Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:experimental commit in: 2.6.37/, 2.6.32/
Date: Sun, 13 Feb 2011 16:43:21
Message-Id: 3654e93df322afa3fdc41646d253584ba0207241.blueness@gentoo
1 commit: 3654e93df322afa3fdc41646d253584ba0207241
2 Author: Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu>
3 AuthorDate: Sun Feb 13 16:41:40 2011 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 13 16:41:40 2011 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=3654e93d
7
8 Update Grsec/PaX
9 2.2.1-2.6.32.28-201102121148
10 2.2.1-2.6.37-201102121148.patch
11
12 ---
13 2.6.32/0000_README | 2 +-
14 ..._grsecurity-2.2.1-2.6.32.28-201102121148.patch} | 990 ++++++++++++++-----
15 2.6.32/4440_selinux-avc_audit-log-curr_ip.patch | 2 +-
16 2.6.37/0000_README | 2 +-
17 ...420_grsecurity-2.2.1-2.6.37-201102121148.patch} | 1041 ++++++++++++++------
18 2.6.37/4440_selinux-avc_audit-log-curr_ip.patch | 2 +-
19 6 files changed, 1503 insertions(+), 536 deletions(-)
20
21 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
22 index ebbdde9..c1feb8d 100644
23 --- a/2.6.32/0000_README
24 +++ b/2.6.32/0000_README
25 @@ -3,7 +3,7 @@ README
26
27 Individual Patch Descriptions:
28 -----------------------------------------------------------------------------
29 -Patch: 4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch
30 +Patch: 4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch
31 From: http://www.grsecurity.net
32 Desc: hardened-sources base patch from upstream grsecurity
33
34
35 diff --git a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch
36 similarity index 98%
37 rename from 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch
38 rename to 2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch
39 index ead21d1..b1b6990 100644
40 --- a/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201101170305.patch
41 +++ b/2.6.32/4420_grsecurity-2.2.1-2.6.32.28-201102121148.patch
42 @@ -7603,7 +7603,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/elf.h linux-2.6.32.28/arch/x86/i
43 #endif /* _ASM_X86_ELF_H */
44 diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86/include/asm/futex.h
45 --- linux-2.6.32.28/arch/x86/include/asm/futex.h 2010-08-13 16:24:37.000000000 -0400
46 -+++ linux-2.6.32.28/arch/x86/include/asm/futex.h 2010-12-31 14:47:00.000000000 -0500
47 ++++ linux-2.6.32.28/arch/x86/include/asm/futex.h 2011-01-25 20:24:47.000000000 -0500
48 @@ -12,16 +12,18 @@
49 #include <asm/system.h>
50
51 @@ -7616,7 +7616,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86
52 "\t.previous\n" \
53 _ASM_EXTABLE(1b, 3b) \
54 - : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
55 -+ : "=r" (oldval), "=r" (ret), "+m" (*____m(uaddr))\
56 ++ : "=r" (oldval), "=r" (ret), "+m" (*(u32 *)____m(uaddr))\
57 : "i" (-EFAULT), "0" (oparg), "1" (0))
58
59 #define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
60 @@ -7629,7 +7629,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86
61 _ASM_EXTABLE(2b, 4b) \
62 : "=&a" (oldval), "=&r" (ret), \
63 - "+m" (*uaddr), "=&r" (tem) \
64 -+ "+m" (*(____m(uaddr))), "=&r" (tem) \
65 ++ "+m" (*(u32 *)____m(uaddr)), "=&r" (tem) \
66 : "r" (oparg), "i" (-EFAULT), "1" (0))
67
68 -static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
69 @@ -7675,7 +7675,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/futex.h linux-2.6.32.28/arch/x86
70 "\t.previous\n"
71 _ASM_EXTABLE(1b, 3b)
72 - : "=a" (oldval), "+m" (*uaddr)
73 -+ : "=a" (oldval), "+m" (*____m(uaddr))
74 ++ : "=a" (oldval), "+m" (*(u32 *)____m(uaddr))
75 : "i" (-EFAULT), "r" (newval), "0" (oldval)
76 : "memory"
77 );
78 @@ -7722,9 +7722,38 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/i387.h linux-2.6.32.28/arch/x86/
79
80 /*
81 * These must be called with preempt disabled
82 +diff -urNp linux-2.6.32.28/arch/x86/include/asm/io_32.h linux-2.6.32.28/arch/x86/include/asm/io_32.h
83 +--- linux-2.6.32.28/arch/x86/include/asm/io_32.h 2010-08-13 16:24:37.000000000 -0400
84 ++++ linux-2.6.32.28/arch/x86/include/asm/io_32.h 2011-01-27 22:39:52.000000000 -0500
85 +@@ -3,6 +3,7 @@
86 +
87 + #include <linux/string.h>
88 + #include <linux/compiler.h>
89 ++#include <asm/processor.h>
90 +
91 + /*
92 + * This file contains the definitions for the x86 IO instructions
93 +@@ -42,6 +43,17 @@
94 +
95 + #ifdef __KERNEL__
96 +
97 ++#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
98 ++static inline int valid_phys_addr_range(unsigned long addr, size_t count)
99 ++{
100 ++ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
101 ++}
102 ++
103 ++static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
104 ++{
105 ++ return (pfn + (count >> PAGE_SHIFT)) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
106 ++}
107 ++
108 + #include <asm-generic/iomap.h>
109 +
110 + #include <linux/vmalloc.h>
111 diff -urNp linux-2.6.32.28/arch/x86/include/asm/io_64.h linux-2.6.32.28/arch/x86/include/asm/io_64.h
112 --- linux-2.6.32.28/arch/x86/include/asm/io_64.h 2010-08-13 16:24:37.000000000 -0400
113 -+++ linux-2.6.32.28/arch/x86/include/asm/io_64.h 2010-12-31 14:46:53.000000000 -0500
114 ++++ linux-2.6.32.28/arch/x86/include/asm/io_64.h 2011-01-27 22:39:52.000000000 -0500
115 @@ -140,6 +140,17 @@ __OUTS(l)
116
117 #include <linux/vmalloc.h>
118 @@ -7732,12 +7761,12 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/io_64.h linux-2.6.32.28/arch/x86
119 +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
120 +static inline int valid_phys_addr_range(unsigned long addr, size_t count)
121 +{
122 -+ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
123 ++ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
124 +}
125 +
126 +static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
127 +{
128 -+ return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
129 ++ return (pfn + (count >> PAGE_SHIFT)) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
130 +}
131 +
132 #include <asm-generic/iomap.h>
133 @@ -8014,7 +8043,7 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/mman.h linux-2.6.32.28/arch/x86/
134 #endif /* _ASM_X86_MMAN_H */
135 diff -urNp linux-2.6.32.28/arch/x86/include/asm/mmu_context.h linux-2.6.32.28/arch/x86/include/asm/mmu_context.h
136 --- linux-2.6.32.28/arch/x86/include/asm/mmu_context.h 2010-08-13 16:24:37.000000000 -0400
137 -+++ linux-2.6.32.28/arch/x86/include/asm/mmu_context.h 2010-12-31 14:46:53.000000000 -0500
138 ++++ linux-2.6.32.28/arch/x86/include/asm/mmu_context.h 2011-02-12 11:05:01.000000000 -0500
139 @@ -24,6 +24,21 @@ void destroy_context(struct mm_struct *m
140
141 static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
142 @@ -8046,8 +8075,8 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/mmu_context.h linux-2.6.32.28/ar
143 +#endif
144
145 if (likely(prev != next)) {
146 - /* stop flush ipis for the previous mm */
147 - cpumask_clear_cpu(cpu, mm_cpumask(prev));
148 +- /* stop flush ipis for the previous mm */
149 +- cpumask_clear_cpu(cpu, mm_cpumask(prev));
150 #ifdef CONFIG_SMP
151 +#ifdef CONFIG_X86_32
152 + tlbstate = percpu_read(cpu_tlbstate.state);
153 @@ -8067,6 +8096,8 @@ diff -urNp linux-2.6.32.28/arch/x86/include/asm/mmu_context.h linux-2.6.32.28/ar
154 +#else
155 load_cr3(next->pgd);
156 +#endif
157 ++ /* stop flush ipis for the previous mm */
158 ++ cpumask_clear_cpu(cpu, mm_cpumask(prev));
159
160 /*
161 * load the LDT, if the LDT is different:
162 @@ -10724,8 +10755,16 @@ diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce_amd.c linux-2.6.32.28/
163 };
164 diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c
165 --- linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c 2010-08-13 16:24:37.000000000 -0400
166 -+++ linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c 2010-12-31 14:46:53.000000000 -0500
167 -@@ -187,7 +187,7 @@ static void print_mce(struct mce *m)
168 ++++ linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c 2011-01-25 20:24:47.000000000 -0500
169 +@@ -43,6 +43,7 @@
170 + #include <asm/ipi.h>
171 + #include <asm/mce.h>
172 + #include <asm/msr.h>
173 ++#include <asm/local.h>
174 +
175 + #include "mce-internal.h"
176 +
177 +@@ -187,7 +188,7 @@ static void print_mce(struct mce *m)
178 !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
179 m->cs, m->ip);
180
181 @@ -10734,12 +10773,12 @@ diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.28/arch
182 print_symbol("{%s}", m->ip);
183 pr_cont("\n");
184 }
185 -@@ -1429,14 +1429,14 @@ void __cpuinit mcheck_init(struct cpuinf
186 +@@ -1429,14 +1430,14 @@ void __cpuinit mcheck_init(struct cpuinf
187 */
188
189 static DEFINE_SPINLOCK(mce_state_lock);
190 -static int open_count; /* #times opened */
191 -+static atomic_t open_count; /* #times opened */
192 ++static local_t open_count; /* #times opened */
193 static int open_exclu; /* already open exclusive? */
194
195 static int mce_open(struct inode *inode, struct file *file)
196 @@ -10747,29 +10786,29 @@ diff -urNp linux-2.6.32.28/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.32.28/arch
197 spin_lock(&mce_state_lock);
198
199 - if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
200 -+ if (open_exclu || (atomic_read(&open_count) && (file->f_flags & O_EXCL))) {
201 ++ if (open_exclu || (local_read(&open_count) && (file->f_flags & O_EXCL))) {
202 spin_unlock(&mce_state_lock);
203
204 return -EBUSY;
205 -@@ -1444,7 +1444,7 @@ static int mce_open(struct inode *inode,
206 +@@ -1444,7 +1445,7 @@ static int mce_open(struct inode *inode,
207
208 if (file->f_flags & O_EXCL)
209 open_exclu = 1;
210 - open_count++;
211 -+ atomic_inc(&open_count);
212 ++ local_inc(&open_count);
213
214 spin_unlock(&mce_state_lock);
215
216 -@@ -1455,7 +1455,7 @@ static int mce_release(struct inode *ino
217 +@@ -1455,7 +1456,7 @@ static int mce_release(struct inode *ino
218 {
219 spin_lock(&mce_state_lock);
220
221 - open_count--;
222 -+ atomic_dec(&open_count);
223 ++ local_dec(&open_count);
224 open_exclu = 0;
225
226 spin_unlock(&mce_state_lock);
227 -@@ -1595,6 +1595,7 @@ static struct miscdevice mce_log_device
228 +@@ -1595,6 +1596,7 @@ static struct miscdevice mce_log_device
229 MISC_MCELOG_MINOR,
230 "mcelog",
231 &mce_chrdev_ops,
232 @@ -23970,98 +24009,106 @@ diff -urNp linux-2.6.32.28/drivers/char/hvc_rtas.c linux-2.6.32.28/drivers/char/
233 };
234 diff -urNp linux-2.6.32.28/drivers/char/hvcs.c linux-2.6.32.28/drivers/char/hvcs.c
235 --- linux-2.6.32.28/drivers/char/hvcs.c 2010-08-13 16:24:37.000000000 -0400
236 -+++ linux-2.6.32.28/drivers/char/hvcs.c 2010-12-31 14:46:53.000000000 -0500
237 -@@ -269,7 +269,7 @@ struct hvcs_struct {
238 ++++ linux-2.6.32.28/drivers/char/hvcs.c 2011-01-25 20:24:47.000000000 -0500
239 +@@ -82,6 +82,7 @@
240 + #include <asm/hvcserver.h>
241 + #include <asm/uaccess.h>
242 + #include <asm/vio.h>
243 ++#include <asm/local.h>
244 +
245 + /*
246 + * 1.3.0 -> 1.3.1 In hvcs_open memset(..,0x00,..) instead of memset(..,0x3F,00).
247 +@@ -269,7 +270,7 @@ struct hvcs_struct {
248 unsigned int index;
249
250 struct tty_struct *tty;
251 - int open_count;
252 -+ atomic_t open_count;
253 ++ local_t open_count;
254
255 /*
256 * Used to tell the driver kernel_thread what operations need to take
257 -@@ -419,7 +419,7 @@ static ssize_t hvcs_vterm_state_store(st
258 +@@ -419,7 +420,7 @@ static ssize_t hvcs_vterm_state_store(st
259
260 spin_lock_irqsave(&hvcsd->lock, flags);
261
262 - if (hvcsd->open_count > 0) {
263 -+ if (atomic_read(&hvcsd->open_count) > 0) {
264 ++ if (local_read(&hvcsd->open_count) > 0) {
265 spin_unlock_irqrestore(&hvcsd->lock, flags);
266 printk(KERN_INFO "HVCS: vterm state unchanged. "
267 "The hvcs device node is still in use.\n");
268 -@@ -1135,7 +1135,7 @@ static int hvcs_open(struct tty_struct *
269 +@@ -1135,7 +1136,7 @@ static int hvcs_open(struct tty_struct *
270 if ((retval = hvcs_partner_connect(hvcsd)))
271 goto error_release;
272
273 - hvcsd->open_count = 1;
274 -+ atomic_set(&hvcsd->open_count, 1);
275 ++ local_set(&hvcsd->open_count, 1);
276 hvcsd->tty = tty;
277 tty->driver_data = hvcsd;
278
279 -@@ -1169,7 +1169,7 @@ fast_open:
280 +@@ -1169,7 +1170,7 @@ fast_open:
281
282 spin_lock_irqsave(&hvcsd->lock, flags);
283 kref_get(&hvcsd->kref);
284 - hvcsd->open_count++;
285 -+ atomic_inc(&hvcsd->open_count);
286 ++ local_inc(&hvcsd->open_count);
287 hvcsd->todo_mask |= HVCS_SCHED_READ;
288 spin_unlock_irqrestore(&hvcsd->lock, flags);
289
290 -@@ -1213,7 +1213,7 @@ static void hvcs_close(struct tty_struct
291 +@@ -1213,7 +1214,7 @@ static void hvcs_close(struct tty_struct
292 hvcsd = tty->driver_data;
293
294 spin_lock_irqsave(&hvcsd->lock, flags);
295 - if (--hvcsd->open_count == 0) {
296 -+ if (atomic_dec_and_test(&hvcsd->open_count)) {
297 ++ if (local_dec_and_test(&hvcsd->open_count)) {
298
299 vio_disable_interrupts(hvcsd->vdev);
300
301 -@@ -1239,10 +1239,10 @@ static void hvcs_close(struct tty_struct
302 +@@ -1239,10 +1240,10 @@ static void hvcs_close(struct tty_struct
303 free_irq(irq, hvcsd);
304 kref_put(&hvcsd->kref, destroy_hvcs_struct);
305 return;
306 - } else if (hvcsd->open_count < 0) {
307 -+ } else if (atomic_read(&hvcsd->open_count) < 0) {
308 ++ } else if (local_read(&hvcsd->open_count) < 0) {
309 printk(KERN_ERR "HVCS: vty-server@%X open_count: %d"
310 " is missmanaged.\n",
311 - hvcsd->vdev->unit_address, hvcsd->open_count);
312 -+ hvcsd->vdev->unit_address, atomic_read(&hvcsd->open_count));
313 ++ hvcsd->vdev->unit_address, local_read(&hvcsd->open_count));
314 }
315
316 spin_unlock_irqrestore(&hvcsd->lock, flags);
317 -@@ -1258,7 +1258,7 @@ static void hvcs_hangup(struct tty_struc
318 +@@ -1258,7 +1259,7 @@ static void hvcs_hangup(struct tty_struc
319
320 spin_lock_irqsave(&hvcsd->lock, flags);
321 /* Preserve this so that we know how many kref refs to put */
322 - temp_open_count = hvcsd->open_count;
323 -+ temp_open_count = atomic_read(&hvcsd->open_count);
324 ++ temp_open_count = local_read(&hvcsd->open_count);
325
326 /*
327 * Don't kref put inside the spinlock because the destruction
328 -@@ -1273,7 +1273,7 @@ static void hvcs_hangup(struct tty_struc
329 +@@ -1273,7 +1274,7 @@ static void hvcs_hangup(struct tty_struc
330 hvcsd->tty->driver_data = NULL;
331 hvcsd->tty = NULL;
332
333 - hvcsd->open_count = 0;
334 -+ atomic_set(&hvcsd->open_count, 0);
335 ++ local_set(&hvcsd->open_count, 0);
336
337 /* This will drop any buffered data on the floor which is OK in a hangup
338 * scenario. */
339 -@@ -1344,7 +1344,7 @@ static int hvcs_write(struct tty_struct
340 +@@ -1344,7 +1345,7 @@ static int hvcs_write(struct tty_struct
341 * the middle of a write operation? This is a crummy place to do this
342 * but we want to keep it all in the spinlock.
343 */
344 - if (hvcsd->open_count <= 0) {
345 -+ if (atomic_read(&hvcsd->open_count) <= 0) {
346 ++ if (local_read(&hvcsd->open_count) <= 0) {
347 spin_unlock_irqrestore(&hvcsd->lock, flags);
348 return -ENODEV;
349 }
350 -@@ -1418,7 +1418,7 @@ static int hvcs_write_room(struct tty_st
351 +@@ -1418,7 +1419,7 @@ static int hvcs_write_room(struct tty_st
352 {
353 struct hvcs_struct *hvcsd = tty->driver_data;
354
355 - if (!hvcsd || hvcsd->open_count <= 0)
356 -+ if (!hvcsd || atomic_read(&hvcsd->open_count) <= 0)
357 ++ if (!hvcsd || local_read(&hvcsd->open_count) <= 0)
358 return 0;
359
360 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
361 @@ -24392,118 +24439,126 @@ diff -urNp linux-2.6.32.28/drivers/char/nvram.c linux-2.6.32.28/drivers/char/nvr
362 static int __init nvram_init(void)
363 diff -urNp linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c
364 --- linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c 2010-08-13 16:24:37.000000000 -0400
365 -+++ linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c 2010-12-31 14:46:53.000000000 -0500
366 -@@ -51,7 +51,7 @@ struct ipw_tty {
367 ++++ linux-2.6.32.28/drivers/char/pcmcia/ipwireless/tty.c 2011-01-25 20:24:47.000000000 -0500
368 +@@ -29,6 +29,7 @@
369 + #include <linux/tty_driver.h>
370 + #include <linux/tty_flip.h>
371 + #include <linux/uaccess.h>
372 ++#include <asm/local.h>
373 +
374 + #include "tty.h"
375 + #include "network.h"
376 +@@ -51,7 +52,7 @@ struct ipw_tty {
377 int tty_type;
378 struct ipw_network *network;
379 struct tty_struct *linux_tty;
380 - int open_count;
381 -+ atomic_t open_count;
382 ++ local_t open_count;
383 unsigned int control_lines;
384 struct mutex ipw_tty_mutex;
385 int tx_bytes_queued;
386 -@@ -127,10 +127,10 @@ static int ipw_open(struct tty_struct *l
387 +@@ -127,10 +128,10 @@ static int ipw_open(struct tty_struct *l
388 mutex_unlock(&tty->ipw_tty_mutex);
389 return -ENODEV;
390 }
391 - if (tty->open_count == 0)
392 -+ if (atomic_read(&tty->open_count) == 0)
393 ++ if (local_read(&tty->open_count) == 0)
394 tty->tx_bytes_queued = 0;
395
396 - tty->open_count++;
397 -+ atomic_inc(&tty->open_count);
398 ++ local_inc(&tty->open_count);
399
400 tty->linux_tty = linux_tty;
401 linux_tty->driver_data = tty;
402 -@@ -146,9 +146,7 @@ static int ipw_open(struct tty_struct *l
403 +@@ -146,9 +147,7 @@ static int ipw_open(struct tty_struct *l
404
405 static void do_ipw_close(struct ipw_tty *tty)
406 {
407 - tty->open_count--;
408 -
409 - if (tty->open_count == 0) {
410 -+ if (atomic_dec_return(&tty->open_count) == 0) {
411 ++ if (local_dec_return(&tty->open_count) == 0) {
412 struct tty_struct *linux_tty = tty->linux_tty;
413
414 if (linux_tty != NULL) {
415 -@@ -169,7 +167,7 @@ static void ipw_hangup(struct tty_struct
416 +@@ -169,7 +168,7 @@ static void ipw_hangup(struct tty_struct
417 return;
418
419 mutex_lock(&tty->ipw_tty_mutex);
420 - if (tty->open_count == 0) {
421 -+ if (atomic_read(&tty->open_count) == 0) {
422 ++ if (local_read(&tty->open_count) == 0) {
423 mutex_unlock(&tty->ipw_tty_mutex);
424 return;
425 }
426 -@@ -198,7 +196,7 @@ void ipwireless_tty_received(struct ipw_
427 +@@ -198,7 +197,7 @@ void ipwireless_tty_received(struct ipw_
428 return;
429 }
430
431 - if (!tty->open_count) {
432 -+ if (!atomic_read(&tty->open_count)) {
433 ++ if (!local_read(&tty->open_count)) {
434 mutex_unlock(&tty->ipw_tty_mutex);
435 return;
436 }
437 -@@ -240,7 +238,7 @@ static int ipw_write(struct tty_struct *
438 +@@ -240,7 +239,7 @@ static int ipw_write(struct tty_struct *
439 return -ENODEV;
440
441 mutex_lock(&tty->ipw_tty_mutex);
442 - if (!tty->open_count) {
443 -+ if (!atomic_read(&tty->open_count)) {
444 ++ if (!local_read(&tty->open_count)) {
445 mutex_unlock(&tty->ipw_tty_mutex);
446 return -EINVAL;
447 }
448 -@@ -280,7 +278,7 @@ static int ipw_write_room(struct tty_str
449 +@@ -280,7 +279,7 @@ static int ipw_write_room(struct tty_str
450 if (!tty)
451 return -ENODEV;
452
453 - if (!tty->open_count)
454 -+ if (!atomic_read(&tty->open_count))
455 ++ if (!local_read(&tty->open_count))
456 return -EINVAL;
457
458 room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
459 -@@ -322,7 +320,7 @@ static int ipw_chars_in_buffer(struct tt
460 +@@ -322,7 +321,7 @@ static int ipw_chars_in_buffer(struct tt
461 if (!tty)
462 return 0;
463
464 - if (!tty->open_count)
465 -+ if (!atomic_read(&tty->open_count))
466 ++ if (!local_read(&tty->open_count))
467 return 0;
468
469 return tty->tx_bytes_queued;
470 -@@ -403,7 +401,7 @@ static int ipw_tiocmget(struct tty_struc
471 +@@ -403,7 +402,7 @@ static int ipw_tiocmget(struct tty_struc
472 if (!tty)
473 return -ENODEV;
474
475 - if (!tty->open_count)
476 -+ if (!atomic_read(&tty->open_count))
477 ++ if (!local_read(&tty->open_count))
478 return -EINVAL;
479
480 return get_control_lines(tty);
481 -@@ -419,7 +417,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
482 +@@ -419,7 +418,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
483 if (!tty)
484 return -ENODEV;
485
486 - if (!tty->open_count)
487 -+ if (!atomic_read(&tty->open_count))
488 ++ if (!local_read(&tty->open_count))
489 return -EINVAL;
490
491 return set_control_lines(tty, set, clear);
492 -@@ -433,7 +431,7 @@ static int ipw_ioctl(struct tty_struct *
493 +@@ -433,7 +432,7 @@ static int ipw_ioctl(struct tty_struct *
494 if (!tty)
495 return -ENODEV;
496
497 - if (!tty->open_count)
498 -+ if (!atomic_read(&tty->open_count))
499 ++ if (!local_read(&tty->open_count))
500 return -EINVAL;
501
502 /* FIXME: Exactly how is the tty object locked here .. */
503 -@@ -591,7 +589,7 @@ void ipwireless_tty_free(struct ipw_tty
504 +@@ -591,7 +590,7 @@ void ipwireless_tty_free(struct ipw_tty
505 against a parallel ioctl etc */
506 mutex_lock(&ttyj->ipw_tty_mutex);
507 }
508 - while (ttyj->open_count)
509 -+ while (atomic_read(&ttyj->open_count))
510 ++ while (local_read(&ttyj->open_count))
511 do_ipw_close(ttyj);
512 ipwireless_disassociate_network_ttys(network,
513 ttyj->channel_idx);
514 @@ -24586,34 +24641,42 @@ diff -urNp linux-2.6.32.28/drivers/char/random.c linux-2.6.32.28/drivers/char/ra
515
516 diff -urNp linux-2.6.32.28/drivers/char/sonypi.c linux-2.6.32.28/drivers/char/sonypi.c
517 --- linux-2.6.32.28/drivers/char/sonypi.c 2010-08-13 16:24:37.000000000 -0400
518 -+++ linux-2.6.32.28/drivers/char/sonypi.c 2010-12-31 14:46:53.000000000 -0500
519 -@@ -491,7 +491,7 @@ static struct sonypi_device {
520 ++++ linux-2.6.32.28/drivers/char/sonypi.c 2011-01-25 20:24:47.000000000 -0500
521 +@@ -55,6 +55,7 @@
522 + #include <asm/uaccess.h>
523 + #include <asm/io.h>
524 + #include <asm/system.h>
525 ++#include <asm/local.h>
526 +
527 + #include <linux/sonypi.h>
528 +
529 +@@ -491,7 +492,7 @@ static struct sonypi_device {
530 spinlock_t fifo_lock;
531 wait_queue_head_t fifo_proc_list;
532 struct fasync_struct *fifo_async;
533 - int open_count;
534 -+ atomic_t open_count;
535 ++ local_t open_count;
536 int model;
537 struct input_dev *input_jog_dev;
538 struct input_dev *input_key_dev;
539 -@@ -895,7 +895,7 @@ static int sonypi_misc_fasync(int fd, st
540 +@@ -895,7 +896,7 @@ static int sonypi_misc_fasync(int fd, st
541 static int sonypi_misc_release(struct inode *inode, struct file *file)
542 {
543 mutex_lock(&sonypi_device.lock);
544 - sonypi_device.open_count--;
545 -+ atomic_dec(&sonypi_device.open_count);
546 ++ local_dec(&sonypi_device.open_count);
547 mutex_unlock(&sonypi_device.lock);
548 return 0;
549 }
550 -@@ -905,9 +905,9 @@ static int sonypi_misc_open(struct inode
551 +@@ -905,9 +906,9 @@ static int sonypi_misc_open(struct inode
552 lock_kernel();
553 mutex_lock(&sonypi_device.lock);
554 /* Flush input queue on first open */
555 - if (!sonypi_device.open_count)
556 -+ if (!atomic_read(&sonypi_device.open_count))
557 ++ if (!local_read(&sonypi_device.open_count))
558 kfifo_reset(sonypi_device.fifo);
559 - sonypi_device.open_count++;
560 -+ atomic_inc(&sonypi_device.open_count);
561 ++ local_inc(&sonypi_device.open_count);
562 mutex_unlock(&sonypi_device.lock);
563 unlock_kernel();
564 return 0;
565 @@ -25166,7 +25229,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_drv.c linux-2.6.32.28/drivers/gpu
566 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
567 diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gpu/drm/drm_fops.c
568 --- linux-2.6.32.28/drivers/gpu/drm/drm_fops.c 2010-08-13 16:24:37.000000000 -0400
569 -+++ linux-2.6.32.28/drivers/gpu/drm/drm_fops.c 2010-12-31 14:46:53.000000000 -0500
570 ++++ linux-2.6.32.28/drivers/gpu/drm/drm_fops.c 2011-01-24 18:05:30.000000000 -0500
571 @@ -66,7 +66,7 @@ static int drm_setup(struct drm_device *
572 }
573
574 @@ -25184,7 +25247,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp
575 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]);
576 spin_lock(&dev->count_lock);
577 - if (!dev->open_count++) {
578 -+ if (atomic_inc_return(&dev->open_count) == 1) {
579 ++ if (local_inc_return(&dev->open_count) == 1) {
580 spin_unlock(&dev->count_lock);
581 retcode = drm_setup(dev);
582 goto out;
583 @@ -25193,7 +25256,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp
584 lock_kernel();
585
586 - DRM_DEBUG("open_count = %d\n", dev->open_count);
587 -+ DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count));
588 ++ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count));
589
590 if (dev->driver->preclose)
591 dev->driver->preclose(dev, file_priv);
592 @@ -25202,7 +25265,7 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp
593 task_pid_nr(current),
594 (long)old_encode_dev(file_priv->minor->device),
595 - dev->open_count);
596 -+ atomic_read(&dev->open_count));
597 ++ local_read(&dev->open_count));
598
599 /* if the master has gone away we can't do anything with the lock */
600 if (file_priv->minor->master)
601 @@ -25214,13 +25277,49 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_fops.c linux-2.6.32.28/drivers/gp
602 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]);
603 spin_lock(&dev->count_lock);
604 - if (!--dev->open_count) {
605 -+ if (atomic_dec_and_test(&dev->open_count)) {
606 ++ if (local_dec_and_test(&dev->open_count)) {
607 if (atomic_read(&dev->ioctl_count)) {
608 DRM_ERROR("Device busy: %d\n",
609 atomic_read(&dev->ioctl_count));
610 +diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_gem.c linux-2.6.32.28/drivers/gpu/drm/drm_gem.c
611 +--- linux-2.6.32.28/drivers/gpu/drm/drm_gem.c 2010-08-13 16:24:37.000000000 -0400
612 ++++ linux-2.6.32.28/drivers/gpu/drm/drm_gem.c 2011-01-24 18:05:37.000000000 -0500
613 +@@ -83,11 +83,11 @@ drm_gem_init(struct drm_device *dev)
614 + spin_lock_init(&dev->object_name_lock);
615 + idr_init(&dev->object_name_idr);
616 + atomic_set(&dev->object_count, 0);
617 +- atomic_set(&dev->object_memory, 0);
618 ++ atomic_set_unchecked(&dev->object_memory, 0);
619 + atomic_set(&dev->pin_count, 0);
620 +- atomic_set(&dev->pin_memory, 0);
621 ++ atomic_set_unchecked(&dev->pin_memory, 0);
622 + atomic_set(&dev->gtt_count, 0);
623 +- atomic_set(&dev->gtt_memory, 0);
624 ++ atomic_set_unchecked(&dev->gtt_memory, 0);
625 +
626 + mm = kzalloc(sizeof(struct drm_gem_mm), GFP_KERNEL);
627 + if (!mm) {
628 +@@ -150,7 +150,7 @@ drm_gem_object_alloc(struct drm_device *
629 + goto fput;
630 + }
631 + atomic_inc(&dev->object_count);
632 +- atomic_add(obj->size, &dev->object_memory);
633 ++ atomic_add_unchecked(obj->size, &dev->object_memory);
634 + return obj;
635 + fput:
636 + fput(obj->filp);
637 +@@ -429,7 +429,7 @@ drm_gem_object_free(struct kref *kref)
638 +
639 + fput(obj->filp);
640 + atomic_dec(&dev->object_count);
641 +- atomic_sub(obj->size, &dev->object_memory);
642 ++ atomic_sub_unchecked(obj->size, &dev->object_memory);
643 + kfree(obj);
644 + }
645 + EXPORT_SYMBOL(drm_gem_object_free);
646 diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_info.c linux-2.6.32.28/drivers/gpu/drm/drm_info.c
647 --- linux-2.6.32.28/drivers/gpu/drm/drm_info.c 2010-08-13 16:24:37.000000000 -0400
648 -+++ linux-2.6.32.28/drivers/gpu/drm/drm_info.c 2010-12-31 14:46:53.000000000 -0500
649 ++++ linux-2.6.32.28/drivers/gpu/drm/drm_info.c 2011-01-24 18:05:30.000000000 -0500
650 @@ -75,10 +75,14 @@ int drm_vm_info(struct seq_file *m, void
651 struct drm_local_map *map;
652 struct drm_map_list *r_list;
653 @@ -25249,6 +25348,20 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_info.c linux-2.6.32.28/drivers/gp
654 type = "??";
655 else
656 type = types[map->type];
657 +@@ -265,10 +269,10 @@ int drm_gem_object_info(struct seq_file
658 + struct drm_device *dev = node->minor->dev;
659 +
660 + seq_printf(m, "%d objects\n", atomic_read(&dev->object_count));
661 +- seq_printf(m, "%d object bytes\n", atomic_read(&dev->object_memory));
662 ++ seq_printf(m, "%d object bytes\n", atomic_read_unchecked(&dev->object_memory));
663 + seq_printf(m, "%d pinned\n", atomic_read(&dev->pin_count));
664 +- seq_printf(m, "%d pin bytes\n", atomic_read(&dev->pin_memory));
665 +- seq_printf(m, "%d gtt bytes\n", atomic_read(&dev->gtt_memory));
666 ++ seq_printf(m, "%d pin bytes\n", atomic_read_unchecked(&dev->pin_memory));
667 ++ seq_printf(m, "%d gtt bytes\n", atomic_read_unchecked(&dev->gtt_memory));
668 + seq_printf(m, "%d gtt total\n", dev->gtt_total);
669 + return 0;
670 + }
671 diff -urNp linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c
672 --- linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c 2010-08-13 16:24:37.000000000 -0400
673 +++ linux-2.6.32.28/drivers/gpu/drm/drm_ioctl.c 2010-12-31 14:46:53.000000000 -0500
674 @@ -25416,7 +25529,16 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/i915/i915_drv.c linux-2.6.32.28/drive
675 .close = drm_gem_vm_close,
676 diff -urNp linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c
677 --- linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c 2010-09-20 17:26:42.000000000 -0400
678 -+++ linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c 2010-12-31 14:46:53.000000000 -0500
679 ++++ linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c 2011-01-24 18:05:30.000000000 -0500
680 +@@ -102,7 +102,7 @@ i915_gem_get_aperture_ioctl(struct drm_d
681 +
682 + args->aper_size = dev->gtt_total;
683 + args->aper_available_size = (args->aper_size -
684 +- atomic_read(&dev->pin_memory));
685 ++ atomic_read_unchecked(&dev->pin_memory));
686 +
687 + return 0;
688 + }
689 @@ -492,6 +492,11 @@ i915_gem_pread_ioctl(struct drm_device *
690 return -EINVAL;
691 }
692 @@ -25441,6 +25563,55 @@ diff -urNp linux-2.6.32.28/drivers/gpu/drm/i915/i915_gem.c linux-2.6.32.28/drive
693 /* We can only do the GTT pwrite on untiled buffers, as otherwise
694 * it would end up going through the fenced access, and we'll get
695 * different detiling behavior between reading and writing.
696 +@@ -2054,7 +2064,7 @@ i915_gem_object_unbind(struct drm_gem_ob
697 +
698 + if (obj_priv->gtt_space) {
699 + atomic_dec(&dev->gtt_count);
700 +- atomic_sub(obj->size, &dev->gtt_memory);
701 ++ atomic_sub_unchecked(obj->size, &dev->gtt_memory);
702 +
703 + drm_mm_put_block(obj_priv->gtt_space);
704 + obj_priv->gtt_space = NULL;
705 +@@ -2697,7 +2707,7 @@ i915_gem_object_bind_to_gtt(struct drm_g
706 + goto search_free;
707 + }
708 + atomic_inc(&dev->gtt_count);
709 +- atomic_add(obj->size, &dev->gtt_memory);
710 ++ atomic_add_unchecked(obj->size, &dev->gtt_memory);
711 +
712 + /* Assert that the object is not currently in any GPU domain. As it
713 + * wasn't in the GTT, there shouldn't be any way it could have been in
714 +@@ -3751,9 +3761,9 @@ i915_gem_execbuffer(struct drm_device *d
715 + "%d/%d gtt bytes\n",
716 + atomic_read(&dev->object_count),
717 + atomic_read(&dev->pin_count),
718 +- atomic_read(&dev->object_memory),
719 +- atomic_read(&dev->pin_memory),
720 +- atomic_read(&dev->gtt_memory),
721 ++ atomic_read_unchecked(&dev->object_memory),
722 ++ atomic_read_unchecked(&dev->pin_memory),
723 ++ atomic_read_unchecked(&dev->gtt_memory),
724 + dev->gtt_total);
725 + }
726 + goto err;
727 +@@ -3985,7 +3995,7 @@ i915_gem_object_pin(struct drm_gem_objec
728 + */
729 + if (obj_priv->pin_count == 1) {
730 + atomic_inc(&dev->pin_count);
731 +- atomic_add(obj->size, &dev->pin_memory);
732 ++ atomic_add_unchecked(obj->size, &dev->pin_memory);
733 + if (!obj_priv->active &&
734 + (obj->write_domain & I915_GEM_GPU_DOMAINS) == 0 &&
735 + !list_empty(&obj_priv->list))
736 +@@ -4018,7 +4028,7 @@ i915_gem_object_unpin(struct drm_gem_obj
737 + list_move_tail(&obj_priv->list,
738 + &dev_priv->mm.inactive_list);
739 + atomic_dec(&dev->pin_count);
740 +- atomic_sub(obj->size, &dev->pin_memory);
741 ++ atomic_sub_unchecked(obj->size, &dev->pin_memory);
742 + }
743 + i915_verify_inactive(dev, __FILE__, __LINE__);
744 + }
745 diff -urNp linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c
746 --- linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c 2010-08-13 16:24:37.000000000 -0400
747 +++ linux-2.6.32.28/drivers/gpu/drm/radeon/mkregtable.c 2010-12-31 14:46:53.000000000 -0500
748 @@ -26279,31 +26450,39 @@ diff -urNp linux-2.6.32.28/drivers/input/serio/serio_raw.c linux-2.6.32.28/drive
749 MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids);
750 diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/common.c linux-2.6.32.28/drivers/isdn/gigaset/common.c
751 --- linux-2.6.32.28/drivers/isdn/gigaset/common.c 2010-08-13 16:24:37.000000000 -0400
752 -+++ linux-2.6.32.28/drivers/isdn/gigaset/common.c 2010-12-31 14:46:53.000000000 -0500
753 ++++ linux-2.6.32.28/drivers/isdn/gigaset/common.c 2011-01-24 18:05:30.000000000 -0500
754 @@ -712,7 +712,7 @@ struct cardstate *gigaset_initcs(struct
755 cs->commands_pending = 0;
756 cs->cur_at_seq = 0;
757 cs->gotfwver = -1;
758 - cs->open_count = 0;
759 -+ atomic_set(&cs->open_count, 0);
760 ++ local_set(&cs->open_count, 0);
761 cs->dev = NULL;
762 cs->tty = NULL;
763 cs->tty_dev = NULL;
764 diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h
765 --- linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h 2010-08-13 16:24:37.000000000 -0400
766 -+++ linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h 2010-12-31 14:46:53.000000000 -0500
767 -@@ -446,7 +446,7 @@ struct cardstate {
768 ++++ linux-2.6.32.28/drivers/isdn/gigaset/gigaset.h 2011-01-25 20:24:47.000000000 -0500
769 +@@ -34,6 +34,7 @@
770 + #include <linux/tty_driver.h>
771 + #include <linux/list.h>
772 + #include <asm/atomic.h>
773 ++#include <asm/local.h>
774 +
775 + #define GIG_VERSION {0,5,0,0}
776 + #define GIG_COMPAT {0,4,0,0}
777 +@@ -446,7 +447,7 @@ struct cardstate {
778 spinlock_t cmdlock;
779 unsigned curlen, cmdbytes;
780
781 - unsigned open_count;
782 -+ atomic_t open_count;
783 ++ local_t open_count;
784 struct tty_struct *tty;
785 struct tasklet_struct if_wake_tasklet;
786 unsigned control_state;
787 diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/drivers/isdn/gigaset/interface.c
788 --- linux-2.6.32.28/drivers/isdn/gigaset/interface.c 2010-08-13 16:24:37.000000000 -0400
789 -+++ linux-2.6.32.28/drivers/isdn/gigaset/interface.c 2010-12-31 14:46:53.000000000 -0500
790 ++++ linux-2.6.32.28/drivers/isdn/gigaset/interface.c 2011-01-24 18:05:30.000000000 -0500
791 @@ -165,9 +165,7 @@ static int if_open(struct tty_struct *tt
792 return -ERESTARTSYS; // FIXME -EINTR?
793 tty->driver_data = cs;
794 @@ -26311,7 +26490,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
795 - ++cs->open_count;
796 -
797 - if (cs->open_count == 1) {
798 -+ if (atomic_inc_return(&cs->open_count) == 1) {
799 ++ if (local_inc_return(&cs->open_count) == 1) {
800 spin_lock_irqsave(&cs->lock, flags);
801 cs->tty = tty;
802 spin_unlock_irqrestore(&cs->lock, flags);
803 @@ -26320,11 +26499,11 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
804 if (!cs->connected)
805 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
806 - else if (!cs->open_count)
807 -+ else if (!atomic_read(&cs->open_count))
808 ++ else if (!local_read(&cs->open_count))
809 dev_warn(cs->dev, "%s: device not opened\n", __func__);
810 else {
811 - if (!--cs->open_count) {
812 -+ if (!atomic_dec_return(&cs->open_count)) {
813 ++ if (!local_dec_return(&cs->open_count)) {
814 spin_lock_irqsave(&cs->lock, flags);
815 cs->tty = NULL;
816 spin_unlock_irqrestore(&cs->lock, flags);
817 @@ -26333,7 +26512,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
818 gig_dbg(DEBUG_IF, "not connected");
819 retval = -ENODEV;
820 - } else if (!cs->open_count)
821 -+ } else if (!atomic_read(&cs->open_count))
822 ++ } else if (!local_read(&cs->open_count))
823 dev_warn(cs->dev, "%s: device not opened\n", __func__);
824 else {
825 retval = 0;
826 @@ -26342,7 +26521,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
827 gig_dbg(DEBUG_IF, "not connected");
828 retval = -ENODEV;
829 - } else if (!cs->open_count)
830 -+ } else if (!atomic_read(&cs->open_count))
831 ++ } else if (!local_read(&cs->open_count))
832 dev_warn(cs->dev, "%s: device not opened\n", __func__);
833 else if (cs->mstate != MS_LOCKED) {
834 dev_warn(cs->dev, "can't write to unlocked device\n");
835 @@ -26351,7 +26530,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
836 gig_dbg(DEBUG_IF, "not connected");
837 retval = -ENODEV;
838 - } else if (!cs->open_count)
839 -+ } else if (!atomic_read(&cs->open_count))
840 ++ } else if (!local_read(&cs->open_count))
841 dev_warn(cs->dev, "%s: device not opened\n", __func__);
842 else if (cs->mstate != MS_LOCKED) {
843 dev_warn(cs->dev, "can't write to unlocked device\n");
844 @@ -26360,7 +26539,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
845 if (!cs->connected)
846 gig_dbg(DEBUG_IF, "not connected");
847 - else if (!cs->open_count)
848 -+ else if (!atomic_read(&cs->open_count))
849 ++ else if (!local_read(&cs->open_count))
850 dev_warn(cs->dev, "%s: device not opened\n", __func__);
851 else if (cs->mstate != MS_LOCKED)
852 dev_warn(cs->dev, "can't write to unlocked device\n");
853 @@ -26369,7 +26548,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
854 if (!cs->connected)
855 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
856 - else if (!cs->open_count)
857 -+ else if (!atomic_read(&cs->open_count))
858 ++ else if (!local_read(&cs->open_count))
859 dev_warn(cs->dev, "%s: device not opened\n", __func__);
860 else {
861 //FIXME
862 @@ -26378,7 +26557,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
863 if (!cs->connected)
864 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
865 - else if (!cs->open_count)
866 -+ else if (!atomic_read(&cs->open_count))
867 ++ else if (!local_read(&cs->open_count))
868 dev_warn(cs->dev, "%s: device not opened\n", __func__);
869 else {
870 //FIXME
871 @@ -26387,7 +26566,7 @@ diff -urNp linux-2.6.32.28/drivers/isdn/gigaset/interface.c linux-2.6.32.28/driv
872 }
873
874 - if (!cs->open_count) {
875 -+ if (!atomic_read(&cs->open_count)) {
876 ++ if (!local_read(&cs->open_count)) {
877 dev_warn(cs->dev, "%s: device not opened\n", __func__);
878 goto out;
879 }
880 @@ -26756,6 +26935,18 @@ diff -urNp linux-2.6.32.28/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.32.28/d
881 struct file_operations *dvbdevfops;
882 struct device *clsdev;
883 int minor;
884 +diff -urNp linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c
885 +--- linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c 2010-08-13 16:24:37.000000000 -0400
886 ++++ linux-2.6.32.28/drivers/media/dvb/ttpci/av7110_ca.c 2011-01-24 18:12:30.000000000 -0500
887 +@@ -277,7 +277,7 @@ static int dvb_ca_ioctl(struct inode *in
888 + {
889 + ca_slot_info_t *info=(ca_slot_info_t *)parg;
890 +
891 +- if (info->num > 1)
892 ++ if (info->num < 0 || info->num > 1)
893 + return -EINVAL;
894 + av7110->ci_slot[info->num].num = info->num;
895 + av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ?
896 diff -urNp linux-2.6.32.28/drivers/media/radio/radio-cadet.c linux-2.6.32.28/drivers/media/radio/radio-cadet.c
897 --- linux-2.6.32.28/drivers/media/radio/radio-cadet.c 2010-08-13 16:24:37.000000000 -0400
898 +++ linux-2.6.32.28/drivers/media/radio/radio-cadet.c 2010-12-31 14:46:53.000000000 -0500
899 @@ -27692,13 +27883,22 @@ diff -urNp linux-2.6.32.28/drivers/net/tulip/de4x5.c linux-2.6.32.28/drivers/net
900 #define DE4X5_DUMP 0x0f /* Dump the DE4X5 Status */
901 diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb/hso.c
902 --- linux-2.6.32.28/drivers/net/usb/hso.c 2010-09-26 17:26:05.000000000 -0400
903 -+++ linux-2.6.32.28/drivers/net/usb/hso.c 2010-12-31 14:46:53.000000000 -0500
904 ++++ linux-2.6.32.28/drivers/net/usb/hso.c 2011-01-24 18:05:30.000000000 -0500
905 +@@ -71,7 +71,7 @@
906 + #include <asm/byteorder.h>
907 + #include <linux/serial_core.h>
908 + #include <linux/serial.h>
909 +-
910 ++#include <asm/local.h>
911 +
912 + #define DRIVER_VERSION "1.2"
913 + #define MOD_AUTHOR "Option Wireless"
914 @@ -258,7 +258,7 @@ struct hso_serial {
915
916 /* from usb_serial_port */
917 struct tty_struct *tty;
918 - int open_count;
919 -+ atomic_t open_count;
920 ++ local_t open_count;
921 spinlock_t serial_lock;
922
923 int (*write_data) (struct hso_serial *serial);
924 @@ -27707,7 +27907,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb
925
926 urb = serial->rx_urb[0];
927 - if (serial->open_count > 0) {
928 -+ if (atomic_read(&serial->open_count) > 0) {
929 ++ if (local_read(&serial->open_count) > 0) {
930 count = put_rxbuf_data(urb, serial);
931 if (count == -1)
932 return;
933 @@ -27716,7 +27916,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb
934
935 /* Anyone listening? */
936 - if (serial->open_count == 0)
937 -+ if (atomic_read(&serial->open_count) == 0)
938 ++ if (local_read(&serial->open_count) == 0)
939 return;
940
941 if (status == 0) {
942 @@ -27726,7 +27926,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb
943 /* check for port already opened, if not set the termios */
944 - serial->open_count++;
945 - if (serial->open_count == 1) {
946 -+ if (atomic_inc_return(&serial->open_count) == 1) {
947 ++ if (local_inc_return(&serial->open_count) == 1) {
948 tty->low_latency = 1;
949 serial->rx_state = RX_IDLE;
950 /* Force default termio settings */
951 @@ -27735,7 +27935,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb
952 if (result) {
953 hso_stop_serial_device(serial->parent);
954 - serial->open_count--;
955 -+ atomic_dec(&serial->open_count);
956 ++ local_dec(&serial->open_count);
957 kref_put(&serial->parent->ref, hso_serial_ref_free);
958 }
959 } else {
960 @@ -27744,12 +27944,12 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb
961 /* reset the rts and dtr */
962 /* do the actual close */
963 - serial->open_count--;
964 -+ atomic_dec(&serial->open_count);
965 ++ local_dec(&serial->open_count);
966
967 - if (serial->open_count <= 0) {
968 - serial->open_count = 0;
969 -+ if (atomic_read(&serial->open_count) <= 0) {
970 -+ atomic_set(&serial->open_count, 0);
971 ++ if (local_read(&serial->open_count) <= 0) {
972 ++ local_set(&serial->open_count, 0);
973 spin_lock_irq(&serial->serial_lock);
974 if (serial->tty == tty) {
975 serial->tty->driver_data = NULL;
976 @@ -27758,7 +27958,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb
977 /* the actual setup */
978 spin_lock_irqsave(&serial->serial_lock, flags);
979 - if (serial->open_count)
980 -+ if (atomic_read(&serial->open_count))
981 ++ if (local_read(&serial->open_count))
982 _hso_serial_set_termios(tty, old);
983 else
984 tty->termios = old;
985 @@ -27781,7 +27981,7 @@ diff -urNp linux-2.6.32.28/drivers/net/usb/hso.c linux-2.6.32.28/drivers/net/usb
986 for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
987 if (serial_table[i] && (serial_table[i]->interface == iface)) {
988 - if (dev2ser(serial_table[i])->open_count) {
989 -+ if (atomic_read(&dev2ser(serial_table[i])->open_count)) {
990 ++ if (local_read(&dev2ser(serial_table[i])->open_count)) {
991 result =
992 hso_start_serial_device(serial_table[i], GFP_NOIO);
993 hso_kick_transmit(dev2ser(serial_table[i]));
994 @@ -29306,8 +29506,25 @@ diff -urNp linux-2.6.32.28/drivers/staging/vme/devices/vme_user.c linux-2.6.32.2
995 .read = vme_user_read,
996 diff -urNp linux-2.6.32.28/drivers/uio/uio.c linux-2.6.32.28/drivers/uio/uio.c
997 --- linux-2.6.32.28/drivers/uio/uio.c 2010-08-13 16:24:37.000000000 -0400
998 -+++ linux-2.6.32.28/drivers/uio/uio.c 2010-12-31 14:46:53.000000000 -0500
999 -@@ -129,7 +129,7 @@ static ssize_t map_type_show(struct kobj
1000 ++++ linux-2.6.32.28/drivers/uio/uio.c 2011-01-24 18:05:34.000000000 -0500
1001 +@@ -23,6 +23,7 @@
1002 + #include <linux/string.h>
1003 + #include <linux/kobject.h>
1004 + #include <linux/uio_driver.h>
1005 ++#include <asm/local.h>
1006 +
1007 + #define UIO_MAX_DEVICES 255
1008 +
1009 +@@ -33,7 +34,7 @@ struct uio_device {
1010 + atomic_t event;
1011 + struct fasync_struct *async_queue;
1012 + wait_queue_head_t wait;
1013 +- int vma_count;
1014 ++ local_t vma_count;
1015 + struct uio_info *info;
1016 + struct kobject *map_dir;
1017 + struct kobject *portio_dir;
1018 +@@ -129,7 +130,7 @@ static ssize_t map_type_show(struct kobj
1019 return entry->show(mem, buf);
1020 }
1021
1022 @@ -29316,7 +29533,7 @@ diff -urNp linux-2.6.32.28/drivers/uio/uio.c linux-2.6.32.28/drivers/uio/uio.c
1023 .show = map_type_show,
1024 };
1025
1026 -@@ -217,7 +217,7 @@ static ssize_t portio_type_show(struct k
1027 +@@ -217,7 +218,7 @@ static ssize_t portio_type_show(struct k
1028 return entry->show(port, buf);
1029 }
1030
1031 @@ -29325,6 +29542,22 @@ diff -urNp linux-2.6.32.28/drivers/uio/uio.c linux-2.6.32.28/drivers/uio/uio.c
1032 .show = portio_type_show,
1033 };
1034
1035 +@@ -624,13 +625,13 @@ static int uio_find_mem_index(struct vm_
1036 + static void uio_vma_open(struct vm_area_struct *vma)
1037 + {
1038 + struct uio_device *idev = vma->vm_private_data;
1039 +- idev->vma_count++;
1040 ++ local_inc(&idev->vma_count);
1041 + }
1042 +
1043 + static void uio_vma_close(struct vm_area_struct *vma)
1044 + {
1045 + struct uio_device *idev = vma->vm_private_data;
1046 +- idev->vma_count--;
1047 ++ local_dec(&idev->vma_count);
1048 + }
1049 +
1050 + static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1051 diff -urNp linux-2.6.32.28/drivers/usb/atm/usbatm.c linux-2.6.32.28/drivers/usb/atm/usbatm.c
1052 --- linux-2.6.32.28/drivers/usb/atm/usbatm.c 2010-08-13 16:24:37.000000000 -0400
1053 +++ linux-2.6.32.28/drivers/usb/atm/usbatm.c 2010-12-31 14:46:53.000000000 -0500
1054 @@ -29565,6 +29798,18 @@ diff -urNp linux-2.6.32.28/drivers/usb/misc/appledisplay.c linux-2.6.32.28/drive
1055 .get_brightness = appledisplay_bl_get_brightness,
1056 .update_status = appledisplay_bl_update_status,
1057 };
1058 +diff -urNp linux-2.6.32.28/drivers/usb/misc/iowarrior.c linux-2.6.32.28/drivers/usb/misc/iowarrior.c
1059 +--- linux-2.6.32.28/drivers/usb/misc/iowarrior.c 2010-12-09 18:13:03.000000000 -0500
1060 ++++ linux-2.6.32.28/drivers/usb/misc/iowarrior.c 2011-01-25 17:27:31.000000000 -0500
1061 +@@ -373,7 +373,7 @@ static ssize_t iowarrior_write(struct fi
1062 + case USB_DEVICE_ID_CODEMERCS_IOWPV2:
1063 + case USB_DEVICE_ID_CODEMERCS_IOW40:
1064 + /* IOW24 and IOW40 use a synchronous call */
1065 +- buf = kmalloc(8, GFP_KERNEL); /* 8 bytes are enough for both products */
1066 ++ buf = kmalloc(count, GFP_KERNEL);
1067 + if (!buf) {
1068 + retval = -ENOMEM;
1069 + goto exit;
1070 diff -urNp linux-2.6.32.28/drivers/usb/mon/mon_main.c linux-2.6.32.28/drivers/usb/mon/mon_main.c
1071 --- linux-2.6.32.28/drivers/usb/mon/mon_main.c 2010-08-13 16:24:37.000000000 -0400
1072 +++ linux-2.6.32.28/drivers/usb/mon/mon_main.c 2010-12-31 14:46:53.000000000 -0500
1073 @@ -32011,7 +32256,7 @@ diff -urNp linux-2.6.32.28/fs/ecryptfs/inode.c linux-2.6.32.28/fs/ecryptfs/inode
1074 goto out_free;
1075 diff -urNp linux-2.6.32.28/fs/exec.c linux-2.6.32.28/fs/exec.c
1076 --- linux-2.6.32.28/fs/exec.c 2011-01-11 23:55:35.000000000 -0500
1077 -+++ linux-2.6.32.28/fs/exec.c 2011-01-11 23:56:03.000000000 -0500
1078 ++++ linux-2.6.32.28/fs/exec.c 2011-02-12 11:21:23.000000000 -0500
1079 @@ -56,12 +56,24 @@
1080 #include <linux/fsnotify.h>
1081 #include <linux/fs_struct.h>
1082 @@ -32596,7 +32841,7 @@ diff -urNp linux-2.6.32.28/fs/exec.c linux-2.6.32.28/fs/exec.c
1083 */
1084 clear_thread_flag(TIF_SIGPENDING);
1085
1086 -+ if (signr == SIGKILL || signr == SIGILL)
1087 ++ if (signr == SIGSEGV || signr == SIGBUS || signr == SIGKILL || signr == SIGILL)
1088 + gr_handle_brute_attach(current);
1089 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
1090 +
1091 @@ -46729,8 +46974,16 @@ diff -urNp linux-2.6.32.28/include/drm/drm_pciids.h linux-2.6.32.28/include/drm/
1092 + {0, 0, 0, 0, 0, 0}
1093 diff -urNp linux-2.6.32.28/include/drm/drmP.h linux-2.6.32.28/include/drm/drmP.h
1094 --- linux-2.6.32.28/include/drm/drmP.h 2010-08-13 16:24:37.000000000 -0400
1095 -+++ linux-2.6.32.28/include/drm/drmP.h 2010-12-31 14:46:53.000000000 -0500
1096 -@@ -814,7 +814,7 @@ struct drm_driver {
1097 ++++ linux-2.6.32.28/include/drm/drmP.h 2011-01-24 18:05:37.000000000 -0500
1098 +@@ -71,6 +71,7 @@
1099 + #include <linux/workqueue.h>
1100 + #include <linux/poll.h>
1101 + #include <asm/pgalloc.h>
1102 ++#include <asm/local.h>
1103 + #include "drm.h"
1104 +
1105 + #include <linux/idr.h>
1106 +@@ -814,7 +815,7 @@ struct drm_driver {
1107 void (*vgaarb_irq)(struct drm_device *dev, bool state);
1108
1109 /* Driver private ops for this object */
1110 @@ -46739,16 +46992,16 @@ diff -urNp linux-2.6.32.28/include/drm/drmP.h linux-2.6.32.28/include/drm/drmP.h
1111
1112 int major;
1113 int minor;
1114 -@@ -917,7 +917,7 @@ struct drm_device {
1115 +@@ -917,7 +918,7 @@ struct drm_device {
1116
1117 /** \name Usage Counters */
1118 /*@{ */
1119 - int open_count; /**< Outstanding files open */
1120 -+ atomic_t open_count; /**< Outstanding files open */
1121 ++ local_t open_count; /**< Outstanding files open */
1122 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
1123 atomic_t vma_count; /**< Outstanding vma areas open */
1124 int buf_use; /**< Buffers in use -- cannot alloc */
1125 -@@ -928,7 +928,7 @@ struct drm_device {
1126 +@@ -928,7 +929,7 @@ struct drm_device {
1127 /*@{ */
1128 unsigned long counters;
1129 enum drm_stat_type types[15];
1130 @@ -46757,6 +47010,21 @@ diff -urNp linux-2.6.32.28/include/drm/drmP.h linux-2.6.32.28/include/drm/drmP.h
1131 /*@} */
1132
1133 struct list_head filelist;
1134 +@@ -1042,11 +1043,11 @@ struct drm_device {
1135 + spinlock_t object_name_lock;
1136 + struct idr object_name_idr;
1137 + atomic_t object_count;
1138 +- atomic_t object_memory;
1139 ++ atomic_unchecked_t object_memory;
1140 + atomic_t pin_count;
1141 +- atomic_t pin_memory;
1142 ++ atomic_unchecked_t pin_memory;
1143 + atomic_t gtt_count;
1144 +- atomic_t gtt_memory;
1145 ++ atomic_unchecked_t gtt_memory;
1146 + uint32_t gtt_total;
1147 + uint32_t invalidate_domains; /* domains pending invalidation */
1148 + uint32_t flush_domains; /* domains pending flush */
1149 diff -urNp linux-2.6.32.28/include/linux/a.out.h linux-2.6.32.28/include/linux/a.out.h
1150 --- linux-2.6.32.28/include/linux/a.out.h 2010-08-13 16:24:37.000000000 -0400
1151 +++ linux-2.6.32.28/include/linux/a.out.h 2010-12-31 14:46:53.000000000 -0500
1152 @@ -48479,6 +48747,23 @@ diff -urNp linux-2.6.32.28/include/linux/interrupt.h linux-2.6.32.28/include/lin
1153 extern void softirq_init(void);
1154 #define __raise_softirq_irqoff(nr) do { or_softirq_pending(1UL << (nr)); } while (0)
1155 extern void raise_softirq_irqoff(unsigned int nr);
1156 +diff -urNp linux-2.6.32.28/include/linux/irq.h linux-2.6.32.28/include/linux/irq.h
1157 +--- linux-2.6.32.28/include/linux/irq.h 2010-08-13 16:24:37.000000000 -0400
1158 ++++ linux-2.6.32.28/include/linux/irq.h 2011-01-24 18:05:37.000000000 -0500
1159 +@@ -438,12 +438,12 @@ extern int set_irq_msi(unsigned int irq,
1160 + static inline bool alloc_desc_masks(struct irq_desc *desc, int node,
1161 + bool boot)
1162 + {
1163 ++#ifdef CONFIG_CPUMASK_OFFSTACK
1164 + gfp_t gfp = GFP_ATOMIC;
1165 +
1166 + if (boot)
1167 + gfp = GFP_NOWAIT;
1168 +
1169 +-#ifdef CONFIG_CPUMASK_OFFSTACK
1170 + if (!alloc_cpumask_var_node(&desc->affinity, gfp, node))
1171 + return false;
1172 +
1173 diff -urNp linux-2.6.32.28/include/linux/jbd2.h linux-2.6.32.28/include/linux/jbd2.h
1174 --- linux-2.6.32.28/include/linux/jbd2.h 2010-08-13 16:24:37.000000000 -0400
1175 +++ linux-2.6.32.28/include/linux/jbd2.h 2010-12-31 14:46:53.000000000 -0500
1176 @@ -50119,15 +50404,23 @@ diff -urNp linux-2.6.32.28/include/net/inetpeer.h linux-2.6.32.28/include/net/in
1177 };
1178 diff -urNp linux-2.6.32.28/include/net/irda/ircomm_tty.h linux-2.6.32.28/include/net/irda/ircomm_tty.h
1179 --- linux-2.6.32.28/include/net/irda/ircomm_tty.h 2010-08-13 16:24:37.000000000 -0400
1180 -+++ linux-2.6.32.28/include/net/irda/ircomm_tty.h 2010-12-31 14:46:53.000000000 -0500
1181 -@@ -105,8 +105,8 @@ struct ircomm_tty_cb {
1182 ++++ linux-2.6.32.28/include/net/irda/ircomm_tty.h 2011-01-25 20:24:47.000000000 -0500
1183 +@@ -35,6 +35,7 @@
1184 + #include <linux/termios.h>
1185 + #include <linux/timer.h>
1186 + #include <linux/tty.h> /* struct tty_struct */
1187 ++#include <asm/local.h>
1188 +
1189 + #include <net/irda/irias_object.h>
1190 + #include <net/irda/ircomm_core.h>
1191 +@@ -105,8 +106,8 @@ struct ircomm_tty_cb {
1192 unsigned short close_delay;
1193 unsigned short closing_wait; /* time to wait before closing */
1194
1195 - int open_count;
1196 - int blocked_open; /* # of blocked opens */
1197 -+ atomic_t open_count;
1198 -+ atomic_t blocked_open; /* # of blocked opens */
1199 ++ local_t open_count;
1200 ++ local_t blocked_open; /* # of blocked opens */
1201
1202 /* Protect concurent access to :
1203 * o self->open_count
1204 @@ -50943,7 +51236,24 @@ diff -urNp linux-2.6.32.28/kernel/cpu.c linux-2.6.32.28/kernel/cpu.c
1205 * Should always be manipulated under cpu_add_remove_lock
1206 diff -urNp linux-2.6.32.28/kernel/cred.c linux-2.6.32.28/kernel/cred.c
1207 --- linux-2.6.32.28/kernel/cred.c 2010-08-13 16:24:37.000000000 -0400
1208 -+++ linux-2.6.32.28/kernel/cred.c 2010-12-31 14:46:53.000000000 -0500
1209 ++++ linux-2.6.32.28/kernel/cred.c 2011-02-12 10:44:11.000000000 -0500
1210 +@@ -231,13 +231,13 @@ struct cred *cred_alloc_blank(void)
1211 + #endif
1212 +
1213 + atomic_set(&new->usage, 1);
1214 ++#ifdef CONFIG_DEBUG_CREDENTIALS
1215 ++ new->magic = CRED_MAGIC;
1216 ++#endif
1217 +
1218 + if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
1219 + goto error;
1220 +
1221 +-#ifdef CONFIG_DEBUG_CREDENTIALS
1222 +- new->magic = CRED_MAGIC;
1223 +-#endif
1224 + return new;
1225 +
1226 + error:
1227 @@ -520,6 +520,8 @@ int commit_creds(struct cred *new)
1228
1229 get_cred(new); /* we will require a ref for the subj creds too */
1230 @@ -50953,6 +51263,37 @@ diff -urNp linux-2.6.32.28/kernel/cred.c linux-2.6.32.28/kernel/cred.c
1231 /* dumpability changes */
1232 if (old->euid != new->euid ||
1233 old->egid != new->egid ||
1234 +@@ -696,6 +698,8 @@ struct cred *prepare_kernel_cred(struct
1235 + validate_creds(old);
1236 +
1237 + *new = *old;
1238 ++ atomic_set(&new->usage, 1);
1239 ++ set_cred_subscribers(new, 0);
1240 + get_uid(new->user);
1241 + get_group_info(new->group_info);
1242 +
1243 +@@ -713,8 +717,6 @@ struct cred *prepare_kernel_cred(struct
1244 + if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
1245 + goto error;
1246 +
1247 +- atomic_set(&new->usage, 1);
1248 +- set_cred_subscribers(new, 0);
1249 + put_cred(old);
1250 + validate_creds(new);
1251 + return new;
1252 +@@ -787,7 +789,11 @@ bool creds_are_invalid(const struct cred
1253 + if (cred->magic != CRED_MAGIC)
1254 + return true;
1255 + #ifdef CONFIG_SECURITY_SELINUX
1256 +- if (selinux_is_enabled()) {
1257 ++ /*
1258 ++ * cred->security == NULL if security_cred_alloc_blank() or
1259 ++ * security_prepare_creds() returned an error.
1260 ++ */
1261 ++ if (selinux_is_enabled() && cred->security) {
1262 + if ((unsigned long) cred->security < PAGE_SIZE)
1263 + return true;
1264 + if ((*(u32 *)cred->security & 0xffffff00) ==
1265 diff -urNp linux-2.6.32.28/kernel/exit.c linux-2.6.32.28/kernel/exit.c
1266 --- linux-2.6.32.28/kernel/exit.c 2011-01-11 23:55:35.000000000 -0500
1267 +++ linux-2.6.32.28/kernel/exit.c 2010-12-31 14:46:53.000000000 -0500
1268 @@ -51525,8 +51866,8 @@ diff -urNp linux-2.6.32.28/kernel/kgdb.c linux-2.6.32.28/kernel/kgdb.c
1269
1270 diff -urNp linux-2.6.32.28/kernel/kmod.c linux-2.6.32.28/kernel/kmod.c
1271 --- linux-2.6.32.28/kernel/kmod.c 2010-08-13 16:24:37.000000000 -0400
1272 -+++ linux-2.6.32.28/kernel/kmod.c 2010-12-31 14:46:53.000000000 -0500
1273 -@@ -90,6 +90,18 @@ int __request_module(bool wait, const ch
1274 ++++ linux-2.6.32.28/kernel/kmod.c 2011-02-12 10:58:19.000000000 -0500
1275 +@@ -90,6 +90,28 @@ int __request_module(bool wait, const ch
1276 if (ret >= MODULE_NAME_LEN)
1277 return -ENAMETOOLONG;
1278
1279 @@ -51537,7 +51878,17 @@ diff -urNp linux-2.6.32.28/kernel/kmod.c linux-2.6.32.28/kernel/kmod.c
1280 + auto-loaded
1281 + */
1282 + if (current_uid()) {
1283 -+ gr_log_nonroot_mod_load(module_name);
1284 ++#if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
1285 ++ /* There are known knowns. These are things we know
1286 ++ that we know. There are known unknowns. That is to say,
1287 ++ there are things that we know we don't know. But there are
1288 ++ also unknown unknowns. There are things we don't know
1289 ++ we don't know.
1290 ++ This here is a known unknown.
1291 ++ */
1292 ++ if (strcmp(module_name, "net-pf-10"))
1293 ++#endif
1294 ++ gr_log_nonroot_mod_load(module_name);
1295 + return -EPERM;
1296 + }
1297 +#endif
1298 @@ -51724,7 +52075,7 @@ diff -urNp linux-2.6.32.28/kernel/lockdep_proc.c linux-2.6.32.28/kernel/lockdep_
1299 if (!name) {
1300 diff -urNp linux-2.6.32.28/kernel/module.c linux-2.6.32.28/kernel/module.c
1301 --- linux-2.6.32.28/kernel/module.c 2010-08-13 16:24:37.000000000 -0400
1302 -+++ linux-2.6.32.28/kernel/module.c 2010-12-31 14:46:53.000000000 -0500
1303 ++++ linux-2.6.32.28/kernel/module.c 2011-02-02 20:27:32.000000000 -0500
1304 @@ -89,7 +89,8 @@ static DECLARE_WAIT_QUEUE_HEAD(module_wq
1305 static BLOCKING_NOTIFIER_HEAD(module_notify_list);
1306
1307 @@ -51762,6 +52113,15 @@ diff -urNp linux-2.6.32.28/kernel/module.c linux-2.6.32.28/kernel/module.c
1308 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
1309 name, align, PAGE_SIZE);
1310 align = PAGE_SIZE;
1311 +@@ -1158,7 +1159,7 @@ static const struct kernel_symbol *resol
1312 + * /sys/module/foo/sections stuff
1313 + * J. Corbet <corbet@×××.net>
1314 + */
1315 +-#if defined(CONFIG_KALLSYMS) && defined(CONFIG_SYSFS)
1316 ++#if defined(CONFIG_KALLSYMS) && defined(CONFIG_SYSFS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
1317 +
1318 + static inline bool sect_empty(const Elf_Shdr *sect)
1319 + {
1320 @@ -1545,7 +1546,8 @@ static void free_module(struct module *m
1321 destroy_params(mod->kp, mod->num_kp);
1322
1323 @@ -52493,7 +52853,7 @@ diff -urNp linux-2.6.32.28/kernel/printk.c linux-2.6.32.28/kernel/printk.c
1324 return error;
1325 diff -urNp linux-2.6.32.28/kernel/ptrace.c linux-2.6.32.28/kernel/ptrace.c
1326 --- linux-2.6.32.28/kernel/ptrace.c 2010-08-13 16:24:37.000000000 -0400
1327 -+++ linux-2.6.32.28/kernel/ptrace.c 2011-01-01 00:19:08.000000000 -0500
1328 ++++ linux-2.6.32.28/kernel/ptrace.c 2011-02-12 10:37:47.000000000 -0500
1329 @@ -141,7 +141,7 @@ int __ptrace_may_access(struct task_stru
1330 cred->gid != tcred->egid ||
1331 cred->gid != tcred->sgid ||
1332 @@ -52521,6 +52881,15 @@ diff -urNp linux-2.6.32.28/kernel/ptrace.c linux-2.6.32.28/kernel/ptrace.c
1333 task->ptrace |= PT_PTRACE_CAP;
1334
1335 __ptrace_link(task, current);
1336 +@@ -314,7 +314,7 @@ int ptrace_detach(struct task_struct *ch
1337 + child->exit_code = data;
1338 + dead = __ptrace_detach(current, child);
1339 + if (!child->exit_state)
1340 +- wake_up_process(child);
1341 ++ wake_up_state(child, TASK_TRACED | TASK_STOPPED);
1342 + }
1343 + write_unlock_irq(&tasklist_lock);
1344 +
1345 @@ -532,18 +532,18 @@ int ptrace_request(struct task_struct *c
1346 ret = ptrace_setoptions(child, data);
1347 break;
1348 @@ -52745,7 +53114,7 @@ diff -urNp linux-2.6.32.28/kernel/sched.c linux-2.6.32.28/kernel/sched.c
1349 return;
1350 diff -urNp linux-2.6.32.28/kernel/signal.c linux-2.6.32.28/kernel/signal.c
1351 --- linux-2.6.32.28/kernel/signal.c 2010-08-13 16:24:37.000000000 -0400
1352 -+++ linux-2.6.32.28/kernel/signal.c 2010-12-31 14:46:53.000000000 -0500
1353 ++++ linux-2.6.32.28/kernel/signal.c 2011-02-12 11:22:46.000000000 -0500
1354 @@ -41,12 +41,12 @@
1355
1356 static struct kmem_cache *sigqueue_cachep;
1357 @@ -52808,17 +53177,34 @@ diff -urNp linux-2.6.32.28/kernel/signal.c linux-2.6.32.28/kernel/signal.c
1358 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
1359 {
1360 return send_signal(sig, info, t, 0);
1361 -@@ -1022,6 +1028,9 @@ force_sig_info(int sig, struct siginfo *
1362 +@@ -1005,6 +1011,7 @@ force_sig_info(int sig, struct siginfo *
1363 + unsigned long int flags;
1364 + int ret, blocked, ignored;
1365 + struct k_sigaction *action;
1366 ++ int is_unhandled = 0;
1367 +
1368 + spin_lock_irqsave(&t->sighand->siglock, flags);
1369 + action = &t->sighand->action[sig-1];
1370 +@@ -1019,9 +1026,18 @@ force_sig_info(int sig, struct siginfo *
1371 + }
1372 + if (action->sa.sa_handler == SIG_DFL)
1373 + t->signal->flags &= ~SIGNAL_UNKILLABLE;
1374 ++ if (action->sa.sa_handler == SIG_IGN || action->sa.sa_handler == SIG_DFL)
1375 ++ is_unhandled = 1;
1376 ret = specific_send_sig_info(sig, info, t);
1377 spin_unlock_irqrestore(&t->sighand->siglock, flags);
1378
1379 -+ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
1380 -+ gr_handle_crash(t, sig);
1381 ++ /* only deal with unhandled signals, java etc trigger SIGSEGV during
1382 ++ normal operation */
1383 ++ if (is_unhandled) {
1384 ++ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
1385 ++ gr_handle_crash(t, sig);
1386 ++ }
1387 +
1388 return ret;
1389 }
1390
1391 -@@ -1081,8 +1090,11 @@ int group_send_sig_info(int sig, struct
1392 +@@ -1081,8 +1097,11 @@ int group_send_sig_info(int sig, struct
1393 {
1394 int ret = check_kill_permission(sig, info, p);
1395
1396 @@ -54853,7 +55239,7 @@ diff -urNp linux-2.6.32.28/mm/migrate.c linux-2.6.32.28/mm/migrate.c
1397 goto out;
1398 diff -urNp linux-2.6.32.28/mm/mlock.c linux-2.6.32.28/mm/mlock.c
1399 --- linux-2.6.32.28/mm/mlock.c 2010-10-31 16:44:11.000000000 -0400
1400 -+++ linux-2.6.32.28/mm/mlock.c 2010-12-31 14:46:53.000000000 -0500
1401 ++++ linux-2.6.32.28/mm/mlock.c 2011-01-24 18:05:37.000000000 -0500
1402 @@ -13,6 +13,7 @@
1403 #include <linux/pagemap.h>
1404 #include <linux/mempolicy.h>
1405 @@ -54889,6 +55275,15 @@ diff -urNp linux-2.6.32.28/mm/mlock.c linux-2.6.32.28/mm/mlock.c
1406 while (nr_pages > 0) {
1407 int i;
1408
1409 +@@ -440,7 +428,7 @@ static int do_mlock(unsigned long start,
1410 + {
1411 + unsigned long nstart, end, tmp;
1412 + struct vm_area_struct * vma, * prev;
1413 +- int error;
1414 ++ int error = -EINVAL;
1415 +
1416 + len = PAGE_ALIGN(len);
1417 + end = start + len;
1418 @@ -448,6 +436,9 @@ static int do_mlock(unsigned long start,
1419 return -EINVAL;
1420 if (end == start)
1421 @@ -54957,7 +55352,7 @@ diff -urNp linux-2.6.32.28/mm/mlock.c linux-2.6.32.28/mm/mlock.c
1422 ret = do_mlockall(flags);
1423 diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1424 --- linux-2.6.32.28/mm/mmap.c 2011-01-11 23:55:35.000000000 -0500
1425 -+++ linux-2.6.32.28/mm/mmap.c 2010-12-31 14:46:53.000000000 -0500
1426 ++++ linux-2.6.32.28/mm/mmap.c 2011-02-12 11:38:46.000000000 -0500
1427 @@ -45,6 +45,16 @@
1428 #define arch_rebalance_pgtables(addr, len) (addr)
1429 #endif
1430 @@ -55179,12 +55574,13 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1431 if (addr & ~PAGE_MASK)
1432 return addr;
1433
1434 -@@ -969,6 +1046,31 @@ unsigned long do_mmap_pgoff(struct file
1435 +@@ -969,6 +1046,36 @@ unsigned long do_mmap_pgoff(struct file
1436 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
1437 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
1438
1439 +#ifdef CONFIG_PAX_MPROTECT
1440 + if (mm->pax_flags & MF_PAX_MPROTECT) {
1441 ++#ifndef CONFIG_PAX_MPROTECT_COMPAT
1442 + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) {
1443 + gr_log_rwxmmap(file);
1444 +
1445 @@ -55198,6 +55594,10 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1446 +
1447 + if (!(vm_flags & VM_EXEC))
1448 + vm_flags &= ~VM_MAYEXEC;
1449 ++#else
1450 ++ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
1451 ++ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
1452 ++#endif
1453 + else
1454 + vm_flags &= ~VM_MAYWRITE;
1455 + }
1456 @@ -55211,7 +55611,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1457 if (flags & MAP_LOCKED)
1458 if (!can_do_mlock())
1459 return -EPERM;
1460 -@@ -980,6 +1082,7 @@ unsigned long do_mmap_pgoff(struct file
1461 +@@ -980,6 +1087,7 @@ unsigned long do_mmap_pgoff(struct file
1462 locked += mm->locked_vm;
1463 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
1464 lock_limit >>= PAGE_SHIFT;
1465 @@ -55219,7 +55619,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1466 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
1467 return -EAGAIN;
1468 }
1469 -@@ -1053,6 +1156,9 @@ unsigned long do_mmap_pgoff(struct file
1470 +@@ -1053,6 +1161,9 @@ unsigned long do_mmap_pgoff(struct file
1471 if (error)
1472 return error;
1473
1474 @@ -55229,7 +55629,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1475 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
1476 }
1477 EXPORT_SYMBOL(do_mmap_pgoff);
1478 -@@ -1065,10 +1171,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
1479 +@@ -1065,10 +1176,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
1480 */
1481 int vma_wants_writenotify(struct vm_area_struct *vma)
1482 {
1483 @@ -55242,7 +55642,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1484 return 0;
1485
1486 /* The backer wishes to know when pages are first written to? */
1487 -@@ -1117,14 +1223,24 @@ unsigned long mmap_region(struct file *f
1488 +@@ -1117,14 +1228,24 @@ unsigned long mmap_region(struct file *f
1489 unsigned long charged = 0;
1490 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
1491
1492 @@ -55269,7 +55669,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1493 }
1494
1495 /* Check against address space limit. */
1496 -@@ -1173,6 +1289,16 @@ munmap_back:
1497 +@@ -1173,6 +1294,16 @@ munmap_back:
1498 goto unacct_error;
1499 }
1500
1501 @@ -55286,7 +55686,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1502 vma->vm_mm = mm;
1503 vma->vm_start = addr;
1504 vma->vm_end = addr + len;
1505 -@@ -1195,6 +1321,19 @@ munmap_back:
1506 +@@ -1195,6 +1326,19 @@ munmap_back:
1507 error = file->f_op->mmap(file, vma);
1508 if (error)
1509 goto unmap_and_free_vma;
1510 @@ -55306,7 +55706,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1511 if (vm_flags & VM_EXECUTABLE)
1512 added_exe_file_vma(mm);
1513
1514 -@@ -1218,6 +1357,11 @@ munmap_back:
1515 +@@ -1218,6 +1362,11 @@ munmap_back:
1516 vma_link(mm, vma, prev, rb_link, rb_parent);
1517 file = vma->vm_file;
1518
1519 @@ -55318,7 +55718,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1520 /* Once vma denies write, undo our temporary denial count */
1521 if (correct_wcount)
1522 atomic_inc(&inode->i_writecount);
1523 -@@ -1226,6 +1370,7 @@ out:
1524 +@@ -1226,6 +1375,7 @@ out:
1525
1526 mm->total_vm += len >> PAGE_SHIFT;
1527 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
1528 @@ -55326,7 +55726,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1529 if (vm_flags & VM_LOCKED) {
1530 /*
1531 * makes pages present; downgrades, drops, reacquires mmap_sem
1532 -@@ -1248,6 +1393,12 @@ unmap_and_free_vma:
1533 +@@ -1248,6 +1398,12 @@ unmap_and_free_vma:
1534 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
1535 charged = 0;
1536 free_vma:
1537 @@ -55339,7 +55739,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1538 kmem_cache_free(vm_area_cachep, vma);
1539 unacct_error:
1540 if (charged)
1541 -@@ -1255,6 +1406,33 @@ unacct_error:
1542 +@@ -1255,6 +1411,33 @@ unacct_error:
1543 return error;
1544 }
1545
1546 @@ -55373,7 +55773,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1547 /* Get an address range which is currently unmapped.
1548 * For shmat() with addr=0.
1549 *
1550 -@@ -1281,18 +1459,23 @@ arch_get_unmapped_area(struct file *filp
1551 +@@ -1281,18 +1464,23 @@ arch_get_unmapped_area(struct file *filp
1552 if (flags & MAP_FIXED)
1553 return addr;
1554
1555 @@ -55404,7 +55804,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1556 }
1557
1558 full_search:
1559 -@@ -1303,34 +1486,40 @@ full_search:
1560 +@@ -1303,34 +1491,40 @@ full_search:
1561 * Start a new search - just in case we missed
1562 * some holes.
1563 */
1564 @@ -55456,7 +55856,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1565 mm->free_area_cache = addr;
1566 mm->cached_hole_size = ~0UL;
1567 }
1568 -@@ -1348,7 +1537,7 @@ arch_get_unmapped_area_topdown(struct fi
1569 +@@ -1348,7 +1542,7 @@ arch_get_unmapped_area_topdown(struct fi
1570 {
1571 struct vm_area_struct *vma;
1572 struct mm_struct *mm = current->mm;
1573 @@ -55465,7 +55865,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1574
1575 /* requested length too big for entire address space */
1576 if (len > TASK_SIZE)
1577 -@@ -1357,13 +1546,18 @@ arch_get_unmapped_area_topdown(struct fi
1578 +@@ -1357,13 +1551,18 @@ arch_get_unmapped_area_topdown(struct fi
1579 if (flags & MAP_FIXED)
1580 return addr;
1581
1582 @@ -55488,7 +55888,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1583 }
1584
1585 /* check if free_area_cache is useful for us */
1586 -@@ -1378,7 +1572,7 @@ arch_get_unmapped_area_topdown(struct fi
1587 +@@ -1378,7 +1577,7 @@ arch_get_unmapped_area_topdown(struct fi
1588 /* make sure it can fit in the remaining address space */
1589 if (addr > len) {
1590 vma = find_vma(mm, addr-len);
1591 @@ -55497,7 +55897,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1592 /* remember the address as a hint for next time */
1593 return (mm->free_area_cache = addr-len);
1594 }
1595 -@@ -1395,7 +1589,7 @@ arch_get_unmapped_area_topdown(struct fi
1596 +@@ -1395,7 +1594,7 @@ arch_get_unmapped_area_topdown(struct fi
1597 * return with success:
1598 */
1599 vma = find_vma(mm, addr);
1600 @@ -55506,7 +55906,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1601 /* remember the address as a hint for next time */
1602 return (mm->free_area_cache = addr);
1603
1604 -@@ -1414,13 +1608,21 @@ bottomup:
1605 +@@ -1414,13 +1613,21 @@ bottomup:
1606 * can happen with large stack limits and large mmap()
1607 * allocations.
1608 */
1609 @@ -55530,7 +55930,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1610 mm->cached_hole_size = ~0UL;
1611
1612 return addr;
1613 -@@ -1429,6 +1631,12 @@ bottomup:
1614 +@@ -1429,6 +1636,12 @@ bottomup:
1615
1616 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
1617 {
1618 @@ -55543,7 +55943,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1619 /*
1620 * Is this a new hole at the highest possible address?
1621 */
1622 -@@ -1436,8 +1644,10 @@ void arch_unmap_area_topdown(struct mm_s
1623 +@@ -1436,8 +1649,10 @@ void arch_unmap_area_topdown(struct mm_s
1624 mm->free_area_cache = addr;
1625
1626 /* dont allow allocations above current base */
1627 @@ -55555,7 +55955,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1628 }
1629
1630 unsigned long
1631 -@@ -1545,6 +1755,27 @@ out:
1632 +@@ -1545,6 +1760,27 @@ out:
1633 return prev ? prev->vm_next : vma;
1634 }
1635
1636 @@ -55583,7 +55983,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1637 /*
1638 * Verify that the stack growth is acceptable and
1639 * update accounting. This is shared with both the
1640 -@@ -1561,6 +1792,7 @@ static int acct_stack_growth(struct vm_a
1641 +@@ -1561,6 +1797,7 @@ static int acct_stack_growth(struct vm_a
1642 return -ENOMEM;
1643
1644 /* Stack limit test */
1645 @@ -55591,7 +55991,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1646 if (size > rlim[RLIMIT_STACK].rlim_cur)
1647 return -ENOMEM;
1648
1649 -@@ -1570,6 +1802,7 @@ static int acct_stack_growth(struct vm_a
1650 +@@ -1570,6 +1807,7 @@ static int acct_stack_growth(struct vm_a
1651 unsigned long limit;
1652 locked = mm->locked_vm + grow;
1653 limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
1654 @@ -55599,7 +55999,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1655 if (locked > limit && !capable(CAP_IPC_LOCK))
1656 return -ENOMEM;
1657 }
1658 -@@ -1600,37 +1833,48 @@ static int acct_stack_growth(struct vm_a
1659 +@@ -1600,37 +1838,48 @@ static int acct_stack_growth(struct vm_a
1660 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
1661 * vma is the last one with address > vma->vm_end. Have to extend vma.
1662 */
1663 @@ -55657,7 +56057,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1664 unsigned long size, grow;
1665
1666 size = address - vma->vm_start;
1667 -@@ -1640,6 +1884,8 @@ int expand_upwards(struct vm_area_struct
1668 +@@ -1640,6 +1889,8 @@ int expand_upwards(struct vm_area_struct
1669 if (!error)
1670 vma->vm_end = address;
1671 }
1672 @@ -55666,7 +56066,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1673 anon_vma_unlock(vma);
1674 return error;
1675 }
1676 -@@ -1652,6 +1898,8 @@ static int expand_downwards(struct vm_ar
1677 +@@ -1652,6 +1903,8 @@ static int expand_downwards(struct vm_ar
1678 unsigned long address)
1679 {
1680 int error;
1681 @@ -55675,7 +56075,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1682
1683 /*
1684 * We must make sure the anon_vma is allocated
1685 -@@ -1665,6 +1913,15 @@ static int expand_downwards(struct vm_ar
1686 +@@ -1665,6 +1918,15 @@ static int expand_downwards(struct vm_ar
1687 if (error)
1688 return error;
1689
1690 @@ -55691,7 +56091,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1691 anon_vma_lock(vma);
1692
1693 /*
1694 -@@ -1674,9 +1931,17 @@ static int expand_downwards(struct vm_ar
1695 +@@ -1674,9 +1936,17 @@ static int expand_downwards(struct vm_ar
1696 */
1697
1698 /* Somebody else might have raced and expanded it already */
1699 @@ -55710,7 +56110,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1700 size = vma->vm_end - address;
1701 grow = (vma->vm_start - address) >> PAGE_SHIFT;
1702
1703 -@@ -1684,9 +1949,20 @@ static int expand_downwards(struct vm_ar
1704 +@@ -1684,9 +1954,20 @@ static int expand_downwards(struct vm_ar
1705 if (!error) {
1706 vma->vm_start = address;
1707 vma->vm_pgoff -= grow;
1708 @@ -55731,7 +56131,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1709 return error;
1710 }
1711
1712 -@@ -1762,6 +2038,13 @@ static void remove_vma_list(struct mm_st
1713 +@@ -1762,6 +2043,13 @@ static void remove_vma_list(struct mm_st
1714 do {
1715 long nrpages = vma_pages(vma);
1716
1717 @@ -55745,7 +56145,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1718 mm->total_vm -= nrpages;
1719 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
1720 vma = remove_vma(vma);
1721 -@@ -1807,6 +2090,16 @@ detach_vmas_to_be_unmapped(struct mm_str
1722 +@@ -1807,6 +2095,16 @@ detach_vmas_to_be_unmapped(struct mm_str
1723 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
1724 vma->vm_prev = NULL;
1725 do {
1726 @@ -55762,7 +56162,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1727 rb_erase(&vma->vm_rb, &mm->mm_rb);
1728 mm->map_count--;
1729 tail_vma = vma;
1730 -@@ -1834,10 +2127,25 @@ int split_vma(struct mm_struct * mm, str
1731 +@@ -1834,10 +2132,25 @@ int split_vma(struct mm_struct * mm, str
1732 struct mempolicy *pol;
1733 struct vm_area_struct *new;
1734
1735 @@ -55788,7 +56188,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1736 if (mm->map_count >= sysctl_max_map_count)
1737 return -ENOMEM;
1738
1739 -@@ -1845,6 +2153,16 @@ int split_vma(struct mm_struct * mm, str
1740 +@@ -1845,6 +2158,16 @@ int split_vma(struct mm_struct * mm, str
1741 if (!new)
1742 return -ENOMEM;
1743
1744 @@ -55805,7 +56205,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1745 /* most fields are the same, copy all, and then fixup */
1746 *new = *vma;
1747
1748 -@@ -1855,8 +2173,29 @@ int split_vma(struct mm_struct * mm, str
1749 +@@ -1855,8 +2178,29 @@ int split_vma(struct mm_struct * mm, str
1750 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
1751 }
1752
1753 @@ -55835,7 +56235,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1754 kmem_cache_free(vm_area_cachep, new);
1755 return PTR_ERR(pol);
1756 }
1757 -@@ -1877,6 +2216,28 @@ int split_vma(struct mm_struct * mm, str
1758 +@@ -1877,6 +2221,28 @@ int split_vma(struct mm_struct * mm, str
1759 else
1760 vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
1761
1762 @@ -55864,13 +56264,13 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1763 return 0;
1764 }
1765
1766 -@@ -1885,11 +2246,30 @@ int split_vma(struct mm_struct * mm, str
1767 +@@ -1885,11 +2251,30 @@ int split_vma(struct mm_struct * mm, str
1768 * work. This now handles partial unmappings.
1769 * Jeremy Fitzhardinge <jeremy@××××.org>
1770 */
1771 +#ifdef CONFIG_PAX_SEGMEXEC
1772 - int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
1773 - {
1774 ++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
1775 ++{
1776 + int ret = __do_munmap(mm, start, len);
1777 + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
1778 + return ret;
1779 @@ -55880,9 +56280,9 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1780 +
1781 +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
1782 +#else
1783 -+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
1784 + int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
1785 +#endif
1786 -+{
1787 + {
1788 unsigned long end;
1789 struct vm_area_struct *vma, *prev, *last;
1790
1791 @@ -55895,7 +56295,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1792 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
1793 return -EINVAL;
1794
1795 -@@ -1953,6 +2333,8 @@ int do_munmap(struct mm_struct *mm, unsi
1796 +@@ -1953,6 +2338,8 @@ int do_munmap(struct mm_struct *mm, unsi
1797 /* Fix up all other VM information */
1798 remove_vma_list(mm, vma);
1799
1800 @@ -55904,7 +56304,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1801 return 0;
1802 }
1803
1804 -@@ -1965,22 +2347,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
1805 +@@ -1965,22 +2352,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
1806
1807 profile_munmap(addr);
1808
1809 @@ -55933,7 +56333,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1810 /*
1811 * this is really a simplified "do_mmap". it only handles
1812 * anonymous maps. eventually we may be able to do some
1813 -@@ -1994,6 +2372,7 @@ unsigned long do_brk(unsigned long addr,
1814 +@@ -1994,6 +2377,7 @@ unsigned long do_brk(unsigned long addr,
1815 struct rb_node ** rb_link, * rb_parent;
1816 pgoff_t pgoff = addr >> PAGE_SHIFT;
1817 int error;
1818 @@ -55941,7 +56341,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1819
1820 len = PAGE_ALIGN(len);
1821 if (!len)
1822 -@@ -2005,16 +2384,30 @@ unsigned long do_brk(unsigned long addr,
1823 +@@ -2005,16 +2389,30 @@ unsigned long do_brk(unsigned long addr,
1824
1825 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
1826
1827 @@ -55973,7 +56373,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1828 locked += mm->locked_vm;
1829 lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
1830 lock_limit >>= PAGE_SHIFT;
1831 -@@ -2031,22 +2424,22 @@ unsigned long do_brk(unsigned long addr,
1832 +@@ -2031,22 +2429,22 @@ unsigned long do_brk(unsigned long addr,
1833 /*
1834 * Clear old maps. this also does some error checking for us
1835 */
1836 @@ -56000,7 +56400,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1837 return -ENOMEM;
1838
1839 /* Can we just expand an old private anonymous mapping? */
1840 -@@ -2060,7 +2453,7 @@ unsigned long do_brk(unsigned long addr,
1841 +@@ -2060,7 +2458,7 @@ unsigned long do_brk(unsigned long addr,
1842 */
1843 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
1844 if (!vma) {
1845 @@ -56009,7 +56409,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1846 return -ENOMEM;
1847 }
1848
1849 -@@ -2072,11 +2465,12 @@ unsigned long do_brk(unsigned long addr,
1850 +@@ -2072,11 +2470,12 @@ unsigned long do_brk(unsigned long addr,
1851 vma->vm_page_prot = vm_get_page_prot(flags);
1852 vma_link(mm, vma, prev, rb_link, rb_parent);
1853 out:
1854 @@ -56024,7 +56424,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1855 return addr;
1856 }
1857
1858 -@@ -2123,8 +2517,10 @@ void exit_mmap(struct mm_struct *mm)
1859 +@@ -2123,8 +2522,10 @@ void exit_mmap(struct mm_struct *mm)
1860 * Walk the list again, actually closing and freeing it,
1861 * with preemption enabled, without holding any MM locks.
1862 */
1863 @@ -56036,7 +56436,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1864
1865 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
1866 }
1867 -@@ -2138,6 +2534,10 @@ int insert_vm_struct(struct mm_struct *
1868 +@@ -2138,6 +2539,10 @@ int insert_vm_struct(struct mm_struct *
1869 struct vm_area_struct * __vma, * prev;
1870 struct rb_node ** rb_link, * rb_parent;
1871
1872 @@ -56047,7 +56447,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1873 /*
1874 * The vm_pgoff of a purely anonymous vma should be irrelevant
1875 * until its first write fault, when page's anon_vma and index
1876 -@@ -2160,7 +2560,22 @@ int insert_vm_struct(struct mm_struct *
1877 +@@ -2160,7 +2565,22 @@ int insert_vm_struct(struct mm_struct *
1878 if ((vma->vm_flags & VM_ACCOUNT) &&
1879 security_vm_enough_memory_mm(mm, vma_pages(vma)))
1880 return -ENOMEM;
1881 @@ -56070,7 +56470,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1882 return 0;
1883 }
1884
1885 -@@ -2178,6 +2593,8 @@ struct vm_area_struct *copy_vma(struct v
1886 +@@ -2178,6 +2598,8 @@ struct vm_area_struct *copy_vma(struct v
1887 struct rb_node **rb_link, *rb_parent;
1888 struct mempolicy *pol;
1889
1890 @@ -56079,7 +56479,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1891 /*
1892 * If anonymous vma has not yet been faulted, update new pgoff
1893 * to match new location, to increase its chance of merging.
1894 -@@ -2221,6 +2638,35 @@ struct vm_area_struct *copy_vma(struct v
1895 +@@ -2221,6 +2643,35 @@ struct vm_area_struct *copy_vma(struct v
1896 return new_vma;
1897 }
1898
1899 @@ -56115,7 +56515,7 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1900 /*
1901 * Return true if the calling process may expand its vm space by the passed
1902 * number of pages
1903 -@@ -2231,7 +2677,7 @@ int may_expand_vm(struct mm_struct *mm,
1904 +@@ -2231,7 +2682,7 @@ int may_expand_vm(struct mm_struct *mm,
1905 unsigned long lim;
1906
1907 lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
1908 @@ -56124,16 +56524,21 @@ diff -urNp linux-2.6.32.28/mm/mmap.c linux-2.6.32.28/mm/mmap.c
1909 if (cur + npages > lim)
1910 return 0;
1911 return 1;
1912 -@@ -2301,6 +2747,17 @@ int install_special_mapping(struct mm_st
1913 +@@ -2301,6 +2752,22 @@ int install_special_mapping(struct mm_st
1914 vma->vm_start = addr;
1915 vma->vm_end = addr + len;
1916
1917 +#ifdef CONFIG_PAX_MPROTECT
1918 + if (mm->pax_flags & MF_PAX_MPROTECT) {
1919 ++#ifndef CONFIG_PAX_MPROTECT_COMPAT
1920 + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC))
1921 + return -EPERM;
1922 + if (!(vm_flags & VM_EXEC))
1923 + vm_flags &= ~VM_MAYEXEC;
1924 ++#else
1925 ++ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
1926 ++ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
1927 ++#endif
1928 + else
1929 + vm_flags &= ~VM_MAYWRITE;
1930 + }
1931 @@ -56595,7 +57000,7 @@ diff -urNp linux-2.6.32.28/mm/rmap.c linux-2.6.32.28/mm/rmap.c
1932 allocated = NULL;
1933 diff -urNp linux-2.6.32.28/mm/shmem.c linux-2.6.32.28/mm/shmem.c
1934 --- linux-2.6.32.28/mm/shmem.c 2010-08-13 16:24:37.000000000 -0400
1935 -+++ linux-2.6.32.28/mm/shmem.c 2010-12-31 14:46:53.000000000 -0500
1936 ++++ linux-2.6.32.28/mm/shmem.c 2011-01-24 18:05:37.000000000 -0500
1937 @@ -31,7 +31,7 @@
1938 #include <linux/swap.h>
1939 #include <linux/ima.h>
1940 @@ -56605,6 +57010,15 @@ diff -urNp linux-2.6.32.28/mm/shmem.c linux-2.6.32.28/mm/shmem.c
1941
1942 #ifdef CONFIG_SHMEM
1943 /*
1944 +@@ -1061,6 +1061,8 @@ static int shmem_writepage(struct page *
1945 + goto unlock;
1946 + }
1947 + entry = shmem_swp_entry(info, index, NULL);
1948 ++ if (!entry)
1949 ++ goto unlock;
1950 + if (entry->val) {
1951 + /*
1952 + * The more uptodate page coming down from a stacked
1953 diff -urNp linux-2.6.32.28/mm/slab.c linux-2.6.32.28/mm/slab.c
1954 --- linux-2.6.32.28/mm/slab.c 2010-08-29 21:08:20.000000000 -0400
1955 +++ linux-2.6.32.28/mm/slab.c 2010-12-31 14:46:53.000000000 -0500
1956 @@ -58424,24 +58838,24 @@ diff -urNp linux-2.6.32.28/net/irda/af_irda.c linux-2.6.32.28/net/irda/af_irda.c
1957 {
1958 diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c
1959 --- linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c 2010-08-13 16:24:37.000000000 -0400
1960 -+++ linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c 2010-12-31 14:46:53.000000000 -0500
1961 ++++ linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c 2011-01-24 18:05:37.000000000 -0500
1962 @@ -280,16 +280,16 @@ static int ircomm_tty_block_til_ready(st
1963 add_wait_queue(&self->open_wait, &wait);
1964
1965 IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
1966 - __FILE__,__LINE__, tty->driver->name, self->open_count );
1967 -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
1968 ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) );
1969
1970 /* As far as I can see, we protect open_count - Jean II */
1971 spin_lock_irqsave(&self->spinlock, flags);
1972 if (!tty_hung_up_p(filp)) {
1973 extra_count = 1;
1974 - self->open_count--;
1975 -+ atomic_dec(&self->open_count);
1976 ++ local_dec(&self->open_count);
1977 }
1978 spin_unlock_irqrestore(&self->spinlock, flags);
1979 - self->blocked_open++;
1980 -+ atomic_inc(&self->blocked_open);
1981 ++ local_inc(&self->blocked_open);
1982
1983 while (1) {
1984 if (tty->termios->c_cflag & CBAUD) {
1985 @@ -58450,7 +58864,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
1986
1987 IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
1988 - __FILE__,__LINE__, tty->driver->name, self->open_count );
1989 -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
1990 ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) );
1991
1992 schedule();
1993 }
1994 @@ -58459,15 +58873,15 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
1995 /* ++ is not atomic, so this should be protected - Jean II */
1996 spin_lock_irqsave(&self->spinlock, flags);
1997 - self->open_count++;
1998 -+ atomic_inc(&self->open_count);
1999 ++ local_inc(&self->open_count);
2000 spin_unlock_irqrestore(&self->spinlock, flags);
2001 }
2002 - self->blocked_open--;
2003 -+ atomic_dec(&self->blocked_open);
2004 ++ local_dec(&self->blocked_open);
2005
2006 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
2007 - __FILE__,__LINE__, tty->driver->name, self->open_count);
2008 -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count));
2009 ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count));
2010
2011 if (!retval)
2012 self->flags |= ASYNC_NORMAL_ACTIVE;
2013 @@ -58476,7 +58890,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
2014 /* ++ is not atomic, so this should be protected - Jean II */
2015 spin_lock_irqsave(&self->spinlock, flags);
2016 - self->open_count++;
2017 -+ atomic_inc(&self->open_count);
2018 ++ local_inc(&self->open_count);
2019
2020 tty->driver_data = self;
2021 self->tty = tty;
2022 @@ -58484,7 +58898,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
2023
2024 IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name,
2025 - self->line, self->open_count);
2026 -+ self->line, atomic_read(&self->open_count));
2027 ++ self->line, local_read(&self->open_count));
2028
2029 /* Not really used by us, but lets do it anyway */
2030 self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
2031 @@ -58493,7 +58907,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
2032 }
2033
2034 - if ((tty->count == 1) && (self->open_count != 1)) {
2035 -+ if ((tty->count == 1) && (atomic_read(&self->open_count) != 1)) {
2036 ++ if ((tty->count == 1) && (local_read(&self->open_count) != 1)) {
2037 /*
2038 * Uh, oh. tty->count is 1, which means that the tty
2039 * structure will be freed. state->count should always
2040 @@ -58503,20 +58917,20 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
2041 "tty->count is 1, state->count is %d\n", __func__ ,
2042 - self->open_count);
2043 - self->open_count = 1;
2044 -+ atomic_read(&self->open_count));
2045 -+ atomic_set(&self->open_count, 1);
2046 ++ local_read(&self->open_count));
2047 ++ local_set(&self->open_count, 1);
2048 }
2049
2050 - if (--self->open_count < 0) {
2051 -+ if (atomic_dec_return(&self->open_count) < 0) {
2052 ++ if (local_dec_return(&self->open_count) < 0) {
2053 IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n",
2054 - __func__, self->line, self->open_count);
2055 - self->open_count = 0;
2056 -+ __func__, self->line, atomic_read(&self->open_count));
2057 -+ atomic_set(&self->open_count, 0);
2058 ++ __func__, self->line, local_read(&self->open_count));
2059 ++ local_set(&self->open_count, 0);
2060 }
2061 - if (self->open_count) {
2062 -+ if (atomic_read(&self->open_count)) {
2063 ++ if (local_read(&self->open_count)) {
2064 spin_unlock_irqrestore(&self->spinlock, flags);
2065
2066 IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ );
2067 @@ -58525,7 +58939,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
2068 self->tty = NULL;
2069
2070 - if (self->blocked_open) {
2071 -+ if (atomic_read(&self->blocked_open)) {
2072 ++ if (local_read(&self->blocked_open)) {
2073 if (self->close_delay)
2074 schedule_timeout_interruptible(self->close_delay);
2075 wake_up_interruptible(&self->open_wait);
2076 @@ -58534,7 +58948,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
2077 self->flags &= ~ASYNC_NORMAL_ACTIVE;
2078 self->tty = NULL;
2079 - self->open_count = 0;
2080 -+ atomic_set(&self->open_count, 0);
2081 ++ local_set(&self->open_count, 0);
2082 spin_unlock_irqrestore(&self->spinlock, flags);
2083
2084 wake_up_interruptible(&self->open_wait);
2085 @@ -58543,7 +58957,7 @@ diff -urNp linux-2.6.32.28/net/irda/ircomm/ircomm_tty.c linux-2.6.32.28/net/irda
2086
2087 seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
2088 - seq_printf(m, "Open count: %d\n", self->open_count);
2089 -+ seq_printf(m, "Open count: %d\n", atomic_read(&self->open_count));
2090 ++ seq_printf(m, "Open count: %d\n", local_read(&self->open_count));
2091 seq_printf(m, "Max data size: %d\n", self->max_data_size);
2092 seq_printf(m, "Max header size: %d\n", self->max_header_size);
2093
2094 @@ -58582,25 +58996,33 @@ diff -urNp linux-2.6.32.28/net/mac80211/debugfs_key.c linux-2.6.32.28/net/mac802
2095 p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]);
2096 diff -urNp linux-2.6.32.28/net/mac80211/ieee80211_i.h linux-2.6.32.28/net/mac80211/ieee80211_i.h
2097 --- linux-2.6.32.28/net/mac80211/ieee80211_i.h 2010-08-13 16:24:37.000000000 -0400
2098 -+++ linux-2.6.32.28/net/mac80211/ieee80211_i.h 2010-12-31 14:46:53.000000000 -0500
2099 -@@ -635,7 +635,7 @@ struct ieee80211_local {
2100 ++++ linux-2.6.32.28/net/mac80211/ieee80211_i.h 2011-01-24 18:05:37.000000000 -0500
2101 +@@ -25,6 +25,7 @@
2102 + #include <linux/etherdevice.h>
2103 + #include <net/cfg80211.h>
2104 + #include <net/mac80211.h>
2105 ++#include <asm/local.h>
2106 + #include "key.h"
2107 + #include "sta_info.h"
2108 +
2109 +@@ -635,7 +636,7 @@ struct ieee80211_local {
2110 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
2111 spinlock_t queue_stop_reason_lock;
2112
2113 - int open_count;
2114 -+ atomic_t open_count;
2115 ++ local_t open_count;
2116 int monitors, cooked_mntrs;
2117 /* number of interfaces with corresponding FIF_ flags */
2118 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll;
2119 diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/iface.c
2120 --- linux-2.6.32.28/net/mac80211/iface.c 2010-08-13 16:24:37.000000000 -0400
2121 -+++ linux-2.6.32.28/net/mac80211/iface.c 2010-12-31 14:46:53.000000000 -0500
2122 ++++ linux-2.6.32.28/net/mac80211/iface.c 2011-01-24 18:05:37.000000000 -0500
2123 @@ -166,7 +166,7 @@ static int ieee80211_open(struct net_dev
2124 break;
2125 }
2126
2127 - if (local->open_count == 0) {
2128 -+ if (atomic_read(&local->open_count) == 0) {
2129 ++ if (local_read(&local->open_count) == 0) {
2130 res = drv_start(local);
2131 if (res)
2132 goto err_del_bss;
2133 @@ -58609,7 +59031,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa
2134 */
2135 if (!is_valid_ether_addr(dev->dev_addr)) {
2136 - if (!local->open_count)
2137 -+ if (!atomic_read(&local->open_count))
2138 ++ if (!local_read(&local->open_count))
2139 drv_stop(local);
2140 return -EADDRNOTAVAIL;
2141 }
2142 @@ -58618,7 +59040,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa
2143 hw_reconf_flags |= __ieee80211_recalc_idle(local);
2144
2145 - local->open_count++;
2146 -+ atomic_inc(&local->open_count);
2147 ++ local_inc(&local->open_count);
2148 if (hw_reconf_flags) {
2149 ieee80211_hw_config(local, hw_reconf_flags);
2150 /*
2151 @@ -58627,7 +59049,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa
2152 drv_remove_interface(local, &conf);
2153 err_stop:
2154 - if (!local->open_count)
2155 -+ if (!atomic_read(&local->open_count))
2156 ++ if (!local_read(&local->open_count))
2157 drv_stop(local);
2158 err_del_bss:
2159 sdata->bss = NULL;
2160 @@ -58636,7 +59058,7 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa
2161 }
2162
2163 - local->open_count--;
2164 -+ atomic_dec(&local->open_count);
2165 ++ local_dec(&local->open_count);
2166
2167 switch (sdata->vif.type) {
2168 case NL80211_IFTYPE_AP_VLAN:
2169 @@ -58645,43 +59067,43 @@ diff -urNp linux-2.6.32.28/net/mac80211/iface.c linux-2.6.32.28/net/mac80211/ifa
2170 ieee80211_recalc_ps(local, -1);
2171
2172 - if (local->open_count == 0) {
2173 -+ if (atomic_read(&local->open_count) == 0) {
2174 ++ if (local_read(&local->open_count) == 0) {
2175 ieee80211_clear_tx_pending(local);
2176 ieee80211_stop_device(local);
2177
2178 diff -urNp linux-2.6.32.28/net/mac80211/main.c linux-2.6.32.28/net/mac80211/main.c
2179 --- linux-2.6.32.28/net/mac80211/main.c 2010-08-13 16:24:37.000000000 -0400
2180 -+++ linux-2.6.32.28/net/mac80211/main.c 2010-12-31 14:46:53.000000000 -0500
2181 ++++ linux-2.6.32.28/net/mac80211/main.c 2011-01-24 18:05:37.000000000 -0500
2182 @@ -145,7 +145,7 @@ int ieee80211_hw_config(struct ieee80211
2183 local->hw.conf.power_level = power;
2184 }
2185
2186 - if (changed && local->open_count) {
2187 -+ if (changed && atomic_read(&local->open_count)) {
2188 ++ if (changed && local_read(&local->open_count)) {
2189 ret = drv_config(local, changed);
2190 /*
2191 * Goal:
2192 diff -urNp linux-2.6.32.28/net/mac80211/pm.c linux-2.6.32.28/net/mac80211/pm.c
2193 --- linux-2.6.32.28/net/mac80211/pm.c 2010-08-13 16:24:37.000000000 -0400
2194 -+++ linux-2.6.32.28/net/mac80211/pm.c 2010-12-31 14:46:53.000000000 -0500
2195 ++++ linux-2.6.32.28/net/mac80211/pm.c 2011-01-24 18:05:37.000000000 -0500
2196 @@ -107,7 +107,7 @@ int __ieee80211_suspend(struct ieee80211
2197 }
2198
2199 /* stop hardware - this must stop RX */
2200 - if (local->open_count)
2201 -+ if (atomic_read(&local->open_count))
2202 ++ if (local_read(&local->open_count))
2203 ieee80211_stop_device(local);
2204
2205 local->suspended = true;
2206 diff -urNp linux-2.6.32.28/net/mac80211/rate.c linux-2.6.32.28/net/mac80211/rate.c
2207 --- linux-2.6.32.28/net/mac80211/rate.c 2010-08-13 16:24:37.000000000 -0400
2208 -+++ linux-2.6.32.28/net/mac80211/rate.c 2010-12-31 14:46:53.000000000 -0500
2209 ++++ linux-2.6.32.28/net/mac80211/rate.c 2011-01-24 18:05:37.000000000 -0500
2210 @@ -287,7 +287,7 @@ int ieee80211_init_rate_ctrl_alg(struct
2211 struct rate_control_ref *ref, *old;
2212
2213 ASSERT_RTNL();
2214 - if (local->open_count)
2215 -+ if (atomic_read(&local->open_count))
2216 ++ if (local_read(&local->open_count))
2217 return -EBUSY;
2218
2219 ref = rate_control_alloc(name, local);
2220 @@ -58699,13 +59121,13 @@ diff -urNp linux-2.6.32.28/net/mac80211/tx.c linux-2.6.32.28/net/mac80211/tx.c
2221 return local == wdev_priv(dev->ieee80211_ptr);
2222 diff -urNp linux-2.6.32.28/net/mac80211/util.c linux-2.6.32.28/net/mac80211/util.c
2223 --- linux-2.6.32.28/net/mac80211/util.c 2010-08-13 16:24:37.000000000 -0400
2224 -+++ linux-2.6.32.28/net/mac80211/util.c 2010-12-31 14:46:53.000000000 -0500
2225 ++++ linux-2.6.32.28/net/mac80211/util.c 2011-01-24 18:05:37.000000000 -0500
2226 @@ -1042,7 +1042,7 @@ int ieee80211_reconfig(struct ieee80211_
2227 local->resuming = true;
2228
2229 /* restart hardware */
2230 - if (local->open_count) {
2231 -+ if (atomic_read(&local->open_count)) {
2232 ++ if (local_read(&local->open_count)) {
2233 /*
2234 * Upon resume hardware can sometimes be goofy due to
2235 * various platform / driver / bus issues, so restarting
2236 @@ -59747,8 +60169,8 @@ diff -urNp linux-2.6.32.28/security/integrity/ima/ima_queue.c linux-2.6.32.28/se
2237 return 0;
2238 diff -urNp linux-2.6.32.28/security/Kconfig linux-2.6.32.28/security/Kconfig
2239 --- linux-2.6.32.28/security/Kconfig 2010-08-13 16:24:37.000000000 -0400
2240 -+++ linux-2.6.32.28/security/Kconfig 2011-01-04 17:43:17.000000000 -0500
2241 -@@ -4,6 +4,509 @@
2242 ++++ linux-2.6.32.28/security/Kconfig 2011-02-12 11:33:55.000000000 -0500
2243 +@@ -4,6 +4,527 @@
2244
2245 menu "Security options"
2246
2247 @@ -59994,6 +60416,24 @@ diff -urNp linux-2.6.32.28/security/Kconfig linux-2.6.32.28/security/Kconfig
2248 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control
2249 + this feature on a per file basis.
2250 +
2251 ++config PAX_MPROTECT_COMPAT
2252 ++ bool "Use legacy/compat protection demoting (read help)"
2253 ++ depends on PAX_MPROTECT
2254 ++ default n
2255 ++ help
2256 ++ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
2257 ++ by sending the proper error code to the application. For some broken
2258 ++ userland, this can cause problems with Python or other applications. The
2259 ++ current implementation however allows for applications like clamav to
2260 ++ detect if JIT compilation/execution is allowed and to fall back gracefully
2261 ++ to an interpreter-based mode if it does not. While we encourage everyone
2262 ++ to use the current implementation as-is and push upstream to fix broken
2263 ++ userland (note that the RWX logging option can assist with this), in some
2264 ++ environments this may not be possible. Having to disable MPROTECT
2265 ++ completely on certain binaries reduces the security benefit of PaX,
2266 ++ so this option is provided for those environments to revert to the old
2267 ++ behavior.
2268 ++
2269 +config PAX_ELFRELOCS
2270 + bool "Allow ELF text relocations (read help)"
2271 + depends on PAX_MPROTECT
2272 @@ -60258,7 +60698,7 @@ diff -urNp linux-2.6.32.28/security/Kconfig linux-2.6.32.28/security/Kconfig
2273 config KEYS
2274 bool "Enable access key retention support"
2275 help
2276 -@@ -146,7 +649,7 @@ config INTEL_TXT
2277 +@@ -146,7 +667,7 @@ config INTEL_TXT
2278 config LSM_MMAP_MIN_ADDR
2279 int "Low address space for LSM to protect from user allocation"
2280 depends on SECURITY && SECURITY_SELINUX
2281 @@ -60321,7 +60761,7 @@ diff -urNp linux-2.6.32.28/security/security.c linux-2.6.32.28/security/security
2282 printk(KERN_DEBUG "%s could not verify "
2283 diff -urNp linux-2.6.32.28/security/selinux/hooks.c linux-2.6.32.28/security/selinux/hooks.c
2284 --- linux-2.6.32.28/security/selinux/hooks.c 2010-08-13 16:24:37.000000000 -0400
2285 -+++ linux-2.6.32.28/security/selinux/hooks.c 2010-12-31 14:46:53.000000000 -0500
2286 ++++ linux-2.6.32.28/security/selinux/hooks.c 2011-02-12 11:03:00.000000000 -0500
2287 @@ -131,7 +131,7 @@ int selinux_enabled = 1;
2288 * Minimal support for a secondary security module,
2289 * just to allow the use of the capability module.
2290 @@ -60331,7 +60771,20 @@ diff -urNp linux-2.6.32.28/security/selinux/hooks.c linux-2.6.32.28/security/sel
2291
2292 /* Lists of inode and superblock security structures initialized
2293 before the policy was loaded. */
2294 -@@ -5450,7 +5450,7 @@ static int selinux_key_getsecurity(struc
2295 +@@ -3259,7 +3259,11 @@ static void selinux_cred_free(struct cre
2296 + {
2297 + struct task_security_struct *tsec = cred->security;
2298 +
2299 +- BUG_ON((unsigned long) cred->security < PAGE_SIZE);
2300 ++ /*
2301 ++ * cred->security == NULL if security_cred_alloc_blank() or
2302 ++ * security_prepare_creds() returned an error.
2303 ++ */
2304 ++ BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
2305 + cred->security = (void *) 0x7UL;
2306 + kfree(tsec);
2307 + }
2308 +@@ -5450,7 +5454,7 @@ static int selinux_key_getsecurity(struc
2309
2310 #endif
2311
2312 @@ -60340,7 +60793,7 @@ diff -urNp linux-2.6.32.28/security/selinux/hooks.c linux-2.6.32.28/security/sel
2313 .name = "selinux",
2314
2315 .ptrace_access_check = selinux_ptrace_access_check,
2316 -@@ -5834,7 +5834,9 @@ int selinux_disable(void)
2317 +@@ -5834,7 +5838,9 @@ int selinux_disable(void)
2318 avc_disable();
2319
2320 /* Reset security_ops to the secondary module, dummy or capability. */
2321 @@ -60376,13 +60829,13 @@ diff -urNp linux-2.6.32.28/security/tomoyo/tomoyo.c linux-2.6.32.28/security/tom
2322 .cred_prepare = tomoyo_cred_prepare,
2323 diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.c linux-2.6.32.28/sound/aoa/codecs/onyx.c
2324 --- linux-2.6.32.28/sound/aoa/codecs/onyx.c 2010-08-13 16:24:37.000000000 -0400
2325 -+++ linux-2.6.32.28/sound/aoa/codecs/onyx.c 2010-12-31 14:46:53.000000000 -0500
2326 ++++ linux-2.6.32.28/sound/aoa/codecs/onyx.c 2011-01-24 18:05:37.000000000 -0500
2327 @@ -53,7 +53,7 @@ struct onyx {
2328 spdif_locked:1,
2329 analog_locked:1,
2330 original_mute:2;
2331 - int open_count;
2332 -+ atomic_t open_count;
2333 ++ local_t open_count;
2334 struct codec_info *codec_info;
2335
2336 /* mutex serializes concurrent access to the device
2337 @@ -60391,7 +60844,7 @@ diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.c linux-2.6.32.28/sound/aoa/cod
2338
2339 mutex_lock(&onyx->mutex);
2340 - onyx->open_count++;
2341 -+ atomic_inc(&onyx->open_count);
2342 ++ local_inc(&onyx->open_count);
2343 mutex_unlock(&onyx->mutex);
2344
2345 return 0;
2346 @@ -60401,10 +60854,21 @@ diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.c linux-2.6.32.28/sound/aoa/cod
2347 mutex_lock(&onyx->mutex);
2348 - onyx->open_count--;
2349 - if (!onyx->open_count)
2350 -+ if (atomic_dec_and_test(&onyx->open_count))
2351 ++ if (local_dec_and_test(&onyx->open_count))
2352 onyx->spdif_locked = onyx->analog_locked = 0;
2353 mutex_unlock(&onyx->mutex);
2354
2355 +diff -urNp linux-2.6.32.28/sound/aoa/codecs/onyx.h linux-2.6.32.28/sound/aoa/codecs/onyx.h
2356 +--- linux-2.6.32.28/sound/aoa/codecs/onyx.h 2010-08-13 16:24:37.000000000 -0400
2357 ++++ linux-2.6.32.28/sound/aoa/codecs/onyx.h 2011-01-25 20:24:47.000000000 -0500
2358 +@@ -11,6 +11,7 @@
2359 + #include <linux/i2c.h>
2360 + #include <asm/pmac_low_i2c.h>
2361 + #include <asm/prom.h>
2362 ++#include <asm/local.h>
2363 +
2364 + /* PCM3052 register definitions */
2365 +
2366 diff -urNp linux-2.6.32.28/sound/core/oss/pcm_oss.c linux-2.6.32.28/sound/core/oss/pcm_oss.c
2367 --- linux-2.6.32.28/sound/core/oss/pcm_oss.c 2010-08-13 16:24:37.000000000 -0400
2368 +++ linux-2.6.32.28/sound/core/oss/pcm_oss.c 2010-12-31 14:46:53.000000000 -0500
2369 @@ -60439,64 +60903,80 @@ diff -urNp linux-2.6.32.28/sound/core/seq/seq_lock.h linux-2.6.32.28/sound/core/
2370
2371 diff -urNp linux-2.6.32.28/sound/drivers/mts64.c linux-2.6.32.28/sound/drivers/mts64.c
2372 --- linux-2.6.32.28/sound/drivers/mts64.c 2010-08-13 16:24:37.000000000 -0400
2373 -+++ linux-2.6.32.28/sound/drivers/mts64.c 2010-12-31 14:46:53.000000000 -0500
2374 -@@ -65,7 +65,7 @@ struct mts64 {
2375 ++++ linux-2.6.32.28/sound/drivers/mts64.c 2011-01-25 22:35:30.000000000 -0500
2376 +@@ -27,6 +27,7 @@
2377 + #include <sound/initval.h>
2378 + #include <sound/rawmidi.h>
2379 + #include <sound/control.h>
2380 ++#include <asm/local.h>
2381 +
2382 + #define CARD_NAME "Miditerminal 4140"
2383 + #define DRIVER_NAME "MTS64"
2384 +@@ -65,7 +66,7 @@ struct mts64 {
2385 struct pardevice *pardev;
2386 int pardev_claimed;
2387
2388 - int open_count;
2389 -+ atomic_t open_count;
2390 ++ local_t open_count;
2391 int current_midi_output_port;
2392 int current_midi_input_port;
2393 u8 mode[MTS64_NUM_INPUT_PORTS];
2394 -@@ -695,7 +695,7 @@ static int snd_mts64_rawmidi_open(struct
2395 +@@ -695,7 +696,7 @@ static int snd_mts64_rawmidi_open(struct
2396 {
2397 struct mts64 *mts = substream->rmidi->private_data;
2398
2399 - if (mts->open_count == 0) {
2400 -+ if (atomic_read(&mts->open_count) == 0) {
2401 ++ if (local_read(&mts->open_count) == 0) {
2402 /* We don't need a spinlock here, because this is just called
2403 if the device has not been opened before.
2404 So there aren't any IRQs from the device */
2405 -@@ -703,7 +703,7 @@ static int snd_mts64_rawmidi_open(struct
2406 +@@ -703,7 +704,7 @@ static int snd_mts64_rawmidi_open(struct
2407
2408 msleep(50);
2409 }
2410 - ++(mts->open_count);
2411 -+ atomic_inc(&mts->open_count);
2412 ++ local_inc(&mts->open_count);
2413
2414 return 0;
2415 }
2416 -@@ -713,8 +713,7 @@ static int snd_mts64_rawmidi_close(struc
2417 +@@ -713,8 +714,7 @@ static int snd_mts64_rawmidi_close(struc
2418 struct mts64 *mts = substream->rmidi->private_data;
2419 unsigned long flags;
2420
2421 - --(mts->open_count);
2422 - if (mts->open_count == 0) {
2423 -+ if (atomic_dec_return(&mts->open_count) == 0) {
2424 ++ if (local_dec_return(&mts->open_count) == 0) {
2425 /* We need the spinlock_irqsave here because we can still
2426 have IRQs at this point */
2427 spin_lock_irqsave(&mts->lock, flags);
2428 -@@ -723,8 +722,8 @@ static int snd_mts64_rawmidi_close(struc
2429 +@@ -723,8 +723,8 @@ static int snd_mts64_rawmidi_close(struc
2430
2431 msleep(500);
2432
2433 - } else if (mts->open_count < 0)
2434 - mts->open_count = 0;
2435 -+ } else if (atomic_read(&mts->open_count) < 0)
2436 -+ atomic_set(&mts->open_count, 0);
2437 ++ } else if (local_read(&mts->open_count) < 0)
2438 ++ local_set(&mts->open_count, 0);
2439
2440 return 0;
2441 }
2442 diff -urNp linux-2.6.32.28/sound/drivers/portman2x4.c linux-2.6.32.28/sound/drivers/portman2x4.c
2443 --- linux-2.6.32.28/sound/drivers/portman2x4.c 2010-08-13 16:24:37.000000000 -0400
2444 -+++ linux-2.6.32.28/sound/drivers/portman2x4.c 2010-12-31 14:46:53.000000000 -0500
2445 -@@ -83,7 +83,7 @@ struct portman {
2446 ++++ linux-2.6.32.28/sound/drivers/portman2x4.c 2011-01-25 20:24:47.000000000 -0500
2447 +@@ -46,6 +46,7 @@
2448 + #include <sound/initval.h>
2449 + #include <sound/rawmidi.h>
2450 + #include <sound/control.h>
2451 ++#include <asm/local.h>
2452 +
2453 + #define CARD_NAME "Portman 2x4"
2454 + #define DRIVER_NAME "portman"
2455 +@@ -83,7 +84,7 @@ struct portman {
2456 struct pardevice *pardev;
2457 int pardev_claimed;
2458
2459 - int open_count;
2460 -+ atomic_t open_count;
2461 ++ local_t open_count;
2462 int mode[PORTMAN_NUM_INPUT_PORTS];
2463 struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
2464 };
2465
2466 diff --git a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
2467 index 0049a17..5592c67 100644
2468 --- a/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
2469 +++ b/2.6.32/4440_selinux-avc_audit-log-curr_ip.patch
2470 @@ -27,7 +27,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
2471
2472 --- a/grsecurity/Kconfig
2473 +++ b/grsecurity/Kconfig
2474 -@@ -1385,6 +1385,27 @@
2475 +@@ -1230,6 +1230,27 @@
2476 menu "Logging Options"
2477 depends on GRKERNSEC
2478
2479
2480 diff --git a/2.6.37/0000_README b/2.6.37/0000_README
2481 index 587d47a..16e7e24 100644
2482 --- a/2.6.37/0000_README
2483 +++ b/2.6.37/0000_README
2484 @@ -3,7 +3,7 @@ README
2485
2486 Individual Patch Descriptions:
2487 -----------------------------------------------------------------------------
2488 -Patch: 4420_grsecurity-2.2.1-2.6.37-201101172105.patch
2489 +Patch: 4420_grsecurity-2.2.1-2.6.37-201102121148.patch
2490 From: http://www.grsecurity.net
2491 Desc: hardened-sources base patch from upstream grsecurity
2492
2493
2494 diff --git a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201101172105.patch b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch
2495 similarity index 98%
2496 rename from 2.6.37/4420_grsecurity-2.2.1-2.6.37-201101172105.patch
2497 rename to 2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch
2498 index 3e2bbf5..e66397d 100644
2499 --- a/2.6.37/4420_grsecurity-2.2.1-2.6.37-201101172105.patch
2500 +++ b/2.6.37/4420_grsecurity-2.2.1-2.6.37-201102121148.patch
2501 @@ -7638,7 +7638,7 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/elf.h linux-2.6.37/arch/x86/include
2502 #endif /* _ASM_X86_ELF_H */
2503 diff -urNp linux-2.6.37/arch/x86/include/asm/futex.h linux-2.6.37/arch/x86/include/asm/futex.h
2504 --- linux-2.6.37/arch/x86/include/asm/futex.h 2011-01-04 19:50:19.000000000 -0500
2505 -+++ linux-2.6.37/arch/x86/include/asm/futex.h 2011-01-17 02:41:00.000000000 -0500
2506 ++++ linux-2.6.37/arch/x86/include/asm/futex.h 2011-01-25 20:24:56.000000000 -0500
2507 @@ -12,16 +12,18 @@
2508 #include <asm/system.h>
2509
2510 @@ -7651,7 +7651,7 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/futex.h linux-2.6.37/arch/x86/inclu
2511 "\t.previous\n" \
2512 _ASM_EXTABLE(1b, 3b) \
2513 - : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \
2514 -+ : "=r" (oldval), "=r" (ret), "+m" (*____m(uaddr))\
2515 ++ : "=r" (oldval), "=r" (ret), "+m" (*(u32 *)____m(uaddr))\
2516 : "i" (-EFAULT), "0" (oparg), "1" (0))
2517
2518 #define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \
2519 @@ -7664,7 +7664,7 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/futex.h linux-2.6.37/arch/x86/inclu
2520 _ASM_EXTABLE(2b, 4b) \
2521 : "=&a" (oldval), "=&r" (ret), \
2522 - "+m" (*uaddr), "=&r" (tem) \
2523 -+ "+m" (*(____m(uaddr))), "=&r" (tem) \
2524 ++ "+m" (*(u32 *)____m(uaddr)), "=&r" (tem) \
2525 : "r" (oparg), "i" (-EFAULT), "1" (0))
2526
2527 -static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
2528 @@ -7710,7 +7710,7 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/futex.h linux-2.6.37/arch/x86/inclu
2529 "\t.previous\n"
2530 _ASM_EXTABLE(1b, 3b)
2531 - : "=a" (oldval), "+m" (*uaddr)
2532 -+ : "=a" (oldval), "+m" (*____m(uaddr))
2533 ++ : "=a" (oldval), "+m" (*(u32 *)____m(uaddr))
2534 : "i" (-EFAULT), "r" (newval), "0" (oldval)
2535 : "memory"
2536 );
2537 @@ -7759,7 +7759,7 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/i387.h linux-2.6.37/arch/x86/includ
2538 * These must be called with preempt disabled
2539 diff -urNp linux-2.6.37/arch/x86/include/asm/io.h linux-2.6.37/arch/x86/include/asm/io.h
2540 --- linux-2.6.37/arch/x86/include/asm/io.h 2011-01-04 19:50:19.000000000 -0500
2541 -+++ linux-2.6.37/arch/x86/include/asm/io.h 2011-01-17 02:41:00.000000000 -0500
2542 ++++ linux-2.6.37/arch/x86/include/asm/io.h 2011-01-27 22:37:21.000000000 -0500
2543 @@ -216,6 +216,17 @@ extern void set_iounmap_nonlazy(void);
2544
2545 #include <linux/vmalloc.h>
2546 @@ -7767,12 +7767,12 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/io.h linux-2.6.37/arch/x86/include/
2547 +#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
2548 +static inline int valid_phys_addr_range(unsigned long addr, size_t count)
2549 +{
2550 -+ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
2551 ++ return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
2552 +}
2553 +
2554 +static inline int valid_mmap_phys_addr_range(unsigned long pfn, size_t count)
2555 +{
2556 -+ return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
2557 ++ return (pfn + (count >> PAGE_SHIFT)) < (1ULL << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
2558 +}
2559 +
2560 /*
2561 @@ -8049,7 +8049,7 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/mman.h linux-2.6.37/arch/x86/includ
2562 #endif /* _ASM_X86_MMAN_H */
2563 diff -urNp linux-2.6.37/arch/x86/include/asm/mmu_context.h linux-2.6.37/arch/x86/include/asm/mmu_context.h
2564 --- linux-2.6.37/arch/x86/include/asm/mmu_context.h 2011-01-04 19:50:19.000000000 -0500
2565 -+++ linux-2.6.37/arch/x86/include/asm/mmu_context.h 2011-01-17 02:41:00.000000000 -0500
2566 ++++ linux-2.6.37/arch/x86/include/asm/mmu_context.h 2011-02-12 11:04:35.000000000 -0500
2567 @@ -24,6 +24,21 @@ void destroy_context(struct mm_struct *m
2568
2569 static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
2570 @@ -8081,8 +8081,8 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/mmu_context.h linux-2.6.37/arch/x86
2571 +#endif
2572
2573 if (likely(prev != next)) {
2574 - /* stop flush ipis for the previous mm */
2575 - cpumask_clear_cpu(cpu, mm_cpumask(prev));
2576 +- /* stop flush ipis for the previous mm */
2577 +- cpumask_clear_cpu(cpu, mm_cpumask(prev));
2578 #ifdef CONFIG_SMP
2579 +#ifdef CONFIG_X86_32
2580 + tlbstate = percpu_read(cpu_tlbstate.state);
2581 @@ -8102,6 +8102,8 @@ diff -urNp linux-2.6.37/arch/x86/include/asm/mmu_context.h linux-2.6.37/arch/x86
2582 +#else
2583 load_cr3(next->pgd);
2584 +#endif
2585 ++ /* stop flush ipis for the previous mm */
2586 ++ cpumask_clear_cpu(cpu, mm_cpumask(prev));
2587
2588 /*
2589 * load the LDT, if the LDT is different:
2590 @@ -10759,8 +10761,16 @@ diff -urNp linux-2.6.37/arch/x86/kernel/cpu/Makefile linux-2.6.37/arch/x86/kerne
2591 obj-y += vmware.o hypervisor.o sched.o mshyperv.o
2592 diff -urNp linux-2.6.37/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.37/arch/x86/kernel/cpu/mcheck/mce.c
2593 --- linux-2.6.37/arch/x86/kernel/cpu/mcheck/mce.c 2011-01-04 19:50:19.000000000 -0500
2594 -+++ linux-2.6.37/arch/x86/kernel/cpu/mcheck/mce.c 2011-01-17 02:41:01.000000000 -0500
2595 -@@ -219,7 +219,7 @@ static void print_mce(struct mce *m)
2596 ++++ linux-2.6.37/arch/x86/kernel/cpu/mcheck/mce.c 2011-01-25 20:24:56.000000000 -0500
2597 +@@ -45,6 +45,7 @@
2598 + #include <asm/ipi.h>
2599 + #include <asm/mce.h>
2600 + #include <asm/msr.h>
2601 ++#include <asm/local.h>
2602 +
2603 + #include "mce-internal.h"
2604 +
2605 +@@ -219,7 +220,7 @@ static void print_mce(struct mce *m)
2606 !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
2607 m->cs, m->ip);
2608
2609 @@ -10769,12 +10779,12 @@ diff -urNp linux-2.6.37/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.37/arch/x86/k
2610 print_symbol("{%s}", m->ip);
2611 pr_cont("\n");
2612 }
2613 -@@ -1460,14 +1460,14 @@ void __cpuinit mcheck_cpu_init(struct cp
2614 +@@ -1460,14 +1461,14 @@ void __cpuinit mcheck_cpu_init(struct cp
2615 */
2616
2617 static DEFINE_SPINLOCK(mce_state_lock);
2618 -static int open_count; /* #times opened */
2619 -+static atomic_t open_count; /* #times opened */
2620 ++static local_t open_count; /* #times opened */
2621 static int open_exclu; /* already open exclusive? */
2622
2623 static int mce_open(struct inode *inode, struct file *file)
2624 @@ -10782,29 +10792,29 @@ diff -urNp linux-2.6.37/arch/x86/kernel/cpu/mcheck/mce.c linux-2.6.37/arch/x86/k
2625 spin_lock(&mce_state_lock);
2626
2627 - if (open_exclu || (open_count && (file->f_flags & O_EXCL))) {
2628 -+ if (open_exclu || (atomic_read(&open_count) && (file->f_flags & O_EXCL))) {
2629 ++ if (open_exclu || (local_read(&open_count) && (file->f_flags & O_EXCL))) {
2630 spin_unlock(&mce_state_lock);
2631
2632 return -EBUSY;
2633 -@@ -1475,7 +1475,7 @@ static int mce_open(struct inode *inode,
2634 +@@ -1475,7 +1476,7 @@ static int mce_open(struct inode *inode,
2635
2636 if (file->f_flags & O_EXCL)
2637 open_exclu = 1;
2638 - open_count++;
2639 -+ atomic_inc(&open_count);
2640 ++ local_inc(&open_count);
2641
2642 spin_unlock(&mce_state_lock);
2643
2644 -@@ -1486,7 +1486,7 @@ static int mce_release(struct inode *ino
2645 +@@ -1486,7 +1487,7 @@ static int mce_release(struct inode *ino
2646 {
2647 spin_lock(&mce_state_lock);
2648
2649 - open_count--;
2650 -+ atomic_dec(&open_count);
2651 ++ local_dec(&open_count);
2652 open_exclu = 0;
2653
2654 spin_unlock(&mce_state_lock);
2655 -@@ -1673,6 +1673,7 @@ static struct miscdevice mce_log_device
2656 +@@ -1673,6 +1674,7 @@ static struct miscdevice mce_log_device
2657 MISC_MCELOG_MINOR,
2658 "mcelog",
2659 &mce_chrdev_ops,
2660 @@ -11971,7 +11981,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/head32.c linux-2.6.37/arch/x86/kernel/he
2661 /* Reserve INITRD */
2662 diff -urNp linux-2.6.37/arch/x86/kernel/head_32.S linux-2.6.37/arch/x86/kernel/head_32.S
2663 --- linux-2.6.37/arch/x86/kernel/head_32.S 2011-01-04 19:50:19.000000000 -0500
2664 -+++ linux-2.6.37/arch/x86/kernel/head_32.S 2011-01-17 02:41:01.000000000 -0500
2665 ++++ linux-2.6.37/arch/x86/kernel/head_32.S 2011-01-25 20:24:56.000000000 -0500
2666 @@ -25,6 +25,12 @@
2667 /* Physical address */
2668 #define pa(X) ((X) - __PAGE_OFFSET)
2669 @@ -12262,7 +12272,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/head_32.S linux-2.6.37/arch/x86/kernel/h
2670 pushl 16(%esp)
2671 pushl 24(%esp)
2672 pushl 32(%esp)
2673 -@@ -619,29 +694,42 @@ ENTRY(initial_code)
2674 +@@ -619,29 +694,43 @@ ENTRY(initial_code)
2675 /*
2676 * BSS section
2677 */
2678 @@ -12273,6 +12283,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/head_32.S linux-2.6.37/arch/x86/kernel/h
2679 ENTRY(initial_pg_pmd)
2680 .fill 1024*KPMDS,4,0
2681 #else
2682 ++.section .initial_page_table,"a",@progbits
2683 ENTRY(initial_page_table)
2684 .fill 1024,4,0
2685 #endif
2686 @@ -12310,7 +12321,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/head_32.S linux-2.6.37/arch/x86/kernel/h
2687 ENTRY(initial_page_table)
2688 .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
2689 # if KPMDS == 3
2690 -@@ -660,15 +748,24 @@ ENTRY(initial_page_table)
2691 +@@ -660,15 +749,24 @@ ENTRY(initial_page_table)
2692 # error "Kernel PMDs should be 1, 2 or 3"
2693 # endif
2694 .align PAGE_SIZE_asm /* needs to be page-sized too */
2695 @@ -12336,7 +12347,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/head_32.S linux-2.6.37/arch/x86/kernel/h
2696 early_recursion_flag:
2697 .long 0
2698
2699 -@@ -704,7 +801,7 @@ fault_msg:
2700 +@@ -704,7 +802,7 @@ fault_msg:
2701 .word 0 # 32 bit align gdt_desc.address
2702 boot_gdt_descr:
2703 .word __BOOT_DS+7
2704 @@ -12345,7 +12356,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/head_32.S linux-2.6.37/arch/x86/kernel/h
2705
2706 .word 0 # 32-bit align idt_desc.address
2707 idt_descr:
2708 -@@ -715,7 +812,7 @@ idt_descr:
2709 +@@ -715,7 +813,7 @@ idt_descr:
2710 .word 0 # 32 bit align gdt_desc.address
2711 ENTRY(early_gdt_descr)
2712 .word GDT_ENTRIES*8-1
2713 @@ -12354,7 +12365,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/head_32.S linux-2.6.37/arch/x86/kernel/h
2714
2715 /*
2716 * The boot_gdt must mirror the equivalent in setup.S and is
2717 -@@ -724,5 +821,65 @@ ENTRY(early_gdt_descr)
2718 +@@ -724,5 +822,65 @@ ENTRY(early_gdt_descr)
2719 .align L1_CACHE_BYTES
2720 ENTRY(boot_gdt)
2721 .fill GDT_ENTRY_BOOT_CS,8,0
2722 @@ -12777,7 +12788,7 @@ diff -urNp linux-2.6.37/arch/x86/kernel/ioport.c linux-2.6.37/arch/x86/kernel/io
2723 }
2724 diff -urNp linux-2.6.37/arch/x86/kernel/irq_32.c linux-2.6.37/arch/x86/kernel/irq_32.c
2725 --- linux-2.6.37/arch/x86/kernel/irq_32.c 2011-01-04 19:50:19.000000000 -0500
2726 -+++ linux-2.6.37/arch/x86/kernel/irq_32.c 2011-01-17 02:41:01.000000000 -0500
2727 ++++ linux-2.6.37/arch/x86/kernel/irq_32.c 2011-01-24 18:04:15.000000000 -0500
2728 @@ -91,7 +91,7 @@ execute_on_irq_stack(int overflow, struc
2729 return 0;
2730
2731 @@ -12810,7 +12821,29 @@ diff -urNp linux-2.6.37/arch/x86/kernel/irq_32.c linux-2.6.37/arch/x86/kernel/ir
2732 return 1;
2733 }
2734
2735 -@@ -171,9 +180,18 @@ asmlinkage void do_softirq(void)
2736 +@@ -129,8 +138,7 @@ void __cpuinit irq_ctx_init(int cpu)
2737 + irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
2738 + THREAD_FLAGS,
2739 + THREAD_ORDER));
2740 +- irqctx->tinfo.task = NULL;
2741 +- irqctx->tinfo.exec_domain = NULL;
2742 ++ memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
2743 + irqctx->tinfo.cpu = cpu;
2744 + irqctx->tinfo.preempt_count = HARDIRQ_OFFSET;
2745 + irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
2746 +@@ -140,10 +148,8 @@ void __cpuinit irq_ctx_init(int cpu)
2747 + irqctx = page_address(alloc_pages_node(cpu_to_node(cpu),
2748 + THREAD_FLAGS,
2749 + THREAD_ORDER));
2750 +- irqctx->tinfo.task = NULL;
2751 +- irqctx->tinfo.exec_domain = NULL;
2752 ++ memset(&irqctx->tinfo, 0, sizeof(struct thread_info));
2753 + irqctx->tinfo.cpu = cpu;
2754 +- irqctx->tinfo.preempt_count = 0;
2755 + irqctx->tinfo.addr_limit = MAKE_MM_SEG(0);
2756 +
2757 + per_cpu(softirq_ctx, cpu) = irqctx;
2758 +@@ -171,9 +177,18 @@ asmlinkage void do_softirq(void)
2759 irqctx->tinfo.previous_esp = current_stack_pointer;
2760
2761 /* build the stack frame on the softirq stack */
2762 @@ -15943,16 +15976,20 @@ diff -urNp linux-2.6.37/arch/x86/lib/getuser.S linux-2.6.37/arch/x86/lib/getuser
2763 ret
2764 diff -urNp linux-2.6.37/arch/x86/lib/insn.c linux-2.6.37/arch/x86/lib/insn.c
2765 --- linux-2.6.37/arch/x86/lib/insn.c 2011-01-04 19:50:19.000000000 -0500
2766 -+++ linux-2.6.37/arch/x86/lib/insn.c 2011-01-17 02:41:01.000000000 -0500
2767 -@@ -21,6 +21,7 @@
2768 ++++ linux-2.6.37/arch/x86/lib/insn.c 2011-01-24 18:04:15.000000000 -0500
2769 +@@ -21,6 +21,11 @@
2770 #include <linux/string.h>
2771 #include <asm/inat.h>
2772 #include <asm/insn.h>
2773 ++#ifdef __KERNEL__
2774 +#include <asm/pgtable_types.h>
2775 ++#else
2776 ++#define ktla_ktva(addr) addr
2777 ++#endif
2778
2779 #define get_next(t, insn) \
2780 ({t r; r = *(t*)insn->next_byte; insn->next_byte += sizeof(t); r; })
2781 -@@ -40,8 +41,8 @@
2782 +@@ -40,8 +45,8 @@
2783 void insn_init(struct insn *insn, const void *kaddr, int x86_64)
2784 {
2785 memset(insn, 0, sizeof(*insn));
2786 @@ -23513,98 +23550,106 @@ diff -urNp linux-2.6.37/drivers/char/hvc_console.h linux-2.6.37/drivers/char/hvc
2787
2788 diff -urNp linux-2.6.37/drivers/char/hvcs.c linux-2.6.37/drivers/char/hvcs.c
2789 --- linux-2.6.37/drivers/char/hvcs.c 2011-01-04 19:50:19.000000000 -0500
2790 -+++ linux-2.6.37/drivers/char/hvcs.c 2011-01-17 02:41:01.000000000 -0500
2791 -@@ -270,7 +270,7 @@ struct hvcs_struct {
2792 ++++ linux-2.6.37/drivers/char/hvcs.c 2011-01-25 20:24:56.000000000 -0500
2793 +@@ -83,6 +83,7 @@
2794 + #include <asm/hvcserver.h>
2795 + #include <asm/uaccess.h>
2796 + #include <asm/vio.h>
2797 ++#include <asm/local.h>
2798 +
2799 + /*
2800 + * 1.3.0 -> 1.3.1 In hvcs_open memset(..,0x00,..) instead of memset(..,0x3F,00).
2801 +@@ -270,7 +271,7 @@ struct hvcs_struct {
2802 unsigned int index;
2803
2804 struct tty_struct *tty;
2805 - int open_count;
2806 -+ atomic_t open_count;
2807 ++ local_t open_count;
2808
2809 /*
2810 * Used to tell the driver kernel_thread what operations need to take
2811 -@@ -420,7 +420,7 @@ static ssize_t hvcs_vterm_state_store(st
2812 +@@ -420,7 +421,7 @@ static ssize_t hvcs_vterm_state_store(st
2813
2814 spin_lock_irqsave(&hvcsd->lock, flags);
2815
2816 - if (hvcsd->open_count > 0) {
2817 -+ if (atomic_read(&hvcsd->open_count) > 0) {
2818 ++ if (local_read(&hvcsd->open_count) > 0) {
2819 spin_unlock_irqrestore(&hvcsd->lock, flags);
2820 printk(KERN_INFO "HVCS: vterm state unchanged. "
2821 "The hvcs device node is still in use.\n");
2822 -@@ -1136,7 +1136,7 @@ static int hvcs_open(struct tty_struct *
2823 +@@ -1136,7 +1137,7 @@ static int hvcs_open(struct tty_struct *
2824 if ((retval = hvcs_partner_connect(hvcsd)))
2825 goto error_release;
2826
2827 - hvcsd->open_count = 1;
2828 -+ atomic_set(&hvcsd->open_count, 1);
2829 ++ local_set(&hvcsd->open_count, 1);
2830 hvcsd->tty = tty;
2831 tty->driver_data = hvcsd;
2832
2833 -@@ -1170,7 +1170,7 @@ fast_open:
2834 +@@ -1170,7 +1171,7 @@ fast_open:
2835
2836 spin_lock_irqsave(&hvcsd->lock, flags);
2837 kref_get(&hvcsd->kref);
2838 - hvcsd->open_count++;
2839 -+ atomic_inc(&hvcsd->open_count);
2840 ++ local_inc(&hvcsd->open_count);
2841 hvcsd->todo_mask |= HVCS_SCHED_READ;
2842 spin_unlock_irqrestore(&hvcsd->lock, flags);
2843
2844 -@@ -1214,7 +1214,7 @@ static void hvcs_close(struct tty_struct
2845 +@@ -1214,7 +1215,7 @@ static void hvcs_close(struct tty_struct
2846 hvcsd = tty->driver_data;
2847
2848 spin_lock_irqsave(&hvcsd->lock, flags);
2849 - if (--hvcsd->open_count == 0) {
2850 -+ if (atomic_dec_and_test(&hvcsd->open_count)) {
2851 ++ if (local_dec_and_test(&hvcsd->open_count)) {
2852
2853 vio_disable_interrupts(hvcsd->vdev);
2854
2855 -@@ -1240,10 +1240,10 @@ static void hvcs_close(struct tty_struct
2856 +@@ -1240,10 +1241,10 @@ static void hvcs_close(struct tty_struct
2857 free_irq(irq, hvcsd);
2858 kref_put(&hvcsd->kref, destroy_hvcs_struct);
2859 return;
2860 - } else if (hvcsd->open_count < 0) {
2861 -+ } else if (atomic_read(&hvcsd->open_count) < 0) {
2862 ++ } else if (local_read(&hvcsd->open_count) < 0) {
2863 printk(KERN_ERR "HVCS: vty-server@%X open_count: %d"
2864 " is missmanaged.\n",
2865 - hvcsd->vdev->unit_address, hvcsd->open_count);
2866 -+ hvcsd->vdev->unit_address, atomic_read(&hvcsd->open_count));
2867 ++ hvcsd->vdev->unit_address, local_read(&hvcsd->open_count));
2868 }
2869
2870 spin_unlock_irqrestore(&hvcsd->lock, flags);
2871 -@@ -1259,7 +1259,7 @@ static void hvcs_hangup(struct tty_struc
2872 +@@ -1259,7 +1260,7 @@ static void hvcs_hangup(struct tty_struc
2873
2874 spin_lock_irqsave(&hvcsd->lock, flags);
2875 /* Preserve this so that we know how many kref refs to put */
2876 - temp_open_count = hvcsd->open_count;
2877 -+ temp_open_count = atomic_read(&hvcsd->open_count);
2878 ++ temp_open_count = local_read(&hvcsd->open_count);
2879
2880 /*
2881 * Don't kref put inside the spinlock because the destruction
2882 -@@ -1274,7 +1274,7 @@ static void hvcs_hangup(struct tty_struc
2883 +@@ -1274,7 +1275,7 @@ static void hvcs_hangup(struct tty_struc
2884 hvcsd->tty->driver_data = NULL;
2885 hvcsd->tty = NULL;
2886
2887 - hvcsd->open_count = 0;
2888 -+ atomic_set(&hvcsd->open_count, 0);
2889 ++ local_set(&hvcsd->open_count, 0);
2890
2891 /* This will drop any buffered data on the floor which is OK in a hangup
2892 * scenario. */
2893 -@@ -1345,7 +1345,7 @@ static int hvcs_write(struct tty_struct
2894 +@@ -1345,7 +1346,7 @@ static int hvcs_write(struct tty_struct
2895 * the middle of a write operation? This is a crummy place to do this
2896 * but we want to keep it all in the spinlock.
2897 */
2898 - if (hvcsd->open_count <= 0) {
2899 -+ if (atomic_read(&hvcsd->open_count) <= 0) {
2900 ++ if (local_read(&hvcsd->open_count) <= 0) {
2901 spin_unlock_irqrestore(&hvcsd->lock, flags);
2902 return -ENODEV;
2903 }
2904 -@@ -1419,7 +1419,7 @@ static int hvcs_write_room(struct tty_st
2905 +@@ -1419,7 +1420,7 @@ static int hvcs_write_room(struct tty_st
2906 {
2907 struct hvcs_struct *hvcsd = tty->driver_data;
2908
2909 - if (!hvcsd || hvcsd->open_count <= 0)
2910 -+ if (!hvcsd || atomic_read(&hvcsd->open_count) <= 0)
2911 ++ if (!hvcsd || local_read(&hvcsd->open_count) <= 0)
2912 return 0;
2913
2914 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
2915 @@ -23909,118 +23954,126 @@ diff -urNp linux-2.6.37/drivers/char/nvram.c linux-2.6.37/drivers/char/nvram.c
2916 static int __init nvram_init(void)
2917 diff -urNp linux-2.6.37/drivers/char/pcmcia/ipwireless/tty.c linux-2.6.37/drivers/char/pcmcia/ipwireless/tty.c
2918 --- linux-2.6.37/drivers/char/pcmcia/ipwireless/tty.c 2011-01-04 19:50:19.000000000 -0500
2919 -+++ linux-2.6.37/drivers/char/pcmcia/ipwireless/tty.c 2011-01-17 02:41:01.000000000 -0500
2920 -@@ -51,7 +51,7 @@ struct ipw_tty {
2921 ++++ linux-2.6.37/drivers/char/pcmcia/ipwireless/tty.c 2011-01-25 20:24:56.000000000 -0500
2922 +@@ -29,6 +29,7 @@
2923 + #include <linux/tty_driver.h>
2924 + #include <linux/tty_flip.h>
2925 + #include <linux/uaccess.h>
2926 ++#include <asm/local.h>
2927 +
2928 + #include "tty.h"
2929 + #include "network.h"
2930 +@@ -51,7 +52,7 @@ struct ipw_tty {
2931 int tty_type;
2932 struct ipw_network *network;
2933 struct tty_struct *linux_tty;
2934 - int open_count;
2935 -+ atomic_t open_count;
2936 ++ local_t open_count;
2937 unsigned int control_lines;
2938 struct mutex ipw_tty_mutex;
2939 int tx_bytes_queued;
2940 -@@ -127,10 +127,10 @@ static int ipw_open(struct tty_struct *l
2941 +@@ -127,10 +128,10 @@ static int ipw_open(struct tty_struct *l
2942 mutex_unlock(&tty->ipw_tty_mutex);
2943 return -ENODEV;
2944 }
2945 - if (tty->open_count == 0)
2946 -+ if (atomic_read(&tty->open_count) == 0)
2947 ++ if (local_read(&tty->open_count) == 0)
2948 tty->tx_bytes_queued = 0;
2949
2950 - tty->open_count++;
2951 -+ atomic_inc(&tty->open_count);
2952 ++ local_inc(&tty->open_count);
2953
2954 tty->linux_tty = linux_tty;
2955 linux_tty->driver_data = tty;
2956 -@@ -146,9 +146,7 @@ static int ipw_open(struct tty_struct *l
2957 +@@ -146,9 +147,7 @@ static int ipw_open(struct tty_struct *l
2958
2959 static void do_ipw_close(struct ipw_tty *tty)
2960 {
2961 - tty->open_count--;
2962 -
2963 - if (tty->open_count == 0) {
2964 -+ if (atomic_dec_return(&tty->open_count) == 0) {
2965 ++ if (local_dec_return(&tty->open_count) == 0) {
2966 struct tty_struct *linux_tty = tty->linux_tty;
2967
2968 if (linux_tty != NULL) {
2969 -@@ -169,7 +167,7 @@ static void ipw_hangup(struct tty_struct
2970 +@@ -169,7 +168,7 @@ static void ipw_hangup(struct tty_struct
2971 return;
2972
2973 mutex_lock(&tty->ipw_tty_mutex);
2974 - if (tty->open_count == 0) {
2975 -+ if (atomic_read(&tty->open_count) == 0) {
2976 ++ if (local_read(&tty->open_count) == 0) {
2977 mutex_unlock(&tty->ipw_tty_mutex);
2978 return;
2979 }
2980 -@@ -198,7 +196,7 @@ void ipwireless_tty_received(struct ipw_
2981 +@@ -198,7 +197,7 @@ void ipwireless_tty_received(struct ipw_
2982 return;
2983 }
2984
2985 - if (!tty->open_count) {
2986 -+ if (!atomic_read(&tty->open_count)) {
2987 ++ if (!local_read(&tty->open_count)) {
2988 mutex_unlock(&tty->ipw_tty_mutex);
2989 return;
2990 }
2991 -@@ -240,7 +238,7 @@ static int ipw_write(struct tty_struct *
2992 +@@ -240,7 +239,7 @@ static int ipw_write(struct tty_struct *
2993 return -ENODEV;
2994
2995 mutex_lock(&tty->ipw_tty_mutex);
2996 - if (!tty->open_count) {
2997 -+ if (!atomic_read(&tty->open_count)) {
2998 ++ if (!local_read(&tty->open_count)) {
2999 mutex_unlock(&tty->ipw_tty_mutex);
3000 return -EINVAL;
3001 }
3002 -@@ -280,7 +278,7 @@ static int ipw_write_room(struct tty_str
3003 +@@ -280,7 +279,7 @@ static int ipw_write_room(struct tty_str
3004 if (!tty)
3005 return -ENODEV;
3006
3007 - if (!tty->open_count)
3008 -+ if (!atomic_read(&tty->open_count))
3009 ++ if (!local_read(&tty->open_count))
3010 return -EINVAL;
3011
3012 room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
3013 -@@ -322,7 +320,7 @@ static int ipw_chars_in_buffer(struct tt
3014 +@@ -322,7 +321,7 @@ static int ipw_chars_in_buffer(struct tt
3015 if (!tty)
3016 return 0;
3017
3018 - if (!tty->open_count)
3019 -+ if (!atomic_read(&tty->open_count))
3020 ++ if (!local_read(&tty->open_count))
3021 return 0;
3022
3023 return tty->tx_bytes_queued;
3024 -@@ -403,7 +401,7 @@ static int ipw_tiocmget(struct tty_struc
3025 +@@ -403,7 +402,7 @@ static int ipw_tiocmget(struct tty_struc
3026 if (!tty)
3027 return -ENODEV;
3028
3029 - if (!tty->open_count)
3030 -+ if (!atomic_read(&tty->open_count))
3031 ++ if (!local_read(&tty->open_count))
3032 return -EINVAL;
3033
3034 return get_control_lines(tty);
3035 -@@ -419,7 +417,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
3036 +@@ -419,7 +418,7 @@ ipw_tiocmset(struct tty_struct *linux_tt
3037 if (!tty)
3038 return -ENODEV;
3039
3040 - if (!tty->open_count)
3041 -+ if (!atomic_read(&tty->open_count))
3042 ++ if (!local_read(&tty->open_count))
3043 return -EINVAL;
3044
3045 return set_control_lines(tty, set, clear);
3046 -@@ -433,7 +431,7 @@ static int ipw_ioctl(struct tty_struct *
3047 +@@ -433,7 +432,7 @@ static int ipw_ioctl(struct tty_struct *
3048 if (!tty)
3049 return -ENODEV;
3050
3051 - if (!tty->open_count)
3052 -+ if (!atomic_read(&tty->open_count))
3053 ++ if (!local_read(&tty->open_count))
3054 return -EINVAL;
3055
3056 /* FIXME: Exactly how is the tty object locked here .. */
3057 -@@ -582,7 +580,7 @@ void ipwireless_tty_free(struct ipw_tty
3058 +@@ -582,7 +581,7 @@ void ipwireless_tty_free(struct ipw_tty
3059 against a parallel ioctl etc */
3060 mutex_lock(&ttyj->ipw_tty_mutex);
3061 }
3062 - while (ttyj->open_count)
3063 -+ while (atomic_read(&ttyj->open_count))
3064 ++ while (local_read(&ttyj->open_count))
3065 do_ipw_close(ttyj);
3066 ipwireless_disassociate_network_ttys(network,
3067 ttyj->channel_idx);
3068 @@ -24079,34 +24132,42 @@ diff -urNp linux-2.6.37/drivers/char/random.c linux-2.6.37/drivers/char/random.c
3069
3070 diff -urNp linux-2.6.37/drivers/char/sonypi.c linux-2.6.37/drivers/char/sonypi.c
3071 --- linux-2.6.37/drivers/char/sonypi.c 2011-01-04 19:50:19.000000000 -0500
3072 -+++ linux-2.6.37/drivers/char/sonypi.c 2011-01-17 02:41:01.000000000 -0500
3073 -@@ -491,7 +491,7 @@ static struct sonypi_device {
3074 ++++ linux-2.6.37/drivers/char/sonypi.c 2011-01-25 20:24:56.000000000 -0500
3075 +@@ -55,6 +55,7 @@
3076 + #include <asm/uaccess.h>
3077 + #include <asm/io.h>
3078 + #include <asm/system.h>
3079 ++#include <asm/local.h>
3080 +
3081 + #include <linux/sonypi.h>
3082 +
3083 +@@ -491,7 +492,7 @@ static struct sonypi_device {
3084 spinlock_t fifo_lock;
3085 wait_queue_head_t fifo_proc_list;
3086 struct fasync_struct *fifo_async;
3087 - int open_count;
3088 -+ atomic_t open_count;
3089 ++ local_t open_count;
3090 int model;
3091 struct input_dev *input_jog_dev;
3092 struct input_dev *input_key_dev;
3093 -@@ -898,7 +898,7 @@ static int sonypi_misc_fasync(int fd, st
3094 +@@ -898,7 +899,7 @@ static int sonypi_misc_fasync(int fd, st
3095 static int sonypi_misc_release(struct inode *inode, struct file *file)
3096 {
3097 mutex_lock(&sonypi_device.lock);
3098 - sonypi_device.open_count--;
3099 -+ atomic_dec(&sonypi_device.open_count);
3100 ++ local_dec(&sonypi_device.open_count);
3101 mutex_unlock(&sonypi_device.lock);
3102 return 0;
3103 }
3104 -@@ -907,9 +907,9 @@ static int sonypi_misc_open(struct inode
3105 +@@ -907,9 +908,9 @@ static int sonypi_misc_open(struct inode
3106 {
3107 mutex_lock(&sonypi_device.lock);
3108 /* Flush input queue on first open */
3109 - if (!sonypi_device.open_count)
3110 -+ if (!atomic_read(&sonypi_device.open_count))
3111 ++ if (!local_read(&sonypi_device.open_count))
3112 kfifo_reset(&sonypi_device.fifo);
3113 - sonypi_device.open_count++;
3114 -+ atomic_inc(&sonypi_device.open_count);
3115 ++ local_inc(&sonypi_device.open_count);
3116 mutex_unlock(&sonypi_device.lock);
3117
3118 return 0;
3119 @@ -24251,7 +24312,7 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/drm_drv.c linux-2.6.37/drivers/gpu/drm/d
3120 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
3121 diff -urNp linux-2.6.37/drivers/gpu/drm/drm_fops.c linux-2.6.37/drivers/gpu/drm/drm_fops.c
3122 --- linux-2.6.37/drivers/gpu/drm/drm_fops.c 2011-01-04 19:50:19.000000000 -0500
3123 -+++ linux-2.6.37/drivers/gpu/drm/drm_fops.c 2011-01-17 02:41:01.000000000 -0500
3124 ++++ linux-2.6.37/drivers/gpu/drm/drm_fops.c 2011-01-24 18:04:15.000000000 -0500
3125 @@ -70,7 +70,7 @@ static int drm_setup(struct drm_device *
3126 }
3127
3128 @@ -24268,7 +24329,7 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/drm_fops.c linux-2.6.37/drivers/gpu/drm/
3129 - atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
3130 - if (!dev->open_count++)
3131 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]);
3132 -+ if (atomic_inc_return(&dev->open_count) == 1)
3133 ++ if (local_inc_return(&dev->open_count) == 1)
3134 retcode = drm_setup(dev);
3135 }
3136 if (!retcode) {
3137 @@ -24277,7 +24338,7 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/drm_fops.c linux-2.6.37/drivers/gpu/drm/
3138 mutex_lock(&drm_global_mutex);
3139
3140 - DRM_DEBUG("open_count = %d\n", dev->open_count);
3141 -+ DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count));
3142 ++ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count));
3143
3144 if (dev->driver->preclose)
3145 dev->driver->preclose(dev, file_priv);
3146 @@ -24286,7 +24347,7 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/drm_fops.c linux-2.6.37/drivers/gpu/drm/
3147 task_pid_nr(current),
3148 (long)old_encode_dev(file_priv->minor->device),
3149 - dev->open_count);
3150 -+ atomic_read(&dev->open_count));
3151 ++ local_read(&dev->open_count));
3152
3153 /* if the master has gone away we can't do anything with the lock */
3154 if (file_priv->minor->master)
3155 @@ -24297,7 +24358,7 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/drm_fops.c linux-2.6.37/drivers/gpu/drm/
3156 - atomic_inc(&dev->counts[_DRM_STAT_CLOSES]);
3157 - if (!--dev->open_count) {
3158 + atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]);
3159 -+ if (atomic_dec_and_test(&dev->open_count)) {
3160 ++ if (local_dec_and_test(&dev->open_count)) {
3161 if (atomic_read(&dev->ioctl_count)) {
3162 DRM_ERROR("Device busy: %d\n",
3163 atomic_read(&dev->ioctl_count));
3164 @@ -24547,13 +24608,13 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/i915/dvo_tfp410.c linux-2.6.37/drivers/g
3165 .mode_valid = tfp410_mode_valid,
3166 diff -urNp linux-2.6.37/drivers/gpu/drm/i915/i915_dma.c linux-2.6.37/drivers/gpu/drm/i915/i915_dma.c
3167 --- linux-2.6.37/drivers/gpu/drm/i915/i915_dma.c 2011-01-04 19:50:19.000000000 -0500
3168 -+++ linux-2.6.37/drivers/gpu/drm/i915/i915_dma.c 2011-01-17 02:41:01.000000000 -0500
3169 ++++ linux-2.6.37/drivers/gpu/drm/i915/i915_dma.c 2011-01-24 18:04:15.000000000 -0500
3170 @@ -1191,7 +1191,7 @@ static bool i915_switcheroo_can_switch(s
3171 bool can_switch;
3172
3173 spin_lock(&dev->count_lock);
3174 - can_switch = (dev->open_count == 0);
3175 -+ can_switch = (atomic_read(&dev->open_count) == 0);
3176 ++ can_switch = (local_read(&dev->open_count) == 0);
3177 spin_unlock(&dev->count_lock);
3178 return can_switch;
3179 }
3180 @@ -24603,13 +24664,13 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/nouveau/nouveau_backlight.c linux-2.6.37
3181 .update_status = nv50_set_intensity,
3182 diff -urNp linux-2.6.37/drivers/gpu/drm/nouveau/nouveau_state.c linux-2.6.37/drivers/gpu/drm/nouveau/nouveau_state.c
3183 --- linux-2.6.37/drivers/gpu/drm/nouveau/nouveau_state.c 2011-01-04 19:50:19.000000000 -0500
3184 -+++ linux-2.6.37/drivers/gpu/drm/nouveau/nouveau_state.c 2011-01-17 02:41:01.000000000 -0500
3185 ++++ linux-2.6.37/drivers/gpu/drm/nouveau/nouveau_state.c 2011-01-24 18:04:15.000000000 -0500
3186 @@ -546,7 +546,7 @@ static bool nouveau_switcheroo_can_switc
3187 bool can_switch;
3188
3189 spin_lock(&dev->count_lock);
3190 - can_switch = (dev->open_count == 0);
3191 -+ can_switch = (atomic_read(&dev->open_count) == 0);
3192 ++ can_switch = (local_read(&dev->open_count) == 0);
3193 spin_unlock(&dev->count_lock);
3194 return can_switch;
3195 }
3196 @@ -24635,13 +24696,13 @@ diff -urNp linux-2.6.37/drivers/gpu/drm/radeon/mkregtable.c linux-2.6.37/drivers
3197 (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
3198 diff -urNp linux-2.6.37/drivers/gpu/drm/radeon/radeon_device.c linux-2.6.37/drivers/gpu/drm/radeon/radeon_device.c
3199 --- linux-2.6.37/drivers/gpu/drm/radeon/radeon_device.c 2011-01-04 19:50:19.000000000 -0500
3200 -+++ linux-2.6.37/drivers/gpu/drm/radeon/radeon_device.c 2011-01-17 02:41:01.000000000 -0500
3201 ++++ linux-2.6.37/drivers/gpu/drm/radeon/radeon_device.c 2011-01-24 18:04:15.000000000 -0500
3202 @@ -659,7 +659,7 @@ static bool radeon_switcheroo_can_switch
3203 bool can_switch;
3204
3205 spin_lock(&dev->count_lock);
3206 - can_switch = (dev->open_count == 0);
3207 -+ can_switch = (atomic_read(&dev->open_count) == 0);
3208 ++ can_switch = (local_read(&dev->open_count) == 0);
3209 spin_unlock(&dev->count_lock);
3210 return can_switch;
3211 }
3212 @@ -25252,31 +25313,39 @@ diff -urNp linux-2.6.37/drivers/input/serio/serio_raw.c linux-2.6.37/drivers/inp
3213 MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids);
3214 diff -urNp linux-2.6.37/drivers/isdn/gigaset/common.c linux-2.6.37/drivers/isdn/gigaset/common.c
3215 --- linux-2.6.37/drivers/isdn/gigaset/common.c 2011-01-04 19:50:19.000000000 -0500
3216 -+++ linux-2.6.37/drivers/isdn/gigaset/common.c 2011-01-17 02:41:01.000000000 -0500
3217 ++++ linux-2.6.37/drivers/isdn/gigaset/common.c 2011-01-24 18:04:15.000000000 -0500
3218 @@ -723,7 +723,7 @@ struct cardstate *gigaset_initcs(struct
3219 cs->commands_pending = 0;
3220 cs->cur_at_seq = 0;
3221 cs->gotfwver = -1;
3222 - cs->open_count = 0;
3223 -+ atomic_set(&cs->open_count, 0);
3224 ++ local_set(&cs->open_count, 0);
3225 cs->dev = NULL;
3226 cs->tty = NULL;
3227 cs->tty_dev = NULL;
3228 diff -urNp linux-2.6.37/drivers/isdn/gigaset/gigaset.h linux-2.6.37/drivers/isdn/gigaset/gigaset.h
3229 --- linux-2.6.37/drivers/isdn/gigaset/gigaset.h 2011-01-04 19:50:19.000000000 -0500
3230 -+++ linux-2.6.37/drivers/isdn/gigaset/gigaset.h 2011-01-17 02:41:01.000000000 -0500
3231 -@@ -433,7 +433,7 @@ struct cardstate {
3232 ++++ linux-2.6.37/drivers/isdn/gigaset/gigaset.h 2011-01-25 20:24:56.000000000 -0500
3233 +@@ -35,6 +35,7 @@
3234 + #include <linux/tty_driver.h>
3235 + #include <linux/list.h>
3236 + #include <asm/atomic.h>
3237 ++#include <asm/local.h>
3238 +
3239 + #define GIG_VERSION {0, 5, 0, 0}
3240 + #define GIG_COMPAT {0, 4, 0, 0}
3241 +@@ -433,7 +434,7 @@ struct cardstate {
3242 spinlock_t cmdlock;
3243 unsigned curlen, cmdbytes;
3244
3245 - unsigned open_count;
3246 -+ atomic_t open_count;
3247 ++ local_t open_count;
3248 struct tty_struct *tty;
3249 struct tasklet_struct if_wake_tasklet;
3250 unsigned control_state;
3251 diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/isdn/gigaset/interface.c
3252 --- linux-2.6.37/drivers/isdn/gigaset/interface.c 2011-01-04 19:50:19.000000000 -0500
3253 -+++ linux-2.6.37/drivers/isdn/gigaset/interface.c 2011-01-17 02:41:01.000000000 -0500
3254 ++++ linux-2.6.37/drivers/isdn/gigaset/interface.c 2011-01-24 18:04:15.000000000 -0500
3255 @@ -160,9 +160,7 @@ static int if_open(struct tty_struct *tt
3256 return -ERESTARTSYS;
3257 tty->driver_data = cs;
3258 @@ -25284,7 +25353,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3259 - ++cs->open_count;
3260 -
3261 - if (cs->open_count == 1) {
3262 -+ if (atomic_inc_return(&cs->open_count) == 1) {
3263 ++ if (local_inc_return(&cs->open_count) == 1) {
3264 spin_lock_irqsave(&cs->lock, flags);
3265 cs->tty = tty;
3266 spin_unlock_irqrestore(&cs->lock, flags);
3267 @@ -25293,11 +25362,11 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3268 if (!cs->connected)
3269 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
3270 - else if (!cs->open_count)
3271 -+ else if (!atomic_read(&cs->open_count))
3272 ++ else if (!local_read(&cs->open_count))
3273 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3274 else {
3275 - if (!--cs->open_count) {
3276 -+ if (!atomic_dec_return(&cs->open_count)) {
3277 ++ if (!local_dec_return(&cs->open_count)) {
3278 spin_lock_irqsave(&cs->lock, flags);
3279 cs->tty = NULL;
3280 spin_unlock_irqrestore(&cs->lock, flags);
3281 @@ -25306,7 +25375,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3282 gig_dbg(DEBUG_IF, "not connected");
3283 retval = -ENODEV;
3284 - } else if (!cs->open_count)
3285 -+ } else if (!atomic_read(&cs->open_count))
3286 ++ } else if (!local_read(&cs->open_count))
3287 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3288 else {
3289 retval = 0;
3290 @@ -25315,7 +25384,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3291 goto done;
3292 }
3293 - if (!cs->open_count) {
3294 -+ if (!atomic_read(&cs->open_count)) {
3295 ++ if (!local_read(&cs->open_count)) {
3296 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3297 retval = -ENODEV;
3298 goto done;
3299 @@ -25324,7 +25393,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3300 gig_dbg(DEBUG_IF, "not connected");
3301 retval = -ENODEV;
3302 - } else if (!cs->open_count)
3303 -+ } else if (!atomic_read(&cs->open_count))
3304 ++ } else if (!local_read(&cs->open_count))
3305 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3306 else if (cs->mstate != MS_LOCKED) {
3307 dev_warn(cs->dev, "can't write to unlocked device\n");
3308 @@ -25333,7 +25402,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3309 if (!cs->connected)
3310 gig_dbg(DEBUG_IF, "not connected");
3311 - else if (!cs->open_count)
3312 -+ else if (!atomic_read(&cs->open_count))
3313 ++ else if (!local_read(&cs->open_count))
3314 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3315 else if (cs->mstate != MS_LOCKED)
3316 dev_warn(cs->dev, "can't write to unlocked device\n");
3317 @@ -25342,7 +25411,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3318 if (!cs->connected)
3319 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
3320 - else if (!cs->open_count)
3321 -+ else if (!atomic_read(&cs->open_count))
3322 ++ else if (!local_read(&cs->open_count))
3323 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3324 else
3325 gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__);
3326 @@ -25351,7 +25420,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3327 if (!cs->connected)
3328 gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */
3329 - else if (!cs->open_count)
3330 -+ else if (!atomic_read(&cs->open_count))
3331 ++ else if (!local_read(&cs->open_count))
3332 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3333 else
3334 gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__);
3335 @@ -25360,7 +25429,7 @@ diff -urNp linux-2.6.37/drivers/isdn/gigaset/interface.c linux-2.6.37/drivers/is
3336 }
3337
3338 - if (!cs->open_count) {
3339 -+ if (!atomic_read(&cs->open_count)) {
3340 ++ if (!local_read(&cs->open_count)) {
3341 dev_warn(cs->dev, "%s: device not opened\n", __func__);
3342 goto out;
3343 }
3344 @@ -25669,6 +25738,18 @@ diff -urNp linux-2.6.37/drivers/media/dvb/dvb-core/dvbdev.c linux-2.6.37/drivers
3345 struct file_operations *dvbdevfops;
3346 struct device *clsdev;
3347 int minor;
3348 +diff -urNp linux-2.6.37/drivers/media/dvb/ttpci/av7110_ca.c linux-2.6.37/drivers/media/dvb/ttpci/av7110_ca.c
3349 +--- linux-2.6.37/drivers/media/dvb/ttpci/av7110_ca.c 2011-01-04 19:50:19.000000000 -0500
3350 ++++ linux-2.6.37/drivers/media/dvb/ttpci/av7110_ca.c 2011-01-24 18:13:05.000000000 -0500
3351 +@@ -277,7 +277,7 @@ static int dvb_ca_ioctl(struct file *fil
3352 + {
3353 + ca_slot_info_t *info=(ca_slot_info_t *)parg;
3354 +
3355 +- if (info->num > 1)
3356 ++ if (info->num < 0 || info->num > 1)
3357 + return -EINVAL;
3358 + av7110->ci_slot[info->num].num = info->num;
3359 + av7110->ci_slot[info->num].type = FW_CI_LL_SUPPORT(av7110->arm_app) ?
3360 diff -urNp linux-2.6.37/drivers/media/IR/ir-lirc-codec.c linux-2.6.37/drivers/media/IR/ir-lirc-codec.c
3361 --- linux-2.6.37/drivers/media/IR/ir-lirc-codec.c 2011-01-04 19:50:19.000000000 -0500
3362 +++ linux-2.6.37/drivers/media/IR/ir-lirc-codec.c 2011-01-17 02:41:01.000000000 -0500
3363 @@ -26618,13 +26699,22 @@ diff -urNp linux-2.6.37/drivers/net/tulip/de4x5.c linux-2.6.37/drivers/net/tulip
3364 }
3365 diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3366 --- linux-2.6.37/drivers/net/usb/hso.c 2011-01-04 19:50:19.000000000 -0500
3367 -+++ linux-2.6.37/drivers/net/usb/hso.c 2011-01-17 02:41:01.000000000 -0500
3368 ++++ linux-2.6.37/drivers/net/usb/hso.c 2011-01-24 18:04:15.000000000 -0500
3369 +@@ -71,7 +71,7 @@
3370 + #include <asm/byteorder.h>
3371 + #include <linux/serial_core.h>
3372 + #include <linux/serial.h>
3373 +-
3374 ++#include <asm/local.h>
3375 +
3376 + #define MOD_AUTHOR "Option Wireless"
3377 + #define MOD_DESCRIPTION "USB High Speed Option driver"
3378 @@ -257,7 +257,7 @@ struct hso_serial {
3379
3380 /* from usb_serial_port */
3381 struct tty_struct *tty;
3382 - int open_count;
3383 -+ atomic_t open_count;
3384 ++ local_t open_count;
3385 spinlock_t serial_lock;
3386
3387 int (*write_data) (struct hso_serial *serial);
3388 @@ -26633,7 +26723,7 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3389
3390 urb = serial->rx_urb[0];
3391 - if (serial->open_count > 0) {
3392 -+ if (atomic_read(&serial->open_count) > 0) {
3393 ++ if (local_read(&serial->open_count) > 0) {
3394 count = put_rxbuf_data(urb, serial);
3395 if (count == -1)
3396 return;
3397 @@ -26642,7 +26732,7 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3398
3399 /* Anyone listening? */
3400 - if (serial->open_count == 0)
3401 -+ if (atomic_read(&serial->open_count) == 0)
3402 ++ if (local_read(&serial->open_count) == 0)
3403 return;
3404
3405 if (status == 0) {
3406 @@ -26652,7 +26742,7 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3407 /* check for port already opened, if not set the termios */
3408 - serial->open_count++;
3409 - if (serial->open_count == 1) {
3410 -+ if (atomic_inc_return(&serial->open_count) == 1) {
3411 ++ if (local_inc_return(&serial->open_count) == 1) {
3412 serial->rx_state = RX_IDLE;
3413 /* Force default termio settings */
3414 _hso_serial_set_termios(tty, NULL);
3415 @@ -26661,7 +26751,7 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3416 if (result) {
3417 hso_stop_serial_device(serial->parent);
3418 - serial->open_count--;
3419 -+ atomic_dec(&serial->open_count);
3420 ++ local_dec(&serial->open_count);
3421 kref_put(&serial->parent->ref, hso_serial_ref_free);
3422 }
3423 } else {
3424 @@ -26670,12 +26760,12 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3425 /* reset the rts and dtr */
3426 /* do the actual close */
3427 - serial->open_count--;
3428 -+ atomic_dec(&serial->open_count);
3429 ++ local_dec(&serial->open_count);
3430
3431 - if (serial->open_count <= 0) {
3432 - serial->open_count = 0;
3433 -+ if (atomic_read(&serial->open_count) <= 0) {
3434 -+ atomic_set(&serial->open_count, 0);
3435 ++ if (local_read(&serial->open_count) <= 0) {
3436 ++ local_set(&serial->open_count, 0);
3437 spin_lock_irq(&serial->serial_lock);
3438 if (serial->tty == tty) {
3439 serial->tty->driver_data = NULL;
3440 @@ -26684,7 +26774,7 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3441 /* the actual setup */
3442 spin_lock_irqsave(&serial->serial_lock, flags);
3443 - if (serial->open_count)
3444 -+ if (atomic_read(&serial->open_count))
3445 ++ if (local_read(&serial->open_count))
3446 _hso_serial_set_termios(tty, old);
3447 else
3448 tty->termios = old;
3449 @@ -26693,7 +26783,7 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3450 spin_lock(&serial->serial_lock);
3451 if (serial->rx_state == RX_IDLE &&
3452 - serial->open_count > 0) {
3453 -+ atomic_read(&serial->open_count) > 0) {
3454 ++ local_read(&serial->open_count) > 0) {
3455 /* Setup and send a ctrl req read on
3456 * port i */
3457 if (!serial->rx_urb_filled[0]) {
3458 @@ -26702,7 +26792,7 @@ diff -urNp linux-2.6.37/drivers/net/usb/hso.c linux-2.6.37/drivers/net/usb/hso.c
3459 for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
3460 if (serial_table[i] && (serial_table[i]->interface == iface)) {
3461 - if (dev2ser(serial_table[i])->open_count) {
3462 -+ if (atomic_read(&dev2ser(serial_table[i])->open_count)) {
3463 ++ if (local_read(&dev2ser(serial_table[i])->open_count)) {
3464 result =
3465 hso_start_serial_device(serial_table[i], GFP_NOIO);
3466 hso_kick_transmit(dev2ser(serial_table[i]));
3467 @@ -26956,6 +27046,26 @@ diff -urNp linux-2.6.37/drivers/pci/pcie/portdrv_pci.c linux-2.6.37/drivers/pci/
3468 };
3469 MODULE_DEVICE_TABLE(pci, port_pci_ids);
3470
3471 +diff -urNp linux-2.6.37/drivers/pci/pci-sysfs.c linux-2.6.37/drivers/pci/pci-sysfs.c
3472 +--- linux-2.6.37/drivers/pci/pci-sysfs.c 2011-01-04 19:50:19.000000000 -0500
3473 ++++ linux-2.6.37/drivers/pci/pci-sysfs.c 2011-02-12 10:32:55.000000000 -0500
3474 +@@ -23,6 +23,7 @@
3475 + #include <linux/mm.h>
3476 + #include <linux/fs.h>
3477 + #include <linux/capability.h>
3478 ++#include <linux/security.h>
3479 + #include <linux/pci-aspm.h>
3480 + #include <linux/slab.h>
3481 + #include "pci.h"
3482 +@@ -368,7 +369,7 @@ pci_read_config(struct file *filp, struc
3483 + u8 *data = (u8*) buf;
3484 +
3485 + /* Several chips lock up trying to read undefined config space */
3486 +- if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {
3487 ++ if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
3488 + size = dev->cfg_size;
3489 + } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
3490 + size = 128;
3491 diff -urNp linux-2.6.37/drivers/pci/probe.c linux-2.6.37/drivers/pci/probe.c
3492 --- linux-2.6.37/drivers/pci/probe.c 2011-01-04 19:50:19.000000000 -0500
3493 +++ linux-2.6.37/drivers/pci/probe.c 2011-01-17 02:41:01.000000000 -0500
3494 @@ -27525,7 +27635,7 @@ diff -urNp linux-2.6.37/drivers/serial/kgdboc.c linux-2.6.37/drivers/serial/kgdb
3495 .read_char = kgdboc_get_char,
3496 diff -urNp linux-2.6.37/drivers/staging/autofs/root.c linux-2.6.37/drivers/staging/autofs/root.c
3497 --- linux-2.6.37/drivers/staging/autofs/root.c 2011-01-04 19:50:19.000000000 -0500
3498 -+++ linux-2.6.37/drivers/staging/autofs/root.c 2011-01-17 21:04:34.000000000 -0500
3499 ++++ linux-2.6.37/drivers/staging/autofs/root.c 2011-01-24 18:04:18.000000000 -0500
3500 @@ -308,7 +308,8 @@ static int autofs_root_symlink(struct in
3501 set_bit(n,sbi->symlink_bitmap);
3502 sl = &sbi->symlink[n];
3503 @@ -27560,6 +27670,76 @@ diff -urNp linux-2.6.37/drivers/staging/bcm/InterfaceInit.c linux-2.6.37/drivers
3504 .open = usbbcm_open,
3505 .release = usbbcm_release,
3506 .read = usbbcm_read,
3507 +diff -urNp linux-2.6.37/drivers/staging/brcm80211/brcmfmac/dhd_linux.c linux-2.6.37/drivers/staging/brcm80211/brcmfmac/dhd_linux.c
3508 +--- linux-2.6.37/drivers/staging/brcm80211/brcmfmac/dhd_linux.c 2011-01-04 19:50:19.000000000 -0500
3509 ++++ linux-2.6.37/drivers/staging/brcm80211/brcmfmac/dhd_linux.c 2011-01-24 18:04:18.000000000 -0500
3510 +@@ -864,14 +864,14 @@ static void dhd_op_if(dhd_if_t *ifp)
3511 + free_netdev(ifp->net);
3512 + }
3513 + /* Allocate etherdev, including space for private structure */
3514 +- ifp->net = alloc_etherdev(sizeof(dhd));
3515 ++ ifp->net = alloc_etherdev(sizeof(*dhd));
3516 + if (!ifp->net) {
3517 + DHD_ERROR(("%s: OOM - alloc_etherdev\n", __func__));
3518 + ret = -ENOMEM;
3519 + }
3520 + if (ret == 0) {
3521 + strcpy(ifp->net->name, ifp->name);
3522 +- memcpy(netdev_priv(ifp->net), &dhd, sizeof(dhd));
3523 ++ memcpy(netdev_priv(ifp->net), dhd, sizeof(*dhd));
3524 + err = dhd_net_attach(&dhd->pub, ifp->idx);
3525 + if (err != 0) {
3526 + DHD_ERROR(("%s: dhd_net_attach failed, "
3527 +@@ -1891,25 +1891,23 @@ dhd_pub_t *dhd_attach(osl_t *osh, struct
3528 + strcpy(nv_path, nvram_path);
3529 +
3530 + /* Allocate etherdev, including space for private structure */
3531 +- net = alloc_etherdev(sizeof(dhd));
3532 ++ net = alloc_etherdev(sizeof(*dhd));
3533 + if (!net) {
3534 + DHD_ERROR(("%s: OOM - alloc_etherdev\n", __func__));
3535 + goto fail;
3536 + }
3537 +
3538 + /* Allocate primary dhd_info */
3539 +- dhd = kmalloc(sizeof(dhd_info_t), GFP_ATOMIC);
3540 ++ dhd = kzalloc(sizeof(dhd_info_t), GFP_ATOMIC);
3541 + if (!dhd) {
3542 + DHD_ERROR(("%s: OOM - alloc dhd_info\n", __func__));
3543 + goto fail;
3544 + }
3545 +
3546 +- memset(dhd, 0, sizeof(dhd_info_t));
3547 +-
3548 + /*
3549 + * Save the dhd_info into the priv
3550 + */
3551 +- memcpy(netdev_priv(net), &dhd, sizeof(dhd));
3552 ++ memcpy(netdev_priv(net), dhd, sizeof(*dhd));
3553 + dhd->pub.osh = osh;
3554 +
3555 + /* Set network interface name if it was provided as module parameter */
3556 +@@ -2027,7 +2025,7 @@ dhd_pub_t *dhd_attach(osl_t *osh, struct
3557 + /*
3558 + * Save the dhd_info into the priv
3559 + */
3560 +- memcpy(netdev_priv(net), &dhd, sizeof(dhd));
3561 ++ memcpy(netdev_priv(net), dhd, sizeof(*dhd));
3562 +
3563 + #if defined(CUSTOMER_HW2) && defined(CONFIG_WIFI_CONTROL_FUNC)
3564 + g_bus = bus;
3565 +diff -urNp linux-2.6.37/drivers/staging/brcm80211/brcmfmac/wl_iw.c linux-2.6.37/drivers/staging/brcm80211/brcmfmac/wl_iw.c
3566 +--- linux-2.6.37/drivers/staging/brcm80211/brcmfmac/wl_iw.c 2011-01-04 19:50:19.000000000 -0500
3567 ++++ linux-2.6.37/drivers/staging/brcm80211/brcmfmac/wl_iw.c 2011-01-24 18:04:18.000000000 -0500
3568 +@@ -514,7 +514,7 @@ wl_iw_get_range(struct net_device *dev,
3569 + list = (wl_u32_list_t *) channels;
3570 +
3571 + dwrq->length = sizeof(struct iw_range);
3572 +- memset(range, 0, sizeof(range));
3573 ++ memset(range, 0, sizeof(*range));
3574 +
3575 + range->min_nwid = range->max_nwid = 0;
3576 +
3577 diff -urNp linux-2.6.37/drivers/staging/comedi/comedi_fops.c linux-2.6.37/drivers/staging/comedi/comedi_fops.c
3578 --- linux-2.6.37/drivers/staging/comedi/comedi_fops.c 2011-01-04 19:50:19.000000000 -0500
3579 +++ linux-2.6.37/drivers/staging/comedi/comedi_fops.c 2011-01-17 02:41:01.000000000 -0500
3580 @@ -28058,6 +28238,42 @@ diff -urNp linux-2.6.37/drivers/tty/vt/vt_ioctl.c linux-2.6.37/drivers/tty/vt/vt
3581 if (!perm) {
3582 ret = -EPERM;
3583 goto reterr;
3584 +diff -urNp linux-2.6.37/drivers/uio/uio.c linux-2.6.37/drivers/uio/uio.c
3585 +--- linux-2.6.37/drivers/uio/uio.c 2011-01-04 19:50:19.000000000 -0500
3586 ++++ linux-2.6.37/drivers/uio/uio.c 2011-01-24 18:04:18.000000000 -0500
3587 +@@ -25,6 +25,7 @@
3588 + #include <linux/kobject.h>
3589 + #include <linux/cdev.h>
3590 + #include <linux/uio_driver.h>
3591 ++#include <asm/local.h>
3592 +
3593 + #define UIO_MAX_DEVICES (1U << MINORBITS)
3594 +
3595 +@@ -35,7 +36,7 @@ struct uio_device {
3596 + atomic_t event;
3597 + struct fasync_struct *async_queue;
3598 + wait_queue_head_t wait;
3599 +- int vma_count;
3600 ++ local_t vma_count;
3601 + struct uio_info *info;
3602 + struct kobject *map_dir;
3603 + struct kobject *portio_dir;
3604 +@@ -602,13 +603,13 @@ static int uio_find_mem_index(struct vm_
3605 + static void uio_vma_open(struct vm_area_struct *vma)
3606 + {
3607 + struct uio_device *idev = vma->vm_private_data;
3608 +- idev->vma_count++;
3609 ++ local_inc(&idev->vma_count);
3610 + }
3611 +
3612 + static void uio_vma_close(struct vm_area_struct *vma)
3613 + {
3614 + struct uio_device *idev = vma->vm_private_data;
3615 +- idev->vma_count--;
3616 ++ local_dec(&idev->vma_count);
3617 + }
3618 +
3619 + static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
3620 diff -urNp linux-2.6.37/drivers/usb/atm/cxacru.c linux-2.6.37/drivers/usb/atm/cxacru.c
3621 --- linux-2.6.37/drivers/usb/atm/cxacru.c 2011-01-04 19:50:19.000000000 -0500
3622 +++ linux-2.6.37/drivers/usb/atm/cxacru.c 2011-01-17 02:41:01.000000000 -0500
3623 @@ -30054,6 +30270,40 @@ diff -urNp linux-2.6.37/fs/btrfs/inode.c linux-2.6.37/fs/btrfs/inode.c
3624 .fill_delalloc = run_delalloc_range,
3625 .submit_bio_hook = btrfs_submit_bio_hook,
3626 .merge_bio_hook = btrfs_merge_bio_hook,
3627 +diff -urNp linux-2.6.37/fs/btrfs/ioctl.c linux-2.6.37/fs/btrfs/ioctl.c
3628 +--- linux-2.6.37/fs/btrfs/ioctl.c 2011-01-04 19:50:19.000000000 -0500
3629 ++++ linux-2.6.37/fs/btrfs/ioctl.c 2011-02-12 10:29:31.000000000 -0500
3630 +@@ -2087,7 +2087,7 @@ long btrfs_ioctl_space_info(struct btrfs
3631 + int num_types = 4;
3632 + int alloc_size;
3633 + int ret = 0;
3634 +- int slot_count = 0;
3635 ++ u64 slot_count = 0;
3636 + int i, c;
3637 +
3638 + if (copy_from_user(&space_args,
3639 +@@ -2126,7 +2126,7 @@ long btrfs_ioctl_space_info(struct btrfs
3640 + goto out;
3641 + }
3642 +
3643 +- slot_count = min_t(int, space_args.space_slots, slot_count);
3644 ++ slot_count = min_t(u64, space_args.space_slots, slot_count);
3645 +
3646 + alloc_size = sizeof(*dest) * slot_count;
3647 +
3648 +@@ -2146,6 +2146,12 @@ long btrfs_ioctl_space_info(struct btrfs
3649 + for (i = 0; i < num_types; i++) {
3650 + struct btrfs_space_info *tmp;
3651 +
3652 ++ /* Don't copy in more than we allocated */
3653 ++ if (!slot_count)
3654 ++ break;
3655 ++
3656 ++ slot_count--;
3657 ++
3658 + info = NULL;
3659 + rcu_read_lock();
3660 + list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
3661 diff -urNp linux-2.6.37/fs/btrfs/relocation.c linux-2.6.37/fs/btrfs/relocation.c
3662 --- linux-2.6.37/fs/btrfs/relocation.c 2011-01-04 19:50:19.000000000 -0500
3663 +++ linux-2.6.37/fs/btrfs/relocation.c 2011-01-17 02:41:01.000000000 -0500
3664 @@ -30474,7 +30724,7 @@ diff -urNp linux-2.6.37/fs/ecryptfs/miscdev.c linux-2.6.37/fs/ecryptfs/miscdev.c
3665 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
3666 diff -urNp linux-2.6.37/fs/exec.c linux-2.6.37/fs/exec.c
3667 --- linux-2.6.37/fs/exec.c 2011-01-04 19:50:19.000000000 -0500
3668 -+++ linux-2.6.37/fs/exec.c 2011-01-17 02:41:01.000000000 -0500
3669 ++++ linux-2.6.37/fs/exec.c 2011-02-12 11:21:04.000000000 -0500
3670 @@ -55,12 +55,24 @@
3671 #include <linux/fs_struct.h>
3672 #include <linux/pipe_fs_i.h>
3673 @@ -31000,7 +31250,7 @@ diff -urNp linux-2.6.37/fs/exec.c linux-2.6.37/fs/exec.c
3674 goto fail_corename;
3675 }
3676
3677 -+ if (signr == SIGKILL || signr == SIGILL)
3678 ++ if (signr == SIGSEGV || signr == SIGBUS || signr == SIGKILL || signr == SIGILL)
3679 + gr_handle_brute_attach(current);
3680 + gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
3681 +
3682 @@ -44979,8 +45229,16 @@ diff -urNp linux-2.6.37/include/drm/drm_pciids.h linux-2.6.37/include/drm/drm_pc
3683 + {0, 0, 0, 0, 0, 0}
3684 diff -urNp linux-2.6.37/include/drm/drmP.h linux-2.6.37/include/drm/drmP.h
3685 --- linux-2.6.37/include/drm/drmP.h 2011-01-04 19:50:19.000000000 -0500
3686 -+++ linux-2.6.37/include/drm/drmP.h 2011-01-17 02:41:02.000000000 -0500
3687 -@@ -804,7 +804,7 @@ struct drm_driver {
3688 ++++ linux-2.6.37/include/drm/drmP.h 2011-01-24 18:04:18.000000000 -0500
3689 +@@ -73,6 +73,7 @@
3690 + #include <linux/workqueue.h>
3691 + #include <linux/poll.h>
3692 + #include <asm/pgalloc.h>
3693 ++#include <asm/local.h>
3694 + #include "drm.h"
3695 +
3696 + #include <linux/idr.h>
3697 +@@ -804,7 +805,7 @@ struct drm_driver {
3698 void (*vgaarb_irq)(struct drm_device *dev, bool state);
3699
3700 /* Driver private ops for this object */
3701 @@ -44989,7 +45247,7 @@ diff -urNp linux-2.6.37/include/drm/drmP.h linux-2.6.37/include/drm/drmP.h
3702
3703 int major;
3704 int minor;
3705 -@@ -817,7 +817,7 @@ struct drm_driver {
3706 +@@ -817,7 +818,7 @@ struct drm_driver {
3707 int dev_priv_size;
3708 struct drm_ioctl_desc *ioctls;
3709 int num_ioctls;
3710 @@ -44998,16 +45256,16 @@ diff -urNp linux-2.6.37/include/drm/drmP.h linux-2.6.37/include/drm/drmP.h
3711 struct pci_driver pci_driver;
3712 struct platform_device *platform_device;
3713 /* List of devices hanging off this driver */
3714 -@@ -914,7 +914,7 @@ struct drm_device {
3715 +@@ -914,7 +915,7 @@ struct drm_device {
3716
3717 /** \name Usage Counters */
3718 /*@{ */
3719 - int open_count; /**< Outstanding files open */
3720 -+ atomic_t open_count; /**< Outstanding files open */
3721 ++ local_t open_count; /**< Outstanding files open */
3722 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
3723 atomic_t vma_count; /**< Outstanding vma areas open */
3724 int buf_use; /**< Buffers in use -- cannot alloc */
3725 -@@ -925,7 +925,7 @@ struct drm_device {
3726 +@@ -925,7 +926,7 @@ struct drm_device {
3727 /*@{ */
3728 unsigned long counters;
3729 enum drm_stat_type types[15];
3730 @@ -47649,7 +47907,7 @@ diff -urNp linux-2.6.37/include/linux/screen_info.h linux-2.6.37/include/linux/s
3731 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
3732 diff -urNp linux-2.6.37/include/linux/security.h linux-2.6.37/include/linux/security.h
3733 --- linux-2.6.37/include/linux/security.h 2011-01-04 19:50:19.000000000 -0500
3734 -+++ linux-2.6.37/include/linux/security.h 2011-01-17 02:41:02.000000000 -0500
3735 ++++ linux-2.6.37/include/linux/security.h 2011-02-12 10:34:03.000000000 -0500
3736 @@ -35,6 +35,7 @@
3737 #include <linux/key.h>
3738 #include <linux/xfrm.h>
3739 @@ -47658,6 +47916,27 @@ diff -urNp linux-2.6.37/include/linux/security.h linux-2.6.37/include/linux/secu
3740 #include <net/flow.h>
3741
3742 /* Maximum number of letters for an LSM name string */
3743 +@@ -1664,7 +1665,7 @@ int security_capset(struct cred *new, co
3744 + const kernel_cap_t *effective,
3745 + const kernel_cap_t *inheritable,
3746 + const kernel_cap_t *permitted);
3747 +-int security_capable(int cap);
3748 ++int security_capable(const struct cred *cred, int cap);
3749 + int security_real_capable(struct task_struct *tsk, int cap);
3750 + int security_real_capable_noaudit(struct task_struct *tsk, int cap);
3751 + int security_sysctl(struct ctl_table *table, int op);
3752 +@@ -1857,9 +1858,9 @@ static inline int security_capset(struct
3753 + return cap_capset(new, old, effective, inheritable, permitted);
3754 + }
3755 +
3756 +-static inline int security_capable(int cap)
3757 ++static inline int security_capable(const struct cred *cred, int cap)
3758 + {
3759 +- return cap_capable(current, current_cred(), cap, SECURITY_CAP_AUDIT);
3760 ++ return cap_capable(current, cred, cap, SECURITY_CAP_AUDIT);
3761 + }
3762 +
3763 + static inline int security_real_capable(struct task_struct *tsk, int cap)
3764 diff -urNp linux-2.6.37/include/linux/shm.h linux-2.6.37/include/linux/shm.h
3765 --- linux-2.6.37/include/linux/shm.h 2011-01-04 19:50:19.000000000 -0500
3766 +++ linux-2.6.37/include/linux/shm.h 2011-01-17 02:41:02.000000000 -0500
3767 @@ -48410,15 +48689,23 @@ diff -urNp linux-2.6.37/include/net/inetpeer.h linux-2.6.37/include/net/inetpeer
3768 #endif /* _NET_INETPEER_H */
3769 diff -urNp linux-2.6.37/include/net/irda/ircomm_tty.h linux-2.6.37/include/net/irda/ircomm_tty.h
3770 --- linux-2.6.37/include/net/irda/ircomm_tty.h 2011-01-04 19:50:19.000000000 -0500
3771 -+++ linux-2.6.37/include/net/irda/ircomm_tty.h 2011-01-17 02:41:02.000000000 -0500
3772 -@@ -105,8 +105,8 @@ struct ircomm_tty_cb {
3773 ++++ linux-2.6.37/include/net/irda/ircomm_tty.h 2011-01-25 20:24:56.000000000 -0500
3774 +@@ -35,6 +35,7 @@
3775 + #include <linux/termios.h>
3776 + #include <linux/timer.h>
3777 + #include <linux/tty.h> /* struct tty_struct */
3778 ++#include <asm/local.h>
3779 +
3780 + #include <net/irda/irias_object.h>
3781 + #include <net/irda/ircomm_core.h>
3782 +@@ -105,8 +106,8 @@ struct ircomm_tty_cb {
3783 unsigned short close_delay;
3784 unsigned short closing_wait; /* time to wait before closing */
3785
3786 - int open_count;
3787 - int blocked_open; /* # of blocked opens */
3788 -+ atomic_t open_count;
3789 -+ atomic_t blocked_open; /* # of blocked opens */
3790 ++ local_t open_count;
3791 ++ local_t blocked_open; /* # of blocked opens */
3792
3793 /* Protect concurent access to :
3794 * o self->open_count
3795 @@ -49037,7 +49324,7 @@ diff -urNp linux-2.6.37/kernel/acct.c linux-2.6.37/kernel/acct.c
3796 set_fs(fs);
3797 diff -urNp linux-2.6.37/kernel/capability.c linux-2.6.37/kernel/capability.c
3798 --- linux-2.6.37/kernel/capability.c 2011-01-04 19:50:19.000000000 -0500
3799 -+++ linux-2.6.37/kernel/capability.c 2011-01-17 02:41:02.000000000 -0500
3800 ++++ linux-2.6.37/kernel/capability.c 2011-02-12 11:48:20.000000000 -0500
3801 @@ -205,6 +205,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_
3802 * before modification is attempted and the application
3803 * fails.
3804 @@ -49053,7 +49340,7 @@ diff -urNp linux-2.6.37/kernel/capability.c linux-2.6.37/kernel/capability.c
3805 }
3806
3807 - if (security_capable(cap) == 0) {
3808 -+ if (security_capable(cap) == 0 && gr_is_capable(cap)) {
3809 ++ if (security_capable(current_cred(), cap) == 0 && gr_is_capable(cap)) {
3810 current->flags |= PF_SUPERPRIV;
3811 return 1;
3812 }
3813 @@ -49067,7 +49354,7 @@ diff -urNp linux-2.6.37/kernel/capability.c linux-2.6.37/kernel/capability.c
3814 + BUG();
3815 + }
3816 +
3817 -+ if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) {
3818 ++ if (security_capable(current_cred(), cap) == 0 && gr_is_capable_nolog(cap)) {
3819 + current->flags |= PF_SUPERPRIV;
3820 + return 1;
3821 + }
3822 @@ -49112,7 +49399,24 @@ diff -urNp linux-2.6.37/kernel/configs.c linux-2.6.37/kernel/configs.c
3823
3824 diff -urNp linux-2.6.37/kernel/cred.c linux-2.6.37/kernel/cred.c
3825 --- linux-2.6.37/kernel/cred.c 2011-01-04 19:50:19.000000000 -0500
3826 -+++ linux-2.6.37/kernel/cred.c 2011-01-17 02:41:02.000000000 -0500
3827 ++++ linux-2.6.37/kernel/cred.c 2011-02-12 11:03:34.000000000 -0500
3828 +@@ -252,13 +252,13 @@ struct cred *cred_alloc_blank(void)
3829 + #endif
3830 +
3831 + atomic_set(&new->usage, 1);
3832 ++#ifdef CONFIG_DEBUG_CREDENTIALS
3833 ++ new->magic = CRED_MAGIC;
3834 ++#endif
3835 +
3836 + if (security_cred_alloc_blank(new, GFP_KERNEL) < 0)
3837 + goto error;
3838 +
3839 +-#ifdef CONFIG_DEBUG_CREDENTIALS
3840 +- new->magic = CRED_MAGIC;
3841 +-#endif
3842 + return new;
3843 +
3844 + error:
3845 @@ -483,6 +483,8 @@ int commit_creds(struct cred *new)
3846
3847 get_cred(new); /* we will require a ref for the subj creds too */
3848 @@ -49122,6 +49426,37 @@ diff -urNp linux-2.6.37/kernel/cred.c linux-2.6.37/kernel/cred.c
3849 /* dumpability changes */
3850 if (old->euid != new->euid ||
3851 old->egid != new->egid ||
3852 +@@ -657,6 +659,8 @@ struct cred *prepare_kernel_cred(struct
3853 + validate_creds(old);
3854 +
3855 + *new = *old;
3856 ++ atomic_set(&new->usage, 1);
3857 ++ set_cred_subscribers(new, 0);
3858 + get_uid(new->user);
3859 + get_group_info(new->group_info);
3860 +
3861 +@@ -674,8 +678,6 @@ struct cred *prepare_kernel_cred(struct
3862 + if (security_prepare_creds(new, old, GFP_KERNEL) < 0)
3863 + goto error;
3864 +
3865 +- atomic_set(&new->usage, 1);
3866 +- set_cred_subscribers(new, 0);
3867 + put_cred(old);
3868 + validate_creds(new);
3869 + return new;
3870 +@@ -748,7 +750,11 @@ bool creds_are_invalid(const struct cred
3871 + if (cred->magic != CRED_MAGIC)
3872 + return true;
3873 + #ifdef CONFIG_SECURITY_SELINUX
3874 +- if (selinux_is_enabled()) {
3875 ++ /*
3876 ++ * cred->security == NULL if security_cred_alloc_blank() or
3877 ++ * security_prepare_creds() returned an error.
3878 ++ */
3879 ++ if (selinux_is_enabled() && cred->security) {
3880 + if ((unsigned long) cred->security < PAGE_SIZE)
3881 + return true;
3882 + if ((*(u32 *)cred->security & 0xffffff00) ==
3883 diff -urNp linux-2.6.37/kernel/debug/debug_core.c linux-2.6.37/kernel/debug/debug_core.c
3884 --- linux-2.6.37/kernel/debug/debug_core.c 2011-01-04 19:50:19.000000000 -0500
3885 +++ linux-2.6.37/kernel/debug/debug_core.c 2011-01-17 02:41:02.000000000 -0500
3886 @@ -49889,8 +50224,8 @@ diff -urNp linux-2.6.37/kernel/kallsyms.c linux-2.6.37/kernel/kallsyms.c
3887 reset_iter(iter, 0);
3888 diff -urNp linux-2.6.37/kernel/kmod.c linux-2.6.37/kernel/kmod.c
3889 --- linux-2.6.37/kernel/kmod.c 2011-01-04 19:50:19.000000000 -0500
3890 -+++ linux-2.6.37/kernel/kmod.c 2011-01-17 02:41:02.000000000 -0500
3891 -@@ -90,6 +90,18 @@ int __request_module(bool wait, const ch
3892 ++++ linux-2.6.37/kernel/kmod.c 2011-02-12 10:56:18.000000000 -0500
3893 +@@ -90,6 +90,28 @@ int __request_module(bool wait, const ch
3894 if (ret)
3895 return ret;
3896
3897 @@ -49901,7 +50236,17 @@ diff -urNp linux-2.6.37/kernel/kmod.c linux-2.6.37/kernel/kmod.c
3898 + auto-loaded
3899 + */
3900 + if (current_uid()) {
3901 -+ gr_log_nonroot_mod_load(module_name);
3902 ++#if !defined(CONFIG_IPV6) && !defined(CONFIG_IPV6_MODULE)
3903 ++ /* There are known knowns. These are things we know
3904 ++ that we know. There are known unknowns. That is to say,
3905 ++ there are things that we know we don't know. But there are
3906 ++ also unknown unknowns. There are things we don't know
3907 ++ we don't know.
3908 ++ This here is a known unknown.
3909 ++ */
3910 ++ if (strcmp(module_name, "net-pf-10"))
3911 ++#endif
3912 ++ gr_log_nonroot_mod_load(module_name);
3913 + return -EPERM;
3914 + }
3915 +#endif
3916 @@ -49993,7 +50338,7 @@ diff -urNp linux-2.6.37/kernel/lockdep_proc.c linux-2.6.37/kernel/lockdep_proc.c
3917 if (!name) {
3918 diff -urNp linux-2.6.37/kernel/module.c linux-2.6.37/kernel/module.c
3919 --- linux-2.6.37/kernel/module.c 2011-01-04 19:50:19.000000000 -0500
3920 -+++ linux-2.6.37/kernel/module.c 2011-01-17 02:41:02.000000000 -0500
3921 ++++ linux-2.6.37/kernel/module.c 2011-02-02 20:28:40.000000000 -0500
3922 @@ -97,7 +97,8 @@ static BLOCKING_NOTIFIER_HEAD(module_not
3923
3924 /* Bounds of module allocation, for speeding __module_address.
3925 @@ -50031,6 +50376,15 @@ diff -urNp linux-2.6.37/kernel/module.c linux-2.6.37/kernel/module.c
3926 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
3927 mod->name, align, PAGE_SIZE);
3928 align = PAGE_SIZE;
3929 +@@ -1122,7 +1123,7 @@ resolve_symbol_wait(struct module *mod,
3930 + */
3931 + #ifdef CONFIG_SYSFS
3932 +
3933 +-#ifdef CONFIG_KALLSYMS
3934 ++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
3935 + static inline bool sect_empty(const Elf_Shdr *sect)
3936 + {
3937 + return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
3938 @@ -1566,15 +1567,18 @@ static void free_module(struct module *m
3939 destroy_params(mod->kp, mod->num_kp);
3940
3941 @@ -50251,10 +50605,8 @@ diff -urNp linux-2.6.37/kernel/module.c linux-2.6.37/kernel/module.c
3942 + if (!ptr) {
3943 + module_free(mod, mod->module_init_rw);
3944 + module_free(mod, mod->module_core_rw);
3945 - return -ENOMEM;
3946 - }
3947 -- memset(ptr, 0, mod->init_size);
3948 -- mod->module_init = ptr;
3949 ++ return -ENOMEM;
3950 ++ }
3951 +
3952 + pax_open_kernel();
3953 + memset(ptr, 0, mod->core_size_rx);
3954 @@ -50267,8 +50619,10 @@ diff -urNp linux-2.6.37/kernel/module.c linux-2.6.37/kernel/module.c
3955 + module_free_exec(mod, mod->module_core_rx);
3956 + module_free(mod, mod->module_init_rw);
3957 + module_free(mod, mod->module_core_rw);
3958 -+ return -ENOMEM;
3959 -+ }
3960 + return -ENOMEM;
3961 + }
3962 +- memset(ptr, 0, mod->init_size);
3963 +- mod->module_init = ptr;
3964 +
3965 + pax_open_kernel();
3966 + memset(ptr, 0, mod->init_size_rx);
3967 @@ -50683,7 +51037,7 @@ diff -urNp linux-2.6.37/kernel/printk.c linux-2.6.37/kernel/printk.c
3968 * at open time.
3969 diff -urNp linux-2.6.37/kernel/ptrace.c linux-2.6.37/kernel/ptrace.c
3970 --- linux-2.6.37/kernel/ptrace.c 2011-01-04 19:50:19.000000000 -0500
3971 -+++ linux-2.6.37/kernel/ptrace.c 2011-01-17 02:41:02.000000000 -0500
3972 ++++ linux-2.6.37/kernel/ptrace.c 2011-02-12 10:37:18.000000000 -0500
3973 @@ -140,7 +140,7 @@ int __ptrace_may_access(struct task_stru
3974 cred->gid != tcred->egid ||
3975 cred->gid != tcred->sgid ||
3976 @@ -50711,6 +51065,15 @@ diff -urNp linux-2.6.37/kernel/ptrace.c linux-2.6.37/kernel/ptrace.c
3977 task->ptrace |= PT_PTRACE_CAP;
3978
3979 __ptrace_link(task, current);
3980 +@@ -313,7 +313,7 @@ int ptrace_detach(struct task_struct *ch
3981 + child->exit_code = data;
3982 + dead = __ptrace_detach(current, child);
3983 + if (!child->exit_state)
3984 +- wake_up_process(child);
3985 ++ wake_up_state(child, TASK_TRACED | TASK_STOPPED);
3986 + }
3987 + write_unlock_irq(&tasklist_lock);
3988 +
3989 @@ -369,7 +369,7 @@ int ptrace_readdata(struct task_struct *
3990 break;
3991 return -EIO;
3992 @@ -50895,7 +51258,7 @@ diff -urNp linux-2.6.37/kernel/sched_fair.c linux-2.6.37/kernel/sched_fair.c
3993 struct rq *this_rq = cpu_rq(this_cpu);
3994 diff -urNp linux-2.6.37/kernel/signal.c linux-2.6.37/kernel/signal.c
3995 --- linux-2.6.37/kernel/signal.c 2011-01-04 19:50:19.000000000 -0500
3996 -+++ linux-2.6.37/kernel/signal.c 2011-01-17 02:41:02.000000000 -0500
3997 ++++ linux-2.6.37/kernel/signal.c 2011-02-12 11:22:39.000000000 -0500
3998 @@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cache
3999
4000 int print_fatal_signals __read_mostly;
4001 @@ -50958,17 +51321,34 @@ diff -urNp linux-2.6.37/kernel/signal.c linux-2.6.37/kernel/signal.c
4002 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
4003 {
4004 return send_signal(sig, info, t, 0);
4005 -@@ -1079,6 +1085,9 @@ force_sig_info(int sig, struct siginfo *
4006 +@@ -1062,6 +1068,7 @@ force_sig_info(int sig, struct siginfo *
4007 + unsigned long int flags;
4008 + int ret, blocked, ignored;
4009 + struct k_sigaction *action;
4010 ++ int is_unhandled = 0;
4011 +
4012 + spin_lock_irqsave(&t->sighand->siglock, flags);
4013 + action = &t->sighand->action[sig-1];
4014 +@@ -1076,9 +1083,18 @@ force_sig_info(int sig, struct siginfo *
4015 + }
4016 + if (action->sa.sa_handler == SIG_DFL)
4017 + t->signal->flags &= ~SIGNAL_UNKILLABLE;
4018 ++ if (action->sa.sa_handler == SIG_IGN || action->sa.sa_handler == SIG_DFL)
4019 ++ is_unhandled = 1;
4020 ret = specific_send_sig_info(sig, info, t);
4021 spin_unlock_irqrestore(&t->sighand->siglock, flags);
4022
4023 -+ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
4024 -+ gr_handle_crash(t, sig);
4025 ++ /* only deal with unhandled signals, java etc trigger SIGSEGV during
4026 ++ normal operation */
4027 ++ if (is_unhandled) {
4028 ++ gr_log_signal(sig, !is_si_special(info) ? info->si_addr : NULL, t);
4029 ++ gr_handle_crash(t, sig);
4030 ++ }
4031 +
4032 return ret;
4033 }
4034
4035 -@@ -1137,8 +1146,11 @@ int group_send_sig_info(int sig, struct
4036 +@@ -1137,8 +1153,11 @@ int group_send_sig_info(int sig, struct
4037 ret = check_kill_permission(sig, info, p);
4038 rcu_read_unlock();
4039
4040 @@ -52896,7 +53276,7 @@ diff -urNp linux-2.6.37/mm/migrate.c linux-2.6.37/mm/migrate.c
4041 goto out;
4042 diff -urNp linux-2.6.37/mm/mlock.c linux-2.6.37/mm/mlock.c
4043 --- linux-2.6.37/mm/mlock.c 2011-01-04 19:50:19.000000000 -0500
4044 -+++ linux-2.6.37/mm/mlock.c 2011-01-17 02:41:02.000000000 -0500
4045 ++++ linux-2.6.37/mm/mlock.c 2011-01-24 18:04:18.000000000 -0500
4046 @@ -13,6 +13,7 @@
4047 #include <linux/pagemap.h>
4048 #include <linux/mempolicy.h>
4049 @@ -52932,6 +53312,15 @@ diff -urNp linux-2.6.37/mm/mlock.c linux-2.6.37/mm/mlock.c
4050 while (nr_pages > 0) {
4051 int i;
4052
4053 +@@ -437,7 +425,7 @@ static int do_mlock(unsigned long start,
4054 + {
4055 + unsigned long nstart, end, tmp;
4056 + struct vm_area_struct * vma, * prev;
4057 +- int error;
4058 ++ int error = -EINVAL;
4059 +
4060 + len = PAGE_ALIGN(len);
4061 + end = start + len;
4062 @@ -445,6 +433,9 @@ static int do_mlock(unsigned long start,
4063 return -EINVAL;
4064 if (end == start)
4065 @@ -53000,7 +53389,7 @@ diff -urNp linux-2.6.37/mm/mlock.c linux-2.6.37/mm/mlock.c
4066 ret = do_mlockall(flags);
4067 diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4068 --- linux-2.6.37/mm/mmap.c 2011-01-04 19:50:19.000000000 -0500
4069 -+++ linux-2.6.37/mm/mmap.c 2011-01-17 02:41:02.000000000 -0500
4070 ++++ linux-2.6.37/mm/mmap.c 2011-02-12 11:36:29.000000000 -0500
4071 @@ -45,6 +45,16 @@
4072 #define arch_rebalance_pgtables(addr, len) (addr)
4073 #endif
4074 @@ -53223,12 +53612,13 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4075 if (addr & ~PAGE_MASK)
4076 return addr;
4077
4078 -@@ -1016,6 +1093,31 @@ unsigned long do_mmap_pgoff(struct file
4079 +@@ -1016,6 +1093,36 @@ unsigned long do_mmap_pgoff(struct file
4080 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
4081 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
4082
4083 +#ifdef CONFIG_PAX_MPROTECT
4084 + if (mm->pax_flags & MF_PAX_MPROTECT) {
4085 ++#ifndef CONFIG_PAX_MPROTECT_COMPAT
4086 + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) {
4087 + gr_log_rwxmmap(file);
4088 +
4089 @@ -53242,6 +53632,10 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4090 +
4091 + if (!(vm_flags & VM_EXEC))
4092 + vm_flags &= ~VM_MAYEXEC;
4093 ++#else
4094 ++ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
4095 ++ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
4096 ++#endif
4097 + else
4098 + vm_flags &= ~VM_MAYWRITE;
4099 + }
4100 @@ -53255,7 +53649,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4101 if (flags & MAP_LOCKED)
4102 if (!can_do_mlock())
4103 return -EPERM;
4104 -@@ -1027,6 +1129,7 @@ unsigned long do_mmap_pgoff(struct file
4105 +@@ -1027,6 +1134,7 @@ unsigned long do_mmap_pgoff(struct file
4106 locked += mm->locked_vm;
4107 lock_limit = rlimit(RLIMIT_MEMLOCK);
4108 lock_limit >>= PAGE_SHIFT;
4109 @@ -53263,7 +53657,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4110 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
4111 return -EAGAIN;
4112 }
4113 -@@ -1097,6 +1200,9 @@ unsigned long do_mmap_pgoff(struct file
4114 +@@ -1097,6 +1205,9 @@ unsigned long do_mmap_pgoff(struct file
4115 if (error)
4116 return error;
4117
4118 @@ -53273,7 +53667,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4119 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
4120 }
4121 EXPORT_SYMBOL(do_mmap_pgoff);
4122 -@@ -1174,10 +1280,10 @@ SYSCALL_DEFINE1(old_mmap, struct mmap_ar
4123 +@@ -1174,10 +1285,10 @@ SYSCALL_DEFINE1(old_mmap, struct mmap_ar
4124 */
4125 int vma_wants_writenotify(struct vm_area_struct *vma)
4126 {
4127 @@ -53286,7 +53680,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4128 return 0;
4129
4130 /* The backer wishes to know when pages are first written to? */
4131 -@@ -1226,14 +1332,24 @@ unsigned long mmap_region(struct file *f
4132 +@@ -1226,14 +1337,24 @@ unsigned long mmap_region(struct file *f
4133 unsigned long charged = 0;
4134 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
4135
4136 @@ -53313,7 +53707,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4137 }
4138
4139 /* Check against address space limit. */
4140 -@@ -1282,6 +1398,16 @@ munmap_back:
4141 +@@ -1282,6 +1403,16 @@ munmap_back:
4142 goto unacct_error;
4143 }
4144
4145 @@ -53330,7 +53724,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4146 vma->vm_mm = mm;
4147 vma->vm_start = addr;
4148 vma->vm_end = addr + len;
4149 -@@ -1305,6 +1431,19 @@ munmap_back:
4150 +@@ -1305,6 +1436,19 @@ munmap_back:
4151 error = file->f_op->mmap(file, vma);
4152 if (error)
4153 goto unmap_and_free_vma;
4154 @@ -53350,7 +53744,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4155 if (vm_flags & VM_EXECUTABLE)
4156 added_exe_file_vma(mm);
4157
4158 -@@ -1340,6 +1479,11 @@ munmap_back:
4159 +@@ -1340,6 +1484,11 @@ munmap_back:
4160 vma_link(mm, vma, prev, rb_link, rb_parent);
4161 file = vma->vm_file;
4162
4163 @@ -53362,7 +53756,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4164 /* Once vma denies write, undo our temporary denial count */
4165 if (correct_wcount)
4166 atomic_inc(&inode->i_writecount);
4167 -@@ -1348,6 +1492,7 @@ out:
4168 +@@ -1348,6 +1497,7 @@ out:
4169
4170 mm->total_vm += len >> PAGE_SHIFT;
4171 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
4172 @@ -53370,7 +53764,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4173 if (vm_flags & VM_LOCKED) {
4174 if (!mlock_vma_pages_range(vma, addr, addr + len))
4175 mm->locked_vm += (len >> PAGE_SHIFT);
4176 -@@ -1365,6 +1510,12 @@ unmap_and_free_vma:
4177 +@@ -1365,6 +1515,12 @@ unmap_and_free_vma:
4178 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
4179 charged = 0;
4180 free_vma:
4181 @@ -53383,7 +53777,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4182 kmem_cache_free(vm_area_cachep, vma);
4183 unacct_error:
4184 if (charged)
4185 -@@ -1372,6 +1523,33 @@ unacct_error:
4186 +@@ -1372,6 +1528,33 @@ unacct_error:
4187 return error;
4188 }
4189
4190 @@ -53417,7 +53811,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4191 /* Get an address range which is currently unmapped.
4192 * For shmat() with addr=0.
4193 *
4194 -@@ -1398,18 +1576,23 @@ arch_get_unmapped_area(struct file *filp
4195 +@@ -1398,18 +1581,23 @@ arch_get_unmapped_area(struct file *filp
4196 if (flags & MAP_FIXED)
4197 return addr;
4198
4199 @@ -53448,7 +53842,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4200 }
4201
4202 full_search:
4203 -@@ -1420,34 +1603,40 @@ full_search:
4204 +@@ -1420,34 +1608,40 @@ full_search:
4205 * Start a new search - just in case we missed
4206 * some holes.
4207 */
4208 @@ -53500,7 +53894,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4209 mm->free_area_cache = addr;
4210 mm->cached_hole_size = ~0UL;
4211 }
4212 -@@ -1465,7 +1654,7 @@ arch_get_unmapped_area_topdown(struct fi
4213 +@@ -1465,7 +1659,7 @@ arch_get_unmapped_area_topdown(struct fi
4214 {
4215 struct vm_area_struct *vma;
4216 struct mm_struct *mm = current->mm;
4217 @@ -53509,7 +53903,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4218
4219 /* requested length too big for entire address space */
4220 if (len > TASK_SIZE)
4221 -@@ -1474,13 +1663,18 @@ arch_get_unmapped_area_topdown(struct fi
4222 +@@ -1474,13 +1668,18 @@ arch_get_unmapped_area_topdown(struct fi
4223 if (flags & MAP_FIXED)
4224 return addr;
4225
4226 @@ -53532,7 +53926,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4227 }
4228
4229 /* check if free_area_cache is useful for us */
4230 -@@ -1495,7 +1689,7 @@ arch_get_unmapped_area_topdown(struct fi
4231 +@@ -1495,7 +1694,7 @@ arch_get_unmapped_area_topdown(struct fi
4232 /* make sure it can fit in the remaining address space */
4233 if (addr > len) {
4234 vma = find_vma(mm, addr-len);
4235 @@ -53541,7 +53935,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4236 /* remember the address as a hint for next time */
4237 return (mm->free_area_cache = addr-len);
4238 }
4239 -@@ -1512,7 +1706,7 @@ arch_get_unmapped_area_topdown(struct fi
4240 +@@ -1512,7 +1711,7 @@ arch_get_unmapped_area_topdown(struct fi
4241 * return with success:
4242 */
4243 vma = find_vma(mm, addr);
4244 @@ -53550,7 +53944,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4245 /* remember the address as a hint for next time */
4246 return (mm->free_area_cache = addr);
4247
4248 -@@ -1531,13 +1725,21 @@ bottomup:
4249 +@@ -1531,13 +1730,21 @@ bottomup:
4250 * can happen with large stack limits and large mmap()
4251 * allocations.
4252 */
4253 @@ -53574,7 +53968,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4254 mm->cached_hole_size = ~0UL;
4255
4256 return addr;
4257 -@@ -1546,6 +1748,12 @@ bottomup:
4258 +@@ -1546,6 +1753,12 @@ bottomup:
4259
4260 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
4261 {
4262 @@ -53587,7 +53981,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4263 /*
4264 * Is this a new hole at the highest possible address?
4265 */
4266 -@@ -1553,8 +1761,10 @@ void arch_unmap_area_topdown(struct mm_s
4267 +@@ -1553,8 +1766,10 @@ void arch_unmap_area_topdown(struct mm_s
4268 mm->free_area_cache = addr;
4269
4270 /* dont allow allocations above current base */
4271 @@ -53599,7 +53993,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4272 }
4273
4274 unsigned long
4275 -@@ -1662,6 +1872,28 @@ out:
4276 +@@ -1662,6 +1877,28 @@ out:
4277 return prev ? prev->vm_next : vma;
4278 }
4279
4280 @@ -53628,7 +54022,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4281 /*
4282 * Verify that the stack growth is acceptable and
4283 * update accounting. This is shared with both the
4284 -@@ -1678,6 +1910,7 @@ static int acct_stack_growth(struct vm_a
4285 +@@ -1678,6 +1915,7 @@ static int acct_stack_growth(struct vm_a
4286 return -ENOMEM;
4287
4288 /* Stack limit test */
4289 @@ -53636,7 +54030,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4290 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
4291 return -ENOMEM;
4292
4293 -@@ -1688,6 +1921,7 @@ static int acct_stack_growth(struct vm_a
4294 +@@ -1688,6 +1926,7 @@ static int acct_stack_growth(struct vm_a
4295 locked = mm->locked_vm + grow;
4296 limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
4297 limit >>= PAGE_SHIFT;
4298 @@ -53644,7 +54038,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4299 if (locked > limit && !capable(CAP_IPC_LOCK))
4300 return -ENOMEM;
4301 }
4302 -@@ -1718,37 +1952,48 @@ static int acct_stack_growth(struct vm_a
4303 +@@ -1718,37 +1957,48 @@ static int acct_stack_growth(struct vm_a
4304 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
4305 * vma is the last one with address > vma->vm_end. Have to extend vma.
4306 */
4307 @@ -53702,7 +54096,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4308 unsigned long size, grow;
4309
4310 size = address - vma->vm_start;
4311 -@@ -1760,6 +2005,8 @@ int expand_upwards(struct vm_area_struct
4312 +@@ -1760,6 +2010,8 @@ int expand_upwards(struct vm_area_struct
4313 perf_event_mmap(vma);
4314 }
4315 }
4316 @@ -53711,7 +54105,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4317 vma_unlock_anon_vma(vma);
4318 return error;
4319 }
4320 -@@ -1772,6 +2019,8 @@ static int expand_downwards(struct vm_ar
4321 +@@ -1772,6 +2024,8 @@ static int expand_downwards(struct vm_ar
4322 unsigned long address)
4323 {
4324 int error;
4325 @@ -53720,7 +54114,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4326
4327 /*
4328 * We must make sure the anon_vma is allocated
4329 -@@ -1785,6 +2034,15 @@ static int expand_downwards(struct vm_ar
4330 +@@ -1785,6 +2039,15 @@ static int expand_downwards(struct vm_ar
4331 if (error)
4332 return error;
4333
4334 @@ -53736,7 +54130,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4335 vma_lock_anon_vma(vma);
4336
4337 /*
4338 -@@ -1794,9 +2052,17 @@ static int expand_downwards(struct vm_ar
4339 +@@ -1794,9 +2057,17 @@ static int expand_downwards(struct vm_ar
4340 */
4341
4342 /* Somebody else might have raced and expanded it already */
4343 @@ -53755,7 +54149,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4344 size = vma->vm_end - address;
4345 grow = (vma->vm_start - address) >> PAGE_SHIFT;
4346
4347 -@@ -1804,10 +2070,21 @@ static int expand_downwards(struct vm_ar
4348 +@@ -1804,10 +2075,21 @@ static int expand_downwards(struct vm_ar
4349 if (!error) {
4350 vma->vm_start = address;
4351 vma->vm_pgoff -= grow;
4352 @@ -53777,7 +54171,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4353 return error;
4354 }
4355
4356 -@@ -1881,6 +2158,13 @@ static void remove_vma_list(struct mm_st
4357 +@@ -1881,6 +2163,13 @@ static void remove_vma_list(struct mm_st
4358 do {
4359 long nrpages = vma_pages(vma);
4360
4361 @@ -53791,7 +54185,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4362 mm->total_vm -= nrpages;
4363 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
4364 vma = remove_vma(vma);
4365 -@@ -1926,6 +2210,16 @@ detach_vmas_to_be_unmapped(struct mm_str
4366 +@@ -1926,6 +2215,16 @@ detach_vmas_to_be_unmapped(struct mm_str
4367 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
4368 vma->vm_prev = NULL;
4369 do {
4370 @@ -53808,7 +54202,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4371 rb_erase(&vma->vm_rb, &mm->mm_rb);
4372 mm->map_count--;
4373 tail_vma = vma;
4374 -@@ -1954,14 +2248,33 @@ static int __split_vma(struct mm_struct
4375 +@@ -1954,14 +2253,33 @@ static int __split_vma(struct mm_struct
4376 struct vm_area_struct *new;
4377 int err = -ENOMEM;
4378
4379 @@ -53842,7 +54236,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4380 /* most fields are the same, copy all, and then fixup */
4381 *new = *vma;
4382
4383 -@@ -1974,6 +2287,22 @@ static int __split_vma(struct mm_struct
4384 +@@ -1974,6 +2292,22 @@ static int __split_vma(struct mm_struct
4385 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
4386 }
4387
4388 @@ -53865,7 +54259,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4389 pol = mpol_dup(vma_policy(vma));
4390 if (IS_ERR(pol)) {
4391 err = PTR_ERR(pol);
4392 -@@ -1999,6 +2328,42 @@ static int __split_vma(struct mm_struct
4393 +@@ -1999,6 +2333,42 @@ static int __split_vma(struct mm_struct
4394 else
4395 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
4396
4397 @@ -53908,7 +54302,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4398 /* Success. */
4399 if (!err)
4400 return 0;
4401 -@@ -2011,10 +2376,18 @@ static int __split_vma(struct mm_struct
4402 +@@ -2011,10 +2381,18 @@ static int __split_vma(struct mm_struct
4403 removed_exe_file_vma(mm);
4404 fput(new->vm_file);
4405 }
4406 @@ -53928,7 +54322,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4407 kmem_cache_free(vm_area_cachep, new);
4408 out_err:
4409 return err;
4410 -@@ -2027,6 +2400,15 @@ static int __split_vma(struct mm_struct
4411 +@@ -2027,6 +2405,15 @@ static int __split_vma(struct mm_struct
4412 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
4413 unsigned long addr, int new_below)
4414 {
4415 @@ -53944,7 +54338,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4416 if (mm->map_count >= sysctl_max_map_count)
4417 return -ENOMEM;
4418
4419 -@@ -2038,11 +2420,30 @@ int split_vma(struct mm_struct *mm, stru
4420 +@@ -2038,11 +2425,30 @@ int split_vma(struct mm_struct *mm, stru
4421 * work. This now handles partial unmappings.
4422 * Jeremy Fitzhardinge <jeremy@××××.org>
4423 */
4424 @@ -53975,7 +54369,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4425 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
4426 return -EINVAL;
4427
4428 -@@ -2116,6 +2517,8 @@ int do_munmap(struct mm_struct *mm, unsi
4429 +@@ -2116,6 +2522,8 @@ int do_munmap(struct mm_struct *mm, unsi
4430 /* Fix up all other VM information */
4431 remove_vma_list(mm, vma);
4432
4433 @@ -53984,7 +54378,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4434 return 0;
4435 }
4436
4437 -@@ -2128,22 +2531,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
4438 +@@ -2128,22 +2536,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
4439
4440 profile_munmap(addr);
4441
4442 @@ -54013,7 +54407,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4443 /*
4444 * this is really a simplified "do_mmap". it only handles
4445 * anonymous maps. eventually we may be able to do some
4446 -@@ -2157,6 +2556,7 @@ unsigned long do_brk(unsigned long addr,
4447 +@@ -2157,6 +2561,7 @@ unsigned long do_brk(unsigned long addr,
4448 struct rb_node ** rb_link, * rb_parent;
4449 pgoff_t pgoff = addr >> PAGE_SHIFT;
4450 int error;
4451 @@ -54021,7 +54415,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4452
4453 len = PAGE_ALIGN(len);
4454 if (!len)
4455 -@@ -2168,16 +2568,30 @@ unsigned long do_brk(unsigned long addr,
4456 +@@ -2168,16 +2573,30 @@ unsigned long do_brk(unsigned long addr,
4457
4458 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
4459
4460 @@ -54053,7 +54447,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4461 locked += mm->locked_vm;
4462 lock_limit = rlimit(RLIMIT_MEMLOCK);
4463 lock_limit >>= PAGE_SHIFT;
4464 -@@ -2194,22 +2608,22 @@ unsigned long do_brk(unsigned long addr,
4465 +@@ -2194,22 +2613,22 @@ unsigned long do_brk(unsigned long addr,
4466 /*
4467 * Clear old maps. this also does some error checking for us
4468 */
4469 @@ -54080,7 +54474,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4470 return -ENOMEM;
4471
4472 /* Can we just expand an old private anonymous mapping? */
4473 -@@ -2223,7 +2637,7 @@ unsigned long do_brk(unsigned long addr,
4474 +@@ -2223,7 +2642,7 @@ unsigned long do_brk(unsigned long addr,
4475 */
4476 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
4477 if (!vma) {
4478 @@ -54089,7 +54483,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4479 return -ENOMEM;
4480 }
4481
4482 -@@ -2237,11 +2651,12 @@ unsigned long do_brk(unsigned long addr,
4483 +@@ -2237,11 +2656,12 @@ unsigned long do_brk(unsigned long addr,
4484 vma_link(mm, vma, prev, rb_link, rb_parent);
4485 out:
4486 perf_event_mmap(vma);
4487 @@ -54104,7 +54498,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4488 return addr;
4489 }
4490
4491 -@@ -2288,8 +2703,10 @@ void exit_mmap(struct mm_struct *mm)
4492 +@@ -2288,8 +2708,10 @@ void exit_mmap(struct mm_struct *mm)
4493 * Walk the list again, actually closing and freeing it,
4494 * with preemption enabled, without holding any MM locks.
4495 */
4496 @@ -54116,7 +54510,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4497
4498 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
4499 }
4500 -@@ -2303,6 +2720,13 @@ int insert_vm_struct(struct mm_struct *
4501 +@@ -2303,6 +2725,13 @@ int insert_vm_struct(struct mm_struct *
4502 struct vm_area_struct * __vma, * prev;
4503 struct rb_node ** rb_link, * rb_parent;
4504
4505 @@ -54130,7 +54524,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4506 /*
4507 * The vm_pgoff of a purely anonymous vma should be irrelevant
4508 * until its first write fault, when page's anon_vma and index
4509 -@@ -2325,7 +2749,22 @@ int insert_vm_struct(struct mm_struct *
4510 +@@ -2325,7 +2754,22 @@ int insert_vm_struct(struct mm_struct *
4511 if ((vma->vm_flags & VM_ACCOUNT) &&
4512 security_vm_enough_memory_mm(mm, vma_pages(vma)))
4513 return -ENOMEM;
4514 @@ -54153,7 +54547,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4515 return 0;
4516 }
4517
4518 -@@ -2343,6 +2782,8 @@ struct vm_area_struct *copy_vma(struct v
4519 +@@ -2343,6 +2787,8 @@ struct vm_area_struct *copy_vma(struct v
4520 struct rb_node **rb_link, *rb_parent;
4521 struct mempolicy *pol;
4522
4523 @@ -54162,7 +54556,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4524 /*
4525 * If anonymous vma has not yet been faulted, update new pgoff
4526 * to match new location, to increase its chance of merging.
4527 -@@ -2392,6 +2833,39 @@ struct vm_area_struct *copy_vma(struct v
4528 +@@ -2392,6 +2838,39 @@ struct vm_area_struct *copy_vma(struct v
4529 kmem_cache_free(vm_area_cachep, new_vma);
4530 return NULL;
4531 }
4532 @@ -54202,7 +54596,7 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4533
4534 /*
4535 * Return true if the calling process may expand its vm space by the passed
4536 -@@ -2403,7 +2877,7 @@ int may_expand_vm(struct mm_struct *mm,
4537 +@@ -2403,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm,
4538 unsigned long lim;
4539
4540 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
4541 @@ -54211,16 +54605,21 @@ diff -urNp linux-2.6.37/mm/mmap.c linux-2.6.37/mm/mmap.c
4542 if (cur + npages > lim)
4543 return 0;
4544 return 1;
4545 -@@ -2474,6 +2948,17 @@ int install_special_mapping(struct mm_st
4546 +@@ -2474,6 +2953,22 @@ int install_special_mapping(struct mm_st
4547 vma->vm_start = addr;
4548 vma->vm_end = addr + len;
4549
4550 +#ifdef CONFIG_PAX_MPROTECT
4551 + if (mm->pax_flags & MF_PAX_MPROTECT) {
4552 ++#ifndef CONFIG_PAX_MPROTECT_COMPAT
4553 + if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC))
4554 + return -EPERM;
4555 + if (!(vm_flags & VM_EXEC))
4556 + vm_flags &= ~VM_MAYEXEC;
4557 ++#else
4558 ++ if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
4559 ++ vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
4560 ++#endif
4561 + else
4562 + vm_flags &= ~VM_MAYWRITE;
4563 + }
4564 @@ -54753,7 +55152,7 @@ diff -urNp linux-2.6.37/mm/rmap.c linux-2.6.37/mm/rmap.c
4565 struct anon_vma *anon_vma;
4566 diff -urNp linux-2.6.37/mm/shmem.c linux-2.6.37/mm/shmem.c
4567 --- linux-2.6.37/mm/shmem.c 2011-01-04 19:50:19.000000000 -0500
4568 -+++ linux-2.6.37/mm/shmem.c 2011-01-17 02:41:02.000000000 -0500
4569 ++++ linux-2.6.37/mm/shmem.c 2011-01-24 18:04:18.000000000 -0500
4570 @@ -31,7 +31,7 @@
4571 #include <linux/percpu_counter.h>
4572 #include <linux/swap.h>
4573 @@ -54763,6 +55162,15 @@ diff -urNp linux-2.6.37/mm/shmem.c linux-2.6.37/mm/shmem.c
4574
4575 #ifdef CONFIG_SHMEM
4576 /*
4577 +@@ -1070,6 +1070,8 @@ static int shmem_writepage(struct page *
4578 + goto unlock;
4579 + }
4580 + entry = shmem_swp_entry(info, index, NULL);
4581 ++ if (!entry)
4582 ++ goto unlock;
4583 + if (entry->val) {
4584 + /*
4585 + * The more uptodate page coming down from a stacked
4586 diff -urNp linux-2.6.37/mm/slab.c linux-2.6.37/mm/slab.c
4587 --- linux-2.6.37/mm/slab.c 2011-01-04 19:50:19.000000000 -0500
4588 +++ linux-2.6.37/mm/slab.c 2011-01-17 02:41:02.000000000 -0500
4589 @@ -56479,24 +56887,24 @@ diff -urNp linux-2.6.37/net/ipv6/udp.c linux-2.6.37/net/ipv6/udp.c
4590
4591 diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircomm/ircomm_tty.c
4592 --- linux-2.6.37/net/irda/ircomm/ircomm_tty.c 2011-01-04 19:50:19.000000000 -0500
4593 -+++ linux-2.6.37/net/irda/ircomm/ircomm_tty.c 2011-01-17 02:41:02.000000000 -0500
4594 ++++ linux-2.6.37/net/irda/ircomm/ircomm_tty.c 2011-01-24 18:04:18.000000000 -0500
4595 @@ -281,16 +281,16 @@ static int ircomm_tty_block_til_ready(st
4596 add_wait_queue(&self->open_wait, &wait);
4597
4598 IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
4599 - __FILE__,__LINE__, tty->driver->name, self->open_count );
4600 -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
4601 ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) );
4602
4603 /* As far as I can see, we protect open_count - Jean II */
4604 spin_lock_irqsave(&self->spinlock, flags);
4605 if (!tty_hung_up_p(filp)) {
4606 extra_count = 1;
4607 - self->open_count--;
4608 -+ atomic_dec(&self->open_count);
4609 ++ local_dec(&self->open_count);
4610 }
4611 spin_unlock_irqrestore(&self->spinlock, flags);
4612 - self->blocked_open++;
4613 -+ atomic_inc(&self->blocked_open);
4614 ++ local_inc(&self->blocked_open);
4615
4616 while (1) {
4617 if (tty->termios->c_cflag & CBAUD) {
4618 @@ -56505,7 +56913,7 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4619
4620 IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
4621 - __FILE__,__LINE__, tty->driver->name, self->open_count );
4622 -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count) );
4623 ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) );
4624
4625 schedule();
4626 }
4627 @@ -56514,15 +56922,15 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4628 /* ++ is not atomic, so this should be protected - Jean II */
4629 spin_lock_irqsave(&self->spinlock, flags);
4630 - self->open_count++;
4631 -+ atomic_inc(&self->open_count);
4632 ++ local_inc(&self->open_count);
4633 spin_unlock_irqrestore(&self->spinlock, flags);
4634 }
4635 - self->blocked_open--;
4636 -+ atomic_dec(&self->blocked_open);
4637 ++ local_dec(&self->blocked_open);
4638
4639 IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
4640 - __FILE__,__LINE__, tty->driver->name, self->open_count);
4641 -+ __FILE__,__LINE__, tty->driver->name, atomic_read(&self->open_count));
4642 ++ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count));
4643
4644 if (!retval)
4645 self->flags |= ASYNC_NORMAL_ACTIVE;
4646 @@ -56531,7 +56939,7 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4647 /* ++ is not atomic, so this should be protected - Jean II */
4648 spin_lock_irqsave(&self->spinlock, flags);
4649 - self->open_count++;
4650 -+ atomic_inc(&self->open_count);
4651 ++ local_inc(&self->open_count);
4652
4653 tty->driver_data = self;
4654 self->tty = tty;
4655 @@ -56539,7 +56947,7 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4656
4657 IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name,
4658 - self->line, self->open_count);
4659 -+ self->line, atomic_read(&self->open_count));
4660 ++ self->line, local_read(&self->open_count));
4661
4662 /* Not really used by us, but lets do it anyway */
4663 self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
4664 @@ -56548,7 +56956,7 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4665 }
4666
4667 - if ((tty->count == 1) && (self->open_count != 1)) {
4668 -+ if ((tty->count == 1) && (atomic_read(&self->open_count) != 1)) {
4669 ++ if ((tty->count == 1) && (local_read(&self->open_count) != 1)) {
4670 /*
4671 * Uh, oh. tty->count is 1, which means that the tty
4672 * structure will be freed. state->count should always
4673 @@ -56558,20 +56966,20 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4674 "tty->count is 1, state->count is %d\n", __func__ ,
4675 - self->open_count);
4676 - self->open_count = 1;
4677 -+ atomic_read(&self->open_count));
4678 -+ atomic_set(&self->open_count, 1);
4679 ++ local_read(&self->open_count));
4680 ++ local_set(&self->open_count, 1);
4681 }
4682
4683 - if (--self->open_count < 0) {
4684 -+ if (atomic_dec_return(&self->open_count) < 0) {
4685 ++ if (local_dec_return(&self->open_count) < 0) {
4686 IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n",
4687 - __func__, self->line, self->open_count);
4688 - self->open_count = 0;
4689 -+ __func__, self->line, atomic_read(&self->open_count));
4690 -+ atomic_set(&self->open_count, 0);
4691 ++ __func__, self->line, local_read(&self->open_count));
4692 ++ local_set(&self->open_count, 0);
4693 }
4694 - if (self->open_count) {
4695 -+ if (atomic_read(&self->open_count)) {
4696 ++ if (local_read(&self->open_count)) {
4697 spin_unlock_irqrestore(&self->spinlock, flags);
4698
4699 IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ );
4700 @@ -56580,7 +56988,7 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4701 self->tty = NULL;
4702
4703 - if (self->blocked_open) {
4704 -+ if (atomic_read(&self->blocked_open)) {
4705 ++ if (local_read(&self->blocked_open)) {
4706 if (self->close_delay)
4707 schedule_timeout_interruptible(self->close_delay);
4708 wake_up_interruptible(&self->open_wait);
4709 @@ -56589,7 +56997,7 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4710 self->flags &= ~ASYNC_NORMAL_ACTIVE;
4711 self->tty = NULL;
4712 - self->open_count = 0;
4713 -+ atomic_set(&self->open_count, 0);
4714 ++ local_set(&self->open_count, 0);
4715 spin_unlock_irqrestore(&self->spinlock, flags);
4716
4717 wake_up_interruptible(&self->open_wait);
4718 @@ -56598,7 +57006,7 @@ diff -urNp linux-2.6.37/net/irda/ircomm/ircomm_tty.c linux-2.6.37/net/irda/ircom
4719
4720 seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
4721 - seq_printf(m, "Open count: %d\n", self->open_count);
4722 -+ seq_printf(m, "Open count: %d\n", atomic_read(&self->open_count));
4723 ++ seq_printf(m, "Open count: %d\n", local_read(&self->open_count));
4724 seq_printf(m, "Max data size: %d\n", self->max_data_size);
4725 seq_printf(m, "Max header size: %d\n", self->max_header_size);
4726
4727 @@ -56619,25 +57027,33 @@ diff -urNp linux-2.6.37/net/key/af_key.c linux-2.6.37/net/key/af_key.c
4728 sk_wmem_alloc_get(s),
4729 diff -urNp linux-2.6.37/net/mac80211/ieee80211_i.h linux-2.6.37/net/mac80211/ieee80211_i.h
4730 --- linux-2.6.37/net/mac80211/ieee80211_i.h 2011-01-04 19:50:19.000000000 -0500
4731 -+++ linux-2.6.37/net/mac80211/ieee80211_i.h 2011-01-17 02:41:02.000000000 -0500
4732 -@@ -704,7 +704,7 @@ struct ieee80211_local {
4733 ++++ linux-2.6.37/net/mac80211/ieee80211_i.h 2011-01-24 18:04:18.000000000 -0500
4734 +@@ -26,6 +26,7 @@
4735 + #include <net/ieee80211_radiotap.h>
4736 + #include <net/cfg80211.h>
4737 + #include <net/mac80211.h>
4738 ++#include <asm/local.h>
4739 + #include "key.h"
4740 + #include "sta_info.h"
4741 +
4742 +@@ -704,7 +705,7 @@ struct ieee80211_local {
4743 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
4744 spinlock_t queue_stop_reason_lock;
4745
4746 - int open_count;
4747 -+ atomic_t open_count;
4748 ++ local_t open_count;
4749 int monitors, cooked_mntrs;
4750 /* number of interfaces with corresponding FIF_ flags */
4751 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
4752 diff -urNp linux-2.6.37/net/mac80211/iface.c linux-2.6.37/net/mac80211/iface.c
4753 --- linux-2.6.37/net/mac80211/iface.c 2011-01-04 19:50:19.000000000 -0500
4754 -+++ linux-2.6.37/net/mac80211/iface.c 2011-01-17 02:41:02.000000000 -0500
4755 ++++ linux-2.6.37/net/mac80211/iface.c 2011-01-24 18:04:18.000000000 -0500
4756 @@ -216,7 +216,7 @@ static int ieee80211_do_open(struct net_
4757 break;
4758 }
4759
4760 - if (local->open_count == 0) {
4761 -+ if (atomic_read(&local->open_count) == 0) {
4762 ++ if (local_read(&local->open_count) == 0) {
4763 res = drv_start(local);
4764 if (res)
4765 goto err_del_bss;
4766 @@ -56646,7 +57062,7 @@ diff -urNp linux-2.6.37/net/mac80211/iface.c linux-2.6.37/net/mac80211/iface.c
4767
4768 if (!is_valid_ether_addr(dev->dev_addr)) {
4769 - if (!local->open_count)
4770 -+ if (!atomic_read(&local->open_count))
4771 ++ if (!local_read(&local->open_count))
4772 drv_stop(local);
4773 return -EADDRNOTAVAIL;
4774 }
4775 @@ -56655,7 +57071,7 @@ diff -urNp linux-2.6.37/net/mac80211/iface.c linux-2.6.37/net/mac80211/iface.c
4776
4777 if (coming_up)
4778 - local->open_count++;
4779 -+ atomic_inc(&local->open_count);
4780 ++ local_inc(&local->open_count);
4781
4782 if (hw_reconf_flags) {
4783 ieee80211_hw_config(local, hw_reconf_flags);
4784 @@ -56664,7 +57080,7 @@ diff -urNp linux-2.6.37/net/mac80211/iface.c linux-2.6.37/net/mac80211/iface.c
4785 drv_remove_interface(local, &sdata->vif);
4786 err_stop:
4787 - if (!local->open_count)
4788 -+ if (!atomic_read(&local->open_count))
4789 ++ if (!local_read(&local->open_count))
4790 drv_stop(local);
4791 err_del_bss:
4792 sdata->bss = NULL;
4793 @@ -56673,7 +57089,7 @@ diff -urNp linux-2.6.37/net/mac80211/iface.c linux-2.6.37/net/mac80211/iface.c
4794
4795 if (going_down)
4796 - local->open_count--;
4797 -+ atomic_dec(&local->open_count);
4798 ++ local_dec(&local->open_count);
4799
4800 switch (sdata->vif.type) {
4801 case NL80211_IFTYPE_AP_VLAN:
4802 @@ -56682,43 +57098,43 @@ diff -urNp linux-2.6.37/net/mac80211/iface.c linux-2.6.37/net/mac80211/iface.c
4803 ieee80211_recalc_ps(local, -1);
4804
4805 - if (local->open_count == 0) {
4806 -+ if (atomic_read(&local->open_count) == 0) {
4807 ++ if (local_read(&local->open_count) == 0) {
4808 if (local->ops->napi_poll)
4809 napi_disable(&local->napi);
4810 ieee80211_clear_tx_pending(local);
4811 diff -urNp linux-2.6.37/net/mac80211/main.c linux-2.6.37/net/mac80211/main.c
4812 --- linux-2.6.37/net/mac80211/main.c 2011-01-04 19:50:19.000000000 -0500
4813 -+++ linux-2.6.37/net/mac80211/main.c 2011-01-17 02:41:02.000000000 -0500
4814 ++++ linux-2.6.37/net/mac80211/main.c 2011-01-24 18:04:18.000000000 -0500
4815 @@ -159,7 +159,7 @@ int ieee80211_hw_config(struct ieee80211
4816 local->hw.conf.power_level = power;
4817 }
4818
4819 - if (changed && local->open_count) {
4820 -+ if (changed && atomic_read(&local->open_count)) {
4821 ++ if (changed && local_read(&local->open_count)) {
4822 ret = drv_config(local, changed);
4823 /*
4824 * Goal:
4825 diff -urNp linux-2.6.37/net/mac80211/pm.c linux-2.6.37/net/mac80211/pm.c
4826 --- linux-2.6.37/net/mac80211/pm.c 2011-01-04 19:50:19.000000000 -0500
4827 -+++ linux-2.6.37/net/mac80211/pm.c 2011-01-17 02:41:02.000000000 -0500
4828 ++++ linux-2.6.37/net/mac80211/pm.c 2011-01-24 18:04:18.000000000 -0500
4829 @@ -95,7 +95,7 @@ int __ieee80211_suspend(struct ieee80211
4830 }
4831
4832 /* stop hardware - this must stop RX */
4833 - if (local->open_count)
4834 -+ if (atomic_read(&local->open_count))
4835 ++ if (local_read(&local->open_count))
4836 ieee80211_stop_device(local);
4837
4838 local->suspended = true;
4839 diff -urNp linux-2.6.37/net/mac80211/rate.c linux-2.6.37/net/mac80211/rate.c
4840 --- linux-2.6.37/net/mac80211/rate.c 2011-01-04 19:50:19.000000000 -0500
4841 -+++ linux-2.6.37/net/mac80211/rate.c 2011-01-17 02:41:02.000000000 -0500
4842 ++++ linux-2.6.37/net/mac80211/rate.c 2011-01-24 18:04:18.000000000 -0500
4843 @@ -361,7 +361,7 @@ int ieee80211_init_rate_ctrl_alg(struct
4844
4845 ASSERT_RTNL();
4846
4847 - if (local->open_count)
4848 -+ if (atomic_read(&local->open_count))
4849 ++ if (local_read(&local->open_count))
4850 return -EBUSY;
4851
4852 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
4853 @@ -56748,13 +57164,13 @@ diff -urNp linux-2.6.37/net/mac80211/tx.c linux-2.6.37/net/mac80211/tx.c
4854 return local == wdev_priv(dev->ieee80211_ptr);
4855 diff -urNp linux-2.6.37/net/mac80211/util.c linux-2.6.37/net/mac80211/util.c
4856 --- linux-2.6.37/net/mac80211/util.c 2011-01-04 19:50:19.000000000 -0500
4857 -+++ linux-2.6.37/net/mac80211/util.c 2011-01-17 02:41:02.000000000 -0500
4858 ++++ linux-2.6.37/net/mac80211/util.c 2011-01-24 18:04:18.000000000 -0500
4859 @@ -1111,7 +1111,7 @@ int ieee80211_reconfig(struct ieee80211_
4860 local->resuming = true;
4861
4862 /* restart hardware */
4863 - if (local->open_count) {
4864 -+ if (atomic_read(&local->open_count)) {
4865 ++ if (local_read(&local->open_count)) {
4866 /*
4867 * Upon resume hardware can sometimes be goofy due to
4868 * various platform / driver / bus issues, so restarting
4869 @@ -57730,8 +58146,8 @@ diff -urNp linux-2.6.37/security/integrity/ima/ima_queue.c linux-2.6.37/security
4870 return 0;
4871 diff -urNp linux-2.6.37/security/Kconfig linux-2.6.37/security/Kconfig
4872 --- linux-2.6.37/security/Kconfig 2011-01-04 19:50:19.000000000 -0500
4873 -+++ linux-2.6.37/security/Kconfig 2011-01-17 02:41:02.000000000 -0500
4874 -@@ -4,6 +4,509 @@
4875 ++++ linux-2.6.37/security/Kconfig 2011-02-12 11:32:56.000000000 -0500
4876 +@@ -4,6 +4,527 @@
4877
4878 menu "Security options"
4879
4880 @@ -57977,6 +58393,24 @@ diff -urNp linux-2.6.37/security/Kconfig linux-2.6.37/security/Kconfig
4881 + NOTE: you can use the 'chpax' or 'paxctl' utilities to control
4882 + this feature on a per file basis.
4883 +
4884 ++config PAX_MPROTECT_COMPAT
4885 ++ bool "Use legacy/compat protection demoting (read help)"
4886 ++ depends on PAX_MPROTECT
4887 ++ default n
4888 ++ help
4889 ++ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
4890 ++ by sending the proper error code to the application. For some broken
4891 ++ userland, this can cause problems with Python or other applications. The
4892 ++ current implementation however allows for applications like clamav to
4893 ++ detect if JIT compilation/execution is allowed and to fall back gracefully
4894 ++ to an interpreter-based mode if it does not. While we encourage everyone
4895 ++ to use the current implementation as-is and push upstream to fix broken
4896 ++ userland (note that the RWX logging option can assist with this), in some
4897 ++ environments this may not be possible. Having to disable MPROTECT
4898 ++ completely on certain binaries reduces the security benefit of PaX,
4899 ++ so this option is provided for those environments to revert to the old
4900 ++ behavior.
4901 ++
4902 +config PAX_ELFRELOCS
4903 + bool "Allow ELF text relocations (read help)"
4904 + depends on PAX_MPROTECT
4905 @@ -58241,7 +58675,7 @@ diff -urNp linux-2.6.37/security/Kconfig linux-2.6.37/security/Kconfig
4906 config KEYS
4907 bool "Enable access key retention support"
4908 help
4909 -@@ -136,7 +639,7 @@ config INTEL_TXT
4910 +@@ -136,7 +657,7 @@ config INTEL_TXT
4911 config LSM_MMAP_MIN_ADDR
4912 int "Low address space for LSM to protect from user allocation"
4913 depends on SECURITY && SECURITY_SELINUX
4914 @@ -58271,7 +58705,7 @@ diff -urNp linux-2.6.37/security/min_addr.c linux-2.6.37/security/min_addr.c
4915 /*
4916 diff -urNp linux-2.6.37/security/security.c linux-2.6.37/security/security.c
4917 --- linux-2.6.37/security/security.c 2011-01-04 19:50:19.000000000 -0500
4918 -+++ linux-2.6.37/security/security.c 2011-01-17 02:41:02.000000000 -0500
4919 ++++ linux-2.6.37/security/security.c 2011-02-12 10:36:34.000000000 -0500
4920 @@ -25,8 +25,8 @@ static __initdata char chosen_lsm[SECURI
4921 /* things that live in capability.c */
4922 extern void __init security_fixup_ops(struct security_operations *ops);
4923 @@ -58293,9 +58727,22 @@ diff -urNp linux-2.6.37/security/security.c linux-2.6.37/security/security.c
4924 }
4925
4926 /* Save user chosen LSM */
4927 +@@ -154,10 +156,9 @@ int security_capset(struct cred *new, co
4928 + effective, inheritable, permitted);
4929 + }
4930 +
4931 +-int security_capable(int cap)
4932 ++int security_capable(const struct cred *cred, int cap)
4933 + {
4934 +- return security_ops->capable(current, current_cred(), cap,
4935 +- SECURITY_CAP_AUDIT);
4936 ++ return security_ops->capable(current, cred, cap, SECURITY_CAP_AUDIT);
4937 + }
4938 +
4939 + int security_real_capable(struct task_struct *tsk, int cap)
4940 diff -urNp linux-2.6.37/security/selinux/hooks.c linux-2.6.37/security/selinux/hooks.c
4941 --- linux-2.6.37/security/selinux/hooks.c 2011-01-04 19:50:19.000000000 -0500
4942 -+++ linux-2.6.37/security/selinux/hooks.c 2011-01-17 02:41:02.000000000 -0500
4943 ++++ linux-2.6.37/security/selinux/hooks.c 2011-02-12 11:02:14.000000000 -0500
4944 @@ -90,7 +90,6 @@
4945 #define NUM_SEL_MNT_OPTS 5
4946
4947 @@ -58304,7 +58751,20 @@ diff -urNp linux-2.6.37/security/selinux/hooks.c linux-2.6.37/security/selinux/h
4948
4949 /* SECMARK reference count */
4950 atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
4951 -@@ -5388,7 +5387,7 @@ static int selinux_key_getsecurity(struc
4952 +@@ -3195,7 +3194,11 @@ static void selinux_cred_free(struct cre
4953 + {
4954 + struct task_security_struct *tsec = cred->security;
4955 +
4956 +- BUG_ON((unsigned long) cred->security < PAGE_SIZE);
4957 ++ /*
4958 ++ * cred->security == NULL if security_cred_alloc_blank() or
4959 ++ * security_prepare_creds() returned an error.
4960 ++ */
4961 ++ BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
4962 + cred->security = (void *) 0x7UL;
4963 + kfree(tsec);
4964 + }
4965 +@@ -5388,7 +5391,7 @@ static int selinux_key_getsecurity(struc
4966
4967 #endif
4968
4969 @@ -58339,13 +58799,13 @@ diff -urNp linux-2.6.37/security/tomoyo/tomoyo.c linux-2.6.37/security/tomoyo/to
4970 .cred_prepare = tomoyo_cred_prepare,
4971 diff -urNp linux-2.6.37/sound/aoa/codecs/onyx.c linux-2.6.37/sound/aoa/codecs/onyx.c
4972 --- linux-2.6.37/sound/aoa/codecs/onyx.c 2011-01-04 19:50:19.000000000 -0500
4973 -+++ linux-2.6.37/sound/aoa/codecs/onyx.c 2011-01-17 02:41:02.000000000 -0500
4974 ++++ linux-2.6.37/sound/aoa/codecs/onyx.c 2011-01-24 18:04:18.000000000 -0500
4975 @@ -54,7 +54,7 @@ struct onyx {
4976 spdif_locked:1,
4977 analog_locked:1,
4978 original_mute:2;
4979 - int open_count;
4980 -+ atomic_t open_count;
4981 ++ local_t open_count;
4982 struct codec_info *codec_info;
4983
4984 /* mutex serializes concurrent access to the device
4985 @@ -58354,7 +58814,7 @@ diff -urNp linux-2.6.37/sound/aoa/codecs/onyx.c linux-2.6.37/sound/aoa/codecs/on
4986
4987 mutex_lock(&onyx->mutex);
4988 - onyx->open_count++;
4989 -+ atomic_inc(&onyx->open_count);
4990 ++ local_inc(&onyx->open_count);
4991 mutex_unlock(&onyx->mutex);
4992
4993 return 0;
4994 @@ -58364,10 +58824,21 @@ diff -urNp linux-2.6.37/sound/aoa/codecs/onyx.c linux-2.6.37/sound/aoa/codecs/on
4995 mutex_lock(&onyx->mutex);
4996 - onyx->open_count--;
4997 - if (!onyx->open_count)
4998 -+ if (atomic_dec_and_test(&onyx->open_count))
4999 ++ if (local_dec_and_test(&onyx->open_count))
5000 onyx->spdif_locked = onyx->analog_locked = 0;
5001 mutex_unlock(&onyx->mutex);
5002
5003 +diff -urNp linux-2.6.37/sound/aoa/codecs/onyx.h linux-2.6.37/sound/aoa/codecs/onyx.h
5004 +--- linux-2.6.37/sound/aoa/codecs/onyx.h 2011-01-04 19:50:19.000000000 -0500
5005 ++++ linux-2.6.37/sound/aoa/codecs/onyx.h 2011-01-25 20:24:56.000000000 -0500
5006 +@@ -11,6 +11,7 @@
5007 + #include <linux/i2c.h>
5008 + #include <asm/pmac_low_i2c.h>
5009 + #include <asm/prom.h>
5010 ++#include <asm/local.h>
5011 +
5012 + /* PCM3052 register definitions */
5013 +
5014 diff -urNp linux-2.6.37/sound/core/oss/pcm_oss.c linux-2.6.37/sound/core/oss/pcm_oss.c
5015 --- linux-2.6.37/sound/core/oss/pcm_oss.c 2011-01-04 19:50:19.000000000 -0500
5016 +++ linux-2.6.37/sound/core/oss/pcm_oss.c 2011-01-17 02:41:02.000000000 -0500
5017 @@ -58402,64 +58873,80 @@ diff -urNp linux-2.6.37/sound/core/seq/seq_lock.h linux-2.6.37/sound/core/seq/se
5018
5019 diff -urNp linux-2.6.37/sound/drivers/mts64.c linux-2.6.37/sound/drivers/mts64.c
5020 --- linux-2.6.37/sound/drivers/mts64.c 2011-01-04 19:50:19.000000000 -0500
5021 -+++ linux-2.6.37/sound/drivers/mts64.c 2011-01-17 02:41:02.000000000 -0500
5022 -@@ -66,7 +66,7 @@ struct mts64 {
5023 ++++ linux-2.6.37/sound/drivers/mts64.c 2011-01-25 22:35:55.000000000 -0500
5024 +@@ -28,6 +28,7 @@
5025 + #include <sound/initval.h>
5026 + #include <sound/rawmidi.h>
5027 + #include <sound/control.h>
5028 ++#include <asm/local.h>
5029 +
5030 + #define CARD_NAME "Miditerminal 4140"
5031 + #define DRIVER_NAME "MTS64"
5032 +@@ -66,7 +67,7 @@ struct mts64 {
5033 struct pardevice *pardev;
5034 int pardev_claimed;
5035
5036 - int open_count;
5037 -+ atomic_t open_count;
5038 ++ local_t open_count;
5039 int current_midi_output_port;
5040 int current_midi_input_port;
5041 u8 mode[MTS64_NUM_INPUT_PORTS];
5042 -@@ -696,7 +696,7 @@ static int snd_mts64_rawmidi_open(struct
5043 +@@ -696,7 +697,7 @@ static int snd_mts64_rawmidi_open(struct
5044 {
5045 struct mts64 *mts = substream->rmidi->private_data;
5046
5047 - if (mts->open_count == 0) {
5048 -+ if (atomic_read(&mts->open_count) == 0) {
5049 ++ if (local_read(&mts->open_count) == 0) {
5050 /* We don't need a spinlock here, because this is just called
5051 if the device has not been opened before.
5052 So there aren't any IRQs from the device */
5053 -@@ -704,7 +704,7 @@ static int snd_mts64_rawmidi_open(struct
5054 +@@ -704,7 +705,7 @@ static int snd_mts64_rawmidi_open(struct
5055
5056 msleep(50);
5057 }
5058 - ++(mts->open_count);
5059 -+ atomic_inc(&mts->open_count);
5060 ++ local_inc(&mts->open_count);
5061
5062 return 0;
5063 }
5064 -@@ -714,8 +714,7 @@ static int snd_mts64_rawmidi_close(struc
5065 +@@ -714,8 +715,7 @@ static int snd_mts64_rawmidi_close(struc
5066 struct mts64 *mts = substream->rmidi->private_data;
5067 unsigned long flags;
5068
5069 - --(mts->open_count);
5070 - if (mts->open_count == 0) {
5071 -+ if (atomic_dec_return(&mts->open_count) == 0) {
5072 ++ if (local_dec_return(&mts->open_count) == 0) {
5073 /* We need the spinlock_irqsave here because we can still
5074 have IRQs at this point */
5075 spin_lock_irqsave(&mts->lock, flags);
5076 -@@ -724,8 +723,8 @@ static int snd_mts64_rawmidi_close(struc
5077 +@@ -724,8 +724,8 @@ static int snd_mts64_rawmidi_close(struc
5078
5079 msleep(500);
5080
5081 - } else if (mts->open_count < 0)
5082 - mts->open_count = 0;
5083 -+ } else if (atomic_read(&mts->open_count) < 0)
5084 -+ atomic_set(&mts->open_count, 0);
5085 ++ } else if (local_read(&mts->open_count) < 0)
5086 ++ local_set(&mts->open_count, 0);
5087
5088 return 0;
5089 }
5090 diff -urNp linux-2.6.37/sound/drivers/portman2x4.c linux-2.6.37/sound/drivers/portman2x4.c
5091 --- linux-2.6.37/sound/drivers/portman2x4.c 2011-01-04 19:50:19.000000000 -0500
5092 -+++ linux-2.6.37/sound/drivers/portman2x4.c 2011-01-17 02:41:02.000000000 -0500
5093 -@@ -84,7 +84,7 @@ struct portman {
5094 ++++ linux-2.6.37/sound/drivers/portman2x4.c 2011-01-25 20:24:56.000000000 -0500
5095 +@@ -47,6 +47,7 @@
5096 + #include <sound/initval.h>
5097 + #include <sound/rawmidi.h>
5098 + #include <sound/control.h>
5099 ++#include <asm/local.h>
5100 +
5101 + #define CARD_NAME "Portman 2x4"
5102 + #define DRIVER_NAME "portman"
5103 +@@ -84,7 +85,7 @@ struct portman {
5104 struct pardevice *pardev;
5105 int pardev_claimed;
5106
5107 - int open_count;
5108 -+ atomic_t open_count;
5109 ++ local_t open_count;
5110 int mode[PORTMAN_NUM_INPUT_PORTS];
5111 struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
5112 };
5113
5114 diff --git a/2.6.37/4440_selinux-avc_audit-log-curr_ip.patch b/2.6.37/4440_selinux-avc_audit-log-curr_ip.patch
5115 index e8b9c36..c7c942f 100644
5116 --- a/2.6.37/4440_selinux-avc_audit-log-curr_ip.patch
5117 +++ b/2.6.37/4440_selinux-avc_audit-log-curr_ip.patch
5118 @@ -27,7 +27,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
5119
5120 --- a/grsecurity/Kconfig
5121 +++ b/grsecurity/Kconfig
5122 -@@ -1385,6 +1385,27 @@
5123 +@@ -1230,6 +1230,27 @@
5124 menu "Logging Options"
5125 depends on GRKERNSEC
Report Message
Find on MARC Find on Google Groups