summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-10-30 21:41:49 -0400
committerAnthony G. Basile <blueness@gentoo.org>2012-10-30 21:47:57 -0400
commit816c520da7b92aaf0468201a56df25d646368cfe (patch)
tree8d1c584f7ed7d576b50632e6ad8cd559c102dc87
parentGrsec/PaX: 2.9.1-2.6.32.60-201210252043 (diff)
downloadhardened-patchset-816c520da7b92aaf0468201a56df25d646368cfe.tar.gz
hardened-patchset-816c520da7b92aaf0468201a56df25d646368cfe.tar.bz2
hardened-patchset-816c520da7b92aaf0468201a56df25d646368cfe.zip
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.32,3.6.4}-20121029144620121029
-rw-r--r--2.6.32/0000_README2
-rw-r--r--2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch)150
-rw-r--r--3.2.32/0000_README2
-rw-r--r--3.2.32/4420_grsecurity-2.9.1-3.2.32-201210291445.patch (renamed from 3.2.32/4420_grsecurity-2.9.1-3.2.32-201210231935.patch)142
-rw-r--r--3.6.3/1002_linux-3.6.3.patch3132
-rw-r--r--3.6.4/0000_README (renamed from 3.6.3/0000_README)6
-rw-r--r--3.6.4/4420_grsecurity-2.9.1-3.6.4-201210291446.patch (renamed from 3.6.3/4420_grsecurity-2.9.1-3.6.3-201210231942.patch)337
-rw-r--r--3.6.4/4430_grsec-remove-localversion-grsec.patch (renamed from 3.6.3/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.6.4/4435_grsec-mute-warnings.patch (renamed from 3.6.3/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.6.4/4440_grsec-remove-protected-paths.patch (renamed from 3.6.3/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.6.4/4450_grsec-kconfig-default-gids.patch (renamed from 3.6.3/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.6.4/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.6.3/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.6.4/4470_disable-compat_vdso.patch (renamed from 3.6.3/4470_disable-compat_vdso.patch)0
13 files changed, 335 insertions, 3436 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index b6ced4c..288d745 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch
+Patch: 4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch
index 163e0f6..489cffc 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch
@@ -5317,7 +5317,7 @@ index 9b86681..c5140db 100644
#define __read_mostly __attribute__((__section__(".data.read_mostly")))
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
-index e885442..5b0c9aa 100644
+index e885442..5b0c9aa3 100644
--- a/arch/s390/include/asm/elf.h
+++ b/arch/s390/include/asm/elf.h
@@ -164,6 +164,13 @@ extern unsigned int vdso_enabled;
@@ -18897,7 +18897,7 @@ index 4f8e250..df24706 100644
#ifdef CONFIG_BLK_DEV_INITRD
/* Reserve INITRD */
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index 34c3308..6fc4e76 100644
+index 34c3308..162120a 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -19,10 +19,17 @@
@@ -18961,7 +18961,7 @@ index 34c3308..6fc4e76 100644
/* test KEEP_SEGMENTS flag to see if the bootloader is asking
us to not reload segments */
testb $(1<<6), BP_loadflags(%esi)
-@@ -95,7 +113,60 @@ ENTRY(startup_32)
+@@ -95,7 +113,62 @@ ENTRY(startup_32)
movl %eax,%es
movl %eax,%fs
movl %eax,%gs
@@ -18972,13 +18972,13 @@ index 34c3308..6fc4e76 100644
+#ifdef CONFIG_SMP
+ movl $pa(cpu_gdt_table),%edi
+ movl $__per_cpu_load,%eax
-+ movw %ax,__KERNEL_PERCPU + 2(%edi)
++ movw %ax,GDT_ENTRY_PERCPU * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__KERNEL_PERCPU + 4(%edi)
-+ movb %ah,__KERNEL_PERCPU + 7(%edi)
++ movb %al,GDT_ENTRY_PERCPU * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_PERCPU * 8 + 7(%edi)
+ movl $__per_cpu_end - 1,%eax
+ subl $__per_cpu_start,%eax
-+ movw %ax,__KERNEL_PERCPU + 0(%edi)
++ movw %ax,GDT_ENTRY_PERCPU * 8 + 0(%edi)
+#endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
@@ -18995,10 +18995,10 @@ index 34c3308..6fc4e76 100644
+#ifdef CONFIG_PAX_KERNEXEC
+ movl $pa(boot_gdt),%edi
+ movl $__LOAD_PHYSICAL_ADDR,%eax
-+ movw %ax,__BOOT_CS + 2(%edi)
++ movw %ax,GDT_ENTRY_BOOT_CS * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__BOOT_CS + 4(%edi)
-+ movb %ah,__BOOT_CS + 7(%edi)
++ movb %al,GDT_ENTRY_BOOT_CS * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_BOOT_CS * 8 + 7(%edi)
+ rorl $16,%eax
+
+ ljmp $(__BOOT_CS),$1f
@@ -19008,13 +19008,15 @@ index 34c3308..6fc4e76 100644
+ movl $pa(cpu_gdt_table),%edi
+ addl $__PAGE_OFFSET,%eax
+1:
-+ movw %ax,__KERNEL_CS + 2(%edi)
-+ movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi)
++ movb $0xc0,GDT_ENTRY_KERNEL_CS * 8 + 6(%edi)
++ movb $0xc0,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 6(%edi)
++ movw %ax,GDT_ENTRY_KERNEL_CS * 8 + 2(%edi)
++ movw %ax,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__KERNEL_CS + 4(%edi)
-+ movb %al,__KERNEXEC_KERNEL_CS + 4(%edi)
-+ movb %ah,__KERNEL_CS + 7(%edi)
-+ movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi)
++ movb %al,GDT_ENTRY_KERNEL_CS * 8 + 4(%edi)
++ movb %al,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_KERNEL_CS * 8 + 7(%edi)
++ movb %ah,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 7(%edi)
+ rorl $16,%eax
+ addl $PAGE_SIZE_asm,%edi
+ loop 1b
@@ -19022,7 +19024,7 @@ index 34c3308..6fc4e76 100644
/*
* Clear BSS first so that there are no surprises...
-@@ -140,9 +211,7 @@ ENTRY(startup_32)
+@@ -140,9 +213,7 @@ ENTRY(startup_32)
cmpl $num_subarch_entries, %eax
jae bad_subarch
@@ -19033,7 +19035,7 @@ index 34c3308..6fc4e76 100644
bad_subarch:
WEAK(lguest_entry)
-@@ -154,10 +223,10 @@ WEAK(xen_entry)
+@@ -154,10 +225,10 @@ WEAK(xen_entry)
__INITDATA
subarch_entries:
@@ -19048,7 +19050,7 @@ index 34c3308..6fc4e76 100644
num_subarch_entries = (. - subarch_entries) / 4
.previous
#endif /* CONFIG_PARAVIRT */
-@@ -218,8 +287,11 @@ default_entry:
+@@ -218,8 +289,11 @@ default_entry:
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -19062,7 +19064,7 @@ index 34c3308..6fc4e76 100644
#else /* Not PAE */
page_pde_offset = (__PAGE_OFFSET >> 20);
-@@ -249,8 +321,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -249,8 +323,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -19076,7 +19078,7 @@ index 34c3308..6fc4e76 100644
#endif
jmp 3f
/*
-@@ -272,6 +347,9 @@ ENTRY(startup_32_smp)
+@@ -272,6 +349,9 @@ ENTRY(startup_32_smp)
movl %eax,%es
movl %eax,%fs
movl %eax,%gs
@@ -19086,7 +19088,7 @@ index 34c3308..6fc4e76 100644
#endif /* CONFIG_SMP */
3:
-@@ -297,6 +375,7 @@ ENTRY(startup_32_smp)
+@@ -297,6 +377,7 @@ ENTRY(startup_32_smp)
orl %edx,%eax
movl %eax,%cr4
@@ -19094,7 +19096,7 @@ index 34c3308..6fc4e76 100644
btl $5, %eax # check if PAE is enabled
jnc 6f
-@@ -305,6 +384,10 @@ ENTRY(startup_32_smp)
+@@ -305,6 +386,10 @@ ENTRY(startup_32_smp)
cpuid
cmpl $0x80000000, %eax
jbe 6f
@@ -19105,7 +19107,7 @@ index 34c3308..6fc4e76 100644
mov $0x80000001, %eax
cpuid
/* Execute Disable bit supported? */
-@@ -312,13 +395,17 @@ ENTRY(startup_32_smp)
+@@ -312,13 +397,17 @@ ENTRY(startup_32_smp)
jnc 6f
/* Setup EFER (Extended Feature Enable Register) */
@@ -19124,7 +19126,7 @@ index 34c3308..6fc4e76 100644
6:
/*
-@@ -331,8 +418,8 @@ ENTRY(startup_32_smp)
+@@ -331,8 +420,8 @@ ENTRY(startup_32_smp)
movl %eax,%cr0 /* ..and set paging (PG) bit */
ljmp $__BOOT_CS,$1f /* Clear prefetch and normalize %eip */
1:
@@ -19135,7 +19137,7 @@ index 34c3308..6fc4e76 100644
/*
* Initialize eflags. Some BIOS's leave bits like NT set. This would
-@@ -344,9 +431,7 @@ ENTRY(startup_32_smp)
+@@ -344,9 +433,7 @@ ENTRY(startup_32_smp)
#ifdef CONFIG_SMP
cmpb $0, ready
@@ -19146,7 +19148,7 @@ index 34c3308..6fc4e76 100644
#endif /* CONFIG_SMP */
/*
-@@ -424,7 +509,7 @@ is386: movl $2,%ecx # set MP
+@@ -424,7 +511,7 @@ is386: movl $2,%ecx # set MP
1: movl $(__KERNEL_DS),%eax # reload all the segment registers
movl %eax,%ss # after changing gdt.
@@ -19155,7 +19157,7 @@ index 34c3308..6fc4e76 100644
movl %eax,%ds
movl %eax,%es
-@@ -438,15 +523,22 @@ is386: movl $2,%ecx # set MP
+@@ -438,15 +525,22 @@ is386: movl $2,%ecx # set MP
*/
cmpb $0,ready
jne 1f
@@ -19180,7 +19182,7 @@ index 34c3308..6fc4e76 100644
movl %eax,%gs
xorl %eax,%eax # Clear LDT
-@@ -454,14 +546,7 @@ is386: movl $2,%ecx # set MP
+@@ -454,14 +548,7 @@ is386: movl $2,%ecx # set MP
cld # gcc2 wants the direction flag cleared at all times
pushl $0 # fake return address for unwinder
@@ -19195,7 +19197,7 @@ index 34c3308..6fc4e76 100644
jmp *(initial_code)
/*
-@@ -546,22 +631,22 @@ early_page_fault:
+@@ -546,22 +633,22 @@ early_page_fault:
jmp early_fault
early_fault:
@@ -19223,7 +19225,7 @@ index 34c3308..6fc4e76 100644
hlt_loop:
hlt
jmp hlt_loop
-@@ -569,8 +654,11 @@ hlt_loop:
+@@ -569,8 +656,11 @@ hlt_loop:
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
@@ -19236,7 +19238,7 @@ index 34c3308..6fc4e76 100644
pushl %eax
pushl %ecx
pushl %edx
-@@ -579,9 +667,6 @@ ignore_int:
+@@ -579,9 +669,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
@@ -19246,7 +19248,7 @@ index 34c3308..6fc4e76 100644
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -600,6 +685,8 @@ ignore_int:
+@@ -600,6 +687,8 @@ ignore_int:
#endif
iret
@@ -19255,7 +19257,7 @@ index 34c3308..6fc4e76 100644
__REFDATA
.align 4
ENTRY(initial_code)
-@@ -610,31 +697,47 @@ ENTRY(initial_page_table)
+@@ -610,31 +699,47 @@ ENTRY(initial_page_table)
/*
* BSS section
*/
@@ -19308,7 +19310,7 @@ index 34c3308..6fc4e76 100644
ENTRY(swapper_pg_dir)
.long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -653,15 +756,24 @@ ENTRY(swapper_pg_dir)
+@@ -653,15 +758,24 @@ ENTRY(swapper_pg_dir)
# error "Kernel PMDs should be 1, 2 or 3"
# endif
.align PAGE_SIZE_asm /* needs to be page-sized too */
@@ -19335,7 +19337,7 @@ index 34c3308..6fc4e76 100644
early_recursion_flag:
.long 0
-@@ -697,7 +809,7 @@ fault_msg:
+@@ -697,7 +811,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -19344,7 +19346,7 @@ index 34c3308..6fc4e76 100644
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -708,7 +820,7 @@ idt_descr:
+@@ -708,7 +822,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -19353,7 +19355,7 @@ index 34c3308..6fc4e76 100644
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -717,5 +829,65 @@ ENTRY(early_gdt_descr)
+@@ -717,5 +831,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -27115,7 +27117,7 @@ index f46c3407..f7e72b0 100644
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 73ffd55..2cb04d8 100644
+index 73ffd55..5c2a82a 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -13,6 +13,7 @@
@@ -27181,7 +27183,7 @@ index 73ffd55..2cb04d8 100644
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -377,8 +396,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -377,8 +396,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
#endif
}
@@ -27235,6 +27237,7 @@ index 73ffd55..2cb04d8 100644
+ for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
+ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
+ }
+
+ /* PaX: make KERNEL_CS read-only */
@@ -74298,7 +74301,7 @@ index 0133b5a..3710d09 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index a64fde6..1535e95 100644
+index a64fde6..89649d4 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -31,6 +31,7 @@
@@ -74395,7 +74398,13 @@ index a64fde6..1535e95 100644
return -EFAULT;
return 0;
}
-@@ -385,10 +406,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -380,15 +401,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
+ an ELF header */
+
+ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+- struct file *interpreter, unsigned long *interp_map_addr,
+- unsigned long no_base)
++ struct file *interpreter, unsigned long no_base)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
@@ -74408,7 +74417,7 @@ index a64fde6..1535e95 100644
unsigned long total_size;
int retval, i, size;
-@@ -434,6 +455,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -434,6 +454,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
goto out_close;
}
@@ -74420,7 +74429,16 @@ index a64fde6..1535e95 100644
eppnt = elf_phdata;
for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
-@@ -477,8 +503,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -457,8 +482,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+ map_addr = elf_map(interpreter, load_addr + vaddr,
+ eppnt, elf_prot, elf_type, total_size);
+ total_size = 0;
+- if (!*interp_map_addr)
+- *interp_map_addr = map_addr;
+ error = map_addr;
+ if (BAD_ADDR(map_addr))
+ goto out_close;
+@@ -477,8 +500,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
k = load_addr + eppnt->p_vaddr;
if (BAD_ADDR(k) ||
eppnt->p_filesz > eppnt->p_memsz ||
@@ -74431,7 +74449,7 @@ index a64fde6..1535e95 100644
error = -ENOMEM;
goto out_close;
}
-@@ -532,6 +558,311 @@ out:
+@@ -532,6 +555,311 @@ out:
return error;
}
@@ -74743,7 +74761,7 @@ index a64fde6..1535e95 100644
/*
* These are the functions used to load ELF style executables and shared
* libraries. There is no binary dependent code anywhere else.
-@@ -548,6 +879,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
+@@ -548,6 +876,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
@@ -74755,7 +74773,7 @@ index a64fde6..1535e95 100644
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
-@@ -566,7 +902,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -566,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
@@ -74764,7 +74782,7 @@ index a64fde6..1535e95 100644
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -576,11 +912,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -576,11 +909,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc = 0;
int executable_stack = EXSTACK_DEFAULT;
@@ -74777,7 +74795,7 @@ index a64fde6..1535e95 100644
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -718,11 +1054,80 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -718,11 +1051,80 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
/* OK, This is the point of no return */
current->flags &= ~PF_FORKNOEXEC;
@@ -74859,7 +74877,7 @@ index a64fde6..1535e95 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -800,10 +1205,27 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -800,10 +1202,27 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
* might try to exec. This is because the brk will
* follow the loader, and is not movable. */
#ifdef CONFIG_X86
@@ -74888,7 +74906,7 @@ index a64fde6..1535e95 100644
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -836,9 +1258,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -836,9 +1255,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -74901,7 +74919,7 @@ index a64fde6..1535e95 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -877,11 +1299,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -877,17 +1296,43 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -74943,9 +74961,15 @@ index a64fde6..1535e95 100644
+#endif
+
if (elf_interpreter) {
- unsigned long uninitialized_var(interp_map_addr);
-
-@@ -1112,8 +1563,10 @@ static int dump_seek(struct file *file, loff_t off)
+- unsigned long uninitialized_var(interp_map_addr);
+-
+ elf_entry = load_elf_interp(&loc->interp_elf_ex,
+ interpreter,
+- &interp_map_addr,
+ load_bias);
+ if (!IS_ERR((void *)elf_entry)) {
+ /*
+@@ -1112,8 +1557,10 @@ static int dump_seek(struct file *file, loff_t off)
unsigned long n = off;
if (n > PAGE_SIZE)
n = PAGE_SIZE;
@@ -74957,7 +74981,7 @@ index a64fde6..1535e95 100644
off -= n;
}
free_page((unsigned long)buf);
-@@ -1125,7 +1578,7 @@ static int dump_seek(struct file *file, loff_t off)
+@@ -1125,7 +1572,7 @@ static int dump_seek(struct file *file, loff_t off)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -74966,7 +74990,7 @@ index a64fde6..1535e95 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1159,7 +1612,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1159,7 +1606,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -74975,7 +74999,7 @@ index a64fde6..1535e95 100644
goto whole;
/*
-@@ -1255,8 +1708,11 @@ static int writenote(struct memelfnote *men, struct file *file,
+@@ -1255,8 +1702,11 @@ static int writenote(struct memelfnote *men, struct file *file,
#undef DUMP_WRITE
#define DUMP_WRITE(addr, nr) \
@@ -74988,7 +75012,7 @@ index a64fde6..1535e95 100644
static void fill_elf_header(struct elfhdr *elf, int segs,
u16 machine, u32 flags, u8 osabi)
-@@ -1385,9 +1841,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1385,9 +1835,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -75000,7 +75024,7 @@ index a64fde6..1535e95 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1973,7 +2429,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
+@@ -1973,7 +2423,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -75009,7 +75033,7 @@ index a64fde6..1535e95 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2006,7 +2462,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
+@@ -2006,7 +2456,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
unsigned long addr;
unsigned long end;
@@ -75018,7 +75042,7 @@ index a64fde6..1535e95 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2015,6 +2471,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
+@@ -2015,6 +2465,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -75026,7 +75050,7 @@ index a64fde6..1535e95 100644
stop = ((size += PAGE_SIZE) > limit) ||
!dump_write(file, kaddr, PAGE_SIZE);
kunmap(page);
-@@ -2042,6 +2499,97 @@ out:
+@@ -2042,6 +2493,97 @@ out:
#endif /* USE_ELF_CORE_DUMP */
diff --git a/3.2.32/0000_README b/3.2.32/0000_README
index c7a52ad..037da24 100644
--- a/3.2.32/0000_README
+++ b/3.2.32/0000_README
@@ -46,7 +46,7 @@ Patch: 1031_linux-3.2.32.patch
From: http://www.kernel.org
Desc: Linux 3.2.32
-Patch: 4420_grsecurity-2.9.1-3.2.32-201210231935.patch
+Patch: 4420_grsecurity-2.9.1-3.2.32-201210291445.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210231935.patch b/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210291445.patch
index 23c9278..7d16a10 100644
--- a/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210231935.patch
+++ b/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210291445.patch
@@ -16888,7 +16888,7 @@ index 3bb0850..55a56f4 100644
#ifdef CONFIG_BLK_DEV_INITRD
/* Reserve INITRD */
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index ce0be7c..c41476e 100644
+index ce0be7c..1252d68 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -25,6 +25,12 @@
@@ -16944,20 +16944,20 @@ index ce0be7c..c41476e 100644
ENTRY(startup_32)
movl pa(stack_start),%ecx
-@@ -105,6 +120,57 @@ ENTRY(startup_32)
+@@ -105,6 +120,59 @@ ENTRY(startup_32)
2:
leal -__PAGE_OFFSET(%ecx),%esp
+#ifdef CONFIG_SMP
+ movl $pa(cpu_gdt_table),%edi
+ movl $__per_cpu_load,%eax
-+ movw %ax,__KERNEL_PERCPU + 2(%edi)
++ movw %ax,GDT_ENTRY_PERCPU * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__KERNEL_PERCPU + 4(%edi)
-+ movb %ah,__KERNEL_PERCPU + 7(%edi)
++ movb %al,GDT_ENTRY_PERCPU * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_PERCPU * 8 + 7(%edi)
+ movl $__per_cpu_end - 1,%eax
+ subl $__per_cpu_start,%eax
-+ movw %ax,__KERNEL_PERCPU + 0(%edi)
++ movw %ax,GDT_ENTRY_PERCPU * 8 + 0(%edi)
+#endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
@@ -16974,10 +16974,10 @@ index ce0be7c..c41476e 100644
+#ifdef CONFIG_PAX_KERNEXEC
+ movl $pa(boot_gdt),%edi
+ movl $__LOAD_PHYSICAL_ADDR,%eax
-+ movw %ax,__BOOT_CS + 2(%edi)
++ movw %ax,GDT_ENTRY_BOOT_CS * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__BOOT_CS + 4(%edi)
-+ movb %ah,__BOOT_CS + 7(%edi)
++ movb %al,GDT_ENTRY_BOOT_CS * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_BOOT_CS * 8 + 7(%edi)
+ rorl $16,%eax
+
+ ljmp $(__BOOT_CS),$1f
@@ -16987,13 +16987,15 @@ index ce0be7c..c41476e 100644
+ movl $pa(cpu_gdt_table),%edi
+ addl $__PAGE_OFFSET,%eax
+1:
-+ movw %ax,__KERNEL_CS + 2(%edi)
-+ movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi)
++ movb $0xc0,GDT_ENTRY_KERNEL_CS * 8 + 6(%edi)
++ movb $0xc0,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 6(%edi)
++ movw %ax,GDT_ENTRY_KERNEL_CS * 8 + 2(%edi)
++ movw %ax,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__KERNEL_CS + 4(%edi)
-+ movb %al,__KERNEXEC_KERNEL_CS + 4(%edi)
-+ movb %ah,__KERNEL_CS + 7(%edi)
-+ movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi)
++ movb %al,GDT_ENTRY_KERNEL_CS * 8 + 4(%edi)
++ movb %al,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_KERNEL_CS * 8 + 7(%edi)
++ movb %ah,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 7(%edi)
+ rorl $16,%eax
+ addl $PAGE_SIZE_asm,%edi
+ loop 1b
@@ -17002,7 +17004,7 @@ index ce0be7c..c41476e 100644
/*
* Clear BSS first so that there are no surprises...
*/
-@@ -195,8 +261,11 @@ ENTRY(startup_32)
+@@ -195,8 +263,11 @@ ENTRY(startup_32)
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -17016,7 +17018,7 @@ index ce0be7c..c41476e 100644
#else /* Not PAE */
page_pde_offset = (__PAGE_OFFSET >> 20);
-@@ -226,8 +295,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -226,8 +297,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -17030,7 +17032,7 @@ index ce0be7c..c41476e 100644
#endif
#ifdef CONFIG_PARAVIRT
-@@ -241,9 +313,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -241,9 +315,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
cmpl $num_subarch_entries, %eax
jae bad_subarch
@@ -17041,7 +17043,7 @@ index ce0be7c..c41476e 100644
bad_subarch:
WEAK(lguest_entry)
-@@ -255,10 +325,10 @@ WEAK(xen_entry)
+@@ -255,10 +327,10 @@ WEAK(xen_entry)
__INITDATA
subarch_entries:
@@ -17056,7 +17058,7 @@ index ce0be7c..c41476e 100644
num_subarch_entries = (. - subarch_entries) / 4
.previous
#else
-@@ -312,6 +382,7 @@ default_entry:
+@@ -312,6 +384,7 @@ default_entry:
orl %edx,%eax
movl %eax,%cr4
@@ -17064,7 +17066,7 @@ index ce0be7c..c41476e 100644
testb $X86_CR4_PAE, %al # check if PAE is enabled
jz 6f
-@@ -340,6 +411,9 @@ default_entry:
+@@ -340,6 +413,9 @@ default_entry:
/* Make changes effective */
wrmsr
@@ -17074,7 +17076,7 @@ index ce0be7c..c41476e 100644
6:
/*
-@@ -443,7 +517,7 @@ is386: movl $2,%ecx # set MP
+@@ -443,7 +519,7 @@ is386: movl $2,%ecx # set MP
1: movl $(__KERNEL_DS),%eax # reload all the segment registers
movl %eax,%ss # after changing gdt.
@@ -17083,7 +17085,7 @@ index ce0be7c..c41476e 100644
movl %eax,%ds
movl %eax,%es
-@@ -457,15 +531,22 @@ is386: movl $2,%ecx # set MP
+@@ -457,15 +533,22 @@ is386: movl $2,%ecx # set MP
*/
cmpb $0,ready
jne 1f
@@ -17108,7 +17110,7 @@ index ce0be7c..c41476e 100644
movl %eax,%gs
xorl %eax,%eax # Clear LDT
-@@ -558,22 +639,22 @@ early_page_fault:
+@@ -558,22 +641,22 @@ early_page_fault:
jmp early_fault
early_fault:
@@ -17136,7 +17138,7 @@ index ce0be7c..c41476e 100644
hlt_loop:
hlt
jmp hlt_loop
-@@ -581,8 +662,11 @@ hlt_loop:
+@@ -581,8 +664,11 @@ hlt_loop:
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
@@ -17149,7 +17151,7 @@ index ce0be7c..c41476e 100644
pushl %eax
pushl %ecx
pushl %edx
-@@ -591,9 +675,6 @@ ignore_int:
+@@ -591,9 +677,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
@@ -17159,7 +17161,7 @@ index ce0be7c..c41476e 100644
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -622,29 +703,43 @@ ENTRY(initial_code)
+@@ -622,29 +705,43 @@ ENTRY(initial_code)
/*
* BSS section
*/
@@ -17208,7 +17210,7 @@ index ce0be7c..c41476e 100644
ENTRY(initial_page_table)
.long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -663,18 +758,27 @@ ENTRY(initial_page_table)
+@@ -663,18 +760,27 @@ ENTRY(initial_page_table)
# error "Kernel PMDs should be 1, 2 or 3"
# endif
.align PAGE_SIZE /* needs to be page-sized too */
@@ -17239,7 +17241,7 @@ index ce0be7c..c41476e 100644
int_msg:
.asciz "Unknown interrupt or fault at: %p %p %p\n"
-@@ -707,7 +811,7 @@ fault_msg:
+@@ -707,7 +813,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -17248,7 +17250,7 @@ index ce0be7c..c41476e 100644
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -718,7 +822,7 @@ idt_descr:
+@@ -718,7 +824,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -17257,7 +17259,7 @@ index ce0be7c..c41476e 100644
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -727,5 +831,65 @@ ENTRY(early_gdt_descr)
+@@ -727,5 +833,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -24871,7 +24873,7 @@ index df7d12c..abafe9e 100644
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 87488b9..a06f559 100644
+index 87488b9..cb10023 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -15,6 +15,8 @@
@@ -24931,7 +24933,7 @@ index 87488b9..a06f559 100644
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -370,8 +399,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -370,8 +399,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
#endif
}
@@ -24985,6 +24987,7 @@ index 87488b9..a06f559 100644
+ for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
+ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
+ }
+
+ /* PaX: make KERNEL_CS read-only */
@@ -43184,7 +43187,7 @@ index a6395bd..f1e376a 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 8dd615c..ea0baaa 100644
+index 8dd615c..4b512f5 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -43279,7 +43282,13 @@ index 8dd615c..ea0baaa 100644
return -EFAULT;
return 0;
}
-@@ -381,10 +400,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -376,15 +395,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
+ an ELF header */
+
+ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+- struct file *interpreter, unsigned long *interp_map_addr,
+- unsigned long no_base)
++ struct file *interpreter, unsigned long no_base)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
@@ -43292,7 +43301,7 @@ index 8dd615c..ea0baaa 100644
unsigned long total_size;
int retval, i, size;
-@@ -430,6 +449,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -430,6 +448,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
goto out_close;
}
@@ -43304,7 +43313,16 @@ index 8dd615c..ea0baaa 100644
eppnt = elf_phdata;
for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
-@@ -473,8 +497,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -453,8 +476,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+ map_addr = elf_map(interpreter, load_addr + vaddr,
+ eppnt, elf_prot, elf_type, total_size);
+ total_size = 0;
+- if (!*interp_map_addr)
+- *interp_map_addr = map_addr;
+ error = map_addr;
+ if (BAD_ADDR(map_addr))
+ goto out_close;
+@@ -473,8 +494,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
k = load_addr + eppnt->p_vaddr;
if (BAD_ADDR(k) ||
eppnt->p_filesz > eppnt->p_memsz ||
@@ -43315,7 +43333,7 @@ index 8dd615c..ea0baaa 100644
error = -ENOMEM;
goto out_close;
}
-@@ -528,6 +552,311 @@ out:
+@@ -528,6 +549,311 @@ out:
return error;
}
@@ -43627,7 +43645,7 @@ index 8dd615c..ea0baaa 100644
/*
* These are the functions used to load ELF style executables and shared
* libraries. There is no binary dependent code anywhere else.
-@@ -544,6 +873,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
+@@ -544,6 +870,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
@@ -43639,7 +43657,7 @@ index 8dd615c..ea0baaa 100644
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
-@@ -562,7 +896,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -562,7 +893,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
@@ -43648,7 +43666,7 @@ index 8dd615c..ea0baaa 100644
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -572,11 +906,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -572,11 +903,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc __maybe_unused = 0;
int executable_stack = EXSTACK_DEFAULT;
@@ -43661,7 +43679,7 @@ index 8dd615c..ea0baaa 100644
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -713,11 +1047,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -713,11 +1044,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
/* OK, This is the point of no return */
current->flags &= ~PF_FORKNOEXEC;
@@ -43744,7 +43762,7 @@ index 8dd615c..ea0baaa 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -808,6 +1212,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -808,6 +1209,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
@@ -43765,7 +43783,7 @@ index 8dd615c..ea0baaa 100644
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -840,9 +1258,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -840,9 +1255,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -43778,7 +43796,7 @@ index 8dd615c..ea0baaa 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -881,11 +1299,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -881,17 +1296,43 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -43820,9 +43838,15 @@ index 8dd615c..ea0baaa 100644
+#endif
+
if (elf_interpreter) {
- unsigned long uninitialized_var(interp_map_addr);
-
-@@ -1098,7 +1545,7 @@ out:
+- unsigned long uninitialized_var(interp_map_addr);
+-
+ elf_entry = load_elf_interp(&loc->interp_elf_ex,
+ interpreter,
+- &interp_map_addr,
+ load_bias);
+ if (!IS_ERR((void *)elf_entry)) {
+ /*
+@@ -1098,7 +1539,7 @@ out:
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -43831,7 +43855,7 @@ index 8dd615c..ea0baaa 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1132,7 +1579,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1132,7 +1573,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -43840,7 +43864,7 @@ index 8dd615c..ea0baaa 100644
goto whole;
/*
-@@ -1354,9 +1801,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1354,9 +1795,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -43852,7 +43876,7 @@ index 8dd615c..ea0baaa 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1851,14 +2298,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -1851,14 +2292,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -43869,7 +43893,7 @@ index 8dd615c..ea0baaa 100644
return size;
}
-@@ -1952,7 +2399,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1952,7 +2393,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -43878,7 +43902,7 @@ index 8dd615c..ea0baaa 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -1966,10 +2413,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1966,10 +2407,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -43891,7 +43915,7 @@ index 8dd615c..ea0baaa 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -1983,7 +2432,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1983,7 +2426,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -43900,7 +43924,7 @@ index 8dd615c..ea0baaa 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -1994,6 +2443,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1994,6 +2437,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -43908,7 +43932,7 @@ index 8dd615c..ea0baaa 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2018,7 +2468,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2018,7 +2462,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -43917,7 +43941,7 @@ index 8dd615c..ea0baaa 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2027,6 +2477,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2027,6 +2471,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -43925,7 +43949,7 @@ index 8dd615c..ea0baaa 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2044,6 +2495,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2044,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -43933,7 +43957,7 @@ index 8dd615c..ea0baaa 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2064,6 +2516,97 @@ out:
+@@ -2064,6 +2510,97 @@ out:
#endif /* CONFIG_ELF_CORE */
diff --git a/3.6.3/1002_linux-3.6.3.patch b/3.6.3/1002_linux-3.6.3.patch
deleted file mode 100644
index 70fa991..0000000
--- a/3.6.3/1002_linux-3.6.3.patch
+++ /dev/null
@@ -1,3132 +0,0 @@
-diff --git a/Makefile b/Makefile
-index af5d6a9..6cdadf4 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 6
--SUBLEVEL = 2
-+SUBLEVEL = 3
- EXTRAVERSION =
- NAME = Terrified Chipmunk
-
-diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 2f88d8d..48c19d4 100644
---- a/arch/arm/Kconfig
-+++ b/arch/arm/Kconfig
-@@ -1413,6 +1413,16 @@ config PL310_ERRATA_769419
- on systems with an outer cache, the store buffer is drained
- explicitly.
-
-+config ARM_ERRATA_775420
-+ bool "ARM errata: A data cache maintenance operation which aborts, might lead to deadlock"
-+ depends on CPU_V7
-+ help
-+ This option enables the workaround for the 775420 Cortex-A9 (r2p2,
-+ r2p6,r2p8,r2p10,r3p0) erratum. In case a date cache maintenance
-+ operation aborts with MMU exception, it might cause the processor
-+ to deadlock. This workaround puts DSB before executing ISB if
-+ an abort may occur on cache maintenance.
-+
- endmenu
-
- source "arch/arm/common/Kconfig"
-diff --git a/arch/arm/include/asm/vfpmacros.h b/arch/arm/include/asm/vfpmacros.h
-index 3d5fc41..bf53047 100644
---- a/arch/arm/include/asm/vfpmacros.h
-+++ b/arch/arm/include/asm/vfpmacros.h
-@@ -28,7 +28,7 @@
- ldr \tmp, =elf_hwcap @ may not have MVFR regs
- ldr \tmp, [\tmp, #0]
- tst \tmp, #HWCAP_VFPv3D16
-- ldceq p11, cr0, [\base],#32*4 @ FLDMIAD \base!, {d16-d31}
-+ ldceql p11, cr0, [\base],#32*4 @ FLDMIAD \base!, {d16-d31}
- addne \base, \base, #32*4 @ step over unused register space
- #else
- VFPFMRX \tmp, MVFR0 @ Media and VFP Feature Register 0
-@@ -52,7 +52,7 @@
- ldr \tmp, =elf_hwcap @ may not have MVFR regs
- ldr \tmp, [\tmp, #0]
- tst \tmp, #HWCAP_VFPv3D16
-- stceq p11, cr0, [\base],#32*4 @ FSTMIAD \base!, {d16-d31}
-+ stceql p11, cr0, [\base],#32*4 @ FSTMIAD \base!, {d16-d31}
- addne \base, \base, #32*4 @ step over unused register space
- #else
- VFPFMRX \tmp, MVFR0 @ Media and VFP Feature Register 0
-diff --git a/arch/arm/mm/cache-v7.S b/arch/arm/mm/cache-v7.S
-index 39e3fb3..3b17227 100644
---- a/arch/arm/mm/cache-v7.S
-+++ b/arch/arm/mm/cache-v7.S
-@@ -211,6 +211,9 @@ ENTRY(v7_coherent_user_range)
- * isn't mapped, fail with -EFAULT.
- */
- 9001:
-+#ifdef CONFIG_ARM_ERRATA_775420
-+ dsb
-+#endif
- mov r0, #-EFAULT
- mov pc, lr
- UNWIND(.fnend )
-diff --git a/arch/arm/plat-omap/counter_32k.c b/arch/arm/plat-omap/counter_32k.c
-index dbf1e03..2bc51fb 100644
---- a/arch/arm/plat-omap/counter_32k.c
-+++ b/arch/arm/plat-omap/counter_32k.c
-@@ -55,22 +55,29 @@ static u32 notrace omap_32k_read_sched_clock(void)
- * nsecs and adds to a monotonically increasing timespec.
- */
- static struct timespec persistent_ts;
--static cycles_t cycles, last_cycles;
-+static cycles_t cycles;
- static unsigned int persistent_mult, persistent_shift;
-+static DEFINE_SPINLOCK(read_persistent_clock_lock);
-+
- static void omap_read_persistent_clock(struct timespec *ts)
- {
- unsigned long long nsecs;
-- cycles_t delta;
-- struct timespec *tsp = &persistent_ts;
-+ cycles_t last_cycles;
-+ unsigned long flags;
-+
-+ spin_lock_irqsave(&read_persistent_clock_lock, flags);
-
- last_cycles = cycles;
- cycles = sync32k_cnt_reg ? __raw_readl(sync32k_cnt_reg) : 0;
-- delta = cycles - last_cycles;
-
-- nsecs = clocksource_cyc2ns(delta, persistent_mult, persistent_shift);
-+ nsecs = clocksource_cyc2ns(cycles - last_cycles,
-+ persistent_mult, persistent_shift);
-+
-+ timespec_add_ns(&persistent_ts, nsecs);
-+
-+ *ts = persistent_ts;
-
-- timespec_add_ns(tsp, nsecs);
-- *ts = *tsp;
-+ spin_unlock_irqrestore(&read_persistent_clock_lock, flags);
- }
-
- /**
-diff --git a/arch/mips/ath79/clock.c b/arch/mips/ath79/clock.c
-index d272857..579f452 100644
---- a/arch/mips/ath79/clock.c
-+++ b/arch/mips/ath79/clock.c
-@@ -17,6 +17,8 @@
- #include <linux/err.h>
- #include <linux/clk.h>
-
-+#include <asm/div64.h>
-+
- #include <asm/mach-ath79/ath79.h>
- #include <asm/mach-ath79/ar71xx_regs.h>
- #include "common.h"
-@@ -166,11 +168,34 @@ static void __init ar933x_clocks_init(void)
- ath79_uart_clk.rate = ath79_ref_clk.rate;
- }
-
-+static u32 __init ar934x_get_pll_freq(u32 ref, u32 ref_div, u32 nint, u32 nfrac,
-+ u32 frac, u32 out_div)
-+{
-+ u64 t;
-+ u32 ret;
-+
-+ t = ath79_ref_clk.rate;
-+ t *= nint;
-+ do_div(t, ref_div);
-+ ret = t;
-+
-+ t = ath79_ref_clk.rate;
-+ t *= nfrac;
-+ do_div(t, ref_div * frac);
-+ ret += t;
-+
-+ ret /= (1 << out_div);
-+ return ret;
-+}
-+
- static void __init ar934x_clocks_init(void)
- {
-- u32 pll, out_div, ref_div, nint, frac, clk_ctrl, postdiv;
-+ u32 pll, out_div, ref_div, nint, nfrac, frac, clk_ctrl, postdiv;
- u32 cpu_pll, ddr_pll;
- u32 bootstrap;
-+ void __iomem *dpll_base;
-+
-+ dpll_base = ioremap(AR934X_SRIF_BASE, AR934X_SRIF_SIZE);
-
- bootstrap = ath79_reset_rr(AR934X_RESET_REG_BOOTSTRAP);
- if (bootstrap & AR934X_BOOTSTRAP_REF_CLK_40)
-@@ -178,33 +203,59 @@ static void __init ar934x_clocks_init(void)
- else
- ath79_ref_clk.rate = 25 * 1000 * 1000;
-
-- pll = ath79_pll_rr(AR934X_PLL_CPU_CONFIG_REG);
-- out_div = (pll >> AR934X_PLL_CPU_CONFIG_OUTDIV_SHIFT) &
-- AR934X_PLL_CPU_CONFIG_OUTDIV_MASK;
-- ref_div = (pll >> AR934X_PLL_CPU_CONFIG_REFDIV_SHIFT) &
-- AR934X_PLL_CPU_CONFIG_REFDIV_MASK;
-- nint = (pll >> AR934X_PLL_CPU_CONFIG_NINT_SHIFT) &
-- AR934X_PLL_CPU_CONFIG_NINT_MASK;
-- frac = (pll >> AR934X_PLL_CPU_CONFIG_NFRAC_SHIFT) &
-- AR934X_PLL_CPU_CONFIG_NFRAC_MASK;
--
-- cpu_pll = nint * ath79_ref_clk.rate / ref_div;
-- cpu_pll += frac * ath79_ref_clk.rate / (ref_div * (1 << 6));
-- cpu_pll /= (1 << out_div);
--
-- pll = ath79_pll_rr(AR934X_PLL_DDR_CONFIG_REG);
-- out_div = (pll >> AR934X_PLL_DDR_CONFIG_OUTDIV_SHIFT) &
-- AR934X_PLL_DDR_CONFIG_OUTDIV_MASK;
-- ref_div = (pll >> AR934X_PLL_DDR_CONFIG_REFDIV_SHIFT) &
-- AR934X_PLL_DDR_CONFIG_REFDIV_MASK;
-- nint = (pll >> AR934X_PLL_DDR_CONFIG_NINT_SHIFT) &
-- AR934X_PLL_DDR_CONFIG_NINT_MASK;
-- frac = (pll >> AR934X_PLL_DDR_CONFIG_NFRAC_SHIFT) &
-- AR934X_PLL_DDR_CONFIG_NFRAC_MASK;
--
-- ddr_pll = nint * ath79_ref_clk.rate / ref_div;
-- ddr_pll += frac * ath79_ref_clk.rate / (ref_div * (1 << 10));
-- ddr_pll /= (1 << out_div);
-+ pll = __raw_readl(dpll_base + AR934X_SRIF_CPU_DPLL2_REG);
-+ if (pll & AR934X_SRIF_DPLL2_LOCAL_PLL) {
-+ out_div = (pll >> AR934X_SRIF_DPLL2_OUTDIV_SHIFT) &
-+ AR934X_SRIF_DPLL2_OUTDIV_MASK;
-+ pll = __raw_readl(dpll_base + AR934X_SRIF_CPU_DPLL1_REG);
-+ nint = (pll >> AR934X_SRIF_DPLL1_NINT_SHIFT) &
-+ AR934X_SRIF_DPLL1_NINT_MASK;
-+ nfrac = pll & AR934X_SRIF_DPLL1_NFRAC_MASK;
-+ ref_div = (pll >> AR934X_SRIF_DPLL1_REFDIV_SHIFT) &
-+ AR934X_SRIF_DPLL1_REFDIV_MASK;
-+ frac = 1 << 18;
-+ } else {
-+ pll = ath79_pll_rr(AR934X_PLL_CPU_CONFIG_REG);
-+ out_div = (pll >> AR934X_PLL_CPU_CONFIG_OUTDIV_SHIFT) &
-+ AR934X_PLL_CPU_CONFIG_OUTDIV_MASK;
-+ ref_div = (pll >> AR934X_PLL_CPU_CONFIG_REFDIV_SHIFT) &
-+ AR934X_PLL_CPU_CONFIG_REFDIV_MASK;
-+ nint = (pll >> AR934X_PLL_CPU_CONFIG_NINT_SHIFT) &
-+ AR934X_PLL_CPU_CONFIG_NINT_MASK;
-+ nfrac = (pll >> AR934X_PLL_CPU_CONFIG_NFRAC_SHIFT) &
-+ AR934X_PLL_CPU_CONFIG_NFRAC_MASK;
-+ frac = 1 << 6;
-+ }
-+
-+ cpu_pll = ar934x_get_pll_freq(ath79_ref_clk.rate, ref_div, nint,
-+ nfrac, frac, out_div);
-+
-+ pll = __raw_readl(dpll_base + AR934X_SRIF_DDR_DPLL2_REG);
-+ if (pll & AR934X_SRIF_DPLL2_LOCAL_PLL) {
-+ out_div = (pll >> AR934X_SRIF_DPLL2_OUTDIV_SHIFT) &
-+ AR934X_SRIF_DPLL2_OUTDIV_MASK;
-+ pll = __raw_readl(dpll_base + AR934X_SRIF_DDR_DPLL1_REG);
-+ nint = (pll >> AR934X_SRIF_DPLL1_NINT_SHIFT) &
-+ AR934X_SRIF_DPLL1_NINT_MASK;
-+ nfrac = pll & AR934X_SRIF_DPLL1_NFRAC_MASK;
-+ ref_div = (pll >> AR934X_SRIF_DPLL1_REFDIV_SHIFT) &
-+ AR934X_SRIF_DPLL1_REFDIV_MASK;
-+ frac = 1 << 18;
-+ } else {
-+ pll = ath79_pll_rr(AR934X_PLL_DDR_CONFIG_REG);
-+ out_div = (pll >> AR934X_PLL_DDR_CONFIG_OUTDIV_SHIFT) &
-+ AR934X_PLL_DDR_CONFIG_OUTDIV_MASK;
-+ ref_div = (pll >> AR934X_PLL_DDR_CONFIG_REFDIV_SHIFT) &
-+ AR934X_PLL_DDR_CONFIG_REFDIV_MASK;
-+ nint = (pll >> AR934X_PLL_DDR_CONFIG_NINT_SHIFT) &
-+ AR934X_PLL_DDR_CONFIG_NINT_MASK;
-+ nfrac = (pll >> AR934X_PLL_DDR_CONFIG_NFRAC_SHIFT) &
-+ AR934X_PLL_DDR_CONFIG_NFRAC_MASK;
-+ frac = 1 << 10;
-+ }
-+
-+ ddr_pll = ar934x_get_pll_freq(ath79_ref_clk.rate, ref_div, nint,
-+ nfrac, frac, out_div);
-
- clk_ctrl = ath79_pll_rr(AR934X_PLL_CPU_DDR_CLK_CTRL_REG);
-
-@@ -240,6 +291,8 @@ static void __init ar934x_clocks_init(void)
-
- ath79_wdt_clk.rate = ath79_ref_clk.rate;
- ath79_uart_clk.rate = ath79_ref_clk.rate;
-+
-+ iounmap(dpll_base);
- }
-
- void __init ath79_clocks_init(void)
-diff --git a/arch/mips/include/asm/mach-ath79/ar71xx_regs.h b/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
-index dde5044..31a9a7c 100644
---- a/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
-+++ b/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
-@@ -63,6 +63,8 @@
-
- #define AR934X_WMAC_BASE (AR71XX_APB_BASE + 0x00100000)
- #define AR934X_WMAC_SIZE 0x20000
-+#define AR934X_SRIF_BASE (AR71XX_APB_BASE + 0x00116000)
-+#define AR934X_SRIF_SIZE 0x1000
-
- /*
- * DDR_CTRL block
-@@ -399,4 +401,25 @@
- #define AR933X_GPIO_COUNT 30
- #define AR934X_GPIO_COUNT 23
-
-+/*
-+ * SRIF block
-+ */
-+#define AR934X_SRIF_CPU_DPLL1_REG 0x1c0
-+#define AR934X_SRIF_CPU_DPLL2_REG 0x1c4
-+#define AR934X_SRIF_CPU_DPLL3_REG 0x1c8
-+
-+#define AR934X_SRIF_DDR_DPLL1_REG 0x240
-+#define AR934X_SRIF_DDR_DPLL2_REG 0x244
-+#define AR934X_SRIF_DDR_DPLL3_REG 0x248
-+
-+#define AR934X_SRIF_DPLL1_REFDIV_SHIFT 27
-+#define AR934X_SRIF_DPLL1_REFDIV_MASK 0x1f
-+#define AR934X_SRIF_DPLL1_NINT_SHIFT 18
-+#define AR934X_SRIF_DPLL1_NINT_MASK 0x1ff
-+#define AR934X_SRIF_DPLL1_NFRAC_MASK 0x0003ffff
-+
-+#define AR934X_SRIF_DPLL2_LOCAL_PLL BIT(30)
-+#define AR934X_SRIF_DPLL2_OUTDIV_SHIFT 13
-+#define AR934X_SRIF_DPLL2_OUTDIV_MASK 0x7
-+
- #endif /* __ASM_MACH_AR71XX_REGS_H */
-diff --git a/arch/mips/kernel/kgdb.c b/arch/mips/kernel/kgdb.c
-index f4546e9..23817a6 100644
---- a/arch/mips/kernel/kgdb.c
-+++ b/arch/mips/kernel/kgdb.c
-@@ -283,6 +283,15 @@ static int kgdb_mips_notify(struct notifier_block *self, unsigned long cmd,
- struct pt_regs *regs = args->regs;
- int trap = (regs->cp0_cause & 0x7c) >> 2;
-
-+#ifdef CONFIG_KPROBES
-+ /*
-+ * Return immediately if the kprobes fault notifier has set
-+ * DIE_PAGE_FAULT.
-+ */
-+ if (cmd == DIE_PAGE_FAULT)
-+ return NOTIFY_DONE;
-+#endif /* CONFIG_KPROBES */
-+
- /* Userspace events, ignore. */
- if (user_mode(regs))
- return NOTIFY_DONE;
-diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index 58790bd..05afcca 100644
---- a/arch/x86/Makefile
-+++ b/arch/x86/Makefile
-@@ -142,7 +142,7 @@ KBUILD_CFLAGS += $(call cc-option,-mno-avx,)
- KBUILD_CFLAGS += $(mflags-y)
- KBUILD_AFLAGS += $(mflags-y)
-
--archscripts:
-+archscripts: scripts_basic
- $(Q)$(MAKE) $(build)=arch/x86/tools relocs
-
- ###
-diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 1fbe75a..c1461de 100644
---- a/arch/x86/xen/enlighten.c
-+++ b/arch/x86/xen/enlighten.c
-@@ -984,7 +984,16 @@ static void xen_write_cr4(unsigned long cr4)
-
- native_write_cr4(cr4);
- }
--
-+#ifdef CONFIG_X86_64
-+static inline unsigned long xen_read_cr8(void)
-+{
-+ return 0;
-+}
-+static inline void xen_write_cr8(unsigned long val)
-+{
-+ BUG_ON(val);
-+}
-+#endif
- static int xen_write_msr_safe(unsigned int msr, unsigned low, unsigned high)
- {
- int ret;
-@@ -1153,6 +1162,11 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
- .read_cr4_safe = native_read_cr4_safe,
- .write_cr4 = xen_write_cr4,
-
-+#ifdef CONFIG_X86_64
-+ .read_cr8 = xen_read_cr8,
-+ .write_cr8 = xen_write_cr8,
-+#endif
-+
- .wbinvd = native_wbinvd,
-
- .read_msr = native_read_msr_safe,
-@@ -1161,6 +1175,8 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
- .read_tsc = native_read_tsc,
- .read_pmc = native_read_pmc,
-
-+ .read_tscp = native_read_tscp,
-+
- .iret = xen_iret,
- .irq_enable_sysexit = xen_sysexit,
- #ifdef CONFIG_X86_64
-diff --git a/block/blk-core.c b/block/blk-core.c
-index ee3cb3a..8471fb7 100644
---- a/block/blk-core.c
-+++ b/block/blk-core.c
-@@ -696,7 +696,7 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn,
- q->request_fn = rfn;
- q->prep_rq_fn = NULL;
- q->unprep_rq_fn = NULL;
-- q->queue_flags = QUEUE_FLAG_DEFAULT;
-+ q->queue_flags |= QUEUE_FLAG_DEFAULT;
-
- /* Override internal queue lock with supplied lock pointer */
- if (lock)
-diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
-index 7edaccc..a51df96 100644
---- a/drivers/acpi/ec.c
-+++ b/drivers/acpi/ec.c
-@@ -71,9 +71,6 @@ enum ec_command {
- #define ACPI_EC_UDELAY_GLK 1000 /* Wait 1ms max. to get global lock */
- #define ACPI_EC_MSI_UDELAY 550 /* Wait 550us for MSI EC */
-
--#define ACPI_EC_STORM_THRESHOLD 8 /* number of false interrupts
-- per one transaction */
--
- enum {
- EC_FLAGS_QUERY_PENDING, /* Query is pending */
- EC_FLAGS_GPE_STORM, /* GPE storm detected */
-@@ -87,6 +84,15 @@ static unsigned int ec_delay __read_mostly = ACPI_EC_DELAY;
- module_param(ec_delay, uint, 0644);
- MODULE_PARM_DESC(ec_delay, "Timeout(ms) waited until an EC command completes");
-
-+/*
-+ * If the number of false interrupts per one transaction exceeds
-+ * this threshold, will think there is a GPE storm happened and
-+ * will disable the GPE for normal transaction.
-+ */
-+static unsigned int ec_storm_threshold __read_mostly = 8;
-+module_param(ec_storm_threshold, uint, 0644);
-+MODULE_PARM_DESC(ec_storm_threshold, "Maxim false GPE numbers not considered as GPE storm");
-+
- /* If we find an EC via the ECDT, we need to keep a ptr to its context */
- /* External interfaces use first EC only, so remember */
- typedef int (*acpi_ec_query_func) (void *data);
-@@ -319,7 +325,7 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
- msleep(1);
- /* It is safe to enable the GPE outside of the transaction. */
- acpi_enable_gpe(NULL, ec->gpe);
-- } else if (t->irq_count > ACPI_EC_STORM_THRESHOLD) {
-+ } else if (t->irq_count > ec_storm_threshold) {
- pr_info(PREFIX "GPE storm detected, "
- "transactions will use polling mode\n");
- set_bit(EC_FLAGS_GPE_STORM, &ec->flags);
-@@ -924,6 +930,17 @@ static int ec_flag_msi(const struct dmi_system_id *id)
- return 0;
- }
-
-+/*
-+ * Clevo M720 notebook actually works ok with IRQ mode, if we lifted
-+ * the GPE storm threshold back to 20
-+ */
-+static int ec_enlarge_storm_threshold(const struct dmi_system_id *id)
-+{
-+ pr_debug("Setting the EC GPE storm threshold to 20\n");
-+ ec_storm_threshold = 20;
-+ return 0;
-+}
-+
- static struct dmi_system_id __initdata ec_dmi_table[] = {
- {
- ec_skip_dsdt_scan, "Compal JFL92", {
-@@ -955,10 +972,13 @@ static struct dmi_system_id __initdata ec_dmi_table[] = {
- {
- ec_validate_ecdt, "ASUS hardware", {
- DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer Inc.") }, NULL},
-+ {
-+ ec_enlarge_storm_threshold, "CLEVO hardware", {
-+ DMI_MATCH(DMI_SYS_VENDOR, "CLEVO Co."),
-+ DMI_MATCH(DMI_PRODUCT_NAME, "M720T/M730T"),}, NULL},
- {},
- };
-
--
- int __init acpi_ec_ecdt_probe(void)
- {
- acpi_status status;
-diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
-index 817f0ee..4dc8024 100644
---- a/drivers/char/tpm/tpm.c
-+++ b/drivers/char/tpm/tpm.c
-@@ -1186,17 +1186,20 @@ ssize_t tpm_write(struct file *file, const char __user *buf,
- size_t size, loff_t *off)
- {
- struct tpm_chip *chip = file->private_data;
-- size_t in_size = size, out_size;
-+ size_t in_size = size;
-+ ssize_t out_size;
-
- /* cannot perform a write until the read has cleared
-- either via tpm_read or a user_read_timer timeout */
-- while (atomic_read(&chip->data_pending) != 0)
-- msleep(TPM_TIMEOUT);
--
-- mutex_lock(&chip->buffer_mutex);
-+ either via tpm_read or a user_read_timer timeout.
-+ This also prevents splitted buffered writes from blocking here.
-+ */
-+ if (atomic_read(&chip->data_pending) != 0)
-+ return -EBUSY;
-
- if (in_size > TPM_BUFSIZE)
-- in_size = TPM_BUFSIZE;
-+ return -E2BIG;
-+
-+ mutex_lock(&chip->buffer_mutex);
-
- if (copy_from_user
- (chip->data_buffer, (void __user *) buf, in_size)) {
-@@ -1206,6 +1209,10 @@ ssize_t tpm_write(struct file *file, const char __user *buf,
-
- /* atomic tpm command send and result receive */
- out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE);
-+ if (out_size < 0) {
-+ mutex_unlock(&chip->buffer_mutex);
-+ return out_size;
-+ }
-
- atomic_set(&chip->data_pending, out_size);
- mutex_unlock(&chip->buffer_mutex);
-diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
-index 2783f69..f8d2287 100644
---- a/drivers/firewire/core-cdev.c
-+++ b/drivers/firewire/core-cdev.c
-@@ -473,8 +473,8 @@ static int ioctl_get_info(struct client *client, union ioctl_arg *arg)
- client->bus_reset_closure = a->bus_reset_closure;
- if (a->bus_reset != 0) {
- fill_bus_reset_event(&bus_reset, client);
-- ret = copy_to_user(u64_to_uptr(a->bus_reset),
-- &bus_reset, sizeof(bus_reset));
-+ /* unaligned size of bus_reset is 36 bytes */
-+ ret = copy_to_user(u64_to_uptr(a->bus_reset), &bus_reset, 36);
- }
- if (ret == 0 && list_empty(&client->link))
- list_add_tail(&client->link, &client->device->client_list);
-diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
-index 274d25d..97d4f4b 100644
---- a/drivers/gpu/drm/i915/i915_gem.c
-+++ b/drivers/gpu/drm/i915/i915_gem.c
-@@ -3893,7 +3893,6 @@ i915_gem_entervt_ioctl(struct drm_device *dev, void *data,
-
- BUG_ON(!list_empty(&dev_priv->mm.active_list));
- BUG_ON(!list_empty(&dev_priv->mm.flushing_list));
-- BUG_ON(!list_empty(&dev_priv->mm.inactive_list));
- mutex_unlock(&dev->struct_mutex);
-
- ret = drm_irq_install(dev);
-diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
-index a3e53c5..f02cfad 100644
---- a/drivers/gpu/drm/i915/i915_reg.h
-+++ b/drivers/gpu/drm/i915/i915_reg.h
-@@ -513,7 +513,7 @@
- */
- # define _3D_CHICKEN2_WM_READ_PIPELINED (1 << 14)
- #define _3D_CHICKEN3 0x02090
--#define _3D_CHICKEN_SF_DISABLE_FASTCLIP_CULL (1 << 5)
-+#define _3D_CHICKEN3_SF_DISABLE_FASTCLIP_CULL (1 << 5)
-
- #define MI_MODE 0x0209c
- # define VS_TIMER_DISPATCH (1 << 6)
-diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 0c7f4aa..b634f6f 100644
---- a/drivers/gpu/drm/i915/intel_display.c
-+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -4351,7 +4351,7 @@ static int i9xx_crtc_mode_set(struct drm_crtc *crtc,
- /* default to 8bpc */
- pipeconf &= ~(PIPECONF_BPP_MASK | PIPECONF_DITHER_EN);
- if (is_dp) {
-- if (mode->private_flags & INTEL_MODE_DP_FORCE_6BPC) {
-+ if (adjusted_mode->private_flags & INTEL_MODE_DP_FORCE_6BPC) {
- pipeconf |= PIPECONF_BPP_6 |
- PIPECONF_DITHER_EN |
- PIPECONF_DITHER_TYPE_SP;
-@@ -4705,7 +4705,7 @@ static int ironlake_crtc_mode_set(struct drm_crtc *crtc,
- /* determine panel color depth */
- temp = I915_READ(PIPECONF(pipe));
- temp &= ~PIPE_BPC_MASK;
-- dither = intel_choose_pipe_bpp_dither(crtc, &pipe_bpp, mode);
-+ dither = intel_choose_pipe_bpp_dither(crtc, &pipe_bpp, adjusted_mode);
- switch (pipe_bpp) {
- case 18:
- temp |= PIPE_6BPC;
-diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c
-index 8c73fae..c23c9ea 100644
---- a/drivers/gpu/drm/i915/intel_pm.c
-+++ b/drivers/gpu/drm/i915/intel_pm.c
-@@ -3355,8 +3355,8 @@ static void gen6_init_clock_gating(struct drm_device *dev)
- GEN6_RCCUNIT_CLOCK_GATE_DISABLE);
-
- /* Bspec says we need to always set all mask bits. */
-- I915_WRITE(_3D_CHICKEN, (0xFFFF << 16) |
-- _3D_CHICKEN_SF_DISABLE_FASTCLIP_CULL);
-+ I915_WRITE(_3D_CHICKEN3, (0xFFFF << 16) |
-+ _3D_CHICKEN3_SF_DISABLE_FASTCLIP_CULL);
-
- /*
- * According to the spec the following bits should be
-diff --git a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
-index 670e991..d16f50f 100644
---- a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
-+++ b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
-@@ -974,11 +974,7 @@ static void radeon_legacy_tmds_ext_mode_set(struct drm_encoder *encoder,
- static void radeon_ext_tmds_enc_destroy(struct drm_encoder *encoder)
- {
- struct radeon_encoder *radeon_encoder = to_radeon_encoder(encoder);
-- struct radeon_encoder_ext_tmds *tmds = radeon_encoder->enc_priv;
-- if (tmds) {
-- if (tmds->i2c_bus)
-- radeon_i2c_destroy(tmds->i2c_bus);
-- }
-+ /* don't destroy the i2c bus record here, this will be done in radeon_i2c_fini */
- kfree(radeon_encoder->enc_priv);
- drm_encoder_cleanup(encoder);
- kfree(radeon_encoder);
-diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 0138a72..a48c215 100644
---- a/drivers/md/raid10.c
-+++ b/drivers/md/raid10.c
-@@ -3158,7 +3158,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
- else {
- bad_sectors -= (sector - first_bad);
- if (max_sync > bad_sectors)
-- max_sync = max_sync;
-+ max_sync = bad_sectors;
- continue;
- }
- }
-diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
-index a11253a..c429abd 100644
---- a/drivers/mtd/nand/nand_base.c
-+++ b/drivers/mtd/nand/nand_base.c
-@@ -2914,8 +2914,7 @@ static int nand_flash_detect_onfi(struct mtd_info *mtd, struct nand_chip *chip,
- if (le16_to_cpu(p->features) & 1)
- *busw = NAND_BUSWIDTH_16;
-
-- chip->options &= ~NAND_CHIPOPTIONS_MSK;
-- chip->options |= NAND_NO_READRDY & NAND_CHIPOPTIONS_MSK;
-+ chip->options |= NAND_NO_READRDY;
-
- pr_info("ONFI flash detected\n");
- return 1;
-@@ -3080,9 +3079,8 @@ static struct nand_flash_dev *nand_get_flash_type(struct mtd_info *mtd,
- mtd->erasesize <<= ((id_data[3] & 0x03) << 1);
- }
- }
-- /* Get chip options, preserve non chip based options */
-- chip->options &= ~NAND_CHIPOPTIONS_MSK;
-- chip->options |= type->options & NAND_CHIPOPTIONS_MSK;
-+ /* Get chip options */
-+ chip->options |= type->options;
-
- /*
- * Check if chip is not a Samsung device. Do not clear the
-diff --git a/drivers/net/ethernet/intel/e1000e/e1000.h b/drivers/net/ethernet/intel/e1000e/e1000.h
-index cb3356c..04668b4 100644
---- a/drivers/net/ethernet/intel/e1000e/e1000.h
-+++ b/drivers/net/ethernet/intel/e1000e/e1000.h
-@@ -175,13 +175,13 @@ struct e1000_info;
- /*
- * in the case of WTHRESH, it appears at least the 82571/2 hardware
- * writes back 4 descriptors when WTHRESH=5, and 3 descriptors when
-- * WTHRESH=4, and since we want 64 bytes at a time written back, set
-- * it to 5
-+ * WTHRESH=4, so a setting of 5 gives the most efficient bus
-+ * utilization but to avoid possible Tx stalls, set it to 1
- */
- #define E1000_TXDCTL_DMA_BURST_ENABLE \
- (E1000_TXDCTL_GRAN | /* set descriptor granularity */ \
- E1000_TXDCTL_COUNT_DESC | \
-- (5 << 16) | /* wthresh must be +1 more than desired */\
-+ (1 << 16) | /* wthresh must be +1 more than desired */\
- (1 << 8) | /* hthresh */ \
- 0x1f) /* pthresh */
-
-diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
-index d01a099..a46e75e 100644
---- a/drivers/net/ethernet/intel/e1000e/netdev.c
-+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
-@@ -2831,7 +2831,7 @@ static void e1000_configure_tx(struct e1000_adapter *adapter)
- * set up some performance related parameters to encourage the
- * hardware to use the bus more efficiently in bursts, depends
- * on the tx_int_delay to be enabled,
-- * wthresh = 5 ==> burst write a cacheline (64 bytes) at a time
-+ * wthresh = 1 ==> burst write is disabled to avoid Tx stalls
- * hthresh = 1 ==> prefetch when one or more available
- * pthresh = 0x1f ==> prefetch if internal cache 31 or less
- * BEWARE: this seems to work but should be considered first if
-diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
-index 03c2d8d..cc7e720 100644
---- a/drivers/net/usb/mcs7830.c
-+++ b/drivers/net/usb/mcs7830.c
-@@ -117,6 +117,7 @@ enum {
- struct mcs7830_data {
- u8 multi_filter[8];
- u8 config;
-+ u8 link_counter;
- };
-
- static const char driver_name[] = "MOSCHIP usb-ethernet driver";
-@@ -632,20 +633,31 @@ static int mcs7830_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
- static void mcs7830_status(struct usbnet *dev, struct urb *urb)
- {
- u8 *buf = urb->transfer_buffer;
-- bool link;
-+ bool link, link_changed;
-+ struct mcs7830_data *data = mcs7830_get_data(dev);
-
- if (urb->actual_length < 16)
- return;
-
- link = !(buf[1] & 0x20);
-- if (netif_carrier_ok(dev->net) != link) {
-- if (link) {
-- netif_carrier_on(dev->net);
-- usbnet_defer_kevent(dev, EVENT_LINK_RESET);
-- } else
-- netif_carrier_off(dev->net);
-- netdev_dbg(dev->net, "Link Status is: %d\n", link);
-- }
-+ link_changed = netif_carrier_ok(dev->net) != link;
-+ if (link_changed) {
-+ data->link_counter++;
-+ /*
-+ track link state 20 times to guard against erroneous
-+ link state changes reported sometimes by the chip
-+ */
-+ if (data->link_counter > 20) {
-+ data->link_counter = 0;
-+ if (link) {
-+ netif_carrier_on(dev->net);
-+ usbnet_defer_kevent(dev, EVENT_LINK_RESET);
-+ } else
-+ netif_carrier_off(dev->net);
-+ netdev_dbg(dev->net, "Link Status is: %d\n", link);
-+ }
-+ } else
-+ data->link_counter = 0;
- }
-
- static const struct driver_info moschip_info = {
-diff --git a/drivers/net/wireless/ath/ath9k/beacon.c b/drivers/net/wireless/ath/ath9k/beacon.c
-index 76f07d8..1b48414 100644
---- a/drivers/net/wireless/ath/ath9k/beacon.c
-+++ b/drivers/net/wireless/ath/ath9k/beacon.c
-@@ -120,7 +120,7 @@ static void ath9k_tx_cabq(struct ieee80211_hw *hw, struct sk_buff *skb)
-
- if (ath_tx_start(hw, skb, &txctl) != 0) {
- ath_dbg(common, XMIT, "CABQ TX failed\n");
-- dev_kfree_skb_any(skb);
-+ ieee80211_free_txskb(hw, skb);
- }
- }
-
-diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
-index a22df74..61e08e6 100644
---- a/drivers/net/wireless/ath/ath9k/main.c
-+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -767,7 +767,7 @@ static void ath9k_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
-
- return;
- exit:
-- dev_kfree_skb_any(skb);
-+ ieee80211_free_txskb(hw, skb);
- }
-
- static void ath9k_stop(struct ieee80211_hw *hw)
-diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
-index 0d4155a..423a9f3 100644
---- a/drivers/net/wireless/ath/ath9k/xmit.c
-+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -66,8 +66,7 @@ static void ath_tx_update_baw(struct ath_softc *sc, struct ath_atx_tid *tid,
- static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
- struct ath_txq *txq,
- struct ath_atx_tid *tid,
-- struct sk_buff *skb,
-- bool dequeue);
-+ struct sk_buff *skb);
-
- enum {
- MCS_HT20,
-@@ -176,7 +175,15 @@ static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid)
- fi = get_frame_info(skb);
- bf = fi->bf;
-
-- if (bf && fi->retries) {
-+ if (!bf) {
-+ bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-+ if (!bf) {
-+ ieee80211_free_txskb(sc->hw, skb);
-+ continue;
-+ }
-+ }
-+
-+ if (fi->retries) {
- list_add_tail(&bf->list, &bf_head);
- ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
- ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
-@@ -785,10 +792,13 @@ static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc,
- fi = get_frame_info(skb);
- bf = fi->bf;
- if (!fi->bf)
-- bf = ath_tx_setup_buffer(sc, txq, tid, skb, true);
-+ bf = ath_tx_setup_buffer(sc, txq, tid, skb);
-
-- if (!bf)
-+ if (!bf) {
-+ __skb_unlink(skb, &tid->buf_q);
-+ ieee80211_free_txskb(sc->hw, skb);
- continue;
-+ }
-
- bf->bf_state.bf_type = BUF_AMPDU | BUF_AGGR;
- seqno = bf->bf_state.seqno;
-@@ -1731,9 +1741,11 @@ static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_atx_tid *tid,
- return;
- }
-
-- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb, false);
-- if (!bf)
-+ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb);
-+ if (!bf) {
-+ ieee80211_free_txskb(sc->hw, skb);
- return;
-+ }
-
- bf->bf_state.bf_type = BUF_AMPDU;
- INIT_LIST_HEAD(&bf_head);
-@@ -1757,11 +1769,6 @@ static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq,
- struct ath_buf *bf;
-
- bf = fi->bf;
-- if (!bf)
-- bf = ath_tx_setup_buffer(sc, txq, tid, skb, false);
--
-- if (!bf)
-- return;
-
- INIT_LIST_HEAD(&bf_head);
- list_add_tail(&bf->list, &bf_head);
-@@ -1834,8 +1841,7 @@ u8 ath_txchainmask_reduction(struct ath_softc *sc, u8 chainmask, u32 rate)
- static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
- struct ath_txq *txq,
- struct ath_atx_tid *tid,
-- struct sk_buff *skb,
-- bool dequeue)
-+ struct sk_buff *skb)
- {
- struct ath_common *common = ath9k_hw_common(sc->sc_ah);
- struct ath_frame_info *fi = get_frame_info(skb);
-@@ -1847,7 +1853,7 @@ static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
- bf = ath_tx_get_buffer(sc);
- if (!bf) {
- ath_dbg(common, XMIT, "TX buffers are full\n");
-- goto error;
-+ return NULL;
- }
-
- ATH_TXBUF_RESET(bf);
-@@ -1876,18 +1882,12 @@ static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
- ath_err(ath9k_hw_common(sc->sc_ah),
- "dma_mapping_error() on TX\n");
- ath_tx_return_buffer(sc, bf);
-- goto error;
-+ return NULL;
- }
-
- fi->bf = bf;
-
- return bf;
--
--error:
-- if (dequeue)
-- __skb_unlink(skb, &tid->buf_q);
-- dev_kfree_skb_any(skb);
-- return NULL;
- }
-
- /* FIXME: tx power */
-@@ -1916,9 +1916,14 @@ static void ath_tx_start_dma(struct ath_softc *sc, struct sk_buff *skb,
- */
- ath_tx_send_ampdu(sc, tid, skb, txctl);
- } else {
-- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb, false);
-- if (!bf)
-+ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb);
-+ if (!bf) {
-+ if (txctl->paprd)
-+ dev_kfree_skb_any(skb);
-+ else
-+ ieee80211_free_txskb(sc->hw, skb);
- return;
-+ }
-
- bf->bf_state.bfs_paprd = txctl->paprd;
-
-diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
-index 5b30132..41b74ba 100644
---- a/drivers/scsi/qla2xxx/qla_target.c
-+++ b/drivers/scsi/qla2xxx/qla_target.c
-@@ -1403,7 +1403,7 @@ static void qlt_24xx_send_task_mgmt_ctio(struct scsi_qla_host *ha,
- ctio->u.status1.scsi_status =
- __constant_cpu_to_le16(SS_RESPONSE_INFO_LEN_VALID);
- ctio->u.status1.response_len = __constant_cpu_to_le16(8);
-- ((uint32_t *)ctio->u.status1.sense_data)[0] = cpu_to_be32(resp_code);
-+ ctio->u.status1.sense_data[0] = resp_code;
-
- qla2x00_start_iocbs(ha, ha->req);
- }
-diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
-index 182d5a5..f4cc413 100644
---- a/drivers/scsi/scsi_debug.c
-+++ b/drivers/scsi/scsi_debug.c
-@@ -2054,7 +2054,7 @@ static void unmap_region(sector_t lba, unsigned int len)
- block = lba + alignment;
- rem = do_div(block, granularity);
-
-- if (rem == 0 && lba + granularity <= end && block < map_size) {
-+ if (rem == 0 && lba + granularity < end && block < map_size) {
- clear_bit(block, map_storep);
- if (scsi_debug_lbprz)
- memset(fake_storep +
-diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
-index 528d52b..0144078 100644
---- a/drivers/scsi/storvsc_drv.c
-+++ b/drivers/scsi/storvsc_drv.c
-@@ -1221,7 +1221,12 @@ static int storvsc_host_reset_handler(struct scsi_cmnd *scmnd)
- /*
- * At this point, all outstanding requests in the adapter
- * should have been flushed out and return to us
-+ * There is a potential race here where the host may be in
-+ * the process of responding when we return from here.
-+ * Just wait for all in-transit packets to be accounted for
-+ * before we return from here.
- */
-+ storvsc_wait_to_drain(stor_device);
-
- return SUCCESS;
- }
-diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
-index 3e79a2f..7554d78 100644
---- a/drivers/scsi/virtio_scsi.c
-+++ b/drivers/scsi/virtio_scsi.c
-@@ -219,7 +219,7 @@ static int virtscsi_kick_event(struct virtio_scsi *vscsi,
- struct scatterlist sg;
- unsigned long flags;
-
-- sg_set_buf(&sg, &event_node->event, sizeof(struct virtio_scsi_event));
-+ sg_init_one(&sg, &event_node->event, sizeof(struct virtio_scsi_event));
-
- spin_lock_irqsave(&vscsi->event_vq.vq_lock, flags);
-
-diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
-index 97c0f78..dd4fce2 100644
---- a/drivers/target/iscsi/iscsi_target.c
-+++ b/drivers/target/iscsi/iscsi_target.c
-@@ -3271,7 +3271,6 @@ static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd)
- len += 1;
-
- if ((len + payload_len) > buffer_len) {
-- spin_unlock(&tiqn->tiqn_tpg_lock);
- end_of_buf = 1;
- goto eob;
- }
-@@ -3424,6 +3423,7 @@ static int iscsit_send_reject(
- hdr->opcode = ISCSI_OP_REJECT;
- hdr->flags |= ISCSI_FLAG_CMD_FINAL;
- hton24(hdr->dlength, ISCSI_HDR_LEN);
-+ hdr->ffffffff = 0xffffffff;
- cmd->stat_sn = conn->stat_sn++;
- hdr->statsn = cpu_to_be32(cmd->stat_sn);
- hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
-diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h
-index 8a908b2..a90294f 100644
---- a/drivers/target/iscsi/iscsi_target_core.h
-+++ b/drivers/target/iscsi/iscsi_target_core.h
-@@ -25,10 +25,10 @@
- #define NA_DATAOUT_TIMEOUT_RETRIES 5
- #define NA_DATAOUT_TIMEOUT_RETRIES_MAX 15
- #define NA_DATAOUT_TIMEOUT_RETRIES_MIN 1
--#define NA_NOPIN_TIMEOUT 5
-+#define NA_NOPIN_TIMEOUT 15
- #define NA_NOPIN_TIMEOUT_MAX 60
- #define NA_NOPIN_TIMEOUT_MIN 3
--#define NA_NOPIN_RESPONSE_TIMEOUT 5
-+#define NA_NOPIN_RESPONSE_TIMEOUT 30
- #define NA_NOPIN_RESPONSE_TIMEOUT_MAX 60
- #define NA_NOPIN_RESPONSE_TIMEOUT_MIN 3
- #define NA_RANDOM_DATAIN_PDU_OFFSETS 0
-diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c
-index a38a3f8..de9ea32 100644
---- a/drivers/target/iscsi/iscsi_target_tpg.c
-+++ b/drivers/target/iscsi/iscsi_target_tpg.c
-@@ -677,6 +677,12 @@ int iscsit_ta_generate_node_acls(
- pr_debug("iSCSI_TPG[%hu] - Generate Initiator Portal Group ACLs: %s\n",
- tpg->tpgt, (a->generate_node_acls) ? "Enabled" : "Disabled");
-
-+ if (flag == 1 && a->cache_dynamic_acls == 0) {
-+ pr_debug("Explicitly setting cache_dynamic_acls=1 when "
-+ "generate_node_acls=1\n");
-+ a->cache_dynamic_acls = 1;
-+ }
-+
- return 0;
- }
-
-@@ -716,6 +722,12 @@ int iscsit_ta_cache_dynamic_acls(
- return -EINVAL;
- }
-
-+ if (a->generate_node_acls == 1 && flag == 0) {
-+ pr_debug("Skipping cache_dynamic_acls=0 when"
-+ " generate_node_acls=1\n");
-+ return 0;
-+ }
-+
- a->cache_dynamic_acls = flag;
- pr_debug("iSCSI_TPG[%hu] - Cache Dynamic Initiator Portal Group"
- " ACLs %s\n", tpg->tpgt, (a->cache_dynamic_acls) ?
-diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
-index 801efa8..06aca11 100644
---- a/drivers/target/target_core_configfs.c
-+++ b/drivers/target/target_core_configfs.c
-@@ -3132,6 +3132,7 @@ static int __init target_core_init_configfs(void)
- GFP_KERNEL);
- if (!target_cg->default_groups) {
- pr_err("Unable to allocate target_cg->default_groups\n");
-+ ret = -ENOMEM;
- goto out_global;
- }
-
-@@ -3147,6 +3148,7 @@ static int __init target_core_init_configfs(void)
- GFP_KERNEL);
- if (!hba_cg->default_groups) {
- pr_err("Unable to allocate hba_cg->default_groups\n");
-+ ret = -ENOMEM;
- goto out_global;
- }
- config_group_init_type_name(&alua_group,
-@@ -3162,6 +3164,7 @@ static int __init target_core_init_configfs(void)
- GFP_KERNEL);
- if (!alua_cg->default_groups) {
- pr_err("Unable to allocate alua_cg->default_groups\n");
-+ ret = -ENOMEM;
- goto out_global;
- }
-
-@@ -3173,14 +3176,17 @@ static int __init target_core_init_configfs(void)
- * Add core/alua/lu_gps/default_lu_gp
- */
- lu_gp = core_alua_allocate_lu_gp("default_lu_gp", 1);
-- if (IS_ERR(lu_gp))
-+ if (IS_ERR(lu_gp)) {
-+ ret = -ENOMEM;
- goto out_global;
-+ }
-
- lu_gp_cg = &alua_lu_gps_group;
- lu_gp_cg->default_groups = kzalloc(sizeof(struct config_group) * 2,
- GFP_KERNEL);
- if (!lu_gp_cg->default_groups) {
- pr_err("Unable to allocate lu_gp_cg->default_groups\n");
-+ ret = -ENOMEM;
- goto out_global;
- }
-
-diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c
-index cbb5aaf..5c5ed7a 100644
---- a/drivers/target/target_core_file.c
-+++ b/drivers/target/target_core_file.c
-@@ -125,6 +125,19 @@ static struct se_device *fd_create_virtdevice(
- * of pure timestamp updates.
- */
- flags = O_RDWR | O_CREAT | O_LARGEFILE | O_DSYNC;
-+ /*
-+ * Optionally allow fd_buffered_io=1 to be enabled for people
-+ * who want use the fs buffer cache as an WriteCache mechanism.
-+ *
-+ * This means that in event of a hard failure, there is a risk
-+ * of silent data-loss if the SCSI client has *not* performed a
-+ * forced unit access (FUA) write, or issued SYNCHRONIZE_CACHE
-+ * to write-out the entire device cache.
-+ */
-+ if (fd_dev->fbd_flags & FDBD_HAS_BUFFERED_IO_WCE) {
-+ pr_debug("FILEIO: Disabling O_DSYNC, using buffered FILEIO\n");
-+ flags &= ~O_DSYNC;
-+ }
-
- file = filp_open(fd_dev->fd_dev_name, flags, 0600);
- if (IS_ERR(file)) {
-@@ -188,6 +201,12 @@ static struct se_device *fd_create_virtdevice(
- if (!dev)
- goto fail;
-
-+ if (fd_dev->fbd_flags & FDBD_HAS_BUFFERED_IO_WCE) {
-+ pr_debug("FILEIO: Forcing setting of emulate_write_cache=1"
-+ " with FDBD_HAS_BUFFERED_IO_WCE\n");
-+ dev->se_sub_dev->se_dev_attrib.emulate_write_cache = 1;
-+ }
-+
- fd_dev->fd_dev_id = fd_host->fd_host_dev_id_count++;
- fd_dev->fd_queue_depth = dev->queue_depth;
-
-@@ -407,6 +426,7 @@ enum {
- static match_table_t tokens = {
- {Opt_fd_dev_name, "fd_dev_name=%s"},
- {Opt_fd_dev_size, "fd_dev_size=%s"},
-+ {Opt_fd_buffered_io, "fd_buffered_io=%d"},
- {Opt_err, NULL}
- };
-
-@@ -418,7 +438,7 @@ static ssize_t fd_set_configfs_dev_params(
- struct fd_dev *fd_dev = se_dev->se_dev_su_ptr;
- char *orig, *ptr, *arg_p, *opts;
- substring_t args[MAX_OPT_ARGS];
-- int ret = 0, token;
-+ int ret = 0, arg, token;
-
- opts = kstrdup(page, GFP_KERNEL);
- if (!opts)
-@@ -459,6 +479,19 @@ static ssize_t fd_set_configfs_dev_params(
- " bytes\n", fd_dev->fd_dev_size);
- fd_dev->fbd_flags |= FBDF_HAS_SIZE;
- break;
-+ case Opt_fd_buffered_io:
-+ match_int(args, &arg);
-+ if (arg != 1) {
-+ pr_err("bogus fd_buffered_io=%d value\n", arg);
-+ ret = -EINVAL;
-+ goto out;
-+ }
-+
-+ pr_debug("FILEIO: Using buffered I/O"
-+ " operations for struct fd_dev\n");
-+
-+ fd_dev->fbd_flags |= FDBD_HAS_BUFFERED_IO_WCE;
-+ break;
- default:
- break;
- }
-@@ -490,8 +523,10 @@ static ssize_t fd_show_configfs_dev_params(
- ssize_t bl = 0;
-
- bl = sprintf(b + bl, "TCM FILEIO ID: %u", fd_dev->fd_dev_id);
-- bl += sprintf(b + bl, " File: %s Size: %llu Mode: O_DSYNC\n",
-- fd_dev->fd_dev_name, fd_dev->fd_dev_size);
-+ bl += sprintf(b + bl, " File: %s Size: %llu Mode: %s\n",
-+ fd_dev->fd_dev_name, fd_dev->fd_dev_size,
-+ (fd_dev->fbd_flags & FDBD_HAS_BUFFERED_IO_WCE) ?
-+ "Buffered-WCE" : "O_DSYNC");
- return bl;
- }
-
-diff --git a/drivers/target/target_core_file.h b/drivers/target/target_core_file.h
-index 70ce7fd..876ae53 100644
---- a/drivers/target/target_core_file.h
-+++ b/drivers/target/target_core_file.h
-@@ -14,6 +14,7 @@
-
- #define FBDF_HAS_PATH 0x01
- #define FBDF_HAS_SIZE 0x02
-+#define FDBD_HAS_BUFFERED_IO_WCE 0x04
-
- struct fd_dev {
- u32 fbd_flags;
-diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c
-index 388a922..9229bd9 100644
---- a/drivers/target/target_core_spc.c
-+++ b/drivers/target/target_core_spc.c
-@@ -600,30 +600,11 @@ static int spc_emulate_inquiry(struct se_cmd *cmd)
- {
- struct se_device *dev = cmd->se_dev;
- struct se_portal_group *tpg = cmd->se_lun->lun_sep->sep_tpg;
-- unsigned char *buf, *map_buf;
-+ unsigned char *rbuf;
- unsigned char *cdb = cmd->t_task_cdb;
-+ unsigned char buf[SE_INQUIRY_BUF];
- int p, ret;
-
-- map_buf = transport_kmap_data_sg(cmd);
-- /*
-- * If SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is not set, then we
-- * know we actually allocated a full page. Otherwise, if the
-- * data buffer is too small, allocate a temporary buffer so we
-- * don't have to worry about overruns in all our INQUIRY
-- * emulation handling.
-- */
-- if (cmd->data_length < SE_INQUIRY_BUF &&
-- (cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC)) {
-- buf = kzalloc(SE_INQUIRY_BUF, GFP_KERNEL);
-- if (!buf) {
-- transport_kunmap_data_sg(cmd);
-- cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
-- return -ENOMEM;
-- }
-- } else {
-- buf = map_buf;
-- }
--
- if (dev == tpg->tpg_virt_lun0.lun_se_dev)
- buf[0] = 0x3f; /* Not connected */
- else
-@@ -655,11 +636,11 @@ static int spc_emulate_inquiry(struct se_cmd *cmd)
- ret = -EINVAL;
-
- out:
-- if (buf != map_buf) {
-- memcpy(map_buf, buf, cmd->data_length);
-- kfree(buf);
-+ rbuf = transport_kmap_data_sg(cmd);
-+ if (rbuf) {
-+ memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
-+ transport_kunmap_data_sg(cmd);
- }
-- transport_kunmap_data_sg(cmd);
-
- if (!ret)
- target_complete_cmd(cmd, GOOD);
-@@ -803,7 +784,7 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
- unsigned char *rbuf;
- int type = dev->transport->get_device_type(dev);
- int ten = (cmd->t_task_cdb[0] == MODE_SENSE_10);
-- int offset = ten ? 8 : 4;
-+ u32 offset = ten ? 8 : 4;
- int length = 0;
- unsigned char buf[SE_MODE_PAGE_BUF];
-
-@@ -836,6 +817,7 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
- offset -= 2;
- buf[0] = (offset >> 8) & 0xff;
- buf[1] = offset & 0xff;
-+ offset += 2;
-
- if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||
- (cmd->se_deve &&
-@@ -845,13 +827,10 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
- if ((dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0) &&
- (dev->se_sub_dev->se_dev_attrib.emulate_fua_write > 0))
- spc_modesense_dpofua(&buf[3], type);
--
-- if ((offset + 2) > cmd->data_length)
-- offset = cmd->data_length;
--
- } else {
- offset -= 1;
- buf[0] = offset & 0xff;
-+ offset += 1;
-
- if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||
- (cmd->se_deve &&
-@@ -861,14 +840,13 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
- if ((dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0) &&
- (dev->se_sub_dev->se_dev_attrib.emulate_fua_write > 0))
- spc_modesense_dpofua(&buf[2], type);
--
-- if ((offset + 1) > cmd->data_length)
-- offset = cmd->data_length;
- }
-
- rbuf = transport_kmap_data_sg(cmd);
-- memcpy(rbuf, buf, offset);
-- transport_kunmap_data_sg(cmd);
-+ if (rbuf) {
-+ memcpy(rbuf, buf, min(offset, cmd->data_length));
-+ transport_kunmap_data_sg(cmd);
-+ }
-
- target_complete_cmd(cmd, GOOD);
- return 0;
-diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
-index 84cbf29..a13f7e1 100644
---- a/drivers/tty/vt/vt.c
-+++ b/drivers/tty/vt/vt.c
-@@ -3475,6 +3475,19 @@ int con_debug_enter(struct vc_data *vc)
- kdb_set(2, setargs);
- }
- }
-+ if (vc->vc_cols < 999) {
-+ int colcount;
-+ char cols[4];
-+ const char *setargs[3] = {
-+ "set",
-+ "COLUMNS",
-+ cols,
-+ };
-+ if (kdbgetintenv(setargs[0], &colcount)) {
-+ snprintf(cols, 4, "%i", vc->vc_cols);
-+ kdb_set(2, setargs);
-+ }
-+ }
- #endif /* CONFIG_KGDB_KDB */
- return ret;
- }
-diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
-index f763ed7..e8007b8 100644
---- a/drivers/usb/class/cdc-acm.c
-+++ b/drivers/usb/class/cdc-acm.c
-@@ -1551,6 +1551,9 @@ static const struct usb_device_id acm_ids[] = {
- Maybe we should define a new
- quirk for this. */
- },
-+ { USB_DEVICE(0x0572, 0x1340), /* Conexant CX93010-2x UCMxx */
-+ .driver_info = NO_UNION_NORMAL,
-+ },
- { USB_DEVICE(0x1bbb, 0x0003), /* Alcatel OT-I650 */
- .driver_info = NO_UNION_NORMAL, /* reports zero length descriptor */
- },
-diff --git a/drivers/usb/gadget/at91_udc.c b/drivers/usb/gadget/at91_udc.c
-index 1e35963..660fd53 100644
---- a/drivers/usb/gadget/at91_udc.c
-+++ b/drivers/usb/gadget/at91_udc.c
-@@ -1699,7 +1699,7 @@ static int __devinit at91udc_probe(struct platform_device *pdev)
- int retval;
- struct resource *res;
-
-- if (!dev->platform_data) {
-+ if (!dev->platform_data && !pdev->dev.of_node) {
- /* small (so we copy it) but critical! */
- DBG("missing platform_data\n");
- return -ENODEV;
-diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c
-index d8dedc7..3639371 100644
---- a/drivers/vfio/pci/vfio_pci_intrs.c
-+++ b/drivers/vfio/pci/vfio_pci_intrs.c
-@@ -366,6 +366,17 @@ static int vfio_intx_enable(struct vfio_pci_device *vdev)
- return -ENOMEM;
-
- vdev->num_ctx = 1;
-+
-+ /*
-+ * If the virtual interrupt is masked, restore it. Devices
-+ * supporting DisINTx can be masked at the hardware level
-+ * here, non-PCI-2.3 devices will have to wait until the
-+ * interrupt is enabled.
-+ */
-+ vdev->ctx[0].masked = vdev->virq_disabled;
-+ if (vdev->pci_2_3)
-+ pci_intx(vdev->pdev, !vdev->ctx[0].masked);
-+
- vdev->irq_type = VFIO_PCI_INTX_IRQ_INDEX;
-
- return 0;
-@@ -400,25 +411,26 @@ static int vfio_intx_set_signal(struct vfio_pci_device *vdev, int fd)
- return PTR_ERR(trigger);
- }
-
-+ vdev->ctx[0].trigger = trigger;
-+
- if (!vdev->pci_2_3)
- irqflags = 0;
-
- ret = request_irq(pdev->irq, vfio_intx_handler,
- irqflags, vdev->ctx[0].name, vdev);
- if (ret) {
-+ vdev->ctx[0].trigger = NULL;
- kfree(vdev->ctx[0].name);
- eventfd_ctx_put(trigger);
- return ret;
- }
-
-- vdev->ctx[0].trigger = trigger;
--
- /*
- * INTx disable will stick across the new irq setup,
- * disable_irq won't.
- */
- spin_lock_irqsave(&vdev->irqlock, flags);
-- if (!vdev->pci_2_3 && (vdev->ctx[0].masked || vdev->virq_disabled))
-+ if (!vdev->pci_2_3 && vdev->ctx[0].masked)
- disable_irq_nosync(pdev->irq);
- spin_unlock_irqrestore(&vdev->irqlock, flags);
-
-diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c
-index 8af6414..38fcfff 100644
---- a/drivers/video/udlfb.c
-+++ b/drivers/video/udlfb.c
-@@ -647,7 +647,7 @@ static ssize_t dlfb_ops_write(struct fb_info *info, const char __user *buf,
- result = fb_sys_write(info, buf, count, ppos);
-
- if (result > 0) {
-- int start = max((int)(offset / info->fix.line_length) - 1, 0);
-+ int start = max((int)(offset / info->fix.line_length), 0);
- int lines = min((u32)((result / info->fix.line_length) + 1),
- (u32)info->var.yres);
-
-diff --git a/drivers/video/via/via_clock.c b/drivers/video/via/via_clock.c
-index af8f26b..db1e392 100644
---- a/drivers/video/via/via_clock.c
-+++ b/drivers/video/via/via_clock.c
-@@ -25,6 +25,7 @@
-
- #include <linux/kernel.h>
- #include <linux/via-core.h>
-+#include <asm/olpc.h>
- #include "via_clock.h"
- #include "global.h"
- #include "debug.h"
-@@ -289,6 +290,10 @@ static void dummy_set_pll(struct via_pll_config config)
- printk(KERN_INFO "Using undocumented set PLL.\n%s", via_slap);
- }
-
-+static void noop_set_clock_state(u8 state)
-+{
-+}
-+
- void via_clock_init(struct via_clock *clock, int gfx_chip)
- {
- switch (gfx_chip) {
-@@ -346,4 +351,18 @@ void via_clock_init(struct via_clock *clock, int gfx_chip)
- break;
-
- }
-+
-+ if (machine_is_olpc()) {
-+ /* The OLPC XO-1.5 cannot suspend/resume reliably if the
-+ * IGA1/IGA2 clocks are set as on or off (memory rot
-+ * occasionally happens during suspend under such
-+ * configurations).
-+ *
-+ * The only known stable scenario is to leave this bits as-is,
-+ * which in their default states are documented to enable the
-+ * clock only when it is needed.
-+ */
-+ clock->set_primary_clock_state = noop_set_clock_state;
-+ clock->set_secondary_clock_state = noop_set_clock_state;
-+ }
- }
-diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
-index bce15cf..ca373d1 100644
---- a/drivers/xen/xenbus/xenbus_xs.c
-+++ b/drivers/xen/xenbus/xenbus_xs.c
-@@ -47,6 +47,7 @@
- #include <xen/xenbus.h>
- #include <xen/xen.h>
- #include "xenbus_comms.h"
-+#include <asm/xen/hypervisor.h>
-
- struct xs_stored_msg {
- struct list_head list;
-@@ -617,7 +618,24 @@ static struct xenbus_watch *find_watch(const char *token)
-
- return NULL;
- }
-+/*
-+ * Certain older XenBus toolstack cannot handle reading values that are
-+ * not populated. Some Xen 3.4 installation are incapable of doing this
-+ * so if we are running on anything older than 4 do not attempt to read
-+ * control/platform-feature-xs_reset_watches.
-+ */
-+static bool xen_strict_xenbus_quirk()
-+{
-+ uint32_t eax, ebx, ecx, edx, base;
-+
-+ base = xen_cpuid_base();
-+ cpuid(base + 1, &eax, &ebx, &ecx, &edx);
-
-+ if ((eax >> 16) < 4)
-+ return true;
-+ return false;
-+
-+}
- static void xs_reset_watches(void)
- {
- int err, supported = 0;
-@@ -625,6 +643,9 @@ static void xs_reset_watches(void)
- if (!xen_hvm_domain())
- return;
-
-+ if (xen_strict_xenbus_quirk())
-+ return;
-+
- err = xenbus_scanf(XBT_NIL, "control",
- "platform-feature-xs_reset_watches", "%d", &supported);
- if (err != 1 || !supported)
-diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
-index e7396cf..91b1165 100644
---- a/fs/autofs4/root.c
-+++ b/fs/autofs4/root.c
-@@ -392,10 +392,12 @@ static struct vfsmount *autofs4_d_automount(struct path *path)
- ino->flags |= AUTOFS_INF_PENDING;
- spin_unlock(&sbi->fs_lock);
- status = autofs4_mount_wait(dentry);
-- if (status)
-- return ERR_PTR(status);
- spin_lock(&sbi->fs_lock);
- ino->flags &= ~AUTOFS_INF_PENDING;
-+ if (status) {
-+ spin_unlock(&sbi->fs_lock);
-+ return ERR_PTR(status);
-+ }
- }
- done:
- if (!(ino->flags & AUTOFS_INF_EXPIRING)) {
-diff --git a/fs/ceph/export.c b/fs/ceph/export.c
-index 8e1b60e..02ce909 100644
---- a/fs/ceph/export.c
-+++ b/fs/ceph/export.c
-@@ -99,7 +99,7 @@ static int ceph_encode_fh(struct inode *inode, u32 *rawfh, int *max_len,
- * FIXME: we should try harder by querying the mds for the ino.
- */
- static struct dentry *__fh_to_dentry(struct super_block *sb,
-- struct ceph_nfs_fh *fh)
-+ struct ceph_nfs_fh *fh, int fh_len)
- {
- struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc;
- struct inode *inode;
-@@ -107,6 +107,9 @@ static struct dentry *__fh_to_dentry(struct super_block *sb,
- struct ceph_vino vino;
- int err;
-
-+ if (fh_len < sizeof(*fh) / 4)
-+ return ERR_PTR(-ESTALE);
-+
- dout("__fh_to_dentry %llx\n", fh->ino);
- vino.ino = fh->ino;
- vino.snap = CEPH_NOSNAP;
-@@ -150,7 +153,7 @@ static struct dentry *__fh_to_dentry(struct super_block *sb,
- * convert connectable fh to dentry
- */
- static struct dentry *__cfh_to_dentry(struct super_block *sb,
-- struct ceph_nfs_confh *cfh)
-+ struct ceph_nfs_confh *cfh, int fh_len)
- {
- struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc;
- struct inode *inode;
-@@ -158,6 +161,9 @@ static struct dentry *__cfh_to_dentry(struct super_block *sb,
- struct ceph_vino vino;
- int err;
-
-+ if (fh_len < sizeof(*cfh) / 4)
-+ return ERR_PTR(-ESTALE);
-+
- dout("__cfh_to_dentry %llx (%llx/%x)\n",
- cfh->ino, cfh->parent_ino, cfh->parent_name_hash);
-
-@@ -207,9 +213,11 @@ static struct dentry *ceph_fh_to_dentry(struct super_block *sb, struct fid *fid,
- int fh_len, int fh_type)
- {
- if (fh_type == 1)
-- return __fh_to_dentry(sb, (struct ceph_nfs_fh *)fid->raw);
-+ return __fh_to_dentry(sb, (struct ceph_nfs_fh *)fid->raw,
-+ fh_len);
- else
-- return __cfh_to_dentry(sb, (struct ceph_nfs_confh *)fid->raw);
-+ return __cfh_to_dentry(sb, (struct ceph_nfs_confh *)fid->raw,
-+ fh_len);
- }
-
- /*
-@@ -230,6 +238,8 @@ static struct dentry *ceph_fh_to_parent(struct super_block *sb,
-
- if (fh_type == 1)
- return ERR_PTR(-ESTALE);
-+ if (fh_len < sizeof(*cfh) / 4)
-+ return ERR_PTR(-ESTALE);
-
- pr_debug("fh_to_parent %llx/%d\n", cfh->parent_ino,
- cfh->parent_name_hash);
-diff --git a/fs/gfs2/export.c b/fs/gfs2/export.c
-index e8ed6d4..4767774 100644
---- a/fs/gfs2/export.c
-+++ b/fs/gfs2/export.c
-@@ -161,6 +161,8 @@ static struct dentry *gfs2_fh_to_dentry(struct super_block *sb, struct fid *fid,
- case GFS2_SMALL_FH_SIZE:
- case GFS2_LARGE_FH_SIZE:
- case GFS2_OLD_FH_SIZE:
-+ if (fh_len < GFS2_SMALL_FH_SIZE)
-+ return NULL;
- this.no_formal_ino = ((u64)be32_to_cpu(fh[0])) << 32;
- this.no_formal_ino |= be32_to_cpu(fh[1]);
- this.no_addr = ((u64)be32_to_cpu(fh[2])) << 32;
-@@ -180,6 +182,8 @@ static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid *fid,
- switch (fh_type) {
- case GFS2_LARGE_FH_SIZE:
- case GFS2_OLD_FH_SIZE:
-+ if (fh_len < GFS2_LARGE_FH_SIZE)
-+ return NULL;
- parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;
- parent.no_formal_ino |= be32_to_cpu(fh[5]);
- parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;
-diff --git a/fs/isofs/export.c b/fs/isofs/export.c
-index 1d38044..2b4f235 100644
---- a/fs/isofs/export.c
-+++ b/fs/isofs/export.c
-@@ -175,7 +175,7 @@ static struct dentry *isofs_fh_to_parent(struct super_block *sb,
- {
- struct isofs_fid *ifid = (struct isofs_fid *)fid;
-
-- if (fh_type != 2)
-+ if (fh_len < 2 || fh_type != 2)
- return NULL;
-
- return isofs_export_iget(sb,
-diff --git a/fs/jbd/commit.c b/fs/jbd/commit.c
-index 52c15c7..86b39b1 100644
---- a/fs/jbd/commit.c
-+++ b/fs/jbd/commit.c
-@@ -86,7 +86,12 @@ nope:
- static void release_data_buffer(struct buffer_head *bh)
- {
- if (buffer_freed(bh)) {
-+ WARN_ON_ONCE(buffer_dirty(bh));
- clear_buffer_freed(bh);
-+ clear_buffer_mapped(bh);
-+ clear_buffer_new(bh);
-+ clear_buffer_req(bh);
-+ bh->b_bdev = NULL;
- release_buffer_page(bh);
- } else
- put_bh(bh);
-@@ -866,17 +871,35 @@ restart_loop:
- * there's no point in keeping a checkpoint record for
- * it. */
-
-- /* A buffer which has been freed while still being
-- * journaled by a previous transaction may end up still
-- * being dirty here, but we want to avoid writing back
-- * that buffer in the future after the "add to orphan"
-- * operation been committed, That's not only a performance
-- * gain, it also stops aliasing problems if the buffer is
-- * left behind for writeback and gets reallocated for another
-- * use in a different page. */
-- if (buffer_freed(bh) && !jh->b_next_transaction) {
-- clear_buffer_freed(bh);
-- clear_buffer_jbddirty(bh);
-+ /*
-+ * A buffer which has been freed while still being journaled by
-+ * a previous transaction.
-+ */
-+ if (buffer_freed(bh)) {
-+ /*
-+ * If the running transaction is the one containing
-+ * "add to orphan" operation (b_next_transaction !=
-+ * NULL), we have to wait for that transaction to
-+ * commit before we can really get rid of the buffer.
-+ * So just clear b_modified to not confuse transaction
-+ * credit accounting and refile the buffer to
-+ * BJ_Forget of the running transaction. If the just
-+ * committed transaction contains "add to orphan"
-+ * operation, we can completely invalidate the buffer
-+ * now. We are rather throughout in that since the
-+ * buffer may be still accessible when blocksize <
-+ * pagesize and it is attached to the last partial
-+ * page.
-+ */
-+ jh->b_modified = 0;
-+ if (!jh->b_next_transaction) {
-+ clear_buffer_freed(bh);
-+ clear_buffer_jbddirty(bh);
-+ clear_buffer_mapped(bh);
-+ clear_buffer_new(bh);
-+ clear_buffer_req(bh);
-+ bh->b_bdev = NULL;
-+ }
- }
-
- if (buffer_jbddirty(bh)) {
-diff --git a/fs/jbd/transaction.c b/fs/jbd/transaction.c
-index febc10d..78b7f84 100644
---- a/fs/jbd/transaction.c
-+++ b/fs/jbd/transaction.c
-@@ -1843,15 +1843,16 @@ static int __dispose_buffer(struct journal_head *jh, transaction_t *transaction)
- * We're outside-transaction here. Either or both of j_running_transaction
- * and j_committing_transaction may be NULL.
- */
--static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
-+static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
-+ int partial_page)
- {
- transaction_t *transaction;
- struct journal_head *jh;
- int may_free = 1;
-- int ret;
-
- BUFFER_TRACE(bh, "entry");
-
-+retry:
- /*
- * It is safe to proceed here without the j_list_lock because the
- * buffers cannot be stolen by try_to_free_buffers as long as we are
-@@ -1879,10 +1880,18 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
- * clear the buffer dirty bit at latest at the moment when the
- * transaction marking the buffer as freed in the filesystem
- * structures is committed because from that moment on the
-- * buffer can be reallocated and used by a different page.
-+ * block can be reallocated and used by a different page.
- * Since the block hasn't been freed yet but the inode has
- * already been added to orphan list, it is safe for us to add
- * the buffer to BJ_Forget list of the newest transaction.
-+ *
-+ * Also we have to clear buffer_mapped flag of a truncated buffer
-+ * because the buffer_head may be attached to the page straddling
-+ * i_size (can happen only when blocksize < pagesize) and thus the
-+ * buffer_head can be reused when the file is extended again. So we end
-+ * up keeping around invalidated buffers attached to transactions'
-+ * BJ_Forget list just to stop checkpointing code from cleaning up
-+ * the transaction this buffer was modified in.
- */
- transaction = jh->b_transaction;
- if (transaction == NULL) {
-@@ -1909,13 +1918,9 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
- * committed, the buffer won't be needed any
- * longer. */
- JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
-- ret = __dispose_buffer(jh,
-+ may_free = __dispose_buffer(jh,
- journal->j_running_transaction);
-- journal_put_journal_head(jh);
-- spin_unlock(&journal->j_list_lock);
-- jbd_unlock_bh_state(bh);
-- spin_unlock(&journal->j_state_lock);
-- return ret;
-+ goto zap_buffer;
- } else {
- /* There is no currently-running transaction. So the
- * orphan record which we wrote for this file must have
-@@ -1923,13 +1928,9 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
- * the committing transaction, if it exists. */
- if (journal->j_committing_transaction) {
- JBUFFER_TRACE(jh, "give to committing trans");
-- ret = __dispose_buffer(jh,
-+ may_free = __dispose_buffer(jh,
- journal->j_committing_transaction);
-- journal_put_journal_head(jh);
-- spin_unlock(&journal->j_list_lock);
-- jbd_unlock_bh_state(bh);
-- spin_unlock(&journal->j_state_lock);
-- return ret;
-+ goto zap_buffer;
- } else {
- /* The orphan record's transaction has
- * committed. We can cleanse this buffer */
-@@ -1950,10 +1951,24 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
- }
- /*
- * The buffer is committing, we simply cannot touch
-- * it. So we just set j_next_transaction to the
-- * running transaction (if there is one) and mark
-- * buffer as freed so that commit code knows it should
-- * clear dirty bits when it is done with the buffer.
-+ * it. If the page is straddling i_size we have to wait
-+ * for commit and try again.
-+ */
-+ if (partial_page) {
-+ tid_t tid = journal->j_committing_transaction->t_tid;
-+
-+ journal_put_journal_head(jh);
-+ spin_unlock(&journal->j_list_lock);
-+ jbd_unlock_bh_state(bh);
-+ spin_unlock(&journal->j_state_lock);
-+ log_wait_commit(journal, tid);
-+ goto retry;
-+ }
-+ /*
-+ * OK, buffer won't be reachable after truncate. We just set
-+ * j_next_transaction to the running transaction (if there is
-+ * one) and mark buffer as freed so that commit code knows it
-+ * should clear dirty bits when it is done with the buffer.
- */
- set_buffer_freed(bh);
- if (journal->j_running_transaction && buffer_jbddirty(bh))
-@@ -1976,6 +1991,14 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
- }
-
- zap_buffer:
-+ /*
-+ * This is tricky. Although the buffer is truncated, it may be reused
-+ * if blocksize < pagesize and it is attached to the page straddling
-+ * EOF. Since the buffer might have been added to BJ_Forget list of the
-+ * running transaction, journal_get_write_access() won't clear
-+ * b_modified and credit accounting gets confused. So clear b_modified
-+ * here. */
-+ jh->b_modified = 0;
- journal_put_journal_head(jh);
- zap_buffer_no_jh:
- spin_unlock(&journal->j_list_lock);
-@@ -2024,7 +2047,8 @@ void journal_invalidatepage(journal_t *journal,
- if (offset <= curr_off) {
- /* This block is wholly outside the truncation point */
- lock_buffer(bh);
-- may_free &= journal_unmap_buffer(journal, bh);
-+ may_free &= journal_unmap_buffer(journal, bh,
-+ offset > 0);
- unlock_buffer(bh);
- }
- curr_off = next_off;
-diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
-index 7ef14b3..e4fb3ba 100644
---- a/fs/lockd/mon.c
-+++ b/fs/lockd/mon.c
-@@ -7,7 +7,6 @@
- */
-
- #include <linux/types.h>
--#include <linux/utsname.h>
- #include <linux/kernel.h>
- #include <linux/ktime.h>
- #include <linux/slab.h>
-@@ -19,6 +18,8 @@
-
- #include <asm/unaligned.h>
-
-+#include "netns.h"
-+
- #define NLMDBG_FACILITY NLMDBG_MONITOR
- #define NSM_PROGRAM 100024
- #define NSM_VERSION 1
-@@ -40,6 +41,7 @@ struct nsm_args {
- u32 proc;
-
- char *mon_name;
-+ char *nodename;
- };
-
- struct nsm_res {
-@@ -70,7 +72,7 @@ static struct rpc_clnt *nsm_create(struct net *net)
- };
- struct rpc_create_args args = {
- .net = net,
-- .protocol = XPRT_TRANSPORT_UDP,
-+ .protocol = XPRT_TRANSPORT_TCP,
- .address = (struct sockaddr *)&sin,
- .addrsize = sizeof(sin),
- .servername = "rpc.statd",
-@@ -83,10 +85,54 @@ static struct rpc_clnt *nsm_create(struct net *net)
- return rpc_create(&args);
- }
-
--static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res,
-- struct net *net)
-+static struct rpc_clnt *nsm_client_get(struct net *net)
- {
-+ static DEFINE_MUTEX(nsm_create_mutex);
- struct rpc_clnt *clnt;
-+ struct lockd_net *ln = net_generic(net, lockd_net_id);
-+
-+ spin_lock(&ln->nsm_clnt_lock);
-+ if (ln->nsm_users) {
-+ ln->nsm_users++;
-+ clnt = ln->nsm_clnt;
-+ spin_unlock(&ln->nsm_clnt_lock);
-+ goto out;
-+ }
-+ spin_unlock(&ln->nsm_clnt_lock);
-+
-+ mutex_lock(&nsm_create_mutex);
-+ clnt = nsm_create(net);
-+ if (!IS_ERR(clnt)) {
-+ ln->nsm_clnt = clnt;
-+ smp_wmb();
-+ ln->nsm_users = 1;
-+ }
-+ mutex_unlock(&nsm_create_mutex);
-+out:
-+ return clnt;
-+}
-+
-+static void nsm_client_put(struct net *net)
-+{
-+ struct lockd_net *ln = net_generic(net, lockd_net_id);
-+ struct rpc_clnt *clnt = ln->nsm_clnt;
-+ int shutdown = 0;
-+
-+ spin_lock(&ln->nsm_clnt_lock);
-+ if (ln->nsm_users) {
-+ if (--ln->nsm_users)
-+ ln->nsm_clnt = NULL;
-+ shutdown = !ln->nsm_users;
-+ }
-+ spin_unlock(&ln->nsm_clnt_lock);
-+
-+ if (shutdown)
-+ rpc_shutdown_client(clnt);
-+}
-+
-+static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res,
-+ struct rpc_clnt *clnt)
-+{
- int status;
- struct nsm_args args = {
- .priv = &nsm->sm_priv,
-@@ -94,31 +140,24 @@ static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res,
- .vers = 3,
- .proc = NLMPROC_NSM_NOTIFY,
- .mon_name = nsm->sm_mon_name,
-+ .nodename = clnt->cl_nodename,
- };
- struct rpc_message msg = {
- .rpc_argp = &args,
- .rpc_resp = res,
- };
-
-- clnt = nsm_create(net);
-- if (IS_ERR(clnt)) {
-- status = PTR_ERR(clnt);
-- dprintk("lockd: failed to create NSM upcall transport, "
-- "status=%d\n", status);
-- goto out;
-- }
-+ BUG_ON(clnt == NULL);
-
- memset(res, 0, sizeof(*res));
-
- msg.rpc_proc = &clnt->cl_procinfo[proc];
-- status = rpc_call_sync(clnt, &msg, 0);
-+ status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN);
- if (status < 0)
- dprintk("lockd: NSM upcall RPC failed, status=%d\n",
- status);
- else
- status = 0;
-- rpc_shutdown_client(clnt);
-- out:
- return status;
- }
-
-@@ -138,6 +177,7 @@ int nsm_monitor(const struct nlm_host *host)
- struct nsm_handle *nsm = host->h_nsmhandle;
- struct nsm_res res;
- int status;
-+ struct rpc_clnt *clnt;
-
- dprintk("lockd: nsm_monitor(%s)\n", nsm->sm_name);
-
-@@ -150,7 +190,15 @@ int nsm_monitor(const struct nlm_host *host)
- */
- nsm->sm_mon_name = nsm_use_hostnames ? nsm->sm_name : nsm->sm_addrbuf;
-
-- status = nsm_mon_unmon(nsm, NSMPROC_MON, &res, host->net);
-+ clnt = nsm_client_get(host->net);
-+ if (IS_ERR(clnt)) {
-+ status = PTR_ERR(clnt);
-+ dprintk("lockd: failed to create NSM upcall transport, "
-+ "status=%d, net=%p\n", status, host->net);
-+ return status;
-+ }
-+
-+ status = nsm_mon_unmon(nsm, NSMPROC_MON, &res, clnt);
- if (unlikely(res.status != 0))
- status = -EIO;
- if (unlikely(status < 0)) {
-@@ -182,9 +230,11 @@ void nsm_unmonitor(const struct nlm_host *host)
-
- if (atomic_read(&nsm->sm_count) == 1
- && nsm->sm_monitored && !nsm->sm_sticky) {
-+ struct lockd_net *ln = net_generic(host->net, lockd_net_id);
-+
- dprintk("lockd: nsm_unmonitor(%s)\n", nsm->sm_name);
-
-- status = nsm_mon_unmon(nsm, NSMPROC_UNMON, &res, host->net);
-+ status = nsm_mon_unmon(nsm, NSMPROC_UNMON, &res, ln->nsm_clnt);
- if (res.status != 0)
- status = -EIO;
- if (status < 0)
-@@ -192,6 +242,8 @@ void nsm_unmonitor(const struct nlm_host *host)
- nsm->sm_name);
- else
- nsm->sm_monitored = 0;
-+
-+ nsm_client_put(host->net);
- }
- }
-
-@@ -430,7 +482,7 @@ static void encode_my_id(struct xdr_stream *xdr, const struct nsm_args *argp)
- {
- __be32 *p;
-
-- encode_nsm_string(xdr, utsname()->nodename);
-+ encode_nsm_string(xdr, argp->nodename);
- p = xdr_reserve_space(xdr, 4 + 4 + 4);
- *p++ = cpu_to_be32(argp->prog);
- *p++ = cpu_to_be32(argp->vers);
-diff --git a/fs/lockd/netns.h b/fs/lockd/netns.h
-index 4eee248..5010b55 100644
---- a/fs/lockd/netns.h
-+++ b/fs/lockd/netns.h
-@@ -12,6 +12,10 @@ struct lockd_net {
- struct delayed_work grace_period_end;
- struct lock_manager lockd_manager;
- struct list_head grace_list;
-+
-+ spinlock_t nsm_clnt_lock;
-+ unsigned int nsm_users;
-+ struct rpc_clnt *nsm_clnt;
- };
-
- extern int lockd_net_id;
-diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
-index 31a63f8..7e35587 100644
---- a/fs/lockd/svc.c
-+++ b/fs/lockd/svc.c
-@@ -596,6 +596,7 @@ static int lockd_init_net(struct net *net)
-
- INIT_DELAYED_WORK(&ln->grace_period_end, grace_ender);
- INIT_LIST_HEAD(&ln->grace_list);
-+ spin_lock_init(&ln->nsm_clnt_lock);
- return 0;
- }
-
-diff --git a/fs/namei.c b/fs/namei.c
-index dd1ed1b..81bd546 100644
---- a/fs/namei.c
-+++ b/fs/namei.c
-@@ -692,9 +692,9 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd)
- if (parent->i_uid == inode->i_uid)
- return 0;
-
-+ audit_log_link_denied("follow_link", link);
- path_put_conditional(link, nd);
- path_put(&nd->path);
-- audit_log_link_denied("follow_link", link);
- return -EACCES;
- }
-
-diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c
-index dd392ed..f3d16ad 100644
---- a/fs/nfs/blocklayout/blocklayout.c
-+++ b/fs/nfs/blocklayout/blocklayout.c
-@@ -162,25 +162,39 @@ static struct bio *bl_alloc_init_bio(int npg, sector_t isect,
- return bio;
- }
-
--static struct bio *bl_add_page_to_bio(struct bio *bio, int npg, int rw,
-+static struct bio *do_add_page_to_bio(struct bio *bio, int npg, int rw,
- sector_t isect, struct page *page,
- struct pnfs_block_extent *be,
- void (*end_io)(struct bio *, int err),
-- struct parallel_io *par)
-+ struct parallel_io *par,
-+ unsigned int offset, int len)
- {
-+ isect = isect + (offset >> SECTOR_SHIFT);
-+ dprintk("%s: npg %d rw %d isect %llu offset %u len %d\n", __func__,
-+ npg, rw, (unsigned long long)isect, offset, len);
- retry:
- if (!bio) {
- bio = bl_alloc_init_bio(npg, isect, be, end_io, par);
- if (!bio)
- return ERR_PTR(-ENOMEM);
- }
-- if (bio_add_page(bio, page, PAGE_CACHE_SIZE, 0) < PAGE_CACHE_SIZE) {
-+ if (bio_add_page(bio, page, len, offset) < len) {
- bio = bl_submit_bio(rw, bio);
- goto retry;
- }
- return bio;
- }
-
-+static struct bio *bl_add_page_to_bio(struct bio *bio, int npg, int rw,
-+ sector_t isect, struct page *page,
-+ struct pnfs_block_extent *be,
-+ void (*end_io)(struct bio *, int err),
-+ struct parallel_io *par)
-+{
-+ return do_add_page_to_bio(bio, npg, rw, isect, page, be,
-+ end_io, par, 0, PAGE_CACHE_SIZE);
-+}
-+
- /* This is basically copied from mpage_end_io_read */
- static void bl_end_io_read(struct bio *bio, int err)
- {
-@@ -461,6 +475,106 @@ map_block(struct buffer_head *bh, sector_t isect, struct pnfs_block_extent *be)
- return;
- }
-
-+static void
-+bl_read_single_end_io(struct bio *bio, int error)
-+{
-+ struct bio_vec *bvec = bio->bi_io_vec + bio->bi_vcnt - 1;
-+ struct page *page = bvec->bv_page;
-+
-+ /* Only one page in bvec */
-+ unlock_page(page);
-+}
-+
-+static int
-+bl_do_readpage_sync(struct page *page, struct pnfs_block_extent *be,
-+ unsigned int offset, unsigned int len)
-+{
-+ struct bio *bio;
-+ struct page *shadow_page;
-+ sector_t isect;
-+ char *kaddr, *kshadow_addr;
-+ int ret = 0;
-+
-+ dprintk("%s: offset %u len %u\n", __func__, offset, len);
-+
-+ shadow_page = alloc_page(GFP_NOFS | __GFP_HIGHMEM);
-+ if (shadow_page == NULL)
-+ return -ENOMEM;
-+
-+ bio = bio_alloc(GFP_NOIO, 1);
-+ if (bio == NULL)
-+ return -ENOMEM;
-+
-+ isect = (page->index << PAGE_CACHE_SECTOR_SHIFT) +
-+ (offset / SECTOR_SIZE);
-+
-+ bio->bi_sector = isect - be->be_f_offset + be->be_v_offset;
-+ bio->bi_bdev = be->be_mdev;
-+ bio->bi_end_io = bl_read_single_end_io;
-+
-+ lock_page(shadow_page);
-+ if (bio_add_page(bio, shadow_page,
-+ SECTOR_SIZE, round_down(offset, SECTOR_SIZE)) == 0) {
-+ unlock_page(shadow_page);
-+ bio_put(bio);
-+ return -EIO;
-+ }
-+
-+ submit_bio(READ, bio);
-+ wait_on_page_locked(shadow_page);
-+ if (unlikely(!test_bit(BIO_UPTODATE, &bio->bi_flags))) {
-+ ret = -EIO;
-+ } else {
-+ kaddr = kmap_atomic(page);
-+ kshadow_addr = kmap_atomic(shadow_page);
-+ memcpy(kaddr + offset, kshadow_addr + offset, len);
-+ kunmap_atomic(kshadow_addr);
-+ kunmap_atomic(kaddr);
-+ }
-+ __free_page(shadow_page);
-+ bio_put(bio);
-+
-+ return ret;
-+}
-+
-+static int
-+bl_read_partial_page_sync(struct page *page, struct pnfs_block_extent *be,
-+ unsigned int dirty_offset, unsigned int dirty_len,
-+ bool full_page)
-+{
-+ int ret = 0;
-+ unsigned int start, end;
-+
-+ if (full_page) {
-+ start = 0;
-+ end = PAGE_CACHE_SIZE;
-+ } else {
-+ start = round_down(dirty_offset, SECTOR_SIZE);
-+ end = round_up(dirty_offset + dirty_len, SECTOR_SIZE);
-+ }
-+
-+ dprintk("%s: offset %u len %d\n", __func__, dirty_offset, dirty_len);
-+ if (!be) {
-+ zero_user_segments(page, start, dirty_offset,
-+ dirty_offset + dirty_len, end);
-+ if (start == 0 && end == PAGE_CACHE_SIZE &&
-+ trylock_page(page)) {
-+ SetPageUptodate(page);
-+ unlock_page(page);
-+ }
-+ return ret;
-+ }
-+
-+ if (start != dirty_offset)
-+ ret = bl_do_readpage_sync(page, be, start, dirty_offset - start);
-+
-+ if (!ret && (dirty_offset + dirty_len < end))
-+ ret = bl_do_readpage_sync(page, be, dirty_offset + dirty_len,
-+ end - dirty_offset - dirty_len);
-+
-+ return ret;
-+}
-+
- /* Given an unmapped page, zero it or read in page for COW, page is locked
- * by caller.
- */
-@@ -494,7 +608,6 @@ init_page_for_write(struct page *page, struct pnfs_block_extent *cow_read)
- SetPageUptodate(page);
-
- cleanup:
-- bl_put_extent(cow_read);
- if (bh)
- free_buffer_head(bh);
- if (ret) {
-@@ -566,6 +679,7 @@ bl_write_pagelist(struct nfs_write_data *wdata, int sync)
- struct parallel_io *par = NULL;
- loff_t offset = wdata->args.offset;
- size_t count = wdata->args.count;
-+ unsigned int pg_offset, pg_len, saved_len;
- struct page **pages = wdata->args.pages;
- struct page *page;
- pgoff_t index;
-@@ -674,10 +788,11 @@ next_page:
- if (!extent_length) {
- /* We've used up the previous extent */
- bl_put_extent(be);
-+ bl_put_extent(cow_read);
- bio = bl_submit_bio(WRITE, bio);
- /* Get the next one */
- be = bl_find_get_extent(BLK_LSEG2EXT(header->lseg),
-- isect, NULL);
-+ isect, &cow_read);
- if (!be || !is_writable(be, isect)) {
- header->pnfs_error = -EINVAL;
- goto out;
-@@ -694,7 +809,26 @@ next_page:
- extent_length = be->be_length -
- (isect - be->be_f_offset);
- }
-- if (be->be_state == PNFS_BLOCK_INVALID_DATA) {
-+
-+ dprintk("%s offset %lld count %Zu\n", __func__, offset, count);
-+ pg_offset = offset & ~PAGE_CACHE_MASK;
-+ if (pg_offset + count > PAGE_CACHE_SIZE)
-+ pg_len = PAGE_CACHE_SIZE - pg_offset;
-+ else
-+ pg_len = count;
-+
-+ saved_len = pg_len;
-+ if (be->be_state == PNFS_BLOCK_INVALID_DATA &&
-+ !bl_is_sector_init(be->be_inval, isect)) {
-+ ret = bl_read_partial_page_sync(pages[i], cow_read,
-+ pg_offset, pg_len, true);
-+ if (ret) {
-+ dprintk("%s bl_read_partial_page_sync fail %d\n",
-+ __func__, ret);
-+ header->pnfs_error = ret;
-+ goto out;
-+ }
-+
- ret = bl_mark_sectors_init(be->be_inval, isect,
- PAGE_CACHE_SECTORS);
- if (unlikely(ret)) {
-@@ -703,15 +837,35 @@ next_page:
- header->pnfs_error = ret;
- goto out;
- }
-+
-+ /* Expand to full page write */
-+ pg_offset = 0;
-+ pg_len = PAGE_CACHE_SIZE;
-+ } else if ((pg_offset & (SECTOR_SIZE - 1)) ||
-+ (pg_len & (SECTOR_SIZE - 1))){
-+ /* ahh, nasty case. We have to do sync full sector
-+ * read-modify-write cycles.
-+ */
-+ unsigned int saved_offset = pg_offset;
-+ ret = bl_read_partial_page_sync(pages[i], be, pg_offset,
-+ pg_len, false);
-+ pg_offset = round_down(pg_offset, SECTOR_SIZE);
-+ pg_len = round_up(saved_offset + pg_len, SECTOR_SIZE)
-+ - pg_offset;
- }
-- bio = bl_add_page_to_bio(bio, wdata->pages.npages - i, WRITE,
-+
-+
-+ bio = do_add_page_to_bio(bio, wdata->pages.npages - i, WRITE,
- isect, pages[i], be,
-- bl_end_io_write, par);
-+ bl_end_io_write, par,
-+ pg_offset, pg_len);
- if (IS_ERR(bio)) {
- header->pnfs_error = PTR_ERR(bio);
- bio = NULL;
- goto out;
- }
-+ offset += saved_len;
-+ count -= saved_len;
- isect += PAGE_CACHE_SECTORS;
- last_isect = isect;
- extent_length -= PAGE_CACHE_SECTORS;
-@@ -729,17 +883,16 @@ next_page:
- }
-
- write_done:
-- wdata->res.count = (last_isect << SECTOR_SHIFT) - (offset);
-- if (count < wdata->res.count) {
-- wdata->res.count = count;
-- }
-+ wdata->res.count = wdata->args.count;
- out:
- bl_put_extent(be);
-+ bl_put_extent(cow_read);
- bl_submit_bio(WRITE, bio);
- put_parallel(par);
- return PNFS_ATTEMPTED;
- out_mds:
- bl_put_extent(be);
-+ bl_put_extent(cow_read);
- kfree(par);
- return PNFS_NOT_ATTEMPTED;
- }
-diff --git a/fs/nfs/blocklayout/blocklayout.h b/fs/nfs/blocklayout/blocklayout.h
-index 0335069..39bb51a 100644
---- a/fs/nfs/blocklayout/blocklayout.h
-+++ b/fs/nfs/blocklayout/blocklayout.h
-@@ -41,6 +41,7 @@
-
- #define PAGE_CACHE_SECTORS (PAGE_CACHE_SIZE >> SECTOR_SHIFT)
- #define PAGE_CACHE_SECTOR_SHIFT (PAGE_CACHE_SHIFT - SECTOR_SHIFT)
-+#define SECTOR_SIZE (1 << SECTOR_SHIFT)
-
- struct block_mount_id {
- spinlock_t bm_lock; /* protects list */
-diff --git a/fs/nfs/client.c b/fs/nfs/client.c
-index 9969444..0e7cd89 100644
---- a/fs/nfs/client.c
-+++ b/fs/nfs/client.c
-@@ -855,7 +855,6 @@ static void nfs_server_set_fsinfo(struct nfs_server *server,
- if (server->wsize > NFS_MAX_FILE_IO_SIZE)
- server->wsize = NFS_MAX_FILE_IO_SIZE;
- server->wpages = (server->wsize + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
-- server->pnfs_blksize = fsinfo->blksize;
-
- server->wtmult = nfs_block_bits(fsinfo->wtmult, NULL);
-
-diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
-index 1e50326..d5a0cf1 100644
---- a/fs/nfs/nfs4proc.c
-+++ b/fs/nfs/nfs4proc.c
-@@ -1774,7 +1774,11 @@ static void nfs41_clear_delegation_stateid(struct nfs4_state *state)
- * informs us the stateid is unrecognized. */
- if (status != -NFS4ERR_BAD_STATEID)
- nfs41_free_stateid(server, stateid);
-+ nfs_remove_bad_delegation(state->inode);
-
-+ write_seqlock(&state->seqlock);
-+ nfs4_stateid_copy(&state->stateid, &state->open_stateid);
-+ write_sequnlock(&state->seqlock);
- clear_bit(NFS_DELEGATED_STATE, &state->flags);
- }
- }
-@@ -3362,8 +3366,11 @@ static int nfs4_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, s
-
- nfs_fattr_init(fsinfo->fattr);
- error = nfs4_do_fsinfo(server, fhandle, fsinfo);
-- if (error == 0)
-+ if (error == 0) {
-+ /* block layout checks this! */
-+ server->pnfs_blksize = fsinfo->blksize;
- set_pnfs_layoutdriver(server, fhandle, fsinfo->layouttype);
-+ }
-
- return error;
- }
-diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c
-index fdc91a6..ccfe0d0 100644
---- a/fs/nfsd/nfs4idmap.c
-+++ b/fs/nfsd/nfs4idmap.c
-@@ -598,7 +598,7 @@ numeric_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namel
- /* Just to make sure it's null-terminated: */
- memcpy(buf, name, namelen);
- buf[namelen] = '\0';
-- ret = kstrtouint(name, 10, id);
-+ ret = kstrtouint(buf, 10, id);
- return ret == 0;
- }
-
-diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
-index cc894ed..5b3224c 100644
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -1223,10 +1223,26 @@ static bool groups_equal(struct group_info *g1, struct group_info *g2)
- return true;
- }
-
-+/*
-+ * RFC 3530 language requires clid_inuse be returned when the
-+ * "principal" associated with a requests differs from that previously
-+ * used. We use uid, gid's, and gss principal string as our best
-+ * approximation. We also don't want to allow non-gss use of a client
-+ * established using gss: in theory cr_principal should catch that
-+ * change, but in practice cr_principal can be null even in the gss case
-+ * since gssd doesn't always pass down a principal string.
-+ */
-+static bool is_gss_cred(struct svc_cred *cr)
-+{
-+ /* Is cr_flavor one of the gss "pseudoflavors"?: */
-+ return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR);
-+}
-+
-+
- static bool
- same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
- {
-- if ((cr1->cr_flavor != cr2->cr_flavor)
-+ if ((is_gss_cred(cr1) != is_gss_cred(cr2))
- || (cr1->cr_uid != cr2->cr_uid)
- || (cr1->cr_gid != cr2->cr_gid)
- || !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
-@@ -3766,6 +3782,7 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
- memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
-
- nfsd4_close_open_stateid(stp);
-+ release_last_closed_stateid(oo);
- oo->oo_last_closed_stid = stp;
-
- if (list_empty(&oo->oo_owner.so_stateids)) {
-diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
-index 855da58..63ce6be 100644
---- a/fs/reiserfs/inode.c
-+++ b/fs/reiserfs/inode.c
-@@ -1573,8 +1573,10 @@ struct dentry *reiserfs_fh_to_dentry(struct super_block *sb, struct fid *fid,
- reiserfs_warning(sb, "reiserfs-13077",
- "nfsd/reiserfs, fhtype=%d, len=%d - odd",
- fh_type, fh_len);
-- fh_type = 5;
-+ fh_type = fh_len;
- }
-+ if (fh_len < 2)
-+ return NULL;
-
- return reiserfs_get_dentry(sb, fid->raw[0], fid->raw[1],
- (fh_type == 3 || fh_type >= 5) ? fid->raw[2] : 0);
-@@ -1583,6 +1585,8 @@ struct dentry *reiserfs_fh_to_dentry(struct super_block *sb, struct fid *fid,
- struct dentry *reiserfs_fh_to_parent(struct super_block *sb, struct fid *fid,
- int fh_len, int fh_type)
- {
-+ if (fh_type > fh_len)
-+ fh_type = fh_len;
- if (fh_type < 4)
- return NULL;
-
-diff --git a/fs/xfs/xfs_export.c b/fs/xfs/xfs_export.c
-index 4267922..8c6d1d7 100644
---- a/fs/xfs/xfs_export.c
-+++ b/fs/xfs/xfs_export.c
-@@ -189,6 +189,9 @@ xfs_fs_fh_to_parent(struct super_block *sb, struct fid *fid,
- struct xfs_fid64 *fid64 = (struct xfs_fid64 *)fid;
- struct inode *inode = NULL;
-
-+ if (fh_len < xfs_fileid_length(fileid_type))
-+ return NULL;
-+
- switch (fileid_type) {
- case FILEID_INO32_GEN_PARENT:
- inode = xfs_nfs_get_inode(sb, fid->i32.parent_ino,
-diff --git a/include/linux/mtd/nand.h b/include/linux/mtd/nand.h
-index 57977c6..e5cf2c8 100644
---- a/include/linux/mtd/nand.h
-+++ b/include/linux/mtd/nand.h
-@@ -212,9 +212,6 @@ typedef enum {
- #define NAND_SUBPAGE_READ(chip) ((chip->ecc.mode == NAND_ECC_SOFT) \
- && (chip->page_shift > 9))
-
--/* Mask to zero out the chip options, which come from the id table */
--#define NAND_CHIPOPTIONS_MSK 0x0000ffff
--
- /* Non chip related options */
- /* This option skips the bbt scan during initialization. */
- #define NAND_SKIP_BBTSCAN 0x00010000
-diff --git a/kernel/audit.c b/kernel/audit.c
-index ea3b7b6..a8c84be 100644
---- a/kernel/audit.c
-+++ b/kernel/audit.c
-@@ -1466,6 +1466,8 @@ void audit_log_link_denied(const char *operation, struct path *link)
-
- ab = audit_log_start(current->audit_context, GFP_KERNEL,
- AUDIT_ANOM_LINK);
-+ if (!ab)
-+ return;
- audit_log_format(ab, "op=%s action=denied", operation);
- audit_log_format(ab, " pid=%d comm=", current->pid);
- audit_log_untrustedstring(ab, current->comm);
-diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
-index 0a69d2a..14ff484 100644
---- a/kernel/debug/kdb/kdb_io.c
-+++ b/kernel/debug/kdb/kdb_io.c
-@@ -552,6 +552,7 @@ int vkdb_printf(const char *fmt, va_list ap)
- {
- int diag;
- int linecount;
-+ int colcount;
- int logging, saved_loglevel = 0;
- int saved_trap_printk;
- int got_printf_lock = 0;
-@@ -584,6 +585,10 @@ int vkdb_printf(const char *fmt, va_list ap)
- if (diag || linecount <= 1)
- linecount = 24;
-
-+ diag = kdbgetintenv("COLUMNS", &colcount);
-+ if (diag || colcount <= 1)
-+ colcount = 80;
-+
- diag = kdbgetintenv("LOGGING", &logging);
- if (diag)
- logging = 0;
-@@ -690,7 +695,7 @@ kdb_printit:
- gdbstub_msg_write(kdb_buffer, retlen);
- } else {
- if (dbg_io_ops && !dbg_io_ops->is_console) {
-- len = strlen(kdb_buffer);
-+ len = retlen;
- cp = kdb_buffer;
- while (len--) {
- dbg_io_ops->write_char(*cp);
-@@ -709,11 +714,29 @@ kdb_printit:
- printk(KERN_INFO "%s", kdb_buffer);
- }
-
-- if (KDB_STATE(PAGER) && strchr(kdb_buffer, '\n'))
-- kdb_nextline++;
-+ if (KDB_STATE(PAGER)) {
-+ /*
-+ * Check printed string to decide how to bump the
-+ * kdb_nextline to control when the more prompt should
-+ * show up.
-+ */
-+ int got = 0;
-+ len = retlen;
-+ while (len--) {
-+ if (kdb_buffer[len] == '\n') {
-+ kdb_nextline++;
-+ got = 0;
-+ } else if (kdb_buffer[len] == '\r') {
-+ got = 0;
-+ } else {
-+ got++;
-+ }
-+ }
-+ kdb_nextline += got / (colcount + 1);
-+ }
-
- /* check for having reached the LINES number of printed lines */
-- if (kdb_nextline == linecount) {
-+ if (kdb_nextline >= linecount) {
- char buf1[16] = "";
-
- /* Watch out for recursion here. Any routine that calls
-@@ -765,7 +788,7 @@ kdb_printit:
- kdb_grepping_flag = 0;
- kdb_printf("\n");
- } else if (buf1[0] == ' ') {
-- kdb_printf("\n");
-+ kdb_printf("\r");
- suspend_grep = 1; /* for this recursion */
- } else if (buf1[0] == '\n') {
- kdb_nextline = linecount - 1;
-diff --git a/kernel/module.c b/kernel/module.c
-index 4edbd9c..9ad9ee9 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -2730,6 +2730,10 @@ static int check_module_license_and_versions(struct module *mod)
- if (strcmp(mod->name, "driverloader") == 0)
- add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
-
-+ /* lve claims to be GPL but upstream won't provide source */
-+ if (strcmp(mod->name, "lve") == 0)
-+ add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
-+
- #ifdef CONFIG_MODVERSIONS
- if ((mod->num_syms && !mod->crcs)
- || (mod->num_gpl_syms && !mod->gpl_crcs)
-diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c
-index 3a9e5d5..e430b97 100644
---- a/kernel/time/tick-sched.c
-+++ b/kernel/time/tick-sched.c
-@@ -835,7 +835,7 @@ static enum hrtimer_restart tick_sched_timer(struct hrtimer *timer)
- */
- if (ts->tick_stopped) {
- touch_softlockup_watchdog();
-- if (idle_cpu(cpu))
-+ if (is_idle_task(current))
- ts->idle_jiffies++;
- }
- update_process_times(user_mode(regs));
-diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index d3b91e7..f791637 100644
---- a/kernel/time/timekeeping.c
-+++ b/kernel/time/timekeeping.c
-@@ -1111,7 +1111,7 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset,
- accumulate_nsecs_to_secs(tk);
-
- /* Accumulate raw time */
-- raw_nsecs = tk->raw_interval << shift;
-+ raw_nsecs = (u64)tk->raw_interval << shift;
- raw_nsecs += tk->raw_time.tv_nsec;
- if (raw_nsecs >= NSEC_PER_SEC) {
- u64 raw_secs = raw_nsecs;
-diff --git a/kernel/timer.c b/kernel/timer.c
-index 8c5e7b9..46ef2b1 100644
---- a/kernel/timer.c
-+++ b/kernel/timer.c
-@@ -63,6 +63,7 @@ EXPORT_SYMBOL(jiffies_64);
- #define TVR_SIZE (1 << TVR_BITS)
- #define TVN_MASK (TVN_SIZE - 1)
- #define TVR_MASK (TVR_SIZE - 1)
-+#define MAX_TVAL ((unsigned long)((1ULL << (TVR_BITS + 4*TVN_BITS)) - 1))
-
- struct tvec {
- struct list_head vec[TVN_SIZE];
-@@ -358,11 +359,12 @@ __internal_add_timer(struct tvec_base *base, struct timer_list *timer)
- vec = base->tv1.vec + (base->timer_jiffies & TVR_MASK);
- } else {
- int i;
-- /* If the timeout is larger than 0xffffffff on 64-bit
-- * architectures then we use the maximum timeout:
-+ /* If the timeout is larger than MAX_TVAL (on 64-bit
-+ * architectures or with CONFIG_BASE_SMALL=1) then we
-+ * use the maximum timeout.
- */
-- if (idx > 0xffffffffUL) {
-- idx = 0xffffffffUL;
-+ if (idx > MAX_TVAL) {
-+ idx = MAX_TVAL;
- expires = idx + base->timer_jiffies;
- }
- i = (expires >> (TVR_BITS + 3 * TVN_BITS)) & TVN_MASK;
-diff --git a/mm/shmem.c b/mm/shmem.c
-index d4e184e..d2eeca1 100644
---- a/mm/shmem.c
-+++ b/mm/shmem.c
-@@ -2366,12 +2366,14 @@ static struct dentry *shmem_fh_to_dentry(struct super_block *sb,
- {
- struct inode *inode;
- struct dentry *dentry = NULL;
-- u64 inum = fid->raw[2];
-- inum = (inum << 32) | fid->raw[1];
-+ u64 inum;
-
- if (fh_len < 3)
- return NULL;
-
-+ inum = fid->raw[2];
-+ inum = (inum << 32) | fid->raw[1];
-+
- inode = ilookup5(sb, (unsigned long)(inum + fid->raw[0]),
- shmem_match, fid->raw);
- if (inode) {
-diff --git a/net/core/pktgen.c b/net/core/pktgen.c
-index 148e73d..e356b8d 100644
---- a/net/core/pktgen.c
-+++ b/net/core/pktgen.c
-@@ -2927,7 +2927,7 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
- sizeof(struct ipv6hdr) - sizeof(struct udphdr) -
- pkt_dev->pkt_overhead;
-
-- if (datalen < sizeof(struct pktgen_hdr)) {
-+ if (datalen < 0 || datalen < sizeof(struct pktgen_hdr)) {
- datalen = sizeof(struct pktgen_hdr);
- net_info_ratelimited("increased datalen to %d\n", datalen);
- }
-diff --git a/net/mac80211/status.c b/net/mac80211/status.c
-index 8cd7291..118329a 100644
---- a/net/mac80211/status.c
-+++ b/net/mac80211/status.c
-@@ -34,7 +34,7 @@ void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
- skb_queue_len(&local->skb_queue_unreliable);
- while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
- (skb = skb_dequeue(&local->skb_queue_unreliable))) {
-- dev_kfree_skb_irq(skb);
-+ ieee80211_free_txskb(hw, skb);
- tmp--;
- I802_DEBUG_INC(local->tx_status_drop);
- }
-@@ -159,7 +159,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
- "dropped TX filtered frame, queue_len=%d PS=%d @%lu\n",
- skb_queue_len(&sta->tx_filtered[ac]),
- !!test_sta_flag(sta, WLAN_STA_PS_STA), jiffies);
-- dev_kfree_skb(skb);
-+ ieee80211_free_txskb(&local->hw, skb);
- }
-
- static void ieee80211_check_pending_bar(struct sta_info *sta, u8 *addr, u8 tid)
-diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
-index c5e8c9c..362c418 100644
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -354,7 +354,7 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
- total += skb_queue_len(&sta->ps_tx_buf[ac]);
- if (skb) {
- purged++;
-- dev_kfree_skb(skb);
-+ ieee80211_free_txskb(&local->hw, skb);
- break;
- }
- }
-@@ -466,7 +466,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
- ps_dbg(tx->sdata,
- "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
- sta->sta.addr, ac);
-- dev_kfree_skb(old);
-+ ieee80211_free_txskb(&local->hw, old);
- } else
- tx->local->total_ps_buffered++;
-
-@@ -1103,7 +1103,7 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
- spin_unlock(&tx->sta->lock);
-
- if (purge_skb)
-- dev_kfree_skb(purge_skb);
-+ ieee80211_free_txskb(&tx->local->hw, purge_skb);
- }
-
- /* reset session timer */
-@@ -1214,7 +1214,7 @@ static bool ieee80211_tx_frags(struct ieee80211_local *local,
- #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
- if (WARN_ON_ONCE(q >= local->hw.queues)) {
- __skb_unlink(skb, skbs);
-- dev_kfree_skb(skb);
-+ ieee80211_free_txskb(&local->hw, skb);
- continue;
- }
- #endif
-@@ -1356,7 +1356,7 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
- if (unlikely(res == TX_DROP)) {
- I802_DEBUG_INC(tx->local->tx_handlers_drop);
- if (tx->skb)
-- dev_kfree_skb(tx->skb);
-+ ieee80211_free_txskb(&tx->local->hw, tx->skb);
- else
- __skb_queue_purge(&tx->skbs);
- return -1;
-@@ -1393,7 +1393,7 @@ static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
- res_prepare = ieee80211_tx_prepare(sdata, &tx, skb);
-
- if (unlikely(res_prepare == TX_DROP)) {
-- dev_kfree_skb(skb);
-+ ieee80211_free_txskb(&local->hw, skb);
- goto out;
- } else if (unlikely(res_prepare == TX_QUEUED)) {
- goto out;
-@@ -1466,7 +1466,7 @@ void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
- headroom = max_t(int, 0, headroom);
-
- if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) {
-- dev_kfree_skb(skb);
-+ ieee80211_free_txskb(&local->hw, skb);
- rcu_read_unlock();
- return;
- }
-@@ -2060,8 +2060,10 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
- head_need += IEEE80211_ENCRYPT_HEADROOM;
- head_need += local->tx_headroom;
- head_need = max_t(int, 0, head_need);
-- if (ieee80211_skb_resize(sdata, skb, head_need, true))
-- goto fail;
-+ if (ieee80211_skb_resize(sdata, skb, head_need, true)) {
-+ ieee80211_free_txskb(&local->hw, skb);
-+ return NETDEV_TX_OK;
-+ }
- }
-
- if (encaps_data) {
-@@ -2196,7 +2198,7 @@ void ieee80211_tx_pending(unsigned long data)
- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
-
- if (WARN_ON(!info->control.vif)) {
-- kfree_skb(skb);
-+ ieee80211_free_txskb(&local->hw, skb);
- continue;
- }
-
-diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
-index a35b8e5..d1988cf 100644
---- a/net/sunrpc/xprtsock.c
-+++ b/net/sunrpc/xprtsock.c
-@@ -1025,6 +1025,16 @@ static void xs_udp_data_ready(struct sock *sk, int len)
- read_unlock_bh(&sk->sk_callback_lock);
- }
-
-+/*
-+ * Helper function to force a TCP close if the server is sending
-+ * junk and/or it has put us in CLOSE_WAIT
-+ */
-+static void xs_tcp_force_close(struct rpc_xprt *xprt)
-+{
-+ set_bit(XPRT_CONNECTION_CLOSE, &xprt->state);
-+ xprt_force_disconnect(xprt);
-+}
-+
- static inline void xs_tcp_read_fraghdr(struct rpc_xprt *xprt, struct xdr_skb_reader *desc)
- {
- struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
-@@ -1051,7 +1061,7 @@ static inline void xs_tcp_read_fraghdr(struct rpc_xprt *xprt, struct xdr_skb_rea
- /* Sanity check of the record length */
- if (unlikely(transport->tcp_reclen < 8)) {
- dprintk("RPC: invalid TCP record fragment length\n");
-- xprt_force_disconnect(xprt);
-+ xs_tcp_force_close(xprt);
- return;
- }
- dprintk("RPC: reading TCP record fragment of length %d\n",
-@@ -1132,7 +1142,7 @@ static inline void xs_tcp_read_calldir(struct sock_xprt *transport,
- break;
- default:
- dprintk("RPC: invalid request message type\n");
-- xprt_force_disconnect(&transport->xprt);
-+ xs_tcp_force_close(&transport->xprt);
- }
- xs_tcp_check_fraghdr(transport);
- }
-@@ -1455,6 +1465,8 @@ static void xs_tcp_cancel_linger_timeout(struct rpc_xprt *xprt)
- static void xs_sock_mark_closed(struct rpc_xprt *xprt)
- {
- smp_mb__before_clear_bit();
-+ clear_bit(XPRT_CONNECTION_ABORT, &xprt->state);
-+ clear_bit(XPRT_CONNECTION_CLOSE, &xprt->state);
- clear_bit(XPRT_CLOSE_WAIT, &xprt->state);
- clear_bit(XPRT_CLOSING, &xprt->state);
- smp_mb__after_clear_bit();
-@@ -1512,8 +1524,8 @@ static void xs_tcp_state_change(struct sock *sk)
- break;
- case TCP_CLOSE_WAIT:
- /* The server initiated a shutdown of the socket */
-- xprt_force_disconnect(xprt);
- xprt->connect_cookie++;
-+ xs_tcp_force_close(xprt);
- case TCP_CLOSING:
- /*
- * If the server closed down the connection, make sure that
-@@ -2199,8 +2211,7 @@ static void xs_tcp_setup_socket(struct work_struct *work)
- /* We're probably in TIME_WAIT. Get rid of existing socket,
- * and retry
- */
-- set_bit(XPRT_CONNECTION_CLOSE, &xprt->state);
-- xprt_force_disconnect(xprt);
-+ xs_tcp_force_close(xprt);
- break;
- case -ECONNREFUSED:
- case -ECONNRESET:
-diff --git a/scripts/Makefile.fwinst b/scripts/Makefile.fwinst
-index c3f69ae..4d908d1 100644
---- a/scripts/Makefile.fwinst
-+++ b/scripts/Makefile.fwinst
-@@ -27,7 +27,7 @@ endif
- installed-mod-fw := $(addprefix $(INSTALL_FW_PATH)/,$(mod-fw))
-
- installed-fw := $(addprefix $(INSTALL_FW_PATH)/,$(fw-shipped-all))
--installed-fw-dirs := $(sort $(dir $(installed-fw))) $(INSTALL_FW_PATH)/.
-+installed-fw-dirs := $(sort $(dir $(installed-fw))) $(INSTALL_FW_PATH)/./
-
- # Workaround for make < 3.81, where .SECONDEXPANSION doesn't work.
- PHONY += $(INSTALL_FW_PATH)/$$(%) install-all-dirs
-@@ -42,7 +42,7 @@ quiet_cmd_install = INSTALL $(subst $(srctree)/,,$@)
- $(installed-fw-dirs):
- $(call cmd,mkdir)
-
--$(installed-fw): $(INSTALL_FW_PATH)/%: $(obj)/% | $$(dir $(INSTALL_FW_PATH)/%)
-+$(installed-fw): $(INSTALL_FW_PATH)/%: $(obj)/% | $(INSTALL_FW_PATH)/$$(dir %)
- $(call cmd,install)
-
- PHONY += __fw_install __fw_modinst FORCE
-diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
-index 9473fca..8b0f996 100644
---- a/sound/pci/ac97/ac97_codec.c
-+++ b/sound/pci/ac97/ac97_codec.c
-@@ -1271,6 +1271,8 @@ static int snd_ac97_cvol_new(struct snd_card *card, char *name, int reg, unsigne
- tmp.index = ac97->num;
- kctl = snd_ctl_new1(&tmp, ac97);
- }
-+ if (!kctl)
-+ return -ENOMEM;
- if (reg >= AC97_PHONE && reg <= AC97_PCM)
- set_tlv_db_scale(kctl, db_scale_5bit_12db_max);
- else
-diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c
-index 7549240..a78fdf4 100644
---- a/sound/pci/emu10k1/emu10k1_main.c
-+++ b/sound/pci/emu10k1/emu10k1_main.c
-@@ -1416,6 +1416,15 @@ static struct snd_emu_chip_details emu_chip_details[] = {
- .ca0108_chip = 1,
- .spk71 = 1,
- .emu_model = EMU_MODEL_EMU1010B}, /* EMU 1010 new revision */
-+ /* Tested by Maxim Kachur <mcdebugger@duganet.ru> 17th Oct 2012. */
-+ /* This is MAEM8986, 0202 is MAEM8980 */
-+ {.vendor = 0x1102, .device = 0x0008, .subsystem = 0x40071102,
-+ .driver = "Audigy2", .name = "E-mu 1010 PCIe [MAEM8986]",
-+ .id = "EMU1010",
-+ .emu10k2_chip = 1,
-+ .ca0108_chip = 1,
-+ .spk71 = 1,
-+ .emu_model = EMU_MODEL_EMU1010B}, /* EMU 1010 PCIe */
- /* Tested by James@superbug.co.uk 8th July 2005. */
- /* This is MAEM8810, 0202 is MAEM8820 */
- {.vendor = 0x1102, .device = 0x0004, .subsystem = 0x40011102,
-diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
-index 12a9432..a5dc746 100644
---- a/sound/pci/hda/hda_intel.c
-+++ b/sound/pci/hda/hda_intel.c
-@@ -487,6 +487,7 @@ struct azx {
-
- /* VGA-switcheroo setup */
- unsigned int use_vga_switcheroo:1;
-+ unsigned int vga_switcheroo_registered:1;
- unsigned int init_failed:1; /* delayed init failed */
- unsigned int disabled:1; /* disabled by VGA-switcher */
-
-@@ -2135,9 +2136,12 @@ static unsigned int azx_get_position(struct azx *chip,
- if (delay < 0)
- delay += azx_dev->bufsize;
- if (delay >= azx_dev->period_bytes) {
-- snd_printdd("delay %d > period_bytes %d\n",
-- delay, azx_dev->period_bytes);
-- delay = 0; /* something is wrong */
-+ snd_printk(KERN_WARNING SFX
-+ "Unstable LPIB (%d >= %d); "
-+ "disabling LPIB delay counting\n",
-+ delay, azx_dev->period_bytes);
-+ delay = 0;
-+ chip->driver_caps &= ~AZX_DCAPS_COUNT_LPIB_DELAY;
- }
- azx_dev->substream->runtime->delay =
- bytes_to_frames(azx_dev->substream->runtime, delay);
-@@ -2556,7 +2560,9 @@ static void azx_vs_set_state(struct pci_dev *pci,
- if (disabled) {
- azx_suspend(&pci->dev);
- chip->disabled = true;
-- snd_hda_lock_devices(chip->bus);
-+ if (snd_hda_lock_devices(chip->bus))
-+ snd_printk(KERN_WARNING SFX
-+ "Cannot lock devices!\n");
- } else {
- snd_hda_unlock_devices(chip->bus);
- chip->disabled = false;
-@@ -2599,14 +2605,20 @@ static const struct vga_switcheroo_client_ops azx_vs_ops = {
-
- static int __devinit register_vga_switcheroo(struct azx *chip)
- {
-+ int err;
-+
- if (!chip->use_vga_switcheroo)
- return 0;
- /* FIXME: currently only handling DIS controller
- * is there any machine with two switchable HDMI audio controllers?
- */
-- return vga_switcheroo_register_audio_client(chip->pci, &azx_vs_ops,
-+ err = vga_switcheroo_register_audio_client(chip->pci, &azx_vs_ops,
- VGA_SWITCHEROO_DIS,
- chip->bus != NULL);
-+ if (err < 0)
-+ return err;
-+ chip->vga_switcheroo_registered = 1;
-+ return 0;
- }
- #else
- #define init_vga_switcheroo(chip) /* NOP */
-@@ -2626,7 +2638,8 @@ static int azx_free(struct azx *chip)
- if (use_vga_switcheroo(chip)) {
- if (chip->disabled && chip->bus)
- snd_hda_unlock_devices(chip->bus);
-- vga_switcheroo_unregister_client(chip->pci);
-+ if (chip->vga_switcheroo_registered)
-+ vga_switcheroo_unregister_client(chip->pci);
- }
-
- if (chip->initialized) {
-@@ -2974,14 +2987,6 @@ static int __devinit azx_create(struct snd_card *card, struct pci_dev *pci,
- }
-
- ok:
-- err = register_vga_switcheroo(chip);
-- if (err < 0) {
-- snd_printk(KERN_ERR SFX
-- "Error registering VGA-switcheroo client\n");
-- azx_free(chip);
-- return err;
-- }
--
- err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops);
- if (err < 0) {
- snd_printk(KERN_ERR SFX "Error creating device [card]!\n");
-@@ -3208,6 +3213,13 @@ static int __devinit azx_probe(struct pci_dev *pci,
-
- pci_set_drvdata(pci, card);
-
-+ err = register_vga_switcheroo(chip);
-+ if (err < 0) {
-+ snd_printk(KERN_ERR SFX
-+ "Error registering VGA-switcheroo client\n");
-+ goto out_free;
-+ }
-+
- dev++;
- return 0;
-
-diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
-index 0c4c1a6..cc31346 100644
---- a/sound/pci/hda/patch_cirrus.c
-+++ b/sound/pci/hda/patch_cirrus.c
-@@ -1417,7 +1417,7 @@ static int patch_cs420x(struct hda_codec *codec)
- return 0;
-
- error:
-- kfree(codec->spec);
-+ cs_free(codec);
- codec->spec = NULL;
- return err;
- }
-@@ -1974,7 +1974,7 @@ static int patch_cs4210(struct hda_codec *codec)
- return 0;
-
- error:
-- kfree(codec->spec);
-+ cs_free(codec);
- codec->spec = NULL;
- return err;
- }
-@@ -1999,7 +1999,7 @@ static int patch_cs4213(struct hda_codec *codec)
- return 0;
-
- error:
-- kfree(codec->spec);
-+ cs_free(codec);
- codec->spec = NULL;
- return err;
- }
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index 56a3eef..155cbd2 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -611,6 +611,8 @@ static void alc_line_automute(struct hda_codec *codec)
- {
- struct alc_spec *spec = codec->spec;
-
-+ if (spec->autocfg.line_out_type == AUTO_PIN_SPEAKER_OUT)
-+ return;
- /* check LO jack only when it's different from HP */
- if (spec->autocfg.line_out_pins[0] == spec->autocfg.hp_pins[0])
- return;
-@@ -2627,8 +2629,10 @@ static const char *alc_get_line_out_pfx(struct alc_spec *spec, int ch,
- return "PCM";
- break;
- }
-- if (snd_BUG_ON(ch >= ARRAY_SIZE(channel_name)))
-+ if (ch >= ARRAY_SIZE(channel_name)) {
-+ snd_BUG();
- return "PCM";
-+ }
-
- return channel_name[ch];
- }
-diff --git a/sound/pci/hda/patch_via.c b/sound/pci/hda/patch_via.c
-index 4b4072f..4c404a0 100644
---- a/sound/pci/hda/patch_via.c
-+++ b/sound/pci/hda/patch_via.c
-@@ -118,6 +118,8 @@ enum {
- };
-
- struct via_spec {
-+ struct hda_gen_spec gen;
-+
- /* codec parameterization */
- const struct snd_kcontrol_new *mixers[6];
- unsigned int num_mixers;
-@@ -246,6 +248,7 @@ static struct via_spec * via_new_spec(struct hda_codec *codec)
- /* VT1708BCE & VT1708S are almost same */
- if (spec->codec_type == VT1708BCE)
- spec->codec_type = VT1708S;
-+ snd_hda_gen_init(&spec->gen);
- return spec;
- }
-
-@@ -1628,6 +1631,7 @@ static void via_free(struct hda_codec *codec)
- vt1708_stop_hp_work(spec);
- kfree(spec->bind_cap_vol);
- kfree(spec->bind_cap_sw);
-+ snd_hda_gen_free(&spec->gen);
- kfree(spec);
- }
-
-diff --git a/sound/soc/codecs/wm2200.c b/sound/soc/codecs/wm2200.c
-index 32682c1..c8bff6d 100644
---- a/sound/soc/codecs/wm2200.c
-+++ b/sound/soc/codecs/wm2200.c
-@@ -1028,7 +1028,7 @@ SOC_DOUBLE_R_TLV("OUT2 Digital Volume", WM2200_DAC_DIGITAL_VOLUME_2L,
- WM2200_DAC_DIGITAL_VOLUME_2R, WM2200_OUT2L_VOL_SHIFT, 0x9f, 0,
- digital_tlv),
- SOC_DOUBLE("OUT2 Switch", WM2200_PDM_1, WM2200_SPK1L_MUTE_SHIFT,
-- WM2200_SPK1R_MUTE_SHIFT, 1, 0),
-+ WM2200_SPK1R_MUTE_SHIFT, 1, 1),
- };
-
- WM2200_MIXER_ENUMS(OUT1L, WM2200_OUT1LMIX_INPUT_1_SOURCE);
-@@ -2091,6 +2091,7 @@ static __devinit int wm2200_i2c_probe(struct i2c_client *i2c,
-
- switch (wm2200->rev) {
- case 0:
-+ case 1:
- ret = regmap_register_patch(wm2200->regmap, wm2200_reva_patch,
- ARRAY_SIZE(wm2200_reva_patch));
- if (ret != 0) {
-diff --git a/sound/soc/omap/omap-abe-twl6040.c b/sound/soc/omap/omap-abe-twl6040.c
-index 9d93793..f8fba57 100644
---- a/sound/soc/omap/omap-abe-twl6040.c
-+++ b/sound/soc/omap/omap-abe-twl6040.c
-@@ -190,7 +190,7 @@ static int omap_abe_twl6040_init(struct snd_soc_pcm_runtime *rtd)
- twl6040_disconnect_pin(dapm, pdata->has_hf, "Ext Spk");
- twl6040_disconnect_pin(dapm, pdata->has_ep, "Earphone Spk");
- twl6040_disconnect_pin(dapm, pdata->has_aux, "Line Out");
-- twl6040_disconnect_pin(dapm, pdata->has_vibra, "Vinrator");
-+ twl6040_disconnect_pin(dapm, pdata->has_vibra, "Vibrator");
- twl6040_disconnect_pin(dapm, pdata->has_hsmic, "Headset Mic");
- twl6040_disconnect_pin(dapm, pdata->has_mainmic, "Main Handset Mic");
- twl6040_disconnect_pin(dapm, pdata->has_submic, "Sub Handset Mic");
-diff --git a/sound/soc/sh/fsi.c b/sound/soc/sh/fsi.c
-index 0540408..1bb0d58c 100644
---- a/sound/soc/sh/fsi.c
-+++ b/sound/soc/sh/fsi.c
-@@ -20,6 +20,7 @@
- #include <linux/sh_dma.h>
- #include <linux/slab.h>
- #include <linux/module.h>
-+#include <linux/workqueue.h>
- #include <sound/soc.h>
- #include <sound/sh_fsi.h>
-
-@@ -223,7 +224,7 @@ struct fsi_stream {
- */
- struct dma_chan *chan;
- struct sh_dmae_slave slave; /* see fsi_handler_init() */
-- struct tasklet_struct tasklet;
-+ struct work_struct work;
- dma_addr_t dma;
- };
-
-@@ -1085,9 +1086,9 @@ static void fsi_dma_complete(void *data)
- snd_pcm_period_elapsed(io->substream);
- }
-
--static void fsi_dma_do_tasklet(unsigned long data)
-+static void fsi_dma_do_work(struct work_struct *work)
- {
-- struct fsi_stream *io = (struct fsi_stream *)data;
-+ struct fsi_stream *io = container_of(work, struct fsi_stream, work);
- struct fsi_priv *fsi = fsi_stream_to_priv(io);
- struct snd_soc_dai *dai;
- struct dma_async_tx_descriptor *desc;
-@@ -1129,7 +1130,7 @@ static void fsi_dma_do_tasklet(unsigned long data)
- * FIXME
- *
- * In DMAEngine case, codec and FSI cannot be started simultaneously
-- * since FSI is using tasklet.
-+ * since FSI is using the scheduler work queue.
- * Therefore, in capture case, probably FSI FIFO will have got
- * overflow error in this point.
- * in that case, DMA cannot start transfer until error was cleared.
-@@ -1153,7 +1154,7 @@ static bool fsi_dma_filter(struct dma_chan *chan, void *param)
-
- static int fsi_dma_transfer(struct fsi_priv *fsi, struct fsi_stream *io)
- {
-- tasklet_schedule(&io->tasklet);
-+ schedule_work(&io->work);
-
- return 0;
- }
-@@ -1195,14 +1196,14 @@ static int fsi_dma_probe(struct fsi_priv *fsi, struct fsi_stream *io, struct dev
- return fsi_stream_probe(fsi, dev);
- }
-
-- tasklet_init(&io->tasklet, fsi_dma_do_tasklet, (unsigned long)io);
-+ INIT_WORK(&io->work, fsi_dma_do_work);
-
- return 0;
- }
-
- static int fsi_dma_remove(struct fsi_priv *fsi, struct fsi_stream *io)
- {
-- tasklet_kill(&io->tasklet);
-+ cancel_work_sync(&io->work);
-
- fsi_stream_stop(fsi, io);
-
diff --git a/3.6.3/0000_README b/3.6.4/0000_README
index 3de0bb2..4789a33 100644
--- a/3.6.3/0000_README
+++ b/3.6.4/0000_README
@@ -2,11 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 1002_linux-3.6.3.patch
-From: http://www.kernel.org
-Desc: Linux 3.6.3
-
-Patch: 4420_grsecurity-2.9.1-3.6.3-201210231942.patch
+Patch: 4420_grsecurity-2.9.1-3.6.4-201210291446.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.6.3/4420_grsecurity-2.9.1-3.6.3-201210231942.patch b/3.6.4/4420_grsecurity-2.9.1-3.6.4-201210291446.patch
index 667fa18..08c581d 100644
--- a/3.6.3/4420_grsecurity-2.9.1-3.6.3-201210231942.patch
+++ b/3.6.4/4420_grsecurity-2.9.1-3.6.4-201210291446.patch
@@ -251,7 +251,7 @@ index ad7e2e5..199f49e 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 6cdadf4..02df425 100644
+index dcf132a..db194e3 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -5957,7 +5957,7 @@ index 11c6c96..3ec33e8 100644
mm->unmap_area = arch_unmap_area_topdown;
}
diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
-index 1d7e274..b39c527 100644
+index 7f5f65d..3308382 100644
--- a/arch/sparc/kernel/syscalls.S
+++ b/arch/sparc/kernel/syscalls.S
@@ -62,7 +62,7 @@ sys32_rt_sigreturn:
@@ -5987,24 +5987,15 @@ index 1d7e274..b39c527 100644
bne,pn %icc, linux_syscall_trace ! CTI Group
mov %i0, %l5 ! IEU0
2: call %l7 ! CTI Group brk forced
-@@ -226,7 +226,7 @@ ret_sys_call:
+@@ -218,7 +218,7 @@ ret_sys_call:
cmp %o0, -ERESTART_RESTARTBLOCK
bgeu,pn %xcc, 1f
-- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6
-+ andcc %l0, _TIF_WORK_SYSCALL, %l6
- 80:
- /* System call success, clear Carry condition code. */
- andn %g3, %g2, %g3
-@@ -241,7 +241,7 @@ ret_sys_call:
- /* System call failure, set Carry condition code.
- * Also, get abs(errno) to return to the process.
- */
-- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6
-+ andcc %l0, _TIF_WORK_SYSCALL, %l6
- sub %g0, %o0, %o0
- or %g3, %g2, %g3
- stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
+- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
++ andcc %l0, _TIF_WORK_SYSCALL, %g0
+ ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
+
+ 2:
diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
index a5785ea..405c5f7 100644
--- a/arch/sparc/kernel/traps_32.c
@@ -14972,7 +14963,7 @@ index 9b9f18b..9fcaa04 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index 623f288..8bdd78a 100644
+index 8f8e8ee..3617d6e 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -176,13 +176,153 @@
@@ -15659,7 +15650,7 @@ index 623f288..8bdd78a 100644
/*
* End of kprobes section
*/
-@@ -1100,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1102,7 +1361,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
@@ -15668,7 +15659,7 @@ index 623f288..8bdd78a 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1129,7 +1388,7 @@ ftrace_graph_call:
+@@ -1131,7 +1390,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -15677,7 +15668,7 @@ index 623f288..8bdd78a 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1165,7 +1424,7 @@ trace:
+@@ -1167,7 +1426,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -15686,7 +15677,7 @@ index 623f288..8bdd78a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1186,7 +1445,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1188,7 +1447,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -15695,7 +15686,7 @@ index 623f288..8bdd78a 100644
.globl return_to_handler
return_to_handler:
-@@ -1241,15 +1500,18 @@ error_code:
+@@ -1243,15 +1502,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -15716,7 +15707,7 @@ index 623f288..8bdd78a 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1291,7 +1553,7 @@ debug_stack_correct:
+@@ -1293,7 +1555,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -15725,7 +15716,7 @@ index 623f288..8bdd78a 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1328,6 +1590,9 @@ nmi_stack_correct:
+@@ -1330,6 +1592,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -15735,7 +15726,7 @@ index 623f288..8bdd78a 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1364,12 +1629,15 @@ nmi_espfix_stack:
+@@ -1366,12 +1631,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -15752,7 +15743,7 @@ index 623f288..8bdd78a 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1381,14 +1649,14 @@ ENTRY(int3)
+@@ -1383,14 +1651,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -15769,7 +15760,7 @@ index 623f288..8bdd78a 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1396,7 +1664,7 @@ ENTRY(async_page_fault)
+@@ -1398,7 +1666,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -15779,7 +15770,7 @@ index 623f288..8bdd78a 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 69babd8..4270a51 100644
+index dcdd0ea..de0bb2d 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -57,6 +57,8 @@
@@ -16843,7 +16834,7 @@ index c18f59d..9c0c9f6 100644
#ifdef CONFIG_BLK_DEV_INITRD
/* Reserve INITRD */
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index d42ab17..cb1b997 100644
+index d42ab17..87b9555 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -26,6 +26,12 @@
@@ -16899,20 +16890,20 @@ index d42ab17..cb1b997 100644
ENTRY(startup_32)
movl pa(stack_start),%ecx
-@@ -106,6 +121,57 @@ ENTRY(startup_32)
+@@ -106,6 +121,59 @@ ENTRY(startup_32)
2:
leal -__PAGE_OFFSET(%ecx),%esp
+#ifdef CONFIG_SMP
+ movl $pa(cpu_gdt_table),%edi
+ movl $__per_cpu_load,%eax
-+ movw %ax,__KERNEL_PERCPU + 2(%edi)
++ movw %ax,GDT_ENTRY_PERCPU * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__KERNEL_PERCPU + 4(%edi)
-+ movb %ah,__KERNEL_PERCPU + 7(%edi)
++ movb %al,GDT_ENTRY_PERCPU * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_PERCPU * 8 + 7(%edi)
+ movl $__per_cpu_end - 1,%eax
+ subl $__per_cpu_start,%eax
-+ movw %ax,__KERNEL_PERCPU + 0(%edi)
++ movw %ax,GDT_ENTRY_PERCPU * 8 + 0(%edi)
+#endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
@@ -16929,10 +16920,10 @@ index d42ab17..cb1b997 100644
+#ifdef CONFIG_PAX_KERNEXEC
+ movl $pa(boot_gdt),%edi
+ movl $__LOAD_PHYSICAL_ADDR,%eax
-+ movw %ax,__BOOT_CS + 2(%edi)
++ movw %ax,GDT_ENTRY_BOOT_CS * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__BOOT_CS + 4(%edi)
-+ movb %ah,__BOOT_CS + 7(%edi)
++ movb %al,GDT_ENTRY_BOOT_CS * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_BOOT_CS * 8 + 7(%edi)
+ rorl $16,%eax
+
+ ljmp $(__BOOT_CS),$1f
@@ -16942,13 +16933,15 @@ index d42ab17..cb1b997 100644
+ movl $pa(cpu_gdt_table),%edi
+ addl $__PAGE_OFFSET,%eax
+1:
-+ movw %ax,__KERNEL_CS + 2(%edi)
-+ movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi)
++ movb $0xc0,GDT_ENTRY_KERNEL_CS * 8 + 6(%edi)
++ movb $0xc0,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 6(%edi)
++ movw %ax,GDT_ENTRY_KERNEL_CS * 8 + 2(%edi)
++ movw %ax,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 2(%edi)
+ rorl $16,%eax
-+ movb %al,__KERNEL_CS + 4(%edi)
-+ movb %al,__KERNEXEC_KERNEL_CS + 4(%edi)
-+ movb %ah,__KERNEL_CS + 7(%edi)
-+ movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi)
++ movb %al,GDT_ENTRY_KERNEL_CS * 8 + 4(%edi)
++ movb %al,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 4(%edi)
++ movb %ah,GDT_ENTRY_KERNEL_CS * 8 + 7(%edi)
++ movb %ah,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 7(%edi)
+ rorl $16,%eax
+ addl $PAGE_SIZE_asm,%edi
+ loop 1b
@@ -16957,7 +16950,7 @@ index d42ab17..cb1b997 100644
/*
* Clear BSS first so that there are no surprises...
*/
-@@ -196,8 +262,11 @@ ENTRY(startup_32)
+@@ -196,8 +264,11 @@ ENTRY(startup_32)
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -16971,7 +16964,7 @@ index d42ab17..cb1b997 100644
#else /* Not PAE */
page_pde_offset = (__PAGE_OFFSET >> 20);
-@@ -227,8 +296,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -227,8 +298,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
movl %eax, pa(max_pfn_mapped)
/* Do early initialization of the fixmap area */
@@ -16985,7 +16978,7 @@ index d42ab17..cb1b997 100644
#endif
#ifdef CONFIG_PARAVIRT
-@@ -242,9 +314,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -242,9 +316,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
cmpl $num_subarch_entries, %eax
jae bad_subarch
@@ -16996,7 +16989,7 @@ index d42ab17..cb1b997 100644
bad_subarch:
WEAK(lguest_entry)
-@@ -256,10 +326,10 @@ WEAK(xen_entry)
+@@ -256,10 +328,10 @@ WEAK(xen_entry)
__INITDATA
subarch_entries:
@@ -17011,7 +17004,7 @@ index d42ab17..cb1b997 100644
num_subarch_entries = (. - subarch_entries) / 4
.previous
#else
-@@ -310,6 +380,7 @@ default_entry:
+@@ -310,6 +382,7 @@ default_entry:
orl %edx,%eax
movl %eax,%cr4
@@ -17019,7 +17012,7 @@ index d42ab17..cb1b997 100644
testb $X86_CR4_PAE, %al # check if PAE is enabled
jz 6f
-@@ -338,6 +409,9 @@ default_entry:
+@@ -338,6 +411,9 @@ default_entry:
/* Make changes effective */
wrmsr
@@ -17029,7 +17022,7 @@ index d42ab17..cb1b997 100644
6:
/*
-@@ -436,14 +510,20 @@ is386: movl $2,%ecx # set MP
+@@ -436,14 +512,20 @@ is386: movl $2,%ecx # set MP
1: movl $(__KERNEL_DS),%eax # reload all the segment registers
movl %eax,%ss # after changing gdt.
@@ -17051,7 +17044,7 @@ index d42ab17..cb1b997 100644
movl %eax,%gs
xorl %eax,%eax # Clear LDT
-@@ -520,8 +600,11 @@ setup_once:
+@@ -520,8 +602,11 @@ setup_once:
* relocation. Manually set base address in stack canary
* segment descriptor.
*/
@@ -17064,7 +17057,7 @@ index d42ab17..cb1b997 100644
movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
shrl $16, %ecx
movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
-@@ -552,7 +635,7 @@ ENDPROC(early_idt_handlers)
+@@ -552,7 +637,7 @@ ENDPROC(early_idt_handlers)
/* This is global to keep gas from relaxing the jumps */
ENTRY(early_idt_handler)
cld
@@ -17073,7 +17066,7 @@ index d42ab17..cb1b997 100644
je hlt_loop
incl %ss:early_recursion_flag
-@@ -590,8 +673,8 @@ ENTRY(early_idt_handler)
+@@ -590,8 +675,8 @@ ENTRY(early_idt_handler)
pushl (20+6*4)(%esp) /* trapno */
pushl $fault_msg
call printk
@@ -17083,7 +17076,7 @@ index d42ab17..cb1b997 100644
hlt_loop:
hlt
jmp hlt_loop
-@@ -610,8 +693,11 @@ ENDPROC(early_idt_handler)
+@@ -610,8 +695,11 @@ ENDPROC(early_idt_handler)
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
@@ -17096,7 +17089,7 @@ index d42ab17..cb1b997 100644
pushl %eax
pushl %ecx
pushl %edx
-@@ -620,9 +706,6 @@ ignore_int:
+@@ -620,9 +708,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
@@ -17106,7 +17099,7 @@ index d42ab17..cb1b997 100644
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -656,29 +739,43 @@ ENTRY(setup_once_ref)
+@@ -656,29 +741,43 @@ ENTRY(setup_once_ref)
/*
* BSS section
*/
@@ -17155,7 +17148,7 @@ index d42ab17..cb1b997 100644
ENTRY(initial_page_table)
.long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -697,12 +794,20 @@ ENTRY(initial_page_table)
+@@ -697,12 +796,20 @@ ENTRY(initial_page_table)
# error "Kernel PMDs should be 1, 2 or 3"
# endif
.align PAGE_SIZE /* needs to be page-sized too */
@@ -17177,7 +17170,7 @@ index d42ab17..cb1b997 100644
__INITRODATA
int_msg:
-@@ -730,7 +835,7 @@ fault_msg:
+@@ -730,7 +837,7 @@ fault_msg:
* segment size, and 32-bit linear address value:
*/
@@ -17186,7 +17179,7 @@ index d42ab17..cb1b997 100644
.globl boot_gdt_descr
.globl idt_descr
-@@ -739,7 +844,7 @@ fault_msg:
+@@ -739,7 +846,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -17195,7 +17188,7 @@ index d42ab17..cb1b997 100644
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -750,7 +855,7 @@ idt_descr:
+@@ -750,7 +857,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -17204,7 +17197,7 @@ index d42ab17..cb1b997 100644
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -759,5 +864,65 @@ ENTRY(early_gdt_descr)
+@@ -759,5 +866,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -19020,7 +19013,7 @@ index 7a6f3b3..bed145d7 100644
1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index f4b9b80..0d05de1 100644
+index 198e774..e880f29 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -440,7 +440,7 @@ static void __init parse_setup_data(void)
@@ -24584,7 +24577,7 @@ index b91e485..d00e7c9 100644
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index ab1f6a9..e16d764 100644
+index ab1f6a9..23030ba 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -16,6 +16,8 @@
@@ -24644,7 +24637,7 @@ index ab1f6a9..e16d764 100644
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -377,8 +406,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -377,8 +406,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
#endif
}
@@ -24698,6 +24691,7 @@ index ab1f6a9..e16d764 100644
+ for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
+ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
+ }
+
+ /* PaX: make KERNEL_CS read-only */
@@ -30691,7 +30685,7 @@ index 627fe35..c9a7346 100644
return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
}
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index ff2819e..6b5997b 100644
+index cdf46b5..e785624 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj,
@@ -30703,7 +30697,7 @@ index ff2819e..6b5997b 100644
/* The actual obj->write_domain will be updated with
* pending_write_domain after we emit the accumulated flush for all
-@@ -906,9 +906,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
+@@ -907,9 +907,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
static int
validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
@@ -42807,7 +42801,7 @@ index d146e18..12d1bd1 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex)) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 0225fdd..9f0ef53 100644
+index 0225fdd..08bda99 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -42902,7 +42896,13 @@ index 0225fdd..9f0ef53 100644
return -EFAULT;
return 0;
}
-@@ -378,10 +397,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -373,15 +392,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
+ an ELF header */
+
+ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+- struct file *interpreter, unsigned long *interp_map_addr,
+- unsigned long no_base)
++ struct file *interpreter, unsigned long no_base)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
@@ -42915,7 +42915,7 @@ index 0225fdd..9f0ef53 100644
unsigned long total_size;
int retval, i, size;
-@@ -427,6 +446,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -427,6 +445,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
goto out_close;
}
@@ -42927,7 +42927,16 @@ index 0225fdd..9f0ef53 100644
eppnt = elf_phdata;
for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
-@@ -470,8 +494,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -450,8 +473,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+ map_addr = elf_map(interpreter, load_addr + vaddr,
+ eppnt, elf_prot, elf_type, total_size);
+ total_size = 0;
+- if (!*interp_map_addr)
+- *interp_map_addr = map_addr;
+ error = map_addr;
+ if (BAD_ADDR(map_addr))
+ goto out_close;
+@@ -470,8 +491,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
k = load_addr + eppnt->p_vaddr;
if (BAD_ADDR(k) ||
eppnt->p_filesz > eppnt->p_memsz ||
@@ -42938,7 +42947,7 @@ index 0225fdd..9f0ef53 100644
error = -ENOMEM;
goto out_close;
}
-@@ -523,6 +547,311 @@ out:
+@@ -523,6 +544,311 @@ out:
return error;
}
@@ -43250,7 +43259,7 @@ index 0225fdd..9f0ef53 100644
/*
* These are the functions used to load ELF style executables and shared
* libraries. There is no binary dependent code anywhere else.
-@@ -539,6 +868,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
+@@ -539,6 +865,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
@@ -43262,7 +43271,7 @@ index 0225fdd..9f0ef53 100644
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
-@@ -557,7 +891,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -557,7 +888,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
@@ -43271,7 +43280,7 @@ index 0225fdd..9f0ef53 100644
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -567,11 +901,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -567,11 +898,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc __maybe_unused = 0;
int executable_stack = EXSTACK_DEFAULT;
@@ -43284,7 +43293,7 @@ index 0225fdd..9f0ef53 100644
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -707,11 +1041,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -707,11 +1038,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
/* OK, This is the point of no return */
@@ -43367,7 +43376,7 @@ index 0225fdd..9f0ef53 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -802,6 +1206,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -802,6 +1203,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
@@ -43388,7 +43397,7 @@ index 0225fdd..9f0ef53 100644
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -834,9 +1252,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -834,9 +1249,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -43401,7 +43410,7 @@ index 0225fdd..9f0ef53 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -875,11 +1293,41 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -875,17 +1290,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -43444,9 +43453,15 @@ index 0225fdd..9f0ef53 100644
+#endif
+
if (elf_interpreter) {
- unsigned long uninitialized_var(interp_map_addr);
-
-@@ -1107,7 +1555,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+- unsigned long uninitialized_var(interp_map_addr);
+-
+ elf_entry = load_elf_interp(&loc->interp_elf_ex,
+ interpreter,
+- &interp_map_addr,
+ load_bias);
+ if (!IS_ERR((void *)elf_entry)) {
+ /*
+@@ -1107,7 +1549,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -43455,7 +43470,7 @@ index 0225fdd..9f0ef53 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1144,7 +1592,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1144,7 +1586,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -43464,7 +43479,7 @@ index 0225fdd..9f0ef53 100644
goto whole;
/*
-@@ -1366,9 +1814,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1366,9 +1808,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -43476,7 +43491,7 @@ index 0225fdd..9f0ef53 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1879,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -1879,14 +2321,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -43493,7 +43508,7 @@ index 0225fdd..9f0ef53 100644
return size;
}
-@@ -1980,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1980,7 +2422,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -43502,7 +43517,7 @@ index 0225fdd..9f0ef53 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -1994,10 +2442,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1994,10 +2436,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -43515,7 +43530,7 @@ index 0225fdd..9f0ef53 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -2011,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2011,7 +2455,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -43524,7 +43539,7 @@ index 0225fdd..9f0ef53 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2022,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2022,6 +2466,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -43532,7 +43547,7 @@ index 0225fdd..9f0ef53 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2046,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2046,7 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -43541,7 +43556,7 @@ index 0225fdd..9f0ef53 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2055,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2055,6 +2500,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -43549,7 +43564,7 @@ index 0225fdd..9f0ef53 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2072,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2072,6 +2518,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -43557,7 +43572,7 @@ index 0225fdd..9f0ef53 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2092,6 +2545,97 @@ out:
+@@ -2092,6 +2539,97 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -45589,10 +45604,10 @@ index 90d901f..159975f 100644
}
return 1;
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index 1b50890..e56c5ad 100644
+index cf18217..8f6b9c3 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
-@@ -500,8 +500,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -498,8 +498,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
/* Hm, nope. Are (enough) root reserved clusters available? */
if (uid_eq(sbi->s_resuid, current_fsuid()) ||
(!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
@@ -45604,7 +45619,7 @@ index 1b50890..e56c5ad 100644
if (free_clusters >= (nclusters + dirty_clusters))
return 1;
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index c3411d4..30e4f1b 100644
+index 5c69f2b..05dec7f 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1248,19 +1248,19 @@ struct ext4_sb_info {
@@ -45638,7 +45653,7 @@ index c3411d4..30e4f1b 100644
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index 8eae947..53fc27a 100644
+index b26410c..7383d90 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1746,7 +1746,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
@@ -45695,7 +45710,7 @@ index 8eae947..53fc27a 100644
}
free_percpu(sbi->s_locality_groups);
-@@ -3052,16 +3052,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
+@@ -3051,16 +3051,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
@@ -45718,7 +45733,7 @@ index 8eae947..53fc27a 100644
}
if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3461,7 +3461,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3460,7 +3460,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_inode_pa(ac, pa);
ext4_mb_use_inode_pa(ac, pa);
@@ -45727,7 +45742,7 @@ index 8eae947..53fc27a 100644
ei = EXT4_I(ac->ac_inode);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3521,7 +3521,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3520,7 +3520,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_group_pa(ac, pa);
ext4_mb_use_group_pa(ac, pa);
@@ -45736,7 +45751,7 @@ index 8eae947..53fc27a 100644
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
lg = ac->ac_lg;
-@@ -3610,7 +3610,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3609,7 +3609,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
* from the bitmap and continue.
*/
}
@@ -45745,7 +45760,7 @@ index 8eae947..53fc27a 100644
return err;
}
-@@ -3628,7 +3628,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3627,7 +3627,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
@@ -64262,7 +64277,7 @@ index edd0868..f98feee 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 7632c87..8fd660f 100644
+index f3165d2..2cb3cb7 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -577,7 +577,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
@@ -64274,7 +64289,7 @@ index 7632c87..8fd660f 100644
gfp_t priority)
{
return __alloc_skb(size, priority, 0, NUMA_NO_NODE);
-@@ -690,7 +690,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
+@@ -687,7 +687,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
*/
static inline int skb_queue_empty(const struct sk_buff_head *list)
{
@@ -64283,7 +64298,7 @@ index 7632c87..8fd660f 100644
}
/**
-@@ -703,7 +703,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
+@@ -700,7 +700,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
static inline bool skb_queue_is_last(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -64292,7 +64307,7 @@ index 7632c87..8fd660f 100644
}
/**
-@@ -716,7 +716,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
+@@ -713,7 +713,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
static inline bool skb_queue_is_first(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -64301,7 +64316,7 @@ index 7632c87..8fd660f 100644
}
/**
-@@ -1626,7 +1626,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1623,7 +1623,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -64310,7 +64325,7 @@ index 7632c87..8fd660f 100644
#endif
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2204,7 +2204,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2201,7 +2201,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
int noblock, int *err);
extern unsigned int datagram_poll(struct file *file, struct socket *sock,
struct poll_table_struct *wait);
@@ -65037,10 +65052,10 @@ index 9e5425b..8136ffc 100644
/* Protects from simultaneous access to first_req list */
spinlock_t info_list_lock;
diff --git a/include/net/flow.h b/include/net/flow.h
-index e1dd508..2873851 100644
+index 628e11b..4c475df 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
-@@ -220,6 +220,6 @@ extern struct flow_cache_object *flow_cache_lookup(
+@@ -221,6 +221,6 @@ extern struct flow_cache_object *flow_cache_lookup(
extern void flow_cache_flush(void);
extern void flow_cache_flush_deferred(void);
@@ -66521,10 +66536,10 @@ index 493d972..ea17248 100644
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+}
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 7981850..370878f 100644
+index ff2bce5..a41e8f9 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5411,7 +5411,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
+@@ -5390,7 +5390,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
struct css_set *cg = link->cg;
struct task_struct *task;
int count = 0;
@@ -70140,7 +70155,7 @@ index 2095be3..9a5b89d 100644
}
EXPORT_SYMBOL_GPL(__srcu_read_unlock);
diff --git a/kernel/sys.c b/kernel/sys.c
-index 6fab59a..4ad079b 100644
+index 909148a..cd51acf 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -70264,35 +70279,7 @@ index 6fab59a..4ad079b 100644
abort_creds(new);
return old_fsgid;
-@@ -1265,13 +1301,13 @@ DECLARE_RWSEM(uts_sem);
- * Work around broken programs that cannot handle "Linux 3.0".
- * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40
- */
--static int override_release(char __user *release, int len)
-+static int override_release(char __user *release, size_t len)
- {
- int ret = 0;
-- char buf[65];
-
- if (current->personality & UNAME26) {
-- char *rest = UTS_RELEASE;
-+ char buf[65] = { 0 };
-+ const char *rest = UTS_RELEASE;
- int ndots = 0;
- unsigned v;
-
-@@ -1283,7 +1319,10 @@ static int override_release(char __user *release, int len)
- rest++;
- }
- v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
-+ if (sizeof buf < len)
-+ len = sizeof buf;
- snprintf(buf, len, "2.6.%u%s", v, rest);
-+ buf[len - 1] = 0;
- ret = copy_to_user(release, buf, len);
- }
- return ret;
-@@ -1338,19 +1377,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
+@@ -1340,19 +1376,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
return -EFAULT;
down_read(&uts_sem);
@@ -70317,7 +70304,7 @@ index 6fab59a..4ad079b 100644
__OLD_UTS_LEN);
error |= __put_user(0, name->machine + __OLD_UTS_LEN);
up_read(&uts_sem);
-@@ -2024,7 +2063,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
+@@ -2026,7 +2062,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
error = get_dumpable(me->mm);
break;
case PR_SET_DUMPABLE:
@@ -76384,7 +76371,7 @@ index 0337e2b..47914a0 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 89e33a5..16d9d25 100644
+index 2fb9f59..d9a07df 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1138,9 +1138,13 @@ void dev_load(struct net *net, const char *name)
@@ -76446,7 +76433,7 @@ index 89e33a5..16d9d25 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3328,7 +3332,7 @@ ncls:
+@@ -3331,7 +3335,7 @@ ncls:
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
drop:
@@ -76455,7 +76442,7 @@ index 89e33a5..16d9d25 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -3895,7 +3899,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -3898,7 +3902,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -76464,7 +76451,7 @@ index 89e33a5..16d9d25 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -4365,8 +4369,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
+@@ -4368,8 +4372,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
else
seq_printf(seq, "%04x", ntohs(pt->type));
@@ -76478,7 +76465,7 @@ index 89e33a5..16d9d25 100644
}
return 0;
-@@ -5919,7 +5928,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5922,7 +5931,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -76754,10 +76741,10 @@ index a55eecc..dd8428c 100644
*lenp = len;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
-index 8e2b475..7263d89 100644
+index f444ac7..b7bdda9 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
-@@ -1019,12 +1019,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
+@@ -1020,12 +1020,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
#ifdef CONFIG_IP_ROUTE_MULTIPATH
fib_sync_up(dev);
#endif
@@ -76772,7 +76759,7 @@ index 8e2b475..7263d89 100644
if (ifa->ifa_dev->ifa_list == NULL) {
/* Last address was deleted from this interface.
* Disable IP.
-@@ -1061,7 +1061,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
+@@ -1062,7 +1062,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
#ifdef CONFIG_IP_ROUTE_MULTIPATH
fib_sync_up(dev);
#endif
@@ -76782,7 +76769,7 @@ index 8e2b475..7263d89 100644
break;
case NETDEV_DOWN:
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
-index a747100..c5c8de1 100644
+index 9633661..4e0bc08 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
@@ -77078,10 +77065,10 @@ index d23c657..cb69cc2 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index fd9af60..dca4e54 100644
+index 2a1383c..ff99572 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
-@@ -2501,7 +2501,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2523,7 +2523,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
static __net_init int rt_genid_init(struct net *net)
{
@@ -77104,7 +77091,7 @@ index d377f48..c2211ed 100644
u32 start, u32 end)
{
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index 00a748d..e6d546b 100644
+index db7bfad..bfea796 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly;
@@ -77118,7 +77105,7 @@ index 00a748d..e6d546b 100644
#ifdef CONFIG_TCP_MD5SIG
static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
__be32 daddr, __be32 saddr, const struct tcphdr *th);
-@@ -1663,6 +1667,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1664,6 +1668,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -77128,7 +77115,7 @@ index 00a748d..e6d546b 100644
tcp_v4_send_reset(rsk, skb);
discard:
kfree_skb(skb);
-@@ -1763,12 +1770,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
+@@ -1764,12 +1771,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -77151,7 +77138,7 @@ index 00a748d..e6d546b 100644
if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1819,6 +1833,10 @@ no_tcp_socket:
+@@ -1820,6 +1834,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -77162,7 +77149,7 @@ index 00a748d..e6d546b 100644
tcp_v4_send_reset(NULL, skb);
}
-@@ -2414,7 +2432,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
+@@ -2415,7 +2433,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
0, /* non standard timer */
0, /* open_requests have no inode */
atomic_read(&sk->sk_refcnt),
@@ -77174,7 +77161,7 @@ index 00a748d..e6d546b 100644
len);
}
-@@ -2464,7 +2486,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
+@@ -2465,7 +2487,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
sock_i_uid(sk),
icsk->icsk_probes_out,
sock_i_ino(sk),
@@ -77188,7 +77175,7 @@ index 00a748d..e6d546b 100644
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
-@@ -2492,7 +2519,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
+@@ -2493,7 +2520,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
" %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
@@ -77397,7 +77384,7 @@ index 2814f66..fa2b223 100644
int udp4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index ea3e9af..b60262e 100644
+index b10374d..0baa1f9 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -2144,7 +2144,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
@@ -77562,7 +77549,7 @@ index 4a5f78b..3f22ebe 100644
static int raw6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index acd32e3..f73f8f7 100644
+index 7e32d42..5d975ba 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -106,6 +106,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -77576,7 +77563,7 @@ index acd32e3..f73f8f7 100644
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -1510,6 +1514,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1511,6 +1515,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -77586,7 +77573,7 @@ index acd32e3..f73f8f7 100644
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1591,12 +1598,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1592,12 +1599,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -77609,7 +77596,7 @@ index acd32e3..f73f8f7 100644
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1645,6 +1660,10 @@ no_tcp_socket:
+@@ -1646,6 +1661,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -77620,7 +77607,7 @@ index acd32e3..f73f8f7 100644
tcp_v6_send_reset(NULL, skb);
}
-@@ -1856,7 +1875,13 @@ static void get_openreq6(struct seq_file *seq,
+@@ -1857,7 +1876,13 @@ static void get_openreq6(struct seq_file *seq,
uid,
0, /* non standard timer */
0, /* open_requests have no inode */
@@ -77635,7 +77622,7 @@ index acd32e3..f73f8f7 100644
}
static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
-@@ -1906,7 +1931,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
+@@ -1907,7 +1932,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
sock_i_uid(sp),
icsk->icsk_probes_out,
sock_i_ino(sp),
@@ -77649,7 +77636,7 @@ index acd32e3..f73f8f7 100644
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
-@@ -1941,7 +1971,13 @@ static void get_timewait6_sock(struct seq_file *seq,
+@@ -1942,7 +1972,13 @@ static void get_timewait6_sock(struct seq_file *seq,
dest->s6_addr32[2], dest->s6_addr32[3], destp,
tw->tw_substate, 0, 0,
3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
@@ -78230,10 +78217,10 @@ index effa10c..9058928 100644
cp->old_state = cp->state;
/*
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
-index 65b616a..760a66b 100644
+index c3c6291..3376d73 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
-@@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
+@@ -1157,7 +1157,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
else
rc = NF_ACCEPT;
/* do not touch skb anymore */
@@ -78242,7 +78229,7 @@ index 65b616a..760a66b 100644
goto out;
}
-@@ -1272,7 +1272,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
+@@ -1278,7 +1278,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
else
rc = NF_ACCEPT;
/* do not touch skb anymore */
@@ -78392,10 +78379,10 @@ index 4fe4fb4..87a89e5 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 5270238..5d37fbc 100644
+index 9172179..a4035c4 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
-@@ -767,7 +767,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -769,7 +769,7 @@ static void netlink_overrun(struct sock *sk)
sk->sk_error_report(sk);
}
}
@@ -78404,7 +78391,7 @@ index 5270238..5d37fbc 100644
}
static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
-@@ -2046,7 +2046,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -2059,7 +2059,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb,
atomic_read(&s->sk_refcnt),
diff --git a/3.6.3/4430_grsec-remove-localversion-grsec.patch b/3.6.4/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.6.3/4430_grsec-remove-localversion-grsec.patch
+++ b/3.6.4/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.6.3/4435_grsec-mute-warnings.patch b/3.6.4/4435_grsec-mute-warnings.patch
index e1a7a3c..e1a7a3c 100644
--- a/3.6.3/4435_grsec-mute-warnings.patch
+++ b/3.6.4/4435_grsec-mute-warnings.patch
diff --git a/3.6.3/4440_grsec-remove-protected-paths.patch b/3.6.4/4440_grsec-remove-protected-paths.patch
index 637934a..637934a 100644
--- a/3.6.3/4440_grsec-remove-protected-paths.patch
+++ b/3.6.4/4440_grsec-remove-protected-paths.patch
diff --git a/3.6.3/4450_grsec-kconfig-default-gids.patch b/3.6.4/4450_grsec-kconfig-default-gids.patch
index d4b0b7e..d4b0b7e 100644
--- a/3.6.3/4450_grsec-kconfig-default-gids.patch
+++ b/3.6.4/4450_grsec-kconfig-default-gids.patch
diff --git a/3.6.3/4465_selinux-avc_audit-log-curr_ip.patch b/3.6.4/4465_selinux-avc_audit-log-curr_ip.patch
index 4fb50f4..4fb50f4 100644
--- a/3.6.3/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.6.4/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.6.3/4470_disable-compat_vdso.patch b/3.6.4/4470_disable-compat_vdso.patch
index 4a1947b..4a1947b 100644
--- a/3.6.3/4470_disable-compat_vdso.patch
+++ b/3.6.4/4470_disable-compat_vdso.patch