diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-01-04 10:44:12 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-01-04 10:44:12 -0500 |
commit | 13991bf0cb74669e255c8b42442869e980f9d22b (patch) | |
tree | c03a448155b00a9fdfbbbc1723461a43220dc3fd | |
parent | Removed EXTRAVERSION = hunk (diff) | |
download | hardened-patchset-13991bf0cb74669e255c8b42442869e980f9d22b.tar.gz hardened-patchset-13991bf0cb74669e255c8b42442869e980f9d22b.tar.bz2 hardened-patchset-13991bf0cb74669e255c8b42442869e980f9d22b.zip |
Grsec/PaX: 2.2.2-2.6.32.52-201201031758 + 2.2.2-3.1.7-201201032037.patch
-rw-r--r-- | 2.6.32/0000_README | 6 | ||||
-rw-r--r-- | 2.6.32/1050_linux-2.6.32.51.patch | 575 | ||||
-rw-r--r-- | 2.6.32/1051_linux-2.6.32.52.patch | 12 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.52-201201031758.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch) | 405 | ||||
-rw-r--r-- | 2.6.32/4435_grsec-kconfig-gentoo.patch | 4 | ||||
-rw-r--r-- | 2.6.32/4437-grsec-kconfig-proc-user.patch | 4 | ||||
-rw-r--r-- | 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
-rw-r--r-- | 3.1.6/1005_linux-3.1.6.patch | 2178 | ||||
-rw-r--r-- | 3.1.7/0000_README (renamed from 3.1.6/0000_README) | 6 | ||||
-rw-r--r-- | 3.1.7/1006_linux-3.1.7.patch | 12 | ||||
-rw-r--r-- | 3.1.7/4420_grsecurity-2.2.2-3.1.7-201201032037.patch (renamed from 3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch) | 292 | ||||
-rw-r--r-- | 3.1.7/4421_grsec-remove-localversion-grsec.patch (renamed from 3.1.6/4421_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.1.7/4422_grsec-mute-warnings.patch (renamed from 3.1.6/4422_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.1.7/4423_grsec-remove-protected-paths.patch (renamed from 3.1.6/4423_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.1.7/4425_grsec-pax-without-grsec.patch (renamed from 3.1.6/4425_grsec-pax-without-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.1.7/4430_grsec-kconfig-default-gids.patch (renamed from 3.1.6/4430_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.1.7/4435_grsec-kconfig-gentoo.patch (renamed from 3.1.6/4435_grsec-kconfig-gentoo.patch) | 4 | ||||
-rw-r--r-- | 3.1.7/4437-grsec-kconfig-proc-user.patch (renamed from 3.1.6/4437-grsec-kconfig-proc-user.patch) | 4 | ||||
-rw-r--r-- | 3.1.7/4440_selinux-avc_audit-log-curr_ip.patch (renamed from 3.1.6/4440_selinux-avc_audit-log-curr_ip.patch) | 2 | ||||
-rw-r--r-- | 3.1.7/4445_disable-compat_vdso.patch (renamed from 3.1.6/4445_disable-compat_vdso.patch) | 0 |
20 files changed, 702 insertions, 2804 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index c414b52..3fcd732 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,11 +3,11 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1050_linux-2.6.32.51.patch +Patch: 1051_linux-2.6.32.52.patch From: http://www.kernel.org -Desc: Linux 2.6.32.51 +Desc: Linux 2.6.32.52 -Patch: 4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.52-201201031758.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/1050_linux-2.6.32.51.patch b/2.6.32/1050_linux-2.6.32.51.patch deleted file mode 100644 index 196ebde..0000000 --- a/2.6.32/1050_linux-2.6.32.51.patch +++ /dev/null @@ -1,575 +0,0 @@ -diff --git a/arch/arm/mach-davinci/board-dm646x-evm.c b/arch/arm/mach-davinci/board-dm646x-evm.c -index 24e0e13..6b25227 100644 ---- a/arch/arm/mach-davinci/board-dm646x-evm.c -+++ b/arch/arm/mach-davinci/board-dm646x-evm.c -@@ -502,7 +502,7 @@ static int setup_vpif_input_channel_mode(int mux_mode) - int val; - u32 value; - -- if (!vpif_vsclkdis_reg || !cpld_client) -+ if (!vpif_vidclkctl_reg || !cpld_client) - return -ENXIO; - - val = i2c_smbus_read_byte(cpld_client); -@@ -510,7 +510,7 @@ static int setup_vpif_input_channel_mode(int mux_mode) - return val; - - spin_lock_irqsave(&vpif_reg_lock, flags); -- value = __raw_readl(vpif_vsclkdis_reg); -+ value = __raw_readl(vpif_vidclkctl_reg); - if (mux_mode) { - val &= VPIF_INPUT_TWO_CHANNEL; - value |= VIDCH1CLK; -@@ -518,7 +518,7 @@ static int setup_vpif_input_channel_mode(int mux_mode) - val |= VPIF_INPUT_ONE_CHANNEL; - value &= ~VIDCH1CLK; - } -- __raw_writel(value, vpif_vsclkdis_reg); -+ __raw_writel(value, vpif_vidclkctl_reg); - spin_unlock_irqrestore(&vpif_reg_lock, flags); - - err = i2c_smbus_write_byte(cpld_client, val); -diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c -index 044897b..829edf0 100644 ---- a/arch/x86/oprofile/backtrace.c -+++ b/arch/x86/oprofile/backtrace.c -@@ -11,6 +11,8 @@ - #include <linux/oprofile.h> - #include <linux/sched.h> - #include <linux/mm.h> -+#include <linux/highmem.h> -+ - #include <asm/ptrace.h> - #include <asm/uaccess.h> - #include <asm/stacktrace.h> -@@ -47,6 +49,42 @@ static struct stacktrace_ops backtrace_ops = { - .address = backtrace_address, - }; - -+/* from arch/x86/kernel/cpu/perf_event.c: */ -+ -+/* -+ * best effort, GUP based copy_from_user() that assumes IRQ or NMI context -+ */ -+static unsigned long -+copy_from_user_nmi(void *to, const void __user *from, unsigned long n) -+{ -+ unsigned long offset, addr = (unsigned long)from; -+ unsigned long size, len = 0; -+ struct page *page; -+ void *map; -+ int ret; -+ -+ do { -+ ret = __get_user_pages_fast(addr, 1, 0, &page); -+ if (!ret) -+ break; -+ -+ offset = addr & (PAGE_SIZE - 1); -+ size = min(PAGE_SIZE - offset, n - len); -+ -+ map = kmap_atomic(page, KM_USER0); -+ memcpy(to, map+offset, size); -+ kunmap_atomic(map, KM_USER0); -+ put_page(page); -+ -+ len += size; -+ to += size; -+ addr += size; -+ -+ } while (len < n); -+ -+ return len; -+} -+ - struct frame_head { - struct frame_head *bp; - unsigned long ret; -@@ -54,12 +92,12 @@ struct frame_head { - - static struct frame_head *dump_user_backtrace(struct frame_head *head) - { -+ /* Also check accessibility of one struct frame_head beyond: */ - struct frame_head bufhead[2]; -+ unsigned long bytes; - -- /* Also check accessibility of one struct frame_head beyond */ -- if (!access_ok(VERIFY_READ, head, sizeof(bufhead))) -- return NULL; -- if (__copy_from_user_inatomic(bufhead, head, sizeof(bufhead))) -+ bytes = copy_from_user_nmi(bufhead, head, sizeof(bufhead)); -+ if (bytes != sizeof(bufhead)) - return NULL; - - oprofile_add_trace(bufhead[0].ret); -diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c -index ca6b336..8f0e49b 100644 ---- a/arch/x86/oprofile/nmi_int.c -+++ b/arch/x86/oprofile/nmi_int.c -@@ -750,12 +750,12 @@ int __init op_nmi_init(struct oprofile_operations *ops) - - void op_nmi_exit(void) - { -- if (using_nmi) { -- exit_sysfs(); -+ if (!using_nmi) -+ return; -+ exit_sysfs(); - #ifdef CONFIG_SMP -- unregister_cpu_notifier(&oprofile_cpu_nb); -+ unregister_cpu_notifier(&oprofile_cpu_nb); - #endif -- } - if (model->exit) - model->exit(); - } -diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c -index 5c4df24..334ccd6 100644 ---- a/drivers/oprofile/buffer_sync.c -+++ b/drivers/oprofile/buffer_sync.c -@@ -140,6 +140,13 @@ static struct notifier_block module_load_nb = { - .notifier_call = module_load_notify, - }; - -+static void free_all_tasks(void) -+{ -+ /* make sure we don't leak task structs */ -+ process_task_mortuary(); -+ process_task_mortuary(); -+} -+ - int sync_start(void) - { - int err; -@@ -147,8 +154,6 @@ int sync_start(void) - if (!zalloc_cpumask_var(&marked_cpus, GFP_KERNEL)) - return -ENOMEM; - -- mutex_lock(&buffer_mutex); -- - err = task_handoff_register(&task_free_nb); - if (err) - goto out1; -@@ -165,7 +170,6 @@ int sync_start(void) - start_cpu_work(); - - out: -- mutex_unlock(&buffer_mutex); - return err; - out4: - profile_event_unregister(PROFILE_MUNMAP, &munmap_nb); -@@ -173,6 +177,7 @@ out3: - profile_event_unregister(PROFILE_TASK_EXIT, &task_exit_nb); - out2: - task_handoff_unregister(&task_free_nb); -+ free_all_tasks(); - out1: - free_cpumask_var(marked_cpus); - goto out; -@@ -181,20 +186,16 @@ out1: - - void sync_stop(void) - { -- /* flush buffers */ -- mutex_lock(&buffer_mutex); - end_cpu_work(); - unregister_module_notifier(&module_load_nb); - profile_event_unregister(PROFILE_MUNMAP, &munmap_nb); - profile_event_unregister(PROFILE_TASK_EXIT, &task_exit_nb); - task_handoff_unregister(&task_free_nb); -- mutex_unlock(&buffer_mutex); -- flush_scheduled_work(); -+ barrier(); /* do all of the above first */ - -- /* make sure we don't leak task structs */ -- process_task_mortuary(); -- process_task_mortuary(); -+ flush_scheduled_work(); - -+ free_all_tasks(); - free_cpumask_var(marked_cpus); - } - -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c -index 9d3d8cf..cec9bff 100644 ---- a/drivers/usb/class/cdc-acm.c -+++ b/drivers/usb/class/cdc-acm.c -@@ -1528,6 +1528,16 @@ static struct usb_device_id acm_ids[] = { - }, - { USB_DEVICE(0x22b8, 0x6425), /* Motorola MOTOMAGX phones */ - }, -+ /* Motorola H24 HSPA module: */ -+ { USB_DEVICE(0x22b8, 0x2d91) }, /* modem */ -+ { USB_DEVICE(0x22b8, 0x2d92) }, /* modem + diagnostics */ -+ { USB_DEVICE(0x22b8, 0x2d93) }, /* modem + AT port */ -+ { USB_DEVICE(0x22b8, 0x2d95) }, /* modem + AT port + diagnostics */ -+ { USB_DEVICE(0x22b8, 0x2d96) }, /* modem + NMEA */ -+ { USB_DEVICE(0x22b8, 0x2d97) }, /* modem + diagnostics + NMEA */ -+ { USB_DEVICE(0x22b8, 0x2d99) }, /* modem + AT port + NMEA */ -+ { USB_DEVICE(0x22b8, 0x2d9a) }, /* modem + AT port + diagnostics + NMEA */ -+ - { USB_DEVICE(0x0572, 0x1329), /* Hummingbird huc56s (Conexant) */ - .driver_info = NO_UNION_NORMAL, /* union descriptor misplaced on - data interface instead of -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c -index 8572c79..72ba88f 100644 ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -3228,7 +3228,7 @@ static int ext4_da_write_end(struct file *file, - */ - - new_i_size = pos + copied; -- if (new_i_size > EXT4_I(inode)->i_disksize) { -+ if (copied && new_i_size > EXT4_I(inode)->i_disksize) { - if (ext4_da_should_update_i_disksize(page, end)) { - down_write(&EXT4_I(inode)->i_data_sem); - if (new_i_size > EXT4_I(inode)->i_disksize) { -diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c -index 052f214..0609e71 100644 ---- a/fs/hfs/btree.c -+++ b/fs/hfs/btree.c -@@ -45,11 +45,26 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - case HFS_EXT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize, - mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz)); -+ if (HFS_I(tree->inode)->alloc_blocks > -+ HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - case HFS_CAT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize, - mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz)); -+ -+ if (!HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records " -+ "(0 size).\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - default: -@@ -58,11 +73,6 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - } - unlock_new_inode(tree->inode); - -- if (!HFS_I(tree->inode)->first_blocks) { -- printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n"); -- goto free_inode; -- } -- - mapping = tree->inode->i_mapping; - page = read_mapping_page(mapping, 0, NULL); - if (IS_ERR(page)) -diff --git a/fs/jbd/journal.c b/fs/jbd/journal.c -index 45905ff..70713d5 100644 ---- a/fs/jbd/journal.c -+++ b/fs/jbd/journal.c -@@ -1070,6 +1070,14 @@ static int journal_get_superblock(journal_t *journal) - goto out; - } - -+ if (be32_to_cpu(sb->s_first) == 0 || -+ be32_to_cpu(sb->s_first) >= journal->j_maxlen) { -+ printk(KERN_WARNING -+ "JBD: Invalid start block of journal: %u\n", -+ be32_to_cpu(sb->s_first)); -+ goto out; -+ } -+ - return 0; - - out: -diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c -index 17af879..c00de9c 100644 ---- a/fs/jbd2/journal.c -+++ b/fs/jbd2/journal.c -@@ -1183,6 +1183,14 @@ static int journal_get_superblock(journal_t *journal) - goto out; - } - -+ if (be32_to_cpu(sb->s_first) == 0 || -+ be32_to_cpu(sb->s_first) >= journal->j_maxlen) { -+ printk(KERN_WARNING -+ "JBD2: Invalid start block of journal: %u\n", -+ be32_to_cpu(sb->s_first)); -+ goto out; -+ } -+ - return 0; - - out: -diff --git a/include/linux/log2.h b/include/linux/log2.h -index 25b8086..fd7ff3d 100644 ---- a/include/linux/log2.h -+++ b/include/linux/log2.h -@@ -185,7 +185,6 @@ unsigned long __rounddown_pow_of_two(unsigned long n) - #define rounddown_pow_of_two(n) \ - ( \ - __builtin_constant_p(n) ? ( \ -- (n == 1) ? 0 : \ - (1UL << ilog2(n))) : \ - __rounddown_pow_of_two(n) \ - ) -diff --git a/kernel/taskstats.c b/kernel/taskstats.c -index b080920..a4ef542 100644 ---- a/kernel/taskstats.c -+++ b/kernel/taskstats.c -@@ -592,6 +592,7 @@ static struct genl_ops taskstats_ops = { - .cmd = TASKSTATS_CMD_GET, - .doit = taskstats_user_cmd, - .policy = taskstats_cmd_get_policy, -+ .flags = GENL_ADMIN_PERM, - }; - - static struct genl_ops cgroupstats_ops = { -diff --git a/mm/percpu.c b/mm/percpu.c -index 3bfd6e2..c90614a 100644 ---- a/mm/percpu.c -+++ b/mm/percpu.c -@@ -110,9 +110,9 @@ static int pcpu_atom_size __read_mostly; - static int pcpu_nr_slots __read_mostly; - static size_t pcpu_chunk_struct_size __read_mostly; - --/* cpus with the lowest and highest unit numbers */ --static unsigned int pcpu_first_unit_cpu __read_mostly; --static unsigned int pcpu_last_unit_cpu __read_mostly; -+/* cpus with the lowest and highest unit addresses */ -+static unsigned int pcpu_low_unit_cpu __read_mostly; -+static unsigned int pcpu_high_unit_cpu __read_mostly; - - /* the address of the first chunk which starts with the kernel static area */ - void *pcpu_base_addr __read_mostly; -@@ -746,8 +746,8 @@ static void pcpu_pre_unmap_flush(struct pcpu_chunk *chunk, - int page_start, int page_end) - { - flush_cache_vunmap( -- pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start), -- pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end)); -+ pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start), -+ pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end)); - } - - static void __pcpu_unmap_pages(unsigned long addr, int nr_pages) -@@ -809,8 +809,8 @@ static void pcpu_post_unmap_tlb_flush(struct pcpu_chunk *chunk, - int page_start, int page_end) - { - flush_tlb_kernel_range( -- pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start), -- pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end)); -+ pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start), -+ pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end)); - } - - static int __pcpu_map_pages(unsigned long addr, struct page **pages, -@@ -887,8 +887,8 @@ static void pcpu_post_map_flush(struct pcpu_chunk *chunk, - int page_start, int page_end) - { - flush_cache_vmap( -- pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start), -- pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end)); -+ pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start), -+ pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end)); - } - - /** -@@ -1680,7 +1680,9 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai, - - for (cpu = 0; cpu < nr_cpu_ids; cpu++) - unit_map[cpu] = UINT_MAX; -- pcpu_first_unit_cpu = NR_CPUS; -+ -+ pcpu_low_unit_cpu = NR_CPUS; -+ pcpu_high_unit_cpu = NR_CPUS; - - for (group = 0, unit = 0; group < ai->nr_groups; group++, unit += i) { - const struct pcpu_group_info *gi = &ai->groups[group]; -@@ -1700,9 +1702,13 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai, - unit_map[cpu] = unit + i; - unit_off[cpu] = gi->base_offset + i * ai->unit_size; - -- if (pcpu_first_unit_cpu == NR_CPUS) -- pcpu_first_unit_cpu = cpu; -- pcpu_last_unit_cpu = cpu; -+ /* determine low/high unit_cpu */ -+ if (pcpu_low_unit_cpu == NR_CPUS || -+ unit_off[cpu] < unit_off[pcpu_low_unit_cpu]) -+ pcpu_low_unit_cpu = cpu; -+ if (pcpu_high_unit_cpu == NR_CPUS || -+ unit_off[cpu] > unit_off[pcpu_high_unit_cpu]) -+ pcpu_high_unit_cpu = cpu; - } - } - pcpu_nr_units = unit; -diff --git a/mm/util.c b/mm/util.c -index b377ce4..e48b493 100644 ---- a/mm/util.c -+++ b/mm/util.c -@@ -233,6 +233,19 @@ void arch_pick_mmap_layout(struct mm_struct *mm) - } - #endif - -+/* -+ * Like get_user_pages_fast() except its IRQ-safe in that it won't fall -+ * back to the regular GUP. -+ * If the architecture not support this fucntion, simply return with no -+ * page pinned -+ */ -+int __attribute__((weak)) __get_user_pages_fast(unsigned long start, -+ int nr_pages, int write, struct page **pages) -+{ -+ return 0; -+} -+EXPORT_SYMBOL_GPL(__get_user_pages_fast); -+ - /** - * get_user_pages_fast() - pin user pages in memory - * @start: starting user address -diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c -index faf54c6..9bd850a 100644 ---- a/net/xfrm/xfrm_algo.c -+++ b/net/xfrm/xfrm_algo.c -@@ -411,8 +411,8 @@ static struct xfrm_algo_desc ealg_list[] = { - .desc = { - .sadb_alg_id = SADB_X_EALG_AESCTR, - .sadb_alg_ivlen = 8, -- .sadb_alg_minbits = 128, -- .sadb_alg_maxbits = 256 -+ .sadb_alg_minbits = 160, -+ .sadb_alg_maxbits = 288 - } - }, - }; -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index ba44dc0..6419095 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -432,6 +432,8 @@ static int alc_mux_enum_put(struct snd_kcontrol *kcontrol, - imux = &spec->input_mux[mux_idx]; - if (!imux->num_items && mux_idx > 0) - imux = &spec->input_mux[0]; -+ if (!imux->num_items) -+ return 0; - - type = get_wcaps_type(get_wcaps(codec, nid)); - if (type == AC_WID_AUD_MIX) { -diff --git a/sound/pci/sis7019.c b/sound/pci/sis7019.c -index 1a5ff06..b11ee62 100644 ---- a/sound/pci/sis7019.c -+++ b/sound/pci/sis7019.c -@@ -40,6 +40,7 @@ MODULE_SUPPORTED_DEVICE("{{SiS,SiS7019 Audio Accelerator}}"); - static int index = SNDRV_DEFAULT_IDX1; /* Index 0-MAX */ - static char *id = SNDRV_DEFAULT_STR1; /* ID for this card */ - static int enable = 1; -+static int codecs = 1; - - module_param(index, int, 0444); - MODULE_PARM_DESC(index, "Index value for SiS7019 Audio Accelerator."); -@@ -47,6 +48,8 @@ module_param(id, charp, 0444); - MODULE_PARM_DESC(id, "ID string for SiS7019 Audio Accelerator."); - module_param(enable, bool, 0444); - MODULE_PARM_DESC(enable, "Enable SiS7019 Audio Accelerator."); -+module_param(codecs, int, 0444); -+MODULE_PARM_DESC(codecs, "Set bit to indicate that codec number is expected to be present (default 1)"); - - static struct pci_device_id snd_sis7019_ids[] = { - { PCI_DEVICE(PCI_VENDOR_ID_SI, 0x7019) }, -@@ -139,6 +142,9 @@ struct sis7019 { - dma_addr_t silence_dma_addr; - }; - -+/* These values are also used by the module param 'codecs' to indicate -+ * which codecs should be present. -+ */ - #define SIS_PRIMARY_CODEC_PRESENT 0x0001 - #define SIS_SECONDARY_CODEC_PRESENT 0x0002 - #define SIS_TERTIARY_CODEC_PRESENT 0x0004 -@@ -1075,6 +1081,7 @@ static int sis_chip_init(struct sis7019 *sis) - { - unsigned long io = sis->ioport; - void __iomem *ioaddr = sis->ioaddr; -+ unsigned long timeout; - u16 status; - int count; - int i; -@@ -1101,21 +1108,45 @@ static int sis_chip_init(struct sis7019 *sis) - while ((inw(io + SIS_AC97_STATUS) & SIS_AC97_STATUS_BUSY) && --count) - udelay(1); - -+ /* Command complete, we can let go of the semaphore now. -+ */ -+ outl(SIS_AC97_SEMA_RELEASE, io + SIS_AC97_SEMA); -+ if (!count) -+ return -EIO; -+ - /* Now that we've finished the reset, find out what's attached. -+ * There are some codec/board combinations that take an extremely -+ * long time to come up. 350+ ms has been observed in the field, -+ * so we'll give them up to 500ms. - */ -- status = inl(io + SIS_AC97_STATUS); -- if (status & SIS_AC97_STATUS_CODEC_READY) -- sis->codecs_present |= SIS_PRIMARY_CODEC_PRESENT; -- if (status & SIS_AC97_STATUS_CODEC2_READY) -- sis->codecs_present |= SIS_SECONDARY_CODEC_PRESENT; -- if (status & SIS_AC97_STATUS_CODEC3_READY) -- sis->codecs_present |= SIS_TERTIARY_CODEC_PRESENT; -- -- /* All done, let go of the semaphore, and check for errors -+ sis->codecs_present = 0; -+ timeout = msecs_to_jiffies(500) + jiffies; -+ while (time_before_eq(jiffies, timeout)) { -+ status = inl(io + SIS_AC97_STATUS); -+ if (status & SIS_AC97_STATUS_CODEC_READY) -+ sis->codecs_present |= SIS_PRIMARY_CODEC_PRESENT; -+ if (status & SIS_AC97_STATUS_CODEC2_READY) -+ sis->codecs_present |= SIS_SECONDARY_CODEC_PRESENT; -+ if (status & SIS_AC97_STATUS_CODEC3_READY) -+ sis->codecs_present |= SIS_TERTIARY_CODEC_PRESENT; -+ -+ if (sis->codecs_present == codecs) -+ break; -+ -+ msleep(1); -+ } -+ -+ /* All done, check for errors. - */ -- outl(SIS_AC97_SEMA_RELEASE, io + SIS_AC97_SEMA); -- if (!sis->codecs_present || !count) -+ if (!sis->codecs_present) { -+ printk(KERN_ERR "sis7019: could not find any codecs\n"); - return -EIO; -+ } -+ -+ if (sis->codecs_present != codecs) { -+ printk(KERN_WARNING "sis7019: missing codecs, found %0x, expected %0x\n", -+ sis->codecs_present, codecs); -+ } - - /* Let the hardware know that the audio driver is alive, - * and enable PCM slots on the AC-link for L/R playback (3 & 4) and -@@ -1387,6 +1418,17 @@ static int __devinit snd_sis7019_probe(struct pci_dev *pci, - if (!enable) - goto error_out; - -+ /* The user can specify which codecs should be present so that we -+ * can wait for them to show up if they are slow to recover from -+ * the AC97 cold reset. We default to a single codec, the primary. -+ * -+ * We assume that SIS_PRIMARY_*_PRESENT matches bits 0-2. -+ */ -+ codecs &= SIS_PRIMARY_CODEC_PRESENT | SIS_SECONDARY_CODEC_PRESENT | -+ SIS_TERTIARY_CODEC_PRESENT; -+ if (!codecs) -+ codecs = SIS_PRIMARY_CODEC_PRESENT; -+ - rc = snd_card_create(index, id, THIS_MODULE, sizeof(*sis), &card); - if (rc < 0) - goto error_out; diff --git a/2.6.32/1051_linux-2.6.32.52.patch b/2.6.32/1051_linux-2.6.32.52.patch new file mode 100644 index 0000000..0f82a0c --- /dev/null +++ b/2.6.32/1051_linux-2.6.32.52.patch @@ -0,0 +1,12 @@ +diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c +index b38baff..0d809ae 100644 +--- a/kernel/time/clockevents.c ++++ b/kernel/time/clockevents.c +@@ -221,7 +221,6 @@ void clockevents_exchange_device(struct clock_event_device *old, + * released list and do a notify add later. + */ + if (old) { +- old->event_handler = clockevents_handle_noop; + clockevents_set_mode(old, CLOCK_EVT_MODE_UNUSED); + list_del(&old->list); + list_add(&old->list, &clockevents_released); diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.52-201201031758.patch index 1a4e34c..40137ff 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.51-201112222105.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.52-201201031758.patch @@ -185,7 +185,7 @@ index c840e7d..f4c451c 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 1c640ea..b545bdc 100644 +index 8f775f5..272691c 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -52923,6 +52923,55 @@ index b442dac..aab29cb 100644 if (!capable(CAP_SYS_RAWIO)) return -EPERM; if (kcore_need_update) +diff --git a/fs/proc/kmsg.c b/fs/proc/kmsg.c +index 7ca7834..cfe90a4 100644 +--- a/fs/proc/kmsg.c ++++ b/fs/proc/kmsg.c +@@ -12,37 +12,37 @@ + #include <linux/poll.h> + #include <linux/proc_fs.h> + #include <linux/fs.h> ++#include <linux/syslog.h> + + #include <asm/uaccess.h> + #include <asm/io.h> + + extern wait_queue_head_t log_wait; + +-extern int do_syslog(int type, char __user *bug, int count); +- + static int kmsg_open(struct inode * inode, struct file * file) + { +- return do_syslog(1,NULL,0); ++ return do_syslog(SYSLOG_ACTION_OPEN, NULL, 0, SYSLOG_FROM_FILE); + } + + static int kmsg_release(struct inode * inode, struct file * file) + { +- (void) do_syslog(0,NULL,0); ++ (void) do_syslog(SYSLOG_ACTION_CLOSE, NULL, 0, SYSLOG_FROM_FILE); + return 0; + } + + static ssize_t kmsg_read(struct file *file, char __user *buf, + size_t count, loff_t *ppos) + { +- if ((file->f_flags & O_NONBLOCK) && !do_syslog(9, NULL, 0)) ++ if ((file->f_flags & O_NONBLOCK) && ++ !do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE)) + return -EAGAIN; +- return do_syslog(2, buf, count); ++ return do_syslog(SYSLOG_ACTION_READ, buf, count, SYSLOG_FROM_FILE); + } + + static unsigned int kmsg_poll(struct file *file, poll_table *wait) + { + poll_wait(file, &log_wait, wait); +- if (do_syslog(9, NULL, 0)) ++ if (do_syslog(SYSLOG_ACTION_SIZE_UNREAD, NULL, 0, SYSLOG_FROM_FILE)) + return POLLIN | POLLRDNORM; + return 0; + } diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c index a65239c..ad1182a 100644 --- a/fs/proc/meminfo.c @@ -68248,7 +68297,7 @@ index 1ee2c05..81b7ec4 100644 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index d40d23f..253bd14 100644 +index d40d23f..d739b08 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -34,6 +34,7 @@ @@ -68259,6 +68308,53 @@ index d40d23f..253bd14 100644 #include <net/flow.h> /* Maximum number of letters for an LSM name string */ +@@ -76,7 +77,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, + extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); + extern int cap_task_setioprio(struct task_struct *p, int ioprio); + extern int cap_task_setnice(struct task_struct *p, int nice); +-extern int cap_syslog(int type); ++extern int cap_syslog(int type, bool from_file); + extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); + + struct msghdr; +@@ -1331,6 +1332,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) + * logging to the console. + * See the syslog(2) manual page for an explanation of the @type values. + * @type contains the type of action. ++ * @from_file indicates the context of action (if it came from /proc). + * Return 0 if permission is granted. + * @settime: + * Check permission to change the system time. +@@ -1445,7 +1447,7 @@ struct security_operations { + int (*sysctl) (struct ctl_table *table, int op); + int (*quotactl) (int cmds, int type, int id, struct super_block *sb); + int (*quota_on) (struct dentry *dentry); +- int (*syslog) (int type); ++ int (*syslog) (int type, bool from_file); + int (*settime) (struct timespec *ts, struct timezone *tz); + int (*vm_enough_memory) (struct mm_struct *mm, long pages); + +@@ -1740,7 +1742,7 @@ int security_acct(struct file *file); + int security_sysctl(struct ctl_table *table, int op); + int security_quotactl(int cmds, int type, int id, struct super_block *sb); + int security_quota_on(struct dentry *dentry); +-int security_syslog(int type); ++int security_syslog(int type, bool from_file); + int security_settime(struct timespec *ts, struct timezone *tz); + int security_vm_enough_memory(long pages); + int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); +@@ -1986,9 +1988,9 @@ static inline int security_quota_on(struct dentry *dentry) + return 0; + } + +-static inline int security_syslog(int type) ++static inline int security_syslog(int type, bool from_file) + { +- return cap_syslog(type); ++ return cap_syslog(type, from_file); + } + + static inline int security_settime(struct timespec *ts, struct timezone *tz) diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h index 8366d8f..2307490 100644 --- a/include/linux/seq_file.h @@ -68693,6 +68789,64 @@ index 9d68fed..71f02cc 100644 }; struct sysfs_dirent; +diff --git a/include/linux/syslog.h b/include/linux/syslog.h +new file mode 100644 +index 0000000..3891139 +--- /dev/null ++++ b/include/linux/syslog.h +@@ -0,0 +1,52 @@ ++/* Syslog internals ++ * ++ * Copyright 2010 Canonical, Ltd. ++ * Author: Kees Cook <kees.cook@canonical.com> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2, or (at your option) ++ * any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; see the file COPYING. If not, write to ++ * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. ++ */ ++ ++#ifndef _LINUX_SYSLOG_H ++#define _LINUX_SYSLOG_H ++ ++/* Close the log. Currently a NOP. */ ++#define SYSLOG_ACTION_CLOSE 0 ++/* Open the log. Currently a NOP. */ ++#define SYSLOG_ACTION_OPEN 1 ++/* Read from the log. */ ++#define SYSLOG_ACTION_READ 2 ++/* Read all messages remaining in the ring buffer. */ ++#define SYSLOG_ACTION_READ_ALL 3 ++/* Read and clear all messages remaining in the ring buffer */ ++#define SYSLOG_ACTION_READ_CLEAR 4 ++/* Clear ring buffer. */ ++#define SYSLOG_ACTION_CLEAR 5 ++/* Disable printk's to console */ ++#define SYSLOG_ACTION_CONSOLE_OFF 6 ++/* Enable printk's to console */ ++#define SYSLOG_ACTION_CONSOLE_ON 7 ++/* Set level of messages printed to console */ ++#define SYSLOG_ACTION_CONSOLE_LEVEL 8 ++/* Return number of unread characters in the log buffer */ ++#define SYSLOG_ACTION_SIZE_UNREAD 9 ++/* Return size of the log buffer */ ++#define SYSLOG_ACTION_SIZE_BUFFER 10 ++ ++#define SYSLOG_FROM_CALL 0 ++#define SYSLOG_FROM_FILE 1 ++ ++int do_syslog(int type, char __user *buf, int count, bool from_file); ++ ++#endif /* _LINUX_SYSLOG_H */ diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index a8cc4e1..98d3b85 100644 --- a/include/linux/thread_info.h @@ -72993,21 +73147,137 @@ index 40dd021..fb30ceb 100644 mutex_lock(&pm_mutex); suspend_ops = ops; diff --git a/kernel/printk.c b/kernel/printk.c -index 4cade47..637e78a 100644 +index 4cade47..4d17900 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -278,6 +278,11 @@ int do_syslog(int type, char __user *buf, int len) +@@ -33,6 +33,7 @@ + #include <linux/bootmem.h> + #include <linux/syscalls.h> + #include <linux/kexec.h> ++#include <linux/syslog.h> + + #include <asm/uaccess.h> + +@@ -256,38 +257,30 @@ static inline void boot_delay_msec(void) + } + #endif + +-/* +- * Commands to do_syslog: +- * +- * 0 -- Close the log. Currently a NOP. +- * 1 -- Open the log. Currently a NOP. +- * 2 -- Read from the log. +- * 3 -- Read all messages remaining in the ring buffer. +- * 4 -- Read and clear all messages remaining in the ring buffer +- * 5 -- Clear ring buffer. +- * 6 -- Disable printk's to console +- * 7 -- Enable printk's to console +- * 8 -- Set level of messages printed to console +- * 9 -- Return number of unread characters in the log buffer +- * 10 -- Return size of the log buffer +- */ +-int do_syslog(int type, char __user *buf, int len) ++int do_syslog(int type, char __user *buf, int len, bool from_file) + { + unsigned i, j, limit, count; + int do_clear = 0; char c; int error = 0; +- error = security_syslog(type); +#ifdef CONFIG_GRKERNSEC_DMESG -+ if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN)) ++ if (grsec_enable_dmesg && ++ (!from_file || (from_file && type == SYSLOG_ACTION_OPEN)) && ++ !capable(CAP_SYS_ADMIN)) + return -EPERM; +#endif + - error = security_syslog(type); ++ error = security_syslog(type, from_file); if (error) return error; + + switch (type) { +- case 0: /* Close log */ ++ case SYSLOG_ACTION_CLOSE: /* Close log */ + break; +- case 1: /* Open log */ ++ case SYSLOG_ACTION_OPEN: /* Open log */ + break; +- case 2: /* Read from log */ ++ case SYSLOG_ACTION_READ: /* Read from log */ + error = -EINVAL; + if (!buf || len < 0) + goto out; +@@ -318,10 +311,12 @@ int do_syslog(int type, char __user *buf, int len) + if (!error) + error = i; + break; +- case 4: /* Read/clear last kernel messages */ ++ /* Read/clear last kernel messages */ ++ case SYSLOG_ACTION_READ_CLEAR: + do_clear = 1; + /* FALL THRU */ +- case 3: /* Read last kernel messages */ ++ /* Read last kernel messages */ ++ case SYSLOG_ACTION_READ_ALL: + error = -EINVAL; + if (!buf || len < 0) + goto out; +@@ -374,21 +369,25 @@ int do_syslog(int type, char __user *buf, int len) + } + } + break; +- case 5: /* Clear ring buffer */ ++ /* Clear ring buffer */ ++ case SYSLOG_ACTION_CLEAR: + logged_chars = 0; + break; +- case 6: /* Disable logging to console */ ++ /* Disable logging to console */ ++ case SYSLOG_ACTION_CONSOLE_OFF: + if (saved_console_loglevel == -1) + saved_console_loglevel = console_loglevel; + console_loglevel = minimum_console_loglevel; + break; +- case 7: /* Enable logging to console */ ++ /* Enable logging to console */ ++ case SYSLOG_ACTION_CONSOLE_ON: + if (saved_console_loglevel != -1) { + console_loglevel = saved_console_loglevel; + saved_console_loglevel = -1; + } + break; +- case 8: /* Set level of messages printed to console */ ++ /* Set level of messages printed to console */ ++ case SYSLOG_ACTION_CONSOLE_LEVEL: + error = -EINVAL; + if (len < 1 || len > 8) + goto out; +@@ -399,10 +398,12 @@ int do_syslog(int type, char __user *buf, int len) + saved_console_loglevel = -1; + error = 0; + break; +- case 9: /* Number of chars in the log buffer */ ++ /* Number of chars in the log buffer */ ++ case SYSLOG_ACTION_SIZE_UNREAD: + error = log_end - log_start; + break; +- case 10: /* Size of the log buffer */ ++ /* Size of the log buffer */ ++ case SYSLOG_ACTION_SIZE_BUFFER: + error = log_buf_len; + break; + default: +@@ -415,7 +416,7 @@ out: + + SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len) + { +- return do_syslog(type, buf, len); ++ return do_syslog(type, buf, len, SYSLOG_FROM_CALL); + } + + /* diff --git a/kernel/profile.c b/kernel/profile.c index dfadc5b..7f59404 100644 --- a/kernel/profile.c @@ -83894,19 +84164,19 @@ index fce07a7..5f12858 100644 }; diff --git a/security/commoncap.c b/security/commoncap.c -index fe30751..cdc60e1 100644 +index fe30751..aaba312 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -27,7 +27,7 @@ +@@ -27,6 +27,8 @@ #include <linux/sched.h> #include <linux/prctl.h> #include <linux/securebits.h> -- ++#include <linux/syslog.h> +#include <net/sock.h> + /* * If a non-root user executes a setuid-root binary in - * !secure(SECURE_NOROOT) mode, then we raise capabilities. -@@ -50,9 +50,18 @@ static void warn_setuid_and_fcaps_mixed(char *fname) +@@ -50,9 +52,18 @@ static void warn_setuid_and_fcaps_mixed(char *fname) } } @@ -83925,7 +84195,7 @@ index fe30751..cdc60e1 100644 return 0; } -@@ -582,6 +591,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -582,6 +593,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred = current_cred(); @@ -83935,6 +84205,27 @@ index fe30751..cdc60e1 100644 if (cred->uid != 0) { if (bprm->cap_effective) return 1; +@@ -956,13 +970,18 @@ error: + /** + * cap_syslog - Determine whether syslog function is permitted + * @type: Function requested ++ * @from_file: Whether this request came from an open file (i.e. /proc) + * + * Determine whether the current process is permitted to use a particular + * syslog function, returning 0 if permission is granted, -ve if not. + */ +-int cap_syslog(int type) ++int cap_syslog(int type, bool from_file) + { +- if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN)) ++ /* /proc/kmsg can open be opened by CAP_SYS_ADMIN */ ++ if (type != SYSLOG_ACTION_OPEN && from_file) ++ return 0; ++ if ((type != SYSLOG_ACTION_READ_ALL && ++ type != SYSLOG_ACTION_SIZE_BUFFER) && !capable(CAP_SYS_ADMIN)) + return -EPERM; + return 0; + } diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 165eb53..b1db4eb 100644 --- a/security/integrity/ima/ima.h @@ -84052,7 +84343,7 @@ index 2f7ffa6..0455400 100644 }; diff --git a/security/security.c b/security/security.c -index c4c6732..3a3d821 100644 +index c4c6732..7abf13b 100644 --- a/security/security.c +++ b/security/security.c @@ -24,7 +24,7 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; @@ -84073,11 +84364,31 @@ index c4c6732..3a3d821 100644 { if (verify(ops)) { printk(KERN_DEBUG "%s could not verify " +@@ -199,9 +199,9 @@ int security_quota_on(struct dentry *dentry) + return security_ops->quota_on(dentry); + } + +-int security_syslog(int type) ++int security_syslog(int type, bool from_file) + { +- return security_ops->syslog(type); ++ return security_ops->syslog(type, from_file); + } + + int security_settime(struct timespec *ts, struct timezone *tz) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index a106754..2805823 100644 +index a106754..ca3a589 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c -@@ -131,7 +131,7 @@ int selinux_enabled = 1; +@@ -76,6 +76,7 @@ + #include <linux/selinux.h> + #include <linux/mutex.h> + #include <linux/posix-timers.h> ++#include <linux/syslog.h> + + #include "avc.h" + #include "objsec.h" +@@ -131,7 +132,7 @@ int selinux_enabled = 1; * Minimal support for a secondary security module, * just to allow the use of the capability module. */ @@ -84086,7 +84397,50 @@ index a106754..2805823 100644 /* Lists of inode and superblock security structures initialized before the policy was loaded. */ -@@ -5457,7 +5457,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -2050,29 +2051,30 @@ static int selinux_quota_on(struct dentry *dentry) + return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON); + } + +-static int selinux_syslog(int type) ++static int selinux_syslog(int type, bool from_file) + { + int rc; + +- rc = cap_syslog(type); ++ rc = cap_syslog(type, from_file); + if (rc) + return rc; + + switch (type) { +- case 3: /* Read last kernel messages */ +- case 10: /* Return size of the log buffer */ ++ case SYSLOG_ACTION_READ_ALL: /* Read last kernel messages */ ++ case SYSLOG_ACTION_SIZE_BUFFER: /* Return size of the log buffer */ + rc = task_has_system(current, SYSTEM__SYSLOG_READ); + break; +- case 6: /* Disable logging to console */ +- case 7: /* Enable logging to console */ +- case 8: /* Set level of messages printed to console */ ++ case SYSLOG_ACTION_CONSOLE_OFF: /* Disable logging to console */ ++ case SYSLOG_ACTION_CONSOLE_ON: /* Enable logging to console */ ++ /* Set level of messages printed to console */ ++ case SYSLOG_ACTION_CONSOLE_LEVEL: + rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE); + break; +- case 0: /* Close log */ +- case 1: /* Open log */ +- case 2: /* Read from log */ +- case 4: /* Read/clear last kernel messages */ +- case 5: /* Clear ring buffer */ ++ case SYSLOG_ACTION_CLOSE: /* Close log */ ++ case SYSLOG_ACTION_OPEN: /* Open log */ ++ case SYSLOG_ACTION_READ: /* Read from log */ ++ case SYSLOG_ACTION_READ_CLEAR: /* Read/clear last kernel messages */ ++ case SYSLOG_ACTION_CLEAR: /* Clear ring buffer */ + default: + rc = task_has_system(current, SYSTEM__SYSLOG_MOD); + break; +@@ -5457,7 +5459,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -84095,7 +84449,7 @@ index a106754..2805823 100644 .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, -@@ -5841,7 +5841,9 @@ int selinux_disable(void) +@@ -5841,7 +5843,9 @@ int selinux_disable(void) avc_disable(); /* Reset security_ops to the secondary module, dummy or capability. */ @@ -84132,9 +84486,24 @@ index ff17820..d68084c 100644 avtab_cache_init(); if (policydb_read(&policydb, fp)) { diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index c33b6bb..9651403 100644 +index c33b6bb..b51f19e 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c +@@ -157,12 +157,12 @@ static int smack_ptrace_traceme(struct task_struct *ptp) + * + * Returns 0 on success, error code otherwise. + */ +-static int smack_syslog(int type) ++static int smack_syslog(int type, bool from_file) + { + int rc; + char *sp = current_security(); + +- rc = cap_syslog(type); ++ rc = cap_syslog(type, from_file); + if (rc != 0) + return rc; + @@ -3073,7 +3073,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } diff --git a/2.6.32/4435_grsec-kconfig-gentoo.patch b/2.6.32/4435_grsec-kconfig-gentoo.patch index 5f4693e..9097814 100644 --- a/2.6.32/4435_grsec-kconfig-gentoo.patch +++ b/2.6.32/4435_grsec-kconfig-gentoo.patch @@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_LOW bool "Low" -@@ -190,6 +190,261 @@ +@@ -190,6 +190,259 @@ - Restricted sysfs/debugfs - Active kernel exploit response @@ -138,7 +138,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select GRKERNSEC_CHROOT_CAPS + select GRKERNSEC_CHROOT_SYSCTL + select GRKERNSEC_CHROOT_FINDTASK -+ select GRKERNSEC_SYSFS_RESTRICT + select GRKERNSEC_PROC + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) + select GRKERNSEC_HIDESYM @@ -223,7 +222,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select GRKERNSEC_CHROOT_CAPS + select GRKERNSEC_CHROOT_SYSCTL + select GRKERNSEC_CHROOT_FINDTASK -+ select GRKERNSEC_SYSFS_RESTRICT + select GRKERNSEC_PROC + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) + select GRKERNSEC_HIDESYM diff --git a/2.6.32/4437-grsec-kconfig-proc-user.patch b/2.6.32/4437-grsec-kconfig-proc-user.patch index ca88ef7..d84eb57 100644 --- a/2.6.32/4437-grsec-kconfig-proc-user.patch +++ b/2.6.32/4437-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400 -@@ -667,7 +667,7 @@ +@@ -665,7 +665,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -675,7 +675,7 @@ +@@ -673,7 +673,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch index 34c78d5..5bbfa24 100644 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -1266,6 +1266,27 @@ +@@ -1264,6 +1264,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.1.6/1005_linux-3.1.6.patch b/3.1.6/1005_linux-3.1.6.patch deleted file mode 100644 index afd900d..0000000 --- a/3.1.6/1005_linux-3.1.6.patch +++ /dev/null @@ -1,2178 +0,0 @@ -diff --git a/Makefile b/Makefile -index 94ab2ad..2d6e0a8 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 1 --SUBLEVEL = 5 -+SUBLEVEL = 6 - EXTRAVERSION = - NAME = "Divemaster Edition" - -diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index e514c76..3e42faf 100644 ---- a/arch/arm/kernel/setup.c -+++ b/arch/arm/kernel/setup.c -@@ -890,6 +890,12 @@ void __init setup_arch(char **cmdline_p) - machine_desc = mdesc; - machine_name = mdesc->name; - -+#ifdef CONFIG_ZONE_DMA -+ if (mdesc->dma_zone_size) { -+ extern unsigned long arm_dma_zone_size; -+ arm_dma_zone_size = mdesc->dma_zone_size; -+ } -+#endif - if (mdesc->soft_reboot) - reboot_setup("s"); - -@@ -920,12 +926,6 @@ void __init setup_arch(char **cmdline_p) - - tcm_init(); - --#ifdef CONFIG_ZONE_DMA -- if (mdesc->dma_zone_size) { -- extern unsigned long arm_dma_zone_size; -- arm_dma_zone_size = mdesc->dma_zone_size; -- } --#endif - #ifdef CONFIG_MULTI_IRQ_HANDLER - handle_arch_irq = mdesc->handle_irq; - #endif -diff --git a/arch/arm/mach-at91/at91rm9200_devices.c b/arch/arm/mach-at91/at91rm9200_devices.c -index 7227755..e596f45 100644 ---- a/arch/arm/mach-at91/at91rm9200_devices.c -+++ b/arch/arm/mach-at91/at91rm9200_devices.c -@@ -75,7 +75,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {} - * USB Device (Gadget) - * -------------------------------------------------------------------- */ - --#ifdef CONFIG_USB_GADGET_AT91 -+#ifdef CONFIG_USB_AT91 - static struct at91_udc_data udc_data; - - static struct resource udc_resources[] = { -diff --git a/arch/arm/mach-at91/at91sam9260.c b/arch/arm/mach-at91/at91sam9260.c -index cb397be..de4036f 100644 ---- a/arch/arm/mach-at91/at91sam9260.c -+++ b/arch/arm/mach-at91/at91sam9260.c -@@ -195,9 +195,9 @@ static struct clk_lookup periph_clocks_lookups[] = { - CLKDEV_CON_DEV_ID("t0_clk", "atmel_tcb.0", &tc0_clk), - CLKDEV_CON_DEV_ID("t1_clk", "atmel_tcb.0", &tc1_clk), - CLKDEV_CON_DEV_ID("t2_clk", "atmel_tcb.0", &tc2_clk), -- CLKDEV_CON_DEV_ID("t3_clk", "atmel_tcb.1", &tc3_clk), -- CLKDEV_CON_DEV_ID("t4_clk", "atmel_tcb.1", &tc4_clk), -- CLKDEV_CON_DEV_ID("t5_clk", "atmel_tcb.1", &tc5_clk), -+ CLKDEV_CON_DEV_ID("t0_clk", "atmel_tcb.1", &tc3_clk), -+ CLKDEV_CON_DEV_ID("t1_clk", "atmel_tcb.1", &tc4_clk), -+ CLKDEV_CON_DEV_ID("t2_clk", "atmel_tcb.1", &tc5_clk), - CLKDEV_CON_DEV_ID("pclk", "ssc.0", &ssc_clk), - }; - -diff --git a/arch/arm/mach-at91/at91sam9260_devices.c b/arch/arm/mach-at91/at91sam9260_devices.c -index 39f81f4..ec257265 100644 ---- a/arch/arm/mach-at91/at91sam9260_devices.c -+++ b/arch/arm/mach-at91/at91sam9260_devices.c -@@ -76,7 +76,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {} - * USB Device (Gadget) - * -------------------------------------------------------------------- */ - --#ifdef CONFIG_USB_GADGET_AT91 -+#ifdef CONFIG_USB_AT91 - static struct at91_udc_data udc_data; - - static struct resource udc_resources[] = { -diff --git a/arch/arm/mach-at91/at91sam9261_devices.c b/arch/arm/mach-at91/at91sam9261_devices.c -index 0f91792..9e113f6 100644 ---- a/arch/arm/mach-at91/at91sam9261_devices.c -+++ b/arch/arm/mach-at91/at91sam9261_devices.c -@@ -79,7 +79,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {} - * USB Device (Gadget) - * -------------------------------------------------------------------- */ - --#ifdef CONFIG_USB_GADGET_AT91 -+#ifdef CONFIG_USB_AT91 - static struct at91_udc_data udc_data; - - static struct resource udc_resources[] = { -diff --git a/arch/arm/mach-at91/at91sam9263_devices.c b/arch/arm/mach-at91/at91sam9263_devices.c -index a050f41..863e466 100644 ---- a/arch/arm/mach-at91/at91sam9263_devices.c -+++ b/arch/arm/mach-at91/at91sam9263_devices.c -@@ -86,7 +86,7 @@ void __init at91_add_device_usbh(struct at91_usbh_data *data) {} - * USB Device (Gadget) - * -------------------------------------------------------------------- */ - --#ifdef CONFIG_USB_GADGET_AT91 -+#ifdef CONFIG_USB_AT91 - static struct at91_udc_data udc_data; - - static struct resource udc_resources[] = { -diff --git a/arch/arm/mach-davinci/board-da850-evm.c b/arch/arm/mach-davinci/board-da850-evm.c -index 008d514..d5ec333 100644 ---- a/arch/arm/mach-davinci/board-da850-evm.c -+++ b/arch/arm/mach-davinci/board-da850-evm.c -@@ -748,7 +748,7 @@ static struct snd_platform_data da850_evm_snd_data = { - .num_serializer = ARRAY_SIZE(da850_iis_serializer_direction), - .tdm_slots = 2, - .serial_dir = da850_iis_serializer_direction, -- .asp_chan_q = EVENTQ_1, -+ .asp_chan_q = EVENTQ_0, - .version = MCASP_VERSION_2, - .txnumevt = 1, - .rxnumevt = 1, -diff --git a/arch/arm/mach-davinci/board-dm646x-evm.c b/arch/arm/mach-davinci/board-dm646x-evm.c -index 993a314..1cc11d8 100644 ---- a/arch/arm/mach-davinci/board-dm646x-evm.c -+++ b/arch/arm/mach-davinci/board-dm646x-evm.c -@@ -563,7 +563,7 @@ static int setup_vpif_input_channel_mode(int mux_mode) - int val; - u32 value; - -- if (!vpif_vsclkdis_reg || !cpld_client) -+ if (!vpif_vidclkctl_reg || !cpld_client) - return -ENXIO; - - val = i2c_smbus_read_byte(cpld_client); -@@ -571,7 +571,7 @@ static int setup_vpif_input_channel_mode(int mux_mode) - return val; - - spin_lock_irqsave(&vpif_reg_lock, flags); -- value = __raw_readl(vpif_vsclkdis_reg); -+ value = __raw_readl(vpif_vidclkctl_reg); - if (mux_mode) { - val &= VPIF_INPUT_TWO_CHANNEL; - value |= VIDCH1CLK; -@@ -579,7 +579,7 @@ static int setup_vpif_input_channel_mode(int mux_mode) - val |= VPIF_INPUT_ONE_CHANNEL; - value &= ~VIDCH1CLK; - } -- __raw_writel(value, vpif_vsclkdis_reg); -+ __raw_writel(value, vpif_vidclkctl_reg); - spin_unlock_irqrestore(&vpif_reg_lock, flags); - - err = i2c_smbus_write_byte(cpld_client, val); -diff --git a/arch/arm/mach-mxs/include/mach/mxs.h b/arch/arm/mach-mxs/include/mach/mxs.h -index 35a89dd..1332f73 100644 ---- a/arch/arm/mach-mxs/include/mach/mxs.h -+++ b/arch/arm/mach-mxs/include/mach/mxs.h -@@ -30,6 +30,7 @@ - */ - #define cpu_is_mx23() ( \ - machine_is_mx23evk() || \ -+ machine_is_stmp378x() || \ - 0) - #define cpu_is_mx28() ( \ - machine_is_mx28evk() || \ -diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h -index c2ff2a1..2d2f01c 100644 ---- a/arch/x86/include/asm/system.h -+++ b/arch/x86/include/asm/system.h -@@ -401,6 +401,7 @@ extern unsigned long arch_align_stack(unsigned long sp); - extern void free_init_pages(char *what, unsigned long begin, unsigned long end); - - void default_idle(void); -+bool set_pm_idle_to_default(void); - - void stop_this_cpu(void *dummy); - -diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c -index 4aecc54..4d5a100 100644 ---- a/arch/x86/kernel/hpet.c -+++ b/arch/x86/kernel/hpet.c -@@ -1048,6 +1048,14 @@ int hpet_rtc_timer_init(void) - } - EXPORT_SYMBOL_GPL(hpet_rtc_timer_init); - -+static void hpet_disable_rtc_channel(void) -+{ -+ unsigned long cfg; -+ cfg = hpet_readl(HPET_T1_CFG); -+ cfg &= ~HPET_TN_ENABLE; -+ hpet_writel(cfg, HPET_T1_CFG); -+} -+ - /* - * The functions below are called from rtc driver. - * Return 0 if HPET is not being used. -@@ -1059,6 +1067,9 @@ int hpet_mask_rtc_irq_bit(unsigned long bit_mask) - return 0; - - hpet_rtc_flags &= ~bit_mask; -+ if (unlikely(!hpet_rtc_flags)) -+ hpet_disable_rtc_channel(); -+ - return 1; - } - EXPORT_SYMBOL_GPL(hpet_mask_rtc_irq_bit); -@@ -1124,15 +1135,11 @@ EXPORT_SYMBOL_GPL(hpet_rtc_dropped_irq); - - static void hpet_rtc_timer_reinit(void) - { -- unsigned int cfg, delta; -+ unsigned int delta; - int lost_ints = -1; - -- if (unlikely(!hpet_rtc_flags)) { -- cfg = hpet_readl(HPET_T1_CFG); -- cfg &= ~HPET_TN_ENABLE; -- hpet_writel(cfg, HPET_T1_CFG); -- return; -- } -+ if (unlikely(!hpet_rtc_flags)) -+ hpet_disable_rtc_channel(); - - if (!(hpet_rtc_flags & RTC_PIE) || hpet_pie_limit) - delta = hpet_default_delta; -diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index e7e3b01..30eb651 100644 ---- a/arch/x86/kernel/process.c -+++ b/arch/x86/kernel/process.c -@@ -403,6 +403,14 @@ void default_idle(void) - EXPORT_SYMBOL(default_idle); - #endif - -+bool set_pm_idle_to_default(void) -+{ -+ bool ret = !!pm_idle; -+ -+ pm_idle = default_idle; -+ -+ return ret; -+} - void stop_this_cpu(void *dummy) - { - local_irq_disable(); -diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index ea30585..dd74e46 100644 ---- a/arch/x86/mm/gup.c -+++ b/arch/x86/mm/gup.c -@@ -201,6 +201,8 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr, - do { - VM_BUG_ON(compound_head(page) != head); - pages[*nr] = page; -+ if (PageTail(page)) -+ get_huge_page_tail(page); - (*nr)++; - page++; - refs++; -diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c -index 46d6d21..e191302 100644 ---- a/arch/x86/xen/setup.c -+++ b/arch/x86/xen/setup.c -@@ -191,9 +191,21 @@ static unsigned long __init xen_get_max_pages(void) - domid_t domid = DOMID_SELF; - int ret; - -- ret = HYPERVISOR_memory_op(XENMEM_maximum_reservation, &domid); -- if (ret > 0) -- max_pages = ret; -+ /* -+ * For the initial domain we use the maximum reservation as -+ * the maximum page. -+ * -+ * For guest domains the current maximum reservation reflects -+ * the current maximum rather than the static maximum. In this -+ * case the e820 map provided to us will cover the static -+ * maximum region. -+ */ -+ if (xen_initial_domain()) { -+ ret = HYPERVISOR_memory_op(XENMEM_maximum_reservation, &domid); -+ if (ret > 0) -+ max_pages = ret; -+ } -+ - return min(max_pages, MAX_DOMAIN_PAGES); - } - -@@ -448,6 +460,6 @@ void __init xen_arch_setup(void) - #endif - disable_cpuidle(); - boot_option_idle_override = IDLE_HALT; -- -+ WARN_ON(set_pm_idle_to_default()); - fiddle_vdso(); - } -diff --git a/drivers/firmware/iscsi_ibft.c b/drivers/firmware/iscsi_ibft.c -index c811cb1..2cce44a 100644 ---- a/drivers/firmware/iscsi_ibft.c -+++ b/drivers/firmware/iscsi_ibft.c -@@ -746,6 +746,37 @@ static void __exit ibft_exit(void) - ibft_cleanup(); - } - -+#ifdef CONFIG_ACPI -+static const struct { -+ char *sign; -+} ibft_signs[] = { -+ /* -+ * One spec says "IBFT", the other says "iBFT". We have to check -+ * for both. -+ */ -+ { ACPI_SIG_IBFT }, -+ { "iBFT" }, -+}; -+ -+static void __init acpi_find_ibft_region(void) -+{ -+ int i; -+ struct acpi_table_header *table = NULL; -+ -+ if (acpi_disabled) -+ return; -+ -+ for (i = 0; i < ARRAY_SIZE(ibft_signs) && !ibft_addr; i++) { -+ acpi_get_table(ibft_signs[i].sign, 0, &table); -+ ibft_addr = (struct acpi_table_ibft *)table; -+ } -+} -+#else -+static void __init acpi_find_ibft_region(void) -+{ -+} -+#endif -+ - /* - * ibft_init() - creates sysfs tree entries for the iBFT data. - */ -@@ -753,9 +784,16 @@ static int __init ibft_init(void) - { - int rc = 0; - -+ /* -+ As on UEFI systems the setup_arch()/find_ibft_region() -+ is called before ACPI tables are parsed and it only does -+ legacy finding. -+ */ -+ if (!ibft_addr) -+ acpi_find_ibft_region(); -+ - if (ibft_addr) { -- printk(KERN_INFO "iBFT detected at 0x%llx.\n", -- (u64)isa_virt_to_bus(ibft_addr)); -+ pr_info("iBFT detected.\n"); - - rc = ibft_check_device(); - if (rc) -diff --git a/drivers/firmware/iscsi_ibft_find.c b/drivers/firmware/iscsi_ibft_find.c -index bfe7232..4da4eb9 100644 ---- a/drivers/firmware/iscsi_ibft_find.c -+++ b/drivers/firmware/iscsi_ibft_find.c -@@ -45,13 +45,6 @@ EXPORT_SYMBOL_GPL(ibft_addr); - static const struct { - char *sign; - } ibft_signs[] = { --#ifdef CONFIG_ACPI -- /* -- * One spec says "IBFT", the other says "iBFT". We have to check -- * for both. -- */ -- { ACPI_SIG_IBFT }, --#endif - { "iBFT" }, - { "BIFT" }, /* Broadcom iSCSI Offload */ - }; -@@ -62,14 +55,6 @@ static const struct { - #define VGA_MEM 0xA0000 /* VGA buffer */ - #define VGA_SIZE 0x20000 /* 128kB */ - --#ifdef CONFIG_ACPI --static int __init acpi_find_ibft(struct acpi_table_header *header) --{ -- ibft_addr = (struct acpi_table_ibft *)header; -- return 0; --} --#endif /* CONFIG_ACPI */ -- - static int __init find_ibft_in_mem(void) - { - unsigned long pos; -@@ -94,6 +79,7 @@ static int __init find_ibft_in_mem(void) - * the table cannot be valid. */ - if (pos + len <= (IBFT_END-1)) { - ibft_addr = (struct acpi_table_ibft *)virt; -+ pr_info("iBFT found at 0x%lx.\n", pos); - goto done; - } - } -@@ -108,20 +94,12 @@ done: - */ - unsigned long __init find_ibft_region(unsigned long *sizep) - { --#ifdef CONFIG_ACPI -- int i; --#endif - ibft_addr = NULL; - --#ifdef CONFIG_ACPI -- for (i = 0; i < ARRAY_SIZE(ibft_signs) && !ibft_addr; i++) -- acpi_table_parse(ibft_signs[i].sign, acpi_find_ibft); --#endif /* CONFIG_ACPI */ -- - /* iBFT 1.03 section 1.4.3.1 mandates that UEFI machines will - * only use ACPI for this */ - -- if (!ibft_addr && !efi_enabled) -+ if (!efi_enabled) - find_ibft_in_mem(); - - if (ibft_addr) { -diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c -index a515b2a..9bb3d6f 100644 ---- a/drivers/gpu/drm/radeon/atombios_crtc.c -+++ b/drivers/gpu/drm/radeon/atombios_crtc.c -@@ -558,7 +558,7 @@ static u32 atombios_adjust_pll(struct drm_crtc *crtc, - bpc = connector->display_info.bpc; - encoder_mode = atombios_get_encoder_mode(encoder); - if ((radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT | ATOM_DEVICE_DFP_SUPPORT)) || -- radeon_encoder_is_dp_bridge(encoder)) { -+ (radeon_encoder_get_dp_bridge_encoder_id(encoder) != ENCODER_OBJECT_ID_NONE)) { - if (connector) { - struct radeon_connector *radeon_connector = to_radeon_connector(connector); - struct radeon_connector_atom_dig *dig_connector = -@@ -638,44 +638,29 @@ static u32 atombios_adjust_pll(struct drm_crtc *crtc, - if (ss_enabled && ss->percentage) - args.v3.sInput.ucDispPllConfig |= - DISPPLL_CONFIG_SS_ENABLE; -- if (radeon_encoder->devices & (ATOM_DEVICE_DFP_SUPPORT) || -- radeon_encoder_is_dp_bridge(encoder)) { -+ if (encoder_mode == ATOM_ENCODER_MODE_DP) { -+ args.v3.sInput.ucDispPllConfig |= -+ DISPPLL_CONFIG_COHERENT_MODE; -+ /* 16200 or 27000 */ -+ args.v3.sInput.usPixelClock = cpu_to_le16(dp_clock / 10); -+ } else if (radeon_encoder->devices & (ATOM_DEVICE_DFP_SUPPORT)) { - struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv; -- if (encoder_mode == ATOM_ENCODER_MODE_DP) { -+ if (encoder_mode == ATOM_ENCODER_MODE_HDMI) -+ /* deep color support */ -+ args.v3.sInput.usPixelClock = -+ cpu_to_le16((mode->clock * bpc / 8) / 10); -+ if (dig->coherent_mode) - args.v3.sInput.ucDispPllConfig |= - DISPPLL_CONFIG_COHERENT_MODE; -- /* 16200 or 27000 */ -- args.v3.sInput.usPixelClock = cpu_to_le16(dp_clock / 10); -- } else { -- if (encoder_mode == ATOM_ENCODER_MODE_HDMI) { -- /* deep color support */ -- args.v3.sInput.usPixelClock = -- cpu_to_le16((mode->clock * bpc / 8) / 10); -- } -- if (dig->coherent_mode) -- args.v3.sInput.ucDispPllConfig |= -- DISPPLL_CONFIG_COHERENT_MODE; -- if (mode->clock > 165000) -- args.v3.sInput.ucDispPllConfig |= -- DISPPLL_CONFIG_DUAL_LINK; -- } -- } else if (radeon_encoder->devices & (ATOM_DEVICE_LCD_SUPPORT)) { -- if (encoder_mode == ATOM_ENCODER_MODE_DP) { -+ if (mode->clock > 165000) - args.v3.sInput.ucDispPllConfig |= -- DISPPLL_CONFIG_COHERENT_MODE; -- /* 16200 or 27000 */ -- args.v3.sInput.usPixelClock = cpu_to_le16(dp_clock / 10); -- } else if (encoder_mode != ATOM_ENCODER_MODE_LVDS) { -- if (mode->clock > 165000) -- args.v3.sInput.ucDispPllConfig |= -- DISPPLL_CONFIG_DUAL_LINK; -- } -+ DISPPLL_CONFIG_DUAL_LINK; - } -- if (radeon_encoder_is_dp_bridge(encoder)) { -- struct drm_encoder *ext_encoder = radeon_atom_get_external_encoder(encoder); -- struct radeon_encoder *ext_radeon_encoder = to_radeon_encoder(ext_encoder); -- args.v3.sInput.ucExtTransmitterID = ext_radeon_encoder->encoder_id; -- } else -+ if (radeon_encoder_get_dp_bridge_encoder_id(encoder) != -+ ENCODER_OBJECT_ID_NONE) -+ args.v3.sInput.ucExtTransmitterID = -+ radeon_encoder_get_dp_bridge_encoder_id(encoder); -+ else - args.v3.sInput.ucExtTransmitterID = 0; - - atom_execute_table(rdev->mode_info.atom_context, -diff --git a/drivers/gpu/drm/radeon/atombios_dp.c b/drivers/gpu/drm/radeon/atombios_dp.c -index 3b77ad6..03a347a 100644 ---- a/drivers/gpu/drm/radeon/atombios_dp.c -+++ b/drivers/gpu/drm/radeon/atombios_dp.c -@@ -482,7 +482,8 @@ static int radeon_dp_get_dp_link_clock(struct drm_connector *connector, - int bpp = convert_bpc_to_bpp(connector->display_info.bpc); - int lane_num, max_pix_clock; - -- if (radeon_connector_encoder_is_dp_bridge(connector)) -+ if (radeon_connector_encoder_get_dp_bridge_encoder_id(connector) != -+ ENCODER_OBJECT_ID_NONE) - return 270000; - - lane_num = radeon_dp_get_dp_lane_number(connector, dpcd, pix_clock); -@@ -559,8 +560,12 @@ static void radeon_dp_set_panel_mode(struct drm_encoder *encoder, - if (!ASIC_IS_DCE4(rdev)) - return; - -- if (radeon_connector_encoder_is_dp_bridge(connector)) -+ if (radeon_connector_encoder_get_dp_bridge_encoder_id(connector) == -+ ENCODER_OBJECT_ID_NUTMEG) - panel_mode = DP_PANEL_MODE_INTERNAL_DP1_MODE; -+ else if (radeon_connector_encoder_get_dp_bridge_encoder_id(connector) == -+ ENCODER_OBJECT_ID_TRAVIS) -+ panel_mode = DP_PANEL_MODE_INTERNAL_DP2_MODE; - else if (connector->connector_type == DRM_MODE_CONNECTOR_eDP) { - u8 tmp = radeon_read_dpcd_reg(radeon_connector, DP_EDP_CONFIGURATION_CAP); - if (tmp & 1) -diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c -index ff6a2e0..a58b452 100644 ---- a/drivers/gpu/drm/radeon/radeon_connectors.c -+++ b/drivers/gpu/drm/radeon/radeon_connectors.c -@@ -44,8 +44,6 @@ extern void - radeon_legacy_backlight_init(struct radeon_encoder *radeon_encoder, - struct drm_connector *drm_connector); - --bool radeon_connector_encoder_is_dp_bridge(struct drm_connector *connector); -- - void radeon_connector_hotplug(struct drm_connector *connector) - { - struct drm_device *dev = connector->dev; -@@ -1204,7 +1202,8 @@ static int radeon_dp_get_modes(struct drm_connector *connector) - } - } else { - /* need to setup ddc on the bridge */ -- if (radeon_connector_encoder_is_dp_bridge(connector)) { -+ if (radeon_connector_encoder_get_dp_bridge_encoder_id(connector) != -+ ENCODER_OBJECT_ID_NONE) { - if (encoder) - radeon_atom_ext_encoder_setup_ddc(encoder); - } -@@ -1214,13 +1213,12 @@ static int radeon_dp_get_modes(struct drm_connector *connector) - return ret; - } - --bool radeon_connector_encoder_is_dp_bridge(struct drm_connector *connector) -+u16 radeon_connector_encoder_get_dp_bridge_encoder_id(struct drm_connector *connector) - { - struct drm_mode_object *obj; - struct drm_encoder *encoder; - struct radeon_encoder *radeon_encoder; - int i; -- bool found = false; - - for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) { - if (connector->encoder_ids[i] == 0) -@@ -1236,14 +1234,13 @@ bool radeon_connector_encoder_is_dp_bridge(struct drm_connector *connector) - switch (radeon_encoder->encoder_id) { - case ENCODER_OBJECT_ID_TRAVIS: - case ENCODER_OBJECT_ID_NUTMEG: -- found = true; -- break; -+ return radeon_encoder->encoder_id; - default: - break; - } - } - -- return found; -+ return ENCODER_OBJECT_ID_NONE; - } - - bool radeon_connector_encoder_is_hbr2(struct drm_connector *connector) -@@ -1320,7 +1317,8 @@ radeon_dp_detect(struct drm_connector *connector, bool force) - if (!radeon_dig_connector->edp_on) - atombios_set_edp_panel_power(connector, - ATOM_TRANSMITTER_ACTION_POWER_OFF); -- } else if (radeon_connector_encoder_is_dp_bridge(connector)) { -+ } else if (radeon_connector_encoder_get_dp_bridge_encoder_id(connector) != -+ ENCODER_OBJECT_ID_NONE) { - /* DP bridges are always DP */ - radeon_dig_connector->dp_sink_type = CONNECTOR_OBJECT_ID_DISPLAYPORT; - /* get the DPCD from the bridge */ -diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c -index 6adb3e5..07ac481 100644 ---- a/drivers/gpu/drm/radeon/radeon_display.c -+++ b/drivers/gpu/drm/radeon/radeon_display.c -@@ -708,7 +708,8 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector) - - if ((radeon_connector->base.connector_type == DRM_MODE_CONNECTOR_DisplayPort) || - (radeon_connector->base.connector_type == DRM_MODE_CONNECTOR_eDP) || -- radeon_connector_encoder_is_dp_bridge(&radeon_connector->base)) { -+ (radeon_connector_encoder_get_dp_bridge_encoder_id(&radeon_connector->base) != -+ ENCODER_OBJECT_ID_NONE)) { - struct radeon_connector_atom_dig *dig = radeon_connector->con_priv; - - if ((dig->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT || -diff --git a/drivers/gpu/drm/radeon/radeon_encoders.c b/drivers/gpu/drm/radeon/radeon_encoders.c -index eb3f6dc..9838865 100644 ---- a/drivers/gpu/drm/radeon/radeon_encoders.c -+++ b/drivers/gpu/drm/radeon/radeon_encoders.c -@@ -266,7 +266,7 @@ struct drm_encoder *radeon_atom_get_external_encoder(struct drm_encoder *encoder - return NULL; - } - --bool radeon_encoder_is_dp_bridge(struct drm_encoder *encoder) -+u16 radeon_encoder_get_dp_bridge_encoder_id(struct drm_encoder *encoder) - { - struct drm_encoder *other_encoder = radeon_atom_get_external_encoder(encoder); - -@@ -368,7 +368,7 @@ static bool radeon_atom_mode_fixup(struct drm_encoder *encoder, - - if (ASIC_IS_DCE3(rdev) && - ((radeon_encoder->active_device & (ATOM_DEVICE_DFP_SUPPORT | ATOM_DEVICE_LCD_SUPPORT)) || -- radeon_encoder_is_dp_bridge(encoder))) { -+ (radeon_encoder_get_dp_bridge_encoder_id(encoder) != ENCODER_OBJECT_ID_NONE))) { - struct drm_connector *connector = radeon_get_connector_for_encoder(encoder); - radeon_dp_set_link_config(connector, mode); - } -@@ -658,7 +658,7 @@ atombios_get_encoder_mode(struct drm_encoder *encoder) - struct radeon_connector_atom_dig *dig_connector; - - /* dp bridges are always DP */ -- if (radeon_encoder_is_dp_bridge(encoder)) -+ if (radeon_encoder_get_dp_bridge_encoder_id(encoder) != ENCODER_OBJECT_ID_NONE) - return ATOM_ENCODER_MODE_DP; - - /* DVO is always DVO */ -@@ -1638,7 +1638,7 @@ atombios_set_encoder_crtc_source(struct drm_encoder *encoder) - break; - case 2: - args.v2.ucCRTC = radeon_crtc->crtc_id; -- if (radeon_encoder_is_dp_bridge(encoder)) { -+ if (radeon_encoder_get_dp_bridge_encoder_id(encoder) != ENCODER_OBJECT_ID_NONE) { - struct drm_connector *connector = radeon_get_connector_for_encoder(encoder); - - if (connector->connector_type == DRM_MODE_CONNECTOR_LVDS) -@@ -2099,7 +2099,8 @@ static void radeon_atom_encoder_prepare(struct drm_encoder *encoder) - - if ((radeon_encoder->active_device & - (ATOM_DEVICE_DFP_SUPPORT | ATOM_DEVICE_LCD_SUPPORT)) || -- radeon_encoder_is_dp_bridge(encoder)) { -+ (radeon_encoder_get_dp_bridge_encoder_id(encoder) != -+ ENCODER_OBJECT_ID_NONE)) { - struct radeon_encoder_atom_dig *dig = radeon_encoder->enc_priv; - if (dig) - dig->dig_encoder = radeon_atom_pick_dig_encoder(encoder); -diff --git a/drivers/gpu/drm/radeon/radeon_mode.h b/drivers/gpu/drm/radeon/radeon_mode.h -index ed0178f..cbf80de 100644 ---- a/drivers/gpu/drm/radeon/radeon_mode.h -+++ b/drivers/gpu/drm/radeon/radeon_mode.h -@@ -468,8 +468,8 @@ radeon_atombios_get_tv_info(struct radeon_device *rdev); - extern struct drm_connector * - radeon_get_connector_for_encoder(struct drm_encoder *encoder); - --extern bool radeon_encoder_is_dp_bridge(struct drm_encoder *encoder); --extern bool radeon_connector_encoder_is_dp_bridge(struct drm_connector *connector); -+extern u16 radeon_encoder_get_dp_bridge_encoder_id(struct drm_encoder *encoder); -+extern u16 radeon_connector_encoder_get_dp_bridge_encoder_id(struct drm_connector *connector); - extern bool radeon_connector_encoder_is_hbr2(struct drm_connector *connector); - extern bool radeon_connector_is_dp12_capable(struct drm_connector *connector); - -diff --git a/drivers/hwmon/jz4740-hwmon.c b/drivers/hwmon/jz4740-hwmon.c -index fea292d..b65a4da 100644 ---- a/drivers/hwmon/jz4740-hwmon.c -+++ b/drivers/hwmon/jz4740-hwmon.c -@@ -59,7 +59,7 @@ static ssize_t jz4740_hwmon_read_adcin(struct device *dev, - { - struct jz4740_hwmon *hwmon = dev_get_drvdata(dev); - struct completion *completion = &hwmon->read_completion; -- unsigned long t; -+ long t; - unsigned long val; - int ret; - -diff --git a/drivers/mmc/host/mxcmmc.c b/drivers/mmc/host/mxcmmc.c -index 14aa213..b87143d 100644 ---- a/drivers/mmc/host/mxcmmc.c -+++ b/drivers/mmc/host/mxcmmc.c -@@ -731,6 +731,7 @@ static void mxcmci_set_ios(struct mmc_host *mmc, struct mmc_ios *ios) - "failed to config DMA channel. Falling back to PIO\n"); - dma_release_channel(host->dma); - host->do_dma = 0; -+ host->dma = NULL; - } - } - -diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c -index cf3f999..10451a1 100644 ---- a/drivers/ptp/ptp_clock.c -+++ b/drivers/ptp/ptp_clock.c -@@ -101,7 +101,9 @@ static s32 scaled_ppm_to_ppb(long ppm) - - static int ptp_clock_getres(struct posix_clock *pc, struct timespec *tp) - { -- return 1; /* always round timer functions to one nanosecond */ -+ tp->tv_sec = 0; -+ tp->tv_nsec = 1; -+ return 0; - } - - static int ptp_clock_settime(struct posix_clock *pc, const struct timespec *tp) -diff --git a/drivers/rtc/rtc-s3c.c b/drivers/rtc/rtc-s3c.c -index 7639ab9..5b979d9 100644 ---- a/drivers/rtc/rtc-s3c.c -+++ b/drivers/rtc/rtc-s3c.c -@@ -202,7 +202,6 @@ static int s3c_rtc_settime(struct device *dev, struct rtc_time *tm) - void __iomem *base = s3c_rtc_base; - int year = tm->tm_year - 100; - -- clk_enable(rtc_clk); - pr_debug("set time %04d.%02d.%02d %02d:%02d:%02d\n", - 1900 + tm->tm_year, tm->tm_mon, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); -@@ -214,6 +213,7 @@ static int s3c_rtc_settime(struct device *dev, struct rtc_time *tm) - return -EINVAL; - } - -+ clk_enable(rtc_clk); - writeb(bin2bcd(tm->tm_sec), base + S3C2410_RTCSEC); - writeb(bin2bcd(tm->tm_min), base + S3C2410_RTCMIN); - writeb(bin2bcd(tm->tm_hour), base + S3C2410_RTCHOUR); -diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c -index 21ce2af..6cb7e28 100644 ---- a/drivers/staging/rtl8712/usb_intf.c -+++ b/drivers/staging/rtl8712/usb_intf.c -@@ -86,6 +86,7 @@ static struct usb_device_id rtl871x_usb_id_tbl[] = { - {USB_DEVICE(0x0DF6, 0x0045)}, - {USB_DEVICE(0x0DF6, 0x0059)}, /* 11n mode disable */ - {USB_DEVICE(0x0DF6, 0x004B)}, -+ {USB_DEVICE(0x0DF6, 0x005D)}, - {USB_DEVICE(0x0DF6, 0x0063)}, - /* Sweex */ - {USB_DEVICE(0x177F, 0x0154)}, -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 26a5d8b..c4ac6f6 100644 ---- a/drivers/target/iscsi/iscsi_target.c -+++ b/drivers/target/iscsi/iscsi_target.c -@@ -1043,6 +1043,8 @@ done: - */ - send_check_condition = 1; - } else { -+ cmd->data_length = cmd->se_cmd.data_length; -+ - if (iscsit_decide_list_to_build(cmd, payload_length) < 0) - return iscsit_add_reject_from_cmd( - ISCSI_REASON_BOOKMARK_NO_RESOURCES, -@@ -2512,10 +2514,10 @@ static int iscsit_send_data_in( - if (hdr->flags & ISCSI_FLAG_DATA_STATUS) { - if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) { - hdr->flags |= ISCSI_FLAG_DATA_OVERFLOW; -- hdr->residual_count = cpu_to_be32(cmd->residual_count); -+ hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); - } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) { - hdr->flags |= ISCSI_FLAG_DATA_UNDERFLOW; -- hdr->residual_count = cpu_to_be32(cmd->residual_count); -+ hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); - } - } - hton24(hdr->dlength, datain.length); -@@ -3017,10 +3019,10 @@ static int iscsit_send_status( - hdr->flags |= ISCSI_FLAG_CMD_FINAL; - if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) { - hdr->flags |= ISCSI_FLAG_CMD_OVERFLOW; -- hdr->residual_count = cpu_to_be32(cmd->residual_count); -+ hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); - } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) { - hdr->flags |= ISCSI_FLAG_CMD_UNDERFLOW; -- hdr->residual_count = cpu_to_be32(cmd->residual_count); -+ hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count); - } - hdr->response = cmd->iscsi_response; - hdr->cmd_status = cmd->se_cmd.scsi_status; -@@ -3132,6 +3134,7 @@ static int iscsit_send_task_mgt_rsp( - hdr = (struct iscsi_tm_rsp *) cmd->pdu; - memset(hdr, 0, ISCSI_HDR_LEN); - hdr->opcode = ISCSI_OP_SCSI_TMFUNC_RSP; -+ hdr->flags = ISCSI_FLAG_CMD_FINAL; - hdr->response = iscsit_convert_tcm_tmr_rsp(se_tmr); - hdr->itt = cpu_to_be32(cmd->init_task_tag); - cmd->stat_sn = conn->stat_sn++; -diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h -index 470ed55..8d18b2c 100644 ---- a/drivers/target/iscsi/iscsi_target_core.h -+++ b/drivers/target/iscsi/iscsi_target_core.h -@@ -395,7 +395,6 @@ struct iscsi_cmd { - u32 pdu_send_order; - /* Current struct iscsi_pdu in struct iscsi_cmd->pdu_list */ - u32 pdu_start; -- u32 residual_count; - /* Next struct iscsi_seq to send in struct iscsi_cmd->seq_list */ - u32 seq_send_order; - /* Number of struct iscsi_seq in struct iscsi_cmd->seq_list */ -diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c -index f04d4ef..5f91397 100644 ---- a/drivers/target/target_core_cdb.c -+++ b/drivers/target/target_core_cdb.c -@@ -477,7 +477,7 @@ target_emulate_evpd_86(struct se_cmd *cmd, unsigned char *buf) - if (cmd->data_length < 60) - return 0; - -- buf[2] = 0x3c; -+ buf[3] = 0x3c; - /* Set HEADSUP, ORDSUP, SIMPSUP */ - buf[5] = 0x07; - -diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c -index bc1b336..ceb2a28 100644 ---- a/drivers/target/target_core_file.c -+++ b/drivers/target/target_core_file.c -@@ -288,9 +288,9 @@ static int fd_do_readv(struct se_task *task) - return -ENOMEM; - } - -- for (i = 0; i < task->task_sg_nents; i++) { -- iov[i].iov_len = sg[i].length; -- iov[i].iov_base = sg_virt(&sg[i]); -+ for_each_sg(task->task_sg, sg, task->task_sg_nents, i) { -+ iov[i].iov_len = sg->length; -+ iov[i].iov_base = sg_virt(sg); - } - - old_fs = get_fs(); -@@ -340,9 +340,9 @@ static int fd_do_writev(struct se_task *task) - return -ENOMEM; - } - -- for (i = 0; i < task->task_sg_nents; i++) { -- iov[i].iov_len = sg[i].length; -- iov[i].iov_base = sg_virt(&sg[i]); -+ for_each_sg(task->task_sg, sg, task->task_sg_nents, i) { -+ iov[i].iov_len = sg->length; -+ iov[i].iov_base = sg_virt(sg); - } - - old_fs = get_fs(); -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 013c100..e2added 100644 ---- a/drivers/target/target_core_transport.c -+++ b/drivers/target/target_core_transport.c -@@ -2562,10 +2562,15 @@ static inline u32 transport_get_sectors_6( - - /* - * Everything else assume TYPE_DISK Sector CDB location. -- * Use 8-bit sector value. -+ * Use 8-bit sector value. SBC-3 says: -+ * -+ * A TRANSFER LENGTH field set to zero specifies that 256 -+ * logical blocks shall be written. Any other value -+ * specifies the number of logical blocks that shall be -+ * written. - */ - type_disk: -- return (u32)cdb[4]; -+ return cdb[4] ? : 256; - } - - static inline u32 transport_get_sectors_10( -@@ -3873,6 +3878,18 @@ int transport_generic_map_mem_to_cmd( - - if ((cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB) || - (cmd->se_cmd_flags & SCF_SCSI_CONTROL_SG_IO_CDB)) { -+ /* -+ * Reject SCSI data overflow with map_mem_to_cmd() as incoming -+ * scatterlists already have been set to follow what the fabric -+ * passes for the original expected data transfer length. -+ */ -+ if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) { -+ pr_warn("Rejecting SCSI DATA overflow for fabric using" -+ " SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC\n"); -+ cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; -+ cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD; -+ return -EINVAL; -+ } - - cmd->t_data_sg = sgl; - cmd->t_data_nents = sgl_count; -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c -index 2ffcaa0..8faa23c 100644 ---- a/drivers/usb/class/cdc-acm.c -+++ b/drivers/usb/class/cdc-acm.c -@@ -1458,6 +1458,16 @@ static const struct usb_device_id acm_ids[] = { - }, - { USB_DEVICE(0x22b8, 0x6425), /* Motorola MOTOMAGX phones */ - }, -+ /* Motorola H24 HSPA module: */ -+ { USB_DEVICE(0x22b8, 0x2d91) }, /* modem */ -+ { USB_DEVICE(0x22b8, 0x2d92) }, /* modem + diagnostics */ -+ { USB_DEVICE(0x22b8, 0x2d93) }, /* modem + AT port */ -+ { USB_DEVICE(0x22b8, 0x2d95) }, /* modem + AT port + diagnostics */ -+ { USB_DEVICE(0x22b8, 0x2d96) }, /* modem + NMEA */ -+ { USB_DEVICE(0x22b8, 0x2d97) }, /* modem + diagnostics + NMEA */ -+ { USB_DEVICE(0x22b8, 0x2d99) }, /* modem + AT port + NMEA */ -+ { USB_DEVICE(0x22b8, 0x2d9a) }, /* modem + AT port + diagnostics + NMEA */ -+ - { USB_DEVICE(0x0572, 0x1329), /* Hummingbird huc56s (Conexant) */ - .driver_info = NO_UNION_NORMAL, /* union descriptor misplaced on - data interface instead of -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c -index e98a1e1..d2becb9 100644 ---- a/drivers/usb/serial/option.c -+++ b/drivers/usb/serial/option.c -@@ -659,7 +659,12 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x01, 0x01) }, - { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x01, 0x02) }, - { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x01, 0x03) }, -- { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x01, 0x08) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x01, 0x10) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x01, 0x12) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x01, 0x13) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x02, 0x01) }, /* E398 3G Modem */ -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x02, 0x02) }, /* E398 3G PC UI Interface */ -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E353, 0xff, 0x02, 0x03) }, /* E398 3G Application Interface */ - { USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V640) }, - { USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V620) }, - { USB_DEVICE(NOVATELWIRELESS_VENDOR_ID, NOVATELWIRELESS_PRODUCT_V740) }, -diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c -index 5de03ec..a090bbe 100644 ---- a/fs/cifs/readdir.c -+++ b/fs/cifs/readdir.c -@@ -554,7 +554,10 @@ static int find_cifs_entry(const int xid, struct cifs_tcon *pTcon, - rc); - return rc; - } -- cifs_save_resume_key(cifsFile->srch_inf.last_entry, cifsFile); -+ /* FindFirst/Next set last_entry to NULL on malformed reply */ -+ if (cifsFile->srch_inf.last_entry) -+ cifs_save_resume_key(cifsFile->srch_inf.last_entry, -+ cifsFile); - } - - while ((index_to_find >= cifsFile->srch_inf.index_of_last_entry) && -@@ -562,7 +565,10 @@ static int find_cifs_entry(const int xid, struct cifs_tcon *pTcon, - cFYI(1, "calling findnext2"); - rc = CIFSFindNext(xid, pTcon, cifsFile->netfid, - &cifsFile->srch_inf); -- cifs_save_resume_key(cifsFile->srch_inf.last_entry, cifsFile); -+ /* FindFirst/Next set last_entry to NULL on malformed reply */ -+ if (cifsFile->srch_inf.last_entry) -+ cifs_save_resume_key(cifsFile->srch_inf.last_entry, -+ cifsFile); - if (rc) - return -ENOENT; - } -diff --git a/fs/dcache.c b/fs/dcache.c -index a88948b..8b732a2 100644 ---- a/fs/dcache.c -+++ b/fs/dcache.c -@@ -2398,16 +2398,14 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name) - /** - * prepend_path - Prepend path string to a buffer - * @path: the dentry/vfsmount to report -- * @root: root vfsmnt/dentry (may be modified by this function) -+ * @root: root vfsmnt/dentry - * @buffer: pointer to the end of the buffer - * @buflen: pointer to buffer length - * - * Caller holds the rename_lock. -- * -- * If path is not reachable from the supplied root, then the value of -- * root is changed (without modifying refcounts). - */ --static int prepend_path(const struct path *path, struct path *root, -+static int prepend_path(const struct path *path, -+ const struct path *root, - char **buffer, int *buflen) - { - struct dentry *dentry = path->dentry; -@@ -2442,10 +2440,10 @@ static int prepend_path(const struct path *path, struct path *root, - dentry = parent; - } - --out: - if (!error && !slash) - error = prepend(buffer, buflen, "/", 1); - -+out: - br_read_unlock(vfsmount_lock); - return error; - -@@ -2459,15 +2457,17 @@ global_root: - WARN(1, "Root dentry has weird name <%.*s>\n", - (int) dentry->d_name.len, dentry->d_name.name); - } -- root->mnt = vfsmnt; -- root->dentry = dentry; -+ if (!slash) -+ error = prepend(buffer, buflen, "/", 1); -+ if (!error) -+ error = vfsmnt->mnt_ns ? 1 : 2; - goto out; - } - - /** - * __d_path - return the path of a dentry - * @path: the dentry/vfsmount to report -- * @root: root vfsmnt/dentry (may be modified by this function) -+ * @root: root vfsmnt/dentry - * @buf: buffer to return value in - * @buflen: buffer length - * -@@ -2478,10 +2478,10 @@ global_root: - * - * "buflen" should be positive. - * -- * If path is not reachable from the supplied root, then the value of -- * root is changed (without modifying refcounts). -+ * If the path is not reachable from the supplied root, return %NULL. - */ --char *__d_path(const struct path *path, struct path *root, -+char *__d_path(const struct path *path, -+ const struct path *root, - char *buf, int buflen) - { - char *res = buf + buflen; -@@ -2492,7 +2492,28 @@ char *__d_path(const struct path *path, struct path *root, - error = prepend_path(path, root, &res, &buflen); - write_sequnlock(&rename_lock); - -- if (error) -+ if (error < 0) -+ return ERR_PTR(error); -+ if (error > 0) -+ return NULL; -+ return res; -+} -+ -+char *d_absolute_path(const struct path *path, -+ char *buf, int buflen) -+{ -+ struct path root = {}; -+ char *res = buf + buflen; -+ int error; -+ -+ prepend(&res, &buflen, "\0", 1); -+ write_seqlock(&rename_lock); -+ error = prepend_path(path, &root, &res, &buflen); -+ write_sequnlock(&rename_lock); -+ -+ if (error > 1) -+ error = -EINVAL; -+ if (error < 0) - return ERR_PTR(error); - return res; - } -@@ -2500,8 +2521,9 @@ char *__d_path(const struct path *path, struct path *root, - /* - * same as __d_path but appends "(deleted)" for unlinked files. - */ --static int path_with_deleted(const struct path *path, struct path *root, -- char **buf, int *buflen) -+static int path_with_deleted(const struct path *path, -+ const struct path *root, -+ char **buf, int *buflen) - { - prepend(buf, buflen, "\0", 1); - if (d_unlinked(path->dentry)) { -@@ -2538,7 +2560,6 @@ char *d_path(const struct path *path, char *buf, int buflen) - { - char *res = buf + buflen; - struct path root; -- struct path tmp; - int error; - - /* -@@ -2553,9 +2574,8 @@ char *d_path(const struct path *path, char *buf, int buflen) - - get_fs_root(current->fs, &root); - write_seqlock(&rename_lock); -- tmp = root; -- error = path_with_deleted(path, &tmp, &res, &buflen); -- if (error) -+ error = path_with_deleted(path, &root, &res, &buflen); -+ if (error < 0) - res = ERR_PTR(error); - write_sequnlock(&rename_lock); - path_put(&root); -@@ -2576,7 +2596,6 @@ char *d_path_with_unreachable(const struct path *path, char *buf, int buflen) - { - char *res = buf + buflen; - struct path root; -- struct path tmp; - int error; - - if (path->dentry->d_op && path->dentry->d_op->d_dname) -@@ -2584,9 +2603,8 @@ char *d_path_with_unreachable(const struct path *path, char *buf, int buflen) - - get_fs_root(current->fs, &root); - write_seqlock(&rename_lock); -- tmp = root; -- error = path_with_deleted(path, &tmp, &res, &buflen); -- if (!error && !path_equal(&tmp, &root)) -+ error = path_with_deleted(path, &root, &res, &buflen); -+ if (error > 0) - error = prepend_unreachable(&res, &buflen); - write_sequnlock(&rename_lock); - path_put(&root); -@@ -2717,19 +2735,18 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) - write_seqlock(&rename_lock); - if (!d_unlinked(pwd.dentry)) { - unsigned long len; -- struct path tmp = root; - char *cwd = page + PAGE_SIZE; - int buflen = PAGE_SIZE; - - prepend(&cwd, &buflen, "\0", 1); -- error = prepend_path(&pwd, &tmp, &cwd, &buflen); -+ error = prepend_path(&pwd, &root, &cwd, &buflen); - write_sequnlock(&rename_lock); - -- if (error) -+ if (error < 0) - goto out; - - /* Unreachable from current root */ -- if (!path_equal(&tmp, &root)) { -+ if (error > 0) { - error = prepend_unreachable(&cwd, &buflen); - if (error) - goto out; -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c -index b644b9c..5dbdb6b 100644 ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -1261,8 +1261,11 @@ static int mpage_da_submit_io(struct mpage_da_data *mpd, - clear_buffer_unwritten(bh); - } - -- /* skip page if block allocation undone */ -- if (buffer_delay(bh) || buffer_unwritten(bh)) -+ /* -+ * skip page if block allocation undone and -+ * block is dirty -+ */ -+ if (ext4_bh_delay_or_unwritten(NULL, bh)) - skip_page = 1; - bh = bh->b_this_page; - block_start += bh->b_size; -@@ -2367,7 +2370,7 @@ static int ext4_da_write_end(struct file *file, - */ - - new_i_size = pos + copied; -- if (new_i_size > EXT4_I(inode)->i_disksize) { -+ if (copied && new_i_size > EXT4_I(inode)->i_disksize) { - if (ext4_da_should_update_i_disksize(page, end)) { - down_write(&EXT4_I(inode)->i_data_sem); - if (new_i_size > EXT4_I(inode)->i_disksize) { -@@ -2630,10 +2633,11 @@ static void ext4_end_io_dio(struct kiocb *iocb, loff_t offset, - iocb->private, io_end->inode->i_ino, iocb, offset, - size); - -+ iocb->private = NULL; -+ - /* if not aio dio with unwritten extents, just free io and return */ - if (!(io_end->flag & EXT4_IO_END_UNWRITTEN)) { - ext4_free_io_end(io_end); -- iocb->private = NULL; - out: - if (is_async) - aio_complete(iocb, ret, 0); -@@ -2656,7 +2660,6 @@ out: - spin_unlock_irqrestore(&ei->i_completed_io_lock, flags); - - /* queue the work to convert unwritten extents to written */ -- iocb->private = NULL; - queue_work(wq, &io_end->work); - - /* XXX: probably should move into the real I/O completion handler */ -diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c -index 92f38ee..78ab854 100644 ---- a/fs/ext4/page-io.c -+++ b/fs/ext4/page-io.c -@@ -401,6 +401,18 @@ int ext4_bio_write_page(struct ext4_io_submit *io, - - block_end = block_start + blocksize; - if (block_start >= len) { -+ /* -+ * Comments copied from block_write_full_page_endio: -+ * -+ * The page straddles i_size. It must be zeroed out on -+ * each and every writepage invocation because it may -+ * be mmapped. "A file is mapped in multiples of the -+ * page size. For a file that is not a multiple of -+ * the page size, the remaining memory is zeroed when -+ * mapped, and writes to that region are not written -+ * out to the file." -+ */ -+ zero_user_segment(page, block_start, block_end); - clear_buffer_dirty(bh); - set_buffer_uptodate(bh); - continue; -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 44d0c8d..065ff37 100644 ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -1140,9 +1140,9 @@ static int ext4_show_options(struct seq_file *seq, struct vfsmount *vfs) - seq_puts(seq, ",block_validity"); - - if (!test_opt(sb, INIT_INODE_TABLE)) -- seq_puts(seq, ",noinit_inode_table"); -+ seq_puts(seq, ",noinit_itable"); - else if (sbi->s_li_wait_mult != EXT4_DEF_LI_WAIT_MULT) -- seq_printf(seq, ",init_inode_table=%u", -+ seq_printf(seq, ",init_itable=%u", - (unsigned) sbi->s_li_wait_mult); - - ext4_show_quota_options(seq, sb); -@@ -1318,8 +1318,7 @@ enum { - Opt_nomblk_io_submit, Opt_block_validity, Opt_noblock_validity, - Opt_inode_readahead_blks, Opt_journal_ioprio, - Opt_dioread_nolock, Opt_dioread_lock, -- Opt_discard, Opt_nodiscard, -- Opt_init_inode_table, Opt_noinit_inode_table, -+ Opt_discard, Opt_nodiscard, Opt_init_itable, Opt_noinit_itable, - }; - - static const match_table_t tokens = { -@@ -1392,9 +1391,9 @@ static const match_table_t tokens = { - {Opt_dioread_lock, "dioread_lock"}, - {Opt_discard, "discard"}, - {Opt_nodiscard, "nodiscard"}, -- {Opt_init_inode_table, "init_itable=%u"}, -- {Opt_init_inode_table, "init_itable"}, -- {Opt_noinit_inode_table, "noinit_itable"}, -+ {Opt_init_itable, "init_itable=%u"}, -+ {Opt_init_itable, "init_itable"}, -+ {Opt_noinit_itable, "noinit_itable"}, - {Opt_err, NULL}, - }; - -@@ -1871,7 +1870,7 @@ set_qf_format: - case Opt_dioread_lock: - clear_opt(sb, DIOREAD_NOLOCK); - break; -- case Opt_init_inode_table: -+ case Opt_init_itable: - set_opt(sb, INIT_INODE_TABLE); - if (args[0].from) { - if (match_int(&args[0], &option)) -@@ -1882,7 +1881,7 @@ set_qf_format: - return 0; - sbi->s_li_wait_mult = option; - break; -- case Opt_noinit_inode_table: -+ case Opt_noinit_itable: - clear_opt(sb, INIT_INODE_TABLE); - break; - default: -diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 5cb8614..2aaf3ea 100644 ---- a/fs/fuse/dev.c -+++ b/fs/fuse/dev.c -@@ -1512,7 +1512,7 @@ static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode, - else if (outarg->offset + num > file_size) - num = file_size - outarg->offset; - -- while (num) { -+ while (num && req->num_pages < FUSE_MAX_PAGES_PER_REQ) { - struct page *page; - unsigned int this_num; - -@@ -1526,6 +1526,7 @@ static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode, - - num -= this_num; - total_len += this_num; -+ index++; - } - req->misc.retrieve_in.offset = outarg->offset; - req->misc.retrieve_in.size = total_len; -diff --git a/fs/fuse/file.c b/fs/fuse/file.c -index 594f07a..19029e9 100644 ---- a/fs/fuse/file.c -+++ b/fs/fuse/file.c -@@ -1556,7 +1556,7 @@ static loff_t fuse_file_llseek(struct file *file, loff_t offset, int origin) - struct inode *inode = file->f_path.dentry->d_inode; - - mutex_lock(&inode->i_mutex); -- if (origin != SEEK_CUR || origin != SEEK_SET) { -+ if (origin != SEEK_CUR && origin != SEEK_SET) { - retval = fuse_update_attributes(inode, NULL, file, NULL); - if (retval) - goto exit; -diff --git a/fs/hfs/btree.c b/fs/hfs/btree.c -index 3ebc437..1cbdeea 100644 ---- a/fs/hfs/btree.c -+++ b/fs/hfs/btree.c -@@ -46,11 +46,26 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - case HFS_EXT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drXTExtRec, mdb->drXTFlSize, - mdb->drXTFlSize, be32_to_cpu(mdb->drXTClpSiz)); -+ if (HFS_I(tree->inode)->alloc_blocks > -+ HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - case HFS_CAT_CNID: - hfs_inode_read_fork(tree->inode, mdb->drCTExtRec, mdb->drCTFlSize, - mdb->drCTFlSize, be32_to_cpu(mdb->drCTClpSiz)); -+ -+ if (!HFS_I(tree->inode)->first_blocks) { -+ printk(KERN_ERR "hfs: invalid btree extent records " -+ "(0 size).\n"); -+ unlock_new_inode(tree->inode); -+ goto free_inode; -+ } -+ - tree->inode->i_mapping->a_ops = &hfs_btree_aops; - break; - default: -@@ -59,11 +74,6 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id, btree_keycmp ke - } - unlock_new_inode(tree->inode); - -- if (!HFS_I(tree->inode)->first_blocks) { -- printk(KERN_ERR "hfs: invalid btree extent records (0 size).\n"); -- goto free_inode; -- } -- - mapping = tree->inode->i_mapping; - page = read_mapping_page(mapping, 0, NULL); - if (IS_ERR(page)) -diff --git a/fs/jbd/journal.c b/fs/jbd/journal.c -index 9fe061f..fea8dd6 100644 ---- a/fs/jbd/journal.c -+++ b/fs/jbd/journal.c -@@ -1135,6 +1135,14 @@ static int journal_get_superblock(journal_t *journal) - goto out; - } - -+ if (be32_to_cpu(sb->s_first) == 0 || -+ be32_to_cpu(sb->s_first) >= journal->j_maxlen) { -+ printk(KERN_WARNING -+ "JBD: Invalid start block of journal: %u\n", -+ be32_to_cpu(sb->s_first)); -+ goto out; -+ } -+ - return 0; - - out: -diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c -index f24df13..d6e93d0 100644 ---- a/fs/jbd2/journal.c -+++ b/fs/jbd2/journal.c -@@ -1251,6 +1251,14 @@ static int journal_get_superblock(journal_t *journal) - goto out; - } - -+ if (be32_to_cpu(sb->s_first) == 0 || -+ be32_to_cpu(sb->s_first) >= journal->j_maxlen) { -+ printk(KERN_WARNING -+ "JBD2: Invalid start block of journal: %u\n", -+ be32_to_cpu(sb->s_first)); -+ goto out; -+ } -+ - return 0; - - out: -diff --git a/fs/namespace.c b/fs/namespace.c -index e5e1c7d..5e7f2e9 100644 ---- a/fs/namespace.c -+++ b/fs/namespace.c -@@ -1048,15 +1048,12 @@ static int show_mountinfo(struct seq_file *m, void *v) - if (err) - goto out; - seq_putc(m, ' '); -- seq_path_root(m, &mnt_path, &root, " \t\n\\"); -- if (root.mnt != p->root.mnt || root.dentry != p->root.dentry) { -- /* -- * Mountpoint is outside root, discard that one. Ugly, -- * but less so than trying to do that in iterator in a -- * race-free way (due to renames). -- */ -- return SEQ_SKIP; -- } -+ -+ /* mountpoints outside of chroot jail will give SEQ_SKIP on this */ -+ err = seq_path_root(m, &mnt_path, &root, " \t\n\\"); -+ if (err) -+ goto out; -+ - seq_puts(m, mnt->mnt_flags & MNT_READONLY ? " ro" : " rw"); - show_mnt_opts(m, mnt); - -@@ -2744,3 +2741,8 @@ void kern_unmount(struct vfsmount *mnt) - } - } - EXPORT_SYMBOL(kern_unmount); -+ -+bool our_mnt(struct vfsmount *mnt) -+{ -+ return check_mnt(mnt); -+} -diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c -index 5861741..80e4645 100644 ---- a/fs/proc/meminfo.c -+++ b/fs/proc/meminfo.c -@@ -131,12 +131,13 @@ static int meminfo_proc_show(struct seq_file *m, void *v) - K(i.freeswap), - K(global_page_state(NR_FILE_DIRTY)), - K(global_page_state(NR_WRITEBACK)), -- K(global_page_state(NR_ANON_PAGES) - #ifdef CONFIG_TRANSPARENT_HUGEPAGE -+ K(global_page_state(NR_ANON_PAGES) - + global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) * -- HPAGE_PMD_NR -+ HPAGE_PMD_NR), -+#else -+ K(global_page_state(NR_ANON_PAGES)), - #endif -- ), - K(global_page_state(NR_FILE_MAPPED)), - K(global_page_state(NR_SHMEM)), - K(global_page_state(NR_SLAB_RECLAIMABLE) + -diff --git a/fs/seq_file.c b/fs/seq_file.c -index 05d6b0e..dba43c3 100644 ---- a/fs/seq_file.c -+++ b/fs/seq_file.c -@@ -449,8 +449,6 @@ EXPORT_SYMBOL(seq_path); - - /* - * Same as seq_path, but relative to supplied root. -- * -- * root may be changed, see __d_path(). - */ - int seq_path_root(struct seq_file *m, struct path *path, struct path *root, - char *esc) -@@ -463,6 +461,8 @@ int seq_path_root(struct seq_file *m, struct path *path, struct path *root, - char *p; - - p = __d_path(path, root, buf, size); -+ if (!p) -+ return SEQ_SKIP; - res = PTR_ERR(p); - if (!IS_ERR(p)) { - char *end = mangle_path(buf, p, esc); -@@ -474,7 +474,7 @@ int seq_path_root(struct seq_file *m, struct path *path, struct path *root, - } - seq_commit(m, res); - -- return res < 0 ? res : 0; -+ return res < 0 && res != -ENAMETOOLONG ? res : 0; - } - - /* -diff --git a/include/drm/drm_pciids.h b/include/drm/drm_pciids.h -index 4e4fbb8..14b6cd0 100644 ---- a/include/drm/drm_pciids.h -+++ b/include/drm/drm_pciids.h -@@ -182,8 +182,11 @@ - {0x1002, 0x6748, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6750, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ -+ {0x1002, 0x6751, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6758, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6759, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ -+ {0x1002, 0x675B, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ -+ {0x1002, 0x675D, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x675F, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6760, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6761, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ -@@ -195,8 +198,10 @@ - {0x1002, 0x6767, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6768, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6770, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ -+ {0x1002, 0x6772, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6778, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6779, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ -+ {0x1002, 0x677B, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CAICOS|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6840, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6841, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x6842, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_TURKS|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ -@@ -246,6 +251,7 @@ - {0x1002, 0x68f2, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CEDAR|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x68f8, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CEDAR|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x68f9, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CEDAR|RADEON_NEW_MEMMAP}, \ -+ {0x1002, 0x68fa, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CEDAR|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x68fe, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_CEDAR|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x7100, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R520|RADEON_NEW_MEMMAP}, \ - {0x1002, 0x7101, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_R520|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP}, \ -@@ -488,6 +494,8 @@ - {0x1002, 0x9647, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP},\ - {0x1002, 0x9648, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP},\ - {0x1002, 0x964a, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ -+ {0x1002, 0x964b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ -+ {0x1002, 0x964c, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ - {0x1002, 0x964e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP},\ - {0x1002, 0x964f, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_SUMO|RADEON_IS_MOBILITY|RADEON_NEW_MEMMAP|RADEON_IS_IGP},\ - {0x1002, 0x9710, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS880|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ -@@ -502,6 +510,8 @@ - {0x1002, 0x9805, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ - {0x1002, 0x9806, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ - {0x1002, 0x9807, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ -+ {0x1002, 0x9808, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ -+ {0x1002, 0x9809, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_PALM|RADEON_NEW_MEMMAP|RADEON_IS_IGP}, \ - {0, 0, 0} - - #define r128_PCI_IDS \ -diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index 62157c0..713c7c6 100644 ---- a/include/linux/dcache.h -+++ b/include/linux/dcache.h -@@ -337,7 +337,8 @@ extern int d_validate(struct dentry *, struct dentry *); - */ - extern char *dynamic_dname(struct dentry *, char *, int, const char *, ...); - --extern char *__d_path(const struct path *path, struct path *root, char *, int); -+extern char *__d_path(const struct path *, const struct path *, char *, int); -+extern char *d_absolute_path(const struct path *, char *, int); - extern char *d_path(const struct path *, char *, int); - extern char *d_path_with_unreachable(const struct path *, char *, int); - extern char *dentry_path_raw(struct dentry *, char *, int); -diff --git a/include/linux/fs.h b/include/linux/fs.h -index 277f497..cf7bc25 100644 ---- a/include/linux/fs.h -+++ b/include/linux/fs.h -@@ -1907,6 +1907,7 @@ extern int fd_statfs(int, struct kstatfs *); - extern int statfs_by_dentry(struct dentry *, struct kstatfs *); - extern int freeze_super(struct super_block *super); - extern int thaw_super(struct super_block *super); -+extern bool our_mnt(struct vfsmount *mnt); - - extern int current_umask(void); - -diff --git a/include/linux/log2.h b/include/linux/log2.h -index 25b8086..fd7ff3d 100644 ---- a/include/linux/log2.h -+++ b/include/linux/log2.h -@@ -185,7 +185,6 @@ unsigned long __rounddown_pow_of_two(unsigned long n) - #define rounddown_pow_of_two(n) \ - ( \ - __builtin_constant_p(n) ? ( \ -- (n == 1) ? 0 : \ - (1UL << ilog2(n))) : \ - __rounddown_pow_of_two(n) \ - ) -diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index 91d67ce..4479606 100644 ---- a/kernel/lockdep.c -+++ b/kernel/lockdep.c -@@ -44,6 +44,7 @@ - #include <linux/stringify.h> - #include <linux/bitops.h> - #include <linux/gfp.h> -+#include <linux/kmemcheck.h> - - #include <asm/sections.h> - -@@ -2874,7 +2875,12 @@ static int mark_lock(struct task_struct *curr, struct held_lock *this, - void lockdep_init_map(struct lockdep_map *lock, const char *name, - struct lock_class_key *key, int subclass) - { -- memset(lock, 0, sizeof(*lock)); -+ int i; -+ -+ kmemcheck_mark_initialized(lock, sizeof(*lock)); -+ -+ for (i = 0; i < NR_LOCKDEP_CACHING_CLASSES; i++) -+ lock->class_cache[i] = NULL; - - #ifdef CONFIG_LOCK_STAT - lock->cpu = raw_smp_processor_id(); -diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index ea5e1a9..8b70c76 100644 ---- a/kernel/time/alarmtimer.c -+++ b/kernel/time/alarmtimer.c -@@ -181,7 +181,7 @@ static enum hrtimer_restart alarmtimer_fired(struct hrtimer *timer) - struct alarm *alarm; - ktime_t expired = next->expires; - -- if (expired.tv64 >= now.tv64) -+ if (expired.tv64 > now.tv64) - break; - - alarm = container_of(next, struct alarm, node); -diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index bb28a5f..73f17c0 100644 ---- a/mm/hugetlb.c -+++ b/mm/hugetlb.c -@@ -576,6 +576,7 @@ static void prep_compound_gigantic_page(struct page *page, unsigned long order) - __SetPageHead(page); - for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) { - __SetPageTail(p); -+ set_page_count(p, 0); - p->first_page = page; - } - } -diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 6e8ecb6..e8fae15 100644 ---- a/mm/page_alloc.c -+++ b/mm/page_alloc.c -@@ -355,8 +355,8 @@ void prep_compound_page(struct page *page, unsigned long order) - __SetPageHead(page); - for (i = 1; i < nr_pages; i++) { - struct page *p = page + i; -- - __SetPageTail(p); -+ set_page_count(p, 0); - p->first_page = page; - } - } -@@ -3370,9 +3370,15 @@ static void setup_zone_migrate_reserve(struct zone *zone) - unsigned long block_migratetype; - int reserve; - -- /* Get the start pfn, end pfn and the number of blocks to reserve */ -+ /* -+ * Get the start pfn, end pfn and the number of blocks to reserve -+ * We have to be careful to be aligned to pageblock_nr_pages to -+ * make sure that we always check pfn_valid for the first page in -+ * the block. -+ */ - start_pfn = zone->zone_start_pfn; - end_pfn = start_pfn + zone->spanned_pages; -+ start_pfn = roundup(start_pfn, pageblock_nr_pages); - reserve = roundup(min_wmark_pages(zone), pageblock_nr_pages) >> - pageblock_order; - -diff --git a/mm/percpu-vm.c b/mm/percpu-vm.c -index ea53496..bfad724 100644 ---- a/mm/percpu-vm.c -+++ b/mm/percpu-vm.c -@@ -143,8 +143,8 @@ static void pcpu_pre_unmap_flush(struct pcpu_chunk *chunk, - int page_start, int page_end) - { - flush_cache_vunmap( -- pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start), -- pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end)); -+ pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start), -+ pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end)); - } - - static void __pcpu_unmap_pages(unsigned long addr, int nr_pages) -@@ -206,8 +206,8 @@ static void pcpu_post_unmap_tlb_flush(struct pcpu_chunk *chunk, - int page_start, int page_end) - { - flush_tlb_kernel_range( -- pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start), -- pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end)); -+ pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start), -+ pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end)); - } - - static int __pcpu_map_pages(unsigned long addr, struct page **pages, -@@ -284,8 +284,8 @@ static void pcpu_post_map_flush(struct pcpu_chunk *chunk, - int page_start, int page_end) - { - flush_cache_vmap( -- pcpu_chunk_addr(chunk, pcpu_first_unit_cpu, page_start), -- pcpu_chunk_addr(chunk, pcpu_last_unit_cpu, page_end)); -+ pcpu_chunk_addr(chunk, pcpu_low_unit_cpu, page_start), -+ pcpu_chunk_addr(chunk, pcpu_high_unit_cpu, page_end)); - } - - /** -diff --git a/mm/percpu.c b/mm/percpu.c -index bf80e55..93b5a7c 100644 ---- a/mm/percpu.c -+++ b/mm/percpu.c -@@ -116,9 +116,9 @@ static int pcpu_atom_size __read_mostly; - static int pcpu_nr_slots __read_mostly; - static size_t pcpu_chunk_struct_size __read_mostly; - --/* cpus with the lowest and highest unit numbers */ --static unsigned int pcpu_first_unit_cpu __read_mostly; --static unsigned int pcpu_last_unit_cpu __read_mostly; -+/* cpus with the lowest and highest unit addresses */ -+static unsigned int pcpu_low_unit_cpu __read_mostly; -+static unsigned int pcpu_high_unit_cpu __read_mostly; - - /* the address of the first chunk which starts with the kernel static area */ - void *pcpu_base_addr __read_mostly; -@@ -984,19 +984,19 @@ phys_addr_t per_cpu_ptr_to_phys(void *addr) - { - void __percpu *base = __addr_to_pcpu_ptr(pcpu_base_addr); - bool in_first_chunk = false; -- unsigned long first_start, first_end; -+ unsigned long first_low, first_high; - unsigned int cpu; - - /* -- * The following test on first_start/end isn't strictly -+ * The following test on unit_low/high isn't strictly - * necessary but will speed up lookups of addresses which - * aren't in the first chunk. - */ -- first_start = pcpu_chunk_addr(pcpu_first_chunk, pcpu_first_unit_cpu, 0); -- first_end = pcpu_chunk_addr(pcpu_first_chunk, pcpu_last_unit_cpu, -- pcpu_unit_pages); -- if ((unsigned long)addr >= first_start && -- (unsigned long)addr < first_end) { -+ first_low = pcpu_chunk_addr(pcpu_first_chunk, pcpu_low_unit_cpu, 0); -+ first_high = pcpu_chunk_addr(pcpu_first_chunk, pcpu_high_unit_cpu, -+ pcpu_unit_pages); -+ if ((unsigned long)addr >= first_low && -+ (unsigned long)addr < first_high) { - for_each_possible_cpu(cpu) { - void *start = per_cpu_ptr(base, cpu); - -@@ -1233,7 +1233,9 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai, - - for (cpu = 0; cpu < nr_cpu_ids; cpu++) - unit_map[cpu] = UINT_MAX; -- pcpu_first_unit_cpu = NR_CPUS; -+ -+ pcpu_low_unit_cpu = NR_CPUS; -+ pcpu_high_unit_cpu = NR_CPUS; - - for (group = 0, unit = 0; group < ai->nr_groups; group++, unit += i) { - const struct pcpu_group_info *gi = &ai->groups[group]; -@@ -1253,9 +1255,13 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai, - unit_map[cpu] = unit + i; - unit_off[cpu] = gi->base_offset + i * ai->unit_size; - -- if (pcpu_first_unit_cpu == NR_CPUS) -- pcpu_first_unit_cpu = cpu; -- pcpu_last_unit_cpu = cpu; -+ /* determine low/high unit_cpu */ -+ if (pcpu_low_unit_cpu == NR_CPUS || -+ unit_off[cpu] < unit_off[pcpu_low_unit_cpu]) -+ pcpu_low_unit_cpu = cpu; -+ if (pcpu_high_unit_cpu == NR_CPUS || -+ unit_off[cpu] > unit_off[pcpu_high_unit_cpu]) -+ pcpu_high_unit_cpu = cpu; - } - } - pcpu_nr_units = unit; -diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 56faf31..3a65d6f7 100644 ---- a/mm/vmalloc.c -+++ b/mm/vmalloc.c -@@ -1634,6 +1634,8 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, - return NULL; - - addr = __vmalloc_area_node(area, gfp_mask, prot, node, caller); -+ if (!addr) -+ return NULL; - - /* - * In this function, newly allocated vm_struct is not added -diff --git a/security/apparmor/path.c b/security/apparmor/path.c -index 36cc0cc..b566eba 100644 ---- a/security/apparmor/path.c -+++ b/security/apparmor/path.c -@@ -57,23 +57,44 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen) - static int d_namespace_path(struct path *path, char *buf, int buflen, - char **name, int flags) - { -- struct path root, tmp; - char *res; -- int connected, error = 0; -+ int error = 0; -+ int connected = 1; -+ -+ if (path->mnt->mnt_flags & MNT_INTERNAL) { -+ /* it's not mounted anywhere */ -+ res = dentry_path(path->dentry, buf, buflen); -+ *name = res; -+ if (IS_ERR(res)) { -+ *name = buf; -+ return PTR_ERR(res); -+ } -+ if (path->dentry->d_sb->s_magic == PROC_SUPER_MAGIC && -+ strncmp(*name, "/sys/", 5) == 0) { -+ /* TODO: convert over to using a per namespace -+ * control instead of hard coded /proc -+ */ -+ return prepend(name, *name - buf, "/proc", 5); -+ } -+ return 0; -+ } - -- /* Get the root we want to resolve too, released below */ -+ /* resolve paths relative to chroot?*/ - if (flags & PATH_CHROOT_REL) { -- /* resolve paths relative to chroot */ -+ struct path root; - get_fs_root(current->fs, &root); -- } else { -- /* resolve paths relative to namespace */ -- root.mnt = current->nsproxy->mnt_ns->root; -- root.dentry = root.mnt->mnt_root; -- path_get(&root); -+ res = __d_path(path, &root, buf, buflen); -+ if (res && !IS_ERR(res)) { -+ /* everything's fine */ -+ *name = res; -+ path_put(&root); -+ goto ok; -+ } -+ path_put(&root); -+ connected = 0; - } - -- tmp = root; -- res = __d_path(path, &tmp, buf, buflen); -+ res = d_absolute_path(path, buf, buflen); - - *name = res; - /* handle error conditions - and still allow a partial path to -@@ -84,7 +105,10 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, - *name = buf; - goto out; - } -+ if (!our_mnt(path->mnt)) -+ connected = 0; - -+ok: - /* Handle two cases: - * 1. A deleted dentry && profile is not allowing mediation of deleted - * 2. On some filesystems, newly allocated dentries appear to the -@@ -97,10 +121,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, - goto out; - } - -- /* Determine if the path is connected to the expected root */ -- connected = tmp.dentry == root.dentry && tmp.mnt == root.mnt; -- -- /* If the path is not connected, -+ /* If the path is not connected to the expected root, - * check if it is a sysctl and handle specially else remove any - * leading / that __d_path may have returned. - * Unless -@@ -112,17 +133,9 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, - * namespace root. - */ - if (!connected) { -- /* is the disconnect path a sysctl? */ -- if (tmp.dentry->d_sb->s_magic == PROC_SUPER_MAGIC && -- strncmp(*name, "/sys/", 5) == 0) { -- /* TODO: convert over to using a per namespace -- * control instead of hard coded /proc -- */ -- error = prepend(name, *name - buf, "/proc", 5); -- } else if (!(flags & PATH_CONNECT_PATH) && -+ if (!(flags & PATH_CONNECT_PATH) && - !(((flags & CHROOT_NSCONNECT) == CHROOT_NSCONNECT) && -- (tmp.mnt == current->nsproxy->mnt_ns->root && -- tmp.dentry == tmp.mnt->mnt_root))) { -+ our_mnt(path->mnt))) { - /* disconnected path, don't return pathname starting - * with '/' - */ -@@ -133,8 +146,6 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, - } - - out: -- path_put(&root); -- - return error; - } - -diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c -index 6c601bd..d46922d 100644 ---- a/security/tomoyo/realpath.c -+++ b/security/tomoyo/realpath.c -@@ -83,9 +83,8 @@ static char *tomoyo_get_absolute_path(struct path *path, char * const buffer, - { - char *pos = ERR_PTR(-ENOMEM); - if (buflen >= 256) { -- struct path ns_root = { }; - /* go to whatever namespace root we are under */ -- pos = __d_path(path, &ns_root, buffer, buflen - 1); -+ pos = d_absolute_path(path, buffer, buflen - 1); - if (!IS_ERR(pos) && *pos == '/' && pos[1]) { - struct inode *inode = path->dentry->d_inode; - if (inode && S_ISDIR(inode->i_mode)) { -@@ -276,8 +275,16 @@ char *tomoyo_realpath_from_path(struct path *path) - pos = tomoyo_get_local_path(path->dentry, buf, - buf_len - 1); - /* Get absolute name for the rest. */ -- else -+ else { - pos = tomoyo_get_absolute_path(path, buf, buf_len - 1); -+ /* -+ * Fall back to local name if absolute name is not -+ * available. -+ */ -+ if (pos == ERR_PTR(-EINVAL)) -+ pos = tomoyo_get_local_path(path->dentry, buf, -+ buf_len - 1); -+ } - encode: - if (IS_ERR(pos)) - continue; -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index c687e14..20d92074 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -280,6 +280,8 @@ static int alc_mux_select(struct hda_codec *codec, unsigned int adc_idx, - imux = &spec->input_mux[mux_idx]; - if (!imux->num_items && mux_idx > 0) - imux = &spec->input_mux[0]; -+ if (!imux->num_items) -+ return 0; - - if (idx >= imux->num_items) - idx = imux->num_items - 1; -diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c -index 4538caa..5261fd8 100644 ---- a/sound/pci/hda/patch_sigmatel.c -+++ b/sound/pci/hda/patch_sigmatel.c -@@ -214,6 +214,7 @@ struct sigmatel_spec { - unsigned int gpio_mute; - unsigned int gpio_led; - unsigned int gpio_led_polarity; -+ unsigned int vref_mute_led_nid; /* pin NID for mute-LED vref control */ - unsigned int vref_led; - - /* stream */ -@@ -4298,12 +4299,10 @@ static void stac_store_hints(struct hda_codec *codec) - spec->eapd_switch = val; - get_int_hint(codec, "gpio_led_polarity", &spec->gpio_led_polarity); - if (get_int_hint(codec, "gpio_led", &spec->gpio_led)) { -- if (spec->gpio_led <= 8) { -- spec->gpio_mask |= spec->gpio_led; -- spec->gpio_dir |= spec->gpio_led; -- if (spec->gpio_led_polarity) -- spec->gpio_data |= spec->gpio_led; -- } -+ spec->gpio_mask |= spec->gpio_led; -+ spec->gpio_dir |= spec->gpio_led; -+ if (spec->gpio_led_polarity) -+ spec->gpio_data |= spec->gpio_led; - } - } - -@@ -4893,8 +4892,14 @@ static int find_mute_led_gpio(struct hda_codec *codec, int default_polarity) - if (sscanf(dev->name, "HP_Mute_LED_%d_%x", - &spec->gpio_led_polarity, - &spec->gpio_led) == 2) { -- if (spec->gpio_led < 4) -+ unsigned int max_gpio; -+ max_gpio = snd_hda_param_read(codec, codec->afg, -+ AC_PAR_GPIO_CAP); -+ max_gpio &= AC_GPIO_IO_COUNT; -+ if (spec->gpio_led < max_gpio) - spec->gpio_led = 1 << spec->gpio_led; -+ else -+ spec->vref_mute_led_nid = spec->gpio_led; - return 1; - } - if (sscanf(dev->name, "HP_Mute_LED_%d", -@@ -5023,15 +5028,12 @@ static int stac92xx_pre_resume(struct hda_codec *codec) - struct sigmatel_spec *spec = codec->spec; - - /* sync mute LED */ -- if (spec->gpio_led) { -- if (spec->gpio_led <= 8) { -- stac_gpio_set(codec, spec->gpio_mask, -- spec->gpio_dir, spec->gpio_data); -- } else { -- stac_vrefout_set(codec, -- spec->gpio_led, spec->vref_led); -- } -- } -+ if (spec->vref_mute_led_nid) -+ stac_vrefout_set(codec, spec->vref_mute_led_nid, -+ spec->vref_led); -+ else if (spec->gpio_led) -+ stac_gpio_set(codec, spec->gpio_mask, -+ spec->gpio_dir, spec->gpio_data); - return 0; - } - -@@ -5042,7 +5044,7 @@ static void stac92xx_set_power_state(struct hda_codec *codec, hda_nid_t fg, - struct sigmatel_spec *spec = codec->spec; - - if (power_state == AC_PWRST_D3) { -- if (spec->gpio_led > 8) { -+ if (spec->vref_mute_led_nid) { - /* with vref-out pin used for mute led control - * codec AFG is prevented from D3 state - */ -@@ -5095,7 +5097,7 @@ static int stac92xx_update_led_status(struct hda_codec *codec) - } - } - /*polarity defines *not* muted state level*/ -- if (spec->gpio_led <= 8) { -+ if (!spec->vref_mute_led_nid) { - if (muted) - spec->gpio_data &= ~spec->gpio_led; /* orange */ - else -@@ -5113,7 +5115,8 @@ static int stac92xx_update_led_status(struct hda_codec *codec) - muted_lvl = spec->gpio_led_polarity ? - AC_PINCTL_VREF_GRD : AC_PINCTL_VREF_HIZ; - spec->vref_led = muted ? muted_lvl : notmtd_lvl; -- stac_vrefout_set(codec, spec->gpio_led, spec->vref_led); -+ stac_vrefout_set(codec, spec->vref_mute_led_nid, -+ spec->vref_led); - } - return 0; - } -@@ -5634,7 +5637,7 @@ again: - - #ifdef CONFIG_SND_HDA_POWER_SAVE - if (spec->gpio_led) { -- if (spec->gpio_led <= 8) { -+ if (!spec->vref_mute_led_nid) { - spec->gpio_mask |= spec->gpio_led; - spec->gpio_dir |= spec->gpio_led; - spec->gpio_data |= spec->gpio_led; -@@ -5955,7 +5958,7 @@ again: - - #ifdef CONFIG_SND_HDA_POWER_SAVE - if (spec->gpio_led) { -- if (spec->gpio_led <= 8) { -+ if (!spec->vref_mute_led_nid) { - spec->gpio_mask |= spec->gpio_led; - spec->gpio_dir |= spec->gpio_led; - spec->gpio_data |= spec->gpio_led; -diff --git a/sound/pci/sis7019.c b/sound/pci/sis7019.c -index bcf6152..fdc78ad 100644 ---- a/sound/pci/sis7019.c -+++ b/sound/pci/sis7019.c -@@ -41,6 +41,7 @@ MODULE_SUPPORTED_DEVICE("{{SiS,SiS7019 Audio Accelerator}}"); - static int index = SNDRV_DEFAULT_IDX1; /* Index 0-MAX */ - static char *id = SNDRV_DEFAULT_STR1; /* ID for this card */ - static int enable = 1; -+static int codecs = 1; - - module_param(index, int, 0444); - MODULE_PARM_DESC(index, "Index value for SiS7019 Audio Accelerator."); -@@ -48,6 +49,8 @@ module_param(id, charp, 0444); - MODULE_PARM_DESC(id, "ID string for SiS7019 Audio Accelerator."); - module_param(enable, bool, 0444); - MODULE_PARM_DESC(enable, "Enable SiS7019 Audio Accelerator."); -+module_param(codecs, int, 0444); -+MODULE_PARM_DESC(codecs, "Set bit to indicate that codec number is expected to be present (default 1)"); - - static DEFINE_PCI_DEVICE_TABLE(snd_sis7019_ids) = { - { PCI_DEVICE(PCI_VENDOR_ID_SI, 0x7019) }, -@@ -140,6 +143,9 @@ struct sis7019 { - dma_addr_t silence_dma_addr; - }; - -+/* These values are also used by the module param 'codecs' to indicate -+ * which codecs should be present. -+ */ - #define SIS_PRIMARY_CODEC_PRESENT 0x0001 - #define SIS_SECONDARY_CODEC_PRESENT 0x0002 - #define SIS_TERTIARY_CODEC_PRESENT 0x0004 -@@ -1078,6 +1084,7 @@ static int sis_chip_init(struct sis7019 *sis) - { - unsigned long io = sis->ioport; - void __iomem *ioaddr = sis->ioaddr; -+ unsigned long timeout; - u16 status; - int count; - int i; -@@ -1104,21 +1111,45 @@ static int sis_chip_init(struct sis7019 *sis) - while ((inw(io + SIS_AC97_STATUS) & SIS_AC97_STATUS_BUSY) && --count) - udelay(1); - -+ /* Command complete, we can let go of the semaphore now. -+ */ -+ outl(SIS_AC97_SEMA_RELEASE, io + SIS_AC97_SEMA); -+ if (!count) -+ return -EIO; -+ - /* Now that we've finished the reset, find out what's attached. -+ * There are some codec/board combinations that take an extremely -+ * long time to come up. 350+ ms has been observed in the field, -+ * so we'll give them up to 500ms. - */ -- status = inl(io + SIS_AC97_STATUS); -- if (status & SIS_AC97_STATUS_CODEC_READY) -- sis->codecs_present |= SIS_PRIMARY_CODEC_PRESENT; -- if (status & SIS_AC97_STATUS_CODEC2_READY) -- sis->codecs_present |= SIS_SECONDARY_CODEC_PRESENT; -- if (status & SIS_AC97_STATUS_CODEC3_READY) -- sis->codecs_present |= SIS_TERTIARY_CODEC_PRESENT; -- -- /* All done, let go of the semaphore, and check for errors -+ sis->codecs_present = 0; -+ timeout = msecs_to_jiffies(500) + jiffies; -+ while (time_before_eq(jiffies, timeout)) { -+ status = inl(io + SIS_AC97_STATUS); -+ if (status & SIS_AC97_STATUS_CODEC_READY) -+ sis->codecs_present |= SIS_PRIMARY_CODEC_PRESENT; -+ if (status & SIS_AC97_STATUS_CODEC2_READY) -+ sis->codecs_present |= SIS_SECONDARY_CODEC_PRESENT; -+ if (status & SIS_AC97_STATUS_CODEC3_READY) -+ sis->codecs_present |= SIS_TERTIARY_CODEC_PRESENT; -+ -+ if (sis->codecs_present == codecs) -+ break; -+ -+ msleep(1); -+ } -+ -+ /* All done, check for errors. - */ -- outl(SIS_AC97_SEMA_RELEASE, io + SIS_AC97_SEMA); -- if (!sis->codecs_present || !count) -+ if (!sis->codecs_present) { -+ printk(KERN_ERR "sis7019: could not find any codecs\n"); - return -EIO; -+ } -+ -+ if (sis->codecs_present != codecs) { -+ printk(KERN_WARNING "sis7019: missing codecs, found %0x, expected %0x\n", -+ sis->codecs_present, codecs); -+ } - - /* Let the hardware know that the audio driver is alive, - * and enable PCM slots on the AC-link for L/R playback (3 & 4) and -@@ -1390,6 +1421,17 @@ static int __devinit snd_sis7019_probe(struct pci_dev *pci, - if (!enable) - goto error_out; - -+ /* The user can specify which codecs should be present so that we -+ * can wait for them to show up if they are slow to recover from -+ * the AC97 cold reset. We default to a single codec, the primary. -+ * -+ * We assume that SIS_PRIMARY_*_PRESENT matches bits 0-2. -+ */ -+ codecs &= SIS_PRIMARY_CODEC_PRESENT | SIS_SECONDARY_CODEC_PRESENT | -+ SIS_TERTIARY_CODEC_PRESENT; -+ if (!codecs) -+ codecs = SIS_PRIMARY_CODEC_PRESENT; -+ - rc = snd_card_create(index, id, THIS_MODULE, sizeof(*sis), &card); - if (rc < 0) - goto error_out; -diff --git a/sound/soc/soc-utils.c b/sound/soc/soc-utils.c -index ec921ec..cd987de 100644 ---- a/sound/soc/soc-utils.c -+++ b/sound/soc/soc-utils.c -@@ -57,7 +57,36 @@ int snd_soc_params_to_bclk(struct snd_pcm_hw_params *params) - } - EXPORT_SYMBOL_GPL(snd_soc_params_to_bclk); - --static struct snd_soc_platform_driver dummy_platform; -+static const struct snd_pcm_hardware dummy_dma_hardware = { -+ .formats = 0xffffffff, -+ .channels_min = 1, -+ .channels_max = UINT_MAX, -+ -+ /* Random values to keep userspace happy when checking constraints */ -+ .info = SNDRV_PCM_INFO_INTERLEAVED | -+ SNDRV_PCM_INFO_BLOCK_TRANSFER, -+ .buffer_bytes_max = 128*1024, -+ .period_bytes_min = PAGE_SIZE, -+ .period_bytes_max = PAGE_SIZE*2, -+ .periods_min = 2, -+ .periods_max = 128, -+}; -+ -+static int dummy_dma_open(struct snd_pcm_substream *substream) -+{ -+ snd_soc_set_runtime_hwparams(substream, &dummy_dma_hardware); -+ -+ return 0; -+} -+ -+static struct snd_pcm_ops dummy_dma_ops = { -+ .open = dummy_dma_open, -+ .ioctl = snd_pcm_lib_ioctl, -+}; -+ -+static struct snd_soc_platform_driver dummy_platform = { -+ .ops = &dummy_dma_ops, -+}; - - static __devinit int snd_soc_dummy_probe(struct platform_device *pdev) - { diff --git a/3.1.6/0000_README b/3.1.7/0000_README index e8dbb91..5d1f62f 100644 --- a/3.1.6/0000_README +++ b/3.1.7/0000_README @@ -3,11 +3,11 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1005_linux-3.1.6.patch +Patch: 1006_linux-3.1.7.patch From: http://www.kernel.org -Desc: Linux 3.1.6 +Desc: Linux 3.1.7 -Patch: 4420_grsecurity-2.2.2-3.1.6-201112222105.patch +Patch: 4420_grsecurity-2.2.2-3.1.7-201201032037.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.1.7/1006_linux-3.1.7.patch b/3.1.7/1006_linux-3.1.7.patch new file mode 100644 index 0000000..78c12cd --- /dev/null +++ b/3.1.7/1006_linux-3.1.7.patch @@ -0,0 +1,12 @@ +diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c +index 13dfaab..e4c699d 100644 +--- a/kernel/time/clockevents.c ++++ b/kernel/time/clockevents.c +@@ -286,7 +286,6 @@ void clockevents_exchange_device(struct clock_event_device *old, + * released list and do a notify add later. + */ + if (old) { +- old->event_handler = clockevents_handle_noop; + clockevents_set_mode(old, CLOCK_EVT_MODE_UNUSED); + list_del(&old->list); + list_add(&old->list, &clockevents_released); diff --git a/3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch b/3.1.7/4420_grsecurity-2.2.2-3.1.7-201201032037.patch index 5c91c1a..ed41cd3 100644 --- a/3.1.6/4420_grsecurity-2.2.2-3.1.6-201112222105.patch +++ b/3.1.7/4420_grsecurity-2.2.2-3.1.7-201201032037.patch @@ -186,7 +186,7 @@ index d6e6724..a024ce8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 2d6e0a8..d1d2564 100644 +index 96c48df..f811964 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -29074,6 +29074,30 @@ index e92298a..f68f2d6 100644 ret = 0; for (;;) { +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +index dfe32e6..dd18a00 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +@@ -843,7 +843,6 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, + struct vmw_framebuffer *vfb = NULL; + struct vmw_surface *surface = NULL; + struct vmw_dma_buffer *bo = NULL; +- u64 required_size; + int ret; + + /** +@@ -852,8 +851,9 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, + * requested framebuffer. + */ + +- required_size = mode_cmd->pitch * mode_cmd->height; +- if (unlikely(required_size > (u64) dev_priv->vram_size)) { ++ if (!vmw_kms_validate_mode_vram(dev_priv, ++ mode_cmd->pitch, ++ mode_cmd->height)) { + DRM_ERROR("VRAM size is too small for requested mode.\n"); + return NULL; + } diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c index c72f1c0..18376f1 100644 --- a/drivers/gpu/vga/vgaarb.c @@ -29941,6 +29965,30 @@ index fc0f2bd..ac2f8a5 100644 } static const struct sysfs_ops cm_counter_ops = { +diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c +index ca4c5dc..572d1ae 100644 +--- a/drivers/infiniband/core/cma.c ++++ b/drivers/infiniband/core/cma.c +@@ -2492,6 +2492,9 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv, + + req.private_data_len = sizeof(struct cma_hdr) + + conn_param->private_data_len; ++ if (req.private_data_len < conn_param->private_data_len) ++ return -EINVAL; ++ + req.private_data = kzalloc(req.private_data_len, GFP_ATOMIC); + if (!req.private_data) + return -ENOMEM; +@@ -2541,6 +2544,9 @@ static int cma_connect_ib(struct rdma_id_private *id_priv, + memset(&req, 0, sizeof req); + offset = cma_user_data_offset(id_priv->id.ps); + req.private_data_len = offset + conn_param->private_data_len; ++ if (req.private_data_len < conn_param->private_data_len) ++ return -EINVAL; ++ + private_data = kzalloc(req.private_data_len, GFP_ATOMIC); + if (!private_data) + return -ENOMEM; diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c index 4507043..14ad522 100644 --- a/drivers/infiniband/core/fmr_pool.c @@ -30565,6 +30613,21 @@ index d728875..844c89b 100644 snprintf(led->name, sizeof(led->name), "xpad%ld", led_no); led->xpad = xpad; +diff --git a/drivers/input/misc/cma3000_d0x.c b/drivers/input/misc/cma3000_d0x.c +index 1633b63..09f8f20 100644 +--- a/drivers/input/misc/cma3000_d0x.c ++++ b/drivers/input/misc/cma3000_d0x.c +@@ -114,8 +114,8 @@ static void decode_mg(struct cma3000_accl_data *data, int *datax, + static irqreturn_t cma3000_thread_irq(int irq, void *dev_id) + { + struct cma3000_accl_data *data = dev_id; +- int datax, datay, dataz; +- u8 ctrl, mode, range, intr_status; ++ int datax, datay, dataz, intr_status; ++ u8 ctrl, mode, range; + + intr_status = CMA3000_READ(data, CMA3000_INTSTATUS, "interrupt status"); + if (intr_status < 0) diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c index 0110b5a..d3ad144 100644 --- a/drivers/input/mousedev.c @@ -47191,6 +47254,20 @@ index acf88ae..4fd6245 100644 set_fs(oldfs); if (host_err < 0) +diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c +index 41d6743..b805df9 100644 +--- a/fs/nilfs2/ioctl.c ++++ b/fs/nilfs2/ioctl.c +@@ -625,6 +625,9 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp, + if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment) + goto out_free; + ++ if (argv[n].v_nmembs >= UINT_MAX / argv[n].v_size) ++ goto out_free; ++ + len = argv[n].v_size * argv[n].v_nmembs; + base = (void __user *)(unsigned long)argv[n].v_base; + if (len == 0) { diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index 9fde1c0..14e8827 100644 --- a/fs/notify/fanotify/fanotify_user.c @@ -63919,6 +63996,28 @@ index 6a72a58..e6a127d 100644 #define SCTP_ENABLE_DEBUG #define SCTP_DISABLE_DEBUG #define SCTP_ASSERT(expr, str, func) +diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h +index f7d9c3f..ec86952 100644 +--- a/include/net/sctp/structs.h ++++ b/include/net/sctp/structs.h +@@ -241,6 +241,9 @@ extern struct sctp_globals { + * bits is an indicator of when to send and window update SACK. + */ + int rwnd_update_shift; ++ ++ /* Threshold for autoclose timeout, in seconds. */ ++ unsigned long max_autoclose; + } sctp_globals; + + #define sctp_rto_initial (sctp_globals.rto_initial) +@@ -281,6 +284,7 @@ extern struct sctp_globals { + #define sctp_auth_enable (sctp_globals.auth_enable) + #define sctp_checksum_disable (sctp_globals.checksum_disable) + #define sctp_rwnd_upd_shift (sctp_globals.rwnd_update_shift) ++#define sctp_max_autoclose (sctp_globals.max_autoclose) + + /* SCTP Socket type: UDP or TCP style. */ + typedef enum { diff --git a/include/net/sock.h b/include/net/sock.h index 8e4062f..77b041e 100644 --- a/include/net/sock.h @@ -68977,7 +69076,7 @@ index 11d65b5..6957b37 100644 EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax); EXPORT_SYMBOL(register_sysctl_table); diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c -index e8bffbe..2344401 100644 +index e8bffbe..82bf0a4 100644 --- a/kernel/sysctl_binary.c +++ b/kernel/sysctl_binary.c @@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file, @@ -69043,6 +69142,15 @@ index e8bffbe..2344401 100644 set_fs(old_fs); if (result < 0) goto out; +@@ -1354,7 +1354,7 @@ static ssize_t binary_sysctl(const int *name, int nlen, + + fput(file); + out_putname: +- putname(pathname); ++ __putname(pathname); + out: + return result; + } diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c index 362da65..ab8ef8c 100644 --- a/kernel/sysctl_check.c @@ -70844,10 +70952,14 @@ index b2b8731..6080174 100644 * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 9c51f9f..a9416cf 100644 +index 9c51f9f..f2b1c49 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -639,6 +639,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -636,20 +636,33 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, + struct vm_area_struct *prev; + struct vm_area_struct *vma; + int err = 0; ++ pgoff_t pgoff; unsigned long vmstart; unsigned long vmend; @@ -70858,7 +70970,27 @@ index 9c51f9f..a9416cf 100644 vma = find_vma_prev(mm, start, &prev); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -669,6 +673,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, + ++ if (start > vma->vm_start) ++ prev = vma; ++ + for (; vma && vma->vm_start < end; prev = vma, vma = next) { + next = vma->vm_next; + vmstart = max(start, vma->vm_start); + vmend = min(end, vma->vm_end); + ++ if (mpol_equal(vma_policy(vma), new_pol)) ++ continue; ++ ++ pgoff = vma->vm_pgoff + ++ ((vmstart - vma->vm_start) >> PAGE_SHIFT); + prev = vma_merge(mm, prev, vmstart, vmend, vma->vm_flags, +- vma->anon_vma, vma->vm_file, vma->vm_pgoff, ++ vma->anon_vma, vma->vm_file, pgoff, + new_pol); + if (prev) { + vma = prev; +@@ -669,6 +682,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, err = policy_vma(vma, new_pol); if (err) goto out; @@ -70875,7 +71007,7 @@ index 9c51f9f..a9416cf 100644 } out: -@@ -1102,6 +1116,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1102,6 +1125,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -70893,7 +71025,7 @@ index 9c51f9f..a9416cf 100644 if (end == start) return 0; -@@ -1320,6 +1345,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1320,6 +1354,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, if (!mm) goto out; @@ -70908,7 +71040,7 @@ index 9c51f9f..a9416cf 100644 /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1329,8 +1362,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1329,8 +1371,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, rcu_read_lock(); tcred = __task_cred(task); if (cred->euid != tcred->suid && cred->euid != tcred->uid && @@ -73836,7 +73968,7 @@ index 88ea1bd..0f1dfdb 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 3a65d6f7..862c072 100644 +index 3a65d6f7..39d5e33 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -73942,7 +74074,12 @@ index 3a65d6f7..862c072 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -1294,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1290,10 +1330,20 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, + unsigned long align, unsigned long flags, unsigned long start, + unsigned long end, int node, gfp_t gfp_mask, void *caller) + { +- static struct vmap_area *va; ++ struct vmap_area *va; struct vm_struct *area; BUG_ON(in_interrupt()); @@ -74896,6 +75033,28 @@ index c40f27e..7f49254 100644 return -EFAULT; m->msg_iov = iov; +diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c +index 1683e5d..f3621f6 100644 +--- a/net/core/net-sysfs.c ++++ b/net/core/net-sysfs.c +@@ -664,11 +664,14 @@ static ssize_t store_rps_dev_flow_table_cnt(struct netdev_rx_queue *queue, + if (count) { + int i; + +- if (count > 1<<30) { +- /* Enforce a limit to prevent overflow */ ++ if (count > INT_MAX) + return -EINVAL; +- } + count = roundup_pow_of_two(count); ++ if (count > (ULONG_MAX - sizeof(struct rps_dev_flow_table)) ++ / sizeof(struct rps_dev_flow)) { ++ /* Enforce a limit to prevent overflow */ ++ return -EINVAL; ++ } + table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count)); + if (!table) + return -ENOMEM; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 99d9e95..209bae2 100644 --- a/net/core/rtnetlink.c @@ -76710,6 +76869,28 @@ index ee319a4..8a285ee 100644 goto out; } +diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c +index 7dec88a..0996ce3 100644 +--- a/net/netfilter/nf_conntrack_netlink.c ++++ b/net/netfilter/nf_conntrack_netlink.c +@@ -135,7 +135,7 @@ nla_put_failure: + static inline int + ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct) + { +- long timeout = (ct->timeout.expires - jiffies) / HZ; ++ long timeout = ((long)ct->timeout.expires - (long)jiffies) / HZ; + + if (timeout < 0) + timeout = 0; +@@ -1638,7 +1638,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, + const struct nf_conntrack_expect *exp) + { + struct nf_conn *master = exp->master; +- long timeout = (exp->timeout.expires - jiffies) / HZ; ++ long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ; + struct nf_conn_help *help; + + if (timeout < 0) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 2d8158a..5dca296 100644 --- a/net/netfilter/nfnetlink_log.c @@ -76866,7 +77047,7 @@ index 732152f..60bb09e 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index fabb4fa..e146b73 100644 +index fabb4fa..37aaea0 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -954,7 +954,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, @@ -76887,7 +77068,21 @@ index fabb4fa..e146b73 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -2479,7 +2479,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -1691,8 +1691,12 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 protoc + { + struct packet_sock *po = pkt_sk(sk); + +- if (po->fanout) ++ if (po->fanout) { ++ if (dev) ++ dev_put(dev); ++ + return -EINVAL; ++ } + + lock_sock(sk); + +@@ -2479,7 +2483,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -76896,7 +77091,7 @@ index fabb4fa..e146b73 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -2526,7 +2526,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -2526,7 +2530,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, if (put_user(len, optlen)) return -EFAULT; @@ -77431,6 +77626,19 @@ index 7635107..5000b71 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sctp/associola.c b/net/sctp/associola.c +index dc16b90..4981482 100644 +--- a/net/sctp/associola.c ++++ b/net/sctp/associola.c +@@ -173,7 +173,7 @@ static struct sctp_association *sctp_association_init(struct sctp_association *a + asoc->timeouts[SCTP_EVENT_TIMEOUT_HEARTBEAT] = 0; + asoc->timeouts[SCTP_EVENT_TIMEOUT_SACK] = asoc->sackdelay; + asoc->timeouts[SCTP_EVENT_TIMEOUT_AUTOCLOSE] = +- (unsigned long)sp->autoclose * HZ; ++ min_t(unsigned long, sp->autoclose, sctp_max_autoclose) * HZ; + + /* Initializes the timers */ + for (i = SCTP_EVENT_TIMEOUT_NONE; i < SCTP_NUM_TIMEOUT_TYPES; ++i) diff --git a/net/sctp/auth.c b/net/sctp/auth.c index 865e68f..bf81204 100644 --- a/net/sctp/auth.c @@ -77458,11 +77666,34 @@ index 05a6ce2..c8bf836 100644 assoc->state, hash, assoc->assoc_id, assoc->sndbuf_used, +diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c +index 91784f4..48cb7b9 100644 +--- a/net/sctp/protocol.c ++++ b/net/sctp/protocol.c +@@ -1285,6 +1285,9 @@ SCTP_STATIC __init int sctp_init(void) + sctp_max_instreams = SCTP_DEFAULT_INSTREAMS; + sctp_max_outstreams = SCTP_DEFAULT_OUTSTREAMS; + ++ /* Initialize maximum autoclose timeout. */ ++ sctp_max_autoclose = INT_MAX / HZ; ++ + /* Initialize handle used for association ids. */ + idr_init(&sctp_assocs_id); + diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 836aa63..d779d7b 100644 +index 836aa63..e44d3fb 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -4575,7 +4575,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -2199,8 +2199,6 @@ static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval, + return -EINVAL; + if (copy_from_user(&sp->autoclose, optval, optlen)) + return -EFAULT; +- /* make sure it won't exceed MAX_SCHEDULE_TIMEOUT */ +- sp->autoclose = min_t(long, sp->autoclose, MAX_SCHEDULE_TIMEOUT / HZ); + + return 0; + } +@@ -4575,7 +4573,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -77471,6 +77702,37 @@ index 836aa63..d779d7b 100644 return -EFAULT; to += addrlen; cnt++; +diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c +index 6b39529..60ffbd0 100644 +--- a/net/sctp/sysctl.c ++++ b/net/sctp/sysctl.c +@@ -53,6 +53,10 @@ static int sack_timer_min = 1; + static int sack_timer_max = 500; + static int addr_scope_max = 3; /* check sctp_scope_policy_t in include/net/sctp/constants.h for max entries */ + static int rwnd_scale_max = 16; ++static unsigned long max_autoclose_min = 0; ++static unsigned long max_autoclose_max = ++ (MAX_SCHEDULE_TIMEOUT / HZ > UINT_MAX) ++ ? UINT_MAX : MAX_SCHEDULE_TIMEOUT / HZ; + + extern long sysctl_sctp_mem[3]; + extern int sysctl_sctp_rmem[3]; +@@ -258,6 +262,15 @@ static ctl_table sctp_table[] = { + .extra1 = &one, + .extra2 = &rwnd_scale_max, + }, ++ { ++ .procname = "max_autoclose", ++ .data = &sctp_max_autoclose, ++ .maxlen = sizeof(unsigned long), ++ .mode = 0644, ++ .proc_handler = &proc_doulongvec_minmax, ++ .extra1 = &max_autoclose_min, ++ .extra2 = &max_autoclose_max, ++ }, + + { /* sentinel */ } + }; diff --git a/net/socket.c b/net/socket.c index ffe92ca..8057b85 100644 --- a/net/socket.c diff --git a/3.1.6/4421_grsec-remove-localversion-grsec.patch b/3.1.7/4421_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.1.6/4421_grsec-remove-localversion-grsec.patch +++ b/3.1.7/4421_grsec-remove-localversion-grsec.patch diff --git a/3.1.6/4422_grsec-mute-warnings.patch b/3.1.7/4422_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.1.6/4422_grsec-mute-warnings.patch +++ b/3.1.7/4422_grsec-mute-warnings.patch diff --git a/3.1.6/4423_grsec-remove-protected-paths.patch b/3.1.7/4423_grsec-remove-protected-paths.patch index 4afb3e2..4afb3e2 100644 --- a/3.1.6/4423_grsec-remove-protected-paths.patch +++ b/3.1.7/4423_grsec-remove-protected-paths.patch diff --git a/3.1.6/4425_grsec-pax-without-grsec.patch b/3.1.7/4425_grsec-pax-without-grsec.patch index 97e8837..97e8837 100644 --- a/3.1.6/4425_grsec-pax-without-grsec.patch +++ b/3.1.7/4425_grsec-pax-without-grsec.patch diff --git a/3.1.6/4430_grsec-kconfig-default-gids.patch b/3.1.7/4430_grsec-kconfig-default-gids.patch index 243fbd5..243fbd5 100644 --- a/3.1.6/4430_grsec-kconfig-default-gids.patch +++ b/3.1.7/4430_grsec-kconfig-default-gids.patch diff --git a/3.1.6/4435_grsec-kconfig-gentoo.patch b/3.1.7/4435_grsec-kconfig-gentoo.patch index 90b1ec9..ed58187 100644 --- a/3.1.6/4435_grsec-kconfig-gentoo.patch +++ b/3.1.7/4435_grsec-kconfig-gentoo.patch @@ -27,7 +27,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_LOW bool "Low" -@@ -191,6 +191,261 @@ +@@ -191,6 +191,259 @@ - Restricted sysfs/debugfs - Active kernel exploit response @@ -138,7 +138,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select GRKERNSEC_CHROOT_CAPS + select GRKERNSEC_CHROOT_SYSCTL + select GRKERNSEC_CHROOT_FINDTASK -+ select GRKERNSEC_SYSFS_RESTRICT + select GRKERNSEC_PROC + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) + select GRKERNSEC_HIDESYM @@ -223,7 +222,6 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig + select GRKERNSEC_CHROOT_CAPS + select GRKERNSEC_CHROOT_SYSCTL + select GRKERNSEC_CHROOT_FINDTASK -+ select GRKERNSEC_SYSFS_RESTRICT + select GRKERNSEC_PROC + select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR) + select GRKERNSEC_HIDESYM diff --git a/3.1.6/4437-grsec-kconfig-proc-user.patch b/3.1.7/4437-grsec-kconfig-proc-user.patch index 4e5acda..54b2678 100644 --- a/3.1.6/4437-grsec-kconfig-proc-user.patch +++ b/3.1.7/4437-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-hardened-r4/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -669,7 +669,7 @@ +@@ -667,7 +667,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur linux-2.6.39-hardened-r4.orig//grsecurity/Kconfig linux-2.6.39-harden help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -677,7 +677,7 @@ +@@ -675,7 +675,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.7/4440_selinux-avc_audit-log-curr_ip.patch index b7bcddb..9c38cfc 100644 --- a/3.1.6/4440_selinux-avc_audit-log-curr_ip.patch +++ b/3.1.7/4440_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig linux-2.6.38-hardened-r1/grsecurity/Kconfig --- linux-2.6.38-hardened-r1.orig/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ linux-2.6.38-hardened-r1/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1281,6 +1281,27 @@ +@@ -1279,6 +1279,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.1.6/4445_disable-compat_vdso.patch b/3.1.7/4445_disable-compat_vdso.patch index 737dcca..737dcca 100644 --- a/3.1.6/4445_disable-compat_vdso.patch +++ b/3.1.7/4445_disable-compat_vdso.patch |