Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.2.52/, 3.11.6/
Date: Sat, 02 Nov 2013 18:18:33
Message-Id: 1383416310.5fcf1f57353ec2e21e3188a44395732536d92ed7.blueness@gentoo
1 commit: 5fcf1f57353ec2e21e3188a44395732536d92ed7
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Nov 2 18:18:30 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Nov 2 18:18:30 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=5fcf1f57
7
8 Grsec/PaX: 2.9.1-{2.6.32.61,3.2.52,3.11.6}-201310292050
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.61-201310292048.patch} | 364 +++++++++++++++++++--
13 3.11.6/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.11.6-201310292050.patch} | 133 +++++++-
15 3.2.52/0000_README | 2 +-
16 ...420_grsecurity-2.9.1-3.2.52-201310292049.patch} | 141 +++++++-
17 6 files changed, 602 insertions(+), 42 deletions(-)
18
19 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20 index 3fdf601..2e904e0 100644
21 --- a/2.6.32/0000_README
22 +++ b/2.6.32/0000_README
23 @@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch
24 From: http://www.kernel.org
25 Desc: Linux 2.6.32.61
26
27 -Patch: 4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch
28 +Patch: 4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
34 similarity index 99%
35 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch
36 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
37 index 995d206..4220829 100644
38 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310271545.patch
39 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
40 @@ -42556,10 +42556,38 @@ index 31e7c91..161afc0 100644
41 return -EINVAL;
42 else
43 diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
44 -index 006466d..a2bb21c 100644
45 +index 006466d..b1acdc1 100644
46 --- a/drivers/char/hpet.c
47 +++ b/drivers/char/hpet.c
48 -@@ -430,7 +430,7 @@ static int hpet_release(struct inode *inode, struct file *file)
49 +@@ -355,26 +355,14 @@ static int hpet_mmap(struct file *file, struct vm_area_struct *vma)
50 + struct hpet_dev *devp;
51 + unsigned long addr;
52 +
53 +- if (((vma->vm_end - vma->vm_start) != PAGE_SIZE) || vma->vm_pgoff)
54 +- return -EINVAL;
55 +-
56 + devp = file->private_data;
57 + addr = devp->hd_hpets->hp_hpet_phys;
58 +
59 + if (addr & (PAGE_SIZE - 1))
60 + return -ENOSYS;
61 +
62 +- vma->vm_flags |= VM_IO;
63 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
64 +-
65 +- if (io_remap_pfn_range(vma, vma->vm_start, addr >> PAGE_SHIFT,
66 +- PAGE_SIZE, vma->vm_page_prot)) {
67 +- printk(KERN_ERR "%s: io_remap_pfn_range failed\n",
68 +- __func__);
69 +- return -EAGAIN;
70 +- }
71 +-
72 +- return 0;
73 ++ return vm_iomap_memory(vma, addr, PAGE_SIZE);
74 + #else
75 + return -ENOSYS;
76 + #endif
77 +@@ -430,7 +418,7 @@ static int hpet_release(struct inode *inode, struct file *file)
78 return 0;
79 }
80
81 @@ -42568,7 +42596,7 @@ index 006466d..a2bb21c 100644
82
83 static int
84 hpet_ioctl(struct inode *inode, struct file *file, unsigned int cmd,
85 -@@ -565,7 +565,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
86 +@@ -565,7 +553,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
87 }
88
89 static int
90 @@ -42577,7 +42605,7 @@ index 006466d..a2bb21c 100644
91 {
92 struct hpet_timer __iomem *timer;
93 struct hpet __iomem *hpet;
94 -@@ -608,11 +608,11 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel)
95 +@@ -608,11 +596,11 @@ hpet_ioctl_common(struct hpet_dev *devp, int cmd, unsigned long arg, int kernel)
96 {
97 struct hpet_info info;
98
99 @@ -71406,7 +71434,7 @@ index 56eb6cc..fabe98a 100644
100 return 0;
101
102 diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
103 -index e941367..b631f5a 100644
104 +index e941367..d73efa7 100644
105 --- a/drivers/uio/uio.c
106 +++ b/drivers/uio/uio.c
107 @@ -23,6 +23,7 @@
108 @@ -71493,7 +71521,29 @@ index e941367..b631f5a 100644
109 if (event_count != listener->event_count) {
110 if (copy_to_user(buf, &event_count, count))
111 retval = -EFAULT;
112 -@@ -624,13 +625,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
113 +@@ -609,14 +610,16 @@ static ssize_t uio_write(struct file *filep, const char __user *buf,
114 +
115 + static int uio_find_mem_index(struct vm_area_struct *vma)
116 + {
117 +- int mi;
118 + struct uio_device *idev = vma->vm_private_data;
119 ++ unsigned long size;
120 +
121 +- for (mi = 0; mi < MAX_UIO_MAPS; mi++) {
122 +- if (idev->info->mem[mi].size == 0)
123 ++ if (vma->vm_pgoff < MAX_UIO_MAPS) {
124 ++ size = idev->info->mem[vma->vm_pgoff].size;
125 ++ if (size == 0)
126 + return -1;
127 +- if (vma->vm_pgoff == mi)
128 +- return mi;
129 ++ if (vma->vm_end - vma->vm_start > size)
130 ++ return -1;
131 ++ return (int)vma->vm_pgoff;
132 + }
133 + return -1;
134 + }
135 +@@ -624,13 +627,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
136 static void uio_vma_open(struct vm_area_struct *vma)
137 {
138 struct uio_device *idev = vma->vm_private_data;
139 @@ -71509,7 +71559,36 @@ index e941367..b631f5a 100644
140 }
141
142 static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
143 -@@ -840,7 +841,7 @@ int __uio_register_device(struct module *owner,
144 +@@ -669,16 +672,25 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
145 + {
146 + struct uio_device *idev = vma->vm_private_data;
147 + int mi = uio_find_mem_index(vma);
148 ++ struct uio_mem *mem;
149 + if (mi < 0)
150 + return -EINVAL;
151 +-
152 +- vma->vm_flags |= VM_IO | VM_RESERVED;
153 ++ mem = idev->info->mem + mi;
154 +
155 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
156 +
157 ++ /*
158 ++ * We cannot use the vm_iomap_memory() helper here,
159 ++ * because vma->vm_pgoff is the map index we looked
160 ++ * up above in uio_find_mem_index(), rather than an
161 ++ * actual page offset into the mmap.
162 ++ *
163 ++ * So we just do the physical mmap without a page
164 ++ * offset.
165 ++ */
166 + return remap_pfn_range(vma,
167 + vma->vm_start,
168 +- idev->info->mem[mi].addr >> PAGE_SHIFT,
169 ++ mem->addr >> PAGE_SHIFT,
170 + vma->vm_end - vma->vm_start,
171 + vma->vm_page_prot);
172 + }
173 +@@ -840,7 +852,7 @@ int __uio_register_device(struct module *owner,
174 idev->owner = owner;
175 idev->info = info;
176 init_waitqueue_head(&idev->wait);
177 @@ -71932,6 +72011,99 @@ index 1a056ad..221bd6ae 100644
178 .get_brightness = radeon_bl_get_brightness,
179 .update_status = radeon_bl_update_status,
180 };
181 +diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
182 +index a699aab..3042400 100644
183 +--- a/drivers/video/au1100fb.c
184 ++++ b/drivers/video/au1100fb.c
185 +@@ -392,39 +392,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
186 + int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
187 + {
188 + struct au1100fb_device *fbdev;
189 +- unsigned int len;
190 +- unsigned long start=0, off;
191 +
192 + fbdev = to_au1100fb_device(fbi);
193 +
194 +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
195 +- return -EINVAL;
196 +- }
197 +-
198 +- start = fbdev->fb_phys & PAGE_MASK;
199 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
200 +-
201 +- off = vma->vm_pgoff << PAGE_SHIFT;
202 +-
203 +- if ((vma->vm_end - vma->vm_start + off) > len) {
204 +- return -EINVAL;
205 +- }
206 +-
207 +- off += start;
208 +- vma->vm_pgoff = off >> PAGE_SHIFT;
209 +-
210 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
211 + pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
212 +
213 +- vma->vm_flags |= VM_IO;
214 +-
215 +- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
216 +- vma->vm_end - vma->vm_start,
217 +- vma->vm_page_prot)) {
218 +- return -EAGAIN;
219 +- }
220 +-
221 +- return 0;
222 ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
223 + }
224 +
225 + /* fb_cursor
226 +diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
227 +index 0d96f1d..1c33b79 100644
228 +--- a/drivers/video/au1200fb.c
229 ++++ b/drivers/video/au1200fb.c
230 +@@ -1241,42 +1241,17 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
231 + * method mainly to allow the use of the TLB streaming flag (CCA=6)
232 + */
233 + static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
234 +-
235 + {
236 +- unsigned int len;
237 +- unsigned long start=0, off;
238 + struct au1200fb_device *fbdev = (struct au1200fb_device *) info;
239 +
240 + #ifdef CONFIG_PM
241 + au1xxx_pm_access(LCD_pm_dev);
242 + #endif
243 +
244 +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
245 +- return -EINVAL;
246 +- }
247 +-
248 +- start = fbdev->fb_phys & PAGE_MASK;
249 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
250 +-
251 +- off = vma->vm_pgoff << PAGE_SHIFT;
252 +-
253 +- if ((vma->vm_end - vma->vm_start + off) > len) {
254 +- return -EINVAL;
255 +- }
256 +-
257 +- off += start;
258 +- vma->vm_pgoff = off >> PAGE_SHIFT;
259 +-
260 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
261 + pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
262 +
263 +- vma->vm_flags |= VM_IO;
264 +-
265 +- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
266 +- vma->vm_end - vma->vm_start,
267 +- vma->vm_page_prot);
268 +-
269 +- return 0;
270 ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
271 + }
272 +
273 + static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
274 diff --git a/drivers/video/backlight/adp5520_bl.c b/drivers/video/backlight/adp5520_bl.c
275 index ad05da5..3cb2cb9 100644
276 --- a/drivers/video/backlight/adp5520_bl.c
277 @@ -72220,7 +72392,7 @@ index f53b9f1..958bf4e 100644
278 goto out1;
279 }
280 diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
281 -index 99bbd28..ad3829e 100644
282 +index 99bbd28..73f1778 100644
283 --- a/drivers/video/fbmem.c
284 +++ b/drivers/video/fbmem.c
285 @@ -403,7 +403,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
286 @@ -72268,6 +72440,73 @@ index 99bbd28..ad3829e 100644
287 return -EINVAL;
288 if (!registered_fb[con2fb.framebuffer])
289 request_module("fb%d", con2fb.framebuffer);
290 +@@ -1323,14 +1327,14 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
291 + {
292 + int fbidx = iminor(file->f_path.dentry->d_inode);
293 + struct fb_info *info = registered_fb[fbidx];
294 +- struct fb_ops *fb = info->fbops;
295 +- unsigned long off;
296 ++ struct fb_ops *fb;
297 ++ unsigned long mmio_pgoff;
298 + unsigned long start;
299 + u32 len;
300 +
301 +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT))
302 +- return -EINVAL;
303 +- off = vma->vm_pgoff << PAGE_SHIFT;
304 ++ if (!info || info != file->private_data)
305 ++ return -ENODEV;
306 ++ fb = info->fbops;
307 + if (!fb)
308 + return -ENODEV;
309 + mutex_lock(&info->mm_lock);
310 +@@ -1341,32 +1345,24 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
311 + return res;
312 + }
313 +
314 +- /* frame buffer memory */
315 ++ /*
316 ++ * Ugh. This can be either the frame buffer mapping, or
317 ++ * if pgoff points past it, the mmio mapping.
318 ++ */
319 + start = info->fix.smem_start;
320 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.smem_len);
321 +- if (off >= len) {
322 +- /* memory mapped io */
323 +- off -= len;
324 +- if (info->var.accel_flags) {
325 +- mutex_unlock(&info->mm_lock);
326 +- return -EINVAL;
327 +- }
328 ++ len = info->fix.smem_len;
329 ++ mmio_pgoff = PAGE_ALIGN((start & ~PAGE_MASK) + len) >> PAGE_SHIFT;
330 ++ if (vma->vm_pgoff >= mmio_pgoff) {
331 ++ vma->vm_pgoff -= mmio_pgoff;
332 + start = info->fix.mmio_start;
333 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len);
334 ++ len = info->fix.mmio_len;
335 + }
336 + mutex_unlock(&info->mm_lock);
337 +- start &= PAGE_MASK;
338 +- if ((vma->vm_end - vma->vm_start + off) > len)
339 +- return -EINVAL;
340 +- off += start;
341 +- vma->vm_pgoff = off >> PAGE_SHIFT;
342 +- /* This is an IO map - tell maydump to skip this VMA */
343 +- vma->vm_flags |= VM_IO | VM_RESERVED;
344 +- fb_pgprotect(file, vma, off);
345 +- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
346 +- vma->vm_end - vma->vm_start, vma->vm_page_prot))
347 +- return -EAGAIN;
348 +- return 0;
349 ++
350 ++ vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
351 ++ fb_pgprotect(file, vma, start);
352 ++
353 ++ return vm_iomap_memory(vma, start, len);
354 + }
355 +
356 + static int
357 diff --git a/drivers/video/geode/gx1fb_core.c b/drivers/video/geode/gx1fb_core.c
358 index f20eff8..3e4f622 100644
359 --- a/drivers/video/geode/gx1fb_core.c
360 @@ -100222,7 +100461,7 @@ index 3797270..7765ede 100644
361 struct mca_bus {
362 u64 default_dma_mask;
363 diff --git a/include/linux/mm.h b/include/linux/mm.h
364 -index 11e5be6..8a2af3a 100644
365 +index 11e5be6..947f41d 100644
366 --- a/include/linux/mm.h
367 +++ b/include/linux/mm.h
368 @@ -106,7 +106,14 @@ extern unsigned int kobjsize(const void *objp);
369 @@ -100345,7 +100584,16 @@ index 11e5be6..8a2af3a 100644
370 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
371 int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
372 unsigned long pfn, unsigned long size, pgprot_t);
373 -@@ -1263,6 +1296,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
374 +@@ -1243,6 +1276,8 @@ int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr,
375 + unsigned long pfn);
376 + int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
377 + unsigned long pfn);
378 ++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len);
379 ++
380 +
381 + struct page *follow_page(struct vm_area_struct *, unsigned long address,
382 + unsigned int foll_flags);
383 +@@ -1263,6 +1298,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
384 static inline void vm_stat_account(struct mm_struct *mm,
385 unsigned long flags, struct file *file, long pages)
386 {
387 @@ -100357,7 +100605,7 @@ index 11e5be6..8a2af3a 100644
388 }
389 #endif /* CONFIG_PROC_FS */
390
391 -@@ -1332,7 +1370,13 @@ extern void memory_failure(unsigned long pfn, int trapno);
392 +@@ -1332,7 +1372,13 @@ extern void memory_failure(unsigned long pfn, int trapno);
393 extern int __memory_failure(unsigned long pfn, int trapno, int ref);
394 extern int sysctl_memory_failure_early_kill;
395 extern int sysctl_memory_failure_recovery;
396 @@ -110754,7 +111002,7 @@ index 8aeba53..b4a4198 100644
397 /*
398 * We need/can do nothing about count=0 pages.
399 diff --git a/mm/memory.c b/mm/memory.c
400 -index 6c836d3..b2296e1 100644
401 +index 6c836d3..831af24 100644
402 --- a/mm/memory.c
403 +++ b/mm/memory.c
404 @@ -187,8 +187,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
405 @@ -110856,7 +111104,61 @@ index 6c836d3..b2296e1 100644
406
407 if (addr < vma->vm_start || addr >= vma->vm_end)
408 return -EFAULT;
409 -@@ -1855,7 +1879,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
410 +@@ -1811,6 +1835,53 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
411 + }
412 + EXPORT_SYMBOL(remap_pfn_range);
413 +
414 ++/**
415 ++ * vm_iomap_memory - remap memory to userspace
416 ++ * @vma: user vma to map to
417 ++ * @start: start of area
418 ++ * @len: size of area
419 ++ *
420 ++ * This is a simplified io_remap_pfn_range() for common driver use. The
421 ++ * driver just needs to give us the physical memory range to be mapped,
422 ++ * we'll figure out the rest from the vma information.
423 ++ *
424 ++ * NOTE! Some drivers might want to tweak vma->vm_page_prot first to get
425 ++ * whatever write-combining details or similar.
426 ++ */
427 ++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len)
428 ++{
429 ++ unsigned long vm_len, pfn, pages;
430 ++
431 ++ /* Check that the physical memory area passed in looks valid */
432 ++ if (start + len < start)
433 ++ return -EINVAL;
434 ++ /*
435 ++ * You *really* shouldn't map things that aren't page-aligned,
436 ++ * but we've historically allowed it because IO memory might
437 ++ * just have smaller alignment.
438 ++ */
439 ++ len += start & ~PAGE_MASK;
440 ++ pfn = start >> PAGE_SHIFT;
441 ++ pages = (len + ~PAGE_MASK) >> PAGE_SHIFT;
442 ++ if (pfn + pages < pfn)
443 ++ return -EINVAL;
444 ++
445 ++ /* We start the mapping 'vm_pgoff' pages into the area */
446 ++ if (vma->vm_pgoff > pages)
447 ++ return -EINVAL;
448 ++ pfn += vma->vm_pgoff;
449 ++ pages -= vma->vm_pgoff;
450 ++
451 ++ /* Can we fit all of the mapping? */
452 ++ vm_len = vma->vm_end - vma->vm_start;
453 ++ if (vm_len >> PAGE_SHIFT > pages)
454 ++ return -EINVAL;
455 ++
456 ++ /* Ok, let it rip */
457 ++ return io_remap_pfn_range(vma, vma->vm_start, pfn, vm_len, vma->vm_page_prot);
458 ++}
459 ++EXPORT_SYMBOL(vm_iomap_memory);
460 ++
461 + static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd,
462 + unsigned long addr, unsigned long end,
463 + pte_fn_t fn, void *data)
464 +@@ -1855,7 +1926,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
465
466 BUG_ON(pud_huge(*pud));
467
468 @@ -110867,7 +111169,7 @@ index 6c836d3..b2296e1 100644
469 if (!pmd)
470 return -ENOMEM;
471 do {
472 -@@ -1875,7 +1901,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
473 +@@ -1875,7 +1948,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
474 unsigned long next;
475 int err;
476
477 @@ -110878,7 +111180,7 @@ index 6c836d3..b2296e1 100644
478 if (!pud)
479 return -ENOMEM;
480 do {
481 -@@ -1977,6 +2005,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
482 +@@ -1977,6 +2052,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
483 copy_user_highpage(dst, src, va, vma);
484 }
485
486 @@ -111065,7 +111367,7 @@ index 6c836d3..b2296e1 100644
487 /*
488 * This routine handles present pages, when users try to write
489 * to a shared page. It is done by copying the page to a new address
490 -@@ -2156,6 +2364,12 @@ gotten:
491 +@@ -2156,6 +2411,12 @@ gotten:
492 */
493 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
494 if (likely(pte_same(*page_table, orig_pte))) {
495 @@ -111078,7 +111380,7 @@ index 6c836d3..b2296e1 100644
496 if (old_page) {
497 if (!PageAnon(old_page)) {
498 dec_mm_counter(mm, file_rss);
499 -@@ -2207,6 +2421,10 @@ gotten:
500 +@@ -2207,6 +2468,10 @@ gotten:
501 page_remove_rmap(old_page);
502 }
503
504 @@ -111089,7 +111391,7 @@ index 6c836d3..b2296e1 100644
505 /* Free the old page.. */
506 new_page = old_page;
507 ret |= VM_FAULT_WRITE;
508 -@@ -2606,6 +2824,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
509 +@@ -2606,6 +2871,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
510 swap_free(entry);
511 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
512 try_to_free_swap(page);
513 @@ -111101,7 +111403,7 @@ index 6c836d3..b2296e1 100644
514 unlock_page(page);
515
516 if (flags & FAULT_FLAG_WRITE) {
517 -@@ -2617,6 +2840,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
518 +@@ -2617,6 +2887,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
519
520 /* No need to invalidate - it was non-present before */
521 update_mmu_cache(vma, address, pte);
522 @@ -111113,7 +111415,7 @@ index 6c836d3..b2296e1 100644
523 unlock:
524 pte_unmap_unlock(page_table, ptl);
525 out:
526 -@@ -2632,40 +2860,6 @@ out_release:
527 +@@ -2632,40 +2907,6 @@ out_release:
528 }
529
530 /*
531 @@ -111154,7 +111456,7 @@ index 6c836d3..b2296e1 100644
532 * We enter with non-exclusive mmap_sem (to exclude vma changes,
533 * but allow concurrent faults), and pte mapped but not yet locked.
534 * We return with mmap_sem still held, but pte unmapped and unlocked.
535 -@@ -2674,27 +2868,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
536 +@@ -2674,27 +2915,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
537 unsigned long address, pte_t *page_table, pmd_t *pmd,
538 unsigned int flags)
539 {
540 @@ -111187,7 +111489,7 @@ index 6c836d3..b2296e1 100644
541 if (unlikely(anon_vma_prepare(vma)))
542 goto oom;
543 page = alloc_zeroed_user_highpage_movable(vma, address);
544 -@@ -2713,6 +2903,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
545 +@@ -2713,6 +2950,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
546 if (!pte_none(*page_table))
547 goto release;
548
549 @@ -111199,7 +111501,7 @@ index 6c836d3..b2296e1 100644
550 inc_mm_counter(mm, anon_rss);
551 page_add_new_anon_rmap(page, vma, address);
552 setpte:
553 -@@ -2720,6 +2915,12 @@ setpte:
554 +@@ -2720,6 +2962,12 @@ setpte:
555
556 /* No need to invalidate - it was non-present before */
557 update_mmu_cache(vma, address, entry);
558 @@ -111212,7 +111514,7 @@ index 6c836d3..b2296e1 100644
559 unlock:
560 pte_unmap_unlock(page_table, ptl);
561 return 0;
562 -@@ -2862,6 +3063,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
563 +@@ -2862,6 +3110,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
564 */
565 /* Only go through if we didn't race with anybody else... */
566 if (likely(pte_same(*page_table, orig_pte))) {
567 @@ -111225,7 +111527,7 @@ index 6c836d3..b2296e1 100644
568 flush_icache_page(vma, page);
569 entry = mk_pte(page, vma->vm_page_prot);
570 if (flags & FAULT_FLAG_WRITE)
571 -@@ -2881,6 +3088,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
572 +@@ -2881,6 +3135,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
573
574 /* no need to invalidate: a not-present page won't be cached */
575 update_mmu_cache(vma, address, entry);
576 @@ -111240,7 +111542,7 @@ index 6c836d3..b2296e1 100644
577 } else {
578 if (charged)
579 mem_cgroup_uncharge_page(page);
580 -@@ -3028,6 +3243,12 @@ static inline int handle_pte_fault(struct mm_struct *mm,
581 +@@ -3028,6 +3290,12 @@ static inline int handle_pte_fault(struct mm_struct *mm,
582 if (flags & FAULT_FLAG_WRITE)
583 flush_tlb_page(vma, address);
584 }
585 @@ -111253,7 +111555,7 @@ index 6c836d3..b2296e1 100644
586 unlock:
587 pte_unmap_unlock(pte, ptl);
588 return 0;
589 -@@ -3044,6 +3265,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
590 +@@ -3044,6 +3312,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
591 pmd_t *pmd;
592 pte_t *pte;
593
594 @@ -111264,7 +111566,7 @@ index 6c836d3..b2296e1 100644
595 __set_current_state(TASK_RUNNING);
596
597 count_vm_event(PGFAULT);
598 -@@ -3051,6 +3276,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
599 +@@ -3051,6 +3323,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
600 if (unlikely(is_vm_hugetlb_page(vma)))
601 return hugetlb_fault(mm, vma, address, flags);
602
603 @@ -111299,7 +111601,7 @@ index 6c836d3..b2296e1 100644
604 pgd = pgd_offset(mm, address);
605 pud = pud_alloc(mm, pgd, address);
606 if (!pud)
607 -@@ -3086,6 +3339,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
608 +@@ -3086,6 +3386,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
609 spin_unlock(&mm->page_table_lock);
610 return 0;
611 }
612 @@ -111323,7 +111625,7 @@ index 6c836d3..b2296e1 100644
613 #endif /* __PAGETABLE_PUD_FOLDED */
614
615 #ifndef __PAGETABLE_PMD_FOLDED
616 -@@ -3116,6 +3386,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
617 +@@ -3116,6 +3433,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
618 spin_unlock(&mm->page_table_lock);
619 return 0;
620 }
621 @@ -111354,7 +111656,7 @@ index 6c836d3..b2296e1 100644
622 #endif /* __PAGETABLE_PMD_FOLDED */
623
624 int make_pages_present(unsigned long addr, unsigned long end)
625 -@@ -3148,7 +3442,7 @@ static int __init gate_vma_init(void)
626 +@@ -3148,7 +3489,7 @@ static int __init gate_vma_init(void)
627 gate_vma.vm_start = FIXADDR_USER_START;
628 gate_vma.vm_end = FIXADDR_USER_END;
629 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
630
631 diff --git a/3.11.6/0000_README b/3.11.6/0000_README
632 index 5611acb..2489326 100644
633 --- a/3.11.6/0000_README
634 +++ b/3.11.6/0000_README
635 @@ -2,7 +2,7 @@ README
636 -----------------------------------------------------------------------------
637 Individual Patch Descriptions:
638 -----------------------------------------------------------------------------
639 -Patch: 4420_grsecurity-2.9.1-3.11.6-201310271552.patch
640 +Patch: 4420_grsecurity-2.9.1-3.11.6-201310292050.patch
641 From: http://www.grsecurity.net
642 Desc: hardened-sources base patch from upstream grsecurity
643
644
645 diff --git a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310292050.patch
646 similarity index 99%
647 rename from 3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch
648 rename to 3.11.6/4420_grsecurity-2.9.1-3.11.6-201310292050.patch
649 index e291fc5..020c231 100644
650 --- a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310271552.patch
651 +++ b/3.11.6/4420_grsecurity-2.9.1-3.11.6-201310292050.patch
652 @@ -31217,7 +31217,7 @@ index 4287f1f..3b99c71 100644
653 printk(KERN_INFO "Write protecting the kernel text: %luk\n",
654 size >> 10);
655 diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
656 -index 104d56a..62ba13f 100644
657 +index 104d56a..62ba13f1 100644
658 --- a/arch/x86/mm/init_64.c
659 +++ b/arch/x86/mm/init_64.c
660 @@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on);
661 @@ -48722,7 +48722,7 @@ index a9af1b9a..1e08e7f 100644
662 ret = -EPERM;
663 goto reterr;
664 diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
665 -index 3b96f18..026a9bf 100644
666 +index 3b96f18..6f6a8f1 100644
667 --- a/drivers/uio/uio.c
668 +++ b/drivers/uio/uio.c
669 @@ -25,6 +25,7 @@
670 @@ -48791,7 +48791,22 @@ index 3b96f18..026a9bf 100644
671 if (event_count != listener->event_count) {
672 if (copy_to_user(buf, &event_count, count))
673 retval = -EFAULT;
674 -@@ -596,13 +597,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
675 +@@ -584,9 +585,13 @@ static ssize_t uio_write(struct file *filep, const char __user *buf,
676 + static int uio_find_mem_index(struct vm_area_struct *vma)
677 + {
678 + struct uio_device *idev = vma->vm_private_data;
679 ++ unsigned long size;
680 +
681 + if (vma->vm_pgoff < MAX_UIO_MAPS) {
682 +- if (idev->info->mem[vma->vm_pgoff].size == 0)
683 ++ size = idev->info->mem[vma->vm_pgoff].size;
684 ++ if (size == 0)
685 ++ return -1;
686 ++ if (vma->vm_end - vma->vm_start > size)
687 + return -1;
688 + return (int)vma->vm_pgoff;
689 + }
690 +@@ -596,13 +601,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
691 static void uio_vma_open(struct vm_area_struct *vma)
692 {
693 struct uio_device *idev = vma->vm_private_data;
694 @@ -48807,7 +48822,34 @@ index 3b96f18..026a9bf 100644
695 }
696
697 static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
698 -@@ -809,7 +810,7 @@ int __uio_register_device(struct module *owner,
699 +@@ -640,14 +645,25 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
700 + {
701 + struct uio_device *idev = vma->vm_private_data;
702 + int mi = uio_find_mem_index(vma);
703 ++ struct uio_mem *mem;
704 + if (mi < 0)
705 + return -EINVAL;
706 ++ mem = idev->info->mem + mi;
707 +
708 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
709 +
710 ++ /*
711 ++ * We cannot use the vm_iomap_memory() helper here,
712 ++ * because vma->vm_pgoff is the map index we looked
713 ++ * up above in uio_find_mem_index(), rather than an
714 ++ * actual page offset into the mmap.
715 ++ *
716 ++ * So we just do the physical mmap without a page
717 ++ * offset.
718 ++ */
719 + return remap_pfn_range(vma,
720 + vma->vm_start,
721 +- idev->info->mem[mi].addr >> PAGE_SHIFT,
722 ++ mem->addr >> PAGE_SHIFT,
723 + vma->vm_end - vma->vm_start,
724 + vma->vm_page_prot);
725 + }
726 +@@ -809,7 +825,7 @@ int __uio_register_device(struct module *owner,
727 idev->owner = owner;
728 idev->info = info;
729 init_waitqueue_head(&idev->wait);
730 @@ -49350,6 +49392,89 @@ index 95ec042..e6affdd 100644
731
732 return 0;
733 }
734 +diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
735 +index a54ccdc..22ad8524 100644
736 +--- a/drivers/video/au1100fb.c
737 ++++ b/drivers/video/au1100fb.c
738 +@@ -361,37 +361,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
739 + int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
740 + {
741 + struct au1100fb_device *fbdev;
742 +- unsigned int len;
743 +- unsigned long start=0, off;
744 +
745 + fbdev = to_au1100fb_device(fbi);
746 +
747 +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
748 +- return -EINVAL;
749 +- }
750 +-
751 +- start = fbdev->fb_phys & PAGE_MASK;
752 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
753 +-
754 +- off = vma->vm_pgoff << PAGE_SHIFT;
755 +-
756 +- if ((vma->vm_end - vma->vm_start + off) > len) {
757 +- return -EINVAL;
758 +- }
759 +-
760 +- off += start;
761 +- vma->vm_pgoff = off >> PAGE_SHIFT;
762 +-
763 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
764 + pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
765 +
766 +- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
767 +- vma->vm_end - vma->vm_start,
768 +- vma->vm_page_prot)) {
769 +- return -EAGAIN;
770 +- }
771 +-
772 +- return 0;
773 ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
774 + }
775 +
776 + static struct fb_ops au1100fb_ops =
777 +diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
778 +index 301224e..1d02897 100644
779 +--- a/drivers/video/au1200fb.c
780 ++++ b/drivers/video/au1200fb.c
781 +@@ -1233,34 +1233,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
782 + * method mainly to allow the use of the TLB streaming flag (CCA=6)
783 + */
784 + static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
785 +-
786 + {
787 +- unsigned int len;
788 +- unsigned long start=0, off;
789 + struct au1200fb_device *fbdev = info->par;
790 +
791 +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
792 +- return -EINVAL;
793 +- }
794 +-
795 +- start = fbdev->fb_phys & PAGE_MASK;
796 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
797 +-
798 +- off = vma->vm_pgoff << PAGE_SHIFT;
799 +-
800 +- if ((vma->vm_end - vma->vm_start + off) > len) {
801 +- return -EINVAL;
802 +- }
803 +-
804 +- off += start;
805 +- vma->vm_pgoff = off >> PAGE_SHIFT;
806 +-
807 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
808 + pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
809 +
810 +- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
811 +- vma->vm_end - vma->vm_start,
812 +- vma->vm_page_prot);
813 ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
814 + }
815 +
816 + static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
817 diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c
818 index bca6ccc..252107e 100644
819 --- a/drivers/video/backlight/kb3886_bl.c
820
821 diff --git a/3.2.52/0000_README b/3.2.52/0000_README
822 index ec68a31..f3e1e87 100644
823 --- a/3.2.52/0000_README
824 +++ b/3.2.52/0000_README
825 @@ -126,7 +126,7 @@ Patch: 1051_linux-3.2.52.patch
826 From: http://www.kernel.org
827 Desc: Linux 3.2.52
828
829 -Patch: 4420_grsecurity-2.9.1-3.2.52-201310271550.patch
830 +Patch: 4420_grsecurity-2.9.1-3.2.52-201310292049.patch
831 From: http://www.grsecurity.net
832 Desc: hardened-sources base patch from upstream grsecurity
833
834
835 diff --git a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310292049.patch
836 similarity index 99%
837 rename from 3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch
838 rename to 3.2.52/4420_grsecurity-2.9.1-3.2.52-201310292049.patch
839 index 82cc38f..e09de55 100644
840 --- a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310271550.patch
841 +++ b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201310292049.patch
842 @@ -44674,7 +44674,7 @@ index 65447c5..0526f0a 100644
843 ret = -EPERM;
844 goto reterr;
845 diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
846 -index a783d53..cb30d94 100644
847 +index a783d53..45f96c9 100644
848 --- a/drivers/uio/uio.c
849 +++ b/drivers/uio/uio.c
850 @@ -25,6 +25,7 @@
851 @@ -44743,7 +44743,22 @@ index a783d53..cb30d94 100644
852 if (event_count != listener->event_count) {
853 if (copy_to_user(buf, &event_count, count))
854 retval = -EFAULT;
855 -@@ -606,13 +607,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
856 +@@ -594,9 +595,13 @@ static ssize_t uio_write(struct file *filep, const char __user *buf,
857 + static int uio_find_mem_index(struct vm_area_struct *vma)
858 + {
859 + struct uio_device *idev = vma->vm_private_data;
860 ++ unsigned long size;
861 +
862 + if (vma->vm_pgoff < MAX_UIO_MAPS) {
863 +- if (idev->info->mem[vma->vm_pgoff].size == 0)
864 ++ size = idev->info->mem[vma->vm_pgoff].size;
865 ++ if (size == 0)
866 ++ return -1;
867 ++ if (vma->vm_end - vma->vm_start > size)
868 + return -1;
869 + return (int)vma->vm_pgoff;
870 + }
871 +@@ -606,13 +611,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
872 static void uio_vma_open(struct vm_area_struct *vma)
873 {
874 struct uio_device *idev = vma->vm_private_data;
875 @@ -44759,7 +44774,36 @@ index a783d53..cb30d94 100644
876 }
877
878 static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
879 -@@ -821,7 +822,7 @@ int __uio_register_device(struct module *owner,
880 +@@ -650,16 +655,27 @@ static int uio_mmap_physical(struct vm_area_struct *vma)
881 + {
882 + struct uio_device *idev = vma->vm_private_data;
883 + int mi = uio_find_mem_index(vma);
884 ++ struct uio_mem *mem;
885 + if (mi < 0)
886 + return -EINVAL;
887 ++ mem = idev->info->mem + mi;
888 +
889 + vma->vm_flags |= VM_IO | VM_RESERVED;
890 +
891 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
892 +
893 ++ /*
894 ++ * We cannot use the vm_iomap_memory() helper here,
895 ++ * because vma->vm_pgoff is the map index we looked
896 ++ * up above in uio_find_mem_index(), rather than an
897 ++ * actual page offset into the mmap.
898 ++ *
899 ++ * So we just do the physical mmap without a page
900 ++ * offset.
901 ++ */
902 + return remap_pfn_range(vma,
903 + vma->vm_start,
904 +- idev->info->mem[mi].addr >> PAGE_SHIFT,
905 ++ mem->addr >> PAGE_SHIFT,
906 + vma->vm_end - vma->vm_start,
907 + vma->vm_page_prot);
908 + }
909 +@@ -821,7 +837,7 @@ int __uio_register_device(struct module *owner,
910 idev->owner = owner;
911 idev->info = info;
912 init_waitqueue_head(&idev->wait);
913 @@ -45227,6 +45271,95 @@ index 46f72ed..107788d 100644
914
915 return 0;
916 }
917 +diff --git a/drivers/video/au1100fb.c b/drivers/video/au1100fb.c
918 +index 649cb35..1be8b5d 100644
919 +--- a/drivers/video/au1100fb.c
920 ++++ b/drivers/video/au1100fb.c
921 +@@ -387,39 +387,13 @@ void au1100fb_fb_rotate(struct fb_info *fbi, int angle)
922 + int au1100fb_fb_mmap(struct fb_info *fbi, struct vm_area_struct *vma)
923 + {
924 + struct au1100fb_device *fbdev;
925 +- unsigned int len;
926 +- unsigned long start=0, off;
927 +
928 + fbdev = to_au1100fb_device(fbi);
929 +
930 +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
931 +- return -EINVAL;
932 +- }
933 +-
934 +- start = fbdev->fb_phys & PAGE_MASK;
935 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
936 +-
937 +- off = vma->vm_pgoff << PAGE_SHIFT;
938 +-
939 +- if ((vma->vm_end - vma->vm_start + off) > len) {
940 +- return -EINVAL;
941 +- }
942 +-
943 +- off += start;
944 +- vma->vm_pgoff = off >> PAGE_SHIFT;
945 +-
946 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
947 + pgprot_val(vma->vm_page_prot) |= (6 << 9); //CCA=6
948 +
949 +- vma->vm_flags |= VM_IO;
950 +-
951 +- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
952 +- vma->vm_end - vma->vm_start,
953 +- vma->vm_page_prot)) {
954 +- return -EAGAIN;
955 +- }
956 +-
957 +- return 0;
958 ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
959 + }
960 +
961 + static struct fb_ops au1100fb_ops =
962 +diff --git a/drivers/video/au1200fb.c b/drivers/video/au1200fb.c
963 +index 7200559..5bd7d88 100644
964 +--- a/drivers/video/au1200fb.c
965 ++++ b/drivers/video/au1200fb.c
966 +@@ -1216,38 +1216,13 @@ static int au1200fb_fb_blank(int blank_mode, struct fb_info *fbi)
967 + * method mainly to allow the use of the TLB streaming flag (CCA=6)
968 + */
969 + static int au1200fb_fb_mmap(struct fb_info *info, struct vm_area_struct *vma)
970 +-
971 + {
972 +- unsigned int len;
973 +- unsigned long start=0, off;
974 + struct au1200fb_device *fbdev = info->par;
975 +
976 +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) {
977 +- return -EINVAL;
978 +- }
979 +-
980 +- start = fbdev->fb_phys & PAGE_MASK;
981 +- len = PAGE_ALIGN((start & ~PAGE_MASK) + fbdev->fb_len);
982 +-
983 +- off = vma->vm_pgoff << PAGE_SHIFT;
984 +-
985 +- if ((vma->vm_end - vma->vm_start + off) > len) {
986 +- return -EINVAL;
987 +- }
988 +-
989 +- off += start;
990 +- vma->vm_pgoff = off >> PAGE_SHIFT;
991 +-
992 + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
993 + pgprot_val(vma->vm_page_prot) |= _CACHE_MASK; /* CCA=7 */
994 +
995 +- vma->vm_flags |= VM_IO;
996 +-
997 +- return io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
998 +- vma->vm_end - vma->vm_start,
999 +- vma->vm_page_prot);
1000 +-
1001 +- return 0;
1002 ++ return vm_iomap_memory(vma, fbdev->fb_phys, fbdev->fb_len);
1003 + }
1004 +
1005 + static void set_global(u_int cmd, struct au1200_lcd_global_regs_t *pdata)
1006 diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c
1007 index 7363c1b..b69ad66 100644
1008 --- a/drivers/video/backlight/backlight.c
1009 @@ -52737,7 +52870,7 @@ index 4c6992d..104cdea 100644
1010 return -EMFILE;
1011
1012 diff --git a/fs/filesystems.c b/fs/filesystems.c
1013 -index 0845f84..bf3fd05 100644
1014 +index 0845f84..bf3fd0571 100644
1015 --- a/fs/filesystems.c
1016 +++ b/fs/filesystems.c
1017 @@ -274,7 +274,12 @@ struct file_system_type *get_fs_type(const char *name)
Report Message
Find on MARC Find on Google Groups