Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.6.4/, 3.2.32/, 3.6.3/
Date: Wed, 31 Oct 2012 01:50:45
Message-Id: 1351648077.816c520da7b92aaf0468201a56df25d646368cfe.blueness@gentoo
1 commit: 816c520da7b92aaf0468201a56df25d646368cfe
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Oct 31 01:41:49 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Oct 31 01:47:57 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=816c520d
7
8 Grsec/PaX: 2.9.1-{2.6.32.60,3.2.32,3.6.4}-201210291446
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.60-201210291444.patch} | 150 +-
13 3.2.32/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.2.32-201210291445.patch} | 142 +-
15 3.6.3/1002_linux-3.6.3.patch | 3132 --------------------
16 {3.6.3 => 3.6.4}/0000_README | 6 +-
17 .../4420_grsecurity-2.9.1-3.6.4-201210291446.patch | 337 +--
18 .../4430_grsec-remove-localversion-grsec.patch | 0
19 {3.6.3 => 3.6.4}/4435_grsec-mute-warnings.patch | 0
20 .../4440_grsec-remove-protected-paths.patch | 0
21 .../4450_grsec-kconfig-default-gids.patch | 0
22 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
23 {3.6.3 => 3.6.4}/4470_disable-compat_vdso.patch | 0
24 13 files changed, 335 insertions(+), 3436 deletions(-)
25
26 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
27 index b6ced4c..288d745 100644
28 --- a/2.6.32/0000_README
29 +++ b/2.6.32/0000_README
30 @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
31 From: http://www.kernel.org
32 Desc: Linux 2.6.32.59
33
34 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch
35 +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch
36 From: http://www.grsecurity.net
37 Desc: hardened-sources base patch from upstream grsecurity
38
39
40 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch
41 similarity index 99%
42 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch
43 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch
44 index 163e0f6..489cffc 100644
45 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210252043.patch
46 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201210291444.patch
47 @@ -5317,7 +5317,7 @@ index 9b86681..c5140db 100644
48 #define __read_mostly __attribute__((__section__(".data.read_mostly")))
49
50 diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
51 -index e885442..5b0c9aa 100644
52 +index e885442..5b0c9aa3 100644
53 --- a/arch/s390/include/asm/elf.h
54 +++ b/arch/s390/include/asm/elf.h
55 @@ -164,6 +164,13 @@ extern unsigned int vdso_enabled;
56 @@ -18897,7 +18897,7 @@ index 4f8e250..df24706 100644
57 #ifdef CONFIG_BLK_DEV_INITRD
58 /* Reserve INITRD */
59 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
60 -index 34c3308..6fc4e76 100644
61 +index 34c3308..162120a 100644
62 --- a/arch/x86/kernel/head_32.S
63 +++ b/arch/x86/kernel/head_32.S
64 @@ -19,10 +19,17 @@
65 @@ -18961,7 +18961,7 @@ index 34c3308..6fc4e76 100644
66 /* test KEEP_SEGMENTS flag to see if the bootloader is asking
67 us to not reload segments */
68 testb $(1<<6), BP_loadflags(%esi)
69 -@@ -95,7 +113,60 @@ ENTRY(startup_32)
70 +@@ -95,7 +113,62 @@ ENTRY(startup_32)
71 movl %eax,%es
72 movl %eax,%fs
73 movl %eax,%gs
74 @@ -18972,13 +18972,13 @@ index 34c3308..6fc4e76 100644
75 +#ifdef CONFIG_SMP
76 + movl $pa(cpu_gdt_table),%edi
77 + movl $__per_cpu_load,%eax
78 -+ movw %ax,__KERNEL_PERCPU + 2(%edi)
79 ++ movw %ax,GDT_ENTRY_PERCPU * 8 + 2(%edi)
80 + rorl $16,%eax
81 -+ movb %al,__KERNEL_PERCPU + 4(%edi)
82 -+ movb %ah,__KERNEL_PERCPU + 7(%edi)
83 ++ movb %al,GDT_ENTRY_PERCPU * 8 + 4(%edi)
84 ++ movb %ah,GDT_ENTRY_PERCPU * 8 + 7(%edi)
85 + movl $__per_cpu_end - 1,%eax
86 + subl $__per_cpu_start,%eax
87 -+ movw %ax,__KERNEL_PERCPU + 0(%edi)
88 ++ movw %ax,GDT_ENTRY_PERCPU * 8 + 0(%edi)
89 +#endif
90 +
91 +#ifdef CONFIG_PAX_MEMORY_UDEREF
92 @@ -18995,10 +18995,10 @@ index 34c3308..6fc4e76 100644
93 +#ifdef CONFIG_PAX_KERNEXEC
94 + movl $pa(boot_gdt),%edi
95 + movl $__LOAD_PHYSICAL_ADDR,%eax
96 -+ movw %ax,__BOOT_CS + 2(%edi)
97 ++ movw %ax,GDT_ENTRY_BOOT_CS * 8 + 2(%edi)
98 + rorl $16,%eax
99 -+ movb %al,__BOOT_CS + 4(%edi)
100 -+ movb %ah,__BOOT_CS + 7(%edi)
101 ++ movb %al,GDT_ENTRY_BOOT_CS * 8 + 4(%edi)
102 ++ movb %ah,GDT_ENTRY_BOOT_CS * 8 + 7(%edi)
103 + rorl $16,%eax
104 +
105 + ljmp $(__BOOT_CS),$1f
106 @@ -19008,13 +19008,15 @@ index 34c3308..6fc4e76 100644
107 + movl $pa(cpu_gdt_table),%edi
108 + addl $__PAGE_OFFSET,%eax
109 +1:
110 -+ movw %ax,__KERNEL_CS + 2(%edi)
111 -+ movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi)
112 ++ movb $0xc0,GDT_ENTRY_KERNEL_CS * 8 + 6(%edi)
113 ++ movb $0xc0,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 6(%edi)
114 ++ movw %ax,GDT_ENTRY_KERNEL_CS * 8 + 2(%edi)
115 ++ movw %ax,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 2(%edi)
116 + rorl $16,%eax
117 -+ movb %al,__KERNEL_CS + 4(%edi)
118 -+ movb %al,__KERNEXEC_KERNEL_CS + 4(%edi)
119 -+ movb %ah,__KERNEL_CS + 7(%edi)
120 -+ movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi)
121 ++ movb %al,GDT_ENTRY_KERNEL_CS * 8 + 4(%edi)
122 ++ movb %al,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 4(%edi)
123 ++ movb %ah,GDT_ENTRY_KERNEL_CS * 8 + 7(%edi)
124 ++ movb %ah,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 7(%edi)
125 + rorl $16,%eax
126 + addl $PAGE_SIZE_asm,%edi
127 + loop 1b
128 @@ -19022,7 +19024,7 @@ index 34c3308..6fc4e76 100644
129
130 /*
131 * Clear BSS first so that there are no surprises...
132 -@@ -140,9 +211,7 @@ ENTRY(startup_32)
133 +@@ -140,9 +213,7 @@ ENTRY(startup_32)
134 cmpl $num_subarch_entries, %eax
135 jae bad_subarch
136
137 @@ -19033,7 +19035,7 @@ index 34c3308..6fc4e76 100644
138
139 bad_subarch:
140 WEAK(lguest_entry)
141 -@@ -154,10 +223,10 @@ WEAK(xen_entry)
142 +@@ -154,10 +225,10 @@ WEAK(xen_entry)
143 __INITDATA
144
145 subarch_entries:
146 @@ -19048,7 +19050,7 @@ index 34c3308..6fc4e76 100644
147 num_subarch_entries = (. - subarch_entries) / 4
148 .previous
149 #endif /* CONFIG_PARAVIRT */
150 -@@ -218,8 +287,11 @@ default_entry:
151 +@@ -218,8 +289,11 @@ default_entry:
152 movl %eax, pa(max_pfn_mapped)
153
154 /* Do early initialization of the fixmap area */
155 @@ -19062,7 +19064,7 @@ index 34c3308..6fc4e76 100644
156 #else /* Not PAE */
157
158 page_pde_offset = (__PAGE_OFFSET >> 20);
159 -@@ -249,8 +321,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
160 +@@ -249,8 +323,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
161 movl %eax, pa(max_pfn_mapped)
162
163 /* Do early initialization of the fixmap area */
164 @@ -19076,7 +19078,7 @@ index 34c3308..6fc4e76 100644
165 #endif
166 jmp 3f
167 /*
168 -@@ -272,6 +347,9 @@ ENTRY(startup_32_smp)
169 +@@ -272,6 +349,9 @@ ENTRY(startup_32_smp)
170 movl %eax,%es
171 movl %eax,%fs
172 movl %eax,%gs
173 @@ -19086,7 +19088,7 @@ index 34c3308..6fc4e76 100644
174 #endif /* CONFIG_SMP */
175 3:
176
177 -@@ -297,6 +375,7 @@ ENTRY(startup_32_smp)
178 +@@ -297,6 +377,7 @@ ENTRY(startup_32_smp)
179 orl %edx,%eax
180 movl %eax,%cr4
181
182 @@ -19094,7 +19096,7 @@ index 34c3308..6fc4e76 100644
183 btl $5, %eax # check if PAE is enabled
184 jnc 6f
185
186 -@@ -305,6 +384,10 @@ ENTRY(startup_32_smp)
187 +@@ -305,6 +386,10 @@ ENTRY(startup_32_smp)
188 cpuid
189 cmpl $0x80000000, %eax
190 jbe 6f
191 @@ -19105,7 +19107,7 @@ index 34c3308..6fc4e76 100644
192 mov $0x80000001, %eax
193 cpuid
194 /* Execute Disable bit supported? */
195 -@@ -312,13 +395,17 @@ ENTRY(startup_32_smp)
196 +@@ -312,13 +397,17 @@ ENTRY(startup_32_smp)
197 jnc 6f
198
199 /* Setup EFER (Extended Feature Enable Register) */
200 @@ -19124,7 +19126,7 @@ index 34c3308..6fc4e76 100644
201 6:
202
203 /*
204 -@@ -331,8 +418,8 @@ ENTRY(startup_32_smp)
205 +@@ -331,8 +420,8 @@ ENTRY(startup_32_smp)
206 movl %eax,%cr0 /* ..and set paging (PG) bit */
207 ljmp $__BOOT_CS,$1f /* Clear prefetch and normalize %eip */
208 1:
209 @@ -19135,7 +19137,7 @@ index 34c3308..6fc4e76 100644
210
211 /*
212 * Initialize eflags. Some BIOS's leave bits like NT set. This would
213 -@@ -344,9 +431,7 @@ ENTRY(startup_32_smp)
214 +@@ -344,9 +433,7 @@ ENTRY(startup_32_smp)
215
216 #ifdef CONFIG_SMP
217 cmpb $0, ready
218 @@ -19146,7 +19148,7 @@ index 34c3308..6fc4e76 100644
219 #endif /* CONFIG_SMP */
220
221 /*
222 -@@ -424,7 +509,7 @@ is386: movl $2,%ecx # set MP
223 +@@ -424,7 +511,7 @@ is386: movl $2,%ecx # set MP
224 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
225 movl %eax,%ss # after changing gdt.
226
227 @@ -19155,7 +19157,7 @@ index 34c3308..6fc4e76 100644
228 movl %eax,%ds
229 movl %eax,%es
230
231 -@@ -438,15 +523,22 @@ is386: movl $2,%ecx # set MP
232 +@@ -438,15 +525,22 @@ is386: movl $2,%ecx # set MP
233 */
234 cmpb $0,ready
235 jne 1f
236 @@ -19180,7 +19182,7 @@ index 34c3308..6fc4e76 100644
237 movl %eax,%gs
238
239 xorl %eax,%eax # Clear LDT
240 -@@ -454,14 +546,7 @@ is386: movl $2,%ecx # set MP
241 +@@ -454,14 +548,7 @@ is386: movl $2,%ecx # set MP
242
243 cld # gcc2 wants the direction flag cleared at all times
244 pushl $0 # fake return address for unwinder
245 @@ -19195,7 +19197,7 @@ index 34c3308..6fc4e76 100644
246 jmp *(initial_code)
247
248 /*
249 -@@ -546,22 +631,22 @@ early_page_fault:
250 +@@ -546,22 +633,22 @@ early_page_fault:
251 jmp early_fault
252
253 early_fault:
254 @@ -19223,7 +19225,7 @@ index 34c3308..6fc4e76 100644
255 hlt_loop:
256 hlt
257 jmp hlt_loop
258 -@@ -569,8 +654,11 @@ hlt_loop:
259 +@@ -569,8 +656,11 @@ hlt_loop:
260 /* This is the default interrupt "handler" :-) */
261 ALIGN
262 ignore_int:
263 @@ -19236,7 +19238,7 @@ index 34c3308..6fc4e76 100644
264 pushl %eax
265 pushl %ecx
266 pushl %edx
267 -@@ -579,9 +667,6 @@ ignore_int:
268 +@@ -579,9 +669,6 @@ ignore_int:
269 movl $(__KERNEL_DS),%eax
270 movl %eax,%ds
271 movl %eax,%es
272 @@ -19246,7 +19248,7 @@ index 34c3308..6fc4e76 100644
273 pushl 16(%esp)
274 pushl 24(%esp)
275 pushl 32(%esp)
276 -@@ -600,6 +685,8 @@ ignore_int:
277 +@@ -600,6 +687,8 @@ ignore_int:
278 #endif
279 iret
280
281 @@ -19255,7 +19257,7 @@ index 34c3308..6fc4e76 100644
282 __REFDATA
283 .align 4
284 ENTRY(initial_code)
285 -@@ -610,31 +697,47 @@ ENTRY(initial_page_table)
286 +@@ -610,31 +699,47 @@ ENTRY(initial_page_table)
287 /*
288 * BSS section
289 */
290 @@ -19308,7 +19310,7 @@ index 34c3308..6fc4e76 100644
291 ENTRY(swapper_pg_dir)
292 .long pa(swapper_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
293 # if KPMDS == 3
294 -@@ -653,15 +756,24 @@ ENTRY(swapper_pg_dir)
295 +@@ -653,15 +758,24 @@ ENTRY(swapper_pg_dir)
296 # error "Kernel PMDs should be 1, 2 or 3"
297 # endif
298 .align PAGE_SIZE_asm /* needs to be page-sized too */
299 @@ -19335,7 +19337,7 @@ index 34c3308..6fc4e76 100644
300 early_recursion_flag:
301 .long 0
302
303 -@@ -697,7 +809,7 @@ fault_msg:
304 +@@ -697,7 +811,7 @@ fault_msg:
305 .word 0 # 32 bit align gdt_desc.address
306 boot_gdt_descr:
307 .word __BOOT_DS+7
308 @@ -19344,7 +19346,7 @@ index 34c3308..6fc4e76 100644
309
310 .word 0 # 32-bit align idt_desc.address
311 idt_descr:
312 -@@ -708,7 +820,7 @@ idt_descr:
313 +@@ -708,7 +822,7 @@ idt_descr:
314 .word 0 # 32 bit align gdt_desc.address
315 ENTRY(early_gdt_descr)
316 .word GDT_ENTRIES*8-1
317 @@ -19353,7 +19355,7 @@ index 34c3308..6fc4e76 100644
318
319 /*
320 * The boot_gdt must mirror the equivalent in setup.S and is
321 -@@ -717,5 +829,65 @@ ENTRY(early_gdt_descr)
322 +@@ -717,5 +831,65 @@ ENTRY(early_gdt_descr)
323 .align L1_CACHE_BYTES
324 ENTRY(boot_gdt)
325 .fill GDT_ENTRY_BOOT_CS,8,0
326 @@ -27115,7 +27117,7 @@ index f46c3407..f7e72b0 100644
327 }
328 if (mm->get_unmapped_area == arch_get_unmapped_area)
329 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
330 -index 73ffd55..2cb04d8 100644
331 +index 73ffd55..5c2a82a 100644
332 --- a/arch/x86/mm/init.c
333 +++ b/arch/x86/mm/init.c
334 @@ -13,6 +13,7 @@
335 @@ -27181,7 +27183,7 @@ index 73ffd55..2cb04d8 100644
336 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
337 return 0;
338 if (!page_is_ram(pagenr))
339 -@@ -377,8 +396,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
340 +@@ -377,8 +396,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
341 #endif
342 }
343
344 @@ -27235,6 +27237,7 @@ index 73ffd55..2cb04d8 100644
345 + for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
346 + pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
347 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
348 ++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
349 + }
350 +
351 + /* PaX: make KERNEL_CS read-only */
352 @@ -74298,7 +74301,7 @@ index 0133b5a..3710d09 100644
353 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
354 #ifdef __alpha__
355 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
356 -index a64fde6..1535e95 100644
357 +index a64fde6..89649d4 100644
358 --- a/fs/binfmt_elf.c
359 +++ b/fs/binfmt_elf.c
360 @@ -31,6 +31,7 @@
361 @@ -74395,7 +74398,13 @@ index a64fde6..1535e95 100644
362 return -EFAULT;
363 return 0;
364 }
365 -@@ -385,10 +406,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
366 +@@ -380,15 +401,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
367 + an ELF header */
368 +
369 + static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
370 +- struct file *interpreter, unsigned long *interp_map_addr,
371 +- unsigned long no_base)
372 ++ struct file *interpreter, unsigned long no_base)
373 {
374 struct elf_phdr *elf_phdata;
375 struct elf_phdr *eppnt;
376 @@ -74408,7 +74417,7 @@ index a64fde6..1535e95 100644
377 unsigned long total_size;
378 int retval, i, size;
379
380 -@@ -434,6 +455,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
381 +@@ -434,6 +454,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
382 goto out_close;
383 }
384
385 @@ -74420,7 +74429,16 @@ index a64fde6..1535e95 100644
386 eppnt = elf_phdata;
387 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
388 if (eppnt->p_type == PT_LOAD) {
389 -@@ -477,8 +503,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
390 +@@ -457,8 +482,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
391 + map_addr = elf_map(interpreter, load_addr + vaddr,
392 + eppnt, elf_prot, elf_type, total_size);
393 + total_size = 0;
394 +- if (!*interp_map_addr)
395 +- *interp_map_addr = map_addr;
396 + error = map_addr;
397 + if (BAD_ADDR(map_addr))
398 + goto out_close;
399 +@@ -477,8 +500,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
400 k = load_addr + eppnt->p_vaddr;
401 if (BAD_ADDR(k) ||
402 eppnt->p_filesz > eppnt->p_memsz ||
403 @@ -74431,7 +74449,7 @@ index a64fde6..1535e95 100644
404 error = -ENOMEM;
405 goto out_close;
406 }
407 -@@ -532,6 +558,311 @@ out:
408 +@@ -532,6 +555,311 @@ out:
409 return error;
410 }
411
412 @@ -74743,7 +74761,7 @@ index a64fde6..1535e95 100644
413 /*
414 * These are the functions used to load ELF style executables and shared
415 * libraries. There is no binary dependent code anywhere else.
416 -@@ -548,6 +879,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
417 +@@ -548,6 +876,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
418 {
419 unsigned int random_variable = 0;
420
421 @@ -74755,7 +74773,7 @@ index a64fde6..1535e95 100644
422 if ((current->flags & PF_RANDOMIZE) &&
423 !(current->personality & ADDR_NO_RANDOMIZE)) {
424 random_variable = get_random_int() & STACK_RND_MASK;
425 -@@ -566,7 +902,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
426 +@@ -566,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
427 unsigned long load_addr = 0, load_bias = 0;
428 int load_addr_set = 0;
429 char * elf_interpreter = NULL;
430 @@ -74764,7 +74782,7 @@ index a64fde6..1535e95 100644
431 struct elf_phdr *elf_ppnt, *elf_phdata;
432 unsigned long elf_bss, elf_brk;
433 int retval, i;
434 -@@ -576,11 +912,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
435 +@@ -576,11 +909,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
436 unsigned long start_code, end_code, start_data, end_data;
437 unsigned long reloc_func_desc = 0;
438 int executable_stack = EXSTACK_DEFAULT;
439 @@ -74777,7 +74795,7 @@ index a64fde6..1535e95 100644
440
441 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
442 if (!loc) {
443 -@@ -718,11 +1054,80 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
444 +@@ -718,11 +1051,80 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
445
446 /* OK, This is the point of no return */
447 current->flags &= ~PF_FORKNOEXEC;
448 @@ -74859,7 +74877,7 @@ index a64fde6..1535e95 100644
449 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
450 current->personality |= READ_IMPLIES_EXEC;
451
452 -@@ -800,10 +1205,27 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
453 +@@ -800,10 +1202,27 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
454 * might try to exec. This is because the brk will
455 * follow the loader, and is not movable. */
456 #ifdef CONFIG_X86
457 @@ -74888,7 +74906,7 @@ index a64fde6..1535e95 100644
458 }
459
460 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
461 -@@ -836,9 +1258,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
462 +@@ -836,9 +1255,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
463 * allowed task size. Note that p_filesz must always be
464 * <= p_memsz so it is only necessary to check p_memsz.
465 */
466 @@ -74901,7 +74919,7 @@ index a64fde6..1535e95 100644
467 /* set_brk can never work. Avoid overflows. */
468 send_sig(SIGKILL, current, 0);
469 retval = -EINVAL;
470 -@@ -877,11 +1299,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
471 +@@ -877,17 +1296,43 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
472 goto out_free_dentry;
473 }
474 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
475 @@ -74943,9 +74961,15 @@ index a64fde6..1535e95 100644
476 +#endif
477 +
478 if (elf_interpreter) {
479 - unsigned long uninitialized_var(interp_map_addr);
480 -
481 -@@ -1112,8 +1563,10 @@ static int dump_seek(struct file *file, loff_t off)
482 +- unsigned long uninitialized_var(interp_map_addr);
483 +-
484 + elf_entry = load_elf_interp(&loc->interp_elf_ex,
485 + interpreter,
486 +- &interp_map_addr,
487 + load_bias);
488 + if (!IS_ERR((void *)elf_entry)) {
489 + /*
490 +@@ -1112,8 +1557,10 @@ static int dump_seek(struct file *file, loff_t off)
491 unsigned long n = off;
492 if (n > PAGE_SIZE)
493 n = PAGE_SIZE;
494 @@ -74957,7 +74981,7 @@ index a64fde6..1535e95 100644
495 off -= n;
496 }
497 free_page((unsigned long)buf);
498 -@@ -1125,7 +1578,7 @@ static int dump_seek(struct file *file, loff_t off)
499 +@@ -1125,7 +1572,7 @@ static int dump_seek(struct file *file, loff_t off)
500 * Decide what to dump of a segment, part, all or none.
501 */
502 static unsigned long vma_dump_size(struct vm_area_struct *vma,
503 @@ -74966,7 +74990,7 @@ index a64fde6..1535e95 100644
504 {
505 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
506
507 -@@ -1159,7 +1612,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
508 +@@ -1159,7 +1606,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
509 if (vma->vm_file == NULL)
510 return 0;
511
512 @@ -74975,7 +74999,7 @@ index a64fde6..1535e95 100644
513 goto whole;
514
515 /*
516 -@@ -1255,8 +1708,11 @@ static int writenote(struct memelfnote *men, struct file *file,
517 +@@ -1255,8 +1702,11 @@ static int writenote(struct memelfnote *men, struct file *file,
518 #undef DUMP_WRITE
519
520 #define DUMP_WRITE(addr, nr) \
521 @@ -74988,7 +75012,7 @@ index a64fde6..1535e95 100644
522
523 static void fill_elf_header(struct elfhdr *elf, int segs,
524 u16 machine, u32 flags, u8 osabi)
525 -@@ -1385,9 +1841,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
526 +@@ -1385,9 +1835,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
527 {
528 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
529 int i = 0;
530 @@ -75000,7 +75024,7 @@ index a64fde6..1535e95 100644
531 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
532 }
533
534 -@@ -1973,7 +2429,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
535 +@@ -1973,7 +2423,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
536 phdr.p_offset = offset;
537 phdr.p_vaddr = vma->vm_start;
538 phdr.p_paddr = 0;
539 @@ -75009,7 +75033,7 @@ index a64fde6..1535e95 100644
540 phdr.p_memsz = vma->vm_end - vma->vm_start;
541 offset += phdr.p_filesz;
542 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
543 -@@ -2006,7 +2462,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
544 +@@ -2006,7 +2456,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
545 unsigned long addr;
546 unsigned long end;
547
548 @@ -75018,7 +75042,7 @@ index a64fde6..1535e95 100644
549
550 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
551 struct page *page;
552 -@@ -2015,6 +2471,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
553 +@@ -2015,6 +2465,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
554 page = get_dump_page(addr);
555 if (page) {
556 void *kaddr = kmap(page);
557 @@ -75026,7 +75050,7 @@ index a64fde6..1535e95 100644
558 stop = ((size += PAGE_SIZE) > limit) ||
559 !dump_write(file, kaddr, PAGE_SIZE);
560 kunmap(page);
561 -@@ -2042,6 +2499,97 @@ out:
562 +@@ -2042,6 +2493,97 @@ out:
563
564 #endif /* USE_ELF_CORE_DUMP */
565
566
567 diff --git a/3.2.32/0000_README b/3.2.32/0000_README
568 index c7a52ad..037da24 100644
569 --- a/3.2.32/0000_README
570 +++ b/3.2.32/0000_README
571 @@ -46,7 +46,7 @@ Patch: 1031_linux-3.2.32.patch
572 From: http://www.kernel.org
573 Desc: Linux 3.2.32
574
575 -Patch: 4420_grsecurity-2.9.1-3.2.32-201210231935.patch
576 +Patch: 4420_grsecurity-2.9.1-3.2.32-201210291445.patch
577 From: http://www.grsecurity.net
578 Desc: hardened-sources base patch from upstream grsecurity
579
580
581 diff --git a/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210231935.patch b/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210291445.patch
582 similarity index 99%
583 rename from 3.2.32/4420_grsecurity-2.9.1-3.2.32-201210231935.patch
584 rename to 3.2.32/4420_grsecurity-2.9.1-3.2.32-201210291445.patch
585 index 23c9278..7d16a10 100644
586 --- a/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210231935.patch
587 +++ b/3.2.32/4420_grsecurity-2.9.1-3.2.32-201210291445.patch
588 @@ -16888,7 +16888,7 @@ index 3bb0850..55a56f4 100644
589 #ifdef CONFIG_BLK_DEV_INITRD
590 /* Reserve INITRD */
591 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
592 -index ce0be7c..c41476e 100644
593 +index ce0be7c..1252d68 100644
594 --- a/arch/x86/kernel/head_32.S
595 +++ b/arch/x86/kernel/head_32.S
596 @@ -25,6 +25,12 @@
597 @@ -16944,20 +16944,20 @@ index ce0be7c..c41476e 100644
598 ENTRY(startup_32)
599 movl pa(stack_start),%ecx
600
601 -@@ -105,6 +120,57 @@ ENTRY(startup_32)
602 +@@ -105,6 +120,59 @@ ENTRY(startup_32)
603 2:
604 leal -__PAGE_OFFSET(%ecx),%esp
605
606 +#ifdef CONFIG_SMP
607 + movl $pa(cpu_gdt_table),%edi
608 + movl $__per_cpu_load,%eax
609 -+ movw %ax,__KERNEL_PERCPU + 2(%edi)
610 ++ movw %ax,GDT_ENTRY_PERCPU * 8 + 2(%edi)
611 + rorl $16,%eax
612 -+ movb %al,__KERNEL_PERCPU + 4(%edi)
613 -+ movb %ah,__KERNEL_PERCPU + 7(%edi)
614 ++ movb %al,GDT_ENTRY_PERCPU * 8 + 4(%edi)
615 ++ movb %ah,GDT_ENTRY_PERCPU * 8 + 7(%edi)
616 + movl $__per_cpu_end - 1,%eax
617 + subl $__per_cpu_start,%eax
618 -+ movw %ax,__KERNEL_PERCPU + 0(%edi)
619 ++ movw %ax,GDT_ENTRY_PERCPU * 8 + 0(%edi)
620 +#endif
621 +
622 +#ifdef CONFIG_PAX_MEMORY_UDEREF
623 @@ -16974,10 +16974,10 @@ index ce0be7c..c41476e 100644
624 +#ifdef CONFIG_PAX_KERNEXEC
625 + movl $pa(boot_gdt),%edi
626 + movl $__LOAD_PHYSICAL_ADDR,%eax
627 -+ movw %ax,__BOOT_CS + 2(%edi)
628 ++ movw %ax,GDT_ENTRY_BOOT_CS * 8 + 2(%edi)
629 + rorl $16,%eax
630 -+ movb %al,__BOOT_CS + 4(%edi)
631 -+ movb %ah,__BOOT_CS + 7(%edi)
632 ++ movb %al,GDT_ENTRY_BOOT_CS * 8 + 4(%edi)
633 ++ movb %ah,GDT_ENTRY_BOOT_CS * 8 + 7(%edi)
634 + rorl $16,%eax
635 +
636 + ljmp $(__BOOT_CS),$1f
637 @@ -16987,13 +16987,15 @@ index ce0be7c..c41476e 100644
638 + movl $pa(cpu_gdt_table),%edi
639 + addl $__PAGE_OFFSET,%eax
640 +1:
641 -+ movw %ax,__KERNEL_CS + 2(%edi)
642 -+ movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi)
643 ++ movb $0xc0,GDT_ENTRY_KERNEL_CS * 8 + 6(%edi)
644 ++ movb $0xc0,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 6(%edi)
645 ++ movw %ax,GDT_ENTRY_KERNEL_CS * 8 + 2(%edi)
646 ++ movw %ax,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 2(%edi)
647 + rorl $16,%eax
648 -+ movb %al,__KERNEL_CS + 4(%edi)
649 -+ movb %al,__KERNEXEC_KERNEL_CS + 4(%edi)
650 -+ movb %ah,__KERNEL_CS + 7(%edi)
651 -+ movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi)
652 ++ movb %al,GDT_ENTRY_KERNEL_CS * 8 + 4(%edi)
653 ++ movb %al,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 4(%edi)
654 ++ movb %ah,GDT_ENTRY_KERNEL_CS * 8 + 7(%edi)
655 ++ movb %ah,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 7(%edi)
656 + rorl $16,%eax
657 + addl $PAGE_SIZE_asm,%edi
658 + loop 1b
659 @@ -17002,7 +17004,7 @@ index ce0be7c..c41476e 100644
660 /*
661 * Clear BSS first so that there are no surprises...
662 */
663 -@@ -195,8 +261,11 @@ ENTRY(startup_32)
664 +@@ -195,8 +263,11 @@ ENTRY(startup_32)
665 movl %eax, pa(max_pfn_mapped)
666
667 /* Do early initialization of the fixmap area */
668 @@ -17016,7 +17018,7 @@ index ce0be7c..c41476e 100644
669 #else /* Not PAE */
670
671 page_pde_offset = (__PAGE_OFFSET >> 20);
672 -@@ -226,8 +295,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
673 +@@ -226,8 +297,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
674 movl %eax, pa(max_pfn_mapped)
675
676 /* Do early initialization of the fixmap area */
677 @@ -17030,7 +17032,7 @@ index ce0be7c..c41476e 100644
678 #endif
679
680 #ifdef CONFIG_PARAVIRT
681 -@@ -241,9 +313,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
682 +@@ -241,9 +315,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
683 cmpl $num_subarch_entries, %eax
684 jae bad_subarch
685
686 @@ -17041,7 +17043,7 @@ index ce0be7c..c41476e 100644
687
688 bad_subarch:
689 WEAK(lguest_entry)
690 -@@ -255,10 +325,10 @@ WEAK(xen_entry)
691 +@@ -255,10 +327,10 @@ WEAK(xen_entry)
692 __INITDATA
693
694 subarch_entries:
695 @@ -17056,7 +17058,7 @@ index ce0be7c..c41476e 100644
696 num_subarch_entries = (. - subarch_entries) / 4
697 .previous
698 #else
699 -@@ -312,6 +382,7 @@ default_entry:
700 +@@ -312,6 +384,7 @@ default_entry:
701 orl %edx,%eax
702 movl %eax,%cr4
703
704 @@ -17064,7 +17066,7 @@ index ce0be7c..c41476e 100644
705 testb $X86_CR4_PAE, %al # check if PAE is enabled
706 jz 6f
707
708 -@@ -340,6 +411,9 @@ default_entry:
709 +@@ -340,6 +413,9 @@ default_entry:
710 /* Make changes effective */
711 wrmsr
712
713 @@ -17074,7 +17076,7 @@ index ce0be7c..c41476e 100644
714 6:
715
716 /*
717 -@@ -443,7 +517,7 @@ is386: movl $2,%ecx # set MP
718 +@@ -443,7 +519,7 @@ is386: movl $2,%ecx # set MP
719 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
720 movl %eax,%ss # after changing gdt.
721
722 @@ -17083,7 +17085,7 @@ index ce0be7c..c41476e 100644
723 movl %eax,%ds
724 movl %eax,%es
725
726 -@@ -457,15 +531,22 @@ is386: movl $2,%ecx # set MP
727 +@@ -457,15 +533,22 @@ is386: movl $2,%ecx # set MP
728 */
729 cmpb $0,ready
730 jne 1f
731 @@ -17108,7 +17110,7 @@ index ce0be7c..c41476e 100644
732 movl %eax,%gs
733
734 xorl %eax,%eax # Clear LDT
735 -@@ -558,22 +639,22 @@ early_page_fault:
736 +@@ -558,22 +641,22 @@ early_page_fault:
737 jmp early_fault
738
739 early_fault:
740 @@ -17136,7 +17138,7 @@ index ce0be7c..c41476e 100644
741 hlt_loop:
742 hlt
743 jmp hlt_loop
744 -@@ -581,8 +662,11 @@ hlt_loop:
745 +@@ -581,8 +664,11 @@ hlt_loop:
746 /* This is the default interrupt "handler" :-) */
747 ALIGN
748 ignore_int:
749 @@ -17149,7 +17151,7 @@ index ce0be7c..c41476e 100644
750 pushl %eax
751 pushl %ecx
752 pushl %edx
753 -@@ -591,9 +675,6 @@ ignore_int:
754 +@@ -591,9 +677,6 @@ ignore_int:
755 movl $(__KERNEL_DS),%eax
756 movl %eax,%ds
757 movl %eax,%es
758 @@ -17159,7 +17161,7 @@ index ce0be7c..c41476e 100644
759 pushl 16(%esp)
760 pushl 24(%esp)
761 pushl 32(%esp)
762 -@@ -622,29 +703,43 @@ ENTRY(initial_code)
763 +@@ -622,29 +705,43 @@ ENTRY(initial_code)
764 /*
765 * BSS section
766 */
767 @@ -17208,7 +17210,7 @@ index ce0be7c..c41476e 100644
768 ENTRY(initial_page_table)
769 .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
770 # if KPMDS == 3
771 -@@ -663,18 +758,27 @@ ENTRY(initial_page_table)
772 +@@ -663,18 +760,27 @@ ENTRY(initial_page_table)
773 # error "Kernel PMDs should be 1, 2 or 3"
774 # endif
775 .align PAGE_SIZE /* needs to be page-sized too */
776 @@ -17239,7 +17241,7 @@ index ce0be7c..c41476e 100644
777 int_msg:
778 .asciz "Unknown interrupt or fault at: %p %p %p\n"
779
780 -@@ -707,7 +811,7 @@ fault_msg:
781 +@@ -707,7 +813,7 @@ fault_msg:
782 .word 0 # 32 bit align gdt_desc.address
783 boot_gdt_descr:
784 .word __BOOT_DS+7
785 @@ -17248,7 +17250,7 @@ index ce0be7c..c41476e 100644
786
787 .word 0 # 32-bit align idt_desc.address
788 idt_descr:
789 -@@ -718,7 +822,7 @@ idt_descr:
790 +@@ -718,7 +824,7 @@ idt_descr:
791 .word 0 # 32 bit align gdt_desc.address
792 ENTRY(early_gdt_descr)
793 .word GDT_ENTRIES*8-1
794 @@ -17257,7 +17259,7 @@ index ce0be7c..c41476e 100644
795
796 /*
797 * The boot_gdt must mirror the equivalent in setup.S and is
798 -@@ -727,5 +831,65 @@ ENTRY(early_gdt_descr)
799 +@@ -727,5 +833,65 @@ ENTRY(early_gdt_descr)
800 .align L1_CACHE_BYTES
801 ENTRY(boot_gdt)
802 .fill GDT_ENTRY_BOOT_CS,8,0
803 @@ -24871,7 +24873,7 @@ index df7d12c..abafe9e 100644
804 }
805 if (mm->get_unmapped_area == arch_get_unmapped_area)
806 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
807 -index 87488b9..a06f559 100644
808 +index 87488b9..cb10023 100644
809 --- a/arch/x86/mm/init.c
810 +++ b/arch/x86/mm/init.c
811 @@ -15,6 +15,8 @@
812 @@ -24931,7 +24933,7 @@ index 87488b9..a06f559 100644
813 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
814 return 0;
815 if (!page_is_ram(pagenr))
816 -@@ -370,8 +399,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
817 +@@ -370,8 +399,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
818 #endif
819 }
820
821 @@ -24985,6 +24987,7 @@ index 87488b9..a06f559 100644
822 + for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
823 + pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
824 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
825 ++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
826 + }
827 +
828 + /* PaX: make KERNEL_CS read-only */
829 @@ -43184,7 +43187,7 @@ index a6395bd..f1e376a 100644
830 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
831 #ifdef __alpha__
832 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
833 -index 8dd615c..ea0baaa 100644
834 +index 8dd615c..4b512f5 100644
835 --- a/fs/binfmt_elf.c
836 +++ b/fs/binfmt_elf.c
837 @@ -32,6 +32,7 @@
838 @@ -43279,7 +43282,13 @@ index 8dd615c..ea0baaa 100644
839 return -EFAULT;
840 return 0;
841 }
842 -@@ -381,10 +400,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
843 +@@ -376,15 +395,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
844 + an ELF header */
845 +
846 + static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
847 +- struct file *interpreter, unsigned long *interp_map_addr,
848 +- unsigned long no_base)
849 ++ struct file *interpreter, unsigned long no_base)
850 {
851 struct elf_phdr *elf_phdata;
852 struct elf_phdr *eppnt;
853 @@ -43292,7 +43301,7 @@ index 8dd615c..ea0baaa 100644
854 unsigned long total_size;
855 int retval, i, size;
856
857 -@@ -430,6 +449,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
858 +@@ -430,6 +448,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
859 goto out_close;
860 }
861
862 @@ -43304,7 +43313,16 @@ index 8dd615c..ea0baaa 100644
863 eppnt = elf_phdata;
864 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
865 if (eppnt->p_type == PT_LOAD) {
866 -@@ -473,8 +497,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
867 +@@ -453,8 +476,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
868 + map_addr = elf_map(interpreter, load_addr + vaddr,
869 + eppnt, elf_prot, elf_type, total_size);
870 + total_size = 0;
871 +- if (!*interp_map_addr)
872 +- *interp_map_addr = map_addr;
873 + error = map_addr;
874 + if (BAD_ADDR(map_addr))
875 + goto out_close;
876 +@@ -473,8 +494,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
877 k = load_addr + eppnt->p_vaddr;
878 if (BAD_ADDR(k) ||
879 eppnt->p_filesz > eppnt->p_memsz ||
880 @@ -43315,7 +43333,7 @@ index 8dd615c..ea0baaa 100644
881 error = -ENOMEM;
882 goto out_close;
883 }
884 -@@ -528,6 +552,311 @@ out:
885 +@@ -528,6 +549,311 @@ out:
886 return error;
887 }
888
889 @@ -43627,7 +43645,7 @@ index 8dd615c..ea0baaa 100644
890 /*
891 * These are the functions used to load ELF style executables and shared
892 * libraries. There is no binary dependent code anywhere else.
893 -@@ -544,6 +873,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
894 +@@ -544,6 +870,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
895 {
896 unsigned int random_variable = 0;
897
898 @@ -43639,7 +43657,7 @@ index 8dd615c..ea0baaa 100644
899 if ((current->flags & PF_RANDOMIZE) &&
900 !(current->personality & ADDR_NO_RANDOMIZE)) {
901 random_variable = get_random_int() & STACK_RND_MASK;
902 -@@ -562,7 +896,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
903 +@@ -562,7 +893,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
904 unsigned long load_addr = 0, load_bias = 0;
905 int load_addr_set = 0;
906 char * elf_interpreter = NULL;
907 @@ -43648,7 +43666,7 @@ index 8dd615c..ea0baaa 100644
908 struct elf_phdr *elf_ppnt, *elf_phdata;
909 unsigned long elf_bss, elf_brk;
910 int retval, i;
911 -@@ -572,11 +906,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
912 +@@ -572,11 +903,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
913 unsigned long start_code, end_code, start_data, end_data;
914 unsigned long reloc_func_desc __maybe_unused = 0;
915 int executable_stack = EXSTACK_DEFAULT;
916 @@ -43661,7 +43679,7 @@ index 8dd615c..ea0baaa 100644
917
918 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
919 if (!loc) {
920 -@@ -713,11 +1047,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
921 +@@ -713,11 +1044,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
922
923 /* OK, This is the point of no return */
924 current->flags &= ~PF_FORKNOEXEC;
925 @@ -43744,7 +43762,7 @@ index 8dd615c..ea0baaa 100644
926 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
927 current->personality |= READ_IMPLIES_EXEC;
928
929 -@@ -808,6 +1212,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
930 +@@ -808,6 +1209,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
931 #else
932 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
933 #endif
934 @@ -43765,7 +43783,7 @@ index 8dd615c..ea0baaa 100644
935 }
936
937 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
938 -@@ -840,9 +1258,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
939 +@@ -840,9 +1255,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
940 * allowed task size. Note that p_filesz must always be
941 * <= p_memsz so it is only necessary to check p_memsz.
942 */
943 @@ -43778,7 +43796,7 @@ index 8dd615c..ea0baaa 100644
944 /* set_brk can never work. Avoid overflows. */
945 send_sig(SIGKILL, current, 0);
946 retval = -EINVAL;
947 -@@ -881,11 +1299,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
948 +@@ -881,17 +1296,43 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
949 goto out_free_dentry;
950 }
951 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
952 @@ -43820,9 +43838,15 @@ index 8dd615c..ea0baaa 100644
953 +#endif
954 +
955 if (elf_interpreter) {
956 - unsigned long uninitialized_var(interp_map_addr);
957 -
958 -@@ -1098,7 +1545,7 @@ out:
959 +- unsigned long uninitialized_var(interp_map_addr);
960 +-
961 + elf_entry = load_elf_interp(&loc->interp_elf_ex,
962 + interpreter,
963 +- &interp_map_addr,
964 + load_bias);
965 + if (!IS_ERR((void *)elf_entry)) {
966 + /*
967 +@@ -1098,7 +1539,7 @@ out:
968 * Decide what to dump of a segment, part, all or none.
969 */
970 static unsigned long vma_dump_size(struct vm_area_struct *vma,
971 @@ -43831,7 +43855,7 @@ index 8dd615c..ea0baaa 100644
972 {
973 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
974
975 -@@ -1132,7 +1579,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
976 +@@ -1132,7 +1573,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
977 if (vma->vm_file == NULL)
978 return 0;
979
980 @@ -43840,7 +43864,7 @@ index 8dd615c..ea0baaa 100644
981 goto whole;
982
983 /*
984 -@@ -1354,9 +1801,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
985 +@@ -1354,9 +1795,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
986 {
987 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
988 int i = 0;
989 @@ -43852,7 +43876,7 @@ index 8dd615c..ea0baaa 100644
990 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
991 }
992
993 -@@ -1851,14 +2298,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
994 +@@ -1851,14 +2292,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
995 }
996
997 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
998 @@ -43869,7 +43893,7 @@ index 8dd615c..ea0baaa 100644
999 return size;
1000 }
1001
1002 -@@ -1952,7 +2399,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1003 +@@ -1952,7 +2393,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1004
1005 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
1006
1007 @@ -43878,7 +43902,7 @@ index 8dd615c..ea0baaa 100644
1008 offset += elf_core_extra_data_size();
1009 e_shoff = offset;
1010
1011 -@@ -1966,10 +2413,12 @@ static int elf_core_dump(struct coredump_params *cprm)
1012 +@@ -1966,10 +2407,12 @@ static int elf_core_dump(struct coredump_params *cprm)
1013 offset = dataoff;
1014
1015 size += sizeof(*elf);
1016 @@ -43891,7 +43915,7 @@ index 8dd615c..ea0baaa 100644
1017 if (size > cprm->limit
1018 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
1019 goto end_coredump;
1020 -@@ -1983,7 +2432,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1021 +@@ -1983,7 +2426,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1022 phdr.p_offset = offset;
1023 phdr.p_vaddr = vma->vm_start;
1024 phdr.p_paddr = 0;
1025 @@ -43900,7 +43924,7 @@ index 8dd615c..ea0baaa 100644
1026 phdr.p_memsz = vma->vm_end - vma->vm_start;
1027 offset += phdr.p_filesz;
1028 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
1029 -@@ -1994,6 +2443,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1030 +@@ -1994,6 +2437,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1031 phdr.p_align = ELF_EXEC_PAGESIZE;
1032
1033 size += sizeof(phdr);
1034 @@ -43908,7 +43932,7 @@ index 8dd615c..ea0baaa 100644
1035 if (size > cprm->limit
1036 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
1037 goto end_coredump;
1038 -@@ -2018,7 +2468,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1039 +@@ -2018,7 +2462,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1040 unsigned long addr;
1041 unsigned long end;
1042
1043 @@ -43917,7 +43941,7 @@ index 8dd615c..ea0baaa 100644
1044
1045 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
1046 struct page *page;
1047 -@@ -2027,6 +2477,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1048 +@@ -2027,6 +2471,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1049 page = get_dump_page(addr);
1050 if (page) {
1051 void *kaddr = kmap(page);
1052 @@ -43925,7 +43949,7 @@ index 8dd615c..ea0baaa 100644
1053 stop = ((size += PAGE_SIZE) > cprm->limit) ||
1054 !dump_write(cprm->file, kaddr,
1055 PAGE_SIZE);
1056 -@@ -2044,6 +2495,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1057 +@@ -2044,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm)
1058
1059 if (e_phnum == PN_XNUM) {
1060 size += sizeof(*shdr4extnum);
1061 @@ -43933,7 +43957,7 @@ index 8dd615c..ea0baaa 100644
1062 if (size > cprm->limit
1063 || !dump_write(cprm->file, shdr4extnum,
1064 sizeof(*shdr4extnum)))
1065 -@@ -2064,6 +2516,97 @@ out:
1066 +@@ -2064,6 +2510,97 @@ out:
1067
1068 #endif /* CONFIG_ELF_CORE */
1069
1070
1071 diff --git a/3.6.3/1002_linux-3.6.3.patch b/3.6.3/1002_linux-3.6.3.patch
1072 deleted file mode 100644
1073 index 70fa991..0000000
1074 --- a/3.6.3/1002_linux-3.6.3.patch
1075 +++ /dev/null
1076 @@ -1,3132 +0,0 @@
1077 -diff --git a/Makefile b/Makefile
1078 -index af5d6a9..6cdadf4 100644
1079 ---- a/Makefile
1080 -+++ b/Makefile
1081 -@@ -1,6 +1,6 @@
1082 - VERSION = 3
1083 - PATCHLEVEL = 6
1084 --SUBLEVEL = 2
1085 -+SUBLEVEL = 3
1086 - EXTRAVERSION =
1087 - NAME = Terrified Chipmunk
1088 -
1089 -diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
1090 -index 2f88d8d..48c19d4 100644
1091 ---- a/arch/arm/Kconfig
1092 -+++ b/arch/arm/Kconfig
1093 -@@ -1413,6 +1413,16 @@ config PL310_ERRATA_769419
1094 - on systems with an outer cache, the store buffer is drained
1095 - explicitly.
1096 -
1097 -+config ARM_ERRATA_775420
1098 -+ bool "ARM errata: A data cache maintenance operation which aborts, might lead to deadlock"
1099 -+ depends on CPU_V7
1100 -+ help
1101 -+ This option enables the workaround for the 775420 Cortex-A9 (r2p2,
1102 -+ r2p6,r2p8,r2p10,r3p0) erratum. In case a date cache maintenance
1103 -+ operation aborts with MMU exception, it might cause the processor
1104 -+ to deadlock. This workaround puts DSB before executing ISB if
1105 -+ an abort may occur on cache maintenance.
1106 -+
1107 - endmenu
1108 -
1109 - source "arch/arm/common/Kconfig"
1110 -diff --git a/arch/arm/include/asm/vfpmacros.h b/arch/arm/include/asm/vfpmacros.h
1111 -index 3d5fc41..bf53047 100644
1112 ---- a/arch/arm/include/asm/vfpmacros.h
1113 -+++ b/arch/arm/include/asm/vfpmacros.h
1114 -@@ -28,7 +28,7 @@
1115 - ldr \tmp, =elf_hwcap @ may not have MVFR regs
1116 - ldr \tmp, [\tmp, #0]
1117 - tst \tmp, #HWCAP_VFPv3D16
1118 -- ldceq p11, cr0, [\base],#32*4 @ FLDMIAD \base!, {d16-d31}
1119 -+ ldceql p11, cr0, [\base],#32*4 @ FLDMIAD \base!, {d16-d31}
1120 - addne \base, \base, #32*4 @ step over unused register space
1121 - #else
1122 - VFPFMRX \tmp, MVFR0 @ Media and VFP Feature Register 0
1123 -@@ -52,7 +52,7 @@
1124 - ldr \tmp, =elf_hwcap @ may not have MVFR regs
1125 - ldr \tmp, [\tmp, #0]
1126 - tst \tmp, #HWCAP_VFPv3D16
1127 -- stceq p11, cr0, [\base],#32*4 @ FSTMIAD \base!, {d16-d31}
1128 -+ stceql p11, cr0, [\base],#32*4 @ FSTMIAD \base!, {d16-d31}
1129 - addne \base, \base, #32*4 @ step over unused register space
1130 - #else
1131 - VFPFMRX \tmp, MVFR0 @ Media and VFP Feature Register 0
1132 -diff --git a/arch/arm/mm/cache-v7.S b/arch/arm/mm/cache-v7.S
1133 -index 39e3fb3..3b17227 100644
1134 ---- a/arch/arm/mm/cache-v7.S
1135 -+++ b/arch/arm/mm/cache-v7.S
1136 -@@ -211,6 +211,9 @@ ENTRY(v7_coherent_user_range)
1137 - * isn't mapped, fail with -EFAULT.
1138 - */
1139 - 9001:
1140 -+#ifdef CONFIG_ARM_ERRATA_775420
1141 -+ dsb
1142 -+#endif
1143 - mov r0, #-EFAULT
1144 - mov pc, lr
1145 - UNWIND(.fnend )
1146 -diff --git a/arch/arm/plat-omap/counter_32k.c b/arch/arm/plat-omap/counter_32k.c
1147 -index dbf1e03..2bc51fb 100644
1148 ---- a/arch/arm/plat-omap/counter_32k.c
1149 -+++ b/arch/arm/plat-omap/counter_32k.c
1150 -@@ -55,22 +55,29 @@ static u32 notrace omap_32k_read_sched_clock(void)
1151 - * nsecs and adds to a monotonically increasing timespec.
1152 - */
1153 - static struct timespec persistent_ts;
1154 --static cycles_t cycles, last_cycles;
1155 -+static cycles_t cycles;
1156 - static unsigned int persistent_mult, persistent_shift;
1157 -+static DEFINE_SPINLOCK(read_persistent_clock_lock);
1158 -+
1159 - static void omap_read_persistent_clock(struct timespec *ts)
1160 - {
1161 - unsigned long long nsecs;
1162 -- cycles_t delta;
1163 -- struct timespec *tsp = &persistent_ts;
1164 -+ cycles_t last_cycles;
1165 -+ unsigned long flags;
1166 -+
1167 -+ spin_lock_irqsave(&read_persistent_clock_lock, flags);
1168 -
1169 - last_cycles = cycles;
1170 - cycles = sync32k_cnt_reg ? __raw_readl(sync32k_cnt_reg) : 0;
1171 -- delta = cycles - last_cycles;
1172 -
1173 -- nsecs = clocksource_cyc2ns(delta, persistent_mult, persistent_shift);
1174 -+ nsecs = clocksource_cyc2ns(cycles - last_cycles,
1175 -+ persistent_mult, persistent_shift);
1176 -+
1177 -+ timespec_add_ns(&persistent_ts, nsecs);
1178 -+
1179 -+ *ts = persistent_ts;
1180 -
1181 -- timespec_add_ns(tsp, nsecs);
1182 -- *ts = *tsp;
1183 -+ spin_unlock_irqrestore(&read_persistent_clock_lock, flags);
1184 - }
1185 -
1186 - /**
1187 -diff --git a/arch/mips/ath79/clock.c b/arch/mips/ath79/clock.c
1188 -index d272857..579f452 100644
1189 ---- a/arch/mips/ath79/clock.c
1190 -+++ b/arch/mips/ath79/clock.c
1191 -@@ -17,6 +17,8 @@
1192 - #include <linux/err.h>
1193 - #include <linux/clk.h>
1194 -
1195 -+#include <asm/div64.h>
1196 -+
1197 - #include <asm/mach-ath79/ath79.h>
1198 - #include <asm/mach-ath79/ar71xx_regs.h>
1199 - #include "common.h"
1200 -@@ -166,11 +168,34 @@ static void __init ar933x_clocks_init(void)
1201 - ath79_uart_clk.rate = ath79_ref_clk.rate;
1202 - }
1203 -
1204 -+static u32 __init ar934x_get_pll_freq(u32 ref, u32 ref_div, u32 nint, u32 nfrac,
1205 -+ u32 frac, u32 out_div)
1206 -+{
1207 -+ u64 t;
1208 -+ u32 ret;
1209 -+
1210 -+ t = ath79_ref_clk.rate;
1211 -+ t *= nint;
1212 -+ do_div(t, ref_div);
1213 -+ ret = t;
1214 -+
1215 -+ t = ath79_ref_clk.rate;
1216 -+ t *= nfrac;
1217 -+ do_div(t, ref_div * frac);
1218 -+ ret += t;
1219 -+
1220 -+ ret /= (1 << out_div);
1221 -+ return ret;
1222 -+}
1223 -+
1224 - static void __init ar934x_clocks_init(void)
1225 - {
1226 -- u32 pll, out_div, ref_div, nint, frac, clk_ctrl, postdiv;
1227 -+ u32 pll, out_div, ref_div, nint, nfrac, frac, clk_ctrl, postdiv;
1228 - u32 cpu_pll, ddr_pll;
1229 - u32 bootstrap;
1230 -+ void __iomem *dpll_base;
1231 -+
1232 -+ dpll_base = ioremap(AR934X_SRIF_BASE, AR934X_SRIF_SIZE);
1233 -
1234 - bootstrap = ath79_reset_rr(AR934X_RESET_REG_BOOTSTRAP);
1235 - if (bootstrap & AR934X_BOOTSTRAP_REF_CLK_40)
1236 -@@ -178,33 +203,59 @@ static void __init ar934x_clocks_init(void)
1237 - else
1238 - ath79_ref_clk.rate = 25 * 1000 * 1000;
1239 -
1240 -- pll = ath79_pll_rr(AR934X_PLL_CPU_CONFIG_REG);
1241 -- out_div = (pll >> AR934X_PLL_CPU_CONFIG_OUTDIV_SHIFT) &
1242 -- AR934X_PLL_CPU_CONFIG_OUTDIV_MASK;
1243 -- ref_div = (pll >> AR934X_PLL_CPU_CONFIG_REFDIV_SHIFT) &
1244 -- AR934X_PLL_CPU_CONFIG_REFDIV_MASK;
1245 -- nint = (pll >> AR934X_PLL_CPU_CONFIG_NINT_SHIFT) &
1246 -- AR934X_PLL_CPU_CONFIG_NINT_MASK;
1247 -- frac = (pll >> AR934X_PLL_CPU_CONFIG_NFRAC_SHIFT) &
1248 -- AR934X_PLL_CPU_CONFIG_NFRAC_MASK;
1249 --
1250 -- cpu_pll = nint * ath79_ref_clk.rate / ref_div;
1251 -- cpu_pll += frac * ath79_ref_clk.rate / (ref_div * (1 << 6));
1252 -- cpu_pll /= (1 << out_div);
1253 --
1254 -- pll = ath79_pll_rr(AR934X_PLL_DDR_CONFIG_REG);
1255 -- out_div = (pll >> AR934X_PLL_DDR_CONFIG_OUTDIV_SHIFT) &
1256 -- AR934X_PLL_DDR_CONFIG_OUTDIV_MASK;
1257 -- ref_div = (pll >> AR934X_PLL_DDR_CONFIG_REFDIV_SHIFT) &
1258 -- AR934X_PLL_DDR_CONFIG_REFDIV_MASK;
1259 -- nint = (pll >> AR934X_PLL_DDR_CONFIG_NINT_SHIFT) &
1260 -- AR934X_PLL_DDR_CONFIG_NINT_MASK;
1261 -- frac = (pll >> AR934X_PLL_DDR_CONFIG_NFRAC_SHIFT) &
1262 -- AR934X_PLL_DDR_CONFIG_NFRAC_MASK;
1263 --
1264 -- ddr_pll = nint * ath79_ref_clk.rate / ref_div;
1265 -- ddr_pll += frac * ath79_ref_clk.rate / (ref_div * (1 << 10));
1266 -- ddr_pll /= (1 << out_div);
1267 -+ pll = __raw_readl(dpll_base + AR934X_SRIF_CPU_DPLL2_REG);
1268 -+ if (pll & AR934X_SRIF_DPLL2_LOCAL_PLL) {
1269 -+ out_div = (pll >> AR934X_SRIF_DPLL2_OUTDIV_SHIFT) &
1270 -+ AR934X_SRIF_DPLL2_OUTDIV_MASK;
1271 -+ pll = __raw_readl(dpll_base + AR934X_SRIF_CPU_DPLL1_REG);
1272 -+ nint = (pll >> AR934X_SRIF_DPLL1_NINT_SHIFT) &
1273 -+ AR934X_SRIF_DPLL1_NINT_MASK;
1274 -+ nfrac = pll & AR934X_SRIF_DPLL1_NFRAC_MASK;
1275 -+ ref_div = (pll >> AR934X_SRIF_DPLL1_REFDIV_SHIFT) &
1276 -+ AR934X_SRIF_DPLL1_REFDIV_MASK;
1277 -+ frac = 1 << 18;
1278 -+ } else {
1279 -+ pll = ath79_pll_rr(AR934X_PLL_CPU_CONFIG_REG);
1280 -+ out_div = (pll >> AR934X_PLL_CPU_CONFIG_OUTDIV_SHIFT) &
1281 -+ AR934X_PLL_CPU_CONFIG_OUTDIV_MASK;
1282 -+ ref_div = (pll >> AR934X_PLL_CPU_CONFIG_REFDIV_SHIFT) &
1283 -+ AR934X_PLL_CPU_CONFIG_REFDIV_MASK;
1284 -+ nint = (pll >> AR934X_PLL_CPU_CONFIG_NINT_SHIFT) &
1285 -+ AR934X_PLL_CPU_CONFIG_NINT_MASK;
1286 -+ nfrac = (pll >> AR934X_PLL_CPU_CONFIG_NFRAC_SHIFT) &
1287 -+ AR934X_PLL_CPU_CONFIG_NFRAC_MASK;
1288 -+ frac = 1 << 6;
1289 -+ }
1290 -+
1291 -+ cpu_pll = ar934x_get_pll_freq(ath79_ref_clk.rate, ref_div, nint,
1292 -+ nfrac, frac, out_div);
1293 -+
1294 -+ pll = __raw_readl(dpll_base + AR934X_SRIF_DDR_DPLL2_REG);
1295 -+ if (pll & AR934X_SRIF_DPLL2_LOCAL_PLL) {
1296 -+ out_div = (pll >> AR934X_SRIF_DPLL2_OUTDIV_SHIFT) &
1297 -+ AR934X_SRIF_DPLL2_OUTDIV_MASK;
1298 -+ pll = __raw_readl(dpll_base + AR934X_SRIF_DDR_DPLL1_REG);
1299 -+ nint = (pll >> AR934X_SRIF_DPLL1_NINT_SHIFT) &
1300 -+ AR934X_SRIF_DPLL1_NINT_MASK;
1301 -+ nfrac = pll & AR934X_SRIF_DPLL1_NFRAC_MASK;
1302 -+ ref_div = (pll >> AR934X_SRIF_DPLL1_REFDIV_SHIFT) &
1303 -+ AR934X_SRIF_DPLL1_REFDIV_MASK;
1304 -+ frac = 1 << 18;
1305 -+ } else {
1306 -+ pll = ath79_pll_rr(AR934X_PLL_DDR_CONFIG_REG);
1307 -+ out_div = (pll >> AR934X_PLL_DDR_CONFIG_OUTDIV_SHIFT) &
1308 -+ AR934X_PLL_DDR_CONFIG_OUTDIV_MASK;
1309 -+ ref_div = (pll >> AR934X_PLL_DDR_CONFIG_REFDIV_SHIFT) &
1310 -+ AR934X_PLL_DDR_CONFIG_REFDIV_MASK;
1311 -+ nint = (pll >> AR934X_PLL_DDR_CONFIG_NINT_SHIFT) &
1312 -+ AR934X_PLL_DDR_CONFIG_NINT_MASK;
1313 -+ nfrac = (pll >> AR934X_PLL_DDR_CONFIG_NFRAC_SHIFT) &
1314 -+ AR934X_PLL_DDR_CONFIG_NFRAC_MASK;
1315 -+ frac = 1 << 10;
1316 -+ }
1317 -+
1318 -+ ddr_pll = ar934x_get_pll_freq(ath79_ref_clk.rate, ref_div, nint,
1319 -+ nfrac, frac, out_div);
1320 -
1321 - clk_ctrl = ath79_pll_rr(AR934X_PLL_CPU_DDR_CLK_CTRL_REG);
1322 -
1323 -@@ -240,6 +291,8 @@ static void __init ar934x_clocks_init(void)
1324 -
1325 - ath79_wdt_clk.rate = ath79_ref_clk.rate;
1326 - ath79_uart_clk.rate = ath79_ref_clk.rate;
1327 -+
1328 -+ iounmap(dpll_base);
1329 - }
1330 -
1331 - void __init ath79_clocks_init(void)
1332 -diff --git a/arch/mips/include/asm/mach-ath79/ar71xx_regs.h b/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
1333 -index dde5044..31a9a7c 100644
1334 ---- a/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
1335 -+++ b/arch/mips/include/asm/mach-ath79/ar71xx_regs.h
1336 -@@ -63,6 +63,8 @@
1337 -
1338 - #define AR934X_WMAC_BASE (AR71XX_APB_BASE + 0x00100000)
1339 - #define AR934X_WMAC_SIZE 0x20000
1340 -+#define AR934X_SRIF_BASE (AR71XX_APB_BASE + 0x00116000)
1341 -+#define AR934X_SRIF_SIZE 0x1000
1342 -
1343 - /*
1344 - * DDR_CTRL block
1345 -@@ -399,4 +401,25 @@
1346 - #define AR933X_GPIO_COUNT 30
1347 - #define AR934X_GPIO_COUNT 23
1348 -
1349 -+/*
1350 -+ * SRIF block
1351 -+ */
1352 -+#define AR934X_SRIF_CPU_DPLL1_REG 0x1c0
1353 -+#define AR934X_SRIF_CPU_DPLL2_REG 0x1c4
1354 -+#define AR934X_SRIF_CPU_DPLL3_REG 0x1c8
1355 -+
1356 -+#define AR934X_SRIF_DDR_DPLL1_REG 0x240
1357 -+#define AR934X_SRIF_DDR_DPLL2_REG 0x244
1358 -+#define AR934X_SRIF_DDR_DPLL3_REG 0x248
1359 -+
1360 -+#define AR934X_SRIF_DPLL1_REFDIV_SHIFT 27
1361 -+#define AR934X_SRIF_DPLL1_REFDIV_MASK 0x1f
1362 -+#define AR934X_SRIF_DPLL1_NINT_SHIFT 18
1363 -+#define AR934X_SRIF_DPLL1_NINT_MASK 0x1ff
1364 -+#define AR934X_SRIF_DPLL1_NFRAC_MASK 0x0003ffff
1365 -+
1366 -+#define AR934X_SRIF_DPLL2_LOCAL_PLL BIT(30)
1367 -+#define AR934X_SRIF_DPLL2_OUTDIV_SHIFT 13
1368 -+#define AR934X_SRIF_DPLL2_OUTDIV_MASK 0x7
1369 -+
1370 - #endif /* __ASM_MACH_AR71XX_REGS_H */
1371 -diff --git a/arch/mips/kernel/kgdb.c b/arch/mips/kernel/kgdb.c
1372 -index f4546e9..23817a6 100644
1373 ---- a/arch/mips/kernel/kgdb.c
1374 -+++ b/arch/mips/kernel/kgdb.c
1375 -@@ -283,6 +283,15 @@ static int kgdb_mips_notify(struct notifier_block *self, unsigned long cmd,
1376 - struct pt_regs *regs = args->regs;
1377 - int trap = (regs->cp0_cause & 0x7c) >> 2;
1378 -
1379 -+#ifdef CONFIG_KPROBES
1380 -+ /*
1381 -+ * Return immediately if the kprobes fault notifier has set
1382 -+ * DIE_PAGE_FAULT.
1383 -+ */
1384 -+ if (cmd == DIE_PAGE_FAULT)
1385 -+ return NOTIFY_DONE;
1386 -+#endif /* CONFIG_KPROBES */
1387 -+
1388 - /* Userspace events, ignore. */
1389 - if (user_mode(regs))
1390 - return NOTIFY_DONE;
1391 -diff --git a/arch/x86/Makefile b/arch/x86/Makefile
1392 -index 58790bd..05afcca 100644
1393 ---- a/arch/x86/Makefile
1394 -+++ b/arch/x86/Makefile
1395 -@@ -142,7 +142,7 @@ KBUILD_CFLAGS += $(call cc-option,-mno-avx,)
1396 - KBUILD_CFLAGS += $(mflags-y)
1397 - KBUILD_AFLAGS += $(mflags-y)
1398 -
1399 --archscripts:
1400 -+archscripts: scripts_basic
1401 - $(Q)$(MAKE) $(build)=arch/x86/tools relocs
1402 -
1403 - ###
1404 -diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
1405 -index 1fbe75a..c1461de 100644
1406 ---- a/arch/x86/xen/enlighten.c
1407 -+++ b/arch/x86/xen/enlighten.c
1408 -@@ -984,7 +984,16 @@ static void xen_write_cr4(unsigned long cr4)
1409 -
1410 - native_write_cr4(cr4);
1411 - }
1412 --
1413 -+#ifdef CONFIG_X86_64
1414 -+static inline unsigned long xen_read_cr8(void)
1415 -+{
1416 -+ return 0;
1417 -+}
1418 -+static inline void xen_write_cr8(unsigned long val)
1419 -+{
1420 -+ BUG_ON(val);
1421 -+}
1422 -+#endif
1423 - static int xen_write_msr_safe(unsigned int msr, unsigned low, unsigned high)
1424 - {
1425 - int ret;
1426 -@@ -1153,6 +1162,11 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
1427 - .read_cr4_safe = native_read_cr4_safe,
1428 - .write_cr4 = xen_write_cr4,
1429 -
1430 -+#ifdef CONFIG_X86_64
1431 -+ .read_cr8 = xen_read_cr8,
1432 -+ .write_cr8 = xen_write_cr8,
1433 -+#endif
1434 -+
1435 - .wbinvd = native_wbinvd,
1436 -
1437 - .read_msr = native_read_msr_safe,
1438 -@@ -1161,6 +1175,8 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
1439 - .read_tsc = native_read_tsc,
1440 - .read_pmc = native_read_pmc,
1441 -
1442 -+ .read_tscp = native_read_tscp,
1443 -+
1444 - .iret = xen_iret,
1445 - .irq_enable_sysexit = xen_sysexit,
1446 - #ifdef CONFIG_X86_64
1447 -diff --git a/block/blk-core.c b/block/blk-core.c
1448 -index ee3cb3a..8471fb7 100644
1449 ---- a/block/blk-core.c
1450 -+++ b/block/blk-core.c
1451 -@@ -696,7 +696,7 @@ blk_init_allocated_queue(struct request_queue *q, request_fn_proc *rfn,
1452 - q->request_fn = rfn;
1453 - q->prep_rq_fn = NULL;
1454 - q->unprep_rq_fn = NULL;
1455 -- q->queue_flags = QUEUE_FLAG_DEFAULT;
1456 -+ q->queue_flags |= QUEUE_FLAG_DEFAULT;
1457 -
1458 - /* Override internal queue lock with supplied lock pointer */
1459 - if (lock)
1460 -diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
1461 -index 7edaccc..a51df96 100644
1462 ---- a/drivers/acpi/ec.c
1463 -+++ b/drivers/acpi/ec.c
1464 -@@ -71,9 +71,6 @@ enum ec_command {
1465 - #define ACPI_EC_UDELAY_GLK 1000 /* Wait 1ms max. to get global lock */
1466 - #define ACPI_EC_MSI_UDELAY 550 /* Wait 550us for MSI EC */
1467 -
1468 --#define ACPI_EC_STORM_THRESHOLD 8 /* number of false interrupts
1469 -- per one transaction */
1470 --
1471 - enum {
1472 - EC_FLAGS_QUERY_PENDING, /* Query is pending */
1473 - EC_FLAGS_GPE_STORM, /* GPE storm detected */
1474 -@@ -87,6 +84,15 @@ static unsigned int ec_delay __read_mostly = ACPI_EC_DELAY;
1475 - module_param(ec_delay, uint, 0644);
1476 - MODULE_PARM_DESC(ec_delay, "Timeout(ms) waited until an EC command completes");
1477 -
1478 -+/*
1479 -+ * If the number of false interrupts per one transaction exceeds
1480 -+ * this threshold, will think there is a GPE storm happened and
1481 -+ * will disable the GPE for normal transaction.
1482 -+ */
1483 -+static unsigned int ec_storm_threshold __read_mostly = 8;
1484 -+module_param(ec_storm_threshold, uint, 0644);
1485 -+MODULE_PARM_DESC(ec_storm_threshold, "Maxim false GPE numbers not considered as GPE storm");
1486 -+
1487 - /* If we find an EC via the ECDT, we need to keep a ptr to its context */
1488 - /* External interfaces use first EC only, so remember */
1489 - typedef int (*acpi_ec_query_func) (void *data);
1490 -@@ -319,7 +325,7 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
1491 - msleep(1);
1492 - /* It is safe to enable the GPE outside of the transaction. */
1493 - acpi_enable_gpe(NULL, ec->gpe);
1494 -- } else if (t->irq_count > ACPI_EC_STORM_THRESHOLD) {
1495 -+ } else if (t->irq_count > ec_storm_threshold) {
1496 - pr_info(PREFIX "GPE storm detected, "
1497 - "transactions will use polling mode\n");
1498 - set_bit(EC_FLAGS_GPE_STORM, &ec->flags);
1499 -@@ -924,6 +930,17 @@ static int ec_flag_msi(const struct dmi_system_id *id)
1500 - return 0;
1501 - }
1502 -
1503 -+/*
1504 -+ * Clevo M720 notebook actually works ok with IRQ mode, if we lifted
1505 -+ * the GPE storm threshold back to 20
1506 -+ */
1507 -+static int ec_enlarge_storm_threshold(const struct dmi_system_id *id)
1508 -+{
1509 -+ pr_debug("Setting the EC GPE storm threshold to 20\n");
1510 -+ ec_storm_threshold = 20;
1511 -+ return 0;
1512 -+}
1513 -+
1514 - static struct dmi_system_id __initdata ec_dmi_table[] = {
1515 - {
1516 - ec_skip_dsdt_scan, "Compal JFL92", {
1517 -@@ -955,10 +972,13 @@ static struct dmi_system_id __initdata ec_dmi_table[] = {
1518 - {
1519 - ec_validate_ecdt, "ASUS hardware", {
1520 - DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer Inc.") }, NULL},
1521 -+ {
1522 -+ ec_enlarge_storm_threshold, "CLEVO hardware", {
1523 -+ DMI_MATCH(DMI_SYS_VENDOR, "CLEVO Co."),
1524 -+ DMI_MATCH(DMI_PRODUCT_NAME, "M720T/M730T"),}, NULL},
1525 - {},
1526 - };
1527 -
1528 --
1529 - int __init acpi_ec_ecdt_probe(void)
1530 - {
1531 - acpi_status status;
1532 -diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
1533 -index 817f0ee..4dc8024 100644
1534 ---- a/drivers/char/tpm/tpm.c
1535 -+++ b/drivers/char/tpm/tpm.c
1536 -@@ -1186,17 +1186,20 @@ ssize_t tpm_write(struct file *file, const char __user *buf,
1537 - size_t size, loff_t *off)
1538 - {
1539 - struct tpm_chip *chip = file->private_data;
1540 -- size_t in_size = size, out_size;
1541 -+ size_t in_size = size;
1542 -+ ssize_t out_size;
1543 -
1544 - /* cannot perform a write until the read has cleared
1545 -- either via tpm_read or a user_read_timer timeout */
1546 -- while (atomic_read(&chip->data_pending) != 0)
1547 -- msleep(TPM_TIMEOUT);
1548 --
1549 -- mutex_lock(&chip->buffer_mutex);
1550 -+ either via tpm_read or a user_read_timer timeout.
1551 -+ This also prevents splitted buffered writes from blocking here.
1552 -+ */
1553 -+ if (atomic_read(&chip->data_pending) != 0)
1554 -+ return -EBUSY;
1555 -
1556 - if (in_size > TPM_BUFSIZE)
1557 -- in_size = TPM_BUFSIZE;
1558 -+ return -E2BIG;
1559 -+
1560 -+ mutex_lock(&chip->buffer_mutex);
1561 -
1562 - if (copy_from_user
1563 - (chip->data_buffer, (void __user *) buf, in_size)) {
1564 -@@ -1206,6 +1209,10 @@ ssize_t tpm_write(struct file *file, const char __user *buf,
1565 -
1566 - /* atomic tpm command send and result receive */
1567 - out_size = tpm_transmit(chip, chip->data_buffer, TPM_BUFSIZE);
1568 -+ if (out_size < 0) {
1569 -+ mutex_unlock(&chip->buffer_mutex);
1570 -+ return out_size;
1571 -+ }
1572 -
1573 - atomic_set(&chip->data_pending, out_size);
1574 - mutex_unlock(&chip->buffer_mutex);
1575 -diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
1576 -index 2783f69..f8d2287 100644
1577 ---- a/drivers/firewire/core-cdev.c
1578 -+++ b/drivers/firewire/core-cdev.c
1579 -@@ -473,8 +473,8 @@ static int ioctl_get_info(struct client *client, union ioctl_arg *arg)
1580 - client->bus_reset_closure = a->bus_reset_closure;
1581 - if (a->bus_reset != 0) {
1582 - fill_bus_reset_event(&bus_reset, client);
1583 -- ret = copy_to_user(u64_to_uptr(a->bus_reset),
1584 -- &bus_reset, sizeof(bus_reset));
1585 -+ /* unaligned size of bus_reset is 36 bytes */
1586 -+ ret = copy_to_user(u64_to_uptr(a->bus_reset), &bus_reset, 36);
1587 - }
1588 - if (ret == 0 && list_empty(&client->link))
1589 - list_add_tail(&client->link, &client->device->client_list);
1590 -diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
1591 -index 274d25d..97d4f4b 100644
1592 ---- a/drivers/gpu/drm/i915/i915_gem.c
1593 -+++ b/drivers/gpu/drm/i915/i915_gem.c
1594 -@@ -3893,7 +3893,6 @@ i915_gem_entervt_ioctl(struct drm_device *dev, void *data,
1595 -
1596 - BUG_ON(!list_empty(&dev_priv->mm.active_list));
1597 - BUG_ON(!list_empty(&dev_priv->mm.flushing_list));
1598 -- BUG_ON(!list_empty(&dev_priv->mm.inactive_list));
1599 - mutex_unlock(&dev->struct_mutex);
1600 -
1601 - ret = drm_irq_install(dev);
1602 -diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h
1603 -index a3e53c5..f02cfad 100644
1604 ---- a/drivers/gpu/drm/i915/i915_reg.h
1605 -+++ b/drivers/gpu/drm/i915/i915_reg.h
1606 -@@ -513,7 +513,7 @@
1607 - */
1608 - # define _3D_CHICKEN2_WM_READ_PIPELINED (1 << 14)
1609 - #define _3D_CHICKEN3 0x02090
1610 --#define _3D_CHICKEN_SF_DISABLE_FASTCLIP_CULL (1 << 5)
1611 -+#define _3D_CHICKEN3_SF_DISABLE_FASTCLIP_CULL (1 << 5)
1612 -
1613 - #define MI_MODE 0x0209c
1614 - # define VS_TIMER_DISPATCH (1 << 6)
1615 -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
1616 -index 0c7f4aa..b634f6f 100644
1617 ---- a/drivers/gpu/drm/i915/intel_display.c
1618 -+++ b/drivers/gpu/drm/i915/intel_display.c
1619 -@@ -4351,7 +4351,7 @@ static int i9xx_crtc_mode_set(struct drm_crtc *crtc,
1620 - /* default to 8bpc */
1621 - pipeconf &= ~(PIPECONF_BPP_MASK | PIPECONF_DITHER_EN);
1622 - if (is_dp) {
1623 -- if (mode->private_flags & INTEL_MODE_DP_FORCE_6BPC) {
1624 -+ if (adjusted_mode->private_flags & INTEL_MODE_DP_FORCE_6BPC) {
1625 - pipeconf |= PIPECONF_BPP_6 |
1626 - PIPECONF_DITHER_EN |
1627 - PIPECONF_DITHER_TYPE_SP;
1628 -@@ -4705,7 +4705,7 @@ static int ironlake_crtc_mode_set(struct drm_crtc *crtc,
1629 - /* determine panel color depth */
1630 - temp = I915_READ(PIPECONF(pipe));
1631 - temp &= ~PIPE_BPC_MASK;
1632 -- dither = intel_choose_pipe_bpp_dither(crtc, &pipe_bpp, mode);
1633 -+ dither = intel_choose_pipe_bpp_dither(crtc, &pipe_bpp, adjusted_mode);
1634 - switch (pipe_bpp) {
1635 - case 18:
1636 - temp |= PIPE_6BPC;
1637 -diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c
1638 -index 8c73fae..c23c9ea 100644
1639 ---- a/drivers/gpu/drm/i915/intel_pm.c
1640 -+++ b/drivers/gpu/drm/i915/intel_pm.c
1641 -@@ -3355,8 +3355,8 @@ static void gen6_init_clock_gating(struct drm_device *dev)
1642 - GEN6_RCCUNIT_CLOCK_GATE_DISABLE);
1643 -
1644 - /* Bspec says we need to always set all mask bits. */
1645 -- I915_WRITE(_3D_CHICKEN, (0xFFFF << 16) |
1646 -- _3D_CHICKEN_SF_DISABLE_FASTCLIP_CULL);
1647 -+ I915_WRITE(_3D_CHICKEN3, (0xFFFF << 16) |
1648 -+ _3D_CHICKEN3_SF_DISABLE_FASTCLIP_CULL);
1649 -
1650 - /*
1651 - * According to the spec the following bits should be
1652 -diff --git a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
1653 -index 670e991..d16f50f 100644
1654 ---- a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
1655 -+++ b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c
1656 -@@ -974,11 +974,7 @@ static void radeon_legacy_tmds_ext_mode_set(struct drm_encoder *encoder,
1657 - static void radeon_ext_tmds_enc_destroy(struct drm_encoder *encoder)
1658 - {
1659 - struct radeon_encoder *radeon_encoder = to_radeon_encoder(encoder);
1660 -- struct radeon_encoder_ext_tmds *tmds = radeon_encoder->enc_priv;
1661 -- if (tmds) {
1662 -- if (tmds->i2c_bus)
1663 -- radeon_i2c_destroy(tmds->i2c_bus);
1664 -- }
1665 -+ /* don't destroy the i2c bus record here, this will be done in radeon_i2c_fini */
1666 - kfree(radeon_encoder->enc_priv);
1667 - drm_encoder_cleanup(encoder);
1668 - kfree(radeon_encoder);
1669 -diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
1670 -index 0138a72..a48c215 100644
1671 ---- a/drivers/md/raid10.c
1672 -+++ b/drivers/md/raid10.c
1673 -@@ -3158,7 +3158,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
1674 - else {
1675 - bad_sectors -= (sector - first_bad);
1676 - if (max_sync > bad_sectors)
1677 -- max_sync = max_sync;
1678 -+ max_sync = bad_sectors;
1679 - continue;
1680 - }
1681 - }
1682 -diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
1683 -index a11253a..c429abd 100644
1684 ---- a/drivers/mtd/nand/nand_base.c
1685 -+++ b/drivers/mtd/nand/nand_base.c
1686 -@@ -2914,8 +2914,7 @@ static int nand_flash_detect_onfi(struct mtd_info *mtd, struct nand_chip *chip,
1687 - if (le16_to_cpu(p->features) & 1)
1688 - *busw = NAND_BUSWIDTH_16;
1689 -
1690 -- chip->options &= ~NAND_CHIPOPTIONS_MSK;
1691 -- chip->options |= NAND_NO_READRDY & NAND_CHIPOPTIONS_MSK;
1692 -+ chip->options |= NAND_NO_READRDY;
1693 -
1694 - pr_info("ONFI flash detected\n");
1695 - return 1;
1696 -@@ -3080,9 +3079,8 @@ static struct nand_flash_dev *nand_get_flash_type(struct mtd_info *mtd,
1697 - mtd->erasesize <<= ((id_data[3] & 0x03) << 1);
1698 - }
1699 - }
1700 -- /* Get chip options, preserve non chip based options */
1701 -- chip->options &= ~NAND_CHIPOPTIONS_MSK;
1702 -- chip->options |= type->options & NAND_CHIPOPTIONS_MSK;
1703 -+ /* Get chip options */
1704 -+ chip->options |= type->options;
1705 -
1706 - /*
1707 - * Check if chip is not a Samsung device. Do not clear the
1708 -diff --git a/drivers/net/ethernet/intel/e1000e/e1000.h b/drivers/net/ethernet/intel/e1000e/e1000.h
1709 -index cb3356c..04668b4 100644
1710 ---- a/drivers/net/ethernet/intel/e1000e/e1000.h
1711 -+++ b/drivers/net/ethernet/intel/e1000e/e1000.h
1712 -@@ -175,13 +175,13 @@ struct e1000_info;
1713 - /*
1714 - * in the case of WTHRESH, it appears at least the 82571/2 hardware
1715 - * writes back 4 descriptors when WTHRESH=5, and 3 descriptors when
1716 -- * WTHRESH=4, and since we want 64 bytes at a time written back, set
1717 -- * it to 5
1718 -+ * WTHRESH=4, so a setting of 5 gives the most efficient bus
1719 -+ * utilization but to avoid possible Tx stalls, set it to 1
1720 - */
1721 - #define E1000_TXDCTL_DMA_BURST_ENABLE \
1722 - (E1000_TXDCTL_GRAN | /* set descriptor granularity */ \
1723 - E1000_TXDCTL_COUNT_DESC | \
1724 -- (5 << 16) | /* wthresh must be +1 more than desired */\
1725 -+ (1 << 16) | /* wthresh must be +1 more than desired */\
1726 - (1 << 8) | /* hthresh */ \
1727 - 0x1f) /* pthresh */
1728 -
1729 -diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
1730 -index d01a099..a46e75e 100644
1731 ---- a/drivers/net/ethernet/intel/e1000e/netdev.c
1732 -+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
1733 -@@ -2831,7 +2831,7 @@ static void e1000_configure_tx(struct e1000_adapter *adapter)
1734 - * set up some performance related parameters to encourage the
1735 - * hardware to use the bus more efficiently in bursts, depends
1736 - * on the tx_int_delay to be enabled,
1737 -- * wthresh = 5 ==> burst write a cacheline (64 bytes) at a time
1738 -+ * wthresh = 1 ==> burst write is disabled to avoid Tx stalls
1739 - * hthresh = 1 ==> prefetch when one or more available
1740 - * pthresh = 0x1f ==> prefetch if internal cache 31 or less
1741 - * BEWARE: this seems to work but should be considered first if
1742 -diff --git a/drivers/net/usb/mcs7830.c b/drivers/net/usb/mcs7830.c
1743 -index 03c2d8d..cc7e720 100644
1744 ---- a/drivers/net/usb/mcs7830.c
1745 -+++ b/drivers/net/usb/mcs7830.c
1746 -@@ -117,6 +117,7 @@ enum {
1747 - struct mcs7830_data {
1748 - u8 multi_filter[8];
1749 - u8 config;
1750 -+ u8 link_counter;
1751 - };
1752 -
1753 - static const char driver_name[] = "MOSCHIP usb-ethernet driver";
1754 -@@ -632,20 +633,31 @@ static int mcs7830_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
1755 - static void mcs7830_status(struct usbnet *dev, struct urb *urb)
1756 - {
1757 - u8 *buf = urb->transfer_buffer;
1758 -- bool link;
1759 -+ bool link, link_changed;
1760 -+ struct mcs7830_data *data = mcs7830_get_data(dev);
1761 -
1762 - if (urb->actual_length < 16)
1763 - return;
1764 -
1765 - link = !(buf[1] & 0x20);
1766 -- if (netif_carrier_ok(dev->net) != link) {
1767 -- if (link) {
1768 -- netif_carrier_on(dev->net);
1769 -- usbnet_defer_kevent(dev, EVENT_LINK_RESET);
1770 -- } else
1771 -- netif_carrier_off(dev->net);
1772 -- netdev_dbg(dev->net, "Link Status is: %d\n", link);
1773 -- }
1774 -+ link_changed = netif_carrier_ok(dev->net) != link;
1775 -+ if (link_changed) {
1776 -+ data->link_counter++;
1777 -+ /*
1778 -+ track link state 20 times to guard against erroneous
1779 -+ link state changes reported sometimes by the chip
1780 -+ */
1781 -+ if (data->link_counter > 20) {
1782 -+ data->link_counter = 0;
1783 -+ if (link) {
1784 -+ netif_carrier_on(dev->net);
1785 -+ usbnet_defer_kevent(dev, EVENT_LINK_RESET);
1786 -+ } else
1787 -+ netif_carrier_off(dev->net);
1788 -+ netdev_dbg(dev->net, "Link Status is: %d\n", link);
1789 -+ }
1790 -+ } else
1791 -+ data->link_counter = 0;
1792 - }
1793 -
1794 - static const struct driver_info moschip_info = {
1795 -diff --git a/drivers/net/wireless/ath/ath9k/beacon.c b/drivers/net/wireless/ath/ath9k/beacon.c
1796 -index 76f07d8..1b48414 100644
1797 ---- a/drivers/net/wireless/ath/ath9k/beacon.c
1798 -+++ b/drivers/net/wireless/ath/ath9k/beacon.c
1799 -@@ -120,7 +120,7 @@ static void ath9k_tx_cabq(struct ieee80211_hw *hw, struct sk_buff *skb)
1800 -
1801 - if (ath_tx_start(hw, skb, &txctl) != 0) {
1802 - ath_dbg(common, XMIT, "CABQ TX failed\n");
1803 -- dev_kfree_skb_any(skb);
1804 -+ ieee80211_free_txskb(hw, skb);
1805 - }
1806 - }
1807 -
1808 -diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
1809 -index a22df74..61e08e6 100644
1810 ---- a/drivers/net/wireless/ath/ath9k/main.c
1811 -+++ b/drivers/net/wireless/ath/ath9k/main.c
1812 -@@ -767,7 +767,7 @@ static void ath9k_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
1813 -
1814 - return;
1815 - exit:
1816 -- dev_kfree_skb_any(skb);
1817 -+ ieee80211_free_txskb(hw, skb);
1818 - }
1819 -
1820 - static void ath9k_stop(struct ieee80211_hw *hw)
1821 -diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c
1822 -index 0d4155a..423a9f3 100644
1823 ---- a/drivers/net/wireless/ath/ath9k/xmit.c
1824 -+++ b/drivers/net/wireless/ath/ath9k/xmit.c
1825 -@@ -66,8 +66,7 @@ static void ath_tx_update_baw(struct ath_softc *sc, struct ath_atx_tid *tid,
1826 - static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
1827 - struct ath_txq *txq,
1828 - struct ath_atx_tid *tid,
1829 -- struct sk_buff *skb,
1830 -- bool dequeue);
1831 -+ struct sk_buff *skb);
1832 -
1833 - enum {
1834 - MCS_HT20,
1835 -@@ -176,7 +175,15 @@ static void ath_tx_flush_tid(struct ath_softc *sc, struct ath_atx_tid *tid)
1836 - fi = get_frame_info(skb);
1837 - bf = fi->bf;
1838 -
1839 -- if (bf && fi->retries) {
1840 -+ if (!bf) {
1841 -+ bf = ath_tx_setup_buffer(sc, txq, tid, skb);
1842 -+ if (!bf) {
1843 -+ ieee80211_free_txskb(sc->hw, skb);
1844 -+ continue;
1845 -+ }
1846 -+ }
1847 -+
1848 -+ if (fi->retries) {
1849 - list_add_tail(&bf->list, &bf_head);
1850 - ath_tx_update_baw(sc, tid, bf->bf_state.seqno);
1851 - ath_tx_complete_buf(sc, bf, txq, &bf_head, &ts, 0);
1852 -@@ -785,10 +792,13 @@ static enum ATH_AGGR_STATUS ath_tx_form_aggr(struct ath_softc *sc,
1853 - fi = get_frame_info(skb);
1854 - bf = fi->bf;
1855 - if (!fi->bf)
1856 -- bf = ath_tx_setup_buffer(sc, txq, tid, skb, true);
1857 -+ bf = ath_tx_setup_buffer(sc, txq, tid, skb);
1858 -
1859 -- if (!bf)
1860 -+ if (!bf) {
1861 -+ __skb_unlink(skb, &tid->buf_q);
1862 -+ ieee80211_free_txskb(sc->hw, skb);
1863 - continue;
1864 -+ }
1865 -
1866 - bf->bf_state.bf_type = BUF_AMPDU | BUF_AGGR;
1867 - seqno = bf->bf_state.seqno;
1868 -@@ -1731,9 +1741,11 @@ static void ath_tx_send_ampdu(struct ath_softc *sc, struct ath_atx_tid *tid,
1869 - return;
1870 - }
1871 -
1872 -- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb, false);
1873 -- if (!bf)
1874 -+ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb);
1875 -+ if (!bf) {
1876 -+ ieee80211_free_txskb(sc->hw, skb);
1877 - return;
1878 -+ }
1879 -
1880 - bf->bf_state.bf_type = BUF_AMPDU;
1881 - INIT_LIST_HEAD(&bf_head);
1882 -@@ -1757,11 +1769,6 @@ static void ath_tx_send_normal(struct ath_softc *sc, struct ath_txq *txq,
1883 - struct ath_buf *bf;
1884 -
1885 - bf = fi->bf;
1886 -- if (!bf)
1887 -- bf = ath_tx_setup_buffer(sc, txq, tid, skb, false);
1888 --
1889 -- if (!bf)
1890 -- return;
1891 -
1892 - INIT_LIST_HEAD(&bf_head);
1893 - list_add_tail(&bf->list, &bf_head);
1894 -@@ -1834,8 +1841,7 @@ u8 ath_txchainmask_reduction(struct ath_softc *sc, u8 chainmask, u32 rate)
1895 - static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
1896 - struct ath_txq *txq,
1897 - struct ath_atx_tid *tid,
1898 -- struct sk_buff *skb,
1899 -- bool dequeue)
1900 -+ struct sk_buff *skb)
1901 - {
1902 - struct ath_common *common = ath9k_hw_common(sc->sc_ah);
1903 - struct ath_frame_info *fi = get_frame_info(skb);
1904 -@@ -1847,7 +1853,7 @@ static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
1905 - bf = ath_tx_get_buffer(sc);
1906 - if (!bf) {
1907 - ath_dbg(common, XMIT, "TX buffers are full\n");
1908 -- goto error;
1909 -+ return NULL;
1910 - }
1911 -
1912 - ATH_TXBUF_RESET(bf);
1913 -@@ -1876,18 +1882,12 @@ static struct ath_buf *ath_tx_setup_buffer(struct ath_softc *sc,
1914 - ath_err(ath9k_hw_common(sc->sc_ah),
1915 - "dma_mapping_error() on TX\n");
1916 - ath_tx_return_buffer(sc, bf);
1917 -- goto error;
1918 -+ return NULL;
1919 - }
1920 -
1921 - fi->bf = bf;
1922 -
1923 - return bf;
1924 --
1925 --error:
1926 -- if (dequeue)
1927 -- __skb_unlink(skb, &tid->buf_q);
1928 -- dev_kfree_skb_any(skb);
1929 -- return NULL;
1930 - }
1931 -
1932 - /* FIXME: tx power */
1933 -@@ -1916,9 +1916,14 @@ static void ath_tx_start_dma(struct ath_softc *sc, struct sk_buff *skb,
1934 - */
1935 - ath_tx_send_ampdu(sc, tid, skb, txctl);
1936 - } else {
1937 -- bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb, false);
1938 -- if (!bf)
1939 -+ bf = ath_tx_setup_buffer(sc, txctl->txq, tid, skb);
1940 -+ if (!bf) {
1941 -+ if (txctl->paprd)
1942 -+ dev_kfree_skb_any(skb);
1943 -+ else
1944 -+ ieee80211_free_txskb(sc->hw, skb);
1945 - return;
1946 -+ }
1947 -
1948 - bf->bf_state.bfs_paprd = txctl->paprd;
1949 -
1950 -diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
1951 -index 5b30132..41b74ba 100644
1952 ---- a/drivers/scsi/qla2xxx/qla_target.c
1953 -+++ b/drivers/scsi/qla2xxx/qla_target.c
1954 -@@ -1403,7 +1403,7 @@ static void qlt_24xx_send_task_mgmt_ctio(struct scsi_qla_host *ha,
1955 - ctio->u.status1.scsi_status =
1956 - __constant_cpu_to_le16(SS_RESPONSE_INFO_LEN_VALID);
1957 - ctio->u.status1.response_len = __constant_cpu_to_le16(8);
1958 -- ((uint32_t *)ctio->u.status1.sense_data)[0] = cpu_to_be32(resp_code);
1959 -+ ctio->u.status1.sense_data[0] = resp_code;
1960 -
1961 - qla2x00_start_iocbs(ha, ha->req);
1962 - }
1963 -diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
1964 -index 182d5a5..f4cc413 100644
1965 ---- a/drivers/scsi/scsi_debug.c
1966 -+++ b/drivers/scsi/scsi_debug.c
1967 -@@ -2054,7 +2054,7 @@ static void unmap_region(sector_t lba, unsigned int len)
1968 - block = lba + alignment;
1969 - rem = do_div(block, granularity);
1970 -
1971 -- if (rem == 0 && lba + granularity <= end && block < map_size) {
1972 -+ if (rem == 0 && lba + granularity < end && block < map_size) {
1973 - clear_bit(block, map_storep);
1974 - if (scsi_debug_lbprz)
1975 - memset(fake_storep +
1976 -diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
1977 -index 528d52b..0144078 100644
1978 ---- a/drivers/scsi/storvsc_drv.c
1979 -+++ b/drivers/scsi/storvsc_drv.c
1980 -@@ -1221,7 +1221,12 @@ static int storvsc_host_reset_handler(struct scsi_cmnd *scmnd)
1981 - /*
1982 - * At this point, all outstanding requests in the adapter
1983 - * should have been flushed out and return to us
1984 -+ * There is a potential race here where the host may be in
1985 -+ * the process of responding when we return from here.
1986 -+ * Just wait for all in-transit packets to be accounted for
1987 -+ * before we return from here.
1988 - */
1989 -+ storvsc_wait_to_drain(stor_device);
1990 -
1991 - return SUCCESS;
1992 - }
1993 -diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
1994 -index 3e79a2f..7554d78 100644
1995 ---- a/drivers/scsi/virtio_scsi.c
1996 -+++ b/drivers/scsi/virtio_scsi.c
1997 -@@ -219,7 +219,7 @@ static int virtscsi_kick_event(struct virtio_scsi *vscsi,
1998 - struct scatterlist sg;
1999 - unsigned long flags;
2000 -
2001 -- sg_set_buf(&sg, &event_node->event, sizeof(struct virtio_scsi_event));
2002 -+ sg_init_one(&sg, &event_node->event, sizeof(struct virtio_scsi_event));
2003 -
2004 - spin_lock_irqsave(&vscsi->event_vq.vq_lock, flags);
2005 -
2006 -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
2007 -index 97c0f78..dd4fce2 100644
2008 ---- a/drivers/target/iscsi/iscsi_target.c
2009 -+++ b/drivers/target/iscsi/iscsi_target.c
2010 -@@ -3271,7 +3271,6 @@ static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd)
2011 - len += 1;
2012 -
2013 - if ((len + payload_len) > buffer_len) {
2014 -- spin_unlock(&tiqn->tiqn_tpg_lock);
2015 - end_of_buf = 1;
2016 - goto eob;
2017 - }
2018 -@@ -3424,6 +3423,7 @@ static int iscsit_send_reject(
2019 - hdr->opcode = ISCSI_OP_REJECT;
2020 - hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2021 - hton24(hdr->dlength, ISCSI_HDR_LEN);
2022 -+ hdr->ffffffff = 0xffffffff;
2023 - cmd->stat_sn = conn->stat_sn++;
2024 - hdr->statsn = cpu_to_be32(cmd->stat_sn);
2025 - hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2026 -diff --git a/drivers/target/iscsi/iscsi_target_core.h b/drivers/target/iscsi/iscsi_target_core.h
2027 -index 8a908b2..a90294f 100644
2028 ---- a/drivers/target/iscsi/iscsi_target_core.h
2029 -+++ b/drivers/target/iscsi/iscsi_target_core.h
2030 -@@ -25,10 +25,10 @@
2031 - #define NA_DATAOUT_TIMEOUT_RETRIES 5
2032 - #define NA_DATAOUT_TIMEOUT_RETRIES_MAX 15
2033 - #define NA_DATAOUT_TIMEOUT_RETRIES_MIN 1
2034 --#define NA_NOPIN_TIMEOUT 5
2035 -+#define NA_NOPIN_TIMEOUT 15
2036 - #define NA_NOPIN_TIMEOUT_MAX 60
2037 - #define NA_NOPIN_TIMEOUT_MIN 3
2038 --#define NA_NOPIN_RESPONSE_TIMEOUT 5
2039 -+#define NA_NOPIN_RESPONSE_TIMEOUT 30
2040 - #define NA_NOPIN_RESPONSE_TIMEOUT_MAX 60
2041 - #define NA_NOPIN_RESPONSE_TIMEOUT_MIN 3
2042 - #define NA_RANDOM_DATAIN_PDU_OFFSETS 0
2043 -diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c
2044 -index a38a3f8..de9ea32 100644
2045 ---- a/drivers/target/iscsi/iscsi_target_tpg.c
2046 -+++ b/drivers/target/iscsi/iscsi_target_tpg.c
2047 -@@ -677,6 +677,12 @@ int iscsit_ta_generate_node_acls(
2048 - pr_debug("iSCSI_TPG[%hu] - Generate Initiator Portal Group ACLs: %s\n",
2049 - tpg->tpgt, (a->generate_node_acls) ? "Enabled" : "Disabled");
2050 -
2051 -+ if (flag == 1 && a->cache_dynamic_acls == 0) {
2052 -+ pr_debug("Explicitly setting cache_dynamic_acls=1 when "
2053 -+ "generate_node_acls=1\n");
2054 -+ a->cache_dynamic_acls = 1;
2055 -+ }
2056 -+
2057 - return 0;
2058 - }
2059 -
2060 -@@ -716,6 +722,12 @@ int iscsit_ta_cache_dynamic_acls(
2061 - return -EINVAL;
2062 - }
2063 -
2064 -+ if (a->generate_node_acls == 1 && flag == 0) {
2065 -+ pr_debug("Skipping cache_dynamic_acls=0 when"
2066 -+ " generate_node_acls=1\n");
2067 -+ return 0;
2068 -+ }
2069 -+
2070 - a->cache_dynamic_acls = flag;
2071 - pr_debug("iSCSI_TPG[%hu] - Cache Dynamic Initiator Portal Group"
2072 - " ACLs %s\n", tpg->tpgt, (a->cache_dynamic_acls) ?
2073 -diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
2074 -index 801efa8..06aca11 100644
2075 ---- a/drivers/target/target_core_configfs.c
2076 -+++ b/drivers/target/target_core_configfs.c
2077 -@@ -3132,6 +3132,7 @@ static int __init target_core_init_configfs(void)
2078 - GFP_KERNEL);
2079 - if (!target_cg->default_groups) {
2080 - pr_err("Unable to allocate target_cg->default_groups\n");
2081 -+ ret = -ENOMEM;
2082 - goto out_global;
2083 - }
2084 -
2085 -@@ -3147,6 +3148,7 @@ static int __init target_core_init_configfs(void)
2086 - GFP_KERNEL);
2087 - if (!hba_cg->default_groups) {
2088 - pr_err("Unable to allocate hba_cg->default_groups\n");
2089 -+ ret = -ENOMEM;
2090 - goto out_global;
2091 - }
2092 - config_group_init_type_name(&alua_group,
2093 -@@ -3162,6 +3164,7 @@ static int __init target_core_init_configfs(void)
2094 - GFP_KERNEL);
2095 - if (!alua_cg->default_groups) {
2096 - pr_err("Unable to allocate alua_cg->default_groups\n");
2097 -+ ret = -ENOMEM;
2098 - goto out_global;
2099 - }
2100 -
2101 -@@ -3173,14 +3176,17 @@ static int __init target_core_init_configfs(void)
2102 - * Add core/alua/lu_gps/default_lu_gp
2103 - */
2104 - lu_gp = core_alua_allocate_lu_gp("default_lu_gp", 1);
2105 -- if (IS_ERR(lu_gp))
2106 -+ if (IS_ERR(lu_gp)) {
2107 -+ ret = -ENOMEM;
2108 - goto out_global;
2109 -+ }
2110 -
2111 - lu_gp_cg = &alua_lu_gps_group;
2112 - lu_gp_cg->default_groups = kzalloc(sizeof(struct config_group) * 2,
2113 - GFP_KERNEL);
2114 - if (!lu_gp_cg->default_groups) {
2115 - pr_err("Unable to allocate lu_gp_cg->default_groups\n");
2116 -+ ret = -ENOMEM;
2117 - goto out_global;
2118 - }
2119 -
2120 -diff --git a/drivers/target/target_core_file.c b/drivers/target/target_core_file.c
2121 -index cbb5aaf..5c5ed7a 100644
2122 ---- a/drivers/target/target_core_file.c
2123 -+++ b/drivers/target/target_core_file.c
2124 -@@ -125,6 +125,19 @@ static struct se_device *fd_create_virtdevice(
2125 - * of pure timestamp updates.
2126 - */
2127 - flags = O_RDWR | O_CREAT | O_LARGEFILE | O_DSYNC;
2128 -+ /*
2129 -+ * Optionally allow fd_buffered_io=1 to be enabled for people
2130 -+ * who want use the fs buffer cache as an WriteCache mechanism.
2131 -+ *
2132 -+ * This means that in event of a hard failure, there is a risk
2133 -+ * of silent data-loss if the SCSI client has *not* performed a
2134 -+ * forced unit access (FUA) write, or issued SYNCHRONIZE_CACHE
2135 -+ * to write-out the entire device cache.
2136 -+ */
2137 -+ if (fd_dev->fbd_flags & FDBD_HAS_BUFFERED_IO_WCE) {
2138 -+ pr_debug("FILEIO: Disabling O_DSYNC, using buffered FILEIO\n");
2139 -+ flags &= ~O_DSYNC;
2140 -+ }
2141 -
2142 - file = filp_open(fd_dev->fd_dev_name, flags, 0600);
2143 - if (IS_ERR(file)) {
2144 -@@ -188,6 +201,12 @@ static struct se_device *fd_create_virtdevice(
2145 - if (!dev)
2146 - goto fail;
2147 -
2148 -+ if (fd_dev->fbd_flags & FDBD_HAS_BUFFERED_IO_WCE) {
2149 -+ pr_debug("FILEIO: Forcing setting of emulate_write_cache=1"
2150 -+ " with FDBD_HAS_BUFFERED_IO_WCE\n");
2151 -+ dev->se_sub_dev->se_dev_attrib.emulate_write_cache = 1;
2152 -+ }
2153 -+
2154 - fd_dev->fd_dev_id = fd_host->fd_host_dev_id_count++;
2155 - fd_dev->fd_queue_depth = dev->queue_depth;
2156 -
2157 -@@ -407,6 +426,7 @@ enum {
2158 - static match_table_t tokens = {
2159 - {Opt_fd_dev_name, "fd_dev_name=%s"},
2160 - {Opt_fd_dev_size, "fd_dev_size=%s"},
2161 -+ {Opt_fd_buffered_io, "fd_buffered_io=%d"},
2162 - {Opt_err, NULL}
2163 - };
2164 -
2165 -@@ -418,7 +438,7 @@ static ssize_t fd_set_configfs_dev_params(
2166 - struct fd_dev *fd_dev = se_dev->se_dev_su_ptr;
2167 - char *orig, *ptr, *arg_p, *opts;
2168 - substring_t args[MAX_OPT_ARGS];
2169 -- int ret = 0, token;
2170 -+ int ret = 0, arg, token;
2171 -
2172 - opts = kstrdup(page, GFP_KERNEL);
2173 - if (!opts)
2174 -@@ -459,6 +479,19 @@ static ssize_t fd_set_configfs_dev_params(
2175 - " bytes\n", fd_dev->fd_dev_size);
2176 - fd_dev->fbd_flags |= FBDF_HAS_SIZE;
2177 - break;
2178 -+ case Opt_fd_buffered_io:
2179 -+ match_int(args, &arg);
2180 -+ if (arg != 1) {
2181 -+ pr_err("bogus fd_buffered_io=%d value\n", arg);
2182 -+ ret = -EINVAL;
2183 -+ goto out;
2184 -+ }
2185 -+
2186 -+ pr_debug("FILEIO: Using buffered I/O"
2187 -+ " operations for struct fd_dev\n");
2188 -+
2189 -+ fd_dev->fbd_flags |= FDBD_HAS_BUFFERED_IO_WCE;
2190 -+ break;
2191 - default:
2192 - break;
2193 - }
2194 -@@ -490,8 +523,10 @@ static ssize_t fd_show_configfs_dev_params(
2195 - ssize_t bl = 0;
2196 -
2197 - bl = sprintf(b + bl, "TCM FILEIO ID: %u", fd_dev->fd_dev_id);
2198 -- bl += sprintf(b + bl, " File: %s Size: %llu Mode: O_DSYNC\n",
2199 -- fd_dev->fd_dev_name, fd_dev->fd_dev_size);
2200 -+ bl += sprintf(b + bl, " File: %s Size: %llu Mode: %s\n",
2201 -+ fd_dev->fd_dev_name, fd_dev->fd_dev_size,
2202 -+ (fd_dev->fbd_flags & FDBD_HAS_BUFFERED_IO_WCE) ?
2203 -+ "Buffered-WCE" : "O_DSYNC");
2204 - return bl;
2205 - }
2206 -
2207 -diff --git a/drivers/target/target_core_file.h b/drivers/target/target_core_file.h
2208 -index 70ce7fd..876ae53 100644
2209 ---- a/drivers/target/target_core_file.h
2210 -+++ b/drivers/target/target_core_file.h
2211 -@@ -14,6 +14,7 @@
2212 -
2213 - #define FBDF_HAS_PATH 0x01
2214 - #define FBDF_HAS_SIZE 0x02
2215 -+#define FDBD_HAS_BUFFERED_IO_WCE 0x04
2216 -
2217 - struct fd_dev {
2218 - u32 fbd_flags;
2219 -diff --git a/drivers/target/target_core_spc.c b/drivers/target/target_core_spc.c
2220 -index 388a922..9229bd9 100644
2221 ---- a/drivers/target/target_core_spc.c
2222 -+++ b/drivers/target/target_core_spc.c
2223 -@@ -600,30 +600,11 @@ static int spc_emulate_inquiry(struct se_cmd *cmd)
2224 - {
2225 - struct se_device *dev = cmd->se_dev;
2226 - struct se_portal_group *tpg = cmd->se_lun->lun_sep->sep_tpg;
2227 -- unsigned char *buf, *map_buf;
2228 -+ unsigned char *rbuf;
2229 - unsigned char *cdb = cmd->t_task_cdb;
2230 -+ unsigned char buf[SE_INQUIRY_BUF];
2231 - int p, ret;
2232 -
2233 -- map_buf = transport_kmap_data_sg(cmd);
2234 -- /*
2235 -- * If SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is not set, then we
2236 -- * know we actually allocated a full page. Otherwise, if the
2237 -- * data buffer is too small, allocate a temporary buffer so we
2238 -- * don't have to worry about overruns in all our INQUIRY
2239 -- * emulation handling.
2240 -- */
2241 -- if (cmd->data_length < SE_INQUIRY_BUF &&
2242 -- (cmd->se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC)) {
2243 -- buf = kzalloc(SE_INQUIRY_BUF, GFP_KERNEL);
2244 -- if (!buf) {
2245 -- transport_kunmap_data_sg(cmd);
2246 -- cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
2247 -- return -ENOMEM;
2248 -- }
2249 -- } else {
2250 -- buf = map_buf;
2251 -- }
2252 --
2253 - if (dev == tpg->tpg_virt_lun0.lun_se_dev)
2254 - buf[0] = 0x3f; /* Not connected */
2255 - else
2256 -@@ -655,11 +636,11 @@ static int spc_emulate_inquiry(struct se_cmd *cmd)
2257 - ret = -EINVAL;
2258 -
2259 - out:
2260 -- if (buf != map_buf) {
2261 -- memcpy(map_buf, buf, cmd->data_length);
2262 -- kfree(buf);
2263 -+ rbuf = transport_kmap_data_sg(cmd);
2264 -+ if (rbuf) {
2265 -+ memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
2266 -+ transport_kunmap_data_sg(cmd);
2267 - }
2268 -- transport_kunmap_data_sg(cmd);
2269 -
2270 - if (!ret)
2271 - target_complete_cmd(cmd, GOOD);
2272 -@@ -803,7 +784,7 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
2273 - unsigned char *rbuf;
2274 - int type = dev->transport->get_device_type(dev);
2275 - int ten = (cmd->t_task_cdb[0] == MODE_SENSE_10);
2276 -- int offset = ten ? 8 : 4;
2277 -+ u32 offset = ten ? 8 : 4;
2278 - int length = 0;
2279 - unsigned char buf[SE_MODE_PAGE_BUF];
2280 -
2281 -@@ -836,6 +817,7 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
2282 - offset -= 2;
2283 - buf[0] = (offset >> 8) & 0xff;
2284 - buf[1] = offset & 0xff;
2285 -+ offset += 2;
2286 -
2287 - if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||
2288 - (cmd->se_deve &&
2289 -@@ -845,13 +827,10 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
2290 - if ((dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0) &&
2291 - (dev->se_sub_dev->se_dev_attrib.emulate_fua_write > 0))
2292 - spc_modesense_dpofua(&buf[3], type);
2293 --
2294 -- if ((offset + 2) > cmd->data_length)
2295 -- offset = cmd->data_length;
2296 --
2297 - } else {
2298 - offset -= 1;
2299 - buf[0] = offset & 0xff;
2300 -+ offset += 1;
2301 -
2302 - if ((cmd->se_lun->lun_access & TRANSPORT_LUNFLAGS_READ_ONLY) ||
2303 - (cmd->se_deve &&
2304 -@@ -861,14 +840,13 @@ static int spc_emulate_modesense(struct se_cmd *cmd)
2305 - if ((dev->se_sub_dev->se_dev_attrib.emulate_write_cache > 0) &&
2306 - (dev->se_sub_dev->se_dev_attrib.emulate_fua_write > 0))
2307 - spc_modesense_dpofua(&buf[2], type);
2308 --
2309 -- if ((offset + 1) > cmd->data_length)
2310 -- offset = cmd->data_length;
2311 - }
2312 -
2313 - rbuf = transport_kmap_data_sg(cmd);
2314 -- memcpy(rbuf, buf, offset);
2315 -- transport_kunmap_data_sg(cmd);
2316 -+ if (rbuf) {
2317 -+ memcpy(rbuf, buf, min(offset, cmd->data_length));
2318 -+ transport_kunmap_data_sg(cmd);
2319 -+ }
2320 -
2321 - target_complete_cmd(cmd, GOOD);
2322 - return 0;
2323 -diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
2324 -index 84cbf29..a13f7e1 100644
2325 ---- a/drivers/tty/vt/vt.c
2326 -+++ b/drivers/tty/vt/vt.c
2327 -@@ -3475,6 +3475,19 @@ int con_debug_enter(struct vc_data *vc)
2328 - kdb_set(2, setargs);
2329 - }
2330 - }
2331 -+ if (vc->vc_cols < 999) {
2332 -+ int colcount;
2333 -+ char cols[4];
2334 -+ const char *setargs[3] = {
2335 -+ "set",
2336 -+ "COLUMNS",
2337 -+ cols,
2338 -+ };
2339 -+ if (kdbgetintenv(setargs[0], &colcount)) {
2340 -+ snprintf(cols, 4, "%i", vc->vc_cols);
2341 -+ kdb_set(2, setargs);
2342 -+ }
2343 -+ }
2344 - #endif /* CONFIG_KGDB_KDB */
2345 - return ret;
2346 - }
2347 -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
2348 -index f763ed7..e8007b8 100644
2349 ---- a/drivers/usb/class/cdc-acm.c
2350 -+++ b/drivers/usb/class/cdc-acm.c
2351 -@@ -1551,6 +1551,9 @@ static const struct usb_device_id acm_ids[] = {
2352 - Maybe we should define a new
2353 - quirk for this. */
2354 - },
2355 -+ { USB_DEVICE(0x0572, 0x1340), /* Conexant CX93010-2x UCMxx */
2356 -+ .driver_info = NO_UNION_NORMAL,
2357 -+ },
2358 - { USB_DEVICE(0x1bbb, 0x0003), /* Alcatel OT-I650 */
2359 - .driver_info = NO_UNION_NORMAL, /* reports zero length descriptor */
2360 - },
2361 -diff --git a/drivers/usb/gadget/at91_udc.c b/drivers/usb/gadget/at91_udc.c
2362 -index 1e35963..660fd53 100644
2363 ---- a/drivers/usb/gadget/at91_udc.c
2364 -+++ b/drivers/usb/gadget/at91_udc.c
2365 -@@ -1699,7 +1699,7 @@ static int __devinit at91udc_probe(struct platform_device *pdev)
2366 - int retval;
2367 - struct resource *res;
2368 -
2369 -- if (!dev->platform_data) {
2370 -+ if (!dev->platform_data && !pdev->dev.of_node) {
2371 - /* small (so we copy it) but critical! */
2372 - DBG("missing platform_data\n");
2373 - return -ENODEV;
2374 -diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c
2375 -index d8dedc7..3639371 100644
2376 ---- a/drivers/vfio/pci/vfio_pci_intrs.c
2377 -+++ b/drivers/vfio/pci/vfio_pci_intrs.c
2378 -@@ -366,6 +366,17 @@ static int vfio_intx_enable(struct vfio_pci_device *vdev)
2379 - return -ENOMEM;
2380 -
2381 - vdev->num_ctx = 1;
2382 -+
2383 -+ /*
2384 -+ * If the virtual interrupt is masked, restore it. Devices
2385 -+ * supporting DisINTx can be masked at the hardware level
2386 -+ * here, non-PCI-2.3 devices will have to wait until the
2387 -+ * interrupt is enabled.
2388 -+ */
2389 -+ vdev->ctx[0].masked = vdev->virq_disabled;
2390 -+ if (vdev->pci_2_3)
2391 -+ pci_intx(vdev->pdev, !vdev->ctx[0].masked);
2392 -+
2393 - vdev->irq_type = VFIO_PCI_INTX_IRQ_INDEX;
2394 -
2395 - return 0;
2396 -@@ -400,25 +411,26 @@ static int vfio_intx_set_signal(struct vfio_pci_device *vdev, int fd)
2397 - return PTR_ERR(trigger);
2398 - }
2399 -
2400 -+ vdev->ctx[0].trigger = trigger;
2401 -+
2402 - if (!vdev->pci_2_3)
2403 - irqflags = 0;
2404 -
2405 - ret = request_irq(pdev->irq, vfio_intx_handler,
2406 - irqflags, vdev->ctx[0].name, vdev);
2407 - if (ret) {
2408 -+ vdev->ctx[0].trigger = NULL;
2409 - kfree(vdev->ctx[0].name);
2410 - eventfd_ctx_put(trigger);
2411 - return ret;
2412 - }
2413 -
2414 -- vdev->ctx[0].trigger = trigger;
2415 --
2416 - /*
2417 - * INTx disable will stick across the new irq setup,
2418 - * disable_irq won't.
2419 - */
2420 - spin_lock_irqsave(&vdev->irqlock, flags);
2421 -- if (!vdev->pci_2_3 && (vdev->ctx[0].masked || vdev->virq_disabled))
2422 -+ if (!vdev->pci_2_3 && vdev->ctx[0].masked)
2423 - disable_irq_nosync(pdev->irq);
2424 - spin_unlock_irqrestore(&vdev->irqlock, flags);
2425 -
2426 -diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c
2427 -index 8af6414..38fcfff 100644
2428 ---- a/drivers/video/udlfb.c
2429 -+++ b/drivers/video/udlfb.c
2430 -@@ -647,7 +647,7 @@ static ssize_t dlfb_ops_write(struct fb_info *info, const char __user *buf,
2431 - result = fb_sys_write(info, buf, count, ppos);
2432 -
2433 - if (result > 0) {
2434 -- int start = max((int)(offset / info->fix.line_length) - 1, 0);
2435 -+ int start = max((int)(offset / info->fix.line_length), 0);
2436 - int lines = min((u32)((result / info->fix.line_length) + 1),
2437 - (u32)info->var.yres);
2438 -
2439 -diff --git a/drivers/video/via/via_clock.c b/drivers/video/via/via_clock.c
2440 -index af8f26b..db1e392 100644
2441 ---- a/drivers/video/via/via_clock.c
2442 -+++ b/drivers/video/via/via_clock.c
2443 -@@ -25,6 +25,7 @@
2444 -
2445 - #include <linux/kernel.h>
2446 - #include <linux/via-core.h>
2447 -+#include <asm/olpc.h>
2448 - #include "via_clock.h"
2449 - #include "global.h"
2450 - #include "debug.h"
2451 -@@ -289,6 +290,10 @@ static void dummy_set_pll(struct via_pll_config config)
2452 - printk(KERN_INFO "Using undocumented set PLL.\n%s", via_slap);
2453 - }
2454 -
2455 -+static void noop_set_clock_state(u8 state)
2456 -+{
2457 -+}
2458 -+
2459 - void via_clock_init(struct via_clock *clock, int gfx_chip)
2460 - {
2461 - switch (gfx_chip) {
2462 -@@ -346,4 +351,18 @@ void via_clock_init(struct via_clock *clock, int gfx_chip)
2463 - break;
2464 -
2465 - }
2466 -+
2467 -+ if (machine_is_olpc()) {
2468 -+ /* The OLPC XO-1.5 cannot suspend/resume reliably if the
2469 -+ * IGA1/IGA2 clocks are set as on or off (memory rot
2470 -+ * occasionally happens during suspend under such
2471 -+ * configurations).
2472 -+ *
2473 -+ * The only known stable scenario is to leave this bits as-is,
2474 -+ * which in their default states are documented to enable the
2475 -+ * clock only when it is needed.
2476 -+ */
2477 -+ clock->set_primary_clock_state = noop_set_clock_state;
2478 -+ clock->set_secondary_clock_state = noop_set_clock_state;
2479 -+ }
2480 - }
2481 -diff --git a/drivers/xen/xenbus/xenbus_xs.c b/drivers/xen/xenbus/xenbus_xs.c
2482 -index bce15cf..ca373d1 100644
2483 ---- a/drivers/xen/xenbus/xenbus_xs.c
2484 -+++ b/drivers/xen/xenbus/xenbus_xs.c
2485 -@@ -47,6 +47,7 @@
2486 - #include <xen/xenbus.h>
2487 - #include <xen/xen.h>
2488 - #include "xenbus_comms.h"
2489 -+#include <asm/xen/hypervisor.h>
2490 -
2491 - struct xs_stored_msg {
2492 - struct list_head list;
2493 -@@ -617,7 +618,24 @@ static struct xenbus_watch *find_watch(const char *token)
2494 -
2495 - return NULL;
2496 - }
2497 -+/*
2498 -+ * Certain older XenBus toolstack cannot handle reading values that are
2499 -+ * not populated. Some Xen 3.4 installation are incapable of doing this
2500 -+ * so if we are running on anything older than 4 do not attempt to read
2501 -+ * control/platform-feature-xs_reset_watches.
2502 -+ */
2503 -+static bool xen_strict_xenbus_quirk()
2504 -+{
2505 -+ uint32_t eax, ebx, ecx, edx, base;
2506 -+
2507 -+ base = xen_cpuid_base();
2508 -+ cpuid(base + 1, &eax, &ebx, &ecx, &edx);
2509 -
2510 -+ if ((eax >> 16) < 4)
2511 -+ return true;
2512 -+ return false;
2513 -+
2514 -+}
2515 - static void xs_reset_watches(void)
2516 - {
2517 - int err, supported = 0;
2518 -@@ -625,6 +643,9 @@ static void xs_reset_watches(void)
2519 - if (!xen_hvm_domain())
2520 - return;
2521 -
2522 -+ if (xen_strict_xenbus_quirk())
2523 -+ return;
2524 -+
2525 - err = xenbus_scanf(XBT_NIL, "control",
2526 - "platform-feature-xs_reset_watches", "%d", &supported);
2527 - if (err != 1 || !supported)
2528 -diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
2529 -index e7396cf..91b1165 100644
2530 ---- a/fs/autofs4/root.c
2531 -+++ b/fs/autofs4/root.c
2532 -@@ -392,10 +392,12 @@ static struct vfsmount *autofs4_d_automount(struct path *path)
2533 - ino->flags |= AUTOFS_INF_PENDING;
2534 - spin_unlock(&sbi->fs_lock);
2535 - status = autofs4_mount_wait(dentry);
2536 -- if (status)
2537 -- return ERR_PTR(status);
2538 - spin_lock(&sbi->fs_lock);
2539 - ino->flags &= ~AUTOFS_INF_PENDING;
2540 -+ if (status) {
2541 -+ spin_unlock(&sbi->fs_lock);
2542 -+ return ERR_PTR(status);
2543 -+ }
2544 - }
2545 - done:
2546 - if (!(ino->flags & AUTOFS_INF_EXPIRING)) {
2547 -diff --git a/fs/ceph/export.c b/fs/ceph/export.c
2548 -index 8e1b60e..02ce909 100644
2549 ---- a/fs/ceph/export.c
2550 -+++ b/fs/ceph/export.c
2551 -@@ -99,7 +99,7 @@ static int ceph_encode_fh(struct inode *inode, u32 *rawfh, int *max_len,
2552 - * FIXME: we should try harder by querying the mds for the ino.
2553 - */
2554 - static struct dentry *__fh_to_dentry(struct super_block *sb,
2555 -- struct ceph_nfs_fh *fh)
2556 -+ struct ceph_nfs_fh *fh, int fh_len)
2557 - {
2558 - struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc;
2559 - struct inode *inode;
2560 -@@ -107,6 +107,9 @@ static struct dentry *__fh_to_dentry(struct super_block *sb,
2561 - struct ceph_vino vino;
2562 - int err;
2563 -
2564 -+ if (fh_len < sizeof(*fh) / 4)
2565 -+ return ERR_PTR(-ESTALE);
2566 -+
2567 - dout("__fh_to_dentry %llx\n", fh->ino);
2568 - vino.ino = fh->ino;
2569 - vino.snap = CEPH_NOSNAP;
2570 -@@ -150,7 +153,7 @@ static struct dentry *__fh_to_dentry(struct super_block *sb,
2571 - * convert connectable fh to dentry
2572 - */
2573 - static struct dentry *__cfh_to_dentry(struct super_block *sb,
2574 -- struct ceph_nfs_confh *cfh)
2575 -+ struct ceph_nfs_confh *cfh, int fh_len)
2576 - {
2577 - struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc;
2578 - struct inode *inode;
2579 -@@ -158,6 +161,9 @@ static struct dentry *__cfh_to_dentry(struct super_block *sb,
2580 - struct ceph_vino vino;
2581 - int err;
2582 -
2583 -+ if (fh_len < sizeof(*cfh) / 4)
2584 -+ return ERR_PTR(-ESTALE);
2585 -+
2586 - dout("__cfh_to_dentry %llx (%llx/%x)\n",
2587 - cfh->ino, cfh->parent_ino, cfh->parent_name_hash);
2588 -
2589 -@@ -207,9 +213,11 @@ static struct dentry *ceph_fh_to_dentry(struct super_block *sb, struct fid *fid,
2590 - int fh_len, int fh_type)
2591 - {
2592 - if (fh_type == 1)
2593 -- return __fh_to_dentry(sb, (struct ceph_nfs_fh *)fid->raw);
2594 -+ return __fh_to_dentry(sb, (struct ceph_nfs_fh *)fid->raw,
2595 -+ fh_len);
2596 - else
2597 -- return __cfh_to_dentry(sb, (struct ceph_nfs_confh *)fid->raw);
2598 -+ return __cfh_to_dentry(sb, (struct ceph_nfs_confh *)fid->raw,
2599 -+ fh_len);
2600 - }
2601 -
2602 - /*
2603 -@@ -230,6 +238,8 @@ static struct dentry *ceph_fh_to_parent(struct super_block *sb,
2604 -
2605 - if (fh_type == 1)
2606 - return ERR_PTR(-ESTALE);
2607 -+ if (fh_len < sizeof(*cfh) / 4)
2608 -+ return ERR_PTR(-ESTALE);
2609 -
2610 - pr_debug("fh_to_parent %llx/%d\n", cfh->parent_ino,
2611 - cfh->parent_name_hash);
2612 -diff --git a/fs/gfs2/export.c b/fs/gfs2/export.c
2613 -index e8ed6d4..4767774 100644
2614 ---- a/fs/gfs2/export.c
2615 -+++ b/fs/gfs2/export.c
2616 -@@ -161,6 +161,8 @@ static struct dentry *gfs2_fh_to_dentry(struct super_block *sb, struct fid *fid,
2617 - case GFS2_SMALL_FH_SIZE:
2618 - case GFS2_LARGE_FH_SIZE:
2619 - case GFS2_OLD_FH_SIZE:
2620 -+ if (fh_len < GFS2_SMALL_FH_SIZE)
2621 -+ return NULL;
2622 - this.no_formal_ino = ((u64)be32_to_cpu(fh[0])) << 32;
2623 - this.no_formal_ino |= be32_to_cpu(fh[1]);
2624 - this.no_addr = ((u64)be32_to_cpu(fh[2])) << 32;
2625 -@@ -180,6 +182,8 @@ static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid *fid,
2626 - switch (fh_type) {
2627 - case GFS2_LARGE_FH_SIZE:
2628 - case GFS2_OLD_FH_SIZE:
2629 -+ if (fh_len < GFS2_LARGE_FH_SIZE)
2630 -+ return NULL;
2631 - parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;
2632 - parent.no_formal_ino |= be32_to_cpu(fh[5]);
2633 - parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;
2634 -diff --git a/fs/isofs/export.c b/fs/isofs/export.c
2635 -index 1d38044..2b4f235 100644
2636 ---- a/fs/isofs/export.c
2637 -+++ b/fs/isofs/export.c
2638 -@@ -175,7 +175,7 @@ static struct dentry *isofs_fh_to_parent(struct super_block *sb,
2639 - {
2640 - struct isofs_fid *ifid = (struct isofs_fid *)fid;
2641 -
2642 -- if (fh_type != 2)
2643 -+ if (fh_len < 2 || fh_type != 2)
2644 - return NULL;
2645 -
2646 - return isofs_export_iget(sb,
2647 -diff --git a/fs/jbd/commit.c b/fs/jbd/commit.c
2648 -index 52c15c7..86b39b1 100644
2649 ---- a/fs/jbd/commit.c
2650 -+++ b/fs/jbd/commit.c
2651 -@@ -86,7 +86,12 @@ nope:
2652 - static void release_data_buffer(struct buffer_head *bh)
2653 - {
2654 - if (buffer_freed(bh)) {
2655 -+ WARN_ON_ONCE(buffer_dirty(bh));
2656 - clear_buffer_freed(bh);
2657 -+ clear_buffer_mapped(bh);
2658 -+ clear_buffer_new(bh);
2659 -+ clear_buffer_req(bh);
2660 -+ bh->b_bdev = NULL;
2661 - release_buffer_page(bh);
2662 - } else
2663 - put_bh(bh);
2664 -@@ -866,17 +871,35 @@ restart_loop:
2665 - * there's no point in keeping a checkpoint record for
2666 - * it. */
2667 -
2668 -- /* A buffer which has been freed while still being
2669 -- * journaled by a previous transaction may end up still
2670 -- * being dirty here, but we want to avoid writing back
2671 -- * that buffer in the future after the "add to orphan"
2672 -- * operation been committed, That's not only a performance
2673 -- * gain, it also stops aliasing problems if the buffer is
2674 -- * left behind for writeback and gets reallocated for another
2675 -- * use in a different page. */
2676 -- if (buffer_freed(bh) && !jh->b_next_transaction) {
2677 -- clear_buffer_freed(bh);
2678 -- clear_buffer_jbddirty(bh);
2679 -+ /*
2680 -+ * A buffer which has been freed while still being journaled by
2681 -+ * a previous transaction.
2682 -+ */
2683 -+ if (buffer_freed(bh)) {
2684 -+ /*
2685 -+ * If the running transaction is the one containing
2686 -+ * "add to orphan" operation (b_next_transaction !=
2687 -+ * NULL), we have to wait for that transaction to
2688 -+ * commit before we can really get rid of the buffer.
2689 -+ * So just clear b_modified to not confuse transaction
2690 -+ * credit accounting and refile the buffer to
2691 -+ * BJ_Forget of the running transaction. If the just
2692 -+ * committed transaction contains "add to orphan"
2693 -+ * operation, we can completely invalidate the buffer
2694 -+ * now. We are rather throughout in that since the
2695 -+ * buffer may be still accessible when blocksize <
2696 -+ * pagesize and it is attached to the last partial
2697 -+ * page.
2698 -+ */
2699 -+ jh->b_modified = 0;
2700 -+ if (!jh->b_next_transaction) {
2701 -+ clear_buffer_freed(bh);
2702 -+ clear_buffer_jbddirty(bh);
2703 -+ clear_buffer_mapped(bh);
2704 -+ clear_buffer_new(bh);
2705 -+ clear_buffer_req(bh);
2706 -+ bh->b_bdev = NULL;
2707 -+ }
2708 - }
2709 -
2710 - if (buffer_jbddirty(bh)) {
2711 -diff --git a/fs/jbd/transaction.c b/fs/jbd/transaction.c
2712 -index febc10d..78b7f84 100644
2713 ---- a/fs/jbd/transaction.c
2714 -+++ b/fs/jbd/transaction.c
2715 -@@ -1843,15 +1843,16 @@ static int __dispose_buffer(struct journal_head *jh, transaction_t *transaction)
2716 - * We're outside-transaction here. Either or both of j_running_transaction
2717 - * and j_committing_transaction may be NULL.
2718 - */
2719 --static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
2720 -+static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh,
2721 -+ int partial_page)
2722 - {
2723 - transaction_t *transaction;
2724 - struct journal_head *jh;
2725 - int may_free = 1;
2726 -- int ret;
2727 -
2728 - BUFFER_TRACE(bh, "entry");
2729 -
2730 -+retry:
2731 - /*
2732 - * It is safe to proceed here without the j_list_lock because the
2733 - * buffers cannot be stolen by try_to_free_buffers as long as we are
2734 -@@ -1879,10 +1880,18 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
2735 - * clear the buffer dirty bit at latest at the moment when the
2736 - * transaction marking the buffer as freed in the filesystem
2737 - * structures is committed because from that moment on the
2738 -- * buffer can be reallocated and used by a different page.
2739 -+ * block can be reallocated and used by a different page.
2740 - * Since the block hasn't been freed yet but the inode has
2741 - * already been added to orphan list, it is safe for us to add
2742 - * the buffer to BJ_Forget list of the newest transaction.
2743 -+ *
2744 -+ * Also we have to clear buffer_mapped flag of a truncated buffer
2745 -+ * because the buffer_head may be attached to the page straddling
2746 -+ * i_size (can happen only when blocksize < pagesize) and thus the
2747 -+ * buffer_head can be reused when the file is extended again. So we end
2748 -+ * up keeping around invalidated buffers attached to transactions'
2749 -+ * BJ_Forget list just to stop checkpointing code from cleaning up
2750 -+ * the transaction this buffer was modified in.
2751 - */
2752 - transaction = jh->b_transaction;
2753 - if (transaction == NULL) {
2754 -@@ -1909,13 +1918,9 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
2755 - * committed, the buffer won't be needed any
2756 - * longer. */
2757 - JBUFFER_TRACE(jh, "checkpointed: add to BJ_Forget");
2758 -- ret = __dispose_buffer(jh,
2759 -+ may_free = __dispose_buffer(jh,
2760 - journal->j_running_transaction);
2761 -- journal_put_journal_head(jh);
2762 -- spin_unlock(&journal->j_list_lock);
2763 -- jbd_unlock_bh_state(bh);
2764 -- spin_unlock(&journal->j_state_lock);
2765 -- return ret;
2766 -+ goto zap_buffer;
2767 - } else {
2768 - /* There is no currently-running transaction. So the
2769 - * orphan record which we wrote for this file must have
2770 -@@ -1923,13 +1928,9 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
2771 - * the committing transaction, if it exists. */
2772 - if (journal->j_committing_transaction) {
2773 - JBUFFER_TRACE(jh, "give to committing trans");
2774 -- ret = __dispose_buffer(jh,
2775 -+ may_free = __dispose_buffer(jh,
2776 - journal->j_committing_transaction);
2777 -- journal_put_journal_head(jh);
2778 -- spin_unlock(&journal->j_list_lock);
2779 -- jbd_unlock_bh_state(bh);
2780 -- spin_unlock(&journal->j_state_lock);
2781 -- return ret;
2782 -+ goto zap_buffer;
2783 - } else {
2784 - /* The orphan record's transaction has
2785 - * committed. We can cleanse this buffer */
2786 -@@ -1950,10 +1951,24 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
2787 - }
2788 - /*
2789 - * The buffer is committing, we simply cannot touch
2790 -- * it. So we just set j_next_transaction to the
2791 -- * running transaction (if there is one) and mark
2792 -- * buffer as freed so that commit code knows it should
2793 -- * clear dirty bits when it is done with the buffer.
2794 -+ * it. If the page is straddling i_size we have to wait
2795 -+ * for commit and try again.
2796 -+ */
2797 -+ if (partial_page) {
2798 -+ tid_t tid = journal->j_committing_transaction->t_tid;
2799 -+
2800 -+ journal_put_journal_head(jh);
2801 -+ spin_unlock(&journal->j_list_lock);
2802 -+ jbd_unlock_bh_state(bh);
2803 -+ spin_unlock(&journal->j_state_lock);
2804 -+ log_wait_commit(journal, tid);
2805 -+ goto retry;
2806 -+ }
2807 -+ /*
2808 -+ * OK, buffer won't be reachable after truncate. We just set
2809 -+ * j_next_transaction to the running transaction (if there is
2810 -+ * one) and mark buffer as freed so that commit code knows it
2811 -+ * should clear dirty bits when it is done with the buffer.
2812 - */
2813 - set_buffer_freed(bh);
2814 - if (journal->j_running_transaction && buffer_jbddirty(bh))
2815 -@@ -1976,6 +1991,14 @@ static int journal_unmap_buffer(journal_t *journal, struct buffer_head *bh)
2816 - }
2817 -
2818 - zap_buffer:
2819 -+ /*
2820 -+ * This is tricky. Although the buffer is truncated, it may be reused
2821 -+ * if blocksize < pagesize and it is attached to the page straddling
2822 -+ * EOF. Since the buffer might have been added to BJ_Forget list of the
2823 -+ * running transaction, journal_get_write_access() won't clear
2824 -+ * b_modified and credit accounting gets confused. So clear b_modified
2825 -+ * here. */
2826 -+ jh->b_modified = 0;
2827 - journal_put_journal_head(jh);
2828 - zap_buffer_no_jh:
2829 - spin_unlock(&journal->j_list_lock);
2830 -@@ -2024,7 +2047,8 @@ void journal_invalidatepage(journal_t *journal,
2831 - if (offset <= curr_off) {
2832 - /* This block is wholly outside the truncation point */
2833 - lock_buffer(bh);
2834 -- may_free &= journal_unmap_buffer(journal, bh);
2835 -+ may_free &= journal_unmap_buffer(journal, bh,
2836 -+ offset > 0);
2837 - unlock_buffer(bh);
2838 - }
2839 - curr_off = next_off;
2840 -diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
2841 -index 7ef14b3..e4fb3ba 100644
2842 ---- a/fs/lockd/mon.c
2843 -+++ b/fs/lockd/mon.c
2844 -@@ -7,7 +7,6 @@
2845 - */
2846 -
2847 - #include <linux/types.h>
2848 --#include <linux/utsname.h>
2849 - #include <linux/kernel.h>
2850 - #include <linux/ktime.h>
2851 - #include <linux/slab.h>
2852 -@@ -19,6 +18,8 @@
2853 -
2854 - #include <asm/unaligned.h>
2855 -
2856 -+#include "netns.h"
2857 -+
2858 - #define NLMDBG_FACILITY NLMDBG_MONITOR
2859 - #define NSM_PROGRAM 100024
2860 - #define NSM_VERSION 1
2861 -@@ -40,6 +41,7 @@ struct nsm_args {
2862 - u32 proc;
2863 -
2864 - char *mon_name;
2865 -+ char *nodename;
2866 - };
2867 -
2868 - struct nsm_res {
2869 -@@ -70,7 +72,7 @@ static struct rpc_clnt *nsm_create(struct net *net)
2870 - };
2871 - struct rpc_create_args args = {
2872 - .net = net,
2873 -- .protocol = XPRT_TRANSPORT_UDP,
2874 -+ .protocol = XPRT_TRANSPORT_TCP,
2875 - .address = (struct sockaddr *)&sin,
2876 - .addrsize = sizeof(sin),
2877 - .servername = "rpc.statd",
2878 -@@ -83,10 +85,54 @@ static struct rpc_clnt *nsm_create(struct net *net)
2879 - return rpc_create(&args);
2880 - }
2881 -
2882 --static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res,
2883 -- struct net *net)
2884 -+static struct rpc_clnt *nsm_client_get(struct net *net)
2885 - {
2886 -+ static DEFINE_MUTEX(nsm_create_mutex);
2887 - struct rpc_clnt *clnt;
2888 -+ struct lockd_net *ln = net_generic(net, lockd_net_id);
2889 -+
2890 -+ spin_lock(&ln->nsm_clnt_lock);
2891 -+ if (ln->nsm_users) {
2892 -+ ln->nsm_users++;
2893 -+ clnt = ln->nsm_clnt;
2894 -+ spin_unlock(&ln->nsm_clnt_lock);
2895 -+ goto out;
2896 -+ }
2897 -+ spin_unlock(&ln->nsm_clnt_lock);
2898 -+
2899 -+ mutex_lock(&nsm_create_mutex);
2900 -+ clnt = nsm_create(net);
2901 -+ if (!IS_ERR(clnt)) {
2902 -+ ln->nsm_clnt = clnt;
2903 -+ smp_wmb();
2904 -+ ln->nsm_users = 1;
2905 -+ }
2906 -+ mutex_unlock(&nsm_create_mutex);
2907 -+out:
2908 -+ return clnt;
2909 -+}
2910 -+
2911 -+static void nsm_client_put(struct net *net)
2912 -+{
2913 -+ struct lockd_net *ln = net_generic(net, lockd_net_id);
2914 -+ struct rpc_clnt *clnt = ln->nsm_clnt;
2915 -+ int shutdown = 0;
2916 -+
2917 -+ spin_lock(&ln->nsm_clnt_lock);
2918 -+ if (ln->nsm_users) {
2919 -+ if (--ln->nsm_users)
2920 -+ ln->nsm_clnt = NULL;
2921 -+ shutdown = !ln->nsm_users;
2922 -+ }
2923 -+ spin_unlock(&ln->nsm_clnt_lock);
2924 -+
2925 -+ if (shutdown)
2926 -+ rpc_shutdown_client(clnt);
2927 -+}
2928 -+
2929 -+static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res,
2930 -+ struct rpc_clnt *clnt)
2931 -+{
2932 - int status;
2933 - struct nsm_args args = {
2934 - .priv = &nsm->sm_priv,
2935 -@@ -94,31 +140,24 @@ static int nsm_mon_unmon(struct nsm_handle *nsm, u32 proc, struct nsm_res *res,
2936 - .vers = 3,
2937 - .proc = NLMPROC_NSM_NOTIFY,
2938 - .mon_name = nsm->sm_mon_name,
2939 -+ .nodename = clnt->cl_nodename,
2940 - };
2941 - struct rpc_message msg = {
2942 - .rpc_argp = &args,
2943 - .rpc_resp = res,
2944 - };
2945 -
2946 -- clnt = nsm_create(net);
2947 -- if (IS_ERR(clnt)) {
2948 -- status = PTR_ERR(clnt);
2949 -- dprintk("lockd: failed to create NSM upcall transport, "
2950 -- "status=%d\n", status);
2951 -- goto out;
2952 -- }
2953 -+ BUG_ON(clnt == NULL);
2954 -
2955 - memset(res, 0, sizeof(*res));
2956 -
2957 - msg.rpc_proc = &clnt->cl_procinfo[proc];
2958 -- status = rpc_call_sync(clnt, &msg, 0);
2959 -+ status = rpc_call_sync(clnt, &msg, RPC_TASK_SOFTCONN);
2960 - if (status < 0)
2961 - dprintk("lockd: NSM upcall RPC failed, status=%d\n",
2962 - status);
2963 - else
2964 - status = 0;
2965 -- rpc_shutdown_client(clnt);
2966 -- out:
2967 - return status;
2968 - }
2969 -
2970 -@@ -138,6 +177,7 @@ int nsm_monitor(const struct nlm_host *host)
2971 - struct nsm_handle *nsm = host->h_nsmhandle;
2972 - struct nsm_res res;
2973 - int status;
2974 -+ struct rpc_clnt *clnt;
2975 -
2976 - dprintk("lockd: nsm_monitor(%s)\n", nsm->sm_name);
2977 -
2978 -@@ -150,7 +190,15 @@ int nsm_monitor(const struct nlm_host *host)
2979 - */
2980 - nsm->sm_mon_name = nsm_use_hostnames ? nsm->sm_name : nsm->sm_addrbuf;
2981 -
2982 -- status = nsm_mon_unmon(nsm, NSMPROC_MON, &res, host->net);
2983 -+ clnt = nsm_client_get(host->net);
2984 -+ if (IS_ERR(clnt)) {
2985 -+ status = PTR_ERR(clnt);
2986 -+ dprintk("lockd: failed to create NSM upcall transport, "
2987 -+ "status=%d, net=%p\n", status, host->net);
2988 -+ return status;
2989 -+ }
2990 -+
2991 -+ status = nsm_mon_unmon(nsm, NSMPROC_MON, &res, clnt);
2992 - if (unlikely(res.status != 0))
2993 - status = -EIO;
2994 - if (unlikely(status < 0)) {
2995 -@@ -182,9 +230,11 @@ void nsm_unmonitor(const struct nlm_host *host)
2996 -
2997 - if (atomic_read(&nsm->sm_count) == 1
2998 - && nsm->sm_monitored && !nsm->sm_sticky) {
2999 -+ struct lockd_net *ln = net_generic(host->net, lockd_net_id);
3000 -+
3001 - dprintk("lockd: nsm_unmonitor(%s)\n", nsm->sm_name);
3002 -
3003 -- status = nsm_mon_unmon(nsm, NSMPROC_UNMON, &res, host->net);
3004 -+ status = nsm_mon_unmon(nsm, NSMPROC_UNMON, &res, ln->nsm_clnt);
3005 - if (res.status != 0)
3006 - status = -EIO;
3007 - if (status < 0)
3008 -@@ -192,6 +242,8 @@ void nsm_unmonitor(const struct nlm_host *host)
3009 - nsm->sm_name);
3010 - else
3011 - nsm->sm_monitored = 0;
3012 -+
3013 -+ nsm_client_put(host->net);
3014 - }
3015 - }
3016 -
3017 -@@ -430,7 +482,7 @@ static void encode_my_id(struct xdr_stream *xdr, const struct nsm_args *argp)
3018 - {
3019 - __be32 *p;
3020 -
3021 -- encode_nsm_string(xdr, utsname()->nodename);
3022 -+ encode_nsm_string(xdr, argp->nodename);
3023 - p = xdr_reserve_space(xdr, 4 + 4 + 4);
3024 - *p++ = cpu_to_be32(argp->prog);
3025 - *p++ = cpu_to_be32(argp->vers);
3026 -diff --git a/fs/lockd/netns.h b/fs/lockd/netns.h
3027 -index 4eee248..5010b55 100644
3028 ---- a/fs/lockd/netns.h
3029 -+++ b/fs/lockd/netns.h
3030 -@@ -12,6 +12,10 @@ struct lockd_net {
3031 - struct delayed_work grace_period_end;
3032 - struct lock_manager lockd_manager;
3033 - struct list_head grace_list;
3034 -+
3035 -+ spinlock_t nsm_clnt_lock;
3036 -+ unsigned int nsm_users;
3037 -+ struct rpc_clnt *nsm_clnt;
3038 - };
3039 -
3040 - extern int lockd_net_id;
3041 -diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
3042 -index 31a63f8..7e35587 100644
3043 ---- a/fs/lockd/svc.c
3044 -+++ b/fs/lockd/svc.c
3045 -@@ -596,6 +596,7 @@ static int lockd_init_net(struct net *net)
3046 -
3047 - INIT_DELAYED_WORK(&ln->grace_period_end, grace_ender);
3048 - INIT_LIST_HEAD(&ln->grace_list);
3049 -+ spin_lock_init(&ln->nsm_clnt_lock);
3050 - return 0;
3051 - }
3052 -
3053 -diff --git a/fs/namei.c b/fs/namei.c
3054 -index dd1ed1b..81bd546 100644
3055 ---- a/fs/namei.c
3056 -+++ b/fs/namei.c
3057 -@@ -692,9 +692,9 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd)
3058 - if (parent->i_uid == inode->i_uid)
3059 - return 0;
3060 -
3061 -+ audit_log_link_denied("follow_link", link);
3062 - path_put_conditional(link, nd);
3063 - path_put(&nd->path);
3064 -- audit_log_link_denied("follow_link", link);
3065 - return -EACCES;
3066 - }
3067 -
3068 -diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c
3069 -index dd392ed..f3d16ad 100644
3070 ---- a/fs/nfs/blocklayout/blocklayout.c
3071 -+++ b/fs/nfs/blocklayout/blocklayout.c
3072 -@@ -162,25 +162,39 @@ static struct bio *bl_alloc_init_bio(int npg, sector_t isect,
3073 - return bio;
3074 - }
3075 -
3076 --static struct bio *bl_add_page_to_bio(struct bio *bio, int npg, int rw,
3077 -+static struct bio *do_add_page_to_bio(struct bio *bio, int npg, int rw,
3078 - sector_t isect, struct page *page,
3079 - struct pnfs_block_extent *be,
3080 - void (*end_io)(struct bio *, int err),
3081 -- struct parallel_io *par)
3082 -+ struct parallel_io *par,
3083 -+ unsigned int offset, int len)
3084 - {
3085 -+ isect = isect + (offset >> SECTOR_SHIFT);
3086 -+ dprintk("%s: npg %d rw %d isect %llu offset %u len %d\n", __func__,
3087 -+ npg, rw, (unsigned long long)isect, offset, len);
3088 - retry:
3089 - if (!bio) {
3090 - bio = bl_alloc_init_bio(npg, isect, be, end_io, par);
3091 - if (!bio)
3092 - return ERR_PTR(-ENOMEM);
3093 - }
3094 -- if (bio_add_page(bio, page, PAGE_CACHE_SIZE, 0) < PAGE_CACHE_SIZE) {
3095 -+ if (bio_add_page(bio, page, len, offset) < len) {
3096 - bio = bl_submit_bio(rw, bio);
3097 - goto retry;
3098 - }
3099 - return bio;
3100 - }
3101 -
3102 -+static struct bio *bl_add_page_to_bio(struct bio *bio, int npg, int rw,
3103 -+ sector_t isect, struct page *page,
3104 -+ struct pnfs_block_extent *be,
3105 -+ void (*end_io)(struct bio *, int err),
3106 -+ struct parallel_io *par)
3107 -+{
3108 -+ return do_add_page_to_bio(bio, npg, rw, isect, page, be,
3109 -+ end_io, par, 0, PAGE_CACHE_SIZE);
3110 -+}
3111 -+
3112 - /* This is basically copied from mpage_end_io_read */
3113 - static void bl_end_io_read(struct bio *bio, int err)
3114 - {
3115 -@@ -461,6 +475,106 @@ map_block(struct buffer_head *bh, sector_t isect, struct pnfs_block_extent *be)
3116 - return;
3117 - }
3118 -
3119 -+static void
3120 -+bl_read_single_end_io(struct bio *bio, int error)
3121 -+{
3122 -+ struct bio_vec *bvec = bio->bi_io_vec + bio->bi_vcnt - 1;
3123 -+ struct page *page = bvec->bv_page;
3124 -+
3125 -+ /* Only one page in bvec */
3126 -+ unlock_page(page);
3127 -+}
3128 -+
3129 -+static int
3130 -+bl_do_readpage_sync(struct page *page, struct pnfs_block_extent *be,
3131 -+ unsigned int offset, unsigned int len)
3132 -+{
3133 -+ struct bio *bio;
3134 -+ struct page *shadow_page;
3135 -+ sector_t isect;
3136 -+ char *kaddr, *kshadow_addr;
3137 -+ int ret = 0;
3138 -+
3139 -+ dprintk("%s: offset %u len %u\n", __func__, offset, len);
3140 -+
3141 -+ shadow_page = alloc_page(GFP_NOFS | __GFP_HIGHMEM);
3142 -+ if (shadow_page == NULL)
3143 -+ return -ENOMEM;
3144 -+
3145 -+ bio = bio_alloc(GFP_NOIO, 1);
3146 -+ if (bio == NULL)
3147 -+ return -ENOMEM;
3148 -+
3149 -+ isect = (page->index << PAGE_CACHE_SECTOR_SHIFT) +
3150 -+ (offset / SECTOR_SIZE);
3151 -+
3152 -+ bio->bi_sector = isect - be->be_f_offset + be->be_v_offset;
3153 -+ bio->bi_bdev = be->be_mdev;
3154 -+ bio->bi_end_io = bl_read_single_end_io;
3155 -+
3156 -+ lock_page(shadow_page);
3157 -+ if (bio_add_page(bio, shadow_page,
3158 -+ SECTOR_SIZE, round_down(offset, SECTOR_SIZE)) == 0) {
3159 -+ unlock_page(shadow_page);
3160 -+ bio_put(bio);
3161 -+ return -EIO;
3162 -+ }
3163 -+
3164 -+ submit_bio(READ, bio);
3165 -+ wait_on_page_locked(shadow_page);
3166 -+ if (unlikely(!test_bit(BIO_UPTODATE, &bio->bi_flags))) {
3167 -+ ret = -EIO;
3168 -+ } else {
3169 -+ kaddr = kmap_atomic(page);
3170 -+ kshadow_addr = kmap_atomic(shadow_page);
3171 -+ memcpy(kaddr + offset, kshadow_addr + offset, len);
3172 -+ kunmap_atomic(kshadow_addr);
3173 -+ kunmap_atomic(kaddr);
3174 -+ }
3175 -+ __free_page(shadow_page);
3176 -+ bio_put(bio);
3177 -+
3178 -+ return ret;
3179 -+}
3180 -+
3181 -+static int
3182 -+bl_read_partial_page_sync(struct page *page, struct pnfs_block_extent *be,
3183 -+ unsigned int dirty_offset, unsigned int dirty_len,
3184 -+ bool full_page)
3185 -+{
3186 -+ int ret = 0;
3187 -+ unsigned int start, end;
3188 -+
3189 -+ if (full_page) {
3190 -+ start = 0;
3191 -+ end = PAGE_CACHE_SIZE;
3192 -+ } else {
3193 -+ start = round_down(dirty_offset, SECTOR_SIZE);
3194 -+ end = round_up(dirty_offset + dirty_len, SECTOR_SIZE);
3195 -+ }
3196 -+
3197 -+ dprintk("%s: offset %u len %d\n", __func__, dirty_offset, dirty_len);
3198 -+ if (!be) {
3199 -+ zero_user_segments(page, start, dirty_offset,
3200 -+ dirty_offset + dirty_len, end);
3201 -+ if (start == 0 && end == PAGE_CACHE_SIZE &&
3202 -+ trylock_page(page)) {
3203 -+ SetPageUptodate(page);
3204 -+ unlock_page(page);
3205 -+ }
3206 -+ return ret;
3207 -+ }
3208 -+
3209 -+ if (start != dirty_offset)
3210 -+ ret = bl_do_readpage_sync(page, be, start, dirty_offset - start);
3211 -+
3212 -+ if (!ret && (dirty_offset + dirty_len < end))
3213 -+ ret = bl_do_readpage_sync(page, be, dirty_offset + dirty_len,
3214 -+ end - dirty_offset - dirty_len);
3215 -+
3216 -+ return ret;
3217 -+}
3218 -+
3219 - /* Given an unmapped page, zero it or read in page for COW, page is locked
3220 - * by caller.
3221 - */
3222 -@@ -494,7 +608,6 @@ init_page_for_write(struct page *page, struct pnfs_block_extent *cow_read)
3223 - SetPageUptodate(page);
3224 -
3225 - cleanup:
3226 -- bl_put_extent(cow_read);
3227 - if (bh)
3228 - free_buffer_head(bh);
3229 - if (ret) {
3230 -@@ -566,6 +679,7 @@ bl_write_pagelist(struct nfs_write_data *wdata, int sync)
3231 - struct parallel_io *par = NULL;
3232 - loff_t offset = wdata->args.offset;
3233 - size_t count = wdata->args.count;
3234 -+ unsigned int pg_offset, pg_len, saved_len;
3235 - struct page **pages = wdata->args.pages;
3236 - struct page *page;
3237 - pgoff_t index;
3238 -@@ -674,10 +788,11 @@ next_page:
3239 - if (!extent_length) {
3240 - /* We've used up the previous extent */
3241 - bl_put_extent(be);
3242 -+ bl_put_extent(cow_read);
3243 - bio = bl_submit_bio(WRITE, bio);
3244 - /* Get the next one */
3245 - be = bl_find_get_extent(BLK_LSEG2EXT(header->lseg),
3246 -- isect, NULL);
3247 -+ isect, &cow_read);
3248 - if (!be || !is_writable(be, isect)) {
3249 - header->pnfs_error = -EINVAL;
3250 - goto out;
3251 -@@ -694,7 +809,26 @@ next_page:
3252 - extent_length = be->be_length -
3253 - (isect - be->be_f_offset);
3254 - }
3255 -- if (be->be_state == PNFS_BLOCK_INVALID_DATA) {
3256 -+
3257 -+ dprintk("%s offset %lld count %Zu\n", __func__, offset, count);
3258 -+ pg_offset = offset & ~PAGE_CACHE_MASK;
3259 -+ if (pg_offset + count > PAGE_CACHE_SIZE)
3260 -+ pg_len = PAGE_CACHE_SIZE - pg_offset;
3261 -+ else
3262 -+ pg_len = count;
3263 -+
3264 -+ saved_len = pg_len;
3265 -+ if (be->be_state == PNFS_BLOCK_INVALID_DATA &&
3266 -+ !bl_is_sector_init(be->be_inval, isect)) {
3267 -+ ret = bl_read_partial_page_sync(pages[i], cow_read,
3268 -+ pg_offset, pg_len, true);
3269 -+ if (ret) {
3270 -+ dprintk("%s bl_read_partial_page_sync fail %d\n",
3271 -+ __func__, ret);
3272 -+ header->pnfs_error = ret;
3273 -+ goto out;
3274 -+ }
3275 -+
3276 - ret = bl_mark_sectors_init(be->be_inval, isect,
3277 - PAGE_CACHE_SECTORS);
3278 - if (unlikely(ret)) {
3279 -@@ -703,15 +837,35 @@ next_page:
3280 - header->pnfs_error = ret;
3281 - goto out;
3282 - }
3283 -+
3284 -+ /* Expand to full page write */
3285 -+ pg_offset = 0;
3286 -+ pg_len = PAGE_CACHE_SIZE;
3287 -+ } else if ((pg_offset & (SECTOR_SIZE - 1)) ||
3288 -+ (pg_len & (SECTOR_SIZE - 1))){
3289 -+ /* ahh, nasty case. We have to do sync full sector
3290 -+ * read-modify-write cycles.
3291 -+ */
3292 -+ unsigned int saved_offset = pg_offset;
3293 -+ ret = bl_read_partial_page_sync(pages[i], be, pg_offset,
3294 -+ pg_len, false);
3295 -+ pg_offset = round_down(pg_offset, SECTOR_SIZE);
3296 -+ pg_len = round_up(saved_offset + pg_len, SECTOR_SIZE)
3297 -+ - pg_offset;
3298 - }
3299 -- bio = bl_add_page_to_bio(bio, wdata->pages.npages - i, WRITE,
3300 -+
3301 -+
3302 -+ bio = do_add_page_to_bio(bio, wdata->pages.npages - i, WRITE,
3303 - isect, pages[i], be,
3304 -- bl_end_io_write, par);
3305 -+ bl_end_io_write, par,
3306 -+ pg_offset, pg_len);
3307 - if (IS_ERR(bio)) {
3308 - header->pnfs_error = PTR_ERR(bio);
3309 - bio = NULL;
3310 - goto out;
3311 - }
3312 -+ offset += saved_len;
3313 -+ count -= saved_len;
3314 - isect += PAGE_CACHE_SECTORS;
3315 - last_isect = isect;
3316 - extent_length -= PAGE_CACHE_SECTORS;
3317 -@@ -729,17 +883,16 @@ next_page:
3318 - }
3319 -
3320 - write_done:
3321 -- wdata->res.count = (last_isect << SECTOR_SHIFT) - (offset);
3322 -- if (count < wdata->res.count) {
3323 -- wdata->res.count = count;
3324 -- }
3325 -+ wdata->res.count = wdata->args.count;
3326 - out:
3327 - bl_put_extent(be);
3328 -+ bl_put_extent(cow_read);
3329 - bl_submit_bio(WRITE, bio);
3330 - put_parallel(par);
3331 - return PNFS_ATTEMPTED;
3332 - out_mds:
3333 - bl_put_extent(be);
3334 -+ bl_put_extent(cow_read);
3335 - kfree(par);
3336 - return PNFS_NOT_ATTEMPTED;
3337 - }
3338 -diff --git a/fs/nfs/blocklayout/blocklayout.h b/fs/nfs/blocklayout/blocklayout.h
3339 -index 0335069..39bb51a 100644
3340 ---- a/fs/nfs/blocklayout/blocklayout.h
3341 -+++ b/fs/nfs/blocklayout/blocklayout.h
3342 -@@ -41,6 +41,7 @@
3343 -
3344 - #define PAGE_CACHE_SECTORS (PAGE_CACHE_SIZE >> SECTOR_SHIFT)
3345 - #define PAGE_CACHE_SECTOR_SHIFT (PAGE_CACHE_SHIFT - SECTOR_SHIFT)
3346 -+#define SECTOR_SIZE (1 << SECTOR_SHIFT)
3347 -
3348 - struct block_mount_id {
3349 - spinlock_t bm_lock; /* protects list */
3350 -diff --git a/fs/nfs/client.c b/fs/nfs/client.c
3351 -index 9969444..0e7cd89 100644
3352 ---- a/fs/nfs/client.c
3353 -+++ b/fs/nfs/client.c
3354 -@@ -855,7 +855,6 @@ static void nfs_server_set_fsinfo(struct nfs_server *server,
3355 - if (server->wsize > NFS_MAX_FILE_IO_SIZE)
3356 - server->wsize = NFS_MAX_FILE_IO_SIZE;
3357 - server->wpages = (server->wsize + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
3358 -- server->pnfs_blksize = fsinfo->blksize;
3359 -
3360 - server->wtmult = nfs_block_bits(fsinfo->wtmult, NULL);
3361 -
3362 -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
3363 -index 1e50326..d5a0cf1 100644
3364 ---- a/fs/nfs/nfs4proc.c
3365 -+++ b/fs/nfs/nfs4proc.c
3366 -@@ -1774,7 +1774,11 @@ static void nfs41_clear_delegation_stateid(struct nfs4_state *state)
3367 - * informs us the stateid is unrecognized. */
3368 - if (status != -NFS4ERR_BAD_STATEID)
3369 - nfs41_free_stateid(server, stateid);
3370 -+ nfs_remove_bad_delegation(state->inode);
3371 -
3372 -+ write_seqlock(&state->seqlock);
3373 -+ nfs4_stateid_copy(&state->stateid, &state->open_stateid);
3374 -+ write_sequnlock(&state->seqlock);
3375 - clear_bit(NFS_DELEGATED_STATE, &state->flags);
3376 - }
3377 - }
3378 -@@ -3362,8 +3366,11 @@ static int nfs4_proc_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, s
3379 -
3380 - nfs_fattr_init(fsinfo->fattr);
3381 - error = nfs4_do_fsinfo(server, fhandle, fsinfo);
3382 -- if (error == 0)
3383 -+ if (error == 0) {
3384 -+ /* block layout checks this! */
3385 -+ server->pnfs_blksize = fsinfo->blksize;
3386 - set_pnfs_layoutdriver(server, fhandle, fsinfo->layouttype);
3387 -+ }
3388 -
3389 - return error;
3390 - }
3391 -diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c
3392 -index fdc91a6..ccfe0d0 100644
3393 ---- a/fs/nfsd/nfs4idmap.c
3394 -+++ b/fs/nfsd/nfs4idmap.c
3395 -@@ -598,7 +598,7 @@ numeric_name_to_id(struct svc_rqst *rqstp, int type, const char *name, u32 namel
3396 - /* Just to make sure it's null-terminated: */
3397 - memcpy(buf, name, namelen);
3398 - buf[namelen] = '\0';
3399 -- ret = kstrtouint(name, 10, id);
3400 -+ ret = kstrtouint(buf, 10, id);
3401 - return ret == 0;
3402 - }
3403 -
3404 -diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
3405 -index cc894ed..5b3224c 100644
3406 ---- a/fs/nfsd/nfs4state.c
3407 -+++ b/fs/nfsd/nfs4state.c
3408 -@@ -1223,10 +1223,26 @@ static bool groups_equal(struct group_info *g1, struct group_info *g2)
3409 - return true;
3410 - }
3411 -
3412 -+/*
3413 -+ * RFC 3530 language requires clid_inuse be returned when the
3414 -+ * "principal" associated with a requests differs from that previously
3415 -+ * used. We use uid, gid's, and gss principal string as our best
3416 -+ * approximation. We also don't want to allow non-gss use of a client
3417 -+ * established using gss: in theory cr_principal should catch that
3418 -+ * change, but in practice cr_principal can be null even in the gss case
3419 -+ * since gssd doesn't always pass down a principal string.
3420 -+ */
3421 -+static bool is_gss_cred(struct svc_cred *cr)
3422 -+{
3423 -+ /* Is cr_flavor one of the gss "pseudoflavors"?: */
3424 -+ return (cr->cr_flavor > RPC_AUTH_MAXFLAVOR);
3425 -+}
3426 -+
3427 -+
3428 - static bool
3429 - same_creds(struct svc_cred *cr1, struct svc_cred *cr2)
3430 - {
3431 -- if ((cr1->cr_flavor != cr2->cr_flavor)
3432 -+ if ((is_gss_cred(cr1) != is_gss_cred(cr2))
3433 - || (cr1->cr_uid != cr2->cr_uid)
3434 - || (cr1->cr_gid != cr2->cr_gid)
3435 - || !groups_equal(cr1->cr_group_info, cr2->cr_group_info))
3436 -@@ -3766,6 +3782,7 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
3437 - memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));
3438 -
3439 - nfsd4_close_open_stateid(stp);
3440 -+ release_last_closed_stateid(oo);
3441 - oo->oo_last_closed_stid = stp;
3442 -
3443 - if (list_empty(&oo->oo_owner.so_stateids)) {
3444 -diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
3445 -index 855da58..63ce6be 100644
3446 ---- a/fs/reiserfs/inode.c
3447 -+++ b/fs/reiserfs/inode.c
3448 -@@ -1573,8 +1573,10 @@ struct dentry *reiserfs_fh_to_dentry(struct super_block *sb, struct fid *fid,
3449 - reiserfs_warning(sb, "reiserfs-13077",
3450 - "nfsd/reiserfs, fhtype=%d, len=%d - odd",
3451 - fh_type, fh_len);
3452 -- fh_type = 5;
3453 -+ fh_type = fh_len;
3454 - }
3455 -+ if (fh_len < 2)
3456 -+ return NULL;
3457 -
3458 - return reiserfs_get_dentry(sb, fid->raw[0], fid->raw[1],
3459 - (fh_type == 3 || fh_type >= 5) ? fid->raw[2] : 0);
3460 -@@ -1583,6 +1585,8 @@ struct dentry *reiserfs_fh_to_dentry(struct super_block *sb, struct fid *fid,
3461 - struct dentry *reiserfs_fh_to_parent(struct super_block *sb, struct fid *fid,
3462 - int fh_len, int fh_type)
3463 - {
3464 -+ if (fh_type > fh_len)
3465 -+ fh_type = fh_len;
3466 - if (fh_type < 4)
3467 - return NULL;
3468 -
3469 -diff --git a/fs/xfs/xfs_export.c b/fs/xfs/xfs_export.c
3470 -index 4267922..8c6d1d7 100644
3471 ---- a/fs/xfs/xfs_export.c
3472 -+++ b/fs/xfs/xfs_export.c
3473 -@@ -189,6 +189,9 @@ xfs_fs_fh_to_parent(struct super_block *sb, struct fid *fid,
3474 - struct xfs_fid64 *fid64 = (struct xfs_fid64 *)fid;
3475 - struct inode *inode = NULL;
3476 -
3477 -+ if (fh_len < xfs_fileid_length(fileid_type))
3478 -+ return NULL;
3479 -+
3480 - switch (fileid_type) {
3481 - case FILEID_INO32_GEN_PARENT:
3482 - inode = xfs_nfs_get_inode(sb, fid->i32.parent_ino,
3483 -diff --git a/include/linux/mtd/nand.h b/include/linux/mtd/nand.h
3484 -index 57977c6..e5cf2c8 100644
3485 ---- a/include/linux/mtd/nand.h
3486 -+++ b/include/linux/mtd/nand.h
3487 -@@ -212,9 +212,6 @@ typedef enum {
3488 - #define NAND_SUBPAGE_READ(chip) ((chip->ecc.mode == NAND_ECC_SOFT) \
3489 - && (chip->page_shift > 9))
3490 -
3491 --/* Mask to zero out the chip options, which come from the id table */
3492 --#define NAND_CHIPOPTIONS_MSK 0x0000ffff
3493 --
3494 - /* Non chip related options */
3495 - /* This option skips the bbt scan during initialization. */
3496 - #define NAND_SKIP_BBTSCAN 0x00010000
3497 -diff --git a/kernel/audit.c b/kernel/audit.c
3498 -index ea3b7b6..a8c84be 100644
3499 ---- a/kernel/audit.c
3500 -+++ b/kernel/audit.c
3501 -@@ -1466,6 +1466,8 @@ void audit_log_link_denied(const char *operation, struct path *link)
3502 -
3503 - ab = audit_log_start(current->audit_context, GFP_KERNEL,
3504 - AUDIT_ANOM_LINK);
3505 -+ if (!ab)
3506 -+ return;
3507 - audit_log_format(ab, "op=%s action=denied", operation);
3508 - audit_log_format(ab, " pid=%d comm=", current->pid);
3509 - audit_log_untrustedstring(ab, current->comm);
3510 -diff --git a/kernel/debug/kdb/kdb_io.c b/kernel/debug/kdb/kdb_io.c
3511 -index 0a69d2a..14ff484 100644
3512 ---- a/kernel/debug/kdb/kdb_io.c
3513 -+++ b/kernel/debug/kdb/kdb_io.c
3514 -@@ -552,6 +552,7 @@ int vkdb_printf(const char *fmt, va_list ap)
3515 - {
3516 - int diag;
3517 - int linecount;
3518 -+ int colcount;
3519 - int logging, saved_loglevel = 0;
3520 - int saved_trap_printk;
3521 - int got_printf_lock = 0;
3522 -@@ -584,6 +585,10 @@ int vkdb_printf(const char *fmt, va_list ap)
3523 - if (diag || linecount <= 1)
3524 - linecount = 24;
3525 -
3526 -+ diag = kdbgetintenv("COLUMNS", &colcount);
3527 -+ if (diag || colcount <= 1)
3528 -+ colcount = 80;
3529 -+
3530 - diag = kdbgetintenv("LOGGING", &logging);
3531 - if (diag)
3532 - logging = 0;
3533 -@@ -690,7 +695,7 @@ kdb_printit:
3534 - gdbstub_msg_write(kdb_buffer, retlen);
3535 - } else {
3536 - if (dbg_io_ops && !dbg_io_ops->is_console) {
3537 -- len = strlen(kdb_buffer);
3538 -+ len = retlen;
3539 - cp = kdb_buffer;
3540 - while (len--) {
3541 - dbg_io_ops->write_char(*cp);
3542 -@@ -709,11 +714,29 @@ kdb_printit:
3543 - printk(KERN_INFO "%s", kdb_buffer);
3544 - }
3545 -
3546 -- if (KDB_STATE(PAGER) && strchr(kdb_buffer, '\n'))
3547 -- kdb_nextline++;
3548 -+ if (KDB_STATE(PAGER)) {
3549 -+ /*
3550 -+ * Check printed string to decide how to bump the
3551 -+ * kdb_nextline to control when the more prompt should
3552 -+ * show up.
3553 -+ */
3554 -+ int got = 0;
3555 -+ len = retlen;
3556 -+ while (len--) {
3557 -+ if (kdb_buffer[len] == '\n') {
3558 -+ kdb_nextline++;
3559 -+ got = 0;
3560 -+ } else if (kdb_buffer[len] == '\r') {
3561 -+ got = 0;
3562 -+ } else {
3563 -+ got++;
3564 -+ }
3565 -+ }
3566 -+ kdb_nextline += got / (colcount + 1);
3567 -+ }
3568 -
3569 - /* check for having reached the LINES number of printed lines */
3570 -- if (kdb_nextline == linecount) {
3571 -+ if (kdb_nextline >= linecount) {
3572 - char buf1[16] = "";
3573 -
3574 - /* Watch out for recursion here. Any routine that calls
3575 -@@ -765,7 +788,7 @@ kdb_printit:
3576 - kdb_grepping_flag = 0;
3577 - kdb_printf("\n");
3578 - } else if (buf1[0] == ' ') {
3579 -- kdb_printf("\n");
3580 -+ kdb_printf("\r");
3581 - suspend_grep = 1; /* for this recursion */
3582 - } else if (buf1[0] == '\n') {
3583 - kdb_nextline = linecount - 1;
3584 -diff --git a/kernel/module.c b/kernel/module.c
3585 -index 4edbd9c..9ad9ee9 100644
3586 ---- a/kernel/module.c
3587 -+++ b/kernel/module.c
3588 -@@ -2730,6 +2730,10 @@ static int check_module_license_and_versions(struct module *mod)
3589 - if (strcmp(mod->name, "driverloader") == 0)
3590 - add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
3591 -
3592 -+ /* lve claims to be GPL but upstream won't provide source */
3593 -+ if (strcmp(mod->name, "lve") == 0)
3594 -+ add_taint_module(mod, TAINT_PROPRIETARY_MODULE);
3595 -+
3596 - #ifdef CONFIG_MODVERSIONS
3597 - if ((mod->num_syms && !mod->crcs)
3598 - || (mod->num_gpl_syms && !mod->gpl_crcs)
3599 -diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c
3600 -index 3a9e5d5..e430b97 100644
3601 ---- a/kernel/time/tick-sched.c
3602 -+++ b/kernel/time/tick-sched.c
3603 -@@ -835,7 +835,7 @@ static enum hrtimer_restart tick_sched_timer(struct hrtimer *timer)
3604 - */
3605 - if (ts->tick_stopped) {
3606 - touch_softlockup_watchdog();
3607 -- if (idle_cpu(cpu))
3608 -+ if (is_idle_task(current))
3609 - ts->idle_jiffies++;
3610 - }
3611 - update_process_times(user_mode(regs));
3612 -diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
3613 -index d3b91e7..f791637 100644
3614 ---- a/kernel/time/timekeeping.c
3615 -+++ b/kernel/time/timekeeping.c
3616 -@@ -1111,7 +1111,7 @@ static cycle_t logarithmic_accumulation(struct timekeeper *tk, cycle_t offset,
3617 - accumulate_nsecs_to_secs(tk);
3618 -
3619 - /* Accumulate raw time */
3620 -- raw_nsecs = tk->raw_interval << shift;
3621 -+ raw_nsecs = (u64)tk->raw_interval << shift;
3622 - raw_nsecs += tk->raw_time.tv_nsec;
3623 - if (raw_nsecs >= NSEC_PER_SEC) {
3624 - u64 raw_secs = raw_nsecs;
3625 -diff --git a/kernel/timer.c b/kernel/timer.c
3626 -index 8c5e7b9..46ef2b1 100644
3627 ---- a/kernel/timer.c
3628 -+++ b/kernel/timer.c
3629 -@@ -63,6 +63,7 @@ EXPORT_SYMBOL(jiffies_64);
3630 - #define TVR_SIZE (1 << TVR_BITS)
3631 - #define TVN_MASK (TVN_SIZE - 1)
3632 - #define TVR_MASK (TVR_SIZE - 1)
3633 -+#define MAX_TVAL ((unsigned long)((1ULL << (TVR_BITS + 4*TVN_BITS)) - 1))
3634 -
3635 - struct tvec {
3636 - struct list_head vec[TVN_SIZE];
3637 -@@ -358,11 +359,12 @@ __internal_add_timer(struct tvec_base *base, struct timer_list *timer)
3638 - vec = base->tv1.vec + (base->timer_jiffies & TVR_MASK);
3639 - } else {
3640 - int i;
3641 -- /* If the timeout is larger than 0xffffffff on 64-bit
3642 -- * architectures then we use the maximum timeout:
3643 -+ /* If the timeout is larger than MAX_TVAL (on 64-bit
3644 -+ * architectures or with CONFIG_BASE_SMALL=1) then we
3645 -+ * use the maximum timeout.
3646 - */
3647 -- if (idx > 0xffffffffUL) {
3648 -- idx = 0xffffffffUL;
3649 -+ if (idx > MAX_TVAL) {
3650 -+ idx = MAX_TVAL;
3651 - expires = idx + base->timer_jiffies;
3652 - }
3653 - i = (expires >> (TVR_BITS + 3 * TVN_BITS)) & TVN_MASK;
3654 -diff --git a/mm/shmem.c b/mm/shmem.c
3655 -index d4e184e..d2eeca1 100644
3656 ---- a/mm/shmem.c
3657 -+++ b/mm/shmem.c
3658 -@@ -2366,12 +2366,14 @@ static struct dentry *shmem_fh_to_dentry(struct super_block *sb,
3659 - {
3660 - struct inode *inode;
3661 - struct dentry *dentry = NULL;
3662 -- u64 inum = fid->raw[2];
3663 -- inum = (inum << 32) | fid->raw[1];
3664 -+ u64 inum;
3665 -
3666 - if (fh_len < 3)
3667 - return NULL;
3668 -
3669 -+ inum = fid->raw[2];
3670 -+ inum = (inum << 32) | fid->raw[1];
3671 -+
3672 - inode = ilookup5(sb, (unsigned long)(inum + fid->raw[0]),
3673 - shmem_match, fid->raw);
3674 - if (inode) {
3675 -diff --git a/net/core/pktgen.c b/net/core/pktgen.c
3676 -index 148e73d..e356b8d 100644
3677 ---- a/net/core/pktgen.c
3678 -+++ b/net/core/pktgen.c
3679 -@@ -2927,7 +2927,7 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
3680 - sizeof(struct ipv6hdr) - sizeof(struct udphdr) -
3681 - pkt_dev->pkt_overhead;
3682 -
3683 -- if (datalen < sizeof(struct pktgen_hdr)) {
3684 -+ if (datalen < 0 || datalen < sizeof(struct pktgen_hdr)) {
3685 - datalen = sizeof(struct pktgen_hdr);
3686 - net_info_ratelimited("increased datalen to %d\n", datalen);
3687 - }
3688 -diff --git a/net/mac80211/status.c b/net/mac80211/status.c
3689 -index 8cd7291..118329a 100644
3690 ---- a/net/mac80211/status.c
3691 -+++ b/net/mac80211/status.c
3692 -@@ -34,7 +34,7 @@ void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
3693 - skb_queue_len(&local->skb_queue_unreliable);
3694 - while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
3695 - (skb = skb_dequeue(&local->skb_queue_unreliable))) {
3696 -- dev_kfree_skb_irq(skb);
3697 -+ ieee80211_free_txskb(hw, skb);
3698 - tmp--;
3699 - I802_DEBUG_INC(local->tx_status_drop);
3700 - }
3701 -@@ -159,7 +159,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
3702 - "dropped TX filtered frame, queue_len=%d PS=%d @%lu\n",
3703 - skb_queue_len(&sta->tx_filtered[ac]),
3704 - !!test_sta_flag(sta, WLAN_STA_PS_STA), jiffies);
3705 -- dev_kfree_skb(skb);
3706 -+ ieee80211_free_txskb(&local->hw, skb);
3707 - }
3708 -
3709 - static void ieee80211_check_pending_bar(struct sta_info *sta, u8 *addr, u8 tid)
3710 -diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
3711 -index c5e8c9c..362c418 100644
3712 ---- a/net/mac80211/tx.c
3713 -+++ b/net/mac80211/tx.c
3714 -@@ -354,7 +354,7 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
3715 - total += skb_queue_len(&sta->ps_tx_buf[ac]);
3716 - if (skb) {
3717 - purged++;
3718 -- dev_kfree_skb(skb);
3719 -+ ieee80211_free_txskb(&local->hw, skb);
3720 - break;
3721 - }
3722 - }
3723 -@@ -466,7 +466,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
3724 - ps_dbg(tx->sdata,
3725 - "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
3726 - sta->sta.addr, ac);
3727 -- dev_kfree_skb(old);
3728 -+ ieee80211_free_txskb(&local->hw, old);
3729 - } else
3730 - tx->local->total_ps_buffered++;
3731 -
3732 -@@ -1103,7 +1103,7 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
3733 - spin_unlock(&tx->sta->lock);
3734 -
3735 - if (purge_skb)
3736 -- dev_kfree_skb(purge_skb);
3737 -+ ieee80211_free_txskb(&tx->local->hw, purge_skb);
3738 - }
3739 -
3740 - /* reset session timer */
3741 -@@ -1214,7 +1214,7 @@ static bool ieee80211_tx_frags(struct ieee80211_local *local,
3742 - #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
3743 - if (WARN_ON_ONCE(q >= local->hw.queues)) {
3744 - __skb_unlink(skb, skbs);
3745 -- dev_kfree_skb(skb);
3746 -+ ieee80211_free_txskb(&local->hw, skb);
3747 - continue;
3748 - }
3749 - #endif
3750 -@@ -1356,7 +1356,7 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
3751 - if (unlikely(res == TX_DROP)) {
3752 - I802_DEBUG_INC(tx->local->tx_handlers_drop);
3753 - if (tx->skb)
3754 -- dev_kfree_skb(tx->skb);
3755 -+ ieee80211_free_txskb(&tx->local->hw, tx->skb);
3756 - else
3757 - __skb_queue_purge(&tx->skbs);
3758 - return -1;
3759 -@@ -1393,7 +1393,7 @@ static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
3760 - res_prepare = ieee80211_tx_prepare(sdata, &tx, skb);
3761 -
3762 - if (unlikely(res_prepare == TX_DROP)) {
3763 -- dev_kfree_skb(skb);
3764 -+ ieee80211_free_txskb(&local->hw, skb);
3765 - goto out;
3766 - } else if (unlikely(res_prepare == TX_QUEUED)) {
3767 - goto out;
3768 -@@ -1466,7 +1466,7 @@ void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
3769 - headroom = max_t(int, 0, headroom);
3770 -
3771 - if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) {
3772 -- dev_kfree_skb(skb);
3773 -+ ieee80211_free_txskb(&local->hw, skb);
3774 - rcu_read_unlock();
3775 - return;
3776 - }
3777 -@@ -2060,8 +2060,10 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
3778 - head_need += IEEE80211_ENCRYPT_HEADROOM;
3779 - head_need += local->tx_headroom;
3780 - head_need = max_t(int, 0, head_need);
3781 -- if (ieee80211_skb_resize(sdata, skb, head_need, true))
3782 -- goto fail;
3783 -+ if (ieee80211_skb_resize(sdata, skb, head_need, true)) {
3784 -+ ieee80211_free_txskb(&local->hw, skb);
3785 -+ return NETDEV_TX_OK;
3786 -+ }
3787 - }
3788 -
3789 - if (encaps_data) {
3790 -@@ -2196,7 +2198,7 @@ void ieee80211_tx_pending(unsigned long data)
3791 - struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3792 -
3793 - if (WARN_ON(!info->control.vif)) {
3794 -- kfree_skb(skb);
3795 -+ ieee80211_free_txskb(&local->hw, skb);
3796 - continue;
3797 - }
3798 -
3799 -diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
3800 -index a35b8e5..d1988cf 100644
3801 ---- a/net/sunrpc/xprtsock.c
3802 -+++ b/net/sunrpc/xprtsock.c
3803 -@@ -1025,6 +1025,16 @@ static void xs_udp_data_ready(struct sock *sk, int len)
3804 - read_unlock_bh(&sk->sk_callback_lock);
3805 - }
3806 -
3807 -+/*
3808 -+ * Helper function to force a TCP close if the server is sending
3809 -+ * junk and/or it has put us in CLOSE_WAIT
3810 -+ */
3811 -+static void xs_tcp_force_close(struct rpc_xprt *xprt)
3812 -+{
3813 -+ set_bit(XPRT_CONNECTION_CLOSE, &xprt->state);
3814 -+ xprt_force_disconnect(xprt);
3815 -+}
3816 -+
3817 - static inline void xs_tcp_read_fraghdr(struct rpc_xprt *xprt, struct xdr_skb_reader *desc)
3818 - {
3819 - struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt);
3820 -@@ -1051,7 +1061,7 @@ static inline void xs_tcp_read_fraghdr(struct rpc_xprt *xprt, struct xdr_skb_rea
3821 - /* Sanity check of the record length */
3822 - if (unlikely(transport->tcp_reclen < 8)) {
3823 - dprintk("RPC: invalid TCP record fragment length\n");
3824 -- xprt_force_disconnect(xprt);
3825 -+ xs_tcp_force_close(xprt);
3826 - return;
3827 - }
3828 - dprintk("RPC: reading TCP record fragment of length %d\n",
3829 -@@ -1132,7 +1142,7 @@ static inline void xs_tcp_read_calldir(struct sock_xprt *transport,
3830 - break;
3831 - default:
3832 - dprintk("RPC: invalid request message type\n");
3833 -- xprt_force_disconnect(&transport->xprt);
3834 -+ xs_tcp_force_close(&transport->xprt);
3835 - }
3836 - xs_tcp_check_fraghdr(transport);
3837 - }
3838 -@@ -1455,6 +1465,8 @@ static void xs_tcp_cancel_linger_timeout(struct rpc_xprt *xprt)
3839 - static void xs_sock_mark_closed(struct rpc_xprt *xprt)
3840 - {
3841 - smp_mb__before_clear_bit();
3842 -+ clear_bit(XPRT_CONNECTION_ABORT, &xprt->state);
3843 -+ clear_bit(XPRT_CONNECTION_CLOSE, &xprt->state);
3844 - clear_bit(XPRT_CLOSE_WAIT, &xprt->state);
3845 - clear_bit(XPRT_CLOSING, &xprt->state);
3846 - smp_mb__after_clear_bit();
3847 -@@ -1512,8 +1524,8 @@ static void xs_tcp_state_change(struct sock *sk)
3848 - break;
3849 - case TCP_CLOSE_WAIT:
3850 - /* The server initiated a shutdown of the socket */
3851 -- xprt_force_disconnect(xprt);
3852 - xprt->connect_cookie++;
3853 -+ xs_tcp_force_close(xprt);
3854 - case TCP_CLOSING:
3855 - /*
3856 - * If the server closed down the connection, make sure that
3857 -@@ -2199,8 +2211,7 @@ static void xs_tcp_setup_socket(struct work_struct *work)
3858 - /* We're probably in TIME_WAIT. Get rid of existing socket,
3859 - * and retry
3860 - */
3861 -- set_bit(XPRT_CONNECTION_CLOSE, &xprt->state);
3862 -- xprt_force_disconnect(xprt);
3863 -+ xs_tcp_force_close(xprt);
3864 - break;
3865 - case -ECONNREFUSED:
3866 - case -ECONNRESET:
3867 -diff --git a/scripts/Makefile.fwinst b/scripts/Makefile.fwinst
3868 -index c3f69ae..4d908d1 100644
3869 ---- a/scripts/Makefile.fwinst
3870 -+++ b/scripts/Makefile.fwinst
3871 -@@ -27,7 +27,7 @@ endif
3872 - installed-mod-fw := $(addprefix $(INSTALL_FW_PATH)/,$(mod-fw))
3873 -
3874 - installed-fw := $(addprefix $(INSTALL_FW_PATH)/,$(fw-shipped-all))
3875 --installed-fw-dirs := $(sort $(dir $(installed-fw))) $(INSTALL_FW_PATH)/.
3876 -+installed-fw-dirs := $(sort $(dir $(installed-fw))) $(INSTALL_FW_PATH)/./
3877 -
3878 - # Workaround for make < 3.81, where .SECONDEXPANSION doesn't work.
3879 - PHONY += $(INSTALL_FW_PATH)/$$(%) install-all-dirs
3880 -@@ -42,7 +42,7 @@ quiet_cmd_install = INSTALL $(subst $(srctree)/,,$@)
3881 - $(installed-fw-dirs):
3882 - $(call cmd,mkdir)
3883 -
3884 --$(installed-fw): $(INSTALL_FW_PATH)/%: $(obj)/% | $$(dir $(INSTALL_FW_PATH)/%)
3885 -+$(installed-fw): $(INSTALL_FW_PATH)/%: $(obj)/% | $(INSTALL_FW_PATH)/$$(dir %)
3886 - $(call cmd,install)
3887 -
3888 - PHONY += __fw_install __fw_modinst FORCE
3889 -diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
3890 -index 9473fca..8b0f996 100644
3891 ---- a/sound/pci/ac97/ac97_codec.c
3892 -+++ b/sound/pci/ac97/ac97_codec.c
3893 -@@ -1271,6 +1271,8 @@ static int snd_ac97_cvol_new(struct snd_card *card, char *name, int reg, unsigne
3894 - tmp.index = ac97->num;
3895 - kctl = snd_ctl_new1(&tmp, ac97);
3896 - }
3897 -+ if (!kctl)
3898 -+ return -ENOMEM;
3899 - if (reg >= AC97_PHONE && reg <= AC97_PCM)
3900 - set_tlv_db_scale(kctl, db_scale_5bit_12db_max);
3901 - else
3902 -diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c
3903 -index 7549240..a78fdf4 100644
3904 ---- a/sound/pci/emu10k1/emu10k1_main.c
3905 -+++ b/sound/pci/emu10k1/emu10k1_main.c
3906 -@@ -1416,6 +1416,15 @@ static struct snd_emu_chip_details emu_chip_details[] = {
3907 - .ca0108_chip = 1,
3908 - .spk71 = 1,
3909 - .emu_model = EMU_MODEL_EMU1010B}, /* EMU 1010 new revision */
3910 -+ /* Tested by Maxim Kachur <mcdebugger@×××××××.ru> 17th Oct 2012. */
3911 -+ /* This is MAEM8986, 0202 is MAEM8980 */
3912 -+ {.vendor = 0x1102, .device = 0x0008, .subsystem = 0x40071102,
3913 -+ .driver = "Audigy2", .name = "E-mu 1010 PCIe [MAEM8986]",
3914 -+ .id = "EMU1010",
3915 -+ .emu10k2_chip = 1,
3916 -+ .ca0108_chip = 1,
3917 -+ .spk71 = 1,
3918 -+ .emu_model = EMU_MODEL_EMU1010B}, /* EMU 1010 PCIe */
3919 - /* Tested by James@×××××××××××.uk 8th July 2005. */
3920 - /* This is MAEM8810, 0202 is MAEM8820 */
3921 - {.vendor = 0x1102, .device = 0x0004, .subsystem = 0x40011102,
3922 -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
3923 -index 12a9432..a5dc746 100644
3924 ---- a/sound/pci/hda/hda_intel.c
3925 -+++ b/sound/pci/hda/hda_intel.c
3926 -@@ -487,6 +487,7 @@ struct azx {
3927 -
3928 - /* VGA-switcheroo setup */
3929 - unsigned int use_vga_switcheroo:1;
3930 -+ unsigned int vga_switcheroo_registered:1;
3931 - unsigned int init_failed:1; /* delayed init failed */
3932 - unsigned int disabled:1; /* disabled by VGA-switcher */
3933 -
3934 -@@ -2135,9 +2136,12 @@ static unsigned int azx_get_position(struct azx *chip,
3935 - if (delay < 0)
3936 - delay += azx_dev->bufsize;
3937 - if (delay >= azx_dev->period_bytes) {
3938 -- snd_printdd("delay %d > period_bytes %d\n",
3939 -- delay, azx_dev->period_bytes);
3940 -- delay = 0; /* something is wrong */
3941 -+ snd_printk(KERN_WARNING SFX
3942 -+ "Unstable LPIB (%d >= %d); "
3943 -+ "disabling LPIB delay counting\n",
3944 -+ delay, azx_dev->period_bytes);
3945 -+ delay = 0;
3946 -+ chip->driver_caps &= ~AZX_DCAPS_COUNT_LPIB_DELAY;
3947 - }
3948 - azx_dev->substream->runtime->delay =
3949 - bytes_to_frames(azx_dev->substream->runtime, delay);
3950 -@@ -2556,7 +2560,9 @@ static void azx_vs_set_state(struct pci_dev *pci,
3951 - if (disabled) {
3952 - azx_suspend(&pci->dev);
3953 - chip->disabled = true;
3954 -- snd_hda_lock_devices(chip->bus);
3955 -+ if (snd_hda_lock_devices(chip->bus))
3956 -+ snd_printk(KERN_WARNING SFX
3957 -+ "Cannot lock devices!\n");
3958 - } else {
3959 - snd_hda_unlock_devices(chip->bus);
3960 - chip->disabled = false;
3961 -@@ -2599,14 +2605,20 @@ static const struct vga_switcheroo_client_ops azx_vs_ops = {
3962 -
3963 - static int __devinit register_vga_switcheroo(struct azx *chip)
3964 - {
3965 -+ int err;
3966 -+
3967 - if (!chip->use_vga_switcheroo)
3968 - return 0;
3969 - /* FIXME: currently only handling DIS controller
3970 - * is there any machine with two switchable HDMI audio controllers?
3971 - */
3972 -- return vga_switcheroo_register_audio_client(chip->pci, &azx_vs_ops,
3973 -+ err = vga_switcheroo_register_audio_client(chip->pci, &azx_vs_ops,
3974 - VGA_SWITCHEROO_DIS,
3975 - chip->bus != NULL);
3976 -+ if (err < 0)
3977 -+ return err;
3978 -+ chip->vga_switcheroo_registered = 1;
3979 -+ return 0;
3980 - }
3981 - #else
3982 - #define init_vga_switcheroo(chip) /* NOP */
3983 -@@ -2626,7 +2638,8 @@ static int azx_free(struct azx *chip)
3984 - if (use_vga_switcheroo(chip)) {
3985 - if (chip->disabled && chip->bus)
3986 - snd_hda_unlock_devices(chip->bus);
3987 -- vga_switcheroo_unregister_client(chip->pci);
3988 -+ if (chip->vga_switcheroo_registered)
3989 -+ vga_switcheroo_unregister_client(chip->pci);
3990 - }
3991 -
3992 - if (chip->initialized) {
3993 -@@ -2974,14 +2987,6 @@ static int __devinit azx_create(struct snd_card *card, struct pci_dev *pci,
3994 - }
3995 -
3996 - ok:
3997 -- err = register_vga_switcheroo(chip);
3998 -- if (err < 0) {
3999 -- snd_printk(KERN_ERR SFX
4000 -- "Error registering VGA-switcheroo client\n");
4001 -- azx_free(chip);
4002 -- return err;
4003 -- }
4004 --
4005 - err = snd_device_new(card, SNDRV_DEV_LOWLEVEL, chip, &ops);
4006 - if (err < 0) {
4007 - snd_printk(KERN_ERR SFX "Error creating device [card]!\n");
4008 -@@ -3208,6 +3213,13 @@ static int __devinit azx_probe(struct pci_dev *pci,
4009 -
4010 - pci_set_drvdata(pci, card);
4011 -
4012 -+ err = register_vga_switcheroo(chip);
4013 -+ if (err < 0) {
4014 -+ snd_printk(KERN_ERR SFX
4015 -+ "Error registering VGA-switcheroo client\n");
4016 -+ goto out_free;
4017 -+ }
4018 -+
4019 - dev++;
4020 - return 0;
4021 -
4022 -diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c
4023 -index 0c4c1a6..cc31346 100644
4024 ---- a/sound/pci/hda/patch_cirrus.c
4025 -+++ b/sound/pci/hda/patch_cirrus.c
4026 -@@ -1417,7 +1417,7 @@ static int patch_cs420x(struct hda_codec *codec)
4027 - return 0;
4028 -
4029 - error:
4030 -- kfree(codec->spec);
4031 -+ cs_free(codec);
4032 - codec->spec = NULL;
4033 - return err;
4034 - }
4035 -@@ -1974,7 +1974,7 @@ static int patch_cs4210(struct hda_codec *codec)
4036 - return 0;
4037 -
4038 - error:
4039 -- kfree(codec->spec);
4040 -+ cs_free(codec);
4041 - codec->spec = NULL;
4042 - return err;
4043 - }
4044 -@@ -1999,7 +1999,7 @@ static int patch_cs4213(struct hda_codec *codec)
4045 - return 0;
4046 -
4047 - error:
4048 -- kfree(codec->spec);
4049 -+ cs_free(codec);
4050 - codec->spec = NULL;
4051 - return err;
4052 - }
4053 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
4054 -index 56a3eef..155cbd2 100644
4055 ---- a/sound/pci/hda/patch_realtek.c
4056 -+++ b/sound/pci/hda/patch_realtek.c
4057 -@@ -611,6 +611,8 @@ static void alc_line_automute(struct hda_codec *codec)
4058 - {
4059 - struct alc_spec *spec = codec->spec;
4060 -
4061 -+ if (spec->autocfg.line_out_type == AUTO_PIN_SPEAKER_OUT)
4062 -+ return;
4063 - /* check LO jack only when it's different from HP */
4064 - if (spec->autocfg.line_out_pins[0] == spec->autocfg.hp_pins[0])
4065 - return;
4066 -@@ -2627,8 +2629,10 @@ static const char *alc_get_line_out_pfx(struct alc_spec *spec, int ch,
4067 - return "PCM";
4068 - break;
4069 - }
4070 -- if (snd_BUG_ON(ch >= ARRAY_SIZE(channel_name)))
4071 -+ if (ch >= ARRAY_SIZE(channel_name)) {
4072 -+ snd_BUG();
4073 - return "PCM";
4074 -+ }
4075 -
4076 - return channel_name[ch];
4077 - }
4078 -diff --git a/sound/pci/hda/patch_via.c b/sound/pci/hda/patch_via.c
4079 -index 4b4072f..4c404a0 100644
4080 ---- a/sound/pci/hda/patch_via.c
4081 -+++ b/sound/pci/hda/patch_via.c
4082 -@@ -118,6 +118,8 @@ enum {
4083 - };
4084 -
4085 - struct via_spec {
4086 -+ struct hda_gen_spec gen;
4087 -+
4088 - /* codec parameterization */
4089 - const struct snd_kcontrol_new *mixers[6];
4090 - unsigned int num_mixers;
4091 -@@ -246,6 +248,7 @@ static struct via_spec * via_new_spec(struct hda_codec *codec)
4092 - /* VT1708BCE & VT1708S are almost same */
4093 - if (spec->codec_type == VT1708BCE)
4094 - spec->codec_type = VT1708S;
4095 -+ snd_hda_gen_init(&spec->gen);
4096 - return spec;
4097 - }
4098 -
4099 -@@ -1628,6 +1631,7 @@ static void via_free(struct hda_codec *codec)
4100 - vt1708_stop_hp_work(spec);
4101 - kfree(spec->bind_cap_vol);
4102 - kfree(spec->bind_cap_sw);
4103 -+ snd_hda_gen_free(&spec->gen);
4104 - kfree(spec);
4105 - }
4106 -
4107 -diff --git a/sound/soc/codecs/wm2200.c b/sound/soc/codecs/wm2200.c
4108 -index 32682c1..c8bff6d 100644
4109 ---- a/sound/soc/codecs/wm2200.c
4110 -+++ b/sound/soc/codecs/wm2200.c
4111 -@@ -1028,7 +1028,7 @@ SOC_DOUBLE_R_TLV("OUT2 Digital Volume", WM2200_DAC_DIGITAL_VOLUME_2L,
4112 - WM2200_DAC_DIGITAL_VOLUME_2R, WM2200_OUT2L_VOL_SHIFT, 0x9f, 0,
4113 - digital_tlv),
4114 - SOC_DOUBLE("OUT2 Switch", WM2200_PDM_1, WM2200_SPK1L_MUTE_SHIFT,
4115 -- WM2200_SPK1R_MUTE_SHIFT, 1, 0),
4116 -+ WM2200_SPK1R_MUTE_SHIFT, 1, 1),
4117 - };
4118 -
4119 - WM2200_MIXER_ENUMS(OUT1L, WM2200_OUT1LMIX_INPUT_1_SOURCE);
4120 -@@ -2091,6 +2091,7 @@ static __devinit int wm2200_i2c_probe(struct i2c_client *i2c,
4121 -
4122 - switch (wm2200->rev) {
4123 - case 0:
4124 -+ case 1:
4125 - ret = regmap_register_patch(wm2200->regmap, wm2200_reva_patch,
4126 - ARRAY_SIZE(wm2200_reva_patch));
4127 - if (ret != 0) {
4128 -diff --git a/sound/soc/omap/omap-abe-twl6040.c b/sound/soc/omap/omap-abe-twl6040.c
4129 -index 9d93793..f8fba57 100644
4130 ---- a/sound/soc/omap/omap-abe-twl6040.c
4131 -+++ b/sound/soc/omap/omap-abe-twl6040.c
4132 -@@ -190,7 +190,7 @@ static int omap_abe_twl6040_init(struct snd_soc_pcm_runtime *rtd)
4133 - twl6040_disconnect_pin(dapm, pdata->has_hf, "Ext Spk");
4134 - twl6040_disconnect_pin(dapm, pdata->has_ep, "Earphone Spk");
4135 - twl6040_disconnect_pin(dapm, pdata->has_aux, "Line Out");
4136 -- twl6040_disconnect_pin(dapm, pdata->has_vibra, "Vinrator");
4137 -+ twl6040_disconnect_pin(dapm, pdata->has_vibra, "Vibrator");
4138 - twl6040_disconnect_pin(dapm, pdata->has_hsmic, "Headset Mic");
4139 - twl6040_disconnect_pin(dapm, pdata->has_mainmic, "Main Handset Mic");
4140 - twl6040_disconnect_pin(dapm, pdata->has_submic, "Sub Handset Mic");
4141 -diff --git a/sound/soc/sh/fsi.c b/sound/soc/sh/fsi.c
4142 -index 0540408..1bb0d58c 100644
4143 ---- a/sound/soc/sh/fsi.c
4144 -+++ b/sound/soc/sh/fsi.c
4145 -@@ -20,6 +20,7 @@
4146 - #include <linux/sh_dma.h>
4147 - #include <linux/slab.h>
4148 - #include <linux/module.h>
4149 -+#include <linux/workqueue.h>
4150 - #include <sound/soc.h>
4151 - #include <sound/sh_fsi.h>
4152 -
4153 -@@ -223,7 +224,7 @@ struct fsi_stream {
4154 - */
4155 - struct dma_chan *chan;
4156 - struct sh_dmae_slave slave; /* see fsi_handler_init() */
4157 -- struct tasklet_struct tasklet;
4158 -+ struct work_struct work;
4159 - dma_addr_t dma;
4160 - };
4161 -
4162 -@@ -1085,9 +1086,9 @@ static void fsi_dma_complete(void *data)
4163 - snd_pcm_period_elapsed(io->substream);
4164 - }
4165 -
4166 --static void fsi_dma_do_tasklet(unsigned long data)
4167 -+static void fsi_dma_do_work(struct work_struct *work)
4168 - {
4169 -- struct fsi_stream *io = (struct fsi_stream *)data;
4170 -+ struct fsi_stream *io = container_of(work, struct fsi_stream, work);
4171 - struct fsi_priv *fsi = fsi_stream_to_priv(io);
4172 - struct snd_soc_dai *dai;
4173 - struct dma_async_tx_descriptor *desc;
4174 -@@ -1129,7 +1130,7 @@ static void fsi_dma_do_tasklet(unsigned long data)
4175 - * FIXME
4176 - *
4177 - * In DMAEngine case, codec and FSI cannot be started simultaneously
4178 -- * since FSI is using tasklet.
4179 -+ * since FSI is using the scheduler work queue.
4180 - * Therefore, in capture case, probably FSI FIFO will have got
4181 - * overflow error in this point.
4182 - * in that case, DMA cannot start transfer until error was cleared.
4183 -@@ -1153,7 +1154,7 @@ static bool fsi_dma_filter(struct dma_chan *chan, void *param)
4184 -
4185 - static int fsi_dma_transfer(struct fsi_priv *fsi, struct fsi_stream *io)
4186 - {
4187 -- tasklet_schedule(&io->tasklet);
4188 -+ schedule_work(&io->work);
4189 -
4190 - return 0;
4191 - }
4192 -@@ -1195,14 +1196,14 @@ static int fsi_dma_probe(struct fsi_priv *fsi, struct fsi_stream *io, struct dev
4193 - return fsi_stream_probe(fsi, dev);
4194 - }
4195 -
4196 -- tasklet_init(&io->tasklet, fsi_dma_do_tasklet, (unsigned long)io);
4197 -+ INIT_WORK(&io->work, fsi_dma_do_work);
4198 -
4199 - return 0;
4200 - }
4201 -
4202 - static int fsi_dma_remove(struct fsi_priv *fsi, struct fsi_stream *io)
4203 - {
4204 -- tasklet_kill(&io->tasklet);
4205 -+ cancel_work_sync(&io->work);
4206 -
4207 - fsi_stream_stop(fsi, io);
4208 -
4209
4210 diff --git a/3.6.3/0000_README b/3.6.4/0000_README
4211 similarity index 91%
4212 rename from 3.6.3/0000_README
4213 rename to 3.6.4/0000_README
4214 index 3de0bb2..4789a33 100644
4215 --- a/3.6.3/0000_README
4216 +++ b/3.6.4/0000_README
4217 @@ -2,11 +2,7 @@ README
4218 -----------------------------------------------------------------------------
4219 Individual Patch Descriptions:
4220 -----------------------------------------------------------------------------
4221 -Patch: 1002_linux-3.6.3.patch
4222 -From: http://www.kernel.org
4223 -Desc: Linux 3.6.3
4224 -
4225 -Patch: 4420_grsecurity-2.9.1-3.6.3-201210231942.patch
4226 +Patch: 4420_grsecurity-2.9.1-3.6.4-201210291446.patch
4227 From: http://www.grsecurity.net
4228 Desc: hardened-sources base patch from upstream grsecurity
4229
4230
4231 diff --git a/3.6.3/4420_grsecurity-2.9.1-3.6.3-201210231942.patch b/3.6.4/4420_grsecurity-2.9.1-3.6.4-201210291446.patch
4232 similarity index 99%
4233 rename from 3.6.3/4420_grsecurity-2.9.1-3.6.3-201210231942.patch
4234 rename to 3.6.4/4420_grsecurity-2.9.1-3.6.4-201210291446.patch
4235 index 667fa18..08c581d 100644
4236 --- a/3.6.3/4420_grsecurity-2.9.1-3.6.3-201210231942.patch
4237 +++ b/3.6.4/4420_grsecurity-2.9.1-3.6.4-201210291446.patch
4238 @@ -251,7 +251,7 @@ index ad7e2e5..199f49e 100644
4239
4240 pcd. [PARIDE]
4241 diff --git a/Makefile b/Makefile
4242 -index 6cdadf4..02df425 100644
4243 +index dcf132a..db194e3 100644
4244 --- a/Makefile
4245 +++ b/Makefile
4246 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
4247 @@ -5957,7 +5957,7 @@ index 11c6c96..3ec33e8 100644
4248 mm->unmap_area = arch_unmap_area_topdown;
4249 }
4250 diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
4251 -index 1d7e274..b39c527 100644
4252 +index 7f5f65d..3308382 100644
4253 --- a/arch/sparc/kernel/syscalls.S
4254 +++ b/arch/sparc/kernel/syscalls.S
4255 @@ -62,7 +62,7 @@ sys32_rt_sigreturn:
4256 @@ -5987,24 +5987,15 @@ index 1d7e274..b39c527 100644
4257 bne,pn %icc, linux_syscall_trace ! CTI Group
4258 mov %i0, %l5 ! IEU0
4259 2: call %l7 ! CTI Group brk forced
4260 -@@ -226,7 +226,7 @@ ret_sys_call:
4261 +@@ -218,7 +218,7 @@ ret_sys_call:
4262
4263 cmp %o0, -ERESTART_RESTARTBLOCK
4264 bgeu,pn %xcc, 1f
4265 -- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6
4266 -+ andcc %l0, _TIF_WORK_SYSCALL, %l6
4267 - 80:
4268 - /* System call success, clear Carry condition code. */
4269 - andn %g3, %g2, %g3
4270 -@@ -241,7 +241,7 @@ ret_sys_call:
4271 - /* System call failure, set Carry condition code.
4272 - * Also, get abs(errno) to return to the process.
4273 - */
4274 -- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6
4275 -+ andcc %l0, _TIF_WORK_SYSCALL, %l6
4276 - sub %g0, %o0, %o0
4277 - or %g3, %g2, %g3
4278 - stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
4279 +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
4280 ++ andcc %l0, _TIF_WORK_SYSCALL, %g0
4281 + ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
4282 +
4283 + 2:
4284 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
4285 index a5785ea..405c5f7 100644
4286 --- a/arch/sparc/kernel/traps_32.c
4287 @@ -14972,7 +14963,7 @@ index 9b9f18b..9fcaa04 100644
4288 #include <asm/processor.h>
4289 #include <asm/fcntl.h>
4290 diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
4291 -index 623f288..8bdd78a 100644
4292 +index 8f8e8ee..3617d6e 100644
4293 --- a/arch/x86/kernel/entry_32.S
4294 +++ b/arch/x86/kernel/entry_32.S
4295 @@ -176,13 +176,153 @@
4296 @@ -15659,7 +15650,7 @@ index 623f288..8bdd78a 100644
4297 /*
4298 * End of kprobes section
4299 */
4300 -@@ -1100,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
4301 +@@ -1102,7 +1361,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
4302
4303 ENTRY(mcount)
4304 ret
4305 @@ -15668,7 +15659,7 @@ index 623f288..8bdd78a 100644
4306
4307 ENTRY(ftrace_caller)
4308 cmpl $0, function_trace_stop
4309 -@@ -1129,7 +1388,7 @@ ftrace_graph_call:
4310 +@@ -1131,7 +1390,7 @@ ftrace_graph_call:
4311 .globl ftrace_stub
4312 ftrace_stub:
4313 ret
4314 @@ -15677,7 +15668,7 @@ index 623f288..8bdd78a 100644
4315
4316 #else /* ! CONFIG_DYNAMIC_FTRACE */
4317
4318 -@@ -1165,7 +1424,7 @@ trace:
4319 +@@ -1167,7 +1426,7 @@ trace:
4320 popl %ecx
4321 popl %eax
4322 jmp ftrace_stub
4323 @@ -15686,7 +15677,7 @@ index 623f288..8bdd78a 100644
4324 #endif /* CONFIG_DYNAMIC_FTRACE */
4325 #endif /* CONFIG_FUNCTION_TRACER */
4326
4327 -@@ -1186,7 +1445,7 @@ ENTRY(ftrace_graph_caller)
4328 +@@ -1188,7 +1447,7 @@ ENTRY(ftrace_graph_caller)
4329 popl %ecx
4330 popl %eax
4331 ret
4332 @@ -15695,7 +15686,7 @@ index 623f288..8bdd78a 100644
4333
4334 .globl return_to_handler
4335 return_to_handler:
4336 -@@ -1241,15 +1500,18 @@ error_code:
4337 +@@ -1243,15 +1502,18 @@ error_code:
4338 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
4339 REG_TO_PTGS %ecx
4340 SET_KERNEL_GS %ecx
4341 @@ -15716,7 +15707,7 @@ index 623f288..8bdd78a 100644
4342
4343 /*
4344 * Debug traps and NMI can happen at the one SYSENTER instruction
4345 -@@ -1291,7 +1553,7 @@ debug_stack_correct:
4346 +@@ -1293,7 +1555,7 @@ debug_stack_correct:
4347 call do_debug
4348 jmp ret_from_exception
4349 CFI_ENDPROC
4350 @@ -15725,7 +15716,7 @@ index 623f288..8bdd78a 100644
4351
4352 /*
4353 * NMI is doubly nasty. It can happen _while_ we're handling
4354 -@@ -1328,6 +1590,9 @@ nmi_stack_correct:
4355 +@@ -1330,6 +1592,9 @@ nmi_stack_correct:
4356 xorl %edx,%edx # zero error code
4357 movl %esp,%eax # pt_regs pointer
4358 call do_nmi
4359 @@ -15735,7 +15726,7 @@ index 623f288..8bdd78a 100644
4360 jmp restore_all_notrace
4361 CFI_ENDPROC
4362
4363 -@@ -1364,12 +1629,15 @@ nmi_espfix_stack:
4364 +@@ -1366,12 +1631,15 @@ nmi_espfix_stack:
4365 FIXUP_ESPFIX_STACK # %eax == %esp
4366 xorl %edx,%edx # zero error code
4367 call do_nmi
4368 @@ -15752,7 +15743,7 @@ index 623f288..8bdd78a 100644
4369
4370 ENTRY(int3)
4371 RING0_INT_FRAME
4372 -@@ -1381,14 +1649,14 @@ ENTRY(int3)
4373 +@@ -1383,14 +1651,14 @@ ENTRY(int3)
4374 call do_int3
4375 jmp ret_from_exception
4376 CFI_ENDPROC
4377 @@ -15769,7 +15760,7 @@ index 623f288..8bdd78a 100644
4378
4379 #ifdef CONFIG_KVM_GUEST
4380 ENTRY(async_page_fault)
4381 -@@ -1396,7 +1664,7 @@ ENTRY(async_page_fault)
4382 +@@ -1398,7 +1666,7 @@ ENTRY(async_page_fault)
4383 pushl_cfi $do_async_page_fault
4384 jmp error_code
4385 CFI_ENDPROC
4386 @@ -15779,7 +15770,7 @@ index 623f288..8bdd78a 100644
4387
4388 /*
4389 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
4390 -index 69babd8..4270a51 100644
4391 +index dcdd0ea..de0bb2d 100644
4392 --- a/arch/x86/kernel/entry_64.S
4393 +++ b/arch/x86/kernel/entry_64.S
4394 @@ -57,6 +57,8 @@
4395 @@ -16843,7 +16834,7 @@ index c18f59d..9c0c9f6 100644
4396 #ifdef CONFIG_BLK_DEV_INITRD
4397 /* Reserve INITRD */
4398 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
4399 -index d42ab17..cb1b997 100644
4400 +index d42ab17..87b9555 100644
4401 --- a/arch/x86/kernel/head_32.S
4402 +++ b/arch/x86/kernel/head_32.S
4403 @@ -26,6 +26,12 @@
4404 @@ -16899,20 +16890,20 @@ index d42ab17..cb1b997 100644
4405 ENTRY(startup_32)
4406 movl pa(stack_start),%ecx
4407
4408 -@@ -106,6 +121,57 @@ ENTRY(startup_32)
4409 +@@ -106,6 +121,59 @@ ENTRY(startup_32)
4410 2:
4411 leal -__PAGE_OFFSET(%ecx),%esp
4412
4413 +#ifdef CONFIG_SMP
4414 + movl $pa(cpu_gdt_table),%edi
4415 + movl $__per_cpu_load,%eax
4416 -+ movw %ax,__KERNEL_PERCPU + 2(%edi)
4417 ++ movw %ax,GDT_ENTRY_PERCPU * 8 + 2(%edi)
4418 + rorl $16,%eax
4419 -+ movb %al,__KERNEL_PERCPU + 4(%edi)
4420 -+ movb %ah,__KERNEL_PERCPU + 7(%edi)
4421 ++ movb %al,GDT_ENTRY_PERCPU * 8 + 4(%edi)
4422 ++ movb %ah,GDT_ENTRY_PERCPU * 8 + 7(%edi)
4423 + movl $__per_cpu_end - 1,%eax
4424 + subl $__per_cpu_start,%eax
4425 -+ movw %ax,__KERNEL_PERCPU + 0(%edi)
4426 ++ movw %ax,GDT_ENTRY_PERCPU * 8 + 0(%edi)
4427 +#endif
4428 +
4429 +#ifdef CONFIG_PAX_MEMORY_UDEREF
4430 @@ -16929,10 +16920,10 @@ index d42ab17..cb1b997 100644
4431 +#ifdef CONFIG_PAX_KERNEXEC
4432 + movl $pa(boot_gdt),%edi
4433 + movl $__LOAD_PHYSICAL_ADDR,%eax
4434 -+ movw %ax,__BOOT_CS + 2(%edi)
4435 ++ movw %ax,GDT_ENTRY_BOOT_CS * 8 + 2(%edi)
4436 + rorl $16,%eax
4437 -+ movb %al,__BOOT_CS + 4(%edi)
4438 -+ movb %ah,__BOOT_CS + 7(%edi)
4439 ++ movb %al,GDT_ENTRY_BOOT_CS * 8 + 4(%edi)
4440 ++ movb %ah,GDT_ENTRY_BOOT_CS * 8 + 7(%edi)
4441 + rorl $16,%eax
4442 +
4443 + ljmp $(__BOOT_CS),$1f
4444 @@ -16942,13 +16933,15 @@ index d42ab17..cb1b997 100644
4445 + movl $pa(cpu_gdt_table),%edi
4446 + addl $__PAGE_OFFSET,%eax
4447 +1:
4448 -+ movw %ax,__KERNEL_CS + 2(%edi)
4449 -+ movw %ax,__KERNEXEC_KERNEL_CS + 2(%edi)
4450 ++ movb $0xc0,GDT_ENTRY_KERNEL_CS * 8 + 6(%edi)
4451 ++ movb $0xc0,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 6(%edi)
4452 ++ movw %ax,GDT_ENTRY_KERNEL_CS * 8 + 2(%edi)
4453 ++ movw %ax,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 2(%edi)
4454 + rorl $16,%eax
4455 -+ movb %al,__KERNEL_CS + 4(%edi)
4456 -+ movb %al,__KERNEXEC_KERNEL_CS + 4(%edi)
4457 -+ movb %ah,__KERNEL_CS + 7(%edi)
4458 -+ movb %ah,__KERNEXEC_KERNEL_CS + 7(%edi)
4459 ++ movb %al,GDT_ENTRY_KERNEL_CS * 8 + 4(%edi)
4460 ++ movb %al,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 4(%edi)
4461 ++ movb %ah,GDT_ENTRY_KERNEL_CS * 8 + 7(%edi)
4462 ++ movb %ah,GDT_ENTRY_KERNEXEC_KERNEL_CS * 8 + 7(%edi)
4463 + rorl $16,%eax
4464 + addl $PAGE_SIZE_asm,%edi
4465 + loop 1b
4466 @@ -16957,7 +16950,7 @@ index d42ab17..cb1b997 100644
4467 /*
4468 * Clear BSS first so that there are no surprises...
4469 */
4470 -@@ -196,8 +262,11 @@ ENTRY(startup_32)
4471 +@@ -196,8 +264,11 @@ ENTRY(startup_32)
4472 movl %eax, pa(max_pfn_mapped)
4473
4474 /* Do early initialization of the fixmap area */
4475 @@ -16971,7 +16964,7 @@ index d42ab17..cb1b997 100644
4476 #else /* Not PAE */
4477
4478 page_pde_offset = (__PAGE_OFFSET >> 20);
4479 -@@ -227,8 +296,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
4480 +@@ -227,8 +298,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
4481 movl %eax, pa(max_pfn_mapped)
4482
4483 /* Do early initialization of the fixmap area */
4484 @@ -16985,7 +16978,7 @@ index d42ab17..cb1b997 100644
4485 #endif
4486
4487 #ifdef CONFIG_PARAVIRT
4488 -@@ -242,9 +314,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
4489 +@@ -242,9 +316,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
4490 cmpl $num_subarch_entries, %eax
4491 jae bad_subarch
4492
4493 @@ -16996,7 +16989,7 @@ index d42ab17..cb1b997 100644
4494
4495 bad_subarch:
4496 WEAK(lguest_entry)
4497 -@@ -256,10 +326,10 @@ WEAK(xen_entry)
4498 +@@ -256,10 +328,10 @@ WEAK(xen_entry)
4499 __INITDATA
4500
4501 subarch_entries:
4502 @@ -17011,7 +17004,7 @@ index d42ab17..cb1b997 100644
4503 num_subarch_entries = (. - subarch_entries) / 4
4504 .previous
4505 #else
4506 -@@ -310,6 +380,7 @@ default_entry:
4507 +@@ -310,6 +382,7 @@ default_entry:
4508 orl %edx,%eax
4509 movl %eax,%cr4
4510
4511 @@ -17019,7 +17012,7 @@ index d42ab17..cb1b997 100644
4512 testb $X86_CR4_PAE, %al # check if PAE is enabled
4513 jz 6f
4514
4515 -@@ -338,6 +409,9 @@ default_entry:
4516 +@@ -338,6 +411,9 @@ default_entry:
4517 /* Make changes effective */
4518 wrmsr
4519
4520 @@ -17029,7 +17022,7 @@ index d42ab17..cb1b997 100644
4521 6:
4522
4523 /*
4524 -@@ -436,14 +510,20 @@ is386: movl $2,%ecx # set MP
4525 +@@ -436,14 +512,20 @@ is386: movl $2,%ecx # set MP
4526 1: movl $(__KERNEL_DS),%eax # reload all the segment registers
4527 movl %eax,%ss # after changing gdt.
4528
4529 @@ -17051,7 +17044,7 @@ index d42ab17..cb1b997 100644
4530 movl %eax,%gs
4531
4532 xorl %eax,%eax # Clear LDT
4533 -@@ -520,8 +600,11 @@ setup_once:
4534 +@@ -520,8 +602,11 @@ setup_once:
4535 * relocation. Manually set base address in stack canary
4536 * segment descriptor.
4537 */
4538 @@ -17064,7 +17057,7 @@ index d42ab17..cb1b997 100644
4539 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
4540 shrl $16, %ecx
4541 movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
4542 -@@ -552,7 +635,7 @@ ENDPROC(early_idt_handlers)
4543 +@@ -552,7 +637,7 @@ ENDPROC(early_idt_handlers)
4544 /* This is global to keep gas from relaxing the jumps */
4545 ENTRY(early_idt_handler)
4546 cld
4547 @@ -17073,7 +17066,7 @@ index d42ab17..cb1b997 100644
4548 je hlt_loop
4549 incl %ss:early_recursion_flag
4550
4551 -@@ -590,8 +673,8 @@ ENTRY(early_idt_handler)
4552 +@@ -590,8 +675,8 @@ ENTRY(early_idt_handler)
4553 pushl (20+6*4)(%esp) /* trapno */
4554 pushl $fault_msg
4555 call printk
4556 @@ -17083,7 +17076,7 @@ index d42ab17..cb1b997 100644
4557 hlt_loop:
4558 hlt
4559 jmp hlt_loop
4560 -@@ -610,8 +693,11 @@ ENDPROC(early_idt_handler)
4561 +@@ -610,8 +695,11 @@ ENDPROC(early_idt_handler)
4562 /* This is the default interrupt "handler" :-) */
4563 ALIGN
4564 ignore_int:
4565 @@ -17096,7 +17089,7 @@ index d42ab17..cb1b997 100644
4566 pushl %eax
4567 pushl %ecx
4568 pushl %edx
4569 -@@ -620,9 +706,6 @@ ignore_int:
4570 +@@ -620,9 +708,6 @@ ignore_int:
4571 movl $(__KERNEL_DS),%eax
4572 movl %eax,%ds
4573 movl %eax,%es
4574 @@ -17106,7 +17099,7 @@ index d42ab17..cb1b997 100644
4575 pushl 16(%esp)
4576 pushl 24(%esp)
4577 pushl 32(%esp)
4578 -@@ -656,29 +739,43 @@ ENTRY(setup_once_ref)
4579 +@@ -656,29 +741,43 @@ ENTRY(setup_once_ref)
4580 /*
4581 * BSS section
4582 */
4583 @@ -17155,7 +17148,7 @@ index d42ab17..cb1b997 100644
4584 ENTRY(initial_page_table)
4585 .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
4586 # if KPMDS == 3
4587 -@@ -697,12 +794,20 @@ ENTRY(initial_page_table)
4588 +@@ -697,12 +796,20 @@ ENTRY(initial_page_table)
4589 # error "Kernel PMDs should be 1, 2 or 3"
4590 # endif
4591 .align PAGE_SIZE /* needs to be page-sized too */
4592 @@ -17177,7 +17170,7 @@ index d42ab17..cb1b997 100644
4593
4594 __INITRODATA
4595 int_msg:
4596 -@@ -730,7 +835,7 @@ fault_msg:
4597 +@@ -730,7 +837,7 @@ fault_msg:
4598 * segment size, and 32-bit linear address value:
4599 */
4600
4601 @@ -17186,7 +17179,7 @@ index d42ab17..cb1b997 100644
4602 .globl boot_gdt_descr
4603 .globl idt_descr
4604
4605 -@@ -739,7 +844,7 @@ fault_msg:
4606 +@@ -739,7 +846,7 @@ fault_msg:
4607 .word 0 # 32 bit align gdt_desc.address
4608 boot_gdt_descr:
4609 .word __BOOT_DS+7
4610 @@ -17195,7 +17188,7 @@ index d42ab17..cb1b997 100644
4611
4612 .word 0 # 32-bit align idt_desc.address
4613 idt_descr:
4614 -@@ -750,7 +855,7 @@ idt_descr:
4615 +@@ -750,7 +857,7 @@ idt_descr:
4616 .word 0 # 32 bit align gdt_desc.address
4617 ENTRY(early_gdt_descr)
4618 .word GDT_ENTRIES*8-1
4619 @@ -17204,7 +17197,7 @@ index d42ab17..cb1b997 100644
4620
4621 /*
4622 * The boot_gdt must mirror the equivalent in setup.S and is
4623 -@@ -759,5 +864,65 @@ ENTRY(early_gdt_descr)
4624 +@@ -759,5 +866,65 @@ ENTRY(early_gdt_descr)
4625 .align L1_CACHE_BYTES
4626 ENTRY(boot_gdt)
4627 .fill GDT_ENTRY_BOOT_CS,8,0
4628 @@ -19020,7 +19013,7 @@ index 7a6f3b3..bed145d7 100644
4629
4630 1:
4631 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
4632 -index f4b9b80..0d05de1 100644
4633 +index 198e774..e880f29 100644
4634 --- a/arch/x86/kernel/setup.c
4635 +++ b/arch/x86/kernel/setup.c
4636 @@ -440,7 +440,7 @@ static void __init parse_setup_data(void)
4637 @@ -24584,7 +24577,7 @@ index b91e485..d00e7c9 100644
4638 }
4639 if (mm->get_unmapped_area == arch_get_unmapped_area)
4640 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
4641 -index ab1f6a9..e16d764 100644
4642 +index ab1f6a9..23030ba 100644
4643 --- a/arch/x86/mm/init.c
4644 +++ b/arch/x86/mm/init.c
4645 @@ -16,6 +16,8 @@
4646 @@ -24644,7 +24637,7 @@ index ab1f6a9..e16d764 100644
4647 if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
4648 return 0;
4649 if (!page_is_ram(pagenr))
4650 -@@ -377,8 +406,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
4651 +@@ -377,8 +406,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
4652 #endif
4653 }
4654
4655 @@ -24698,6 +24691,7 @@ index ab1f6a9..e16d764 100644
4656 + for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
4657 + pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
4658 + write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
4659 ++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
4660 + }
4661 +
4662 + /* PaX: make KERNEL_CS read-only */
4663 @@ -30691,7 +30685,7 @@ index 627fe35..c9a7346 100644
4664 return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
4665 }
4666 diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
4667 -index ff2819e..6b5997b 100644
4668 +index cdf46b5..e785624 100644
4669 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
4670 +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
4671 @@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj,
4672 @@ -30703,7 +30697,7 @@ index ff2819e..6b5997b 100644
4673
4674 /* The actual obj->write_domain will be updated with
4675 * pending_write_domain after we emit the accumulated flush for all
4676 -@@ -906,9 +906,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
4677 +@@ -907,9 +907,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
4678
4679 static int
4680 validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
4681 @@ -42807,7 +42801,7 @@ index d146e18..12d1bd1 100644
4682 fd_offset + ex.a_text);
4683 if (error != N_DATADDR(ex)) {
4684 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
4685 -index 0225fdd..9f0ef53 100644
4686 +index 0225fdd..08bda99 100644
4687 --- a/fs/binfmt_elf.c
4688 +++ b/fs/binfmt_elf.c
4689 @@ -32,6 +32,7 @@
4690 @@ -42902,7 +42896,13 @@ index 0225fdd..9f0ef53 100644
4691 return -EFAULT;
4692 return 0;
4693 }
4694 -@@ -378,10 +397,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
4695 +@@ -373,15 +392,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
4696 + an ELF header */
4697 +
4698 + static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
4699 +- struct file *interpreter, unsigned long *interp_map_addr,
4700 +- unsigned long no_base)
4701 ++ struct file *interpreter, unsigned long no_base)
4702 {
4703 struct elf_phdr *elf_phdata;
4704 struct elf_phdr *eppnt;
4705 @@ -42915,7 +42915,7 @@ index 0225fdd..9f0ef53 100644
4706 unsigned long total_size;
4707 int retval, i, size;
4708
4709 -@@ -427,6 +446,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
4710 +@@ -427,6 +445,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
4711 goto out_close;
4712 }
4713
4714 @@ -42927,7 +42927,16 @@ index 0225fdd..9f0ef53 100644
4715 eppnt = elf_phdata;
4716 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
4717 if (eppnt->p_type == PT_LOAD) {
4718 -@@ -470,8 +494,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
4719 +@@ -450,8 +473,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
4720 + map_addr = elf_map(interpreter, load_addr + vaddr,
4721 + eppnt, elf_prot, elf_type, total_size);
4722 + total_size = 0;
4723 +- if (!*interp_map_addr)
4724 +- *interp_map_addr = map_addr;
4725 + error = map_addr;
4726 + if (BAD_ADDR(map_addr))
4727 + goto out_close;
4728 +@@ -470,8 +491,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
4729 k = load_addr + eppnt->p_vaddr;
4730 if (BAD_ADDR(k) ||
4731 eppnt->p_filesz > eppnt->p_memsz ||
4732 @@ -42938,7 +42947,7 @@ index 0225fdd..9f0ef53 100644
4733 error = -ENOMEM;
4734 goto out_close;
4735 }
4736 -@@ -523,6 +547,311 @@ out:
4737 +@@ -523,6 +544,311 @@ out:
4738 return error;
4739 }
4740
4741 @@ -43250,7 +43259,7 @@ index 0225fdd..9f0ef53 100644
4742 /*
4743 * These are the functions used to load ELF style executables and shared
4744 * libraries. There is no binary dependent code anywhere else.
4745 -@@ -539,6 +868,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
4746 +@@ -539,6 +865,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
4747 {
4748 unsigned int random_variable = 0;
4749
4750 @@ -43262,7 +43271,7 @@ index 0225fdd..9f0ef53 100644
4751 if ((current->flags & PF_RANDOMIZE) &&
4752 !(current->personality & ADDR_NO_RANDOMIZE)) {
4753 random_variable = get_random_int() & STACK_RND_MASK;
4754 -@@ -557,7 +891,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4755 +@@ -557,7 +888,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4756 unsigned long load_addr = 0, load_bias = 0;
4757 int load_addr_set = 0;
4758 char * elf_interpreter = NULL;
4759 @@ -43271,7 +43280,7 @@ index 0225fdd..9f0ef53 100644
4760 struct elf_phdr *elf_ppnt, *elf_phdata;
4761 unsigned long elf_bss, elf_brk;
4762 int retval, i;
4763 -@@ -567,11 +901,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4764 +@@ -567,11 +898,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4765 unsigned long start_code, end_code, start_data, end_data;
4766 unsigned long reloc_func_desc __maybe_unused = 0;
4767 int executable_stack = EXSTACK_DEFAULT;
4768 @@ -43284,7 +43293,7 @@ index 0225fdd..9f0ef53 100644
4769
4770 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
4771 if (!loc) {
4772 -@@ -707,11 +1041,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4773 +@@ -707,11 +1038,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4774 goto out_free_dentry;
4775
4776 /* OK, This is the point of no return */
4777 @@ -43367,7 +43376,7 @@ index 0225fdd..9f0ef53 100644
4778 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
4779 current->personality |= READ_IMPLIES_EXEC;
4780
4781 -@@ -802,6 +1206,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4782 +@@ -802,6 +1203,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4783 #else
4784 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
4785 #endif
4786 @@ -43388,7 +43397,7 @@ index 0225fdd..9f0ef53 100644
4787 }
4788
4789 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
4790 -@@ -834,9 +1252,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4791 +@@ -834,9 +1249,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4792 * allowed task size. Note that p_filesz must always be
4793 * <= p_memsz so it is only necessary to check p_memsz.
4794 */
4795 @@ -43401,7 +43410,7 @@ index 0225fdd..9f0ef53 100644
4796 /* set_brk can never work. Avoid overflows. */
4797 send_sig(SIGKILL, current, 0);
4798 retval = -EINVAL;
4799 -@@ -875,11 +1293,41 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4800 +@@ -875,17 +1290,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
4801 goto out_free_dentry;
4802 }
4803 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
4804 @@ -43444,9 +43453,15 @@ index 0225fdd..9f0ef53 100644
4805 +#endif
4806 +
4807 if (elf_interpreter) {
4808 - unsigned long uninitialized_var(interp_map_addr);
4809 -
4810 -@@ -1107,7 +1555,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
4811 +- unsigned long uninitialized_var(interp_map_addr);
4812 +-
4813 + elf_entry = load_elf_interp(&loc->interp_elf_ex,
4814 + interpreter,
4815 +- &interp_map_addr,
4816 + load_bias);
4817 + if (!IS_ERR((void *)elf_entry)) {
4818 + /*
4819 +@@ -1107,7 +1549,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
4820 * Decide what to dump of a segment, part, all or none.
4821 */
4822 static unsigned long vma_dump_size(struct vm_area_struct *vma,
4823 @@ -43455,7 +43470,7 @@ index 0225fdd..9f0ef53 100644
4824 {
4825 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
4826
4827 -@@ -1144,7 +1592,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
4828 +@@ -1144,7 +1586,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
4829 if (vma->vm_file == NULL)
4830 return 0;
4831
4832 @@ -43464,7 +43479,7 @@ index 0225fdd..9f0ef53 100644
4833 goto whole;
4834
4835 /*
4836 -@@ -1366,9 +1814,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
4837 +@@ -1366,9 +1808,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
4838 {
4839 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
4840 int i = 0;
4841 @@ -43476,7 +43491,7 @@ index 0225fdd..9f0ef53 100644
4842 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
4843 }
4844
4845 -@@ -1879,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
4846 +@@ -1879,14 +2321,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
4847 }
4848
4849 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
4850 @@ -43493,7 +43508,7 @@ index 0225fdd..9f0ef53 100644
4851 return size;
4852 }
4853
4854 -@@ -1980,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4855 +@@ -1980,7 +2422,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4856
4857 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
4858
4859 @@ -43502,7 +43517,7 @@ index 0225fdd..9f0ef53 100644
4860 offset += elf_core_extra_data_size();
4861 e_shoff = offset;
4862
4863 -@@ -1994,10 +2442,12 @@ static int elf_core_dump(struct coredump_params *cprm)
4864 +@@ -1994,10 +2436,12 @@ static int elf_core_dump(struct coredump_params *cprm)
4865 offset = dataoff;
4866
4867 size += sizeof(*elf);
4868 @@ -43515,7 +43530,7 @@ index 0225fdd..9f0ef53 100644
4869 if (size > cprm->limit
4870 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
4871 goto end_coredump;
4872 -@@ -2011,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4873 +@@ -2011,7 +2455,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4874 phdr.p_offset = offset;
4875 phdr.p_vaddr = vma->vm_start;
4876 phdr.p_paddr = 0;
4877 @@ -43524,7 +43539,7 @@ index 0225fdd..9f0ef53 100644
4878 phdr.p_memsz = vma->vm_end - vma->vm_start;
4879 offset += phdr.p_filesz;
4880 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
4881 -@@ -2022,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4882 +@@ -2022,6 +2466,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4883 phdr.p_align = ELF_EXEC_PAGESIZE;
4884
4885 size += sizeof(phdr);
4886 @@ -43532,7 +43547,7 @@ index 0225fdd..9f0ef53 100644
4887 if (size > cprm->limit
4888 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
4889 goto end_coredump;
4890 -@@ -2046,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4891 +@@ -2046,7 +2491,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4892 unsigned long addr;
4893 unsigned long end;
4894
4895 @@ -43541,7 +43556,7 @@ index 0225fdd..9f0ef53 100644
4896
4897 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
4898 struct page *page;
4899 -@@ -2055,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4900 +@@ -2055,6 +2500,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4901 page = get_dump_page(addr);
4902 if (page) {
4903 void *kaddr = kmap(page);
4904 @@ -43549,7 +43564,7 @@ index 0225fdd..9f0ef53 100644
4905 stop = ((size += PAGE_SIZE) > cprm->limit) ||
4906 !dump_write(cprm->file, kaddr,
4907 PAGE_SIZE);
4908 -@@ -2072,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4909 +@@ -2072,6 +2518,7 @@ static int elf_core_dump(struct coredump_params *cprm)
4910
4911 if (e_phnum == PN_XNUM) {
4912 size += sizeof(*shdr4extnum);
4913 @@ -43557,7 +43572,7 @@ index 0225fdd..9f0ef53 100644
4914 if (size > cprm->limit
4915 || !dump_write(cprm->file, shdr4extnum,
4916 sizeof(*shdr4extnum)))
4917 -@@ -2092,6 +2545,97 @@ out:
4918 +@@ -2092,6 +2539,97 @@ out:
4919
4920 #endif /* CONFIG_ELF_CORE */
4921
4922 @@ -45589,10 +45604,10 @@ index 90d901f..159975f 100644
4923 }
4924 return 1;
4925 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
4926 -index 1b50890..e56c5ad 100644
4927 +index cf18217..8f6b9c3 100644
4928 --- a/fs/ext4/balloc.c
4929 +++ b/fs/ext4/balloc.c
4930 -@@ -500,8 +500,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
4931 +@@ -498,8 +498,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
4932 /* Hm, nope. Are (enough) root reserved clusters available? */
4933 if (uid_eq(sbi->s_resuid, current_fsuid()) ||
4934 (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
4935 @@ -45604,7 +45619,7 @@ index 1b50890..e56c5ad 100644
4936 if (free_clusters >= (nclusters + dirty_clusters))
4937 return 1;
4938 diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
4939 -index c3411d4..30e4f1b 100644
4940 +index 5c69f2b..05dec7f 100644
4941 --- a/fs/ext4/ext4.h
4942 +++ b/fs/ext4/ext4.h
4943 @@ -1248,19 +1248,19 @@ struct ext4_sb_info {
4944 @@ -45638,7 +45653,7 @@ index c3411d4..30e4f1b 100644
4945
4946 /* locality groups */
4947 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
4948 -index 8eae947..53fc27a 100644
4949 +index b26410c..7383d90 100644
4950 --- a/fs/ext4/mballoc.c
4951 +++ b/fs/ext4/mballoc.c
4952 @@ -1746,7 +1746,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
4953 @@ -45695,7 +45710,7 @@ index 8eae947..53fc27a 100644
4954 }
4955
4956 free_percpu(sbi->s_locality_groups);
4957 -@@ -3052,16 +3052,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
4958 +@@ -3051,16 +3051,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
4959 struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
4960
4961 if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
4962 @@ -45718,7 +45733,7 @@ index 8eae947..53fc27a 100644
4963 }
4964
4965 if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
4966 -@@ -3461,7 +3461,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
4967 +@@ -3460,7 +3460,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
4968 trace_ext4_mb_new_inode_pa(ac, pa);
4969
4970 ext4_mb_use_inode_pa(ac, pa);
4971 @@ -45727,7 +45742,7 @@ index 8eae947..53fc27a 100644
4972
4973 ei = EXT4_I(ac->ac_inode);
4974 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
4975 -@@ -3521,7 +3521,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
4976 +@@ -3520,7 +3520,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
4977 trace_ext4_mb_new_group_pa(ac, pa);
4978
4979 ext4_mb_use_group_pa(ac, pa);
4980 @@ -45736,7 +45751,7 @@ index 8eae947..53fc27a 100644
4981
4982 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
4983 lg = ac->ac_lg;
4984 -@@ -3610,7 +3610,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
4985 +@@ -3609,7 +3609,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
4986 * from the bitmap and continue.
4987 */
4988 }
4989 @@ -45745,7 +45760,7 @@ index 8eae947..53fc27a 100644
4990
4991 return err;
4992 }
4993 -@@ -3628,7 +3628,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
4994 +@@ -3627,7 +3627,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
4995 ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
4996 BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
4997 mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
4998 @@ -64262,7 +64277,7 @@ index edd0868..f98feee 100644
4999
5000 /* shm_mode upper byte flags */
5001 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
5002 -index 7632c87..8fd660f 100644
5003 +index f3165d2..2cb3cb7 100644
5004 --- a/include/linux/skbuff.h
5005 +++ b/include/linux/skbuff.h
5006 @@ -577,7 +577,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
5007 @@ -64274,7 +64289,7 @@ index 7632c87..8fd660f 100644
5008 gfp_t priority)
5009 {
5010 return __alloc_skb(size, priority, 0, NUMA_NO_NODE);
5011 -@@ -690,7 +690,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
5012 +@@ -687,7 +687,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
5013 */
5014 static inline int skb_queue_empty(const struct sk_buff_head *list)
5015 {
5016 @@ -64283,7 +64298,7 @@ index 7632c87..8fd660f 100644
5017 }
5018
5019 /**
5020 -@@ -703,7 +703,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
5021 +@@ -700,7 +700,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
5022 static inline bool skb_queue_is_last(const struct sk_buff_head *list,
5023 const struct sk_buff *skb)
5024 {
5025 @@ -64292,7 +64307,7 @@ index 7632c87..8fd660f 100644
5026 }
5027
5028 /**
5029 -@@ -716,7 +716,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
5030 +@@ -713,7 +713,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
5031 static inline bool skb_queue_is_first(const struct sk_buff_head *list,
5032 const struct sk_buff *skb)
5033 {
5034 @@ -64301,7 +64316,7 @@ index 7632c87..8fd660f 100644
5035 }
5036
5037 /**
5038 -@@ -1626,7 +1626,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
5039 +@@ -1623,7 +1623,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
5040 * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
5041 */
5042 #ifndef NET_SKB_PAD
5043 @@ -64310,7 +64325,7 @@ index 7632c87..8fd660f 100644
5044 #endif
5045
5046 extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
5047 -@@ -2204,7 +2204,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
5048 +@@ -2201,7 +2201,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
5049 int noblock, int *err);
5050 extern unsigned int datagram_poll(struct file *file, struct socket *sock,
5051 struct poll_table_struct *wait);
5052 @@ -65037,10 +65052,10 @@ index 9e5425b..8136ffc 100644
5053 /* Protects from simultaneous access to first_req list */
5054 spinlock_t info_list_lock;
5055 diff --git a/include/net/flow.h b/include/net/flow.h
5056 -index e1dd508..2873851 100644
5057 +index 628e11b..4c475df 100644
5058 --- a/include/net/flow.h
5059 +++ b/include/net/flow.h
5060 -@@ -220,6 +220,6 @@ extern struct flow_cache_object *flow_cache_lookup(
5061 +@@ -221,6 +221,6 @@ extern struct flow_cache_object *flow_cache_lookup(
5062
5063 extern void flow_cache_flush(void);
5064 extern void flow_cache_flush_deferred(void);
5065 @@ -66521,10 +66536,10 @@ index 493d972..ea17248 100644
5066 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
5067 +}
5068 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
5069 -index 7981850..370878f 100644
5070 +index ff2bce5..a41e8f9 100644
5071 --- a/kernel/cgroup.c
5072 +++ b/kernel/cgroup.c
5073 -@@ -5411,7 +5411,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
5074 +@@ -5390,7 +5390,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
5075 struct css_set *cg = link->cg;
5076 struct task_struct *task;
5077 int count = 0;
5078 @@ -70140,7 +70155,7 @@ index 2095be3..9a5b89d 100644
5079 }
5080 EXPORT_SYMBOL_GPL(__srcu_read_unlock);
5081 diff --git a/kernel/sys.c b/kernel/sys.c
5082 -index 6fab59a..4ad079b 100644
5083 +index 909148a..cd51acf 100644
5084 --- a/kernel/sys.c
5085 +++ b/kernel/sys.c
5086 @@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
5087 @@ -70264,35 +70279,7 @@ index 6fab59a..4ad079b 100644
5088 abort_creds(new);
5089 return old_fsgid;
5090
5091 -@@ -1265,13 +1301,13 @@ DECLARE_RWSEM(uts_sem);
5092 - * Work around broken programs that cannot handle "Linux 3.0".
5093 - * Instead we map 3.x to 2.6.40+x, so e.g. 3.0 would be 2.6.40
5094 - */
5095 --static int override_release(char __user *release, int len)
5096 -+static int override_release(char __user *release, size_t len)
5097 - {
5098 - int ret = 0;
5099 -- char buf[65];
5100 -
5101 - if (current->personality & UNAME26) {
5102 -- char *rest = UTS_RELEASE;
5103 -+ char buf[65] = { 0 };
5104 -+ const char *rest = UTS_RELEASE;
5105 - int ndots = 0;
5106 - unsigned v;
5107 -
5108 -@@ -1283,7 +1319,10 @@ static int override_release(char __user *release, int len)
5109 - rest++;
5110 - }
5111 - v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
5112 -+ if (sizeof buf < len)
5113 -+ len = sizeof buf;
5114 - snprintf(buf, len, "2.6.%u%s", v, rest);
5115 -+ buf[len - 1] = 0;
5116 - ret = copy_to_user(release, buf, len);
5117 - }
5118 - return ret;
5119 -@@ -1338,19 +1377,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
5120 +@@ -1340,19 +1376,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
5121 return -EFAULT;
5122
5123 down_read(&uts_sem);
5124 @@ -70317,7 +70304,7 @@ index 6fab59a..4ad079b 100644
5125 __OLD_UTS_LEN);
5126 error |= __put_user(0, name->machine + __OLD_UTS_LEN);
5127 up_read(&uts_sem);
5128 -@@ -2024,7 +2063,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
5129 +@@ -2026,7 +2062,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
5130 error = get_dumpable(me->mm);
5131 break;
5132 case PR_SET_DUMPABLE:
5133 @@ -76384,7 +76371,7 @@ index 0337e2b..47914a0 100644
5134
5135 return err;
5136 diff --git a/net/core/dev.c b/net/core/dev.c
5137 -index 89e33a5..16d9d25 100644
5138 +index 2fb9f59..d9a07df 100644
5139 --- a/net/core/dev.c
5140 +++ b/net/core/dev.c
5141 @@ -1138,9 +1138,13 @@ void dev_load(struct net *net, const char *name)
5142 @@ -76446,7 +76433,7 @@ index 89e33a5..16d9d25 100644
5143 {
5144 struct softnet_data *sd = &__get_cpu_var(softnet_data);
5145
5146 -@@ -3328,7 +3332,7 @@ ncls:
5147 +@@ -3331,7 +3335,7 @@ ncls:
5148 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
5149 } else {
5150 drop:
5151 @@ -76455,7 +76442,7 @@ index 89e33a5..16d9d25 100644
5152 kfree_skb(skb);
5153 /* Jamal, now you will not able to escape explaining
5154 * me how you were going to use this. :-)
5155 -@@ -3895,7 +3899,7 @@ void netif_napi_del(struct napi_struct *napi)
5156 +@@ -3898,7 +3902,7 @@ void netif_napi_del(struct napi_struct *napi)
5157 }
5158 EXPORT_SYMBOL(netif_napi_del);
5159
5160 @@ -76464,7 +76451,7 @@ index 89e33a5..16d9d25 100644
5161 {
5162 struct softnet_data *sd = &__get_cpu_var(softnet_data);
5163 unsigned long time_limit = jiffies + 2;
5164 -@@ -4365,8 +4369,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
5165 +@@ -4368,8 +4372,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
5166 else
5167 seq_printf(seq, "%04x", ntohs(pt->type));
5168
5169 @@ -76478,7 +76465,7 @@ index 89e33a5..16d9d25 100644
5170 }
5171
5172 return 0;
5173 -@@ -5919,7 +5928,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
5174 +@@ -5922,7 +5931,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
5175 } else {
5176 netdev_stats_to_stats64(storage, &dev->stats);
5177 }
5178 @@ -76754,10 +76741,10 @@ index a55eecc..dd8428c 100644
5179
5180 *lenp = len;
5181 diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
5182 -index 8e2b475..7263d89 100644
5183 +index f444ac7..b7bdda9 100644
5184 --- a/net/ipv4/fib_frontend.c
5185 +++ b/net/ipv4/fib_frontend.c
5186 -@@ -1019,12 +1019,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
5187 +@@ -1020,12 +1020,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
5188 #ifdef CONFIG_IP_ROUTE_MULTIPATH
5189 fib_sync_up(dev);
5190 #endif
5191 @@ -76772,7 +76759,7 @@ index 8e2b475..7263d89 100644
5192 if (ifa->ifa_dev->ifa_list == NULL) {
5193 /* Last address was deleted from this interface.
5194 * Disable IP.
5195 -@@ -1061,7 +1061,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
5196 +@@ -1062,7 +1062,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
5197 #ifdef CONFIG_IP_ROUTE_MULTIPATH
5198 fib_sync_up(dev);
5199 #endif
5200 @@ -76782,7 +76769,7 @@ index 8e2b475..7263d89 100644
5201 break;
5202 case NETDEV_DOWN:
5203 diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
5204 -index a747100..c5c8de1 100644
5205 +index 9633661..4e0bc08 100644
5206 --- a/net/ipv4/fib_semantics.c
5207 +++ b/net/ipv4/fib_semantics.c
5208 @@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
5209 @@ -77078,10 +77065,10 @@ index d23c657..cb69cc2 100644
5210
5211 static int raw_seq_show(struct seq_file *seq, void *v)
5212 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
5213 -index fd9af60..dca4e54 100644
5214 +index 2a1383c..ff99572 100644
5215 --- a/net/ipv4/route.c
5216 +++ b/net/ipv4/route.c
5217 -@@ -2501,7 +2501,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
5218 +@@ -2523,7 +2523,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
5219
5220 static __net_init int rt_genid_init(struct net *net)
5221 {
5222 @@ -77104,7 +77091,7 @@ index d377f48..c2211ed 100644
5223 u32 start, u32 end)
5224 {
5225 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
5226 -index 00a748d..e6d546b 100644
5227 +index db7bfad..bfea796 100644
5228 --- a/net/ipv4/tcp_ipv4.c
5229 +++ b/net/ipv4/tcp_ipv4.c
5230 @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly;
5231 @@ -77118,7 +77105,7 @@ index 00a748d..e6d546b 100644
5232 #ifdef CONFIG_TCP_MD5SIG
5233 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
5234 __be32 daddr, __be32 saddr, const struct tcphdr *th);
5235 -@@ -1663,6 +1667,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
5236 +@@ -1664,6 +1668,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
5237 return 0;
5238
5239 reset:
5240 @@ -77128,7 +77115,7 @@ index 00a748d..e6d546b 100644
5241 tcp_v4_send_reset(rsk, skb);
5242 discard:
5243 kfree_skb(skb);
5244 -@@ -1763,12 +1770,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
5245 +@@ -1764,12 +1771,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
5246 TCP_SKB_CB(skb)->sacked = 0;
5247
5248 sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
5249 @@ -77151,7 +77138,7 @@ index 00a748d..e6d546b 100644
5250
5251 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
5252 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
5253 -@@ -1819,6 +1833,10 @@ no_tcp_socket:
5254 +@@ -1820,6 +1834,10 @@ no_tcp_socket:
5255 bad_packet:
5256 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
5257 } else {
5258 @@ -77162,7 +77149,7 @@ index 00a748d..e6d546b 100644
5259 tcp_v4_send_reset(NULL, skb);
5260 }
5261
5262 -@@ -2414,7 +2432,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
5263 +@@ -2415,7 +2433,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
5264 0, /* non standard timer */
5265 0, /* open_requests have no inode */
5266 atomic_read(&sk->sk_refcnt),
5267 @@ -77174,7 +77161,7 @@ index 00a748d..e6d546b 100644
5268 len);
5269 }
5270
5271 -@@ -2464,7 +2486,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
5272 +@@ -2465,7 +2487,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
5273 sock_i_uid(sk),
5274 icsk->icsk_probes_out,
5275 sock_i_ino(sk),
5276 @@ -77188,7 +77175,7 @@ index 00a748d..e6d546b 100644
5277 jiffies_to_clock_t(icsk->icsk_rto),
5278 jiffies_to_clock_t(icsk->icsk_ack.ato),
5279 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
5280 -@@ -2492,7 +2519,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
5281 +@@ -2493,7 +2520,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
5282 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
5283 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
5284 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
5285 @@ -77397,7 +77384,7 @@ index 2814f66..fa2b223 100644
5286
5287 int udp4_seq_show(struct seq_file *seq, void *v)
5288 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
5289 -index ea3e9af..b60262e 100644
5290 +index b10374d..0baa1f9 100644
5291 --- a/net/ipv6/addrconf.c
5292 +++ b/net/ipv6/addrconf.c
5293 @@ -2144,7 +2144,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
5294 @@ -77562,7 +77549,7 @@ index 4a5f78b..3f22ebe 100644
5295
5296 static int raw6_seq_show(struct seq_file *seq, void *v)
5297 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
5298 -index acd32e3..f73f8f7 100644
5299 +index 7e32d42..5d975ba 100644
5300 --- a/net/ipv6/tcp_ipv6.c
5301 +++ b/net/ipv6/tcp_ipv6.c
5302 @@ -106,6 +106,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
5303 @@ -77576,7 +77563,7 @@ index acd32e3..f73f8f7 100644
5304 static void tcp_v6_hash(struct sock *sk)
5305 {
5306 if (sk->sk_state != TCP_CLOSE) {
5307 -@@ -1510,6 +1514,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
5308 +@@ -1511,6 +1515,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
5309 return 0;
5310
5311 reset:
5312 @@ -77586,7 +77573,7 @@ index acd32e3..f73f8f7 100644
5313 tcp_v6_send_reset(sk, skb);
5314 discard:
5315 if (opt_skb)
5316 -@@ -1591,12 +1598,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
5317 +@@ -1592,12 +1599,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
5318 TCP_SKB_CB(skb)->sacked = 0;
5319
5320 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
5321 @@ -77609,7 +77596,7 @@ index acd32e3..f73f8f7 100644
5322
5323 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
5324 NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
5325 -@@ -1645,6 +1660,10 @@ no_tcp_socket:
5326 +@@ -1646,6 +1661,10 @@ no_tcp_socket:
5327 bad_packet:
5328 TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
5329 } else {
5330 @@ -77620,7 +77607,7 @@ index acd32e3..f73f8f7 100644
5331 tcp_v6_send_reset(NULL, skb);
5332 }
5333
5334 -@@ -1856,7 +1875,13 @@ static void get_openreq6(struct seq_file *seq,
5335 +@@ -1857,7 +1876,13 @@ static void get_openreq6(struct seq_file *seq,
5336 uid,
5337 0, /* non standard timer */
5338 0, /* open_requests have no inode */
5339 @@ -77635,7 +77622,7 @@ index acd32e3..f73f8f7 100644
5340 }
5341
5342 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
5343 -@@ -1906,7 +1931,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
5344 +@@ -1907,7 +1932,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
5345 sock_i_uid(sp),
5346 icsk->icsk_probes_out,
5347 sock_i_ino(sp),
5348 @@ -77649,7 +77636,7 @@ index acd32e3..f73f8f7 100644
5349 jiffies_to_clock_t(icsk->icsk_rto),
5350 jiffies_to_clock_t(icsk->icsk_ack.ato),
5351 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
5352 -@@ -1941,7 +1971,13 @@ static void get_timewait6_sock(struct seq_file *seq,
5353 +@@ -1942,7 +1972,13 @@ static void get_timewait6_sock(struct seq_file *seq,
5354 dest->s6_addr32[2], dest->s6_addr32[3], destp,
5355 tw->tw_substate, 0, 0,
5356 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
5357 @@ -78230,10 +78217,10 @@ index effa10c..9058928 100644
5358 cp->old_state = cp->state;
5359 /*
5360 diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
5361 -index 65b616a..760a66b 100644
5362 +index c3c6291..3376d73 100644
5363 --- a/net/netfilter/ipvs/ip_vs_xmit.c
5364 +++ b/net/netfilter/ipvs/ip_vs_xmit.c
5365 -@@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
5366 +@@ -1157,7 +1157,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
5367 else
5368 rc = NF_ACCEPT;
5369 /* do not touch skb anymore */
5370 @@ -78242,7 +78229,7 @@ index 65b616a..760a66b 100644
5371 goto out;
5372 }
5373
5374 -@@ -1272,7 +1272,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
5375 +@@ -1278,7 +1278,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
5376 else
5377 rc = NF_ACCEPT;
5378 /* do not touch skb anymore */
5379 @@ -78392,10 +78379,10 @@ index 4fe4fb4..87a89e5 100644
5380 return 0;
5381 }
5382 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
5383 -index 5270238..5d37fbc 100644
5384 +index 9172179..a4035c4 100644
5385 --- a/net/netlink/af_netlink.c
5386 +++ b/net/netlink/af_netlink.c
5387 -@@ -767,7 +767,7 @@ static void netlink_overrun(struct sock *sk)
5388 +@@ -769,7 +769,7 @@ static void netlink_overrun(struct sock *sk)
5389 sk->sk_error_report(sk);
5390 }
5391 }
5392 @@ -78404,7 +78391,7 @@ index 5270238..5d37fbc 100644
5393 }
5394
5395 static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
5396 -@@ -2046,7 +2046,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
5397 +@@ -2059,7 +2059,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
5398 sk_wmem_alloc_get(s),
5399 nlk->cb,
5400 atomic_read(&s->sk_refcnt),
5401
5402 diff --git a/3.6.3/4430_grsec-remove-localversion-grsec.patch b/3.6.4/4430_grsec-remove-localversion-grsec.patch
5403 similarity index 100%
5404 rename from 3.6.3/4430_grsec-remove-localversion-grsec.patch
5405 rename to 3.6.4/4430_grsec-remove-localversion-grsec.patch
5406
5407 diff --git a/3.6.3/4435_grsec-mute-warnings.patch b/3.6.4/4435_grsec-mute-warnings.patch
5408 similarity index 100%
5409 rename from 3.6.3/4435_grsec-mute-warnings.patch
5410 rename to 3.6.4/4435_grsec-mute-warnings.patch
5411
5412 diff --git a/3.6.3/4440_grsec-remove-protected-paths.patch b/3.6.4/4440_grsec-remove-protected-paths.patch
5413 similarity index 100%
5414 rename from 3.6.3/4440_grsec-remove-protected-paths.patch
5415 rename to 3.6.4/4440_grsec-remove-protected-paths.patch
5416
5417 diff --git a/3.6.3/4450_grsec-kconfig-default-gids.patch b/3.6.4/4450_grsec-kconfig-default-gids.patch
5418 similarity index 100%
5419 rename from 3.6.3/4450_grsec-kconfig-default-gids.patch
5420 rename to 3.6.4/4450_grsec-kconfig-default-gids.patch
5421
5422 diff --git a/3.6.3/4465_selinux-avc_audit-log-curr_ip.patch b/3.6.4/4465_selinux-avc_audit-log-curr_ip.patch
5423 similarity index 100%
5424 rename from 3.6.3/4465_selinux-avc_audit-log-curr_ip.patch
5425 rename to 3.6.4/4465_selinux-avc_audit-log-curr_ip.patch
5426
5427 diff --git a/3.6.3/4470_disable-compat_vdso.patch b/3.6.4/4470_disable-compat_vdso.patch
5428 similarity index 100%
5429 rename from 3.6.3/4470_disable-compat_vdso.patch
5430 rename to 3.6.4/4470_disable-compat_vdso.patch
Report Message
Find on MARC Find on Google Groups