REF); @@ -84771,6 +85261,25 @@ index 0000000..255439f + + stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt)); + gsi = gsi_for_stmt(oldstmt); ++ if (lookup_stmt_eh_lp(oldstmt) != 0) { ++ basic_block next_bb, cur_bb; ++ edge e; ++ ++ gcc_assert(before == false); ++ gcc_assert(stmt_can_throw_internal(oldstmt)); ++ gcc_assert(gimple_code(oldstmt) == GIMPLE_CALL); ++ gcc_assert(!gsi_end_p(gsi)); ++ ++ cur_bb = gimple_bb(oldstmt); ++ next_bb = cur_bb->next_bb; ++ e = find_edge(cur_bb, next_bb); ++ gcc_assert(e != NULL); ++ gcc_assert(e->flags & EDGE_FALLTHRU); ++ ++ gsi = gsi_after_labels(next_bb); ++ gcc_assert(!gsi_end_p(gsi)); ++ before = true; ++ } + if (before) + gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); + else @@ -84901,7 +85410,7 @@ index 0000000..255439f + newstmt = gimple_build_assign(new_var, new_rhs); + break; + case GIMPLE_ASSIGN: -+ newstmt = gimple_copy(def_newstmt); ++ newstmt = gimple_build_assign(new_var, gimple_get_lhs(def_newstmt)); + break; + default: + /* unknown gimple_code (handle_build_new_phi_arg) */ @@ -84910,6 +85419,7 @@ index 0000000..255439f + + gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); + gsi_insert(&gsi, newstmt, GSI_NEW_STMT); ++ update_stmt(newstmt); + return newstmt; +} + @@ -84924,7 +85434,6 @@ index 0000000..255439f + return NULL_TREE; + + newstmt = handle_new_phi_arg(arg, new_var, new_rhs); -+ update_stmt(newstmt); + return gimple_get_lhs(newstmt); +} + @@ -84981,6 +85490,7 @@ index 0000000..255439f + return handle_unary_rhs(visited, potentionally_overflowed, var); + + case ARRAY_REF: ++ case BIT_FIELD_REF: + case ADDR_EXPR: + case COMPONENT_REF: + case COND_EXPR: @@ -85012,9 +85522,19 @@ index 0000000..255439f + +static tree create_string_param(tree string) +{ -+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); ++ tree i_type, a_type; ++ int length = TREE_STRING_LENGTH(string); + -+ return build1(ADDR_EXPR, ptr_type_node, array_ref); ++ gcc_assert(length > 0); ++ ++ i_type = build_index_type(build_int_cst(NULL_TREE, length - 1)); ++ a_type = build_array_type(char_type_node, i_type); ++ ++ TREE_TYPE(string) = a_type; ++ TREE_CONSTANT(string) = 1; ++ TREE_READONLY(string) = 1; ++ ++ return build1(ADDR_EXPR, ptr_type_node, string); +} + +static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) @@ -85035,12 +85555,10 @@ index 0000000..255439f + + loc_line = build_int_cstu(unsigned_type_node, xloc.line); + -+ loc_file = build_string(strlen(xloc.file), xloc.file); -+ TREE_TYPE(loc_file) = char_array_type_node; ++ loc_file = build_string(strlen(xloc.file) + 1, xloc.file); + loc_file = create_string_param(loc_file); + -+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); -+ TREE_TYPE(current_func) = char_array_type_node; ++ current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl)); + current_func = create_string_param(current_func); + + // void report_size_overflow(const char *file, unsigned int line, const char *func) @@ -85441,9 +85959,13 @@ index 0000000..255439f + xloc = expand_location(DECL_SOURCE_LOCATION(fndecl)); + + fndecl = get_original_function_decl(fndecl); -+ if (!hash->name || !hash->file) ++ if (!hash->name) + return; -+ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file)) ++ if (file_match && !hash->file) ++ return; ++ if (strcmp(hash->name, NAME(fndecl))) ++ return; ++ if (file_match && strcmp(hash->file, xloc.file)) + return; + +#define search_param(argnum) \ @@ -85526,6 +86048,7 @@ index 0000000..255439f + NULL_TREE); + report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype); + ++ DECL_ASSEMBLER_NAME(report_size_overflow_decl); + TREE_PUBLIC(report_size_overflow_decl) = 1; + DECL_EXTERNAL(report_size_overflow_decl) = 1; + DECL_ARTIFICIAL(report_size_overflow_decl) = 1; @@ -85554,9 +86077,12 @@ index 0000000..255439f + } + + for (i = 0; i < argc; ++i) { -+ if (!(strcmp(argv[i].key, "no-size_overflow"))) { ++ if (!strcmp(argv[i].key, "no-size-overflow")) { + enable = false; + continue; ++ } else if (!(strcmp(argv[i].key, "no-file-match"))) { ++ file_match = false; ++ continue; + } + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } diff --git a/3.3.4/4430_grsec-remove-localversion-grsec.patch b/3.3.5/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.3.4/4430_grsec-remove-localversion-grsec.patch +++ b/3.3.5/4430_grsec-remove-localversion-grsec.patch diff --git a/3.3.4/4435_grsec-mute-warnings.patch b/3.3.5/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.3.4/4435_grsec-mute-warnings.patch +++ b/3.3.5/4435_grsec-mute-warnings.patch diff --git a/3.3.4/4440_grsec-remove-protected-paths.patch b/3.3.5/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.3.4/4440_grsec-remove-protected-paths.patch +++ b/3.3.5/4440_grsec-remove-protected-paths.patch diff --git a/3.3.4/4445_grsec-pax-without-grsec.patch b/3.3.5/4445_grsec-pax-without-grsec.patch index 35255c2..35255c2 100644 --- a/3.3.4/4445_grsec-pax-without-grsec.patch +++ b/3.3.5/4445_grsec-pax-without-grsec.patch diff --git a/3.3.4/4450_grsec-kconfig-default-gids.patch b/3.3.5/4450_grsec-kconfig-default-gids.patch index 123f877..123f877 100644 --- a/3.3.4/4450_grsec-kconfig-default-gids.patch +++ b/3.3.5/4450_grsec-kconfig-default-gids.patch diff --git a/3.3.4/4455_grsec-kconfig-gentoo.patch b/3.3.5/4455_grsec-kconfig-gentoo.patch index 1ce4ccf..1ce4ccf 100644 --- a/3.3.4/4455_grsec-kconfig-gentoo.patch +++ b/3.3.5/4455_grsec-kconfig-gentoo.patch diff --git a/3.3.4/4460-grsec-kconfig-proc-user.patch b/3.3.5/4460-grsec-kconfig-proc-user.patch index b2b3188..b2b3188 100644 --- a/3.3.4/4460-grsec-kconfig-proc-user.patch +++ b/3.3.5/4460-grsec-kconfig-proc-user.patch diff --git a/3.3.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.5/4465_selinux-avc_audit-log-curr_ip.patch index 5a9d80c..5a9d80c 100644 --- a/3.3.4/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.3.5/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.3.4/4470_disable-compat_vdso.patch b/3.3.5/4470_disable-compat_vdso.patch index c40f44f..c40f44f 100644 --- a/3.3.4/4470_disable-compat_vdso.patch +++ b/3.3.5/4470_disable-compat_vdso.patch |